Staging: add rt3090 wireless driver
authorBartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Thu, 25 Jun 2009 13:40:31 +0000 (15:40 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 15 Sep 2009 19:01:31 +0000 (12:01 -0700)
This is the vendor driver for the Ralink RT3090 chipset.

It should be later cleaned and ported to use the existing rt2x00
infrastructure or just replaced by the proper version.

[ Unfortunately since it follows the same design/implementation like
  rt{286,287,307}0 drivers (already present in the staging tree)
  it is highly unlikely that it will see much love from the wireless
  development community.. ]

However since the development of the cleaner/proper version can take
significant time lets give distros (i.e. openSUSE seems to already
have the package with the original vendor driver) and users "something"
to use in the meantime.

I forward ported it to 2.6.31-rc1, ported to the Linux build system
and did some initial cleanups.  More fixes/cleanups to come later
(it seems that the driver can be made to share most of its code with
the other Ralink drivers already present in the staging tree).

Signed-off-by: Bartlomiej Zolnierkiewicz <bzolnier@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
112 files changed:
drivers/staging/Kconfig
drivers/staging/Makefile
drivers/staging/rt3090/Kconfig [new file with mode: 0644]
drivers/staging/rt3090/Makefile [new file with mode: 0644]
drivers/staging/rt3090/action.h [new file with mode: 0644]
drivers/staging/rt3090/ap.h [new file with mode: 0644]
drivers/staging/rt3090/ap_apcli.h [new file with mode: 0644]
drivers/staging/rt3090/ap_autoChSel.h [new file with mode: 0644]
drivers/staging/rt3090/ap_autoChSel_cmm.h [new file with mode: 0644]
drivers/staging/rt3090/ap_cfg.h [new file with mode: 0644]
drivers/staging/rt3090/ap_ids.h [new file with mode: 0644]
drivers/staging/rt3090/ap_mbss.h [new file with mode: 0644]
drivers/staging/rt3090/ap_uapsd.h [new file with mode: 0644]
drivers/staging/rt3090/ap_wds.h [new file with mode: 0644]
drivers/staging/rt3090/chips/rt3090.c [new file with mode: 0644]
drivers/staging/rt3090/chips/rt30xx.c [new file with mode: 0644]
drivers/staging/rt3090/chips/rt3370.c [new file with mode: 0644]
drivers/staging/rt3090/chips/rt3390.c [new file with mode: 0644]
drivers/staging/rt3090/chips/rt33xx.c [new file with mode: 0644]
drivers/staging/rt3090/chlist.h [new file with mode: 0644]
drivers/staging/rt3090/common/action.c [new file with mode: 0644]
drivers/staging/rt3090/common/ba_action.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_aes.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_asic.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_cfg.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_data.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_data_pci.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_info.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_mac_pci.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_profile.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_sanity.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_sync.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_tkip.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_wep.c [new file with mode: 0644]
drivers/staging/rt3090/common/cmm_wpa.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_aes.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_biginteger.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_dh.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_hmac.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_md5.c [new file with mode: 0644]
drivers/staging/rt3090/common/crypt_sha2.c [new file with mode: 0644]
drivers/staging/rt3090/common/dfs.c [new file with mode: 0644]
drivers/staging/rt3090/common/ee_efuse.c [new file with mode: 0644]
drivers/staging/rt3090/common/ee_prom.c [new file with mode: 0644]
drivers/staging/rt3090/common/eeprom.c [new file with mode: 0644]
drivers/staging/rt3090/common/igmp_snoop.c [new file with mode: 0644]
drivers/staging/rt3090/common/mlme.c [new file with mode: 0644]
drivers/staging/rt3090/common/mlme_ex.c [new file with mode: 0644]
drivers/staging/rt3090/common/netif_block.c [new file with mode: 0644]
drivers/staging/rt3090/common/rt_channel.c [new file with mode: 0644]
drivers/staging/rt3090/common/rt_rf.c [new file with mode: 0644]
drivers/staging/rt3090/common/rtmp_init.c [new file with mode: 0644]
drivers/staging/rt3090/common/rtmp_mcu.c [new file with mode: 0644]
drivers/staging/rt3090/common/rtmp_timer.c [new file with mode: 0644]
drivers/staging/rt3090/common/spectrum.c [new file with mode: 0644]
drivers/staging/rt3090/config.mk [new file with mode: 0644]
drivers/staging/rt3090/crypt_hmac.h [new file with mode: 0644]
drivers/staging/rt3090/crypt_md5.h [new file with mode: 0644]
drivers/staging/rt3090/crypt_sha2.h [new file with mode: 0644]
drivers/staging/rt3090/dfs.h [new file with mode: 0644]
drivers/staging/rt3090/eeprom.h [new file with mode: 0644]
drivers/staging/rt3090/firmware.h [new file with mode: 0644]
drivers/staging/rt3090/igmp_snoop.h [new file with mode: 0644]
drivers/staging/rt3090/ipv6.h [new file with mode: 0644]
drivers/staging/rt3090/link_list.h [new file with mode: 0644]
drivers/staging/rt3090/mac_pci.h [new file with mode: 0644]
drivers/staging/rt3090/mlme.h [new file with mode: 0644]
drivers/staging/rt3090/mlme_ex.h [new file with mode: 0644]
drivers/staging/rt3090/mlme_ex_def.h [new file with mode: 0644]
drivers/staging/rt3090/netif_block.h [new file with mode: 0644]
drivers/staging/rt3090/oid.h [new file with mode: 0644]
drivers/staging/rt3090/pci_main_dev.c [new file with mode: 0644]
drivers/staging/rt3090/rt3090.h [new file with mode: 0644]
drivers/staging/rt3090/rt30xx.h [new file with mode: 0644]
drivers/staging/rt3090/rt3370.h [new file with mode: 0644]
drivers/staging/rt3090/rt3390.h [new file with mode: 0644]
drivers/staging/rt3090/rt33xx.h [new file with mode: 0644]
drivers/staging/rt3090/rt_ate.c [new file with mode: 0644]
drivers/staging/rt3090/rt_ate.h [new file with mode: 0644]
drivers/staging/rt3090/rt_config.h [new file with mode: 0644]
drivers/staging/rt3090/rt_linux.c [new file with mode: 0644]
drivers/staging/rt3090/rt_linux.h [new file with mode: 0644]
drivers/staging/rt3090/rt_main_dev.c [new file with mode: 0644]
drivers/staging/rt3090/rt_pci_rbus.c [new file with mode: 0644]
drivers/staging/rt3090/rt_profile.c [new file with mode: 0644]
drivers/staging/rt3090/rtmp.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_chip.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_def.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_dot11.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_iface.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_mac.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_mcu.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_os.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_pci.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_phy.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_timer.h [new file with mode: 0644]
drivers/staging/rt3090/rtmp_type.h [new file with mode: 0644]
drivers/staging/rt3090/spectrum.h [new file with mode: 0644]
drivers/staging/rt3090/spectrum_def.h [new file with mode: 0644]
drivers/staging/rt3090/sta/assoc.c [new file with mode: 0644]
drivers/staging/rt3090/sta/auth.c [new file with mode: 0644]
drivers/staging/rt3090/sta/auth_rsp.c [new file with mode: 0644]
drivers/staging/rt3090/sta/connect.c [new file with mode: 0644]
drivers/staging/rt3090/sta/dls.c [new file with mode: 0644]
drivers/staging/rt3090/sta/rtmp_ckipmic.c [new file with mode: 0644]
drivers/staging/rt3090/sta/rtmp_data.c [new file with mode: 0644]
drivers/staging/rt3090/sta/sanity.c [new file with mode: 0644]
drivers/staging/rt3090/sta/sync.c [new file with mode: 0644]
drivers/staging/rt3090/sta/wpa.c [new file with mode: 0644]
drivers/staging/rt3090/sta_ioctl.c [new file with mode: 0644]
drivers/staging/rt3090/vr_ikans.h [new file with mode: 0644]
drivers/staging/rt3090/wpa.h [new file with mode: 0644]

index 975ecddbce30b48a4b20ed5ac955a48d7f224405..530a29cc8aab2a13b65cdd3ae10ea56b84eb845a 100644 (file)
@@ -75,6 +75,8 @@ source "drivers/staging/rt2870/Kconfig"
 
 source "drivers/staging/rt3070/Kconfig"
 
+source "drivers/staging/rt3090/Kconfig"
+
 source "drivers/staging/comedi/Kconfig"
 
 source "drivers/staging/asus_oled/Kconfig"
index 2241ae1b21ee1ad47927386c6c5e4e2af4f83f4f..783dba49969b424f46ff61a665d0b47799985587 100644 (file)
@@ -20,6 +20,7 @@ obj-$(CONFIG_OTUS)            += otus/
 obj-$(CONFIG_RT2860)           += rt2860/
 obj-$(CONFIG_RT2870)           += rt2870/
 obj-$(CONFIG_RT3070)           += rt3070/
+obj-$(CONFIG_RT3090)           += rt3090/
 obj-$(CONFIG_COMEDI)           += comedi/
 obj-$(CONFIG_ASUS_OLED)                += asus_oled/
 obj-$(CONFIG_PANEL)            += panel/
diff --git a/drivers/staging/rt3090/Kconfig b/drivers/staging/rt3090/Kconfig
new file mode 100644 (file)
index 0000000..255e8ea
--- /dev/null
@@ -0,0 +1,5 @@
+config RT3090
+       tristate "Ralink 3090 wireless support"
+       depends on PCI && X86 && WLAN_80211
+       ---help---
+         This is an experimental driver for the Ralink 3090 wireless chip.
diff --git a/drivers/staging/rt3090/Makefile b/drivers/staging/rt3090/Makefile
new file mode 100644 (file)
index 0000000..995491c
--- /dev/null
@@ -0,0 +1,80 @@
+obj-$(CONFIG_RT3090)   += rt3090sta.o
+
+include drivers/staging/rt3090/config.mk
+
+rt3090sta-objs := \
+       common/crypt_md5.o \
+       common/crypt_sha2.o \
+       common/crypt_hmac.o \
+       common/mlme.o \
+       common/cmm_wep.o \
+       common/action.o \
+       common/cmm_data.o \
+       common/rtmp_init.o \
+       common/cmm_tkip.o \
+       common/cmm_aes.o \
+       common/cmm_sync.o \
+       common/eeprom.o \
+       common/cmm_sanity.o \
+       common/cmm_info.o \
+       common/cmm_cfg.o \
+       common/cmm_wpa.o \
+       common/dfs.o \
+       common/spectrum.o \
+       common/rtmp_timer.o \
+       common/rt_channel.o \
+       common/cmm_profile.o \
+       common/cmm_asic.o \
+       sta/assoc.o \
+       sta/auth.o \
+       sta/auth_rsp.o \
+       sta/sync.o \
+       sta/sanity.o \
+       sta/rtmp_data.o \
+       sta/connect.o \
+       sta/wpa.o \
+       rt_linux.o \
+       rt_profile.o \
+       rt_main_dev.o \
+       sta_ioctl.o
+
+#ifdef DOT11_N_SUPPORT
+ifeq ($(HAS_DOT11_N_SUPPORT),y)
+rt3090sta-objs += \
+       common/ba_action.o
+endif
+#endif // DOT11_N_SUPPORT //
+
+#ifdef ETH_CONVERT
+ifeq ($(HAS_ETH_CONVERT_SUPPORT), y)
+rt3090sta-objs += \
+       common/cmm_mat.o \
+       common/cmm_mat_iparp.o \
+       common/cmm_mat_pppoe.o \
+       common/cmm_mat_ipv6.o
+endif
+#endif // ETH_CONVERT //
+
+ifeq ($(HAS_BLOCK_NET_IF),y)
+rt3090sta-objs += common/netif_block.o
+endif
+
+ifeq ($(HAS_QOS_DLS_SUPPORT),y)
+rt3090sta-objs += sta/dls.o
+endif
+
+rt3090sta-objs += \
+       pci_main_dev.o \
+       rt_pci_rbus.o \
+       common/cmm_mac_pci.o \
+       common/cmm_data_pci.o \
+       common/ee_prom.o \
+       common/ee_efuse.o \
+       common/rtmp_mcu.o \
+       chips/rt30xx.o \
+       common/rt_rf.o \
+       chips/rt3090.o
+
+ifeq ($(HAS_ATE),y)
+rt3090sta-objs += rt_ate.o
+endif
diff --git a/drivers/staging/rt3090/action.h b/drivers/staging/rt3090/action.h
new file mode 100644 (file)
index 0000000..ac0a0a3
--- /dev/null
@@ -0,0 +1,66 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       aironet.h
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Name            Date                    Modification logs
+       Paul Lin        04-06-15                Initial
+*/
+
+#ifndef        __ACTION_H__
+#define        __ACTION_H__
+
+typedef struct PACKED __HT_INFO_OCTET
+{
+#ifdef RT_BIG_ENDIAN
+       UCHAR   Reserved:5;
+       UCHAR   STA_Channel_Width:1;
+       UCHAR   Forty_MHz_Intolerant:1;
+       UCHAR   Request:1;
+#else
+       UCHAR   Request:1;
+       UCHAR   Forty_MHz_Intolerant:1;
+       UCHAR   STA_Channel_Width:1;
+       UCHAR   Reserved:5;
+#endif
+} HT_INFORMATION_OCTET;
+
+
+typedef struct PACKED __FRAME_HT_INFO
+{
+       HEADER_802_11                   Hdr;
+       UCHAR                                   Category;
+       UCHAR                                   Action;
+       HT_INFORMATION_OCTET    HT_Info;
+}   FRAME_HT_INFO, *PFRAME_HT_INFO;
+
+#endif /* __ACTION_H__ */
diff --git a/drivers/staging/rt3090/ap.h b/drivers/staging/rt3090/ap.h
new file mode 100644 (file)
index 0000000..e894303
--- /dev/null
@@ -0,0 +1,512 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Paul Lin    08-01-2002    created
+    James Tan   09-06-2002    modified (Revise NTCRegTable)
+    John Chang  12-22-2004    modified for RT2561/2661. merge with STA driver
+*/
+#ifndef __AP_H__
+#define __AP_H__
+
+
+// =============================================================
+//      Function Prototypes
+// =============================================================
+
+// ap_data.c
+
+BOOLEAN APBridgeToWirelessSta(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pHeader,
+    IN  UINT            HdrLen,
+    IN  PUCHAR          pData,
+    IN  UINT            DataLen,
+    IN  ULONG           fromwdsidx);
+
+
+VOID   APSendPackets(
+       IN      NDIS_HANDLE             MiniportAdapterContext,
+       IN      PPNDIS_PACKET   ppPacketArray,
+       IN      UINT                    NumberOfPackets);
+
+NDIS_STATUS APSendPacket(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PNDIS_PACKET    pPacket);
+
+
+NDIS_STATUS APHardTransmit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   QueIdx);
+
+VOID APRxEAPOLFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+NDIS_STATUS APCheckRxError(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PRT28XX_RXD_STRUC               pRxD,
+       IN      UCHAR                   Wcid);
+
+BOOLEAN APCheckClass2Class3Error(
+    IN  PRTMP_ADAPTER   pAd,
+       IN ULONG Wcid,
+       IN  PHEADER_802_11  pHeader);
+
+VOID APHandleRxPsPoll(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pAddr,
+       IN      USHORT                  Aid,
+    IN BOOLEAN                 isActive);
+
+VOID    RTMPDescriptorEndianChange(
+    IN  PUCHAR          pData,
+    IN  ULONG           DescriptorType);
+
+VOID    RTMPFrameEndianChange(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pData,
+    IN  ULONG           Dir,
+    IN  BOOLEAN         FromRxDoneInt);
+
+// ap_assoc.c
+
+VOID APAssocStateMachineInit(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  STATE_MACHINE *S,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID  APPeerAssocReqAction(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  MLME_QUEUE_ELEM *Elem);
+
+VOID  APPeerReassocReqAction(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  MLME_QUEUE_ELEM *Elem);
+
+VOID  APPeerDisassocReqAction(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MbssKickOutStas(
+       IN PRTMP_ADAPTER pAd,
+       IN INT apidx,
+       IN USHORT Reason);
+
+VOID APMlmeKickOutSta(
+    IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pStaAddr,
+       IN UCHAR Wcid,
+       IN USHORT Reason);
+
+VOID APMlmeDisassocReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID  APCls3errAction(
+    IN  PRTMP_ADAPTER   pAd,
+       IN      ULONG Wcid,
+    IN PHEADER_802_11  pHeader);
+
+
+USHORT APBuildAssociation(
+    IN PRTMP_ADAPTER pAd,
+    IN MAC_TABLE_ENTRY *pEntry,
+    IN USHORT CapabilityInfo,
+    IN UCHAR  MaxSupportedRateIn500Kbps,
+    IN UCHAR  *RSN,
+    IN UCHAR  *pRSNLen,
+    IN BOOLEAN bWmmCapable,
+    IN ULONG  RalinkIe,
+#ifdef DOT11N_DRAFT3
+    IN EXT_CAP_INFO_ELEMENT ExtCapInfo,
+#endif // DOT11N_DRAFT3 //
+       IN HT_CAPABILITY_IE             *pHtCapability,
+       IN UCHAR                 HtCapabilityLen,
+    OUT USHORT *pAid);
+
+/*
+VOID   RTMPAddClientSec(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   BssIdx,
+       IN UCHAR                 KeyIdx,
+       IN UCHAR                 CipherAlg,
+       IN PUCHAR                pKey,
+       IN PUCHAR                pTxMic,
+       IN PUCHAR                pRxMic,
+       IN MAC_TABLE_ENTRY *pEntry);
+*/
+
+// ap_auth.c
+
+void APAuthStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID APCls2errAction(
+    IN PRTMP_ADAPTER pAd,
+       IN      ULONG Wcid,
+    IN PHEADER_802_11  pHeader);
+
+// ap_connect.c
+
+
+VOID APMakeBssBeacon(
+    IN  PRTMP_ADAPTER   pAd,
+       IN      INT                             apidx);
+
+VOID  APUpdateBeaconFrame(
+    IN  PRTMP_ADAPTER   pAd,
+       IN      INT                             apidx);
+
+VOID APMakeAllBssBeacon(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID  APUpdateAllBeaconFrame(
+    IN  PRTMP_ADAPTER   pAd);
+
+
+// ap_sync.c
+
+VOID APSyncStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID APScanTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID APInvalidStateWhenScan(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID APScanTimeoutAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID APPeerProbeReqAction(
+    IN  PRTMP_ADAPTER pAd,
+    IN  MLME_QUEUE_ELEM *Elem);
+
+VOID APPeerBeaconAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID APMlmeScanReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID APPeerBeaconAtScanAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID APScanCnclAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID ApSiteSurvey(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      PNDIS_802_11_SSID       pSsid,
+       IN      UCHAR                           ScanType);
+
+VOID SupportRate(
+       IN PUCHAR SupRate,
+       IN UCHAR SupRateLen,
+       IN PUCHAR ExtRate,
+       IN UCHAR ExtRateLen,
+       OUT PUCHAR *Rates,
+       OUT PUCHAR RatesLen,
+       OUT PUCHAR pMaxSupportRate);
+
+
+BOOLEAN ApScanRunning(
+       IN PRTMP_ADAPTER pAd);
+
+#ifdef DOT11N_DRAFT3
+VOID APOverlappingBSSScan(
+       IN RTMP_ADAPTER *pAd);
+#endif // DOT11N_DRAFT3 //
+
+// ap_wpa.c
+VOID WpaStateMachineInit(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+// ap_mlme.c
+VOID APMlmePeriodicExec(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID APMlmeSelectTxRateTable(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PUCHAR                               *ppTable,
+       IN PUCHAR                               pTableSize,
+       IN PUCHAR                               pInitTxRateIdx);
+
+VOID APMlmeSetTxRate(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PRTMP_TX_RATE_SWITCH pTxRate);
+
+VOID APMlmeDynamicTxRateSwitching(
+    IN PRTMP_ADAPTER pAd);
+
+VOID APQuickResponeForRateUpExec(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+BOOLEAN APMsgTypeSubst(
+    IN PRTMP_ADAPTER pAd,
+    IN PFRAME_802_11 pFrame,
+    OUT INT *Machine,
+    OUT INT *MsgType);
+
+VOID APQuickResponeForRateUpExec(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+
+VOID RTMPSetPiggyBack(
+       IN PRTMP_ADAPTER        pAd,
+       IN BOOLEAN                      bPiggyBack);
+
+VOID APAsicEvaluateRxAnt(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID APAsicRxAntEvalTimeout(
+       IN PRTMP_ADAPTER        pAd);
+
+// ap.c
+
+VOID APSwitchChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN INT Channel);
+
+NDIS_STATUS APInitialize(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID APShutdown(
+    IN PRTMP_ADAPTER    pAd);
+
+VOID APStartUp(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID APStop(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID APCleanupPsQueue(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PQUEUE_HEADER   pQueue);
+
+VOID MacTableReset(
+    IN  PRTMP_ADAPTER   pAd);
+
+MAC_TABLE_ENTRY *MacTableInsertEntry(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pAddr,
+       IN      UCHAR                   apidx,
+       IN BOOLEAN      CleanAll);
+
+BOOLEAN MacTableDeleteEntry(
+    IN  PRTMP_ADAPTER   pAd,
+       IN USHORT wcid,
+    IN  PUCHAR          pAddr);
+
+MAC_TABLE_ENTRY *MacTableLookup(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pAddr);
+
+VOID MacTableMaintenance(
+    IN PRTMP_ADAPTER pAd);
+
+UINT32 MacTableAssocStaNumGet(
+       IN PRTMP_ADAPTER pAd);
+
+MAC_TABLE_ENTRY *APSsPsInquiry(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pAddr,
+    OUT SST             *Sst,
+    OUT USHORT          *Aid,
+    OUT UCHAR           *PsMode,
+    OUT UCHAR           *Rate);
+
+BOOLEAN APPsIndicate(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pAddr,
+       IN ULONG Wcid,
+    IN  UCHAR           Psm);
+
+VOID ApLogEvent(
+    IN PRTMP_ADAPTER    pAd,
+    IN PUCHAR           pAddr,
+    IN USHORT           Event);
+
+#ifdef DOT11_N_SUPPORT
+VOID APUpdateOperationMode(
+    IN PRTMP_ADAPTER pAd);
+#endif // DOT11_N_SUPPORT //
+
+VOID APUpdateCapabilityAndErpIe(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN ApCheckAccessControlList(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR        pAddr,
+       IN UCHAR         Apidx);
+
+VOID ApUpdateAccessControlList(
+    IN PRTMP_ADAPTER pAd,
+    IN UCHAR         Apidx);
+
+VOID ApEnqueueNullFrame(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR        pAddr,
+       IN UCHAR         TxRate,
+       IN UCHAR         PID,
+       IN UCHAR         apidx,
+    IN BOOLEAN       bQosNull,
+    IN BOOLEAN       bEOSP,
+    IN UCHAR         OldUP);
+
+VOID ApSendFrame(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PVOID           pBuffer,
+    IN  ULONG           Length,
+    IN  UCHAR           TxRate,
+    IN  UCHAR           PID);
+
+VOID ApEnqueueAckFrame(
+    IN PRTMP_ADAPTER pAd,
+    IN PUCHAR        pAddr,
+    IN UCHAR         TxRate,
+       IN UCHAR         apidx);
+
+// ap_sanity.c
+
+
+BOOLEAN PeerAssocReqCmmSanity(
+    IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN isRessoc,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pListenInterval,
+    OUT PUCHAR pApAddr,
+    OUT UCHAR *pSsidLen,
+    OUT char *Ssid,
+    OUT UCHAR *pRatesLen,
+    OUT UCHAR Rates[],
+    OUT UCHAR *RSN,
+    OUT UCHAR *pRSNLen,
+    OUT BOOLEAN *pbWmmCapable,
+    OUT ULONG  *pRalinkIe,
+#ifdef DOT11N_DRAFT3
+    OUT EXT_CAP_INFO_ELEMENT   *pExtCapInfo,
+#endif // DOT11N_DRAFT3 //
+    OUT UCHAR           *pHtCapabilityLen,
+    OUT HT_CAPABILITY_IE *pHtCapability);
+
+
+BOOLEAN PeerDisassocReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *Reason);
+
+BOOLEAN PeerDeauthReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *Reason);
+
+BOOLEAN APPeerAuthSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+       OUT PUCHAR pAddr1,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *Alg,
+    OUT USHORT *Seq,
+    OUT USHORT *Status,
+    OUT CHAR *ChlgText
+       );
+
+BOOLEAN APPeerProbeReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT CHAR Ssid[],
+    OUT UCHAR *SsidLen);
+
+BOOLEAN APPeerBeaconAndProbeRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT PUCHAR pBssid,
+    OUT CHAR Ssid[],
+    OUT UCHAR *SsidLen,
+    OUT UCHAR *BssType,
+    OUT USHORT *BeaconPeriod,
+    OUT UCHAR *Channel,
+    OUT LARGE_INTEGER *Timestamp,
+    OUT USHORT *CapabilityInfo,
+    OUT UCHAR Rate[],
+    OUT UCHAR *RateLen,
+    OUT BOOLEAN *ExtendedRateIeExist,
+    OUT UCHAR *Erp);
+#if defined(RT30xx) || defined(RT305x)
+VOID EnableAPMIMOPS(
+    IN PRTMP_ADAPTER pAd);
+
+VOID DisableAPMIMOPS(
+    IN PRTMP_ADAPTER pAd);
+#endif
+#endif  // __AP_H__
diff --git a/drivers/staging/rt3090/ap_apcli.h b/drivers/staging/rt3090/ap_apcli.h
new file mode 100644 (file)
index 0000000..d363c36
--- /dev/null
@@ -0,0 +1,276 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_apcli.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Shiang, Fonchi    02-13-2007      created
+*/
+
+#ifndef _AP_APCLI_H_
+#define _AP_APCLI_H_
+
+#ifdef APCLI_SUPPORT
+
+#include "rtmp.h"
+
+#define AUTH_TIMEOUT   300         // unit: msec
+#define ASSOC_TIMEOUT  300         // unit: msec
+//#define JOIN_TIMEOUT 2000        // unit: msec // not used in Ap-client mode, remove it
+#define PROBE_TIMEOUT  1000        // unit: msec
+
+#define APCLI_ROOT_BSSID_GET(pAd, wcid) ((pAd)->MacTab.Content[(wcid)].Addr)
+#define APCLI_IF_UP_CHECK(pAd, ifidx) ((pAd)->ApCfg.ApCliTab[(ifidx)].dev->flags & IFF_UP)
+
+/* sanity check for apidx */
+#define APCLI_MR_APIDX_SANITY_CHECK(idx) \
+{ \
+       if ((idx) >= MAX_APCLI_NUM) \
+       { \
+               (idx) = 0; \
+               DBGPRINT(RT_DEBUG_ERROR, ("%s> Error! apcli-idx > MAX_APCLI_NUM!\n", __FUNCTION__)); \
+       } \
+}
+
+typedef struct _APCLI_MLME_JOIN_REQ_STRUCT {
+       UCHAR   Bssid[MAC_ADDR_LEN];
+       UCHAR   SsidLen;
+       UCHAR   Ssid[MAX_LEN_OF_SSID];
+} APCLI_MLME_JOIN_REQ_STRUCT;
+
+typedef struct _STA_CTRL_JOIN_REQ_STRUCT {
+       USHORT  Status;
+} APCLI_CTRL_MSG_STRUCT, *PSTA_CTRL_MSG_STRUCT;
+
+BOOLEAN isValidApCliIf(
+       SHORT ifIndex);
+
+//
+// Private routines in apcli_ctrl.c
+//
+VOID ApCliCtrlStateMachineInit(
+       IN PRTMP_ADAPTER pAd,
+       IN STATE_MACHINE_EX *Sm,
+       OUT STATE_MACHINE_FUNC_EX Trans[]);
+
+//
+// Private routines in apcli_sync.c
+//
+VOID ApCliSyncStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE_EX *Sm,
+    OUT STATE_MACHINE_FUNC_EX Trans[]);
+
+//
+// Private routines in apcli_auth.c
+//
+VOID ApCliAuthStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE_EX *Sm,
+    OUT STATE_MACHINE_FUNC_EX Trans[]);
+
+//
+// Private routines in apcli_assoc.c
+//
+VOID ApCliAssocStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE_EX *Sm,
+    OUT STATE_MACHINE_FUNC_EX Trans[]);
+
+MAC_TABLE_ENTRY *ApCliTableLookUpByWcid(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR wcid,
+       IN PUCHAR pAddrs);
+
+
+BOOLEAN ApCliAllowToSendPacket(
+       IN RTMP_ADAPTER *pAd,
+       IN PNDIS_PACKET pPacket,
+       OUT UCHAR               *pWcid);
+
+BOOLEAN                ApCliValidateRSNIE(
+       IN              PRTMP_ADAPTER   pAd,
+       IN              PEID_STRUCT     pEid_ptr,
+       IN              USHORT                  eid_len,
+       IN              USHORT                  idx);
+
+VOID RT28xx_ApCli_Init(
+       IN PRTMP_ADAPTER        pAd,
+       IN PNET_DEV                     pPhyNetDev);
+
+VOID RT28xx_ApCli_Close(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT28xx_ApCli_Remove(
+       IN PRTMP_ADAPTER        pAd);
+
+
+VOID RT28xx_ApCli_Remove(
+       IN PRTMP_ADAPTER ad_p);
+
+INT ApCliIfLookUp(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pAddr);
+
+INT ApCli_VirtualIF_Open(
+       IN      PNET_DEV        dev_p);
+
+INT ApCli_VirtualIF_Close(
+       IN      PNET_DEV        dev_p);
+
+INT ApCli_VirtualIF_PacketSend(
+       IN PNDIS_PACKET         skb_p,
+       IN PNET_DEV                     dev_p);
+
+INT ApCli_VirtualIF_Ioctl(
+       IN PNET_DEV                             dev_p,
+       IN OUT struct ifreq     *rq_p,
+       IN INT cmd);
+
+
+VOID ApCliMgtMacHeaderInit(
+    IN PRTMP_ADAPTER   pAd,
+    IN OUT PHEADER_802_11 pHdr80211,
+    IN UCHAR SubType,
+    IN UCHAR ToDs,
+    IN PUCHAR pDA,
+    IN PUCHAR pBssid,
+    IN USHORT ifIndex);
+
+#ifdef DOT11_N_SUPPORT
+BOOLEAN ApCliCheckHt(
+       IN              PRTMP_ADAPTER           pAd,
+       IN              USHORT                          IfIndex,
+       IN OUT  HT_CAPABILITY_IE        *pHtCapability,
+       IN OUT  ADD_HT_INFO_IE          *pAddHtInfo);
+#endif // DOT11_N_SUPPORT //
+
+BOOLEAN ApCliLinkUp(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR ifIndex);
+
+VOID ApCliLinkDown(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR ifIndex);
+
+VOID ApCliIfUp(
+       IN PRTMP_ADAPTER pAd);
+
+VOID ApCliIfDown(
+       IN PRTMP_ADAPTER pAd);
+
+VOID ApCliIfMonitor(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN ApCliMsgTypeSubst(
+       IN PRTMP_ADAPTER  pAd,
+       IN PFRAME_802_11 pFrame,
+       OUT INT *Machine,
+       OUT INT *MsgType);
+
+BOOLEAN preCheckMsgTypeSubset(
+       IN PRTMP_ADAPTER  pAd,
+       IN PFRAME_802_11 pFrame,
+       OUT INT *Machine,
+       OUT INT *MsgType);
+
+BOOLEAN ApCliPeerAssocRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pStatus,
+    OUT USHORT *pAid,
+    OUT UCHAR SupRate[],
+    OUT UCHAR *pSupRateLen,
+    OUT UCHAR ExtRate[],
+    OUT UCHAR *pExtRateLen,
+    OUT HT_CAPABILITY_IE *pHtCapability,
+    OUT ADD_HT_INFO_IE *pAddHtInfo,    // AP might use this additional ht info IE
+    OUT UCHAR *pHtCapabilityLen,
+    OUT UCHAR *pAddHtInfoLen,
+    OUT UCHAR *pNewExtChannelOffset,
+    OUT PEDCA_PARM pEdcaParm,
+    OUT UCHAR *pCkipFlag);
+
+VOID   ApCliPeerPairMsg1Action(
+       IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+VOID   ApCliPeerPairMsg3Action(
+       IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+VOID   ApCliPeerGroupMsg1Action(
+       IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+BOOLEAN ApCliCheckRSNIE(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pData,
+       IN  UCHAR           DataLen,
+       IN  MAC_TABLE_ENTRY *pEntry,
+       OUT     UCHAR                   *Offset);
+
+BOOLEAN ApCliParseKeyData(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKeyData,
+       IN  UCHAR           KeyDataLen,
+       IN  MAC_TABLE_ENTRY *pEntry,
+       IN      UCHAR                   IfIdx,
+       IN      UCHAR                   bPairewise);
+
+BOOLEAN  ApCliHandleRxBroadcastFrame(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN  MAC_TABLE_ENTRY *pEntry,
+       IN      UCHAR                   FromWhichBSSID);
+
+VOID APCliUpdatePairwiseKeyTable(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   *KeyRsc,
+       IN  MAC_TABLE_ENTRY *pEntry);
+
+BOOLEAN APCliUpdateSharedKeyTable(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKey,
+       IN  UCHAR           KeyLen,
+       IN      UCHAR                   DefaultKeyIdx,
+       IN  MAC_TABLE_ENTRY *pEntry);
+
+#endif // APCLI_SUPPORT //
+
+#endif /* _AP_APCLI_H_ */
diff --git a/drivers/staging/rt3090/ap_autoChSel.h b/drivers/staging/rt3090/ap_autoChSel.h
new file mode 100644 (file)
index 0000000..46881ff
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_autoChSel.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+#include "ap_autoChSel_cmm.h"
+
+#ifndef __AUTOCHSELECT_H__
+#define __AUTOCHSELECT_H__
+
+#ifdef AUTO_CH_SELECT_ENHANCE
+#define AP_AUTO_CH_SEL(__P, __O)       New_APAutoSelectChannel((__P), (__O))
+#else
+#define AP_AUTO_CH_SEL(__P, __O)       APAutoSelectChannel((__P), (__O))
+#endif
+
+
+ULONG AutoChBssInsertEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pBssid,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR ChannelNo,
+       IN UCHAR ExtChOffset,
+       IN CHAR Rssi);
+
+void AutoChBssTableInit(
+       IN PRTMP_ADAPTER pAd);
+
+void ChannelInfoInit(
+       IN PRTMP_ADAPTER pAd);
+
+void AutoChBssTableDestroy(
+       IN PRTMP_ADAPTER pAd);
+
+void ChannelInfoDestroy(
+       IN PRTMP_ADAPTER pAd);
+
+UCHAR New_APAutoSelectChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN Optimal);
+
+UCHAR APAutoSelectChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN Optimal);
+
+#endif // __AUTOCHSELECT_H__ //
diff --git a/drivers/staging/rt3090/ap_autoChSel_cmm.h b/drivers/staging/rt3090/ap_autoChSel_cmm.h
new file mode 100644 (file)
index 0000000..ad77ec1
--- /dev/null
@@ -0,0 +1,66 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_autoChSel_cmm.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+
+#ifndef __AUTOCHSELECT_CMM_H__
+#define __AUTOCHSELECT_CMM_H__
+
+#define RSSI_TO_DBM_OFFSET 120 // RSSI-115 = dBm
+
+
+typedef struct {
+       ULONG dirtyness[MAX_NUM_OF_CHANNELS+1];
+       ULONG max_rssi[MAX_NUM_OF_CHANNELS+1];
+       ULONG total_rssi[MAX_NUM_OF_CHANNELS+1];
+       UINT32 FalseCCA[MAX_NUM_OF_CHANNELS+1];
+} CHANNELINFO, *PCHANNELINFO;
+
+typedef struct {
+       UCHAR Bssid[MAC_ADDR_LEN];
+       UCHAR SsidLen;
+       CHAR Ssid[MAX_LEN_OF_SSID];
+       UCHAR Channel;
+       UCHAR ExtChOffset;
+       UCHAR Rssi;
+} BSSENTRY, *PBSSENTRY;
+
+typedef struct {
+       UCHAR BssNr;
+       BSSENTRY BssEntry[MAX_LEN_OF_BSS_TABLE];
+} BSSINFO, *PBSSINFO;
+
+#endif // __AUTOCHSELECT_CMM_H__ //
diff --git a/drivers/staging/rt3090/ap_cfg.h b/drivers/staging/rt3090/ap_cfg.h
new file mode 100644 (file)
index 0000000..7c99423
--- /dev/null
@@ -0,0 +1,118 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_cfg.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+#ifndef __AP_CFG_H__
+#define __AP_CFG_H__
+
+
+#include "rt_config.h"
+
+INT RTMPAPPrivIoctlSet(
+       IN RTMP_ADAPTER *pAd,
+       IN struct iwreq *pIoctlCmdStr);
+
+INT RTMPAPPrivIoctlShow(
+       IN RTMP_ADAPTER *pAd,
+       IN struct iwreq *pIoctlCmdStr);
+
+INT RTMPAPSetInformation(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      OUT     struct iwreq    *rq,
+       IN      INT                             cmd);
+
+INT RTMPAPQueryInformation(
+       IN      PRTMP_ADAPTER       pAd,
+       IN      OUT     struct iwreq    *rq,
+       IN      INT                 cmd);
+
+VOID RTMPIoctlStatistics(
+       IN PRTMP_ADAPTER pAd,
+       IN struct iwreq *wrq);
+
+VOID RTMPIoctlGetMacTable(
+       IN PRTMP_ADAPTER pAd,
+       IN struct iwreq *wrq);
+
+#ifdef DBG
+VOID RTMPAPIoctlBBP(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  struct iwreq    *wrq);
+
+VOID RTMPAPIoctlMAC(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  struct iwreq    *wrq);
+
+VOID RTMPAPIoctlE2PROM(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  struct iwreq    *wrq);
+
+#ifdef RTMP_RF_RW_SUPPORT
+VOID RTMPAPIoctlRF(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq);
+#endif // RTMP_RF_RW_SUPPORT //
+
+#endif // DBG //
+
+VOID RT28XX_IOCTL_MaxRateGet(
+       IN      RTMP_ADAPTER                    *pAd,
+       IN      PHTTRANSMIT_SETTING     pHtPhyMode,
+       OUT     UINT32                                  *pRate);
+
+
+#ifdef DOT11_N_SUPPORT
+VOID RTMPIoctlQueryBaTable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+#endif // DOT11_N_SUPPORT //
+
+VOID RTMPIoctlStaticWepCopy(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+VOID RTMPIoctlRadiusData(
+       IN PRTMP_ADAPTER        pAd,
+       IN struct iwreq         *wrq);
+
+VOID RTMPIoctlAddWPAKey(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+VOID RTMPIoctlAddPMKIDCache(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+#endif // __AP_CFG_H__ //
diff --git a/drivers/staging/rt3090/ap_ids.h b/drivers/staging/rt3090/ap_ids.h
new file mode 100644 (file)
index 0000000..cf8797f
--- /dev/null
@@ -0,0 +1,82 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_ids.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+VOID RTMPIdsPeriodicExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+BOOLEAN RTMPSpoofedMgmtDetection(
+       IN PRTMP_ADAPTER        pAd,
+       IN PHEADER_802_11       pHeader,
+       IN CHAR                         Rssi0,
+       IN CHAR                         Rssi1,
+       IN CHAR                         Rssi2);
+
+VOID RTMPConflictSsidDetection(
+       IN PRTMP_ADAPTER        pAd,
+       IN PUCHAR                       pSsid,
+       IN UCHAR                        SsidLen,
+       IN CHAR                         Rssi0,
+       IN CHAR                         Rssi1,
+       IN CHAR                         Rssi2);
+
+BOOLEAN RTMPReplayAttackDetection(
+       IN PRTMP_ADAPTER        pAd,
+       IN PUCHAR                       pAddr2,
+       IN CHAR                         Rssi0,
+       IN CHAR                         Rssi1,
+       IN CHAR                         Rssi2);
+
+VOID RTMPUpdateStaMgmtCounter(
+       IN PRTMP_ADAPTER        pAd,
+       IN USHORT                       type);
+
+VOID RTMPClearAllIdsCounter(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RTMPIdsStart(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RTMPIdsStop(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID rtmp_read_ids_from_file(
+                       IN  PRTMP_ADAPTER pAd,
+                       char *tmpbuf,
+                       char *buffer);
diff --git a/drivers/staging/rt3090/ap_mbss.h b/drivers/staging/rt3090/ap_mbss.h
new file mode 100644 (file)
index 0000000..f78556c
--- /dev/null
@@ -0,0 +1,72 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_mbss.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+#ifndef MODULE_MBSS
+
+#define MBSS_EXTERN    extern
+
+#else
+
+#define MBSS_EXTERN
+
+#endif // MODULE_MBSS //
+
+
+/* Public function list */
+MBSS_EXTERN VOID RT28xx_MBSS_Init(
+       IN PRTMP_ADAPTER ad_p,
+       IN PNET_DEV main_dev_p);
+
+MBSS_EXTERN VOID RT28xx_MBSS_Close(
+       IN PRTMP_ADAPTER ad_p);
+
+MBSS_EXTERN VOID RT28xx_MBSS_Remove(
+       IN PRTMP_ADAPTER ad_p);
+
+INT MBSS_VirtualIF_Open(
+       IN      PNET_DEV                        dev_p);
+INT MBSS_VirtualIF_Close(
+       IN      PNET_DEV                        dev_p);
+INT MBSS_VirtualIF_PacketSend(
+       IN PNDIS_PACKET                 skb_p,
+       IN PNET_DEV                             dev_p);
+INT MBSS_VirtualIF_Ioctl(
+       IN PNET_DEV                             dev_p,
+       IN OUT struct ifreq     *rq_p,
+       IN INT cmd);
+
+/* End of ap_mbss.h */
diff --git a/drivers/staging/rt3090/ap_uapsd.h b/drivers/staging/rt3090/ap_uapsd.h
new file mode 100644 (file)
index 0000000..d49a9e7
--- /dev/null
@@ -0,0 +1,636 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_uapsd.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+/* only for UAPSD_TIMING_RECORD */
+
+//#define UAPSD_TIMING_RECORD_FUNC
+
+#define UAPSD_TIMING_RECORD_MAX                                1000
+#define UAPSD_TIMING_RECORD_DISPLAY_TIMES      10
+
+#define UAPSD_TIMING_RECORD_ISR                                1
+#define UAPSD_TIMING_RECORD_TASKLET                    2
+#define UAPSD_TIMING_RECORD_TRG_RCV                    3
+#define UAPSD_TIMING_RECORD_MOVE2TX                    4
+#define UAPSD_TIMING_RECORD_TX2AIR                     5
+
+#define UAPSD_TIMING_CTRL_STOP                         0
+#define UAPSD_TIMING_CTRL_START                                1
+#define UAPSD_TIMING_CTRL_SUSPEND                      2
+
+#define UAPSD_TIMESTAMP_GET(__pAd, __TimeStamp)                        \
+       {                                                                                                       \
+               UINT32 __CSR=0; UINT64 __Value64;                               \
+               RTMP_IO_READ32((__pAd), TSF_TIMER_DW0, &__CSR); \
+               __TimeStamp = (UINT64)__CSR;                                    \
+               RTMP_IO_READ32((__pAd), TSF_TIMER_DW1, &__CSR); \
+               __Value64 = (UINT64)__CSR;                                              \
+               __TimeStamp |= (__Value64 << 32);                               \
+       }
+
+#ifdef LINUX
+#define UAPSD_TIME_GET(__pAd, __Time)                                  \
+               __Time = jiffies
+#endif // LINUX //
+
+
+#ifdef UAPSD_TIMING_RECORD_FUNC
+#define UAPSD_TIMING_RECORD_START()                            \
+       UAPSD_TimingRecordCtrl(UAPSD_TIMING_CTRL_START);
+#define UAPSD_TIMING_RECORD_STOP()                             \
+       UAPSD_TimingRecordCtrl(UAPSD_TIMING_CTRL_STOP);
+#define UAPSD_TIMING_RECORD(__pAd, __Type)             \
+       UAPSD_TimingRecord(__pAd, __Type);
+#define UAPSD_TIMING_RECORD_INDEX(__LoopIndex) \
+       UAPSD_TimeingRecordLoopIndex(__LoopIndex);
+#else
+
+#define UAPSD_TIMING_RECORD_START()
+#define UAPSD_TIMING_RECORD_STOP()
+#define UAPSD_TIMING_RECORD(__pAd, __type)
+#define UAPSD_TIMING_RECORD_INDEX(__LoopIndex)
+#endif // UAPSD_TIMING_RECORD_FUNC //
+
+
+#ifndef MODULE_WMM_UAPSD
+
+#define UAPSD_EXTERN                   extern
+
+/* Public Marco list */
+
+/*
+       Init some parameters in packet structure for QoS Null frame;
+       purpose: is for management frame tx done use
+*/
+#define UAPSD_MR_QOS_NULL_HANDLE(__pAd, __pData, __pPacket)                                    \
+       {                                                                                                                                               \
+               PHEADER_802_11 __pHeader = (PHEADER_802_11)(__pData);                           \
+               MAC_TABLE_ENTRY *__pEntry;                                                                                      \
+               if (__pHeader->FC.SubType == SUBTYPE_QOS_NULL)                                          \
+               {                                                                                                                                       \
+                       RTMP_SET_PACKET_QOS_NULL((__pPacket));                                                  \
+                       __pEntry = MacTableLookup((__pAd), __pHeader->Addr1);                   \
+                       if (__pEntry != NULL)                                                                                   \
+                       {                                                                                                                               \
+                               RTMP_SET_PACKET_WCID((__pPacket), __pEntry->Aid);                       \
+                       }                                                                                                                               \
+               }                                                                                                                                       \
+               else                                                                                                                            \
+               {                                                                                                                                       \
+                       RTMP_SET_PACKET_NON_QOS_NULL((__pPacket));                                              \
+               }                                                                                                                                       \
+       }
+
+/*
+       Init MAC entry UAPSD parameters;
+       purpose: initialize UAPSD PS queue and control parameters
+*/
+#define UAPSD_MR_ENTRY_INIT(__pEntry)                                                                          \
+       {                                                                                                                                               \
+               UINT16  __IdAc;                                                                                                         \
+               for(__IdAc=0; __IdAc<WMM_NUM_OF_AC; __IdAc++)                                           \
+                       InitializeQueueHeader(&(__pEntry)->UAPSDQueue[__IdAc]);                 \
+               (__pEntry)->UAPSDTxNum = 0;                                                                                     \
+               (__pEntry)->pUAPSDEOSPFrame = NULL;                                                                     \
+               (__pEntry)->bAPSDFlagSPStart = 0;                                                                       \
+               (__pEntry)->bAPSDFlagEOSPOK = 0;                                                                        \
+               (__pEntry)->MaxSPLength = 0;                                                                            \
+       }
+
+/*
+       Reset MAC entry UAPSD parameters;
+   purpose: clean all UAPSD PS queue; release the EOSP frame if exists;
+                       reset control parameters
+*/
+#define UAPSD_MR_ENTRY_RESET(__pAd, __pEntry)                                                          \
+       {                                                                                                                                               \
+               MAC_TABLE_ENTRY *__pSta;                                                                                        \
+               UINT32 __IdAc;                                                                                                          \
+               __pSta = (__pEntry);                                                                                            \
+               /* clear all U-APSD queues */                                                                           \
+               for(__IdAc=0; __IdAc<WMM_NUM_OF_AC; __IdAc++)                                           \
+                       APCleanupPsQueue((__pAd), &__pSta->UAPSDQueue[__IdAc]);         \
+               /* clear EOSP frame */                                                                                          \
+               __pSta->UAPSDTxNum = 0;                                                                                         \
+               if (__pSta->pUAPSDEOSPFrame != NULL) {                                                          \
+                       RELEASE_NDIS_PACKET((__pAd),                                                                    \
+                                                       QUEUE_ENTRY_TO_PACKET(__pSta->pUAPSDEOSPFrame), \
+                                                       NDIS_STATUS_FAILURE);                                                   \
+                       __pSta->pUAPSDEOSPFrame = NULL; }                                                               \
+               __pSta->bAPSDFlagSPStart = 0;                                                                           \
+               __pSta->bAPSDFlagEOSPOK = 0; }
+
+/*
+       Enable or disable UAPSD flag in WMM element in beacon frame;
+       purpose: set UAPSD enable/disable bit
+*/
+#define UAPSD_MR_IE_FILL(__QosCtrlField, __pAd)                                                                \
+               (__QosCtrlField) |= ((__pAd)->CommonCfg.bAPSDCapable) ? 0x80 : 0x00;
+
+/*
+       Check if we do NOT need to control TIM bit for the station;
+       note: we control TIM bit only when all AC are UAPSD AC
+*/
+#define UAPSD_MR_IS_NOT_TIM_BIT_NEEDED_HANDLED(__pMacEntry, __QueIdx)          \
+               (CLIENT_STATUS_TEST_FLAG((__pMacEntry), fCLIENT_STATUS_APSD_CAPABLE) && \
+                       (!(__pMacEntry)->bAPSDDeliverEnabledPerAC[QID_AC_VO] ||                 \
+                       !(__pMacEntry)->bAPSDDeliverEnabledPerAC[QID_AC_VI] ||                  \
+                       !(__pMacEntry)->bAPSDDeliverEnabledPerAC[QID_AC_BE] ||                  \
+                       !(__pMacEntry)->bAPSDDeliverEnabledPerAC[QID_AC_BK]) &&                 \
+               (__pMacEntry)->bAPSDDeliverEnabledPerAC[__QueIdx])
+
+/* check if the AC is UAPSD delivery-enabled AC */
+#define UAPSD_MR_IS_UAPSD_AC(__pMacEntry, __AcId)                                                      \
+               (CLIENT_STATUS_TEST_FLAG((__pMacEntry), fCLIENT_STATUS_APSD_CAPABLE) && \
+                       ((0 <= (__AcId)) && ((__AcId) < WMM_NUM_OF_AC)) && /* 0 ~ 3 */  \
+                       (__pMacEntry)->bAPSDDeliverEnabledPerAC[(__AcId)])
+
+/* check if all AC are UAPSD delivery-enabled AC */
+#define UAPSD_MR_IS_ALL_AC_UAPSD(__FlgIsActive, __pMacEntry)                           \
+               (((__FlgIsActive) == FALSE) && ((__pMacEntry)->bAPSDAllAC == 1))
+
+/* suspend SP */
+#define UAPSD_MR_SP_SUSPEND(__pAd)                                                                                     \
+               (__pAd)->bAPSDFlagSPSuspend = 1;
+
+/* resume SP */
+#define UAPSD_MR_SP_RESUME(__pAd)                                                                                      \
+               (__pAd)->bAPSDFlagSPSuspend = 0;
+
+/* mark PS poll frame sent in mix mode */
+#ifdef RTMP_MAC_PCI
+/*
+       Note:
+       (1) When SP is not started, try to mark a flag to record if the legacy ps
+               packet is handled in statistics handler;
+       (2) When SP is started, increase the UAPSD count number for the legacy PS.
+*/
+#define UAPSD_MR_MIX_PS_POLL_RCV(__pAd, __pMacEntry)                                           \
+               if ((__pMacEntry)->bAPSDFlagSpRoughUse == 0)                                            \
+               {                                                                                                                                       \
+                       if ((__pMacEntry)->bAPSDFlagSPStart == 0)                                               \
+                       {                                                                                                                               \
+                               if ((__pMacEntry)->bAPSDFlagLegacySent == 1)                            \
+                                       NICUpdateFifoStaCounters((__pAd));                                              \
+                               (__pMacEntry)->bAPSDFlagLegacySent = 1;                                         \
+                       }                                                                                                                               \
+                       else                                                                                                                    \
+                       {                                                                                                                               \
+                               (__pMacEntry)->UAPSDTxNum ++;                                                           \
+                       }                                                                                                                               \
+               }
+#endif // RTMP_MAC_PCI //
+
+
+#else
+
+#define UAPSD_EXTERN
+#define UAPSD_QOS_NULL_QUE_ID  0x7f
+
+#ifdef RTMP_MAC_PCI
+/*
+       In RT2870, FIFO counter is for all stations, not for per-entry,
+       so we can not use accurate method in RT2870
+*/
+
+/*
+       Note for SP ACCURATE Mechanism:
+       1. When traffic is busy for the PS station
+               Statistics FIFO counter maybe overflow before we read it, so UAPSD
+               counting mechanism will not accurately.
+
+               Solution:
+               We need to avoid the worse case so we suggest a maximum interval for
+               a SP that the interval between last frame from QAP and data frame from
+               QSTA is larger than UAPSD_EPT_SP_INT.
+
+       2. When traffic use CCK/1Mbps from QAP
+               Statistics FIFO will not count the packet. There are 2 cases:
+               (1) We force to downgrage ARP response & DHCP packet to 1Mbps;
+               (2) After rate switch mechanism, tx rate is fixed to 1Mbps.
+
+               Solution:
+               Use old DMA UAPSD mechanism.
+
+       3. When part of AC uses legacy PS mode
+               Statistics count will inclue packet statistics for legacy PS packets
+               so we can not know which one is UAPSD, which one is legacy.
+
+               Solution:
+               Cound the legacy PS packet.
+
+       4. Check FIFO statistics count in Rx Done function
+               We can not to check TX FIFO statistics count in Rx Done function or
+               the real packet tx/rx sequence will be disarranged.
+
+               Solution:
+               Suspend SP handle before rx done and resume SP handle after rx done.
+*/
+#define UAPSD_SP_ACCURATE              /* use more accurate method to send EOSP */
+#endif // RTMP_MAC_PCI //
+
+#define UAPSD_EPT_SP_INT               (100000/(1000000/OS_HZ)) /* 100ms */
+
+#endif // MODULE_WMM_UAPSD //
+
+
+/* max UAPSD buffer queue size */
+#define MAX_PACKETS_IN_UAPSD_QUEUE     16      /* for each AC = 16*4 = 64 */
+
+
+/* Public function list */
+/*
+========================================================================
+Routine Description:
+       UAPSD Module Init.
+
+Arguments:
+       pAd             Pointer to our adapter
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_Init(
+       IN      PRTMP_ADAPTER           pAd);
+
+
+/*
+========================================================================
+Routine Description:
+       UAPSD Module Release.
+
+Arguments:
+       pAd             Pointer to our adapter
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_Release(
+       IN      PRTMP_ADAPTER           pAd);
+
+
+/*
+========================================================================
+Routine Description:
+       Free all EOSP frames and close all SP.
+
+Arguments:
+       pAd             Pointer to our adapter
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_FreeAll(
+       IN      PRTMP_ADAPTER           pAd);
+
+
+/*
+========================================================================
+Routine Description:
+       Close current Service Period.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       pEntry                  Close the SP of the entry
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_SP_Close(
+    IN  PRTMP_ADAPTER       pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry);
+
+
+/*
+========================================================================
+Routine Description:
+       Deliver all queued packets.
+
+Arguments:
+       pAd            Pointer to our adapter
+       *pEntry        STATION
+
+Return Value:
+       None
+
+Note:
+       SMP protection by caller for packet enqueue.
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_AllPacketDeliver(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry);
+
+
+/*
+========================================================================
+Routine Description:
+       Parse the UAPSD field in WMM element in (re)association request frame.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       *pEntry                 STATION
+       *pElm                   QoS information field
+
+Return Value:
+       None
+
+Note:
+       No protection is needed.
+
+       1. Association -> TSPEC:
+               use static UAPSD settings in Association
+               update UAPSD settings in TSPEC
+
+       2. Association -> TSPEC(11r) -> Reassociation:
+               update UAPSD settings in TSPEC
+               backup static UAPSD settings in Reassociation
+
+       3. Association -> Reassociation:
+               update UAPSD settings in TSPEC
+               backup static UAPSD settings in Reassociation
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_AssocParse(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry,
+       IN      UCHAR                           *pElm);
+
+
+/*
+========================================================================
+Routine Description:
+       Enqueue a UAPSD packet.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       *pEntry                 STATION
+       pPacket                 UAPSD dnlink packet
+       IdAc                    UAPSD AC ID (0 ~ 3)
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_PacketEnqueue(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry,
+       IN      PNDIS_PACKET            pPacket,
+       IN      UINT32                          IdAc);
+
+
+/*
+========================================================================
+Routine Description:
+       Handle QoS Null Frame Tx Done or Management Tx Done interrupt.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       pPacket                 Completed TX packet
+       pDstMac                 Destinated MAC address
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_QoSNullTxMgmtTxDoneHandle(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      PNDIS_PACKET            pPacket,
+       IN      UCHAR                           *pDstMac);
+
+
+/*
+========================================================================
+Routine Description:
+       Maintenance our UAPSD PS queue.  Release all queued packet if timeout.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       *pEntry                 STATION
+
+Return Value:
+       None
+
+Note:
+       If in RT2870, pEntry can not be removed during UAPSD_QueueMaintenance()
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_QueueMaintenance(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry);
+
+
+/*
+========================================================================
+Routine Description:
+       Close SP in Tx Done, not Tx DMA Done.
+
+Arguments:
+       pAd            Pointer to our adapter
+       pEntry                  destination entry
+       FlgSuccess              0:tx success, 1:tx fail
+
+Return Value:
+    None
+
+Note:
+       For RT28xx series, for packetID=0 or multicast frame, no statistics
+       count can be got, ex: ARP response or DHCP packets, we will use
+       low rate to set (CCK, MCS=0=packetID).
+       So SP will not be close until UAPSD_EPT_SP_INT timeout.
+
+       So if the tx rate is 1Mbps for a entry, we will use DMA done, not
+       use UAPSD_SP_AUE_Handle().
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_SP_AUE_Handle(
+       IN RTMP_ADAPTER         *pAd,
+    IN MAC_TABLE_ENTRY *pEntry,
+       IN UCHAR                        FlgSuccess);
+
+
+/*
+========================================================================
+Routine Description:
+       Close current Service Period.
+
+Arguments:
+       pAd                             Pointer to our adapter
+
+Return Value:
+       None
+
+Note:
+       When we receive EOSP frame tx done interrupt and a uplink packet
+       from the station simultaneously, we will regard it as a new trigger
+       frame because the packet is received when EOSP frame tx done interrupt.
+
+       We can not sure the uplink packet is sent after old SP or in the old SP.
+       So we must close the old SP in receive done ISR to avoid the problem.
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_SP_CloseInRVDone(
+       IN      PRTMP_ADAPTER           pAd);
+
+
+/*
+========================================================================
+Routine Description:
+       Check if we need to close current SP.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       pPacket                 Completed TX packet
+       pDstMac                 Destinated MAC address
+
+Return Value:
+       None
+
+Note:
+       1. We need to call the function in TxDone ISR.
+       2. SMP protection by caller for packet enqueue.
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_SP_PacketCheck(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      PNDIS_PACKET            pPacket,
+       IN      UCHAR                           *pDstMac);
+
+
+#ifdef UAPSD_TIMING_RECORD_FUNC
+/*
+========================================================================
+Routine Description:
+       Enable/Disable Timing Record Function.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       Flag                    1 (Enable) or 0 (Disable)
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_TimingRecordCtrl(
+       IN      UINT32                          Flag);
+
+/*
+========================================================================
+Routine Description:
+       Record some timings.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       Type                    The timing is for what type
+
+Return Value:
+       None
+
+Note:
+       UAPSD_TIMING_RECORD_ISR
+       UAPSD_TIMING_RECORD_TASKLET
+       UAPSD_TIMING_RECORD_TRG_RCV
+       UAPSD_TIMING_RECORD_MOVE2TX
+       UAPSD_TIMING_RECORD_TX2AIR
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_TimingRecord(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      UINT32                          Type);
+
+/*
+========================================================================
+Routine Description:
+       Record the loop index for received packet handle.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       LoopIndex               The RxProcessed in APRxDoneInterruptHandle()
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_TimeingRecordLoopIndex(
+       IN      UINT32                          LoopIndex);
+#endif // UAPSD_TIMING_RECORD_FUNC //
+
+
+/*
+========================================================================
+Routine Description:
+       Handle UAPSD Trigger Frame.
+
+Arguments:
+       pAd                             Pointer to our adapter
+       *pEntry                 the source STATION
+       UpOfFrame               the UP of the trigger frame
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+UAPSD_EXTERN VOID UAPSD_TriggerFrameHandle(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      MAC_TABLE_ENTRY         *pEntry,
+       IN      UCHAR                           UpOfFrame);
+
+
+
+/* End of ap_uapsd.h */
diff --git a/drivers/staging/rt3090/ap_wds.h b/drivers/staging/rt3090/ap_wds.h
new file mode 100644 (file)
index 0000000..efcb107
--- /dev/null
@@ -0,0 +1,212 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_cfg.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Fonchi    02-13-2007      created
+*/
+
+#ifndef _AP_WDS_H_
+#define _AP_WDS_H_
+
+#define WDS_ENTRY_RETRY_INTERVAL       (100 * OS_HZ / 1000)
+
+
+static inline BOOLEAN WDS_IF_UP_CHECK(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  ULONG ifidx)
+{
+       if ((pAd->flg_wds_init != TRUE) ||
+               (ifidx >= MAX_WDS_ENTRY))
+               return FALSE;
+
+//     if (pAd->WdsTab.WdsEntry[ifidx].dev->flags & IFF_UP)
+// Patch for wds ,when dirver call apmlmeperiod => APMlmeDynamicTxRateSwitching check if wds device ready
+if ((pAd->WdsTab.WdsEntry[ifidx].dev != NULL) && (pAd->WdsTab.WdsEntry[ifidx].dev->flags & IFF_UP))
+               return TRUE;
+
+       return FALSE;
+}
+
+LONG WdsEntryAlloc(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pAddr);
+
+VOID WdsEntryDel(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pAddr);
+
+MAC_TABLE_ENTRY *MacTableInsertWDSEntry(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR pAddr,
+       UINT WdsTabIdx);
+
+BOOLEAN MacTableDeleteWDSEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT wcid,
+       IN PUCHAR pAddr);
+
+
+BOOLEAN ApWdsAllowToSendPacket(
+       IN RTMP_ADAPTER *pAd,
+       IN PNDIS_PACKET pPacket,
+       OUT     UCHAR           *pWcid);
+
+MAC_TABLE_ENTRY *WdsTableLookupByWcid(
+    IN  PRTMP_ADAPTER   pAd,
+       IN UCHAR wcid,
+       IN PUCHAR pAddr,
+       IN BOOLEAN bResetIdelCount);
+
+MAC_TABLE_ENTRY *WdsTableLookup(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PUCHAR          pAddr,
+       IN BOOLEAN bResetIdelCount);
+
+MAC_TABLE_ENTRY *FindWdsEntry(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Wcid,
+       IN PUCHAR                       pAddr,
+       IN UINT32                       PhyMode);
+
+VOID WdsTableMaintenance(
+    IN PRTMP_ADAPTER    pAd);
+
+VOID RT28xx_WDS_Init(
+       IN PRTMP_ADAPTER pAd,
+       IN PNET_DEV net_dev);
+
+VOID RT28xx_WDS_Close(
+       IN PRTMP_ADAPTER pAd);
+
+VOID RT28xx_WDS_Remove(
+       IN PRTMP_ADAPTER pAd);
+
+VOID WdsDown(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicUpdateWdsRxWCIDTable(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicUpdateWdsEncryption(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR wcid);
+
+VOID WdsPeerBeaconProc(
+       IN PRTMP_ADAPTER pAd,
+       IN PMAC_TABLE_ENTRY pEntry,
+       IN USHORT CapabilityInfo,
+       IN UCHAR MaxSupportedRateIn500Kbps,
+       IN UCHAR MaxSupportedRateLen,
+       IN BOOLEAN bWmmCapable,
+       IN ULONG ClientRalinkIe,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN UCHAR HtCapabilityLen);
+
+VOID APWdsInitialize(
+       IN PRTMP_ADAPTER pAd);
+
+INT    Show_WdsTable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+VOID rtmp_read_wds_from_file(
+                       IN  PRTMP_ADAPTER pAd,
+                       PSTRING tmpbuf,
+                       PSTRING buffer);
+
+VOID WdsPrepareWepKeyFromMainBss(
+       IN  PRTMP_ADAPTER pAd);
+
+INT WdsVirtualIFSendPackets(
+       IN PNDIS_PACKET pSkb,
+       IN PNET_DEV dev);
+
+INT WdsVirtualIF_open(
+       IN PNET_DEV dev);
+
+INT WdsVirtualIF_close(
+       IN PNET_DEV dev);
+
+INT WdsVirtualIF_ioctl(
+       IN PNET_DEV net_dev,
+       IN OUT struct ifreq *rq,
+       IN INT cmd);
+
+/*
+       ==========================================================================
+       Description:
+               Check the WDS Entry is valid or not.
+       ==========================================================================
+ */
+static inline BOOLEAN ValidWdsEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR WdsIndex)
+{
+       BOOLEAN result;
+       PMAC_TABLE_ENTRY pMacEntry;
+
+       do
+       {
+               if (WdsIndex >= MAX_WDS_ENTRY)
+               {
+                       result = FALSE;
+                       break;
+               }
+
+               if (pAd->WdsTab.WdsEntry[WdsIndex].Valid != TRUE)
+               {
+                       result = FALSE;
+                       break;
+               }
+
+               if ((pAd->WdsTab.WdsEntry[WdsIndex].MacTabMatchWCID==0)
+                       || (pAd->WdsTab.WdsEntry[WdsIndex].MacTabMatchWCID >= MAX_LEN_OF_MAC_TABLE))
+               {
+                       result = FALSE;
+                       break;
+               }
+
+               pMacEntry = &pAd->MacTab.Content[pAd->WdsTab.WdsEntry[WdsIndex].MacTabMatchWCID];
+               if (pMacEntry->ValidAsWDS != TRUE)
+               {
+                       result = FALSE;
+                       break;
+               }
+
+               result = TRUE;
+       } while(FALSE);
+
+       return result;
+}
+#endif // _AP_WDS_H_ //
diff --git a/drivers/staging/rt3090/chips/rt3090.c b/drivers/staging/rt3090/chips/rt3090.c
new file mode 100644 (file)
index 0000000..35c549d
--- /dev/null
@@ -0,0 +1,123 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt3090.c
+
+       Abstract:
+       Specific funcitons and variables for RT3070
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#ifdef RT3090
+
+#include "../rt_config.h"
+
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "You Should Enable compile flag RTMP_RF_RW_SUPPORT for this chip"
+#endif // RTMP_RF_RW_SUPPORT //
+
+
+VOID NICInitRT3090RFRegisters(IN PRTMP_ADAPTER pAd)
+{
+               INT i;
+       // Driver must read EEPROM to get RfIcType before initial RF registers
+       // Initialize RF register to default value
+       if (IS_RT3090(pAd))
+       {
+               // Init RF calibration
+               // Driver should toggle RF R30 bit7 before init RF registers
+               UINT32 RfReg = 0, data;
+
+               RT30xxReadRFRegister(pAd, RF_R30, (PUCHAR)&RfReg);
+               RfReg |= 0x80;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+               RTMPusecDelay(1000);
+               RfReg &= 0x7F;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+
+               // init R24, R31
+               RT30xxWriteRFRegister(pAd, RF_R24, 0x0F);
+               RT30xxWriteRFRegister(pAd, RF_R31, 0x0F);
+
+               // RT309x version E has fixed this issue
+               if ((pAd->NicConfig2.field.DACTestBit == 1) && ((pAd->MACVersion & 0xffff) < 0x0211))
+               {
+                       // patch tx EVM issue temporarily
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &data);
+                       data = ((data & 0xE0FFFFFF) | 0x0D000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, data);
+               }
+               else
+               {
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &data);
+                       data = ((data & 0xE0FFFFFF) | 0x01000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, data);
+               }
+
+               // patch LNA_PE_G1 failed issue
+               RTMP_IO_READ32(pAd, GPIO_SWITCH, &data);
+               data &= ~(0x20);
+               RTMP_IO_WRITE32(pAd, GPIO_SWITCH, data);
+
+               // Initialize RF register to default value
+               for (i = 0; i < NUM_RF_REG_PARMS; i++)
+               {
+                       RT30xxWriteRFRegister(pAd, RT30xx_RFRegTable[i].Register, RT30xx_RFRegTable[i].Value);
+               }
+
+               // Driver should set RF R6 bit6 on before calibration
+               RT30xxReadRFRegister(pAd, RF_R06, (PUCHAR)&RfReg);
+               RfReg |= 0x40;
+               RT30xxWriteRFRegister(pAd, RF_R06, (UCHAR)RfReg);
+
+               //For RF filter Calibration
+               RTMPFilterCalibration(pAd);
+
+               // Initialize RF R27 register, set RF R27 must be behind RTMPFilterCalibration()
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+                       RT30xxWriteRFRegister(pAd, RF_R27, 0x3);
+
+               // set led open drain enable
+               RTMP_IO_READ32(pAd, OPT_14, &data);
+               data |= 0x01;
+               RTMP_IO_WRITE32(pAd, OPT_14, data);
+
+               // set default antenna as main
+               if (pAd->RfIcType == RFIC_3020)
+                       AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+
+               // add by johnli, RF power sequence setup, load RF normal operation-mode setup
+               RT30xxLoadRFNormalModeSetup(pAd);
+       }
+
+}
+
+#endif // RT3090 //
diff --git a/drivers/staging/rt3090/chips/rt30xx.c b/drivers/staging/rt3090/chips/rt30xx.c
new file mode 100644 (file)
index 0000000..9c8ae00
--- /dev/null
@@ -0,0 +1,525 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt30xx.c
+
+       Abstract:
+       Specific funcitons and variables for RT30xx.
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+
+#ifdef RT30xx
+
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "You Should Enable compile flag RTMP_RF_RW_SUPPORT for this chip"
+#endif // RTMP_RF_RW_SUPPORT //
+
+#include "../rt_config.h"
+
+
+//
+// RF register initialization set
+//
+REG_PAIR   RT30xx_RFRegTable[] = {
+        {RF_R04,          0x40},
+        {RF_R05,          0x03},
+        {RF_R06,          0x02},
+        {RF_R07,          0x70},
+        {RF_R09,          0x0F},
+        {RF_R10,          0x41},
+        {RF_R11,          0x21},
+        {RF_R12,          0x7B},
+        {RF_R14,          0x90},
+        {RF_R15,          0x58},
+        {RF_R16,          0xB3},
+        {RF_R17,          0x92},
+        {RF_R18,          0x2C},
+        {RF_R19,          0x02},
+        {RF_R20,          0xBA},
+        {RF_R21,          0xDB},
+        {RF_R24,          0x16},
+        {RF_R25,          0x01},
+        {RF_R29,          0x1F},
+};
+
+UCHAR NUM_RF_REG_PARMS = (sizeof(RT30xx_RFRegTable) / sizeof(REG_PAIR));
+
+
+
+// Antenna divesity use GPIO3 and EESK pin for control
+// Antenna and EEPROM access are both using EESK pin,
+// Therefor we should avoid accessing EESK at the same time
+// Then restore antenna after EEPROM access
+// The original name of this function is AsicSetRxAnt(), now change to
+//VOID AsicSetRxAnt(
+VOID RT30xxSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant)
+{
+       UINT32  Value;
+       UINT32  x;
+
+       if ((pAd->EepromAccess) ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS))  ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))   ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF)) ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)))
+       {
+               return;
+       }
+
+       // the antenna selection is through firmware and MAC register(GPIO3)
+       if (Ant == 0)
+       {
+               // Main antenna
+#ifdef RTMP_MAC_PCI
+               RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+               x |= (EESK);
+               RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+#else
+               AsicSendCommandToMcu(pAd, 0x73, 0xFF, 0x1, 0x0);
+#endif // RTMP_MAC_PCI //
+
+               RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &Value);
+               Value &= ~(0x0808);
+               RTMP_IO_WRITE32(pAd, GPIO_CTRL_CFG, Value);
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("AsicSetRxAnt, switch to main antenna\n"));
+       }
+       else
+       {
+               // Aux antenna
+#ifdef RTMP_MAC_PCI
+               RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+               x &= ~(EESK);
+               RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+#else
+               AsicSendCommandToMcu(pAd, 0x73, 0xFF, 0x0, 0x0);
+#endif // RTMP_MAC_PCI //
+               RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &Value);
+               Value &= ~(0x0808);
+               Value |= 0x08;
+               RTMP_IO_WRITE32(pAd, GPIO_CTRL_CFG, Value);
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("AsicSetRxAnt, switch to aux antenna\n"));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               For RF filter calibration purpose
+
+       Arguments:
+               pAd                          Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+VOID RTMPFilterCalibration(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR   R55x = 0, value, FilterTarget = 0x1E, BBPValue=0;
+       UINT    loop = 0, count = 0, loopcnt = 0, ReTry = 0;
+       UCHAR   RF_R24_Value = 0;
+
+       // Give bbp filter initial value
+       pAd->Mlme.CaliBW20RfR24 = 0x1F;
+       pAd->Mlme.CaliBW40RfR24 = 0x2F; //Bit[5] must be 1 for BW 40
+
+       do
+       {
+               if (loop == 1)  //BandWidth = 40 MHz
+               {
+                       // Write 0x27 to RF_R24 to program filter
+                       RF_R24_Value = 0x27;
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+                       if (IS_RT3090(pAd) || IS_RT3572(pAd)|| IS_RT3390(pAd))
+                               FilterTarget = 0x15;
+                       else
+                               FilterTarget = 0x19;
+
+                       // when calibrate BW40, BBP mask must set to BW40.
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue&= (~0x18);
+                       BBPValue|= (0x10);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+                       // set to BW40
+                       RT30xxReadRFRegister(pAd, RF_R31, &value);
+                       value |= 0x20;
+                       RT30xxWriteRFRegister(pAd, RF_R31, value);
+               }
+               else                    //BandWidth = 20 MHz
+               {
+                       // Write 0x07 to RF_R24 to program filter
+                       RF_R24_Value = 0x07;
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+                       if (IS_RT3090(pAd) || IS_RT3572(pAd)|| IS_RT3390(pAd))
+                               FilterTarget = 0x13;
+                       else
+                               FilterTarget = 0x16;
+
+                       // set to BW20
+                       RT30xxReadRFRegister(pAd, RF_R31, &value);
+                       value &= (~0x20);
+                       RT30xxWriteRFRegister(pAd, RF_R31, value);
+               }
+
+               // Write 0x01 to RF_R22 to enable baseband loopback mode
+               RT30xxReadRFRegister(pAd, RF_R22, &value);
+               value |= 0x01;
+               RT30xxWriteRFRegister(pAd, RF_R22, value);
+
+               // Write 0x00 to BBP_R24 to set power & frequency of passband test tone
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0);
+
+               do
+               {
+                       // Write 0x90 to BBP_R25 to transmit test tone
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R25, 0x90);
+
+                       RTMPusecDelay(1000);
+                       // Read BBP_R55[6:0] for received power, set R55x = BBP_R55[6:0]
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R55, &value);
+                       R55x = value & 0xFF;
+
+               } while ((ReTry++ < 100) && (R55x == 0));
+
+               // Write 0x06 to BBP_R24 to set power & frequency of stopband test tone
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0x06);
+
+               while(TRUE)
+               {
+                       // Write 0x90 to BBP_R25 to transmit test tone
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R25, 0x90);
+
+                       //We need to wait for calibration
+                       RTMPusecDelay(1000);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R55, &value);
+                       value &= 0xFF;
+                       if ((R55x - value) < FilterTarget)
+                       {
+                               RF_R24_Value ++;
+                       }
+                       else if ((R55x - value) == FilterTarget)
+                       {
+                               RF_R24_Value ++;
+                               count ++;
+                       }
+                       else
+                       {
+                               break;
+                       }
+
+                       // prevent infinite loop cause driver hang.
+                       if (loopcnt++ > 100)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("RTMPFilterCalibration - can't find a valid value, loopcnt=%d stop calibrating", loopcnt));
+                               break;
+                       }
+
+                       // Write RF_R24 to program filter
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+               }
+
+               if (count > 0)
+               {
+                       RF_R24_Value = RF_R24_Value - ((count) ? (1) : (0));
+               }
+
+               // Store for future usage
+               if (loopcnt < 100)
+               {
+                       if (loop++ == 0)
+                       {
+                               //BandWidth = 20 MHz
+                               pAd->Mlme.CaliBW20RfR24 = (UCHAR)RF_R24_Value;
+                       }
+                       else
+                       {
+                               //BandWidth = 40 MHz
+                               pAd->Mlme.CaliBW40RfR24 = (UCHAR)RF_R24_Value;
+                               break;
+                       }
+               }
+               else
+                       break;
+
+               RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+
+               // reset count
+               count = 0;
+       } while(TRUE);
+
+       //
+       // Set back to initial state
+       //
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0);
+
+       RT30xxReadRFRegister(pAd, RF_R22, &value);
+       value &= ~(0x01);
+       RT30xxWriteRFRegister(pAd, RF_R22, value);
+
+       // set BBP back to BW20
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+       BBPValue&= (~0x18);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPFilterCalibration - CaliBW20RfR24=0x%x, CaliBW40RfR24=0x%x\n", pAd->Mlme.CaliBW20RfR24, pAd->Mlme.CaliBW40RfR24));
+}
+
+
+// add by johnli, RF power sequence setup
+/*
+       ==========================================================================
+       Description:
+
+       Load RF normal operation-mode setup
+
+       ==========================================================================
+ */
+VOID RT30xxLoadRFNormalModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+
+       // RX0_PD & TX0_PD, RF R1 register Bit 2 & Bit 3 to 0 and RF_BLOCK_en,RX1_PD & TX1_PD, Bit0, Bit 4 & Bit5 to 1
+       RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+       RFValue = (RFValue & (~0x0C)) | 0x31;
+       RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+       // TX_LO2_en, RF R15 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R15, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R15, RFValue);
+
+       /* move to NICInitRT30xxRFRegisters
+       // TX_LO1_en, RF R17 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R17, &RFValue);
+       RFValue &= (~0x08);
+       // to fix rx long range issue
+       if (((pAd->MACVersion & 0xffff) >= 0x0211) && (pAd->NicConfig2.field.ExternalLNAForG == 0))
+       {
+               RFValue |= 0x20;
+       }
+       // set RF_R17_bit[2:0] equal to EEPROM setting at 0x48h
+       if (pAd->TxMixerGain24G >= 2)
+       {
+               RFValue &= (~0x7);  // clean bit [2:0]
+               RFValue |= pAd->TxMixerGain24G;
+       }
+       RT30xxWriteRFRegister(pAd, RF_R17, RFValue);
+       */
+
+       // RX_LO1_en, RF R20 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R20, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R20, RFValue);
+
+       // RX_LO2_en, RF R21 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+
+       /* add by johnli, reset RF_R27 when interface down & up to fix throughput problem*/
+       // LDORF_VC, RF R27 register Bit 2 to 0
+       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+       // TX to RX IQ glitch(RF_R27) has been fixed in RT3070(F).
+       // Raising RF voltage is no longer needed for RT3070(F)
+       if (IS_RT3090(pAd))     // RT309x and RT3071/72
+       {
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+                       RFValue = (RFValue & (~0x77)) | 0x3;
+               else
+                       RFValue = (RFValue & (~0x77));
+               RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+       }
+       /* end johnli */
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       Load RF sleep-mode setup
+
+       ==========================================================================
+ */
+VOID RT30xxLoadRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+       UINT32 MACValue;
+
+
+       {
+               // RF_BLOCK_en. RF R1 register Bit 0 to 0
+               RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+               RFValue &= (~0x01);
+               RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+               // VCO_IC, RF R7 register Bit 4 & Bit 5 to 0
+               RT30xxReadRFRegister(pAd, RF_R07, &RFValue);
+               RFValue &= (~0x30);
+               RT30xxWriteRFRegister(pAd, RF_R07, RFValue);
+
+               // Idoh, RF R9 register Bit 1, Bit 2 & Bit 3 to 0
+               RT30xxReadRFRegister(pAd, RF_R09, &RFValue);
+               RFValue &= (~0x0E);
+               RT30xxWriteRFRegister(pAd, RF_R09, RFValue);
+
+               // RX_CTB_en, RF R21 register Bit 7 to 0
+               RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+               RFValue &= (~0x80);
+               RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+       }
+
+       if (IS_RT3090(pAd) ||   // IS_RT3090 including RT309x and RT3071/72
+               IS_RT3572(pAd) ||
+               (IS_RT3070(pAd) && ((pAd->MACVersion & 0xffff) < 0x0201)))
+       {
+               {
+                       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+                       RFValue |= 0x77;
+                       RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+               }
+
+               RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+               MACValue |= 0x1D000000;
+               RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       Reverse RF sleep-mode setup
+
+       ==========================================================================
+ */
+VOID RT30xxReverseRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+       UINT32 MACValue;
+
+       {
+               // RF_BLOCK_en, RF R1 register Bit 0 to 1
+               RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+               RFValue |= 0x01;
+               RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+               // VCO_IC, RF R7 register Bit 4 & Bit 5 to 1
+               RT30xxReadRFRegister(pAd, RF_R07, &RFValue);
+               RFValue |= 0x30;
+               RT30xxWriteRFRegister(pAd, RF_R07, RFValue);
+
+               // Idoh, RF R9 register Bit 1, Bit 2 & Bit 3 to 1
+               RT30xxReadRFRegister(pAd, RF_R09, &RFValue);
+               RFValue |= 0x0E;
+               RT30xxWriteRFRegister(pAd, RF_R09, RFValue);
+
+               // RX_CTB_en, RF R21 register Bit 7 to 1
+               RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+               RFValue |= 0x80;
+               RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+       }
+
+       if (IS_RT3090(pAd) ||   // IS_RT3090 including RT309x and RT3071/72
+               IS_RT3572(pAd) ||
+               IS_RT3390(pAd) ||
+               (IS_RT3070(pAd) && ((pAd->MACVersion & 0xffff) < 0x0201)))
+       {
+               {
+                       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+                       if ((pAd->MACVersion & 0xffff) < 0x0211)
+                               RFValue = (RFValue & (~0x77)) | 0x3;
+                       else
+                               RFValue = (RFValue & (~0x77));
+                       RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+               }
+
+               // RT3071 version E has fixed this issue
+               if ((pAd->NicConfig2.field.DACTestBit == 1) && ((pAd->MACVersion & 0xffff) < 0x0211))
+               {
+                       // patch tx EVM issue temporarily
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+                       MACValue = ((MACValue & 0xE0FFFFFF) | 0x0D000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+               }
+               else
+               {
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+                       MACValue = ((MACValue & 0xE0FFFFFF) | 0x01000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+               }
+       }
+
+       if(IS_RT3572(pAd))
+               RT30xxWriteRFRegister(pAd, RF_R08, 0x80);
+}
+// end johnli
+
+VOID RT30xxHaltAction(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32          TxPinCfg = 0x00050F0F;
+
+       //
+       // Turn off LNA_PE or TRSW_POL
+       //
+       if (IS_RT3070(pAd) || IS_RT3071(pAd) || IS_RT3572(pAd))
+       {
+               if ((IS_RT3071(pAd) || IS_RT3572(pAd))
+#ifdef RTMP_EFUSE_SUPPORT
+                       && (pAd->bUseEfuse)
+#endif // RTMP_EFUSE_SUPPORT //
+                       )
+               {
+                       TxPinCfg &= 0xFFFBF0F0; // bit18 off
+               }
+               else
+               {
+                       TxPinCfg &= 0xFFFFF0F0;
+               }
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+       }
+}
+
+#endif // RT30xx //
diff --git a/drivers/staging/rt3090/chips/rt3370.c b/drivers/staging/rt3090/chips/rt3370.c
new file mode 100644 (file)
index 0000000..38ecb06
--- /dev/null
@@ -0,0 +1,121 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt3370.c
+
+       Abstract:
+       Specific funcitons and variables for RT30xx.
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#ifdef RT3370
+
+#include "../rt_config.h"
+
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "You Should Enable compile flag RTMP_RF_RW_SUPPORT for this chip"
+#endif // RTMP_RF_RW_SUPPORT //
+
+
+VOID NICInitRT3370RFRegisters(IN PRTMP_ADAPTER pAd)
+{
+               INT i;
+       // Driver must read EEPROM to get RfIcType before initial RF registers
+       // Initialize RF register to default value
+       if (IS_RT3090(pAd)||IS_RT3390(pAd)||IS_RT3572(pAd))
+       {
+               // Init RF calibration
+               // Driver should toggle RF R30 bit7 before init RF registers
+               UINT32 RfReg = 0, data;
+
+               RT30xxReadRFRegister(pAd, RF_R30, (PUCHAR)&RfReg);
+               RfReg |= 0x80;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+               RTMPusecDelay(1000);
+               RfReg &= 0x7F;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+
+               // init R24, R31
+               RT30xxWriteRFRegister(pAd, RF_R24, 0x0F);
+               RT30xxWriteRFRegister(pAd, RF_R31, 0x0F);
+
+               if (IS_RT3390(pAd))
+               {
+                       // patch LNA_PE_G1 failed issue
+                       RTMP_IO_READ32(pAd, GPIO_SWITCH, &data);
+                       data &= ~(0x20);
+                       RTMP_IO_WRITE32(pAd, GPIO_SWITCH, data);
+
+                       // RF registers initialization
+                       for (i = 0; i < NUM_RF_REG_PARMS_OVER_RT3390; i++)
+                       {
+                               RT30xxWriteRFRegister(pAd, RFRegTableOverRT3390[i].Register, RFRegTableOverRT3390[i].Value);
+                       }
+               }
+
+               // patch LNA_PE_G1 failed issue
+               RTMP_IO_READ32(pAd, GPIO_SWITCH, &data);
+               data &= ~(0x20);
+               RTMP_IO_WRITE32(pAd, GPIO_SWITCH, data);
+
+               // Initialize RF register to default value
+               for (i = 0; i < NUM_RF_REG_PARMS_OVER_RT3390; i++)
+               {
+                       RT30xxWriteRFRegister(pAd, RT30xx_RFRegTable[i].Register, RT30xx_RFRegTable[i].Value);
+               }
+
+               // Driver should set RF R6 bit6 on before calibration
+               RT30xxReadRFRegister(pAd, RF_R06, (PUCHAR)&RfReg);
+               RfReg |= 0x40;
+               RT30xxWriteRFRegister(pAd, RF_R06, (UCHAR)RfReg);
+
+               //For RF filter Calibration
+               RTMPFilterCalibration(pAd);
+
+               // Initialize RF R27 register, set RF R27 must be behind RTMPFilterCalibration()
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+                       RT30xxWriteRFRegister(pAd, RF_R27, 0x3);
+
+               // set led open drain enable
+               RTMP_IO_READ32(pAd, OPT_14, &data);
+               data |= 0x01;
+               RTMP_IO_WRITE32(pAd, OPT_14, data);
+
+               // set default antenna as main
+               if (pAd->RfIcType == RFIC_3020)
+                       AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+
+               // add by johnli, RF power sequence setup, load RF normal operation-mode setup
+               RT30xxLoadRFNormalModeSetup(pAd);
+       }
+
+}
+#endif // RT3070 //
diff --git a/drivers/staging/rt3090/chips/rt3390.c b/drivers/staging/rt3090/chips/rt3390.c
new file mode 100644 (file)
index 0000000..afed9e7
--- /dev/null
@@ -0,0 +1,122 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt3390.c
+
+       Abstract:
+       Specific funcitons and variables for RT30xx.
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#ifdef RT3390
+
+#include "../rt_config.h"
+
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "You Should Enable compile flag RTMP_RF_RW_SUPPORT for this chip"
+#endif // RTMP_RF_RW_SUPPORT //
+
+
+VOID NICInitRT3390RFRegisters(IN PRTMP_ADAPTER pAd)
+{
+               INT i;
+       // Driver must read EEPROM to get RfIcType before initial RF registers
+       // Initialize RF register to default value
+       if (IS_RT3090(pAd)||IS_RT3390(pAd)||IS_RT3572(pAd))
+       {
+               // Init RF calibration
+               // Driver should toggle RF R30 bit7 before init RF registers
+               UINT32 RfReg = 0, data;
+
+               RT30xxReadRFRegister(pAd, RF_R30, (PUCHAR)&RfReg);
+               RfReg |= 0x80;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+               RTMPusecDelay(1000);
+               RfReg &= 0x7F;
+               RT30xxWriteRFRegister(pAd, RF_R30, (UCHAR)RfReg);
+
+               // init R24, R31
+               RT30xxWriteRFRegister(pAd, RF_R24, 0x0F);
+               RT30xxWriteRFRegister(pAd, RF_R31, 0x0F);
+
+               if (IS_RT3390(pAd))
+               {
+                       // patch LNA_PE_G1 failed issue
+                       RTMP_IO_READ32(pAd, GPIO_SWITCH, &data);
+                       data &= ~(0x20);
+                       RTMP_IO_WRITE32(pAd, GPIO_SWITCH, data);
+
+                       // RF registers initialization
+                       for (i = 0; i < NUM_RF_REG_PARMS_OVER_RT3390; i++)
+                       {
+                               RT30xxWriteRFRegister(pAd, RFRegTableOverRT3390[i].Register, RFRegTableOverRT3390[i].Value);
+                       }
+               }
+
+               // patch LNA_PE_G1 failed issue
+               RTMP_IO_READ32(pAd, GPIO_SWITCH, &data);
+               data &= ~(0x20);
+               RTMP_IO_WRITE32(pAd, GPIO_SWITCH, data);
+
+               // Initialize RF register to default value
+               for (i = 0; i < NUM_RF_REG_PARMS_OVER_RT3390; i++)
+               {
+                       RT30xxWriteRFRegister(pAd, RFRegTableOverRT3390[i].Register, RFRegTableOverRT3390[i].Value);
+               }
+
+               // Driver should set RF R6 bit6 on before calibration
+               RT30xxReadRFRegister(pAd, RF_R06, (PUCHAR)&RfReg);
+               RfReg |= 0x40;
+               RT30xxWriteRFRegister(pAd, RF_R06, (UCHAR)RfReg);
+
+               //For RF filter Calibration
+               RTMPFilterCalibration(pAd);
+
+               // Initialize RF R27 register, set RF R27 must be behind RTMPFilterCalibration()
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+                       RT30xxWriteRFRegister(pAd, RF_R27, 0x3);
+
+               // set led open drain enable
+               RTMP_IO_READ32(pAd, OPT_14, &data);
+               data |= 0x01;
+               RTMP_IO_WRITE32(pAd, OPT_14, data);
+
+               // set default antenna as main
+               if (pAd->RfIcType == RFIC_3020)
+                       AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+
+               // add by johnli, RF power sequence setup, load RF normal operation-mode setup
+               RT33xxLoadRFNormalModeSetup(pAd);
+       }
+
+}
+
+#endif // RT3390 //
diff --git a/drivers/staging/rt3090/chips/rt33xx.c b/drivers/staging/rt3090/chips/rt33xx.c
new file mode 100644 (file)
index 0000000..56f376c
--- /dev/null
@@ -0,0 +1,536 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt33xx.c
+
+       Abstract:
+       Specific funcitons and variables for RT30xx.
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+
+#ifdef RT33xx
+
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "You Should Enable compile flag RTMP_RF_RW_SUPPORT for this chip"
+#endif // RTMP_RF_RW_SUPPORT //
+
+#include "../rt_config.h"
+
+
+//
+// RF register initialization set
+//
+REG_PAIR RFRegTableOverRT3390[] = {
+       {RF_R00,                0xA0},
+       {RF_R01,                0xE1},
+       {RF_R02,                0xF1},
+       {RF_R03,                0x62},
+       {RF_R04,                0x40},
+       {RF_R05,                0x8B},
+       {RF_R06,                0x42},
+       {RF_R07,                0x34},
+       {RF_R08,                0x00}, // Read only
+       {RF_R09,                0xC0},
+
+       {RF_R10,                0x61},
+       {RF_R11,                0x21},
+       {RF_R12,                0x3B},
+       {RF_R13,                0xE0},
+       {RF_R14,                0x90},
+       {RF_R15,                0x53},
+       {RF_R16,                0x0E},
+       {RF_R17,                0x94},
+       {RF_R18,                0x5C},
+       {RF_R19,                0x4A},
+
+       {RF_R20,                0xB2},
+       {RF_R21,                0xF6},
+       {RF_R22,                0x00},
+       {RF_R23,                0x14},
+       {RF_R24,                0x08},
+       {RF_R25,                0x3D},
+       {RF_R26,                0x85},
+       {RF_R27,                0x00},
+       {RF_R28,                0x41},
+       {RF_R29,                0x8F},
+       {RF_R30,                0x20},
+       {RF_R31,                0x0F},
+};
+
+UCHAR NUM_RF_REG_PARMS_OVER_RT3390=(sizeof(RFRegTableOverRT3390) / sizeof(REG_PAIR));
+
+
+
+// Antenna divesity use GPIO3 and EESK pin for control
+// Antenna and EEPROM access are both using EESK pin,
+// Therefor we should avoid accessing EESK at the same time
+// Then restore antenna after EEPROM access
+// The original name of this function is AsicSetRxAnt(), now change to
+//VOID AsicSetRxAnt(
+
+VOID RT33xxSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant)
+{
+       UINT32  Value;
+       UINT32  x;
+
+       if ((pAd->EepromAccess) ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS))  ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))   ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF)) ||
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)))
+       {
+               return;
+       }
+
+       // the antenna selection is through firmware and MAC register(GPIO3)
+       if (Ant == 0)
+       {
+               // Main antenna
+               RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+               x |= (EESK);
+               RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+               RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &Value);
+               Value &= ~(0x0808);
+               RTMP_IO_WRITE32(pAd, GPIO_CTRL_CFG, Value);
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("AsicSetRxAnt, switch to main antenna\n"));
+       }
+       else
+       {
+               // Aux antenna
+               RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+               x &= ~(EESK);
+               RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+               RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &Value);
+               Value &= ~(0x0808);
+               Value |= 0x08;
+               RTMP_IO_WRITE32(pAd, GPIO_CTRL_CFG, Value);
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("AsicSetRxAnt, switch to aux antenna\n"));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               For RF filter calibration purpose
+
+       Arguments:
+               pAd                          Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+VOID RTMPFilterCalibration(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR   R55x = 0, value, FilterTarget = 0x1E, BBPValue=0;
+       UINT    loop = 0, count = 0, loopcnt = 0, ReTry = 0;
+       UCHAR   RF_R24_Value = 0;
+
+       // Give bbp filter initial value
+       pAd->Mlme.CaliBW20RfR24 = 0x1F;
+       pAd->Mlme.CaliBW40RfR24 = 0x2F; //Bit[5] must be 1 for BW 40
+
+       do
+       {
+               if (loop == 1)  //BandWidth = 40 MHz
+               {
+                       // Write 0x27 to RF_R24 to program filter
+                       RF_R24_Value = 0x27;
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+                       if (IS_RT3090(pAd) || IS_RT3572(pAd)|| IS_RT3390(pAd))
+                               FilterTarget = 0x15;
+                       else
+                               FilterTarget = 0x19;
+
+                       // when calibrate BW40, BBP mask must set to BW40.
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue&= (~0x18);
+                       BBPValue|= (0x10);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+                       // set to BW40
+                       RT30xxReadRFRegister(pAd, RF_R31, &value);
+                       value |= 0x20;
+                       RT30xxWriteRFRegister(pAd, RF_R31, value);
+               }
+               else                    //BandWidth = 20 MHz
+               {
+                       // Write 0x07 to RF_R24 to program filter
+                       RF_R24_Value = 0x07;
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+                       if (IS_RT3090(pAd) || IS_RT3572(pAd)|| IS_RT3390(pAd))
+                               FilterTarget = 0x13;
+                       else
+                               FilterTarget = 0x16;
+
+                       // set to BW20
+                       RT30xxReadRFRegister(pAd, RF_R31, &value);
+                       value &= (~0x20);
+                       RT30xxWriteRFRegister(pAd, RF_R31, value);
+               }
+
+               // Write 0x01 to RF_R22 to enable baseband loopback mode
+               RT30xxReadRFRegister(pAd, RF_R22, &value);
+               value |= 0x01;
+               RT30xxWriteRFRegister(pAd, RF_R22, value);
+
+               // Write 0x00 to BBP_R24 to set power & frequency of passband test tone
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0);
+
+               do
+               {
+                       // Write 0x90 to BBP_R25 to transmit test tone
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R25, 0x90);
+
+                       RTMPusecDelay(1000);
+                       // Read BBP_R55[6:0] for received power, set R55x = BBP_R55[6:0]
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R55, &value);
+                       R55x = value & 0xFF;
+
+               } while ((ReTry++ < 100) && (R55x == 0));
+
+               // Write 0x06 to BBP_R24 to set power & frequency of stopband test tone
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0x06);
+
+               while(TRUE)
+               {
+                       // Write 0x90 to BBP_R25 to transmit test tone
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R25, 0x90);
+
+                       //We need to wait for calibration
+                       RTMPusecDelay(1000);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R55, &value);
+                       value &= 0xFF;
+                       if ((R55x - value) < FilterTarget)
+                       {
+                               RF_R24_Value ++;
+                       }
+                       else if ((R55x - value) == FilterTarget)
+                       {
+                               RF_R24_Value ++;
+                               count ++;
+                       }
+                       else
+                       {
+                               break;
+                       }
+
+                       // prevent infinite loop cause driver hang.
+                       if (loopcnt++ > 100)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("RTMPFilterCalibration - can't find a valid value, loopcnt=%d stop calibrating", loopcnt));
+                               break;
+                       }
+
+                       // Write RF_R24 to program filter
+                       RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+               }
+
+               if (count > 0)
+               {
+                       RF_R24_Value = RF_R24_Value - ((count) ? (1) : (0));
+               }
+
+               // Store for future usage
+               if (loopcnt < 100)
+               {
+                       if (loop++ == 0)
+                       {
+                               //BandWidth = 20 MHz
+                               pAd->Mlme.CaliBW20RfR24 = (UCHAR)RF_R24_Value;
+                       }
+                       else
+                       {
+                               //BandWidth = 40 MHz
+                               pAd->Mlme.CaliBW40RfR24 = (UCHAR)RF_R24_Value;
+                               break;
+                       }
+               }
+               else
+                       break;
+
+               RT30xxWriteRFRegister(pAd, RF_R24, RF_R24_Value);
+
+               // reset count
+               count = 0;
+       } while(TRUE);
+
+       //
+       // Set back to initial state
+       //
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, 0);
+
+       RT30xxReadRFRegister(pAd, RF_R22, &value);
+       value &= ~(0x01);
+       RT30xxWriteRFRegister(pAd, RF_R22, value);
+
+       // set BBP back to BW20
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+       BBPValue&= (~0x18);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPFilterCalibration - CaliBW20RfR24=0x%x, CaliBW40RfR24=0x%x\n", pAd->Mlme.CaliBW20RfR24, pAd->Mlme.CaliBW40RfR24));
+}
+
+
+// add by johnli, RF power sequence setup
+/*
+       ==========================================================================
+       Description:
+
+       Load RF normal operation-mode setup
+
+       ==========================================================================
+ */
+VOID RT33xxLoadRFNormalModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+
+       // RX0_PD & TX0_PD, RF R1 register Bit 2 & Bit 3 to 0 and RF_BLOCK_en,RX1_PD & TX1_PD, Bit0, Bit 4 & Bit5 to 1
+       RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+       RFValue = (RFValue & (~0x0C)) | 0x31;
+       RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+       // TX_LO2_en, RF R15 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R15, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R15, RFValue);
+
+       /* move to NICInitRT30xxRFRegisters
+       // TX_LO1_en, RF R17 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R17, &RFValue);
+       RFValue &= (~0x08);
+       // to fix rx long range issue
+       if (((pAd->MACVersion & 0xffff) >= 0x0211) && (pAd->NicConfig2.field.ExternalLNAForG == 0))
+       {
+               RFValue |= 0x20;
+       }
+       // set RF_R17_bit[2:0] equal to EEPROM setting at 0x48h
+       if (pAd->TxMixerGain24G >= 2)
+       {
+               RFValue &= (~0x7);  // clean bit [2:0]
+               RFValue |= pAd->TxMixerGain24G;
+       }
+       RT30xxWriteRFRegister(pAd, RF_R17, RFValue);
+       */
+
+       // RX_LO1_en, RF R20 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R20, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R20, RFValue);
+
+       // RX_LO2_en, RF R21 register Bit 3 to 0
+       RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+       RFValue &= (~0x08);
+       RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+
+       /* add by johnli, reset RF_R27 when interface down & up to fix throughput problem*/
+       // LDORF_VC, RF R27 register Bit 2 to 0
+       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+       // TX to RX IQ glitch(RF_R27) has been fixed in RT3070(F).
+       // Raising RF voltage is no longer needed for RT3070(F)
+       if (IS_RT3090(pAd))     // RT309x and RT3071/72
+       {
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+                       RFValue = (RFValue & (~0x77)) | 0x3;
+               else
+                       RFValue = (RFValue & (~0x77));
+               RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+       }
+       /* end johnli */
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       Load RF sleep-mode setup
+
+       ==========================================================================
+ */
+VOID RT33xxLoadRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+       UINT32 MACValue;
+
+
+       {
+               // RF_BLOCK_en. RF R1 register Bit 0 to 0
+               RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+               RFValue &= (~0x01);
+               RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+               // VCO_IC, RF R7 register Bit 4 & Bit 5 to 0
+               RT30xxReadRFRegister(pAd, RF_R07, &RFValue);
+               RFValue &= (~0x30);
+               RT30xxWriteRFRegister(pAd, RF_R07, RFValue);
+
+               // Idoh, RF R9 register Bit 1, Bit 2 & Bit 3 to 0
+               RT30xxReadRFRegister(pAd, RF_R09, &RFValue);
+               RFValue &= (~0x0E);
+               RT30xxWriteRFRegister(pAd, RF_R09, RFValue);
+
+               // RX_CTB_en, RF R21 register Bit 7 to 0
+               RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+               RFValue &= (~0x80);
+               RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+       }
+
+       if (IS_RT3090(pAd) ||   // IS_RT3090 including RT309x and RT3071/72
+               IS_RT3572(pAd) ||
+               IS_RT3390(pAd) ||
+               (IS_RT3070(pAd) && ((pAd->MACVersion & 0xffff) < 0x0201)))
+       {
+               {
+                       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+                       RFValue |= 0x77;
+                       RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+               }
+
+               RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+               MACValue |= 0x1D000000;
+               RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       Reverse RF sleep-mode setup
+
+       ==========================================================================
+ */
+VOID RT33xxReverseRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR RFValue;
+       UINT32 MACValue;
+
+       {
+               // RF_BLOCK_en, RF R1 register Bit 0 to 1
+               RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+               RFValue |= 0x01;
+               RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+               // VCO_IC, RF R7 register Bit 4 & Bit 5 to 1
+               RT30xxReadRFRegister(pAd, RF_R07, &RFValue);
+               RFValue |= 0x30;
+               RT30xxWriteRFRegister(pAd, RF_R07, RFValue);
+
+               // Idoh, RF R9 register Bit 1, Bit 2 & Bit 3 to 1
+               RT30xxReadRFRegister(pAd, RF_R09, &RFValue);
+               RFValue |= 0x0E;
+               RT30xxWriteRFRegister(pAd, RF_R09, RFValue);
+
+               // RX_CTB_en, RF R21 register Bit 7 to 1
+               RT30xxReadRFRegister(pAd, RF_R21, &RFValue);
+               RFValue |= 0x80;
+               RT30xxWriteRFRegister(pAd, RF_R21, RFValue);
+       }
+
+       if (IS_RT3090(pAd) ||   // IS_RT3090 including RT309x and RT3071/72
+               IS_RT3572(pAd) ||
+               IS_RT3390(pAd) ||
+               (IS_RT3070(pAd) && ((pAd->MACVersion & 0xffff) < 0x0201)))
+       {
+               {
+                       RT30xxReadRFRegister(pAd, RF_R27, &RFValue);
+                       if ((pAd->MACVersion & 0xffff) < 0x0211)
+                               RFValue = (RFValue & (~0x77)) | 0x3;
+                       else
+                               RFValue = (RFValue & (~0x77));
+                       RT30xxWriteRFRegister(pAd, RF_R27, RFValue);
+               }
+
+               // RT3071 version E has fixed this issue
+               if ((pAd->NicConfig2.field.DACTestBit == 1) && ((pAd->MACVersion & 0xffff) < 0x0211))
+               {
+                       // patch tx EVM issue temporarily
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+                       MACValue = ((MACValue & 0xE0FFFFFF) | 0x0D000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+               }
+               else
+               {
+                       RTMP_IO_READ32(pAd, LDO_CFG0, &MACValue);
+                       MACValue = ((MACValue & 0xE0FFFFFF) | 0x01000000);
+                       RTMP_IO_WRITE32(pAd, LDO_CFG0, MACValue);
+               }
+       }
+
+       if(IS_RT3572(pAd))
+               RT30xxWriteRFRegister(pAd, RF_R08, 0x80);
+}
+// end johnli
+
+VOID RT33xxHaltAction(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32          TxPinCfg = 0x00050F0F;
+
+       //
+       // Turn off LNA_PE or TRSW_POL
+       //
+       if (IS_RT3070(pAd) || IS_RT3071(pAd) || IS_RT3390(pAd)||IS_RT3572(pAd))
+       {
+       //KH? Both support 3390 usb and  PCI
+               if ((IS_RT3071(pAd) || IS_RT3572(pAd)||IS_RT3390(pAd))
+#ifdef RTMP_EFUSE_SUPPORT
+                       && (pAd->bUseEfuse)
+#endif // RTMP_EFUSE_SUPPORT //
+                       )
+               {
+                       TxPinCfg &= 0xFFFBF0F0; // bit18 off
+               }
+               else
+               {
+                       TxPinCfg &= 0xFFFFF0F0;
+               }
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+       }
+}
+
+#endif // RT30xx //
diff --git a/drivers/staging/rt3090/chlist.h b/drivers/staging/rt3090/chlist.h
new file mode 100644 (file)
index 0000000..d03cb47
--- /dev/null
@@ -0,0 +1,130 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    chlist.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+       Fonchi Wu   2007-12-19    created
+*/
+
+#ifndef __CHLIST_H__
+#define __CHLIST_H__
+
+#include "rtmp_type.h"
+#include "rtmp_def.h"
+
+
+#define ODOR                   0
+#define IDOR                   1
+#define BOTH                   2
+
+#define BAND_5G         0
+#define BAND_24G        1
+#define BAND_BOTH       2
+
+typedef struct _CH_DESP {
+       UCHAR FirstChannel;
+       UCHAR NumOfCh;
+       CHAR MaxTxPwr;                  // dBm
+       UCHAR Geography;                        // 0:out door, 1:in door, 2:both
+       BOOLEAN DfsReq;                 // Dfs require, 0: No, 1: yes.
+} CH_DESP, *PCH_DESP;
+
+typedef struct _CH_REGION {
+       UCHAR CountReg[3];
+       UCHAR DfsType;                  // 0: CE, 1: FCC, 2: JAP, 3:JAP_W53, JAP_W56
+       CH_DESP ChDesp[10];
+} CH_REGION, *PCH_REGION;
+
+extern CH_REGION ChRegion[];
+
+typedef struct _CH_FREQ_MAP_{
+       UINT16          channel;
+       UINT16          freqKHz;
+}CH_FREQ_MAP;
+
+extern CH_FREQ_MAP CH_HZ_ID_MAP[];
+extern int CH_HZ_ID_MAP_NUM;
+
+
+#define     MAP_CHANNEL_ID_TO_KHZ(_ch, _khz)                                   \
+               do{                                                                                                     \
+                       int _chIdx;                                                                                     \
+                       for (_chIdx = 0; _chIdx < CH_HZ_ID_MAP_NUM; _chIdx++)\
+                       {                                                                                                       \
+                               if ((_ch) == CH_HZ_ID_MAP[_chIdx].channel)                      \
+                               {                                                                                               \
+                                       (_khz) = CH_HZ_ID_MAP[_chIdx].freqKHz * 1000;   \
+                                       break;                                                                          \
+                               }                                                                                               \
+                       }                                                                                                       \
+                       if (_chIdx == CH_HZ_ID_MAP_NUM)                                 \
+                               (_khz) = 2412000;                                                                       \
+            }while(0)
+
+#define     MAP_KHZ_TO_CHANNEL_ID(_khz, _ch)                 \
+               do{                                                                                                     \
+                       int _chIdx;                                                                                     \
+                       for (_chIdx = 0; _chIdx < CH_HZ_ID_MAP_NUM; _chIdx++)\
+                       {                                                                                                       \
+                               if ((_khz) == CH_HZ_ID_MAP[_chIdx].freqKHz)                     \
+                               {                                                                                               \
+                                       (_ch) = CH_HZ_ID_MAP[_chIdx].channel;                   \
+                                       break;                                                                          \
+                               }                                                                                               \
+                       }                                                                                                       \
+                       if (_chIdx == CH_HZ_ID_MAP_NUM)                                 \
+                               (_ch) = 1;                                                                                      \
+               }while(0)
+
+
+VOID BuildChannelListEx(
+       IN PRTMP_ADAPTER pAd);
+
+VOID BuildBeaconChList(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pBuf,
+       OUT     PULONG pBufLen);
+
+#ifdef DOT11_N_SUPPORT
+VOID N_ChannelCheck(
+       IN PRTMP_ADAPTER pAd);
+
+VOID N_SetCenCh(
+       IN PRTMP_ADAPTER pAd);
+#endif // DOT11_N_SUPPORT //
+
+UINT8 GetCuntryMaxTxPwr(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT8 channel);
+
+#endif // __CHLIST_H__
diff --git a/drivers/staging/rt3090/common/action.c b/drivers/staging/rt3090/common/action.c
new file mode 100644 (file)
index 0000000..8e3b0a0
--- /dev/null
@@ -0,0 +1,1057 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       action.c
+
+    Abstract:
+    Handle association related requests either from WSTA or from local MLME
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+       Jan Lee         2006            created for rt2860
+ */
+
+#include "../rt_config.h"
+#include "../action.h"
+
+
+static VOID ReservedAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+
+/*
+    ==========================================================================
+    Description:
+        association state machine init, including state transition and timer init
+    Parameters:
+        S - pointer to the association state machine
+    Note:
+        The state machine looks like the following
+
+                                    ASSOC_IDLE
+        MT2_MLME_DISASSOC_REQ    mlme_disassoc_req_action
+        MT2_PEER_DISASSOC_REQ    peer_disassoc_action
+        MT2_PEER_ASSOC_REQ       drop
+        MT2_PEER_REASSOC_REQ     drop
+        MT2_CLS3ERR              cls3err_action
+    ==========================================================================
+ */
+VOID ActionStateMachineInit(
+    IN PRTMP_ADAPTER   pAd,
+    IN  STATE_MACHINE *S,
+    OUT STATE_MACHINE_FUNC Trans[])
+{
+       StateMachineInit(S, (STATE_MACHINE_FUNC *)Trans, MAX_ACT_STATE, MAX_ACT_MSG, (STATE_MACHINE_FUNC)Drop, ACT_IDLE, ACT_MACHINE_BASE);
+
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_SPECTRUM_CATE, (STATE_MACHINE_FUNC)PeerSpectrumAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_QOS_CATE, (STATE_MACHINE_FUNC)PeerQOSAction);
+
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_DLS_CATE, (STATE_MACHINE_FUNC)ReservedAction);
+#ifdef QOS_DLS_SUPPORT
+               StateMachineSetAction(S, ACT_IDLE, MT2_PEER_DLS_CATE, (STATE_MACHINE_FUNC)PeerDLSAction);
+#endif // QOS_DLS_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_BA_CATE, (STATE_MACHINE_FUNC)PeerBAAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_HT_CATE, (STATE_MACHINE_FUNC)PeerHTAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_MLME_ADD_BA_CATE, (STATE_MACHINE_FUNC)MlmeADDBAAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_MLME_ORI_DELBA_CATE, (STATE_MACHINE_FUNC)MlmeDELBAAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_MLME_REC_DELBA_CATE, (STATE_MACHINE_FUNC)MlmeDELBAAction);
+#endif // DOT11_N_SUPPORT //
+
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_PUBLIC_CATE, (STATE_MACHINE_FUNC)PeerPublicAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_PEER_RM_CATE, (STATE_MACHINE_FUNC)PeerRMAction);
+
+       StateMachineSetAction(S, ACT_IDLE, MT2_MLME_QOS_CATE, (STATE_MACHINE_FUNC)MlmeQOSAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_MLME_DLS_CATE, (STATE_MACHINE_FUNC)MlmeDLSAction);
+       StateMachineSetAction(S, ACT_IDLE, MT2_ACT_INVALID, (STATE_MACHINE_FUNC)MlmeInvalidAction);
+
+
+}
+
+#ifdef DOT11_N_SUPPORT
+VOID MlmeADDBAAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+
+{
+       MLME_ADDBA_REQ_STRUCT *pInfo;
+       UCHAR           Addr[6];
+       PUCHAR         pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       ULONG           Idx;
+       FRAME_ADDBA_REQ  Frame;
+       ULONG           FrameLen;
+       BA_ORI_ENTRY                    *pBAEntry = NULL;
+
+       pInfo = (MLME_ADDBA_REQ_STRUCT *)Elem->Msg;
+       NdisZeroMemory(&Frame, sizeof(FRAME_ADDBA_REQ));
+
+       if(MlmeAddBAReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr))
+       {
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+               if(NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("BA - MlmeADDBAAction() allocate memory failed \n"));
+                       return;
+               }
+               // 1. find entry
+               Idx = pAd->MacTab.Content[pInfo->Wcid].BAOriWcidArray[pInfo->TID];
+               if (Idx == 0)
+               {
+                       MlmeFreeMemory(pAd, pOutBuffer);
+                       DBGPRINT(RT_DEBUG_ERROR,("BA - MlmeADDBAAction() can't find BAOriEntry \n"));
+                       return;
+               }
+               else
+               {
+                       pBAEntry =&pAd->BATable.BAOriEntry[Idx];
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (ADHOC_ON(pAd))
+                               ActHeaderInit(pAd, &Frame.Hdr, pInfo->pAddr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+                       else
+#ifdef QOS_DLS_SUPPORT
+                       if (pAd->MacTab.Content[pInfo->Wcid].ValidAsDls)
+                               ActHeaderInit(pAd, &Frame.Hdr, pInfo->pAddr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+                       else
+#endif // QOS_DLS_SUPPORT //
+                       ActHeaderInit(pAd, &Frame.Hdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pInfo->pAddr);
+
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               Frame.Category = CATEGORY_BA;
+               Frame.Action = ADDBA_REQ;
+               Frame.BaParm.AMSDUSupported = 0;
+               Frame.BaParm.BAPolicy = IMMED_BA;
+               Frame.BaParm.TID = pInfo->TID;
+               Frame.BaParm.BufSize = pInfo->BaBufSize;
+               Frame.Token = pInfo->Token;
+               Frame.TimeOutValue = pInfo->TimeOutValue;
+               Frame.BaStartSeq.field.FragNum = 0;
+               Frame.BaStartSeq.field.StartSeq = pAd->MacTab.Content[pInfo->Wcid].TxSeq[pInfo->TID];
+
+               *(USHORT *)(&Frame.BaParm) = cpu2le16(*(USHORT *)(&Frame.BaParm));
+               Frame.TimeOutValue = cpu2le16(Frame.TimeOutValue);
+               Frame.BaStartSeq.word = cpu2le16(Frame.BaStartSeq.word);
+
+               MakeOutgoingFrame(pOutBuffer,              &FrameLen,
+                             sizeof(FRAME_ADDBA_REQ), &Frame,
+                             END_OF_ARGS);
+
+               MiniportMMRequest(pAd, (MGMT_USE_QUEUE_FLAG | MapUserPriorityToAccessCategory[pInfo->TID]), pOutBuffer, FrameLen);
+
+               MlmeFreeMemory(pAd, pOutBuffer);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("BA - Send ADDBA request. StartSeq = %x,  FrameLen = %ld. BufSize = %d\n", Frame.BaStartSeq.field.StartSeq, FrameLen, Frame.BaParm.BufSize));
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+        send DELBA and delete BaEntry if any
+    Parametrs:
+        Elem - MLME message MLME_DELBA_REQ_STRUCT
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID MlmeDELBAAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       MLME_DELBA_REQ_STRUCT *pInfo;
+       PUCHAR         pOutBuffer = NULL;
+       PUCHAR             pOutBuffer2 = NULL;
+       NDIS_STATUS     NStatus;
+       ULONG           Idx;
+       FRAME_DELBA_REQ  Frame;
+       ULONG           FrameLen;
+       FRAME_BAR       FrameBar;
+
+       pInfo = (MLME_DELBA_REQ_STRUCT *)Elem->Msg;
+       // must send back DELBA
+       NdisZeroMemory(&Frame, sizeof(FRAME_DELBA_REQ));
+       DBGPRINT(RT_DEBUG_TRACE, ("==> MlmeDELBAAction(), Initiator(%d) \n", pInfo->Initiator));
+
+       if(MlmeDelBAReqSanity(pAd, Elem->Msg, Elem->MsgLen))
+       {
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+               if(NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_ERROR,("BA - MlmeDELBAAction() allocate memory failed 1. \n"));
+                       return;
+               }
+
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2);  //Get an unused nonpaged memory
+               if(NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       MlmeFreeMemory(pAd, pOutBuffer);
+                       DBGPRINT(RT_DEBUG_ERROR, ("BA - MlmeDELBAAction() allocate memory failed 2. \n"));
+                       return;
+               }
+
+               // SEND BAR (Send BAR to refresh peer reordering buffer.)
+               Idx = pAd->MacTab.Content[pInfo->Wcid].BAOriWcidArray[pInfo->TID];
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       BarHeaderInit(pAd, &FrameBar, pAd->MacTab.Content[pInfo->Wcid].Addr, pAd->CurrentAddress);
+#endif // CONFIG_STA_SUPPORT //
+
+               FrameBar.StartingSeq.field.FragNum = 0; // make sure sequence not clear in DEL funciton.
+               FrameBar.StartingSeq.field.StartSeq = pAd->MacTab.Content[pInfo->Wcid].TxSeq[pInfo->TID]; // make sure sequence not clear in DEL funciton.
+               FrameBar.BarControl.TID = pInfo->TID; // make sure sequence not clear in DEL funciton.
+               FrameBar.BarControl.ACKPolicy = IMMED_BA; // make sure sequence not clear in DEL funciton.
+               FrameBar.BarControl.Compressed = 1; // make sure sequence not clear in DEL funciton.
+               FrameBar.BarControl.MTID = 0; // make sure sequence not clear in DEL funciton.
+
+               MakeOutgoingFrame(pOutBuffer2,                          &FrameLen,
+                                         sizeof(FRAME_BAR),      &FrameBar,
+                                         END_OF_ARGS);
+               MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer2);
+               DBGPRINT(RT_DEBUG_TRACE,("BA - MlmeDELBAAction() . Send BAR to refresh peer reordering buffer \n"));
+
+               // SEND DELBA FRAME
+               FrameLen = 0;
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (ADHOC_ON(pAd))
+                               ActHeaderInit(pAd, &Frame.Hdr, pAd->MacTab.Content[pInfo->Wcid].Addr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+                       else
+#ifdef QOS_DLS_SUPPORT
+                       if (pAd->MacTab.Content[pInfo->Wcid].ValidAsDls)
+                               ActHeaderInit(pAd, &Frame.Hdr, pAd->MacTab.Content[pInfo->Wcid].Addr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+                       else
+#endif // QOS_DLS_SUPPORT //
+                       ActHeaderInit(pAd, &Frame.Hdr,  pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->MacTab.Content[pInfo->Wcid].Addr);
+               }
+#endif // CONFIG_STA_SUPPORT //
+               Frame.Category = CATEGORY_BA;
+               Frame.Action = DELBA;
+               Frame.DelbaParm.Initiator = pInfo->Initiator;
+               Frame.DelbaParm.TID = pInfo->TID;
+               Frame.ReasonCode = 39; // Time Out
+               *(USHORT *)(&Frame.DelbaParm) = cpu2le16(*(USHORT *)(&Frame.DelbaParm));
+               Frame.ReasonCode = cpu2le16(Frame.ReasonCode);
+
+               MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                             sizeof(FRAME_DELBA_REQ),    &Frame,
+                             END_OF_ARGS);
+               MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer);
+               DBGPRINT(RT_DEBUG_TRACE, ("BA - MlmeDELBAAction() . 3 DELBA sent. Initiator(%d)\n", pInfo->Initiator));
+       }
+}
+#endif // DOT11_N_SUPPORT //
+
+VOID MlmeQOSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+VOID MlmeDLSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+VOID MlmeInvalidAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       //PUCHAR                   pOutBuffer = NULL;
+       //Return the receiving frame except the MSB of category filed set to 1.  7.3.1.11
+}
+
+VOID PeerQOSAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+#ifdef QOS_DLS_SUPPORT
+VOID PeerDLSAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR   Action = Elem->Msg[LENGTH_802_11+1];
+
+       switch(Action)
+       {
+               case ACTION_DLS_REQUEST:
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       PeerDlsReqAction(pAd, Elem);
+#endif // CONFIG_STA_SUPPORT //
+                       break;
+
+               case ACTION_DLS_RESPONSE:
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       PeerDlsRspAction(pAd, Elem);
+#endif // CONFIG_STA_SUPPORT //
+                       break;
+
+               case ACTION_DLS_TEARDOWN:
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       PeerDlsTearDownAction(pAd, Elem);
+#endif // CONFIG_STA_SUPPORT //
+                       break;
+       }
+}
+#endif // QOS_DLS_SUPPORT //
+
+
+
+#ifdef DOT11_N_SUPPORT
+VOID PeerBAAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR   Action = Elem->Msg[LENGTH_802_11+1];
+
+       switch(Action)
+       {
+               case ADDBA_REQ:
+                       PeerAddBAReqAction(pAd,Elem);
+                       break;
+               case ADDBA_RESP:
+                       PeerAddBARspAction(pAd,Elem);
+                       break;
+               case DELBA:
+                       PeerDelBAAction(pAd,Elem);
+                       break;
+       }
+}
+
+
+#ifdef DOT11N_DRAFT3
+
+#ifdef CONFIG_STA_SUPPORT
+VOID StaPublicAction(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR Bss2040Coexist)
+{
+       BSS_2040_COEXIST_IE             BssCoexist;
+       MLME_SCAN_REQ_STRUCT                    ScanReq;
+
+       BssCoexist.word = Bss2040Coexist;
+       // AP asks Station to return a 20/40 BSS Coexistence mgmt frame.  So we first starts a scan, then send back 20/40 BSS Coexistence mgmt frame
+       if ((BssCoexist.field.InfoReq == 1) && (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SCAN_2040)))
+       {
+               // Clear record first.  After scan , will update those bit and send back to transmiter.
+               pAd->CommonCfg.BSSCoexist2040.field.InfoReq = 1;
+               pAd->CommonCfg.BSSCoexist2040.field.Intolerant40 = 0;
+               pAd->CommonCfg.BSSCoexist2040.field.BSS20WidthReq = 0;
+               // Fill out stuff for scan request
+               ScanParmFill(pAd, &ScanReq, ZeroSsid, 0, BSS_ANY, SCAN_2040_BSS_COEXIST);
+               MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_SCAN_REQ, sizeof(MLME_SCAN_REQ_STRUCT), &ScanReq);
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_LIST_SCAN;
+       }
+}
+
+
+/*
+Description : Build Intolerant Channel Rerpot from Trigger event table.
+return : how many bytes copied.
+*/
+ULONG BuildIntolerantChannelRep(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    PUCHAR  pDest)
+{
+       ULONG                   FrameLen = 0;
+       ULONG                   ReadOffset = 0;
+       UCHAR                   i;
+       UCHAR                   LastRegClass = 0xff;
+       PUCHAR                  pLen;
+
+       for ( i = 0;i < MAX_TRIGGER_EVENT;i++)
+       {
+               if (pAd->CommonCfg.TriggerEventTab.EventA[i].bValid == TRUE)
+               {
+                       if (pAd->CommonCfg.TriggerEventTab.EventA[i].RegClass == LastRegClass)
+                       {
+                               *(pDest + ReadOffset) = (UCHAR)pAd->CommonCfg.TriggerEventTab.EventA[i].Channel;
+                               *pLen++;
+                               ReadOffset++;
+                               FrameLen++;
+                       }
+                       else
+                       {
+                               *(pDest + ReadOffset) = IE_2040_BSS_INTOLERANT_REPORT;  // IE
+                               *(pDest + ReadOffset + 1) = 2;  // Len = RegClass byte + channel byte.
+                               pLen = pDest + ReadOffset + 1;
+                               LastRegClass = pAd->CommonCfg.TriggerEventTab.EventA[i].RegClass;
+                               *(pDest + ReadOffset + 2) = LastRegClass;       // Len = RegClass byte + channel byte.
+                               *(pDest + ReadOffset + 3) = (UCHAR)pAd->CommonCfg.TriggerEventTab.EventA[i].Channel;
+                               FrameLen += 4;
+                               ReadOffset += 4;
+                       }
+
+               }
+       }
+       return FrameLen;
+}
+
+
+/*
+Description : Send 20/40 BSS Coexistence Action frame If one trigger event is triggered.
+*/
+VOID Send2040CoexistAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN      BOOLEAN bAddIntolerantCha)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       FRAME_ACTION_HDR        Frame;
+       ULONG                   FrameLen;
+       ULONG                   IntolerantChaRepLen;
+
+       IntolerantChaRepLen = 0;
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("ACT - Send2040CoexistAction() allocate memory failed \n"));
+               return;
+       }
+       ActHeaderInit(pAd, &Frame.Hdr, pAd->MacTab.Content[Wcid].Addr, pAd->CommonCfg.Bssid);
+       Frame.Category = CATEGORY_PUBLIC;
+       Frame.Action = ACTION_BSS_2040_COEXIST;
+
+       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                 sizeof(FRAME_ACTION_HDR),       &Frame,
+                                 END_OF_ARGS);
+
+       *(pOutBuffer + FrameLen) = pAd->CommonCfg.BSSCoexist2040.word;
+       FrameLen++;
+
+       if (bAddIntolerantCha == TRUE)
+               IntolerantChaRepLen = BuildIntolerantChannelRep(pAd, pOutBuffer + FrameLen);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen + IntolerantChaRepLen);
+       DBGPRINT(RT_DEBUG_ERROR,("ACT - Send2040CoexistAction( BSSCoexist2040 = 0x%x )  \n", pAd->CommonCfg.BSSCoexist2040.word));
+
+}
+
+
+/*
+       ==========================================================================
+       Description:
+       After scan, Update 20/40 BSS Coexistence IE and send out.
+       According to 802.11n D3.03 11.14.10
+
+       Parameters:
+       ==========================================================================
+ */
+VOID Update2040CoexistFrameAndNotify(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN      BOOLEAN bAddIntolerantCha)
+{
+       BSS_2040_COEXIST_IE     OldValue;
+
+       OldValue.word = pAd->CommonCfg.BSSCoexist2040.word;
+       if ((pAd->CommonCfg.TriggerEventTab.EventANo > 0) || (pAd->CommonCfg.TriggerEventTab.EventBCountDown > 0))
+               pAd->CommonCfg.BSSCoexist2040.field.BSS20WidthReq = 1;
+
+       // Need to check !!!!
+       // How STA will set Intolerant40 if implementation dependent. Now we don't set this bit first.!!!!!
+       // So Only check BSS20WidthReq change.
+       if (OldValue.field.BSS20WidthReq != pAd->CommonCfg.BSSCoexist2040.field.BSS20WidthReq)
+       {
+               Send2040CoexistAction(pAd, Wcid, bAddIntolerantCha);
+       }
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+BOOLEAN ChannelSwitchSanityCheck(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN    UCHAR  NewChannel,
+       IN    UCHAR  Secondary)
+{
+       UCHAR           i;
+
+       if (Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return FALSE;
+
+       if ((NewChannel > 7) && (Secondary == 1))
+               return FALSE;
+
+       if ((NewChannel < 5) && (Secondary == 3))
+               return FALSE;
+
+       // 0. Check if new channel is in the channellist.
+       for (i = 0;i < pAd->ChannelListNum;i++)
+       {
+               if (pAd->ChannelList[i].Channel == NewChannel)
+               {
+                       break;
+               }
+       }
+
+       if (i == pAd->ChannelListNum)
+               return FALSE;
+
+       return TRUE;
+}
+
+
+VOID ChannelSwitchAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN    UCHAR  NewChannel,
+       IN    UCHAR  Secondary)
+{
+       UCHAR           BBPValue = 0;
+       ULONG           MACValue;
+
+       DBGPRINT(RT_DEBUG_TRACE,("SPECTRUM - ChannelSwitchAction(NewChannel = %d , Secondary = %d)  \n", NewChannel, Secondary));
+
+       if (ChannelSwitchSanityCheck(pAd, Wcid, NewChannel, Secondary) == FALSE)
+               return;
+
+       // 1.  Switches to BW = 20.
+       if (Secondary == 0)
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+               BBPValue&= (~0x18);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+               if (pAd->MACVersion == 0x28600100)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, 0x16);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, 0x08);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, 0x11);
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!!rt2860C !!! \n" ));
+               }
+               pAd->CommonCfg.BBPCurrentBW = BW_20;
+               pAd->CommonCfg.Channel = NewChannel;
+               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel;
+               AsicSwitchChannel(pAd, pAd->CommonCfg.Channel,FALSE);
+               AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+               pAd->MacTab.Content[Wcid].HTPhyMode.field.BW = 0;
+               DBGPRINT(RT_DEBUG_TRACE, ("!!!20MHz   !!! \n" ));
+       }
+       // 1.  Switches to BW = 40 And Station supports BW = 40.
+       else if (((Secondary == 1) || (Secondary == 3)) && (pAd->CommonCfg.HtCapability.HtCapInfo.ChannelWidth == 1))
+       {
+               pAd->CommonCfg.Channel = NewChannel;
+
+               if (Secondary == 1)
+               {
+                       // Secondary above.
+                       pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel + 2;
+                       RTMP_IO_READ32(pAd, TX_BAND_CFG, &MACValue);
+                       MACValue &= 0xfe;
+                       RTMP_IO_WRITE32(pAd, TX_BAND_CFG, MACValue);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue&= (~0x18);
+                       BBPValue|= (0x10);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPValue);
+                       BBPValue&= (~0x20);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPValue);
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!!40MHz Lower LINK UP !!! Control Channel at Below. Central = %d \n", pAd->CommonCfg.CentralChannel ));
+               }
+               else
+               {
+                       // Secondary below.
+                       pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel - 2;
+                       RTMP_IO_READ32(pAd, TX_BAND_CFG, &MACValue);
+                       MACValue &= 0xfe;
+                       MACValue |= 0x1;
+                       RTMP_IO_WRITE32(pAd, TX_BAND_CFG, MACValue);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue&= (~0x18);
+                       BBPValue|= (0x10);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPValue);
+                       BBPValue&= (~0x20);
+                       BBPValue|= (0x20);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPValue);
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!!40MHz Upper LINK UP !!! Control Channel at UpperCentral = %d \n", pAd->CommonCfg.CentralChannel ));
+               }
+               pAd->CommonCfg.BBPCurrentBW = BW_40;
+               AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+               AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+               pAd->MacTab.Content[Wcid].HTPhyMode.field.BW = 1;
+       }
+}
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+VOID PeerPublicAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       UCHAR   Action = Elem->Msg[LENGTH_802_11+1];
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+       if (Elem->Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return;
+
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       switch(Action)
+       {
+               case ACTION_BSS_2040_COEXIST:   // Format defined in IEEE 7.4.7a.1 in 11n Draf3.03
+                       {
+                               //UCHAR BssCoexist;
+                               BSS_2040_COEXIST_ELEMENT                *pCoexistInfo;
+                               BSS_2040_COEXIST_IE                     *pBssCoexistIe;
+                               BSS_2040_INTOLERANT_CH_REPORT   *pIntolerantReport = NULL;
+
+                               if (Elem->MsgLen <= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT)) )
+                               {
+                                       DBGPRINT(RT_DEBUG_ERROR, ("ACTION - 20/40 BSS Coexistence Management Frame length too short! len = %ld!\n", Elem->MsgLen));
+                                       break;
+                               }
+                               DBGPRINT(RT_DEBUG_TRACE, ("ACTION - 20/40 BSS Coexistence Management action----> \n"));
+                               hex_dump("CoexistenceMgmtFrame", Elem->Msg, Elem->MsgLen);
+
+
+                               pCoexistInfo = (BSS_2040_COEXIST_ELEMENT *) &Elem->Msg[LENGTH_802_11+2];
+                               //hex_dump("CoexistInfo", (PUCHAR)pCoexistInfo, sizeof(BSS_2040_COEXIST_ELEMENT));
+                               if (Elem->MsgLen >= (LENGTH_802_11 + sizeof(BSS_2040_COEXIST_ELEMENT) + sizeof(BSS_2040_INTOLERANT_CH_REPORT)))
+                               {
+                                       pIntolerantReport = (BSS_2040_INTOLERANT_CH_REPORT *)((PUCHAR)pCoexistInfo + sizeof(BSS_2040_COEXIST_ELEMENT));
+                               }
+                               //hex_dump("IntolerantReport ", (PUCHAR)pIntolerantReport, sizeof(BSS_2040_INTOLERANT_CH_REPORT));
+
+                               pBssCoexistIe = (BSS_2040_COEXIST_IE *)(&pCoexistInfo->BssCoexistIe);
+
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       if (INFRA_ON(pAd))
+                                       {
+                                               StaPublicAction(pAd, pCoexistInfo);
+                                       }
+                               }
+#endif // CONFIG_STA_SUPPORT //
+
+                       }
+                       break;
+       }
+
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+}
+
+
+static VOID ReservedAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR Category;
+
+       if (Elem->MsgLen <= LENGTH_802_11)
+       {
+               return;
+       }
+
+       Category = Elem->Msg[LENGTH_802_11];
+       DBGPRINT(RT_DEBUG_TRACE,("Rcv reserved category(%d) Action Frame\n", Category));
+       hex_dump("Reserved Action Frame", &Elem->Msg[0], Elem->MsgLen);
+}
+
+VOID PeerRMAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+
+{
+       return;
+}
+
+#ifdef DOT11_N_SUPPORT
+static VOID respond_ht_information_exchange_action(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       ULONG                   FrameLen;
+       FRAME_HT_INFO   HTINFOframe, *pFrame;
+       UCHAR                   *pAddr;
+
+
+       // 2. Always send back ADDBA Response
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("ACTION - respond_ht_information_exchange_action() allocate memory failed \n"));
+               return;
+       }
+
+       // get RA
+       pFrame = (FRAME_HT_INFO *) &Elem->Msg[0];
+       pAddr = pFrame->Hdr.Addr2;
+
+       NdisZeroMemory(&HTINFOframe, sizeof(FRAME_HT_INFO));
+       // 2-1. Prepare ADDBA Response frame.
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (ADHOC_ON(pAd))
+                       ActHeaderInit(pAd, &HTINFOframe.Hdr, pAddr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+               else
+               ActHeaderInit(pAd, &HTINFOframe.Hdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAddr);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       HTINFOframe.Category = CATEGORY_HT;
+       HTINFOframe.Action = HT_INFO_EXCHANGE;
+       HTINFOframe.HT_Info.Request = 0;
+       HTINFOframe.HT_Info.Forty_MHz_Intolerant = pAd->CommonCfg.HtCapability.HtCapInfo.Forty_Mhz_Intolerant;
+       HTINFOframe.HT_Info.STA_Channel_Width    = pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth;
+
+       MakeOutgoingFrame(pOutBuffer,                                   &FrameLen,
+                                         sizeof(FRAME_HT_INFO),        &HTINFOframe,
+                                         END_OF_ARGS);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+}
+
+
+#ifdef DOT11N_DRAFT3
+VOID SendNotifyBWActionFrame(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR  Wcid,
+       IN UCHAR apidx)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       FRAME_ACTION_HDR        Frame;
+       ULONG                   FrameLen;
+       PUCHAR                  pAddr1;
+
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("ACT - SendNotifyBWAction() allocate memory failed \n"));
+               return;
+       }
+
+       if (Wcid == MCAST_WCID)
+               pAddr1 = &BROADCAST_ADDR[0];
+       else
+               pAddr1 = pAd->MacTab.Content[Wcid].Addr;
+       ActHeaderInit(pAd, &Frame.Hdr, pAddr1, pAd->ApCfg.MBSSID[apidx].Bssid, pAd->ApCfg.MBSSID[apidx].Bssid);
+
+       Frame.Category = CATEGORY_HT;
+       Frame.Action = NOTIFY_BW_ACTION;
+
+       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                 sizeof(FRAME_ACTION_HDR),       &Frame,
+                                 END_OF_ARGS);
+
+       *(pOutBuffer + FrameLen) = pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth;
+       FrameLen++;
+
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       DBGPRINT(RT_DEBUG_TRACE,("ACT - SendNotifyBWAction(NotifyBW= %d)!\n", pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth));
+
+}
+#endif // DOT11N_DRAFT3 //
+
+
+VOID PeerHTAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR   Action = Elem->Msg[LENGTH_802_11+1];
+
+       if (Elem->Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return;
+
+       switch(Action)
+       {
+               case NOTIFY_BW_ACTION:
+                       DBGPRINT(RT_DEBUG_TRACE,("ACTION - HT Notify Channel bandwidth action----> \n"));
+#ifdef CONFIG_STA_SUPPORT
+                       if(pAd->StaActive.SupportedPhyInfo.bHtEnable == FALSE)
+                       {
+                               // Note, this is to patch DIR-1353 AP. When the AP set to Wep, it will use legacy mode. But AP still keeps
+                               // sending BW_Notify Action frame, and cause us to linkup and linkdown.
+                               // In legacy mode, don't need to parse HT action frame.
+                               DBGPRINT(RT_DEBUG_TRACE,("ACTION -Ignore HT Notify Channel BW when link as legacy mode. BW = %d---> \n",
+                                                               Elem->Msg[LENGTH_802_11+2] ));
+                               break;
+                       }
+#endif // CONFIG_STA_SUPPORT //
+
+                       if (Elem->Msg[LENGTH_802_11+2] == 0)    // 7.4.8.2. if value is 1, keep the same as supported channel bandwidth.
+                               pAd->MacTab.Content[Elem->Wcid].HTPhyMode.field.BW = 0;
+
+                       break;
+
+               case SMPS_ACTION:
+                       // 7.3.1.25
+                       DBGPRINT(RT_DEBUG_TRACE,("ACTION - SMPS action----> \n"));
+                       if (((Elem->Msg[LENGTH_802_11+2]&0x1) == 0))
+                       {
+                               pAd->MacTab.Content[Elem->Wcid].MmpsMode = MMPS_ENABLE;
+                       }
+                       else if (((Elem->Msg[LENGTH_802_11+2]&0x2) == 0))
+                       {
+                               pAd->MacTab.Content[Elem->Wcid].MmpsMode = MMPS_STATIC;
+                       }
+                       else
+                       {
+                               pAd->MacTab.Content[Elem->Wcid].MmpsMode = MMPS_DYNAMIC;
+                       }
+
+                       DBGPRINT(RT_DEBUG_TRACE,("Aid(%d) MIMO PS = %d\n", Elem->Wcid, pAd->MacTab.Content[Elem->Wcid].MmpsMode));
+                       // rt2860c : add something for smps change.
+                       break;
+
+               case SETPCO_ACTION:
+                       break;
+
+               case MIMO_CHA_MEASURE_ACTION:
+                       break;
+
+               case HT_INFO_EXCHANGE:
+                       {
+                               HT_INFORMATION_OCTET    *pHT_info;
+
+                               pHT_info = (HT_INFORMATION_OCTET *) &Elem->Msg[LENGTH_802_11+2];
+                               // 7.4.8.10
+                               DBGPRINT(RT_DEBUG_TRACE,("ACTION - HT Information Exchange action----> \n"));
+                               if (pHT_info->Request)
+                               {
+                                       respond_ht_information_exchange_action(pAd, Elem);
+                               }
+                       }
+               break;
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Retry sending ADDBA Reqest.
+
+       IRQL = DISPATCH_LEVEL
+
+       Parametrs:
+       p8023Header: if this is already 802.3 format, p8023Header is NULL
+
+       Return  : TRUE if put into rx reordering buffer, shouldn't indicaterxhere.
+                               FALSE , then continue indicaterx at this moment.
+       ==========================================================================
+ */
+VOID ORIBATimerTimeout(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       MAC_TABLE_ENTRY *pEntry;
+       INT                     i, total;
+//     FRAME_BAR                       FrameBar;
+//     ULONG                   FrameLen;
+//     NDIS_STATUS     NStatus;
+//     PUCHAR                  pOutBuffer = NULL;
+//     USHORT                  Sequence;
+       UCHAR                   TID;
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       total = pAd->MacTab.Size * NUM_OF_TID;
+
+       for (i = 1; ((i <MAX_LEN_OF_BA_ORI_TABLE) && (total > 0)) ; i++)
+       {
+               if  (pAd->BATable.BAOriEntry[i].ORI_BA_Status == Originator_Done)
+               {
+                       pEntry = &pAd->MacTab.Content[pAd->BATable.BAOriEntry[i].Wcid];
+                       TID = pAd->BATable.BAOriEntry[i].TID;
+
+                       ASSERT(pAd->BATable.BAOriEntry[i].Wcid < MAX_LEN_OF_MAC_TABLE);
+               }
+               total --;
+       }
+}
+
+
+VOID SendRefreshBAR(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry)
+{
+       FRAME_BAR               FrameBar;
+       ULONG                   FrameLen;
+       NDIS_STATUS     NStatus;
+       PUCHAR                  pOutBuffer = NULL;
+       USHORT                  Sequence;
+       UCHAR                   i, TID;
+       USHORT                  idx;
+       BA_ORI_ENTRY    *pBAEntry;
+
+       for (i = 0; i <NUM_OF_TID; i++)
+       {
+               idx = pEntry->BAOriWcidArray[i];
+               if (idx == 0)
+               {
+                       continue;
+               }
+               pBAEntry = &pAd->BATable.BAOriEntry[idx];
+
+               if  (pBAEntry->ORI_BA_Status == Originator_Done)
+               {
+                       TID = pBAEntry->TID;
+
+                       ASSERT(pBAEntry->Wcid < MAX_LEN_OF_MAC_TABLE);
+
+                       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+                       if(NStatus != NDIS_STATUS_SUCCESS)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR,("BA - MlmeADDBAAction() allocate memory failed \n"));
+                               return;
+                       }
+
+                       Sequence = pEntry->TxSeq[TID];
+
+
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               BarHeaderInit(pAd, &FrameBar, pEntry->Addr, pAd->CurrentAddress);
+#endif // CONFIG_STA_SUPPORT //
+
+                       FrameBar.StartingSeq.field.FragNum = 0; // make sure sequence not clear in DEL function.
+                       FrameBar.StartingSeq.field.StartSeq = Sequence; // make sure sequence not clear in DEL funciton.
+                       FrameBar.BarControl.TID = TID; // make sure sequence not clear in DEL funciton.
+
+                       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                                         sizeof(FRAME_BAR),      &FrameBar,
+                                                         END_OF_ARGS);
+                       //if (!(CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_RALINK_CHIPSET)))
+                       if (1)  // Now we always send BAR.
+                       {
+                               //MiniportMMRequestUnlock(pAd, 0, pOutBuffer, FrameLen);
+                               MiniportMMRequest(pAd, (MGMT_USE_QUEUE_FLAG | MapUserPriorityToAccessCategory[TID]), pOutBuffer, FrameLen);
+
+                       }
+                       MlmeFreeMemory(pAd, pOutBuffer);
+               }
+       }
+}
+#endif // DOT11_N_SUPPORT //
+
+VOID ActHeaderInit(
+    IN PRTMP_ADAPTER   pAd,
+    IN OUT PHEADER_802_11 pHdr80211,
+    IN PUCHAR Addr1,
+    IN PUCHAR Addr2,
+    IN PUCHAR Addr3)
+{
+    NdisZeroMemory(pHdr80211, sizeof(HEADER_802_11));
+    pHdr80211->FC.Type = BTYPE_MGMT;
+    pHdr80211->FC.SubType = SUBTYPE_ACTION;
+
+    COPY_MAC_ADDR(pHdr80211->Addr1, Addr1);
+       COPY_MAC_ADDR(pHdr80211->Addr2, Addr2);
+    COPY_MAC_ADDR(pHdr80211->Addr3, Addr3);
+}
+
+VOID BarHeaderInit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN OUT PFRAME_BAR pCntlBar,
+       IN PUCHAR pDA,
+       IN PUCHAR pSA)
+{
+//     USHORT  Duration;
+
+       NdisZeroMemory(pCntlBar, sizeof(FRAME_BAR));
+       pCntlBar->FC.Type = BTYPE_CNTL;
+       pCntlBar->FC.SubType = SUBTYPE_BLOCK_ACK_REQ;
+       pCntlBar->BarControl.MTID = 0;
+       pCntlBar->BarControl.Compressed = 1;
+       pCntlBar->BarControl.ACKPolicy = 0;
+
+
+       pCntlBar->Duration = 16 + RTMPCalcDuration(pAd, RATE_1, sizeof(FRAME_BA));
+
+       COPY_MAC_ADDR(pCntlBar->Addr1, pDA);
+       COPY_MAC_ADDR(pCntlBar->Addr2, pSA);
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Insert Category and action code into the action frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. category code of the frame.
+               4. action code of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID InsertActField(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 Category,
+       IN UINT8 ActCode)
+{
+       ULONG TempLen;
+
+       MakeOutgoingFrame(      pFrameBuf,              &TempLen,
+                                               1,                              &Category,
+                                               1,                              &ActCode,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       return;
+}
diff --git a/drivers/staging/rt3090/common/ba_action.c b/drivers/staging/rt3090/common/ba_action.c
new file mode 100644 (file)
index 0000000..c732489
--- /dev/null
@@ -0,0 +1,1779 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+
+#ifdef DOT11_N_SUPPORT
+
+#include "../rt_config.h"
+
+
+#define BA_ORI_INIT_SEQ                (pEntry->TxSeq[TID]) //1                        // inital sequence number of BA session
+
+#define ORI_SESSION_MAX_RETRY  8
+#define ORI_BA_SESSION_TIMEOUT (2000)  // ms
+#define REC_BA_SESSION_IDLE_TIMEOUT    (1000)  // ms
+
+#define REORDERING_PACKET_TIMEOUT              ((100 * OS_HZ)/1000)    // system ticks -- 100 ms
+#define MAX_REORDERING_PACKET_TIMEOUT  ((3000 * OS_HZ)/1000)   // system ticks -- 100 ms
+
+#define RESET_RCV_SEQ          (0xFFFF)
+
+static void ba_mpdu_blk_free(PRTMP_ADAPTER pAd, struct reordering_mpdu *mpdu_blk);
+
+
+BA_ORI_ENTRY *BATableAllocOriEntry(
+                                                                 IN  PRTMP_ADAPTER   pAd,
+                                                                 OUT USHORT          *Idx);
+
+BA_REC_ENTRY *BATableAllocRecEntry(
+                                                                 IN  PRTMP_ADAPTER   pAd,
+                                                                 OUT USHORT          *Idx);
+
+VOID BAOriSessionSetupTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+VOID BARecSessionIdleTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+
+BUILD_TIMER_FUNCTION(BAOriSessionSetupTimeout);
+BUILD_TIMER_FUNCTION(BARecSessionIdleTimeout);
+
+#define ANNOUNCE_REORDERING_PACKET(_pAd, _mpdu_blk)    \
+                       Announce_Reordering_Packet(_pAd, _mpdu_blk);
+
+VOID BA_MaxWinSizeReasign(
+       IN PRTMP_ADAPTER        pAd,
+       IN MAC_TABLE_ENTRY  *pEntryPeer,
+       OUT UCHAR                       *pWinSize)
+{
+       UCHAR MaxSize;
+
+
+       if (pAd->MACVersion >= RALINK_2883_VERSION) // 3*3
+       {
+               if (pAd->MACVersion >= RALINK_3070_VERSION)
+               {
+                       if (pEntryPeer->WepStatus != Ndis802_11EncryptionDisabled)
+                               MaxSize = 7; // for non-open mode
+                       else
+                               MaxSize = 13;
+               }
+               else
+                       MaxSize = 31;
+       }
+       else if (pAd->MACVersion >= RALINK_2880E_VERSION) // 2880 e
+       {
+               if (pEntryPeer->WepStatus != Ndis802_11EncryptionDisabled)
+                       MaxSize = 7; // for non-open mode
+               else
+                       MaxSize = 13;
+       }
+       else
+               MaxSize = 7;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("ba> Win Size = %d, Max Size = %d\n",
+                       *pWinSize, MaxSize));
+
+       if ((*pWinSize) > MaxSize)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ba> reassign max win size from %d to %d\n",
+                               *pWinSize, MaxSize));
+
+               *pWinSize = MaxSize;
+       }
+}
+
+void Announce_Reordering_Packet(IN PRTMP_ADAPTER                       pAd,
+                                                               IN struct reordering_mpdu       *mpdu)
+{
+       PNDIS_PACKET    pPacket;
+
+       pPacket = mpdu->pPacket;
+
+       if (mpdu->bAMSDU)
+       {
+               ASSERT(0);
+               BA_Reorder_AMSDU_Annnounce(pAd, pPacket);
+       }
+       else
+       {
+               //
+               // pass this 802.3 packet to upper layer or forward this packet to WM directly
+               //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       ANNOUNCE_OR_FORWARD_802_3_PACKET(pAd, pPacket, RTMP_GET_PACKET_IF(pPacket));
+#endif // CONFIG_STA_SUPPORT //
+       }
+}
+
+/*
+ * Insert a reordering mpdu into sorted linked list by sequence no.
+ */
+BOOLEAN ba_reordering_mpdu_insertsorted(struct reordering_list *list, struct reordering_mpdu *mpdu)
+{
+
+       struct reordering_mpdu **ppScan = &list->next;
+
+       while (*ppScan != NULL)
+       {
+               if (SEQ_SMALLER((*ppScan)->Sequence, mpdu->Sequence, MAXSEQ))
+               {
+                       ppScan = &(*ppScan)->next;
+               }
+               else if ((*ppScan)->Sequence == mpdu->Sequence)
+               {
+                       /* give up this duplicated frame */
+                       return(FALSE);
+               }
+               else
+               {
+                       /* find position */
+                       break;
+               }
+       }
+
+       mpdu->next = *ppScan;
+       *ppScan = mpdu;
+       list->qlen++;
+       return TRUE;
+}
+
+
+/*
+ * caller lock critical section if necessary
+ */
+static inline void ba_enqueue(struct reordering_list *list, struct reordering_mpdu *mpdu_blk)
+{
+       list->qlen++;
+       mpdu_blk->next = list->next;
+       list->next = mpdu_blk;
+}
+
+/*
+ * caller lock critical section if necessary
+ */
+static inline struct reordering_mpdu * ba_dequeue(struct reordering_list *list)
+{
+       struct reordering_mpdu *mpdu_blk = NULL;
+
+       ASSERT(list);
+
+               if (list->qlen)
+               {
+                       list->qlen--;
+                       mpdu_blk = list->next;
+                       if (mpdu_blk)
+                       {
+                               list->next = mpdu_blk->next;
+                               mpdu_blk->next = NULL;
+                       }
+               }
+       return mpdu_blk;
+}
+
+
+static inline struct reordering_mpdu  *ba_reordering_mpdu_dequeue(struct reordering_list *list)
+{
+       return(ba_dequeue(list));
+}
+
+
+static inline struct reordering_mpdu  *ba_reordering_mpdu_probe(struct reordering_list *list)
+       {
+       ASSERT(list);
+
+               return(list->next);
+       }
+
+
+/*
+ * free all resource for reordering mechanism
+ */
+void ba_reordering_resource_release(PRTMP_ADAPTER pAd)
+{
+       BA_TABLE        *Tab;
+       PBA_REC_ENTRY   pBAEntry;
+       struct reordering_mpdu *mpdu_blk;
+       int i;
+
+       Tab = &pAd->BATable;
+
+       /* I.  release all pending reordering packet */
+       NdisAcquireSpinLock(&pAd->BATabLock);
+       for (i = 0; i < MAX_LEN_OF_BA_REC_TABLE; i++)
+       {
+               pBAEntry = &Tab->BARecEntry[i];
+               if (pBAEntry->REC_BA_Status != Recipient_NONE)
+               {
+                       while ((mpdu_blk = ba_reordering_mpdu_dequeue(&pBAEntry->list)))
+                       {
+                               ASSERT(mpdu_blk->pPacket);
+                               RELEASE_NDIS_PACKET(pAd, mpdu_blk->pPacket, NDIS_STATUS_FAILURE);
+                               ba_mpdu_blk_free(pAd, mpdu_blk);
+                       }
+               }
+       }
+       NdisReleaseSpinLock(&pAd->BATabLock);
+
+       ASSERT(pBAEntry->list.qlen == 0);
+       /* II. free memory of reordering mpdu table */
+       NdisAcquireSpinLock(&pAd->mpdu_blk_pool.lock);
+       os_free_mem(pAd, pAd->mpdu_blk_pool.mem);
+       NdisReleaseSpinLock(&pAd->mpdu_blk_pool.lock);
+}
+
+
+
+/*
+ * Allocate all resource for reordering mechanism
+ */
+BOOLEAN ba_reordering_resource_init(PRTMP_ADAPTER pAd, int num)
+{
+       int     i;
+       PUCHAR  mem;
+       struct reordering_mpdu *mpdu_blk;
+       struct reordering_list *freelist;
+
+       /* allocate spinlock */
+       NdisAllocateSpinLock(&pAd->mpdu_blk_pool.lock);
+
+       /* initialize freelist */
+       freelist = &pAd->mpdu_blk_pool.freelist;
+       freelist->next = NULL;
+       freelist->qlen = 0;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Allocate %d memory for BA reordering\n", (UINT32)(num*sizeof(struct reordering_mpdu))));
+
+       /* allocate number of mpdu_blk memory */
+       os_alloc_mem(pAd, (PUCHAR *)&mem, (num*sizeof(struct reordering_mpdu)));
+
+       pAd->mpdu_blk_pool.mem = mem;
+
+       if (mem == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Can't Allocate Memory for BA Reordering\n"));
+               return(FALSE);
+       }
+
+       /* build mpdu_blk free list */
+       for (i=0; i<num; i++)
+       {
+               /* get mpdu_blk */
+               mpdu_blk = (struct reordering_mpdu *) mem;
+               /* initial mpdu_blk */
+               NdisZeroMemory(mpdu_blk, sizeof(struct reordering_mpdu));
+               /* next mpdu_blk */
+               mem += sizeof(struct reordering_mpdu);
+               /* insert mpdu_blk into freelist */
+               ba_enqueue(freelist, mpdu_blk);
+       }
+
+       return(TRUE);
+}
+
+//static int blk_count=0; // sample take off, no use
+
+static struct reordering_mpdu *ba_mpdu_blk_alloc(PRTMP_ADAPTER pAd)
+{
+       struct reordering_mpdu *mpdu_blk;
+
+       NdisAcquireSpinLock(&pAd->mpdu_blk_pool.lock);
+       mpdu_blk = ba_dequeue(&pAd->mpdu_blk_pool.freelist);
+       if (mpdu_blk)
+       {
+//             blk_count++;
+               /* reset mpdu_blk */
+               NdisZeroMemory(mpdu_blk, sizeof(struct reordering_mpdu));
+       }
+       NdisReleaseSpinLock(&pAd->mpdu_blk_pool.lock);
+       return mpdu_blk;
+}
+
+static void ba_mpdu_blk_free(PRTMP_ADAPTER pAd, struct reordering_mpdu *mpdu_blk)
+{
+       ASSERT(mpdu_blk);
+
+       NdisAcquireSpinLock(&pAd->mpdu_blk_pool.lock);
+//     blk_count--;
+       ba_enqueue(&pAd->mpdu_blk_pool.freelist, mpdu_blk);
+       NdisReleaseSpinLock(&pAd->mpdu_blk_pool.lock);
+}
+
+
+static USHORT ba_indicate_reordering_mpdus_in_order(
+                                                                                                  IN PRTMP_ADAPTER    pAd,
+                                                                                                  IN PBA_REC_ENTRY    pBAEntry,
+                                                                                                  IN USHORT           StartSeq)
+{
+       struct reordering_mpdu *mpdu_blk;
+       USHORT  LastIndSeq = RESET_RCV_SEQ;
+
+       NdisAcquireSpinLock(&pBAEntry->RxReRingLock);
+
+       while ((mpdu_blk = ba_reordering_mpdu_probe(&pBAEntry->list)))
+               {
+                       /* find in-order frame */
+               if (!SEQ_STEPONE(mpdu_blk->Sequence, StartSeq, MAXSEQ))
+                       {
+                               break;
+                       }
+                       /* dequeue in-order frame from reodering list */
+                       mpdu_blk = ba_reordering_mpdu_dequeue(&pBAEntry->list);
+                       /* pass this frame up */
+               ANNOUNCE_REORDERING_PACKET(pAd, mpdu_blk);
+               /* move to next sequence */
+                       StartSeq = mpdu_blk->Sequence;
+               LastIndSeq = StartSeq;
+               /* free mpdu_blk */
+                       ba_mpdu_blk_free(pAd, mpdu_blk);
+       }
+
+       NdisReleaseSpinLock(&pBAEntry->RxReRingLock);
+
+       /* update last indicated sequence */
+       return LastIndSeq;
+}
+
+static void ba_indicate_reordering_mpdus_le_seq(
+                                                                                          IN PRTMP_ADAPTER    pAd,
+                                                                                          IN PBA_REC_ENTRY    pBAEntry,
+                                                                                          IN USHORT           Sequence)
+{
+       struct reordering_mpdu *mpdu_blk;
+
+       NdisAcquireSpinLock(&pBAEntry->RxReRingLock);
+       while ((mpdu_blk = ba_reordering_mpdu_probe(&pBAEntry->list)))
+               {
+                       /* find in-order frame */
+               if ((mpdu_blk->Sequence == Sequence) || SEQ_SMALLER(mpdu_blk->Sequence, Sequence, MAXSEQ))
+               {
+                       /* dequeue in-order frame from reodering list */
+                       mpdu_blk = ba_reordering_mpdu_dequeue(&pBAEntry->list);
+                       /* pass this frame up */
+                       ANNOUNCE_REORDERING_PACKET(pAd, mpdu_blk);
+                       /* free mpdu_blk */
+                       ba_mpdu_blk_free(pAd, mpdu_blk);
+               }
+               else
+                       {
+                               break;
+                       }
+       }
+       NdisReleaseSpinLock(&pBAEntry->RxReRingLock);
+}
+
+
+static void ba_refresh_reordering_mpdus(
+                                                                          IN PRTMP_ADAPTER    pAd,
+                                                                          PBA_REC_ENTRY       pBAEntry)
+{
+       struct reordering_mpdu *mpdu_blk;
+
+       NdisAcquireSpinLock(&pBAEntry->RxReRingLock);
+
+                       /* dequeue in-order frame from reodering list */
+       while ((mpdu_blk = ba_reordering_mpdu_dequeue(&pBAEntry->list)))
+       {
+                       /* pass this frame up */
+               ANNOUNCE_REORDERING_PACKET(pAd, mpdu_blk);
+
+               pBAEntry->LastIndSeq = mpdu_blk->Sequence;
+                       ba_mpdu_blk_free(pAd, mpdu_blk);
+
+               /* update last indicated sequence */
+       }
+       ASSERT(pBAEntry->list.qlen == 0);
+       pBAEntry->LastIndSeq = RESET_RCV_SEQ;
+       NdisReleaseSpinLock(&pBAEntry->RxReRingLock);
+}
+
+
+//static
+void ba_flush_reordering_timeout_mpdus(
+                                                                       IN PRTMP_ADAPTER    pAd,
+                                                                       IN PBA_REC_ENTRY    pBAEntry,
+                                                                       IN ULONG            Now32)
+
+{
+       USHORT Sequence;
+
+//     if ((RTMP_TIME_AFTER((unsigned long)Now32, (unsigned long)(pBAEntry->LastIndSeqAtTimer+REORDERING_PACKET_TIMEOUT)) &&
+//              (pBAEntry->list.qlen > ((pBAEntry->BAWinSize*7)/8))) //||
+//             (RTMP_TIME_AFTER((unsigned long)Now32, (unsigned long)(pBAEntry->LastIndSeqAtTimer+(10*REORDERING_PACKET_TIMEOUT))) &&
+//              (pBAEntry->list.qlen > (pBAEntry->BAWinSize/8)))
+       if (RTMP_TIME_AFTER((unsigned long)Now32, (unsigned long)(pBAEntry->LastIndSeqAtTimer+(MAX_REORDERING_PACKET_TIMEOUT/6)))
+                &&(pBAEntry->list.qlen > 1)
+               )
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("timeout[%d] (%08lx-%08lx = %d > %d): %x, flush all!\n ", pBAEntry->list.qlen, Now32, (pBAEntry->LastIndSeqAtTimer),
+                          (int)((long) Now32 - (long)(pBAEntry->LastIndSeqAtTimer)), MAX_REORDERING_PACKET_TIMEOUT,
+                          pBAEntry->LastIndSeq));
+               ba_refresh_reordering_mpdus(pAd, pBAEntry);
+               pBAEntry->LastIndSeqAtTimer = Now32;
+       }
+       else
+       if (RTMP_TIME_AFTER((unsigned long)Now32, (unsigned long)(pBAEntry->LastIndSeqAtTimer+(REORDERING_PACKET_TIMEOUT)))
+               && (pBAEntry->list.qlen > 0)
+          )
+               {
+//             DBGPRINT(RT_DEBUG_OFF, ("timeout[%d] (%lx-%lx = %d > %d): %x, ", pBAEntry->list.qlen, Now32, (pBAEntry->LastIndSeqAtTimer),
+//                        (int)((long) Now32 - (long)(pBAEntry->LastIndSeqAtTimer)), REORDERING_PACKET_TIMEOUT,
+//                        pBAEntry->LastIndSeq));
+               //
+               // force LastIndSeq to shift to LastIndSeq+1
+               //
+               Sequence = (pBAEntry->LastIndSeq+1) & MAXSEQ;
+               ba_indicate_reordering_mpdus_le_seq(pAd, pBAEntry, Sequence);
+               pBAEntry->LastIndSeqAtTimer = Now32;
+                       pBAEntry->LastIndSeq = Sequence;
+               //
+               // indicate in-order mpdus
+               //
+               Sequence = ba_indicate_reordering_mpdus_in_order(pAd, pBAEntry, Sequence);
+               if (Sequence != RESET_RCV_SEQ)
+               {
+                       pBAEntry->LastIndSeq = Sequence;
+               }
+
+               DBGPRINT(RT_DEBUG_OFF, ("%x, flush one!\n", pBAEntry->LastIndSeq));
+
+       }
+}
+
+
+/*
+ * generate ADDBA request to
+ * set up BA agreement
+ */
+VOID BAOriSessionSetUp(
+                                         IN PRTMP_ADAPTER    pAd,
+                                         IN MAC_TABLE_ENTRY  *pEntry,
+                                         IN UCHAR            TID,
+                                         IN USHORT           TimeOut,
+                                         IN ULONG            DelayTime,
+                                         IN BOOLEAN          isForced)
+
+{
+       //MLME_ADDBA_REQ_STRUCT AddbaReq;
+       BA_ORI_ENTRY            *pBAEntry = NULL;
+       USHORT                  Idx;
+       BOOLEAN                 Cancelled;
+
+       if ((pAd->CommonCfg.BACapability.field.AutoBA != TRUE)  &&  (isForced == FALSE))
+               return;
+
+       // if this entry is limited to use legacy tx mode, it doesn't generate BA.
+       if (RTMPStaFixedTxMode(pAd, pEntry) != FIXED_TXMODE_HT)
+               return;
+
+       if ((pEntry->BADeclineBitmap & (1<<TID)) && (isForced == FALSE))
+       {
+               // try again after 3 secs
+               DelayTime = 3000;
+//             DBGPRINT(RT_DEBUG_TRACE, ("DeCline BA from Peer\n"));
+//             return;
+       }
+
+
+       Idx = pEntry->BAOriWcidArray[TID];
+       if (Idx == 0)
+       {
+               // allocate a BA session
+               pBAEntry = BATableAllocOriEntry(pAd, &Idx);
+               if (pBAEntry == NULL)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("ADDBA - MlmeADDBAAction() allocate BA session failed \n"));
+                       return;
+               }
+       }
+       else
+       {
+               pBAEntry =&pAd->BATable.BAOriEntry[Idx];
+       }
+
+       if (pBAEntry->ORI_BA_Status >= Originator_WaitRes)
+       {
+               return;
+       }
+
+       pEntry->BAOriWcidArray[TID] = Idx;
+
+       // Initialize BA session
+       pBAEntry->ORI_BA_Status = Originator_WaitRes;
+       pBAEntry->Wcid = pEntry->Aid;
+       pBAEntry->BAWinSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit;
+       pBAEntry->Sequence = BA_ORI_INIT_SEQ;
+       pBAEntry->Token = 1;    // (2008-01-21) Jan Lee recommends it - this token can't be 0
+       pBAEntry->TID = TID;
+       pBAEntry->TimeOutValue = TimeOut;
+       pBAEntry->pAdapter = pAd;
+
+       if (!(pEntry->TXBAbitmap & (1<<TID)))
+       {
+               RTMPInitTimer(pAd, &pBAEntry->ORIBATimer, GET_TIMER_FUNCTION(BAOriSessionSetupTimeout), pBAEntry, FALSE);
+       }
+       else
+               RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
+
+       // set timer to send ADDBA request
+       RTMPSetTimer(&pBAEntry->ORIBATimer, DelayTime);
+}
+
+VOID BAOriSessionAdd(
+                       IN PRTMP_ADAPTER    pAd,
+                                       IN MAC_TABLE_ENTRY  *pEntry,
+                       IN PFRAME_ADDBA_RSP pFrame)
+{
+       BA_ORI_ENTRY  *pBAEntry = NULL;
+       BOOLEAN       Cancelled;
+       UCHAR         TID;
+       USHORT        Idx;
+       PUCHAR          pOutBuffer2 = NULL;
+       NDIS_STATUS     NStatus;
+       ULONG           FrameLen;
+       FRAME_BAR       FrameBar;
+
+       TID = pFrame->BaParm.TID;
+       Idx = pEntry->BAOriWcidArray[TID];
+       pBAEntry =&pAd->BATable.BAOriEntry[Idx];
+
+       // Start fill in parameters.
+       if ((Idx !=0) && (pBAEntry->TID == TID) && (pBAEntry->ORI_BA_Status == Originator_WaitRes))
+       {
+               pBAEntry->BAWinSize = min(pBAEntry->BAWinSize, ((UCHAR)pFrame->BaParm.BufSize));
+               BA_MaxWinSizeReasign(pAd, pEntry, &pBAEntry->BAWinSize);
+
+               pBAEntry->TimeOutValue = pFrame->TimeOutValue;
+               pBAEntry->ORI_BA_Status = Originator_Done;
+               pAd->BATable.numDoneOriginator ++;
+
+               // reset sequence number
+               pBAEntry->Sequence = BA_ORI_INIT_SEQ;
+               // Set Bitmap flag.
+               pEntry->TXBAbitmap |= (1<<TID);
+                               RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
+
+               pBAEntry->ORIBATimer.TimerValue = 0;    //pFrame->TimeOutValue;
+
+               DBGPRINT(RT_DEBUG_TRACE,("%s : TXBAbitmap = %x, BAWinSize = %d, TimeOut = %ld\n", __FUNCTION__, pEntry->TXBAbitmap,
+                                                                pBAEntry->BAWinSize, pBAEntry->ORIBATimer.TimerValue));
+
+               // SEND BAR ;
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer2);  //Get an unused nonpaged memory
+               if (NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("BA - BAOriSessionAdd() allocate memory failed \n"));
+                       return;
+               }
+
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       BarHeaderInit(pAd, &FrameBar, pAd->MacTab.Content[pBAEntry->Wcid].Addr, pAd->CurrentAddress);
+#endif // CONFIG_STA_SUPPORT //
+
+               FrameBar.StartingSeq.field.FragNum = 0; // make sure sequence not clear in DEL function.
+               FrameBar.StartingSeq.field.StartSeq = pBAEntry->Sequence; // make sure sequence not clear in DEL funciton.
+               FrameBar.BarControl.TID = pBAEntry->TID; // make sure sequence not clear in DEL funciton.
+               MakeOutgoingFrame(pOutBuffer2,              &FrameLen,
+                                                 sizeof(FRAME_BAR),      &FrameBar,
+                                         END_OF_ARGS);
+               MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer2, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer2);
+
+
+               if (pBAEntry->ORIBATimer.TimerValue)
+                       RTMPSetTimer(&pBAEntry->ORIBATimer, pBAEntry->ORIBATimer.TimerValue); // in mSec
+       }
+}
+
+BOOLEAN BARecSessionAdd(
+                                          IN PRTMP_ADAPTER    pAd,
+                                          IN MAC_TABLE_ENTRY  *pEntry,
+                                          IN PFRAME_ADDBA_REQ pFrame)
+{
+       BA_REC_ENTRY            *pBAEntry = NULL;
+       BOOLEAN                 Status = TRUE;
+       BOOLEAN                 Cancelled;
+       USHORT                  Idx;
+       UCHAR                   TID;
+       UCHAR                   BAWinSize;
+       //UINT32                  Value;
+       //UINT                    offset;
+
+
+       ASSERT(pEntry);
+
+       // find TID
+       TID = pFrame->BaParm.TID;
+
+       BAWinSize = min(((UCHAR)pFrame->BaParm.BufSize), (UCHAR)pAd->CommonCfg.BACapability.field.RxBAWinLimit);
+
+       // Intel patch
+       if (BAWinSize == 0)
+       {
+               BAWinSize = 64;
+       }
+
+       Idx = pEntry->BARecWcidArray[TID];
+
+
+       if (Idx == 0)
+       {
+               pBAEntry = BATableAllocRecEntry(pAd, &Idx);
+       }
+       else
+       {
+               pBAEntry = &pAd->BATable.BARecEntry[Idx];
+               // flush all pending reordering mpdus
+               ba_refresh_reordering_mpdus(pAd, pBAEntry);
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("%s(%ld): Idx = %d, BAWinSize(req %d) = %d\n", __FUNCTION__, pAd->BATable.numAsRecipient, Idx,
+                                                        pFrame->BaParm.BufSize, BAWinSize));
+
+       // Start fill in parameters.
+       if (pBAEntry != NULL)
+       {
+               ASSERT(pBAEntry->list.qlen == 0);
+
+               pBAEntry->REC_BA_Status = Recipient_HandleRes;
+               pBAEntry->BAWinSize = BAWinSize;
+               pBAEntry->Wcid = pEntry->Aid;
+               pBAEntry->TID = TID;
+               pBAEntry->TimeOutValue = pFrame->TimeOutValue;
+               pBAEntry->REC_BA_Status = Recipient_Accept;
+               // initial sequence number
+               pBAEntry->LastIndSeq = RESET_RCV_SEQ; //pFrame->BaStartSeq.field.StartSeq;
+
+               DBGPRINT(RT_DEBUG_OFF, ("Start Seq = %08x\n",  pFrame->BaStartSeq.field.StartSeq));
+
+               if (pEntry->RXBAbitmap & (1<<TID))
+               {
+                       RTMPCancelTimer(&pBAEntry->RECBATimer, &Cancelled);
+               }
+               else
+               {
+                       RTMPInitTimer(pAd, &pBAEntry->RECBATimer, GET_TIMER_FUNCTION(BARecSessionIdleTimeout), pBAEntry, TRUE);
+               }
+
+
+               // Set Bitmap flag.
+               pEntry->RXBAbitmap |= (1<<TID);
+               pEntry->BARecWcidArray[TID] = Idx;
+
+               pEntry->BADeclineBitmap &= ~(1<<TID);
+
+               // Set BA session mask in WCID table.
+               RTMP_ADD_BA_SESSION_TO_ASIC(pAd, pEntry->Aid, TID);
+
+               DBGPRINT(RT_DEBUG_TRACE,("MACEntry[%d]RXBAbitmap = 0x%x. BARecWcidArray=%d\n",
+                               pEntry->Aid, pEntry->RXBAbitmap, pEntry->BARecWcidArray[TID]));
+       }
+       else
+       {
+               Status = FALSE;
+               DBGPRINT(RT_DEBUG_TRACE,("Can't Accept ADDBA for %02x:%02x:%02x:%02x:%02x:%02x TID = %d\n",
+                               PRINT_MAC(pEntry->Addr), TID));
+       }
+       return(Status);
+}
+
+
+BA_REC_ENTRY *BATableAllocRecEntry(
+                                                                 IN  PRTMP_ADAPTER   pAd,
+                                                                 OUT USHORT          *Idx)
+{
+       int             i;
+       BA_REC_ENTRY    *pBAEntry = NULL;
+
+
+       NdisAcquireSpinLock(&pAd->BATabLock);
+
+       if (pAd->BATable.numAsRecipient >= MAX_BARECI_SESSION)
+       {
+               DBGPRINT(RT_DEBUG_OFF, ("BA Recipeint Session (%ld) > %d\n",
+                                                       pAd->BATable.numAsRecipient, MAX_BARECI_SESSION));
+               goto done;
+       }
+
+       // reserve idx 0 to identify BAWcidArray[TID] as empty
+       for (i=1; i < MAX_LEN_OF_BA_REC_TABLE; i++)
+       {
+               pBAEntry =&pAd->BATable.BARecEntry[i];
+               if ((pBAEntry->REC_BA_Status == Recipient_NONE))
+               {
+                       // get one
+                       pAd->BATable.numAsRecipient++;
+                       pBAEntry->REC_BA_Status = Recipient_USED;
+                       *Idx = i;
+                       break;
+               }
+       }
+
+done:
+       NdisReleaseSpinLock(&pAd->BATabLock);
+       return pBAEntry;
+}
+
+BA_ORI_ENTRY *BATableAllocOriEntry(
+                                                                 IN  PRTMP_ADAPTER   pAd,
+                                                                 OUT USHORT          *Idx)
+{
+       int             i;
+       BA_ORI_ENTRY    *pBAEntry = NULL;
+
+       NdisAcquireSpinLock(&pAd->BATabLock);
+
+       if (pAd->BATable.numAsOriginator >= (MAX_LEN_OF_BA_ORI_TABLE))
+       {
+               goto done;
+       }
+
+       // reserve idx 0 to identify BAWcidArray[TID] as empty
+       for (i=1; i<MAX_LEN_OF_BA_ORI_TABLE; i++)
+       {
+               pBAEntry =&pAd->BATable.BAOriEntry[i];
+               if ((pBAEntry->ORI_BA_Status == Originator_NONE))
+               {
+                       // get one
+                       pAd->BATable.numAsOriginator++;
+                       pBAEntry->ORI_BA_Status = Originator_USED;
+                       pBAEntry->pAdapter = pAd;
+                       *Idx = i;
+                       break;
+               }
+       }
+
+done:
+       NdisReleaseSpinLock(&pAd->BATabLock);
+       return pBAEntry;
+}
+
+
+VOID BATableFreeOriEntry(
+                                               IN  PRTMP_ADAPTER   pAd,
+                                               IN  ULONG           Idx)
+{
+       BA_ORI_ENTRY    *pBAEntry = NULL;
+       MAC_TABLE_ENTRY *pEntry;
+
+
+       if ((Idx == 0) || (Idx >= MAX_LEN_OF_BA_ORI_TABLE))
+               return;
+
+       pBAEntry =&pAd->BATable.BAOriEntry[Idx];
+
+       if (pBAEntry->ORI_BA_Status != Originator_NONE)
+       {
+               pEntry = &pAd->MacTab.Content[pBAEntry->Wcid];
+               pEntry->BAOriWcidArray[pBAEntry->TID] = 0;
+
+
+               NdisAcquireSpinLock(&pAd->BATabLock);
+               if (pBAEntry->ORI_BA_Status == Originator_Done)
+               {
+                       pAd->BATable.numDoneOriginator -= 1;
+                       pEntry->TXBAbitmap &= (~(1<<(pBAEntry->TID) ));
+                       DBGPRINT(RT_DEBUG_TRACE, ("BATableFreeOriEntry numAsOriginator= %ld\n", pAd->BATable.numAsRecipient));
+                       // Erase Bitmap flag.
+               }
+
+               ASSERT(pAd->BATable.numAsOriginator != 0);
+
+               pAd->BATable.numAsOriginator -= 1;
+
+               pBAEntry->ORI_BA_Status = Originator_NONE;
+               pBAEntry->Token = 0;
+               NdisReleaseSpinLock(&pAd->BATabLock);
+       }
+}
+
+
+VOID BATableFreeRecEntry(
+                                               IN  PRTMP_ADAPTER   pAd,
+                                               IN  ULONG           Idx)
+{
+       BA_REC_ENTRY    *pBAEntry = NULL;
+       MAC_TABLE_ENTRY *pEntry;
+
+
+       if ((Idx == 0) || (Idx >= MAX_LEN_OF_BA_REC_TABLE))
+               return;
+
+       pBAEntry =&pAd->BATable.BARecEntry[Idx];
+
+       if (pBAEntry->REC_BA_Status != Recipient_NONE)
+       {
+               pEntry = &pAd->MacTab.Content[pBAEntry->Wcid];
+               pEntry->BARecWcidArray[pBAEntry->TID] = 0;
+
+               NdisAcquireSpinLock(&pAd->BATabLock);
+
+               ASSERT(pAd->BATable.numAsRecipient != 0);
+
+               pAd->BATable.numAsRecipient -= 1;
+
+               pBAEntry->REC_BA_Status = Recipient_NONE;
+               NdisReleaseSpinLock(&pAd->BATabLock);
+       }
+}
+
+
+VOID BAOriSessionTearDown(
+                                                IN OUT  PRTMP_ADAPTER   pAd,
+                                                IN      UCHAR           Wcid,
+                                                IN      UCHAR           TID,
+                                                IN      BOOLEAN         bPassive,
+                                                IN      BOOLEAN         bForceSend)
+{
+       ULONG           Idx = 0;
+       BA_ORI_ENTRY    *pBAEntry;
+       BOOLEAN         Cancelled;
+
+       if (Wcid >= MAX_LEN_OF_MAC_TABLE)
+       {
+               return;
+       }
+
+       //
+       // Locate corresponding BA Originator Entry in BA Table with the (pAddr,TID).
+       //
+       Idx = pAd->MacTab.Content[Wcid].BAOriWcidArray[TID];
+       if ((Idx == 0) || (Idx >= MAX_LEN_OF_BA_ORI_TABLE))
+       {
+               if (bForceSend == TRUE)
+               {
+                       // force send specified TID DelBA
+                       MLME_DELBA_REQ_STRUCT   DelbaReq;
+                       MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+                       if (Elem != NULL)
+                       {
+                               NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
+                               NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
+
+                               COPY_MAC_ADDR(DelbaReq.Addr, pAd->MacTab.Content[Wcid].Addr);
+                               DelbaReq.Wcid = Wcid;
+                               DelbaReq.TID = TID;
+                               DelbaReq.Initiator = ORIGINATOR;
+                               Elem->MsgLen  = sizeof(DelbaReq);
+                               NdisMoveMemory(Elem->Msg, &DelbaReq, sizeof(DelbaReq));
+                               MlmeDELBAAction(pAd, Elem);
+                               kfree(Elem);
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("%s(bForceSend):alloc memory failed!\n", __FUNCTION__));
+                       }
+               }
+
+               return;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("%s===>Wcid=%d.TID=%d \n", __FUNCTION__, Wcid, TID));
+
+       pBAEntry = &pAd->BATable.BAOriEntry[Idx];
+       DBGPRINT(RT_DEBUG_TRACE,("\t===>Idx = %ld, Wcid=%d.TID=%d, ORI_BA_Status = %d \n", Idx, Wcid, TID, pBAEntry->ORI_BA_Status));
+       //
+       // Prepare DelBA action frame and send to the peer.
+       //
+       if ((bPassive == FALSE) && (TID == pBAEntry->TID) && (pBAEntry->ORI_BA_Status == Originator_Done))
+       {
+               MLME_DELBA_REQ_STRUCT   DelbaReq;
+               MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+               if (Elem != NULL)
+               {
+                       NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
+                       NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
+
+                       COPY_MAC_ADDR(DelbaReq.Addr, pAd->MacTab.Content[Wcid].Addr);
+                       DelbaReq.Wcid = Wcid;
+                       DelbaReq.TID = pBAEntry->TID;
+                       DelbaReq.Initiator = ORIGINATOR;
+                       Elem->MsgLen  = sizeof(DelbaReq);
+                       NdisMoveMemory(Elem->Msg, &DelbaReq, sizeof(DelbaReq));
+                       MlmeDELBAAction(pAd, Elem);
+                       kfree(Elem);
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s():alloc memory failed!\n", __FUNCTION__));
+                       return;
+               }
+       }
+       RTMPCancelTimer(&pBAEntry->ORIBATimer, &Cancelled);
+       BATableFreeOriEntry(pAd, Idx);
+
+       if (bPassive)
+       {
+               //BAOriSessionSetUp(pAd, &pAd->MacTab.Content[Wcid], TID, 0, 10000, TRUE);
+       }
+}
+
+VOID BARecSessionTearDown(
+                                                IN OUT  PRTMP_ADAPTER   pAd,
+                                                IN      UCHAR           Wcid,
+                                                IN      UCHAR           TID,
+                                                IN      BOOLEAN         bPassive)
+{
+       ULONG           Idx = 0;
+       BA_REC_ENTRY    *pBAEntry;
+
+       if (Wcid >= MAX_LEN_OF_MAC_TABLE)
+       {
+               return;
+       }
+
+       //
+       //  Locate corresponding BA Originator Entry in BA Table with the (pAddr,TID).
+       //
+       Idx = pAd->MacTab.Content[Wcid].BARecWcidArray[TID];
+       if (Idx == 0)
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE,("%s===>Wcid=%d.TID=%d \n", __FUNCTION__, Wcid, TID));
+
+
+       pBAEntry = &pAd->BATable.BARecEntry[Idx];
+       DBGPRINT(RT_DEBUG_TRACE,("\t===>Idx = %ld, Wcid=%d.TID=%d, REC_BA_Status = %d \n", Idx, Wcid, TID, pBAEntry->REC_BA_Status));
+       //
+       // Prepare DelBA action frame and send to the peer.
+       //
+       if ((TID == pBAEntry->TID) && (pBAEntry->REC_BA_Status == Recipient_Accept))
+       {
+               MLME_DELBA_REQ_STRUCT   DelbaReq;
+               BOOLEAN                                 Cancelled;
+               //ULONG   offset;
+               //UINT32  VALUE;
+
+               RTMPCancelTimer(&pBAEntry->RECBATimer, &Cancelled);
+
+               //
+               // 1. Send DELBA Action Frame
+               //
+               if (bPassive == FALSE)
+               {
+                       MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+                       if (Elem != NULL)
+                       {
+                               NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
+                               NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
+
+                               COPY_MAC_ADDR(DelbaReq.Addr, pAd->MacTab.Content[Wcid].Addr);
+                               DelbaReq.Wcid = Wcid;
+                               DelbaReq.TID = TID;
+                               DelbaReq.Initiator = RECIPIENT;
+                               Elem->MsgLen  = sizeof(DelbaReq);
+                               NdisMoveMemory(Elem->Msg, &DelbaReq, sizeof(DelbaReq));
+                               MlmeDELBAAction(pAd, Elem);
+                               kfree(Elem);
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("%s():alloc memory failed!\n", __FUNCTION__));
+                               return;
+                       }
+               }
+
+
+               //
+               // 2. Free resource of BA session
+               //
+               // flush all pending reordering mpdus
+               ba_refresh_reordering_mpdus(pAd, pBAEntry);
+
+               NdisAcquireSpinLock(&pAd->BATabLock);
+
+               // Erase Bitmap flag.
+               pBAEntry->LastIndSeq = RESET_RCV_SEQ;
+               pBAEntry->BAWinSize = 0;
+               // Erase Bitmap flag at software mactable
+               pAd->MacTab.Content[Wcid].RXBAbitmap &= (~(1<<(pBAEntry->TID)));
+               pAd->MacTab.Content[Wcid].BARecWcidArray[TID] = 0;
+
+               RTMP_DEL_BA_SESSION_FROM_ASIC(pAd, Wcid, TID);
+
+               NdisReleaseSpinLock(&pAd->BATabLock);
+
+       }
+
+       BATableFreeRecEntry(pAd, Idx);
+}
+
+VOID BASessionTearDownALL(
+                                                IN OUT  PRTMP_ADAPTER pAd,
+                                                IN      UCHAR Wcid)
+{
+       int i;
+
+       for (i=0; i<NUM_OF_TID; i++)
+       {
+               BAOriSessionTearDown(pAd, Wcid, i, FALSE, FALSE);
+               BARecSessionTearDown(pAd, Wcid, i, FALSE);
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Retry sending ADDBA Reqest.
+
+       IRQL = DISPATCH_LEVEL
+
+       Parametrs:
+       p8023Header: if this is already 802.3 format, p8023Header is NULL
+
+       Return  : TRUE if put into rx reordering buffer, shouldn't indicaterxhere.
+                               FALSE , then continue indicaterx at this moment.
+       ==========================================================================
+ */
+VOID BAOriSessionSetupTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3)
+{
+       BA_ORI_ENTRY    *pBAEntry = (BA_ORI_ENTRY *)FunctionContext;
+       MAC_TABLE_ENTRY *pEntry;
+       PRTMP_ADAPTER   pAd;
+
+       if (pBAEntry == NULL)
+               return;
+
+       pAd = pBAEntry->pAdapter;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Do nothing if monitor mode is on
+               if (MONITOR_ON(pAd))
+                       return;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RALINK_ATE
+       // Nothing to do in ATE mode.
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       pEntry = &pAd->MacTab.Content[pBAEntry->Wcid];
+
+       if ((pBAEntry->ORI_BA_Status == Originator_WaitRes) && (pBAEntry->Token < ORI_SESSION_MAX_RETRY))
+       {
+               MLME_ADDBA_REQ_STRUCT    AddbaReq;
+
+               NdisZeroMemory(&AddbaReq, sizeof(AddbaReq));
+               COPY_MAC_ADDR(AddbaReq.pAddr, pEntry->Addr);
+               AddbaReq.Wcid = (UCHAR)(pEntry->Aid);
+               AddbaReq.TID = pBAEntry->TID;
+               AddbaReq.BaBufSize = pAd->CommonCfg.BACapability.field.RxBAWinLimit;
+               AddbaReq.TimeOutValue = 0;
+               AddbaReq.Token = pBAEntry->Token;
+               MlmeEnqueue(pAd, ACTION_STATE_MACHINE, MT2_MLME_ADD_BA_CATE, sizeof(MLME_ADDBA_REQ_STRUCT), (PVOID)&AddbaReq);
+               RTMP_MLME_HANDLER(pAd);
+               DBGPRINT(RT_DEBUG_TRACE,("BA Ori Session Timeout(%d) : Send ADD BA again\n", pBAEntry->Token));
+
+               pBAEntry->Token++;
+               RTMPSetTimer(&pBAEntry->ORIBATimer, ORI_BA_SESSION_TIMEOUT);
+       }
+       else
+       {
+               BATableFreeOriEntry(pAd, pEntry->BAOriWcidArray[pBAEntry->TID]);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               Retry sending ADDBA Reqest.
+
+       IRQL = DISPATCH_LEVEL
+
+       Parametrs:
+       p8023Header: if this is already 802.3 format, p8023Header is NULL
+
+       Return  : TRUE if put into rx reordering buffer, shouldn't indicaterxhere.
+                               FALSE , then continue indicaterx at this moment.
+       ==========================================================================
+ */
+VOID BARecSessionIdleTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3)
+{
+
+       BA_REC_ENTRY    *pBAEntry = (BA_REC_ENTRY *)FunctionContext;
+       PRTMP_ADAPTER   pAd;
+       ULONG           Now32;
+
+       if (pBAEntry == NULL)
+               return;
+
+       if ((pBAEntry->REC_BA_Status == Recipient_Accept))
+       {
+               NdisGetSystemUpTime(&Now32);
+
+               if (RTMP_TIME_AFTER((unsigned long)Now32, (unsigned long)(pBAEntry->LastIndSeqAtTimer + REC_BA_SESSION_IDLE_TIMEOUT)))
+               {
+                       pAd = pBAEntry->pAdapter;
+                       // flush all pending reordering mpdus
+                       ba_refresh_reordering_mpdus(pAd, pBAEntry);
+                       DBGPRINT(RT_DEBUG_OFF, ("%ld: REC BA session Timeout\n", Now32));
+               }
+       }
+}
+
+
+VOID PeerAddBAReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+
+{
+       //      7.4.4.1
+       //ULONG Idx;
+       UCHAR   Status = 1;
+       UCHAR   pAddr[6];
+       FRAME_ADDBA_RSP ADDframe;
+       PUCHAR         pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       PFRAME_ADDBA_REQ  pAddreqFrame = NULL;
+       //UCHAR         BufSize;
+       ULONG       FrameLen;
+       PULONG      ptemp;
+       PMAC_TABLE_ENTRY        pMacEntry;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s ==> (Wcid = %d)\n", __FUNCTION__, Elem->Wcid));
+
+       //hex_dump("AddBAReq", Elem->Msg, Elem->MsgLen);
+
+       //ADDBA Request from unknown peer, ignore this.
+       if (Elem->Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return;
+
+       pMacEntry = &pAd->MacTab.Content[Elem->Wcid];
+       DBGPRINT(RT_DEBUG_TRACE,("BA - PeerAddBAReqAction----> \n"));
+       ptemp = (PULONG)Elem->Msg;
+       //DBGPRINT_RAW(RT_DEBUG_EMU, ("%08x:: %08x:: %08x:: %08x:: %08x:: %08x:: %08x:: %08x:: %08x\n", *(ptemp), *(ptemp+1), *(ptemp+2), *(ptemp+3), *(ptemp+4), *(ptemp+5), *(ptemp+6), *(ptemp+7), *(ptemp+8)));
+
+       if (PeerAddBAReqActionSanity(pAd, Elem->Msg, Elem->MsgLen, pAddr))
+       {
+
+               if ((pAd->CommonCfg.bBADecline == FALSE) && IS_HT_STA(pMacEntry))
+               {
+                       pAddreqFrame = (PFRAME_ADDBA_REQ)(&Elem->Msg[0]);
+                       DBGPRINT(RT_DEBUG_OFF, ("Rcv Wcid(%d) AddBAReq\n", Elem->Wcid));
+                       if (BARecSessionAdd(pAd, &pAd->MacTab.Content[Elem->Wcid], pAddreqFrame))
+                               Status = 0;
+                       else
+                               Status = 38; // more parameters have invalid values
+               }
+               else
+               {
+                       Status = 37; // the request has been declined.
+               }
+       }
+
+       if (pAd->MacTab.Content[Elem->Wcid].ValidAsCLI)
+               ASSERT(pAd->MacTab.Content[Elem->Wcid].Sst == SST_ASSOC);
+
+       pAddreqFrame = (PFRAME_ADDBA_REQ)(&Elem->Msg[0]);
+       // 2. Always send back ADDBA Response
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("ACTION - PeerBAAction() allocate memory failed \n"));
+               return;
+       }
+
+       NdisZeroMemory(&ADDframe, sizeof(FRAME_ADDBA_RSP));
+       // 2-1. Prepare ADDBA Response frame.
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (ADHOC_ON(pAd))
+                       ActHeaderInit(pAd, &ADDframe.Hdr, pAddr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+               else
+#ifdef QOS_DLS_SUPPORT
+               if (pAd->MacTab.Content[Elem->Wcid].ValidAsDls)
+                       ActHeaderInit(pAd, &ADDframe.Hdr, pAddr, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+               else
+#endif // QOS_DLS_SUPPORT //
+               ActHeaderInit(pAd, &ADDframe.Hdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAddr);
+       }
+#endif // CONFIG_STA_SUPPORT //
+       ADDframe.Category = CATEGORY_BA;
+       ADDframe.Action = ADDBA_RESP;
+       ADDframe.Token = pAddreqFrame->Token;
+       // What is the Status code??  need to check.
+       ADDframe.StatusCode = Status;
+       ADDframe.BaParm.BAPolicy = IMMED_BA;
+       ADDframe.BaParm.AMSDUSupported = 0;
+       ADDframe.BaParm.TID = pAddreqFrame->BaParm.TID;
+       ADDframe.BaParm.BufSize = min(((UCHAR)pAddreqFrame->BaParm.BufSize), (UCHAR)pAd->CommonCfg.BACapability.field.RxBAWinLimit);
+       if (ADDframe.BaParm.BufSize == 0)
+       {
+               ADDframe.BaParm.BufSize = 64;
+       }
+       ADDframe.TimeOutValue = 0; //pAddreqFrame->TimeOutValue;
+
+       *(USHORT *)(&ADDframe.BaParm) = cpu2le16(*(USHORT *)(&ADDframe.BaParm));
+       ADDframe.StatusCode = cpu2le16(ADDframe.StatusCode);
+       ADDframe.TimeOutValue = cpu2le16(ADDframe.TimeOutValue);
+
+       MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                         sizeof(FRAME_ADDBA_RSP),  &ADDframe,
+                         END_OF_ARGS);
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s(%d): TID(%d), BufSize(%d) <== \n", __FUNCTION__, Elem->Wcid, ADDframe.BaParm.TID,
+                                                         ADDframe.BaParm.BufSize));
+}
+
+
+VOID PeerAddBARspAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+
+{
+       //UCHAR         Idx, i;
+       //PUCHAR                   pOutBuffer = NULL;
+       PFRAME_ADDBA_RSP    pFrame = NULL;
+       //PBA_ORI_ENTRY         pBAEntry;
+
+       //ADDBA Response from unknown peer, ignore this.
+       if (Elem->Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s ==> Wcid(%d)\n", __FUNCTION__, Elem->Wcid));
+
+       //hex_dump("PeerAddBARspAction()", Elem->Msg, Elem->MsgLen);
+
+       if (PeerAddBARspActionSanity(pAd, Elem->Msg, Elem->MsgLen))
+       {
+               pFrame = (PFRAME_ADDBA_RSP)(&Elem->Msg[0]);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("\t\t StatusCode = %d\n", pFrame->StatusCode));
+               switch (pFrame->StatusCode)
+               {
+                       case 0:
+                               // I want a BAsession with this peer as an originator.
+                               BAOriSessionAdd(pAd, &pAd->MacTab.Content[Elem->Wcid], pFrame);
+                               break;
+                       default:
+                               // check status == USED ???
+                               BAOriSessionTearDown(pAd, Elem->Wcid, pFrame->BaParm.TID, TRUE, FALSE);
+                               break;
+               }
+               // Rcv Decline StatusCode
+               if ((pFrame->StatusCode == 37)
+#ifdef CONFIG_STA_SUPPORT
+            || ((pAd->OpMode == OPMODE_STA) && STA_TGN_WIFI_ON(pAd) && (pFrame->StatusCode != 0))
+#endif // CONFIG_STA_SUPPORT //
+            )
+               {
+                       pAd->MacTab.Content[Elem->Wcid].BADeclineBitmap |= 1<<pFrame->BaParm.TID;
+               }
+       }
+}
+
+VOID PeerDelBAAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+
+{
+       //UCHAR                         Idx;
+       //PUCHAR                                pOutBuffer = NULL;
+       PFRAME_DELBA_REQ    pDelFrame = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE,("%s ==>\n", __FUNCTION__));
+       //DELBA Request from unknown peer, ignore this.
+       if (PeerDelBAActionSanity(pAd, Elem->Wcid, Elem->Msg, Elem->MsgLen))
+       {
+               pDelFrame = (PFRAME_DELBA_REQ)(&Elem->Msg[0]);
+               if (pDelFrame->DelbaParm.Initiator == ORIGINATOR)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("BA - PeerDelBAAction----> ORIGINATOR\n"));
+                       BARecSessionTearDown(pAd, Elem->Wcid, pDelFrame->DelbaParm.TID, TRUE);
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("BA - PeerDelBAAction----> RECIPIENT, Reason = %d\n",  pDelFrame->ReasonCode));
+                       //hex_dump("DelBA Frame", pDelFrame, Elem->MsgLen);
+                       BAOriSessionTearDown(pAd, Elem->Wcid, pDelFrame->DelbaParm.TID, TRUE, FALSE);
+               }
+       }
+}
+
+
+BOOLEAN CntlEnqueueForRecv(
+                                                 IN PRTMP_ADAPTER              pAd,
+                                                 IN ULONG                              Wcid,
+                                                 IN ULONG                              MsgLen,
+                                                 IN PFRAME_BA_REQ              pMsg)
+{
+       PFRAME_BA_REQ   pFrame = pMsg;
+       //PRTMP_REORDERBUF      pBuffer;
+       //PRTMP_REORDERBUF      pDmaBuf;
+       PBA_REC_ENTRY pBAEntry;
+       //BOOLEAN       Result;
+       ULONG   Idx;
+       //UCHAR NumRxPkt;
+       UCHAR   TID;//, i;
+
+       TID = (UCHAR)pFrame->BARControl.TID;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s(): BAR-Wcid(%ld), Tid (%d)\n", __FUNCTION__, Wcid, TID));
+       //hex_dump("BAR", (PCHAR) pFrame, MsgLen);
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return FALSE;
+
+       // First check the size, it MUST not exceed the mlme queue size
+       if (MsgLen > MGMT_DMA_BUFFER_SIZE)
+       {
+               DBGPRINT_ERR(("CntlEnqueueForRecv: frame too large, size = %ld \n", MsgLen));
+               return FALSE;
+       }
+       else if (MsgLen != sizeof(FRAME_BA_REQ))
+       {
+               DBGPRINT_ERR(("CntlEnqueueForRecv: BlockAck Request frame length size = %ld incorrect\n", MsgLen));
+               return FALSE;
+       }
+       else if (MsgLen != sizeof(FRAME_BA_REQ))
+       {
+               DBGPRINT_ERR(("CntlEnqueueForRecv: BlockAck Request frame length size = %ld incorrect\n", MsgLen));
+               return FALSE;
+       }
+
+       if ((Wcid < MAX_LEN_OF_MAC_TABLE) && (TID < 8))
+               {
+               // if this receiving packet is from SA that is in our OriEntry. Since WCID <9 has direct mapping. no need search.
+               Idx = pAd->MacTab.Content[Wcid].BARecWcidArray[TID];
+               pBAEntry = &pAd->BATable.BARecEntry[Idx];
+               }
+               else
+               {
+               return FALSE;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("BAR(%ld) : Tid (%d) - %04x:%04x\n", Wcid, TID, pFrame->BAStartingSeq.field.StartSeq, pBAEntry->LastIndSeq ));
+
+       if (SEQ_SMALLER(pBAEntry->LastIndSeq, pFrame->BAStartingSeq.field.StartSeq, MAXSEQ))
+       {
+               //DBGPRINT(RT_DEBUG_TRACE, ("BAR Seq = %x, LastIndSeq = %x\n", pFrame->BAStartingSeq.field.StartSeq, pBAEntry->LastIndSeq));
+               ba_indicate_reordering_mpdus_le_seq(pAd, pBAEntry, pFrame->BAStartingSeq.field.StartSeq);
+               pBAEntry->LastIndSeq = (pFrame->BAStartingSeq.field.StartSeq == 0) ? MAXSEQ :(pFrame->BAStartingSeq.field.StartSeq -1);
+       }
+       //ba_refresh_reordering_mpdus(pAd, pBAEntry);
+       return TRUE;
+}
+
+/*
+Description : Send PSMP Action frame If PSMP mode switches.
+*/
+VOID SendPSMPAction(
+                                  IN PRTMP_ADAPTER             pAd,
+                                  IN UCHAR                             Wcid,
+                                  IN UCHAR                             Psmp)
+{
+       PUCHAR          pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       //ULONG           Idx;
+       FRAME_PSMP_ACTION   Frame;
+       ULONG           FrameLen;
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("BA - MlmeADDBAAction() allocate memory failed \n"));
+               return;
+       }
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               ActHeaderInit(pAd, &Frame.Hdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->MacTab.Content[Wcid].Addr);
+#endif // CONFIG_STA_SUPPORT //
+
+       Frame.Category = CATEGORY_HT;
+       Frame.Action = SMPS_ACTION;
+       switch (Psmp)
+       {
+               case MMPS_ENABLE:
+#ifdef RT30xx
+                       if (IS_RT30xx(pAd)
+                               &&(pAd->Antenna.field.RxPath>1||pAd->Antenna.field.TxPath>1))
+                       {
+                               RTMP_ASIC_MMPS_DISABLE(pAd);
+                       }
+#endif // RT30xx //
+                       Frame.Psmp = 0;
+                       break;
+               case MMPS_DYNAMIC:
+                       Frame.Psmp = 3;
+                       break;
+               case MMPS_STATIC:
+#ifdef RT30xx
+                       if (IS_RT30xx(pAd)
+                               &&(pAd->Antenna.field.RxPath>1||pAd->Antenna.field.TxPath>1))
+                       {
+                               RTMP_ASIC_MMPS_ENABLE(pAd);
+                       }
+#endif // RT30xx //
+                       Frame.Psmp = 1;
+                       break;
+       }
+       MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                         sizeof(FRAME_PSMP_ACTION),      &Frame,
+                                         END_OF_ARGS);
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+       DBGPRINT(RT_DEBUG_ERROR,("HT - SendPSMPAction( %d )  \n", Frame.Psmp));
+}
+
+
+#define RADIO_MEASUREMENT_REQUEST_ACTION       0
+
+typedef struct PACKED
+{
+       UCHAR   RegulatoryClass;
+       UCHAR   ChannelNumber;
+       USHORT  RandomInterval;
+       USHORT  MeasurementDuration;
+       UCHAR   MeasurementMode;
+       UCHAR   BSSID[MAC_ADDR_LEN];
+       UCHAR   ReportingCondition;
+       UCHAR   Threshold;
+       UCHAR   SSIDIE[2];                      // 2 byte
+} BEACON_REQUEST;
+
+typedef struct PACKED
+{
+       UCHAR   ID;
+       UCHAR   Length;
+       UCHAR   Token;
+       UCHAR   RequestMode;
+       UCHAR   Type;
+} MEASUREMENT_REQ;
+
+
+
+
+void convert_reordering_packet_to_preAMSDU_or_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN  UCHAR                       FromWhichBSSID)
+{
+       PNDIS_PACKET    pRxPkt;
+       UCHAR                   Header802_3[LENGTH_802_3];
+
+       // 1. get 802.3 Header
+       // 2. remove LLC
+       //              a. pointer pRxBlk->pData to payload
+       //      b. modify pRxBlk->DataSize
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               RTMP_802_11_REMOVE_LLC_AND_CONVERT_TO_802_3(pRxBlk, Header802_3);
+#endif // CONFIG_STA_SUPPORT //
+
+       ASSERT(pRxBlk->pRxPacket);
+       pRxPkt = RTPKT_TO_OSPKT(pRxBlk->pRxPacket);
+
+       SET_OS_PKT_NETDEV(pRxPkt, get_netdev_from_bssid(pAd, FromWhichBSSID));
+       SET_OS_PKT_DATAPTR(pRxPkt, pRxBlk->pData);
+       SET_OS_PKT_LEN(pRxPkt, pRxBlk->DataSize);
+       SET_OS_PKT_DATATAIL(pRxPkt, pRxBlk->pData, pRxBlk->DataSize);
+
+       //
+       // copy 802.3 header, if necessary
+       //
+       if (!RX_BLK_TEST_FLAG(pRxBlk, fRX_AMSDU))
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+#ifdef LINUX
+                       NdisMoveMemory(skb_push(pRxPkt, LENGTH_802_3), Header802_3, LENGTH_802_3);
+#endif
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+}
+
+
+#define INDICATE_LEGACY_OR_AMSDU(_pAd, _pRxBlk, _fromWhichBSSID)               \
+       do                                                                                                                                      \
+       {                                                                                                                                       \
+       if (RX_BLK_TEST_FLAG(_pRxBlk, fRX_AMSDU))                                               \
+       {                                                                                                                               \
+               Indicate_AMSDU_Packet(_pAd, _pRxBlk, _fromWhichBSSID);          \
+       }                                                                                                                               \
+               else if (RX_BLK_TEST_FLAG(_pRxBlk, fRX_EAP))                                    \
+               {                                                                                                                               \
+                       Indicate_EAPOL_Packet(_pAd, _pRxBlk, _fromWhichBSSID);          \
+               }                                                                                                                               \
+       else                                                                                                                    \
+       {                                                                                                                               \
+               Indicate_Legacy_Packet(_pAd, _pRxBlk, _fromWhichBSSID);         \
+       }                                                                                                                               \
+       } while (0);
+
+
+
+static VOID ba_enqueue_reordering_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PBA_REC_ENTRY   pBAEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       struct reordering_mpdu *mpdu_blk;
+       UINT16  Sequence = (UINT16) pRxBlk->pHeader->Sequence;
+
+       mpdu_blk = ba_mpdu_blk_alloc(pAd);
+       if ((mpdu_blk != NULL) &&
+               (!RX_BLK_TEST_FLAG(pRxBlk, fRX_EAP)))
+       {
+               // Write RxD buffer address & allocated buffer length
+               NdisAcquireSpinLock(&pBAEntry->RxReRingLock);
+
+               mpdu_blk->Sequence = Sequence;
+
+               mpdu_blk->bAMSDU = RX_BLK_TEST_FLAG(pRxBlk, fRX_AMSDU);
+
+               convert_reordering_packet_to_preAMSDU_or_802_3_packet(pAd, pRxBlk, FromWhichBSSID);
+
+               STATS_INC_RX_PACKETS(pAd, FromWhichBSSID);
+
+        //
+               // it is necessary for reordering packet to record
+               // which BSS it come from
+               //
+               RTMP_SET_PACKET_IF(pRxBlk->pRxPacket, FromWhichBSSID);
+
+               mpdu_blk->pPacket = pRxBlk->pRxPacket;
+
+               if (ba_reordering_mpdu_insertsorted(&pBAEntry->list, mpdu_blk) == FALSE)
+               {
+                       // had been already within reordering list
+                       // don't indicate
+                       RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_SUCCESS);
+                       ba_mpdu_blk_free(pAd, mpdu_blk);
+               }
+
+               ASSERT((0<= pBAEntry->list.qlen)  && (pBAEntry->list.qlen <= pBAEntry->BAWinSize));
+               NdisReleaseSpinLock(&pBAEntry->RxReRingLock);
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR,  ("!!! (%d) Can't allocate reordering mpdu blk\n",
+                                                                  pBAEntry->list.qlen));
+               /*
+                * flush all pending reordering mpdus
+                * and receving mpdu to upper layer
+                * make tcp/ip to take care reordering mechanism
+                */
+               //ba_refresh_reordering_mpdus(pAd, pBAEntry);
+               ba_indicate_reordering_mpdus_le_seq(pAd, pBAEntry, Sequence);
+
+               pBAEntry->LastIndSeq = Sequence;
+               INDICATE_LEGACY_OR_AMSDU(pAd, pRxBlk, FromWhichBSSID);
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Indicate this packet to upper layer or put it into reordering buffer
+
+       Parametrs:
+               pRxBlk         : carry necessary packet info 802.11 format
+               FromWhichBSSID : the packet received from which BSS
+
+       Return  :
+                         none
+
+       Note    :
+                 the packet queued into reordering buffer need to cover to 802.3 format
+                         or pre_AMSDU format
+       ==========================================================================
+ */
+
+VOID Indicate_AMPDU_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       USHORT                          Idx;
+       PBA_REC_ENTRY           pBAEntry = NULL;
+       UINT16                          Sequence = pRxBlk->pHeader->Sequence;
+       ULONG                           Now32;
+       UCHAR                           Wcid = pRxBlk->pRxWI->WirelessCliID;
+       UCHAR                           TID = pRxBlk->pRxWI->TID;
+
+
+       if (!RX_BLK_TEST_FLAG(pRxBlk, fRX_AMSDU) &&  (pRxBlk->DataSize > MAX_RX_PKT_LEN))
+       {
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+
+
+       if (Wcid < MAX_LEN_OF_MAC_TABLE)
+       {
+               Idx = pAd->MacTab.Content[Wcid].BARecWcidArray[TID];
+               if (Idx == 0)
+               {
+                       /* Rec BA Session had been torn down */
+                       INDICATE_LEGACY_OR_AMSDU(pAd, pRxBlk, FromWhichBSSID);
+                       return;
+               }
+               pBAEntry = &pAd->BATable.BARecEntry[Idx];
+       }
+       else
+       {
+               // impossible !!!
+               ASSERT(0);
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+       ASSERT(pBAEntry);
+
+       // update last rx time
+       NdisGetSystemUpTime(&Now32);
+
+       pBAEntry->rcvSeq = Sequence;
+
+
+       ba_flush_reordering_timeout_mpdus(pAd, pBAEntry, Now32);
+       pBAEntry->LastIndSeqAtTimer = Now32;
+
+       //
+       // Reset Last Indicate Sequence
+       //
+       if (pBAEntry->LastIndSeq == RESET_RCV_SEQ)
+       {
+               ASSERT((pBAEntry->list.qlen == 0) && (pBAEntry->list.next == NULL));
+
+               // reset rcv sequence of BA session
+               pBAEntry->LastIndSeq = Sequence;
+               pBAEntry->LastIndSeqAtTimer = Now32;
+               INDICATE_LEGACY_OR_AMSDU(pAd, pRxBlk, FromWhichBSSID);
+               return;
+       }
+
+       //
+       // I. Check if in order.
+       //
+       if (SEQ_STEPONE(Sequence, pBAEntry->LastIndSeq, MAXSEQ))
+       {
+               USHORT  LastIndSeq;
+
+               pBAEntry->LastIndSeq = Sequence;
+               INDICATE_LEGACY_OR_AMSDU(pAd, pRxBlk, FromWhichBSSID);
+               LastIndSeq = ba_indicate_reordering_mpdus_in_order(pAd, pBAEntry, pBAEntry->LastIndSeq);
+               if (LastIndSeq != RESET_RCV_SEQ)
+               {
+                       pBAEntry->LastIndSeq = LastIndSeq;
+               }
+               pBAEntry->LastIndSeqAtTimer = Now32;
+       }
+       //
+       // II. Drop Duplicated Packet
+       //
+       else if (Sequence == pBAEntry->LastIndSeq)
+       {
+
+               // drop and release packet
+               pBAEntry->nDropPacket++;
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+       }
+       //
+       // III. Drop Old Received Packet
+       //
+       else if (SEQ_SMALLER(Sequence, pBAEntry->LastIndSeq, MAXSEQ))
+       {
+
+               // drop and release packet
+               pBAEntry->nDropPacket++;
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+       }
+       //
+       // IV. Receive Sequence within Window Size
+       //
+       else if (SEQ_SMALLER(Sequence, (((pBAEntry->LastIndSeq+pBAEntry->BAWinSize+1)) & MAXSEQ), MAXSEQ))
+       {
+               ba_enqueue_reordering_packet(pAd, pBAEntry, pRxBlk, FromWhichBSSID);
+       }
+       //
+       // V. Receive seq surpasses Win(lastseq + nMSDU). So refresh all reorder buffer
+       //
+       else
+       {
+               LONG WinStartSeq, TmpSeq;
+
+
+               TmpSeq = Sequence - (pBAEntry->BAWinSize) -1;
+               if (TmpSeq < 0)
+               {
+                       TmpSeq = (MAXSEQ+1) + TmpSeq;
+               }
+               WinStartSeq = (TmpSeq+1) & MAXSEQ;
+               ba_indicate_reordering_mpdus_le_seq(pAd, pBAEntry, WinStartSeq);
+               pBAEntry->LastIndSeq = WinStartSeq; //TmpSeq;
+
+               pBAEntry->LastIndSeqAtTimer = Now32;
+
+               ba_enqueue_reordering_packet(pAd, pBAEntry, pRxBlk, FromWhichBSSID);
+
+               TmpSeq = ba_indicate_reordering_mpdus_in_order(pAd, pBAEntry, pBAEntry->LastIndSeq);
+               if (TmpSeq != RESET_RCV_SEQ)
+               {
+                       pBAEntry->LastIndSeq = TmpSeq;
+               }
+       }
+}
+
+#endif // DOT11_N_SUPPORT //
diff --git a/drivers/staging/rt3090/common/cmm_aes.c b/drivers/staging/rt3090/common/cmm_aes.c
new file mode 100644 (file)
index 0000000..4ccbbbf
--- /dev/null
@@ -0,0 +1,1560 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       cmm_aes.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Paul Wu         02-25-02                Initial
+*/
+
+#include "../rt_config.h"
+
+
+typedef        struct
+{
+    UINT32 erk[64];     /* encryption round keys */
+    UINT32 drk[64];     /* decryption round keys */
+    int nr;             /* number of rounds */
+}
+aes_context;
+
+/*****************************/
+/******** SBOX Table *********/
+/*****************************/
+
+UCHAR SboxTable[256] =
+{
+       0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+       0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+       0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+       0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+       0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+       0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+       0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+       0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+       0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+       0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+       0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+       0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+       0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+       0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+       0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+       0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+       0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+       0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+       0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+       0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+       0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+       0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+       0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+       0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+       0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+       0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+       0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+       0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+       0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+       0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+       0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+       0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+VOID xor_32(
+       IN  PUCHAR  a,
+       IN  PUCHAR  b,
+       OUT PUCHAR  out)
+{
+       INT i;
+
+       for (i=0;i<4; i++)
+       {
+               out[i] = a[i] ^ b[i];
+       }
+}
+
+VOID xor_128(
+       IN  PUCHAR  a,
+       IN  PUCHAR  b,
+       OUT PUCHAR  out)
+{
+       INT i;
+
+       for (i=0;i<16; i++)
+       {
+               out[i] = a[i] ^ b[i];
+       }
+}
+
+UCHAR RTMPCkipSbox(
+       IN  UCHAR   a)
+{
+       return SboxTable[(int)a];
+}
+
+VOID next_key(
+       IN  PUCHAR  key,
+       IN  INT     round)
+{
+       UCHAR       rcon;
+       UCHAR       sbox_key[4];
+       UCHAR       rcon_table[12] =
+       {
+               0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+               0x1b, 0x36, 0x36, 0x36
+       };
+
+       sbox_key[0] = RTMPCkipSbox(key[13]);
+       sbox_key[1] = RTMPCkipSbox(key[14]);
+       sbox_key[2] = RTMPCkipSbox(key[15]);
+       sbox_key[3] = RTMPCkipSbox(key[12]);
+
+       rcon = rcon_table[round];
+
+       xor_32(&key[0], sbox_key, &key[0]);
+       key[0] = key[0] ^ rcon;
+
+       xor_32(&key[4], &key[0], &key[4]);
+       xor_32(&key[8], &key[4], &key[8]);
+       xor_32(&key[12], &key[8], &key[12]);
+}
+
+VOID byte_sub(
+       IN  PUCHAR  in,
+       OUT PUCHAR  out)
+{
+       INT i;
+
+       for (i=0; i< 16; i++)
+       {
+               out[i] = RTMPCkipSbox(in[i]);
+       }
+}
+
+/************************************/
+/* bitwise_xor()                    */
+/* A 128 bit, bitwise exclusive or  */
+/************************************/
+
+void bitwise_xor(unsigned char *ina, unsigned char *inb, unsigned char *out)
+{
+       int i;
+       for (i=0; i<16; i++)
+       {
+               out[i] = ina[i] ^ inb[i];
+       }
+}
+
+VOID shift_row(
+       IN  PUCHAR  in,
+       OUT PUCHAR  out)
+{
+       out[0] =  in[0];
+       out[1] =  in[5];
+       out[2] =  in[10];
+       out[3] =  in[15];
+       out[4] =  in[4];
+       out[5] =  in[9];
+       out[6] =  in[14];
+       out[7] =  in[3];
+       out[8] =  in[8];
+       out[9] =  in[13];
+       out[10] = in[2];
+       out[11] = in[7];
+       out[12] = in[12];
+       out[13] = in[1];
+       out[14] = in[6];
+       out[15] = in[11];
+}
+
+VOID mix_column(
+       IN  PUCHAR  in,
+       OUT PUCHAR  out)
+{
+       INT         i;
+       UCHAR       add1b[4];
+       UCHAR       add1bf7[4];
+       UCHAR       rotl[4];
+       UCHAR       swap_halfs[4];
+       UCHAR       andf7[4];
+       UCHAR       rotr[4];
+       UCHAR       temp[4];
+       UCHAR       tempb[4];
+
+       for (i=0 ; i<4; i++)
+       {
+               if ((in[i] & 0x80)== 0x80)
+                       add1b[i] = 0x1b;
+               else
+                       add1b[i] = 0x00;
+       }
+
+       swap_halfs[0] = in[2];    /* Swap halfs */
+       swap_halfs[1] = in[3];
+       swap_halfs[2] = in[0];
+       swap_halfs[3] = in[1];
+
+       rotl[0] = in[3];        /* Rotate left 8 bits */
+       rotl[1] = in[0];
+       rotl[2] = in[1];
+       rotl[3] = in[2];
+
+       andf7[0] = in[0] & 0x7f;
+       andf7[1] = in[1] & 0x7f;
+       andf7[2] = in[2] & 0x7f;
+       andf7[3] = in[3] & 0x7f;
+
+       for (i = 3; i>0; i--)    /* logical shift left 1 bit */
+       {
+               andf7[i] = andf7[i] << 1;
+               if ((andf7[i-1] & 0x80) == 0x80)
+               {
+                       andf7[i] = (andf7[i] | 0x01);
+               }
+       }
+       andf7[0] = andf7[0] << 1;
+       andf7[0] = andf7[0] & 0xfe;
+
+       xor_32(add1b, andf7, add1bf7);
+
+       xor_32(in, add1bf7, rotr);
+
+       temp[0] = rotr[0];         /* Rotate right 8 bits */
+       rotr[0] = rotr[1];
+       rotr[1] = rotr[2];
+       rotr[2] = rotr[3];
+       rotr[3] = temp[0];
+
+       xor_32(add1bf7, rotr, temp);
+       xor_32(swap_halfs, rotl,tempb);
+       xor_32(temp, tempb, out);
+}
+
+
+/************************************************/
+/* construct_mic_header1()                      */
+/* Builds the first MIC header block from       */
+/* header fields.                               */
+/************************************************/
+
+void construct_mic_header1(
+       unsigned char *mic_header1,
+       int header_length,
+       unsigned char *mpdu)
+{
+       mic_header1[0] = (unsigned char)((header_length - 2) / 256);
+       mic_header1[1] = (unsigned char)((header_length - 2) % 256);
+       mic_header1[2] = mpdu[0] & 0xcf;    /* Mute CF poll & CF ack bits */
+       mic_header1[3] = mpdu[1] & 0xc7;    /* Mute retry, more data and pwr mgt bits */
+       mic_header1[4] = mpdu[4];       /* A1 */
+       mic_header1[5] = mpdu[5];
+       mic_header1[6] = mpdu[6];
+       mic_header1[7] = mpdu[7];
+       mic_header1[8] = mpdu[8];
+       mic_header1[9] = mpdu[9];
+       mic_header1[10] = mpdu[10];     /* A2 */
+       mic_header1[11] = mpdu[11];
+       mic_header1[12] = mpdu[12];
+       mic_header1[13] = mpdu[13];
+       mic_header1[14] = mpdu[14];
+       mic_header1[15] = mpdu[15];
+}
+
+/************************************************/
+/* construct_mic_header2()                      */
+/* Builds the last MIC header block from        */
+/* header fields.                               */
+/************************************************/
+
+void construct_mic_header2(
+       unsigned char *mic_header2,
+       unsigned char *mpdu,
+       int a4_exists,
+       int qc_exists)
+{
+       int i;
+
+       for (i = 0; i<16; i++) mic_header2[i]=0x00;
+
+       mic_header2[0] = mpdu[16];    /* A3 */
+       mic_header2[1] = mpdu[17];
+       mic_header2[2] = mpdu[18];
+       mic_header2[3] = mpdu[19];
+       mic_header2[4] = mpdu[20];
+       mic_header2[5] = mpdu[21];
+
+       // In Sequence Control field, mute sequence numer bits (12-bit)
+       mic_header2[6] = mpdu[22] & 0x0f;   /* SC */
+       mic_header2[7] = 0x00; /* mpdu[23]; */
+
+       if ((!qc_exists) & a4_exists)
+       {
+               for (i=0;i<6;i++) mic_header2[8+i] = mpdu[24+i];   /* A4 */
+
+       }
+
+       if (qc_exists && (!a4_exists))
+       {
+               mic_header2[8] = mpdu[24] & 0x0f; /* mute bits 15 - 4 */
+               mic_header2[9] = mpdu[25] & 0x00;
+       }
+
+       if (qc_exists && a4_exists)
+       {
+               for (i=0;i<6;i++) mic_header2[8+i] = mpdu[24+i];   /* A4 */
+
+               mic_header2[14] = mpdu[30] & 0x0f;
+               mic_header2[15] = mpdu[31] & 0x00;
+       }
+}
+
+
+/************************************************/
+/* construct_mic_iv()                           */
+/* Builds the MIC IV from header fields and PN  */
+/************************************************/
+
+void construct_mic_iv(
+       unsigned char *mic_iv,
+       int qc_exists,
+       int a4_exists,
+       unsigned char *mpdu,
+       unsigned int payload_length,
+       unsigned char *pn_vector)
+{
+       int i;
+
+       mic_iv[0] = 0x59;
+       if (qc_exists && a4_exists)
+               mic_iv[1] = mpdu[30] & 0x0f;    /* QoS_TC           */
+       if (qc_exists && !a4_exists)
+               mic_iv[1] = mpdu[24] & 0x0f;   /* mute bits 7-4    */
+       if (!qc_exists)
+               mic_iv[1] = 0x00;
+       for (i = 2; i < 8; i++)
+               mic_iv[i] = mpdu[i + 8];                    /* mic_iv[2:7] = A2[0:5] = mpdu[10:15] */
+#ifdef CONSISTENT_PN_ORDER
+               for (i = 8; i < 14; i++)
+                       mic_iv[i] = pn_vector[i - 8];           /* mic_iv[8:13] = PN[0:5] */
+#else
+               for (i = 8; i < 14; i++)
+                       mic_iv[i] = pn_vector[13 - i];          /* mic_iv[8:13] = PN[5:0] */
+#endif
+       i = (payload_length / 256);
+       i = (payload_length % 256);
+       mic_iv[14] = (unsigned char) (payload_length / 256);
+       mic_iv[15] = (unsigned char) (payload_length % 256);
+
+}
+
+/****************************************/
+/* aes128k128d()                        */
+/* Performs a 128 bit AES encrypt with  */
+/* 128 bit data.                        */
+/****************************************/
+void aes128k128d(unsigned char *key, unsigned char *data, unsigned char *ciphertext)
+{
+       int round;
+       int i;
+       unsigned char intermediatea[16];
+       unsigned char intermediateb[16];
+       unsigned char round_key[16];
+
+       for(i=0; i<16; i++) round_key[i] = key[i];
+
+       for (round = 0; round < 11; round++)
+       {
+               if (round == 0)
+               {
+                       xor_128(round_key, data, ciphertext);
+                       next_key(round_key, round);
+               }
+               else if (round == 10)
+               {
+                       byte_sub(ciphertext, intermediatea);
+                       shift_row(intermediatea, intermediateb);
+                       xor_128(intermediateb, round_key, ciphertext);
+               }
+               else    /* 1 - 9 */
+               {
+                       byte_sub(ciphertext, intermediatea);
+                       shift_row(intermediatea, intermediateb);
+                       mix_column(&intermediateb[0], &intermediatea[0]);
+                       mix_column(&intermediateb[4], &intermediatea[4]);
+                       mix_column(&intermediateb[8], &intermediatea[8]);
+                       mix_column(&intermediateb[12], &intermediatea[12]);
+                       xor_128(intermediatea, round_key, ciphertext);
+                       next_key(round_key, round);
+               }
+       }
+
+}
+
+void construct_ctr_preload(
+       unsigned char *ctr_preload,
+       int a4_exists,
+       int qc_exists,
+       unsigned char *mpdu,
+       unsigned char *pn_vector,
+       int c)
+{
+
+       int i = 0;
+       for (i=0; i<16; i++) ctr_preload[i] = 0x00;
+       i = 0;
+
+       ctr_preload[0] = 0x01;                                  /* flag */
+       if (qc_exists && a4_exists) ctr_preload[1] = mpdu[30] & 0x0f;   /* QoC_Control  */
+       if (qc_exists && !a4_exists) ctr_preload[1] = mpdu[24] & 0x0f;
+
+       for (i = 2; i < 8; i++)
+               ctr_preload[i] = mpdu[i + 8];                       /* ctr_preload[2:7] = A2[0:5] = mpdu[10:15] */
+#ifdef CONSISTENT_PN_ORDER
+         for (i = 8; i < 14; i++)
+                       ctr_preload[i] =    pn_vector[i - 8];           /* ctr_preload[8:13] = PN[0:5] */
+#else
+         for (i = 8; i < 14; i++)
+                       ctr_preload[i] =    pn_vector[13 - i];          /* ctr_preload[8:13] = PN[5:0] */
+#endif
+       ctr_preload[14] =  (unsigned char) (c / 256); // Ctr
+       ctr_preload[15] =  (unsigned char) (c % 256);
+
+}
+
+BOOLEAN RTMPSoftDecryptAES(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pData,
+       IN ULONG        DataByteCnt,
+       IN PCIPHER_KEY  pWpaKey)
+{
+       UCHAR                   KeyID;
+       UINT                    HeaderLen;
+       UCHAR                   PN[6];
+       UINT                    payload_len;
+       UINT                    num_blocks;
+       UINT                    payload_remainder;
+       USHORT                  fc;
+       UCHAR                   fc0;
+       UCHAR                   fc1;
+       UINT                    frame_type;
+       UINT                    frame_subtype;
+       UINT                    from_ds;
+       UINT                    to_ds;
+       INT                             a4_exists;
+       INT                             qc_exists;
+       UCHAR                   aes_out[16];
+       int                     payload_index;
+       UINT                    i;
+       UCHAR                   ctr_preload[16];
+       UCHAR                   chain_buffer[16];
+       UCHAR                   padded_buffer[16];
+       UCHAR                   mic_iv[16];
+       UCHAR                   mic_header1[16];
+       UCHAR                   mic_header2[16];
+       UCHAR                   MIC[8];
+       UCHAR                   TrailMIC[8];
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE);
+#endif
+
+       fc0 = *pData;
+       fc1 = *(pData + 1);
+
+       fc = *((PUSHORT)pData);
+
+       frame_type = ((fc0 >> 2) & 0x03);
+       frame_subtype = ((fc0 >> 4) & 0x0f);
+
+       from_ds = (fc1 & 0x2) >> 1;
+       to_ds = (fc1 & 0x1);
+
+       a4_exists = (from_ds & to_ds);
+       qc_exists = ((frame_subtype == 0x08) ||    /* Assumed QoS subtypes */
+                                 (frame_subtype == 0x09) ||   /* Likely to change.    */
+                                 (frame_subtype == 0x0a) ||
+                                 (frame_subtype == 0x0b)
+                                );
+
+       HeaderLen = 24;
+       if (a4_exists)
+               HeaderLen += 6;
+
+       KeyID = *((PUCHAR)(pData+ HeaderLen + 3));
+       KeyID = KeyID >> 6;
+
+       if (pWpaKey[KeyID].KeyLen == 0)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMPSoftDecryptAES failed!(KeyID[%d] Length can not be 0)\n", KeyID));
+               return FALSE;
+       }
+
+       PN[0] = *(pData+ HeaderLen);
+       PN[1] = *(pData+ HeaderLen + 1);
+       PN[2] = *(pData+ HeaderLen + 4);
+       PN[3] = *(pData+ HeaderLen + 5);
+       PN[4] = *(pData+ HeaderLen + 6);
+       PN[5] = *(pData+ HeaderLen + 7);
+
+       payload_len = DataByteCnt - HeaderLen - 8 - 8;  // 8 bytes for CCMP header , 8 bytes for MIC
+       payload_remainder = (payload_len) % 16;
+       num_blocks = (payload_len) / 16;
+
+
+
+       // Find start of payload
+       payload_index = HeaderLen + 8; //IV+EIV
+
+       for (i=0; i< num_blocks; i++)
+       {
+               construct_ctr_preload(ctr_preload,
+                                                               a4_exists,
+                                                               qc_exists,
+                                                               pData,
+                                                               PN,
+                                                               i+1 );
+
+               aes128k128d(pWpaKey[KeyID].Key, ctr_preload, aes_out);
+
+               bitwise_xor(aes_out, pData + payload_index, chain_buffer);
+               NdisMoveMemory(pData + payload_index - 8, chain_buffer, 16);
+               payload_index += 16;
+       }
+
+       //
+       // If there is a short final block, then pad it
+       // encrypt it and copy the unpadded part back
+       //
+       if (payload_remainder > 0)
+       {
+               construct_ctr_preload(ctr_preload,
+                                                               a4_exists,
+                                                               qc_exists,
+                                                               pData,
+                                                               PN,
+                                                               num_blocks + 1);
+
+               NdisZeroMemory(padded_buffer, 16);
+               NdisMoveMemory(padded_buffer, pData + payload_index, payload_remainder);
+
+               aes128k128d(pWpaKey[KeyID].Key, ctr_preload, aes_out);
+
+               bitwise_xor(aes_out, padded_buffer, chain_buffer);
+               NdisMoveMemory(pData + payload_index - 8, chain_buffer, payload_remainder);
+               payload_index += payload_remainder;
+       }
+
+       //
+       // Descrypt the MIC
+       //
+       construct_ctr_preload(ctr_preload,
+                                                       a4_exists,
+                                                       qc_exists,
+                                                       pData,
+                                                       PN,
+                                                       0);
+       NdisZeroMemory(padded_buffer, 16);
+       NdisMoveMemory(padded_buffer, pData + payload_index, 8);
+
+       aes128k128d(pWpaKey[KeyID].Key, ctr_preload, aes_out);
+
+       bitwise_xor(aes_out, padded_buffer, chain_buffer);
+
+       NdisMoveMemory(TrailMIC, chain_buffer, 8);
+
+
+       //
+       // Calculate MIC
+       //
+
+       //Force the protected frame bit on
+       *(pData + 1) = *(pData + 1) | 0x40;
+
+       // Find start of payload
+       // Because the CCMP header has been removed
+       payload_index = HeaderLen;
+
+       construct_mic_iv(
+                                       mic_iv,
+                                       qc_exists,
+                                       a4_exists,
+                                       pData,
+                                       payload_len,
+                                       PN);
+
+       construct_mic_header1(
+                                               mic_header1,
+                                               HeaderLen,
+                                               pData);
+
+       construct_mic_header2(
+                                               mic_header2,
+                                               pData,
+                                               a4_exists,
+                                               qc_exists);
+
+       aes128k128d(pWpaKey[KeyID].Key, mic_iv, aes_out);
+       bitwise_xor(aes_out, mic_header1, chain_buffer);
+       aes128k128d(pWpaKey[KeyID].Key, chain_buffer, aes_out);
+       bitwise_xor(aes_out, mic_header2, chain_buffer);
+       aes128k128d(pWpaKey[KeyID].Key, chain_buffer, aes_out);
+
+       // iterate through each 16 byte payload block
+       for (i = 0; i < num_blocks; i++)
+       {
+               bitwise_xor(aes_out, pData + payload_index, chain_buffer);
+               payload_index += 16;
+               aes128k128d(pWpaKey[KeyID].Key, chain_buffer, aes_out);
+       }
+
+       // Add on the final payload block if it needs padding
+       if (payload_remainder > 0)
+       {
+               NdisZeroMemory(padded_buffer, 16);
+               NdisMoveMemory(padded_buffer, pData + payload_index, payload_remainder);
+
+               bitwise_xor(aes_out, padded_buffer, chain_buffer);
+               aes128k128d(pWpaKey[KeyID].Key, chain_buffer, aes_out);
+       }
+
+       // aes_out contains padded mic, discard most significant
+       // 8 bytes to generate 64 bit MIC
+       for (i = 0 ; i < 8; i++) MIC[i] = aes_out[i];
+
+       if (!NdisEqualMemory(MIC, TrailMIC, 8))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("RTMPSoftDecryptAES, MIC Error !\n"));         //MIC error.
+               return FALSE;
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE);
+#endif
+
+       return TRUE;
+}
+
+/* =========================  AES En/Decryption ========================== */
+#ifndef        uint8
+#define        uint8  unsigned char
+#endif
+
+#ifndef        uint32
+#define        uint32 unsigned int
+#endif
+
+/* forward S-box */
+static uint32 FSb[256] =
+{
+       0x63, 0x7C,     0x77, 0x7B,     0xF2, 0x6B,     0x6F, 0xC5,
+       0x30, 0x01,     0x67, 0x2B,     0xFE, 0xD7,     0xAB, 0x76,
+       0xCA, 0x82,     0xC9, 0x7D,     0xFA, 0x59,     0x47, 0xF0,
+       0xAD, 0xD4,     0xA2, 0xAF,     0x9C, 0xA4,     0x72, 0xC0,
+       0xB7, 0xFD,     0x93, 0x26,     0x36, 0x3F,     0xF7, 0xCC,
+       0x34, 0xA5,     0xE5, 0xF1,     0x71, 0xD8,     0x31, 0x15,
+       0x04, 0xC7,     0x23, 0xC3,     0x18, 0x96,     0x05, 0x9A,
+       0x07, 0x12,     0x80, 0xE2,     0xEB, 0x27,     0xB2, 0x75,
+       0x09, 0x83,     0x2C, 0x1A,     0x1B, 0x6E,     0x5A, 0xA0,
+       0x52, 0x3B,     0xD6, 0xB3,     0x29, 0xE3,     0x2F, 0x84,
+       0x53, 0xD1,     0x00, 0xED,     0x20, 0xFC,     0xB1, 0x5B,
+       0x6A, 0xCB,     0xBE, 0x39,     0x4A, 0x4C,     0x58, 0xCF,
+       0xD0, 0xEF,     0xAA, 0xFB,     0x43, 0x4D,     0x33, 0x85,
+       0x45, 0xF9,     0x02, 0x7F,     0x50, 0x3C,     0x9F, 0xA8,
+       0x51, 0xA3,     0x40, 0x8F,     0x92, 0x9D,     0x38, 0xF5,
+       0xBC, 0xB6,     0xDA, 0x21,     0x10, 0xFF,     0xF3, 0xD2,
+       0xCD, 0x0C,     0x13, 0xEC,     0x5F, 0x97,     0x44, 0x17,
+       0xC4, 0xA7,     0x7E, 0x3D,     0x64, 0x5D,     0x19, 0x73,
+       0x60, 0x81,     0x4F, 0xDC,     0x22, 0x2A,     0x90, 0x88,
+       0x46, 0xEE,     0xB8, 0x14,     0xDE, 0x5E,     0x0B, 0xDB,
+       0xE0, 0x32,     0x3A, 0x0A,     0x49, 0x06,     0x24, 0x5C,
+       0xC2, 0xD3,     0xAC, 0x62,     0x91, 0x95,     0xE4, 0x79,
+       0xE7, 0xC8,     0x37, 0x6D,     0x8D, 0xD5,     0x4E, 0xA9,
+       0x6C, 0x56,     0xF4, 0xEA,     0x65, 0x7A,     0xAE, 0x08,
+       0xBA, 0x78,     0x25, 0x2E,     0x1C, 0xA6,     0xB4, 0xC6,
+       0xE8, 0xDD,     0x74, 0x1F,     0x4B, 0xBD,     0x8B, 0x8A,
+       0x70, 0x3E,     0xB5, 0x66,     0x48, 0x03,     0xF6, 0x0E,
+       0x61, 0x35,     0x57, 0xB9,     0x86, 0xC1,     0x1D, 0x9E,
+       0xE1, 0xF8,     0x98, 0x11,     0x69, 0xD9,     0x8E, 0x94,
+       0x9B, 0x1E,     0x87, 0xE9,     0xCE, 0x55,     0x28, 0xDF,
+       0x8C, 0xA1,     0x89, 0x0D,     0xBF, 0xE6,     0x42, 0x68,
+       0x41, 0x99,     0x2D, 0x0F,     0xB0, 0x54,     0xBB, 0x16
+};
+
+/* forward table */
+#define        FT \
+\
+       V(C6,63,63,A5), V(F8,7C,7C,84), V(EE,77,77,99), V(F6,7B,7B,8D), \
+       V(FF,F2,F2,0D), V(D6,6B,6B,BD), V(DE,6F,6F,B1), V(91,C5,C5,54), \
+       V(60,30,30,50), V(02,01,01,03), V(CE,67,67,A9), V(56,2B,2B,7D), \
+       V(E7,FE,FE,19), V(B5,D7,D7,62), V(4D,AB,AB,E6), V(EC,76,76,9A), \
+       V(8F,CA,CA,45), V(1F,82,82,9D), V(89,C9,C9,40), V(FA,7D,7D,87), \
+       V(EF,FA,FA,15), V(B2,59,59,EB), V(8E,47,47,C9), V(FB,F0,F0,0B), \
+       V(41,AD,AD,EC), V(B3,D4,D4,67), V(5F,A2,A2,FD), V(45,AF,AF,EA), \
+       V(23,9C,9C,BF), V(53,A4,A4,F7), V(E4,72,72,96), V(9B,C0,C0,5B), \
+       V(75,B7,B7,C2), V(E1,FD,FD,1C), V(3D,93,93,AE), V(4C,26,26,6A), \
+       V(6C,36,36,5A), V(7E,3F,3F,41), V(F5,F7,F7,02), V(83,CC,CC,4F), \
+       V(68,34,34,5C), V(51,A5,A5,F4), V(D1,E5,E5,34), V(F9,F1,F1,08), \
+       V(E2,71,71,93), V(AB,D8,D8,73), V(62,31,31,53), V(2A,15,15,3F), \
+       V(08,04,04,0C), V(95,C7,C7,52), V(46,23,23,65), V(9D,C3,C3,5E), \
+       V(30,18,18,28), V(37,96,96,A1), V(0A,05,05,0F), V(2F,9A,9A,B5), \
+       V(0E,07,07,09), V(24,12,12,36), V(1B,80,80,9B), V(DF,E2,E2,3D), \
+       V(CD,EB,EB,26), V(4E,27,27,69), V(7F,B2,B2,CD), V(EA,75,75,9F), \
+       V(12,09,09,1B), V(1D,83,83,9E), V(58,2C,2C,74), V(34,1A,1A,2E), \
+       V(36,1B,1B,2D), V(DC,6E,6E,B2), V(B4,5A,5A,EE), V(5B,A0,A0,FB), \
+       V(A4,52,52,F6), V(76,3B,3B,4D), V(B7,D6,D6,61), V(7D,B3,B3,CE), \
+       V(52,29,29,7B), V(DD,E3,E3,3E), V(5E,2F,2F,71), V(13,84,84,97), \
+       V(A6,53,53,F5), V(B9,D1,D1,68), V(00,00,00,00), V(C1,ED,ED,2C), \
+       V(40,20,20,60), V(E3,FC,FC,1F), V(79,B1,B1,C8), V(B6,5B,5B,ED), \
+       V(D4,6A,6A,BE), V(8D,CB,CB,46), V(67,BE,BE,D9), V(72,39,39,4B), \
+       V(94,4A,4A,DE), V(98,4C,4C,D4), V(B0,58,58,E8), V(85,CF,CF,4A), \
+       V(BB,D0,D0,6B), V(C5,EF,EF,2A), V(4F,AA,AA,E5), V(ED,FB,FB,16), \
+       V(86,43,43,C5), V(9A,4D,4D,D7), V(66,33,33,55), V(11,85,85,94), \
+       V(8A,45,45,CF), V(E9,F9,F9,10), V(04,02,02,06), V(FE,7F,7F,81), \
+       V(A0,50,50,F0), V(78,3C,3C,44), V(25,9F,9F,BA), V(4B,A8,A8,E3), \
+       V(A2,51,51,F3), V(5D,A3,A3,FE), V(80,40,40,C0), V(05,8F,8F,8A), \
+       V(3F,92,92,AD), V(21,9D,9D,BC), V(70,38,38,48), V(F1,F5,F5,04), \
+       V(63,BC,BC,DF), V(77,B6,B6,C1), V(AF,DA,DA,75), V(42,21,21,63), \
+       V(20,10,10,30), V(E5,FF,FF,1A), V(FD,F3,F3,0E), V(BF,D2,D2,6D), \
+       V(81,CD,CD,4C), V(18,0C,0C,14), V(26,13,13,35), V(C3,EC,EC,2F), \
+       V(BE,5F,5F,E1), V(35,97,97,A2), V(88,44,44,CC), V(2E,17,17,39), \
+       V(93,C4,C4,57), V(55,A7,A7,F2), V(FC,7E,7E,82), V(7A,3D,3D,47), \
+       V(C8,64,64,AC), V(BA,5D,5D,E7), V(32,19,19,2B), V(E6,73,73,95), \
+       V(C0,60,60,A0), V(19,81,81,98), V(9E,4F,4F,D1), V(A3,DC,DC,7F), \
+       V(44,22,22,66), V(54,2A,2A,7E), V(3B,90,90,AB), V(0B,88,88,83), \
+       V(8C,46,46,CA), V(C7,EE,EE,29), V(6B,B8,B8,D3), V(28,14,14,3C), \
+       V(A7,DE,DE,79), V(BC,5E,5E,E2), V(16,0B,0B,1D), V(AD,DB,DB,76), \
+       V(DB,E0,E0,3B), V(64,32,32,56), V(74,3A,3A,4E), V(14,0A,0A,1E), \
+       V(92,49,49,DB), V(0C,06,06,0A), V(48,24,24,6C), V(B8,5C,5C,E4), \
+       V(9F,C2,C2,5D), V(BD,D3,D3,6E), V(43,AC,AC,EF), V(C4,62,62,A6), \
+       V(39,91,91,A8), V(31,95,95,A4), V(D3,E4,E4,37), V(F2,79,79,8B), \
+       V(D5,E7,E7,32), V(8B,C8,C8,43), V(6E,37,37,59), V(DA,6D,6D,B7), \
+       V(01,8D,8D,8C), V(B1,D5,D5,64), V(9C,4E,4E,D2), V(49,A9,A9,E0), \
+       V(D8,6C,6C,B4), V(AC,56,56,FA), V(F3,F4,F4,07), V(CF,EA,EA,25), \
+       V(CA,65,65,AF), V(F4,7A,7A,8E), V(47,AE,AE,E9), V(10,08,08,18), \
+       V(6F,BA,BA,D5), V(F0,78,78,88), V(4A,25,25,6F), V(5C,2E,2E,72), \
+       V(38,1C,1C,24), V(57,A6,A6,F1), V(73,B4,B4,C7), V(97,C6,C6,51), \
+       V(CB,E8,E8,23), V(A1,DD,DD,7C), V(E8,74,74,9C), V(3E,1F,1F,21), \
+       V(96,4B,4B,DD), V(61,BD,BD,DC), V(0D,8B,8B,86), V(0F,8A,8A,85), \
+       V(E0,70,70,90), V(7C,3E,3E,42), V(71,B5,B5,C4), V(CC,66,66,AA), \
+       V(90,48,48,D8), V(06,03,03,05), V(F7,F6,F6,01), V(1C,0E,0E,12), \
+       V(C2,61,61,A3), V(6A,35,35,5F), V(AE,57,57,F9), V(69,B9,B9,D0), \
+       V(17,86,86,91), V(99,C1,C1,58), V(3A,1D,1D,27), V(27,9E,9E,B9), \
+       V(D9,E1,E1,38), V(EB,F8,F8,13), V(2B,98,98,B3), V(22,11,11,33), \
+       V(D2,69,69,BB), V(A9,D9,D9,70), V(07,8E,8E,89), V(33,94,94,A7), \
+       V(2D,9B,9B,B6), V(3C,1E,1E,22), V(15,87,87,92), V(C9,E9,E9,20), \
+       V(87,CE,CE,49), V(AA,55,55,FF), V(50,28,28,78), V(A5,DF,DF,7A), \
+       V(03,8C,8C,8F), V(59,A1,A1,F8), V(09,89,89,80), V(1A,0D,0D,17), \
+       V(65,BF,BF,DA), V(D7,E6,E6,31), V(84,42,42,C6), V(D0,68,68,B8), \
+       V(82,41,41,C3), V(29,99,99,B0), V(5A,2D,2D,77), V(1E,0F,0F,11), \
+       V(7B,B0,B0,CB), V(A8,54,54,FC), V(6D,BB,BB,D6), V(2C,16,16,3A)
+
+#define        V(a,b,c,d) 0x##a##b##c##d
+static uint32 FT0[256] = { FT };
+#undef V
+
+#define        V(a,b,c,d) 0x##d##a##b##c
+static uint32 FT1[256] = { FT };
+#undef V
+
+#define        V(a,b,c,d) 0x##c##d##a##b
+static uint32 FT2[256] = { FT };
+#undef V
+
+#define        V(a,b,c,d) 0x##b##c##d##a
+static uint32 FT3[256] = { FT };
+#undef V
+
+#undef FT
+
+/* reverse S-box */
+
+static uint32 RSb[256] =
+{
+       0x52, 0x09,     0x6A, 0xD5,     0x30, 0x36,     0xA5, 0x38,
+       0xBF, 0x40,     0xA3, 0x9E,     0x81, 0xF3,     0xD7, 0xFB,
+       0x7C, 0xE3,     0x39, 0x82,     0x9B, 0x2F,     0xFF, 0x87,
+       0x34, 0x8E,     0x43, 0x44,     0xC4, 0xDE,     0xE9, 0xCB,
+       0x54, 0x7B,     0x94, 0x32,     0xA6, 0xC2,     0x23, 0x3D,
+       0xEE, 0x4C,     0x95, 0x0B,     0x42, 0xFA,     0xC3, 0x4E,
+       0x08, 0x2E,     0xA1, 0x66,     0x28, 0xD9,     0x24, 0xB2,
+       0x76, 0x5B,     0xA2, 0x49,     0x6D, 0x8B,     0xD1, 0x25,
+       0x72, 0xF8,     0xF6, 0x64,     0x86, 0x68,     0x98, 0x16,
+       0xD4, 0xA4,     0x5C, 0xCC,     0x5D, 0x65,     0xB6, 0x92,
+       0x6C, 0x70,     0x48, 0x50,     0xFD, 0xED,     0xB9, 0xDA,
+       0x5E, 0x15,     0x46, 0x57,     0xA7, 0x8D,     0x9D, 0x84,
+       0x90, 0xD8,     0xAB, 0x00,     0x8C, 0xBC,     0xD3, 0x0A,
+       0xF7, 0xE4,     0x58, 0x05,     0xB8, 0xB3,     0x45, 0x06,
+       0xD0, 0x2C,     0x1E, 0x8F,     0xCA, 0x3F,     0x0F, 0x02,
+       0xC1, 0xAF,     0xBD, 0x03,     0x01, 0x13,     0x8A, 0x6B,
+       0x3A, 0x91,     0x11, 0x41,     0x4F, 0x67,     0xDC, 0xEA,
+       0x97, 0xF2,     0xCF, 0xCE,     0xF0, 0xB4,     0xE6, 0x73,
+       0x96, 0xAC,     0x74, 0x22,     0xE7, 0xAD,     0x35, 0x85,
+       0xE2, 0xF9,     0x37, 0xE8,     0x1C, 0x75,     0xDF, 0x6E,
+       0x47, 0xF1,     0x1A, 0x71,     0x1D, 0x29,     0xC5, 0x89,
+       0x6F, 0xB7,     0x62, 0x0E,     0xAA, 0x18,     0xBE, 0x1B,
+       0xFC, 0x56,     0x3E, 0x4B,     0xC6, 0xD2,     0x79, 0x20,
+       0x9A, 0xDB,     0xC0, 0xFE,     0x78, 0xCD,     0x5A, 0xF4,
+       0x1F, 0xDD,     0xA8, 0x33,     0x88, 0x07,     0xC7, 0x31,
+       0xB1, 0x12,     0x10, 0x59,     0x27, 0x80,     0xEC, 0x5F,
+       0x60, 0x51,     0x7F, 0xA9,     0x19, 0xB5,     0x4A, 0x0D,
+       0x2D, 0xE5,     0x7A, 0x9F,     0x93, 0xC9,     0x9C, 0xEF,
+       0xA0, 0xE0,     0x3B, 0x4D,     0xAE, 0x2A,     0xF5, 0xB0,
+       0xC8, 0xEB,     0xBB, 0x3C,     0x83, 0x53,     0x99, 0x61,
+       0x17, 0x2B,     0x04, 0x7E,     0xBA, 0x77,     0xD6, 0x26,
+       0xE1, 0x69,     0x14, 0x63,     0x55, 0x21,     0x0C, 0x7D
+};
+
+/* reverse table */
+
+#define        RT \
+\
+       V(51,F4,A7,50), V(7E,41,65,53), V(1A,17,A4,C3), V(3A,27,5E,96), \
+       V(3B,AB,6B,CB), V(1F,9D,45,F1), V(AC,FA,58,AB), V(4B,E3,03,93), \
+       V(20,30,FA,55), V(AD,76,6D,F6), V(88,CC,76,91), V(F5,02,4C,25), \
+       V(4F,E5,D7,FC), V(C5,2A,CB,D7), V(26,35,44,80), V(B5,62,A3,8F), \
+       V(DE,B1,5A,49), V(25,BA,1B,67), V(45,EA,0E,98), V(5D,FE,C0,E1), \
+       V(C3,2F,75,02), V(81,4C,F0,12), V(8D,46,97,A3), V(6B,D3,F9,C6), \
+       V(03,8F,5F,E7), V(15,92,9C,95), V(BF,6D,7A,EB), V(95,52,59,DA), \
+       V(D4,BE,83,2D), V(58,74,21,D3), V(49,E0,69,29), V(8E,C9,C8,44), \
+       V(75,C2,89,6A), V(F4,8E,79,78), V(99,58,3E,6B), V(27,B9,71,DD), \
+       V(BE,E1,4F,B6), V(F0,88,AD,17), V(C9,20,AC,66), V(7D,CE,3A,B4), \
+       V(63,DF,4A,18), V(E5,1A,31,82), V(97,51,33,60), V(62,53,7F,45), \
+       V(B1,64,77,E0), V(BB,6B,AE,84), V(FE,81,A0,1C), V(F9,08,2B,94), \
+       V(70,48,68,58), V(8F,45,FD,19), V(94,DE,6C,87), V(52,7B,F8,B7), \
+       V(AB,73,D3,23), V(72,4B,02,E2), V(E3,1F,8F,57), V(66,55,AB,2A), \
+       V(B2,EB,28,07), V(2F,B5,C2,03), V(86,C5,7B,9A), V(D3,37,08,A5), \
+       V(30,28,87,F2), V(23,BF,A5,B2), V(02,03,6A,BA), V(ED,16,82,5C), \
+       V(8A,CF,1C,2B), V(A7,79,B4,92), V(F3,07,F2,F0), V(4E,69,E2,A1), \
+       V(65,DA,F4,CD), V(06,05,BE,D5), V(D1,34,62,1F), V(C4,A6,FE,8A), \
+       V(34,2E,53,9D), V(A2,F3,55,A0), V(05,8A,E1,32), V(A4,F6,EB,75), \
+       V(0B,83,EC,39), V(40,60,EF,AA), V(5E,71,9F,06), V(BD,6E,10,51), \
+       V(3E,21,8A,F9), V(96,DD,06,3D), V(DD,3E,05,AE), V(4D,E6,BD,46), \
+       V(91,54,8D,B5), V(71,C4,5D,05), V(04,06,D4,6F), V(60,50,15,FF), \
+       V(19,98,FB,24), V(D6,BD,E9,97), V(89,40,43,CC), V(67,D9,9E,77), \
+       V(B0,E8,42,BD), V(07,89,8B,88), V(E7,19,5B,38), V(79,C8,EE,DB), \
+       V(A1,7C,0A,47), V(7C,42,0F,E9), V(F8,84,1E,C9), V(00,00,00,00), \
+       V(09,80,86,83), V(32,2B,ED,48), V(1E,11,70,AC), V(6C,5A,72,4E), \
+       V(FD,0E,FF,FB), V(0F,85,38,56), V(3D,AE,D5,1E), V(36,2D,39,27), \
+       V(0A,0F,D9,64), V(68,5C,A6,21), V(9B,5B,54,D1), V(24,36,2E,3A), \
+       V(0C,0A,67,B1), V(93,57,E7,0F), V(B4,EE,96,D2), V(1B,9B,91,9E), \
+       V(80,C0,C5,4F), V(61,DC,20,A2), V(5A,77,4B,69), V(1C,12,1A,16), \
+       V(E2,93,BA,0A), V(C0,A0,2A,E5), V(3C,22,E0,43), V(12,1B,17,1D), \
+       V(0E,09,0D,0B), V(F2,8B,C7,AD), V(2D,B6,A8,B9), V(14,1E,A9,C8), \
+       V(57,F1,19,85), V(AF,75,07,4C), V(EE,99,DD,BB), V(A3,7F,60,FD), \
+       V(F7,01,26,9F), V(5C,72,F5,BC), V(44,66,3B,C5), V(5B,FB,7E,34), \
+       V(8B,43,29,76), V(CB,23,C6,DC), V(B6,ED,FC,68), V(B8,E4,F1,63), \
+       V(D7,31,DC,CA), V(42,63,85,10), V(13,97,22,40), V(84,C6,11,20), \
+       V(85,4A,24,7D), V(D2,BB,3D,F8), V(AE,F9,32,11), V(C7,29,A1,6D), \
+       V(1D,9E,2F,4B), V(DC,B2,30,F3), V(0D,86,52,EC), V(77,C1,E3,D0), \
+       V(2B,B3,16,6C), V(A9,70,B9,99), V(11,94,48,FA), V(47,E9,64,22), \
+       V(A8,FC,8C,C4), V(A0,F0,3F,1A), V(56,7D,2C,D8), V(22,33,90,EF), \
+       V(87,49,4E,C7), V(D9,38,D1,C1), V(8C,CA,A2,FE), V(98,D4,0B,36), \
+       V(A6,F5,81,CF), V(A5,7A,DE,28), V(DA,B7,8E,26), V(3F,AD,BF,A4), \
+       V(2C,3A,9D,E4), V(50,78,92,0D), V(6A,5F,CC,9B), V(54,7E,46,62), \
+       V(F6,8D,13,C2), V(90,D8,B8,E8), V(2E,39,F7,5E), V(82,C3,AF,F5), \
+       V(9F,5D,80,BE), V(69,D0,93,7C), V(6F,D5,2D,A9), V(CF,25,12,B3), \
+       V(C8,AC,99,3B), V(10,18,7D,A7), V(E8,9C,63,6E), V(DB,3B,BB,7B), \
+       V(CD,26,78,09), V(6E,59,18,F4), V(EC,9A,B7,01), V(83,4F,9A,A8), \
+       V(E6,95,6E,65), V(AA,FF,E6,7E), V(21,BC,CF,08), V(EF,15,E8,E6), \
+       V(BA,E7,9B,D9), V(4A,6F,36,CE), V(EA,9F,09,D4), V(29,B0,7C,D6), \
+       V(31,A4,B2,AF), V(2A,3F,23,31), V(C6,A5,94,30), V(35,A2,66,C0), \
+       V(74,4E,BC,37), V(FC,82,CA,A6), V(E0,90,D0,B0), V(33,A7,D8,15), \
+       V(F1,04,98,4A), V(41,EC,DA,F7), V(7F,CD,50,0E), V(17,91,F6,2F), \
+       V(76,4D,D6,8D), V(43,EF,B0,4D), V(CC,AA,4D,54), V(E4,96,04,DF), \
+       V(9E,D1,B5,E3), V(4C,6A,88,1B), V(C1,2C,1F,B8), V(46,65,51,7F), \
+       V(9D,5E,EA,04), V(01,8C,35,5D), V(FA,87,74,73), V(FB,0B,41,2E), \
+       V(B3,67,1D,5A), V(92,DB,D2,52), V(E9,10,56,33), V(6D,D6,47,13), \
+       V(9A,D7,61,8C), V(37,A1,0C,7A), V(59,F8,14,8E), V(EB,13,3C,89), \
+       V(CE,A9,27,EE), V(B7,61,C9,35), V(E1,1C,E5,ED), V(7A,47,B1,3C), \
+       V(9C,D2,DF,59), V(55,F2,73,3F), V(18,14,CE,79), V(73,C7,37,BF), \
+       V(53,F7,CD,EA), V(5F,FD,AA,5B), V(DF,3D,6F,14), V(78,44,DB,86), \
+       V(CA,AF,F3,81), V(B9,68,C4,3E), V(38,24,34,2C), V(C2,A3,40,5F), \
+       V(16,1D,C3,72), V(BC,E2,25,0C), V(28,3C,49,8B), V(FF,0D,95,41), \
+       V(39,A8,01,71), V(08,0C,B3,DE), V(D8,B4,E4,9C), V(64,56,C1,90), \
+       V(7B,CB,84,61), V(D5,32,B6,70), V(48,6C,5C,74), V(D0,B8,57,42)
+
+#define        V(a,b,c,d) 0x##a##b##c##d
+static uint32 RT0[256] = { RT };
+#undef V
+
+#define        V(a,b,c,d) 0x##d##a##b##c
+static uint32 RT1[256] = { RT };
+#undef V
+
+#define        V(a,b,c,d) 0x##c##d##a##b
+static uint32 RT2[256] = { RT };
+#undef V
+
+#define        V(a,b,c,d) 0x##b##c##d##a
+static uint32 RT3[256] = { RT };
+#undef V
+
+#undef RT
+
+/* round constants */
+
+static uint32 RCON[10] =
+{
+       0x01000000,     0x02000000,     0x04000000,     0x08000000,
+       0x10000000,     0x20000000,     0x40000000,     0x80000000,
+       0x1B000000,     0x36000000
+};
+
+/* key schedule        tables */
+
+static int KT_init = 1;
+
+static uint32 KT0[256];
+static uint32 KT1[256];
+static uint32 KT2[256];
+static uint32 KT3[256];
+
+/* platform-independant        32-bit integer manipulation     macros */
+
+#define        GET_UINT32(n,b,i)                                               \
+{                                                                                              \
+       (n)     = (     (uint32) (b)[(i)        ] << 24 )               \
+               | (     (uint32) (b)[(i) + 1] << 16     )               \
+               | (     (uint32) (b)[(i) + 2] <<  8     )               \
+               | (     (uint32) (b)[(i) + 3]           );              \
+}
+
+#define        PUT_UINT32(n,b,i)                                               \
+{                                                                                              \
+       (b)[(i)    ] = (uint8) ( (n) >> 24 );           \
+       (b)[(i) + 1] = (uint8) ( (n) >> 16 );           \
+       (b)[(i) + 2] = (uint8) ( (n) >>  8 );           \
+       (b)[(i) + 3] = (uint8) ( (n)       );           \
+}
+
+
+int    rt_aes_set_key( aes_context *ctx, uint8 *key, int nbits )
+{
+       int     i;
+       uint32 *RK,     *SK;
+
+       switch( nbits )
+       {
+               case 128: ctx->nr =     10;     break;
+               case 192: ctx->nr =     12;     break;
+               case 256: ctx->nr =     14;     break;
+               default : return( 1     );
+       }
+
+       RK = (uint32 *) ctx->erk;
+
+       for( i = 0;     i <     (nbits >> 5); i++ )
+       {
+               GET_UINT32(     RK[i], key,     i *     4 );
+       }
+
+       /* setup encryption     round keys */
+
+       switch( nbits )
+       {
+       case 128:
+
+               for( i = 0;     i <     10;     i++, RK += 4 )
+               {
+                       RK[4]  = RK[0] ^ RCON[i] ^
+                                               ( FSb[ (uint8) ( RK[3] >> 16 ) ] <<     24 ) ^
+                                               ( FSb[ (uint8) ( RK[3] >>  8 ) ] <<     16 ) ^
+                                               ( FSb[ (uint8) ( RK[3]           ) ] <<  8 ) ^
+                                               ( FSb[ (uint8) ( RK[3] >> 24 ) ]           );
+
+                       RK[5]  = RK[1] ^ RK[4];
+                       RK[6]  = RK[2] ^ RK[5];
+                       RK[7]  = RK[3] ^ RK[6];
+               }
+               break;
+
+       case 192:
+
+               for( i = 0;     i <     8; i++, RK += 6 )
+               {
+                       RK[6]  = RK[0] ^ RCON[i] ^
+                                               ( FSb[ (uint8) ( RK[5] >> 16 ) ] <<     24 ) ^
+                                               ( FSb[ (uint8) ( RK[5] >>  8 ) ] <<     16 ) ^
+                                               ( FSb[ (uint8) ( RK[5]           ) ] <<  8 ) ^
+                                               ( FSb[ (uint8) ( RK[5] >> 24 ) ]           );
+
+                       RK[7]  = RK[1] ^ RK[6];
+                       RK[8]  = RK[2] ^ RK[7];
+                       RK[9]  = RK[3] ^ RK[8];
+                       RK[10] = RK[4] ^ RK[9];
+                       RK[11] = RK[5] ^ RK[10];
+               }
+               break;
+
+       case 256:
+
+               for( i = 0;     i <     7; i++, RK += 8 )
+               {
+                       RK[8]  = RK[0] ^ RCON[i] ^
+                                               ( FSb[ (uint8) ( RK[7] >> 16 ) ] <<     24 ) ^
+                                               ( FSb[ (uint8) ( RK[7] >>  8 ) ] <<     16 ) ^
+                                               ( FSb[ (uint8) ( RK[7]           ) ] <<  8 ) ^
+                                               ( FSb[ (uint8) ( RK[7] >> 24 ) ]           );
+
+                       RK[9]  = RK[1] ^ RK[8];
+                       RK[10] = RK[2] ^ RK[9];
+                       RK[11] = RK[3] ^ RK[10];
+
+                       RK[12] = RK[4] ^
+                                               ( FSb[ (uint8) ( RK[11] >> 24 ) ] << 24 ) ^
+                                               ( FSb[ (uint8) ( RK[11] >> 16 ) ] << 16 ) ^
+                                               ( FSb[ (uint8) ( RK[11] >>      8 )     ] <<  8 ) ^
+                                               ( FSb[ (uint8) ( RK[11]           )     ]               );
+
+                       RK[13] = RK[5] ^ RK[12];
+                       RK[14] = RK[6] ^ RK[13];
+                       RK[15] = RK[7] ^ RK[14];
+               }
+               break;
+       }
+
+       /* setup decryption     round keys */
+
+       if(     KT_init )
+       {
+               for( i = 0;     i <     256; i++ )
+               {
+                       KT0[i] = RT0[ FSb[i] ];
+                       KT1[i] = RT1[ FSb[i] ];
+                       KT2[i] = RT2[ FSb[i] ];
+                       KT3[i] = RT3[ FSb[i] ];
+               }
+
+               KT_init = 0;
+       }
+
+       SK = (uint32 *) ctx->drk;
+
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+
+       for( i = 1;     i <     ctx->nr; i++ )
+       {
+               RK -= 8;
+
+               *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
+                               KT1[ (uint8) ( *RK >> 16 ) ] ^
+                               KT2[ (uint8) ( *RK >>  8 ) ] ^
+                               KT3[ (uint8) ( *RK               ) ]; RK++;
+
+               *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
+                               KT1[ (uint8) ( *RK >> 16 ) ] ^
+                               KT2[ (uint8) ( *RK >>  8 ) ] ^
+                               KT3[ (uint8) ( *RK               ) ]; RK++;
+
+               *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
+                               KT1[ (uint8) ( *RK >> 16 ) ] ^
+                               KT2[ (uint8) ( *RK >>  8 ) ] ^
+                               KT3[ (uint8) ( *RK               ) ]; RK++;
+
+               *SK++ = KT0[ (uint8) ( *RK >> 24 ) ] ^
+                               KT1[ (uint8) ( *RK >> 16 ) ] ^
+                               KT2[ (uint8) ( *RK >>  8 ) ] ^
+                               KT3[ (uint8) ( *RK               ) ]; RK++;
+       }
+
+       RK -= 8;
+
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+       *SK++ = *RK++;
+
+       return( 0 );
+}
+
+/* AES 128-bit block encryption        routine */
+
+void rt_aes_encrypt(aes_context *ctx, uint8 input[16], uint8 output[16] )
+{
+       uint32 *RK,     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3;
+
+       RK = (uint32 *) ctx->erk;
+       GET_UINT32(     X0,     input,  0 ); X0 ^= RK[0];
+       GET_UINT32(     X1,     input,  4 ); X1 ^= RK[1];
+       GET_UINT32(     X2,     input,  8 ); X2 ^= RK[2];
+       GET_UINT32(     X3,     input, 12 ); X3 ^= RK[3];
+
+#define        AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)             \
+{                                                                                              \
+       RK += 4;                                                                        \
+                                                                                               \
+       X0 = RK[0] ^ FT0[ (uint8) (     Y0 >> 24 ) ] ^  \
+                                FT1[ (uint8) ( Y1 >> 16 ) ] ^  \
+                                FT2[ (uint8) ( Y2 >>  8 ) ] ^  \
+                                FT3[ (uint8) ( Y3               ) ];   \
+                                                                                               \
+       X1 = RK[1] ^ FT0[ (uint8) (     Y1 >> 24 ) ] ^  \
+                                FT1[ (uint8) ( Y2 >> 16 ) ] ^  \
+                                FT2[ (uint8) ( Y3 >>  8 ) ] ^  \
+                                FT3[ (uint8) ( Y0               ) ];   \
+                                                                                               \
+       X2 = RK[2] ^ FT0[ (uint8) (     Y2 >> 24 ) ] ^  \
+                                FT1[ (uint8) ( Y3 >> 16 ) ] ^  \
+                                FT2[ (uint8) ( Y0 >>  8 ) ] ^  \
+                                FT3[ (uint8) ( Y1               ) ];   \
+                                                                                               \
+       X3 = RK[3] ^ FT0[ (uint8) (     Y3 >> 24 ) ] ^  \
+                                FT1[ (uint8) ( Y0 >> 16 ) ] ^  \
+                                FT2[ (uint8) ( Y1 >>  8 ) ] ^  \
+                                FT3[ (uint8) ( Y2               ) ];   \
+}
+
+       AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 1 */
+       AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 2 */
+       AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 3 */
+       AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 4 */
+       AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 5 */
+       AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 6 */
+       AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 7 */
+       AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 8 */
+       AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 9 */
+
+       if(     ctx->nr > 10 )
+       {
+               AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );   /* round 10     */
+               AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );   /* round 11     */
+       }
+
+       if(     ctx->nr > 12 )
+       {
+               AES_FROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );   /* round 12     */
+               AES_FROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );   /* round 13     */
+       }
+
+       /* last round */
+
+       RK += 4;
+
+       X0 = RK[0] ^ ( FSb[     (uint8) ( Y0 >> 24 ) ] << 24 ) ^
+                                ( FSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
+                                ( FSb[ (uint8) ( Y2 >>  8 ) ] <<  8 ) ^
+                                ( FSb[ (uint8) ( Y3       ) ]           );
+
+       X1 = RK[1] ^ ( FSb[     (uint8) ( Y1 >> 24 ) ] << 24 ) ^
+                                ( FSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
+                                ( FSb[ (uint8) ( Y3 >>  8 ) ] <<  8 ) ^
+                                ( FSb[ (uint8) ( Y0       ) ]           );
+
+       X2 = RK[2] ^ ( FSb[     (uint8) ( Y2 >> 24 ) ] << 24 ) ^
+                                ( FSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
+                                ( FSb[ (uint8) ( Y0 >>  8 ) ] <<  8 ) ^
+                                ( FSb[ (uint8) ( Y1       ) ]           );
+
+       X3 = RK[3] ^ ( FSb[     (uint8) ( Y3 >> 24 ) ] << 24 ) ^
+                                ( FSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
+                                ( FSb[ (uint8) ( Y1 >>  8 ) ] <<  8 ) ^
+                                ( FSb[ (uint8) ( Y2       ) ]           );
+
+       PUT_UINT32(     X0,     output,  0 );
+       PUT_UINT32(     X1,     output,  4 );
+       PUT_UINT32(     X2,     output,  8 );
+       PUT_UINT32(     X3,     output, 12 );
+}
+
+/* AES 128-bit block decryption        routine */
+
+void rt_aes_decrypt( aes_context *ctx, uint8 input[16], uint8 output[16] )
+{
+       uint32 *RK,     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3;
+
+       RK = (uint32 *) ctx->drk;
+
+       GET_UINT32(     X0,     input,  0 ); X0 ^= RK[0];
+       GET_UINT32(     X1,     input,  4 ); X1 ^= RK[1];
+       GET_UINT32(     X2,     input,  8 ); X2 ^= RK[2];
+       GET_UINT32(     X3,     input, 12 ); X3 ^= RK[3];
+
+#define        AES_RROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3)             \
+{                                                                                              \
+       RK += 4;                                                                        \
+                                                                                               \
+       X0 = RK[0] ^ RT0[ (uint8) (     Y0 >> 24 ) ] ^  \
+                                RT1[ (uint8) ( Y3 >> 16 ) ] ^  \
+                                RT2[ (uint8) ( Y2 >>  8 ) ] ^  \
+                                RT3[ (uint8) ( Y1               ) ];   \
+                                                                                               \
+       X1 = RK[1] ^ RT0[ (uint8) (     Y1 >> 24 ) ] ^  \
+                                RT1[ (uint8) ( Y0 >> 16 ) ] ^  \
+                                RT2[ (uint8) ( Y3 >>  8 ) ] ^  \
+                                RT3[ (uint8) ( Y2               ) ];   \
+                                                                                               \
+       X2 = RK[2] ^ RT0[ (uint8) (     Y2 >> 24 ) ] ^  \
+                                RT1[ (uint8) ( Y1 >> 16 ) ] ^  \
+                                RT2[ (uint8) ( Y0 >>  8 ) ] ^  \
+                                RT3[ (uint8) ( Y3               ) ];   \
+                                                                                               \
+       X3 = RK[3] ^ RT0[ (uint8) (     Y3 >> 24 ) ] ^  \
+                                RT1[ (uint8) ( Y2 >> 16 ) ] ^  \
+                                RT2[ (uint8) ( Y1 >>  8 ) ] ^  \
+                                RT3[ (uint8) ( Y0               ) ];   \
+}
+
+       AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 1 */
+       AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 2 */
+       AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 3 */
+       AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 4 */
+       AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 5 */
+       AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 6 */
+       AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 7 */
+       AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );           /* round 8 */
+       AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );           /* round 9 */
+
+       if(     ctx->nr > 10 )
+       {
+               AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );   /* round 10     */
+               AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );   /* round 11     */
+       }
+
+       if(     ctx->nr > 12 )
+       {
+               AES_RROUND(     X0,     X1,     X2,     X3,     Y0,     Y1,     Y2,     Y3 );   /* round 12     */
+               AES_RROUND(     Y0,     Y1,     Y2,     Y3,     X0,     X1,     X2,     X3 );   /* round 13     */
+       }
+
+       /* last round */
+
+       RK += 4;
+
+       X0 = RK[0] ^ ( RSb[     (uint8) ( Y0 >> 24 ) ] << 24 ) ^
+                                ( RSb[ (uint8) ( Y3 >> 16 ) ] << 16 ) ^
+                                ( RSb[ (uint8) ( Y2 >>  8 ) ] <<  8 ) ^
+                                ( RSb[ (uint8) ( Y1       ) ]           );
+
+       X1 = RK[1] ^ ( RSb[     (uint8) ( Y1 >> 24 ) ] << 24 ) ^
+                                ( RSb[ (uint8) ( Y0 >> 16 ) ] << 16 ) ^
+                                ( RSb[ (uint8) ( Y3 >>  8 ) ] <<  8 ) ^
+                                ( RSb[ (uint8) ( Y2       ) ]           );
+
+       X2 = RK[2] ^ ( RSb[     (uint8) ( Y2 >> 24 ) ] << 24 ) ^
+                                ( RSb[ (uint8) ( Y1 >> 16 ) ] << 16 ) ^
+                                ( RSb[ (uint8) ( Y0 >>  8 ) ] <<  8 ) ^
+                                ( RSb[ (uint8) ( Y3       ) ]           );
+
+       X3 = RK[3] ^ ( RSb[     (uint8) ( Y3 >> 24 ) ] << 24 ) ^
+                                ( RSb[ (uint8) ( Y2 >> 16 ) ] << 16 ) ^
+                                ( RSb[ (uint8) ( Y1 >>  8 ) ] <<  8 ) ^
+                                ( RSb[ (uint8) ( Y0       ) ]           );
+
+       PUT_UINT32(     X0,     output,  0 );
+       PUT_UINT32(     X1,     output,  4 );
+       PUT_UINT32(     X2,     output,  8 );
+       PUT_UINT32(     X3,     output, 12 );
+}
+
+/*
+    ==========================================================================
+    Description:
+        ENCRYPT AES GTK before sending in EAPOL frame.
+        AES GTK length = 128 bit,  so fix blocks for aes-key-wrap as 2 in this function.
+        This function references to RFC 3394 for aes key wrap algorithm.
+    Return:
+    ==========================================================================
+*/
+VOID AES_GTK_KEY_WRAP(
+    IN UCHAR    *key,
+    IN UCHAR    *plaintext,
+    IN UINT32    p_len,
+    OUT UCHAR   *ciphertext)
+{
+    UCHAR       A[8], BIN[16], BOUT[16];
+    UCHAR       R[512];
+    INT         num_blocks = p_len/8;   // unit:64bits
+    INT         i, j;
+    aes_context aesctx;
+    UCHAR       xor;
+
+    rt_aes_set_key(&aesctx, key, 128);
+
+    // Init IA
+    for (i = 0; i < 8; i++)
+        A[i] = 0xa6;
+
+    //Input plaintext
+    for (i = 0; i < num_blocks; i++)
+    {
+        for (j = 0 ; j < 8; j++)
+            R[8 * (i + 1) + j] = plaintext[8 * i + j];
+    }
+
+    // Key Mix
+    for (j = 0; j < 6; j++)
+    {
+        for(i = 1; i <= num_blocks; i++)
+        {
+            //phase 1
+            NdisMoveMemory(BIN, A, 8);
+            NdisMoveMemory(&BIN[8], &R[8 * i], 8);
+            rt_aes_encrypt(&aesctx, BIN, BOUT);
+
+            NdisMoveMemory(A, &BOUT[0], 8);
+            xor = num_blocks * j + i;
+            A[7] = BOUT[7] ^ xor;
+            NdisMoveMemory(&R[8 * i], &BOUT[8], 8);
+        }
+    }
+
+    // Output ciphertext
+    NdisMoveMemory(ciphertext, A, 8);
+
+    for (i = 1; i <= num_blocks; i++)
+    {
+        for (j = 0 ; j < 8; j++)
+            ciphertext[8 * i + j] = R[8 * i + j];
+    }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Misc function to decrypt AES body
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+               This function references to     RFC     3394 for aes key unwrap algorithm.
+
+       ========================================================================
+*/
+VOID   AES_GTK_KEY_UNWRAP(
+       IN      UCHAR   *key,
+       OUT     UCHAR   *plaintext,
+       IN      UINT32   c_len,
+       IN      UCHAR   *ciphertext)
+
+{
+       UCHAR       A[8], BIN[16], BOUT[16];
+       UCHAR       xor;
+       INT         i, j;
+       aes_context aesctx;
+       UCHAR       *R;
+       INT         num_blocks = c_len/8;       // unit:64bits
+
+
+       os_alloc_mem(NULL, (PUCHAR *)&R, 512);
+
+       if (R == NULL)
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("!!!AES_GTK_KEY_UNWRAP: no memory!!!\n"));
+        return;
+    } /* End of if */
+
+       // Initialize
+       NdisMoveMemory(A, ciphertext, 8);
+       //Input plaintext
+       for(i = 0; i < (c_len-8); i++)
+       {
+               R[ i] = ciphertext[i + 8];
+       }
+
+       rt_aes_set_key(&aesctx, key, 128);
+
+       for(j = 5; j >= 0; j--)
+       {
+               for(i = (num_blocks-1); i > 0; i--)
+               {
+                       xor = (num_blocks -1 )* j + i;
+                       NdisMoveMemory(BIN, A, 8);
+                       BIN[7] = A[7] ^ xor;
+                       NdisMoveMemory(&BIN[8], &R[(i-1)*8], 8);
+                       rt_aes_decrypt(&aesctx, BIN, BOUT);
+                       NdisMoveMemory(A, &BOUT[0], 8);
+                       NdisMoveMemory(&R[(i-1)*8], &BOUT[8], 8);
+               }
+       }
+
+       // OUTPUT
+       for(i = 0; i < c_len; i++)
+       {
+               plaintext[i] = R[i];
+       }
+
+
+       os_free_mem(NULL, R);
+}
+
+
+/* =======  The related function of AES-128-CMAC  ======= */
+VOID leftshift_onebit(
+       IN  PUCHAR      input,
+       OUT PUCHAR      output)
+{
+       INT i;
+       UCHAR overflow = 0;
+
+       for (i=15; i>=0; i--)
+       {
+               output[i] = input[i] << 1;
+               output[i] |= overflow;
+               overflow = (input[i] & 0x80) ? 1 : 0;
+       }
+}
+
+VOID do_padding(
+       IN      PUCHAR  lastb,
+       OUT     PUCHAR  pad,
+       IN  INT         len)
+{
+       INT     j;
+
+       for (j=0; j<16; j++)
+       {
+               if (j < len)
+                       pad[j] = lastb[j];
+               else if (j == len)
+                       pad[j] = 0x80;
+               else
+                       pad[j] = 0x00;
+       }
+
+
+}
+
+/*
+ *     The Subkey Generation Algorithm
+ */
+VOID generate_subkey(
+       IN      PUCHAR key,
+       OUT     PUCHAR K1,
+       OUT PUCHAR K2)
+{
+       aes_context aesctx;
+       UCHAR aes_128_key[16];
+       UCHAR const_Zero[16];
+       UCHAR tmp[16];
+       UCHAR const_Rb[16] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+                                             0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87};
+
+       // initial the key material
+       memset(const_Zero, 0, 16);
+       memset(aes_128_key, 0, 16);
+
+       // AES-128 with key is applied to an all-zero input block
+       rt_aes_set_key(&aesctx, key, 128);
+       rt_aes_encrypt(&aesctx, const_Zero, aes_128_key);
+
+       // derive K1(128-bit first subkey) and K2(128-bit second subkey), refer to rfc-4493 ch 2.3
+       if ((aes_128_key[0] & 0x80) == 0)
+       {
+               leftshift_onebit(aes_128_key, K1);
+       }
+       else
+       {
+               leftshift_onebit(aes_128_key, tmp);
+               xor_128(tmp, const_Rb, K1);
+       }
+
+       if ((K1[0] & 0x80) == 0)
+       {
+               leftshift_onebit(K1, K2);
+       }
+       else
+       {
+               leftshift_onebit(K1, tmp);
+               xor_128(tmp, const_Rb, K2);
+       }
+
+}
+
+/*
+ *     AES-CMAC Algorithm. (refer to rfc-4493 and SP800-38B)
+ *
+ *     Input : key             (128-bit key)
+ *                     input           (message to be authenticated)
+ *                     len                     (length of the message in octets)
+ *
+ *     output: mac                     (message authentication code)
+ */
+VOID AES_128_CMAC(
+       IN      PUCHAR  key,
+       IN      PUCHAR  input,
+       IN      INT             len,
+       OUT     PUCHAR  mac)
+{
+       UCHAR   X[16], Y[16], M_last[16], padded[16];
+       UCHAR   K1[16], K2[16];
+       aes_context aesctx;
+       INT             n, i, flag;
+
+       generate_subkey(key, K1, K2);
+
+       n = (len+15) / 16;              // n is number of rounds
+
+       if (n == 0)
+       {
+               n = 1;
+               flag = 0;
+       }
+       else
+       {
+               if ((len%16) == 0)
+                       flag = 1;                       // indicate that last block is a complete block
+               else
+                       flag = 0;                       // indicate that last block is not a complete block
+       }
+
+       if (flag)
+       {
+               xor_128(&input[16*(n-1)], K1, M_last);
+       }
+       else
+       {
+               do_padding(&input[16*(n-1)], padded, len%16);
+               xor_128(padded, K2, M_last);
+       }
+
+       memset(X, 0, 16);
+       for (i=0; i<n-1; i++)
+       {
+               xor_128(X, &input[16*i], Y);
+               rt_aes_set_key(&aesctx, key, 128);
+               rt_aes_encrypt(&aesctx, Y, X);
+       }
+
+       xor_128(X, M_last, Y);
+       rt_aes_set_key(&aesctx, key, 128);
+       rt_aes_encrypt(&aesctx, Y, X);
+
+       for (i=0; i<16; i++)
+       {
+               mac[i] = X[i];
+       }
+
+}
+/* =======  The related function of AES-128-CMAC  ======= */
diff --git a/drivers/staging/rt3090/common/cmm_asic.c b/drivers/staging/rt3090/common/cmm_asic.c
new file mode 100644 (file)
index 0000000..3d1c808
--- /dev/null
@@ -0,0 +1,2753 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       cmm_asic.c
+
+       Abstract:
+       Functions used to communicate with ASIC
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+// Reset the RFIC setting to new series
+RTMP_RF_REGS RF2850RegTable[] = {
+//             ch       R1              R2              R3(TX0~4=0) R4
+               {1,  0x98402ecc, 0x984c0786, 0x9816b455, 0x9800510b},
+               {2,  0x98402ecc, 0x984c0786, 0x98168a55, 0x9800519f},
+               {3,  0x98402ecc, 0x984c078a, 0x98168a55, 0x9800518b},
+               {4,  0x98402ecc, 0x984c078a, 0x98168a55, 0x9800519f},
+               {5,  0x98402ecc, 0x984c078e, 0x98168a55, 0x9800518b},
+               {6,  0x98402ecc, 0x984c078e, 0x98168a55, 0x9800519f},
+               {7,  0x98402ecc, 0x984c0792, 0x98168a55, 0x9800518b},
+               {8,  0x98402ecc, 0x984c0792, 0x98168a55, 0x9800519f},
+               {9,  0x98402ecc, 0x984c0796, 0x98168a55, 0x9800518b},
+               {10, 0x98402ecc, 0x984c0796, 0x98168a55, 0x9800519f},
+               {11, 0x98402ecc, 0x984c079a, 0x98168a55, 0x9800518b},
+               {12, 0x98402ecc, 0x984c079a, 0x98168a55, 0x9800519f},
+               {13, 0x98402ecc, 0x984c079e, 0x98168a55, 0x9800518b},
+               {14, 0x98402ecc, 0x984c07a2, 0x98168a55, 0x98005193},
+
+               // 802.11 UNI / HyperLan 2
+               {36, 0x98402ecc, 0x984c099a, 0x98158a55, 0x980ed1a3},
+               {38, 0x98402ecc, 0x984c099e, 0x98158a55, 0x980ed193},
+               {40, 0x98402ec8, 0x984c0682, 0x98158a55, 0x980ed183},
+               {44, 0x98402ec8, 0x984c0682, 0x98158a55, 0x980ed1a3},
+               {46, 0x98402ec8, 0x984c0686, 0x98158a55, 0x980ed18b},
+               {48, 0x98402ec8, 0x984c0686, 0x98158a55, 0x980ed19b},
+               {52, 0x98402ec8, 0x984c068a, 0x98158a55, 0x980ed193},
+               {54, 0x98402ec8, 0x984c068a, 0x98158a55, 0x980ed1a3},
+               {56, 0x98402ec8, 0x984c068e, 0x98158a55, 0x980ed18b},
+               {60, 0x98402ec8, 0x984c0692, 0x98158a55, 0x980ed183},
+               {62, 0x98402ec8, 0x984c0692, 0x98158a55, 0x980ed193},
+               {64, 0x98402ec8, 0x984c0692, 0x98158a55, 0x980ed1a3}, // Plugfest#4, Day4, change RFR3 left4th 9->5.
+
+               // 802.11 HyperLan 2
+               {100, 0x98402ec8, 0x984c06b2, 0x98178a55, 0x980ed783},
+
+               // 2008.04.30 modified
+               // The system team has AN to improve the EVM value
+               // for channel 102 to 108 for the RT2850/RT2750 dual band solution.
+               {102, 0x98402ec8, 0x985c06b2, 0x98578a55, 0x980ed793},
+               {104, 0x98402ec8, 0x985c06b2, 0x98578a55, 0x980ed1a3},
+               {108, 0x98402ecc, 0x985c0a32, 0x98578a55, 0x980ed193},
+
+               {110, 0x98402ecc, 0x984c0a36, 0x98178a55, 0x980ed183},
+               {112, 0x98402ecc, 0x984c0a36, 0x98178a55, 0x980ed19b},
+               {116, 0x98402ecc, 0x984c0a3a, 0x98178a55, 0x980ed1a3},
+               {118, 0x98402ecc, 0x984c0a3e, 0x98178a55, 0x980ed193},
+               {120, 0x98402ec4, 0x984c0382, 0x98178a55, 0x980ed183},
+               {124, 0x98402ec4, 0x984c0382, 0x98178a55, 0x980ed193},
+               {126, 0x98402ec4, 0x984c0382, 0x98178a55, 0x980ed15b}, // 0x980ed1bb->0x980ed15b required by Rory 20070927
+               {128, 0x98402ec4, 0x984c0382, 0x98178a55, 0x980ed1a3},
+               {132, 0x98402ec4, 0x984c0386, 0x98178a55, 0x980ed18b},
+               {134, 0x98402ec4, 0x984c0386, 0x98178a55, 0x980ed193},
+               {136, 0x98402ec4, 0x984c0386, 0x98178a55, 0x980ed19b},
+               {140, 0x98402ec4, 0x984c038a, 0x98178a55, 0x980ed183},
+
+               // 802.11 UNII
+               {149, 0x98402ec4, 0x984c038a, 0x98178a55, 0x980ed1a7},
+               {151, 0x98402ec4, 0x984c038e, 0x98178a55, 0x980ed187},
+               {153, 0x98402ec4, 0x984c038e, 0x98178a55, 0x980ed18f},
+               {157, 0x98402ec4, 0x984c038e, 0x98178a55, 0x980ed19f},
+               {159, 0x98402ec4, 0x984c038e, 0x98178a55, 0x980ed1a7},
+               {161, 0x98402ec4, 0x984c0392, 0x98178a55, 0x980ed187},
+               {165, 0x98402ec4, 0x984c0392, 0x98178a55, 0x980ed197},
+               {167, 0x98402ec4, 0x984c03d2, 0x98179855, 0x9815531f},
+               {169, 0x98402ec4, 0x984c03d2, 0x98179855, 0x98155327},
+               {171, 0x98402ec4, 0x984c03d6, 0x98179855, 0x98155307},
+               {173, 0x98402ec4, 0x984c03d6, 0x98179855, 0x9815530f},
+
+               // Japan
+               {184, 0x95002ccc, 0x9500491e, 0x9509be55, 0x950c0a0b},
+               {188, 0x95002ccc, 0x95004922, 0x9509be55, 0x950c0a13},
+               {192, 0x95002ccc, 0x95004926, 0x9509be55, 0x950c0a1b},
+               {196, 0x95002ccc, 0x9500492a, 0x9509be55, 0x950c0a23},
+               {208, 0x95002ccc, 0x9500493a, 0x9509be55, 0x950c0a13},
+               {212, 0x95002ccc, 0x9500493e, 0x9509be55, 0x950c0a1b},
+               {216, 0x95002ccc, 0x95004982, 0x9509be55, 0x950c0a23},
+
+               // still lack of MMAC(Japan) ch 34,38,42,46
+};
+UCHAR  NUM_OF_2850_CHNL = (sizeof(RF2850RegTable) / sizeof(RTMP_RF_REGS));
+
+FREQUENCY_ITEM FreqItems3020[] =
+{
+       /**************************************************/
+       // ISM : 2.4 to 2.483 GHz                         //
+       /**************************************************/
+       // 11g
+       /**************************************************/
+       //-CH---N-------R---K-----------
+       {1,    241,  2,  2},
+       {2,    241,      2,  7},
+       {3,    242,      2,  2},
+       {4,    242,      2,  7},
+       {5,    243,      2,  2},
+       {6,    243,      2,  7},
+       {7,    244,      2,  2},
+       {8,    244,      2,  7},
+       {9,    245,      2,  2},
+       {10,   245,      2,  7},
+       {11,   246,      2,  2},
+       {12,   246,      2,  7},
+       {13,   247,      2,  2},
+       {14,   248,      2,  4},
+};
+UCHAR  NUM_OF_3020_CHNL = (sizeof(FreqItems3020) / sizeof(FREQUENCY_ITEM));
+
+
+VOID AsicUpdateAutoFallBackTable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pRateTable)
+{
+       UCHAR                                   i;
+       HT_FBK_CFG0_STRUC               HtCfg0;
+       HT_FBK_CFG1_STRUC               HtCfg1;
+       LG_FBK_CFG0_STRUC               LgCfg0;
+       LG_FBK_CFG1_STRUC               LgCfg1;
+       PRTMP_TX_RATE_SWITCH    pCurrTxRate, pNextTxRate;
+
+       // set to initial value
+       HtCfg0.word = 0x65432100;
+       HtCfg1.word = 0xedcba988;
+       LgCfg0.word = 0xedcba988;
+       LgCfg1.word = 0x00002100;
+
+       pNextTxRate = (PRTMP_TX_RATE_SWITCH)pRateTable+1;
+       for (i = 1; i < *((PUCHAR) pRateTable); i++)
+       {
+               pCurrTxRate = (PRTMP_TX_RATE_SWITCH)pRateTable+1+i;
+               switch (pCurrTxRate->Mode)
+               {
+                       case 0:         //CCK
+                               break;
+                       case 1:         //OFDM
+                               {
+                                       switch(pCurrTxRate->CurrMCS)
+                                       {
+                                               case 0:
+                                                       LgCfg0.field.OFDMMCS0FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 1:
+                                                       LgCfg0.field.OFDMMCS1FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 2:
+                                                       LgCfg0.field.OFDMMCS2FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 3:
+                                                       LgCfg0.field.OFDMMCS3FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 4:
+                                                       LgCfg0.field.OFDMMCS4FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 5:
+                                                       LgCfg0.field.OFDMMCS5FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 6:
+                                                       LgCfg0.field.OFDMMCS6FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                               case 7:
+                                                       LgCfg0.field.OFDMMCS7FBK = (pNextTxRate->Mode == MODE_OFDM) ? (pNextTxRate->CurrMCS+8): pNextTxRate->CurrMCS;
+                                                       break;
+                                       }
+                               }
+                               break;
+#ifdef DOT11_N_SUPPORT
+                       case 2:         //HT-MIX
+                       case 3:         //HT-GF
+                               {
+                                       if ((pNextTxRate->Mode >= MODE_HTMIX) && (pCurrTxRate->CurrMCS != pNextTxRate->CurrMCS))
+                                       {
+                                               switch(pCurrTxRate->CurrMCS)
+                                               {
+                                                       case 0:
+                                                               HtCfg0.field.HTMCS0FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 1:
+                                                               HtCfg0.field.HTMCS1FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 2:
+                                                               HtCfg0.field.HTMCS2FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 3:
+                                                               HtCfg0.field.HTMCS3FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 4:
+                                                               HtCfg0.field.HTMCS4FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 5:
+                                                               HtCfg0.field.HTMCS5FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 6:
+                                                               HtCfg0.field.HTMCS6FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 7:
+                                                               HtCfg0.field.HTMCS7FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 8:
+                                                               HtCfg1.field.HTMCS8FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 9:
+                                                               HtCfg1.field.HTMCS9FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 10:
+                                                               HtCfg1.field.HTMCS10FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 11:
+                                                               HtCfg1.field.HTMCS11FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 12:
+                                                               HtCfg1.field.HTMCS12FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 13:
+                                                               HtCfg1.field.HTMCS13FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 14:
+                                                               HtCfg1.field.HTMCS14FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       case 15:
+                                                               HtCfg1.field.HTMCS15FBK = pNextTxRate->CurrMCS;
+                                                               break;
+                                                       default:
+                                                               DBGPRINT(RT_DEBUG_ERROR, ("AsicUpdateAutoFallBackTable: not support CurrMCS=%d\n", pCurrTxRate->CurrMCS));
+                                               }
+                                       }
+                               }
+                               break;
+#endif // DOT11_N_SUPPORT //
+               }
+
+               pNextTxRate = pCurrTxRate;
+       }
+
+       RTMP_IO_WRITE32(pAd, HT_FBK_CFG0, HtCfg0.word);
+       RTMP_IO_WRITE32(pAd, HT_FBK_CFG1, HtCfg1.word);
+       RTMP_IO_WRITE32(pAd, LG_FBK_CFG0, LgCfg0.word);
+       RTMP_IO_WRITE32(pAd, LG_FBK_CFG1, LgCfg1.word);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Set MAC register value according operation mode.
+               OperationMode AND bNonGFExist are for MM and GF Proteciton.
+               If MM or GF mask is not set, those passing argument doesn't not take effect.
+
+               Operation mode meaning:
+               = 0 : Pure HT, no preotection.
+               = 0x01; there may be non-HT devices in both the control and extension channel, protection is optional in BSS.
+               = 0x10: No Transmission in 40M is protected.
+               = 0x11: Transmission in both 40M and 20M shall be protected
+               if (bNonGFExist)
+                       we should choose not to use GF. But still set correct ASIC registers.
+       ========================================================================
+*/
+VOID   AsicUpdateProtect(
+       IN              PRTMP_ADAPTER   pAd,
+       IN              USHORT                  OperationMode,
+       IN              UCHAR                   SetMask,
+       IN              BOOLEAN                 bDisableBGProtect,
+       IN              BOOLEAN                 bNonGFExist)
+{
+       PROT_CFG_STRUC  ProtCfg, ProtCfg4;
+       UINT32 Protect[6];
+       USHORT                  offset;
+       UCHAR                   i;
+       UINT32 MacReg = 0;
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+#ifdef DOT11_N_SUPPORT
+       if (!(pAd->CommonCfg.bHTProtect) && (OperationMode != 8))
+       {
+               return;
+       }
+
+       if (pAd->BATable.numDoneOriginator)
+       {
+               //
+               // enable the RTS/CTS to avoid channel collision
+               //
+               SetMask = ALLN_SETPROTECT;
+               OperationMode = 8;
+       }
+#endif // DOT11_N_SUPPORT //
+
+       // Config ASIC RTS threshold register
+       RTMP_IO_READ32(pAd, TX_RTS_CFG, &MacReg);
+       MacReg &= 0xFF0000FF;
+       // If the user want disable RtsThreshold and enbale Amsdu/Ralink-Aggregation, set the RtsThreshold as 4096
+        if ((
+#ifdef DOT11_N_SUPPORT
+                       (pAd->CommonCfg.BACapability.field.AmsduEnable) ||
+#endif // DOT11_N_SUPPORT //
+                       (pAd->CommonCfg.bAggregationCapable == TRUE))
+            && pAd->CommonCfg.RtsThreshold == MAX_RTS_THRESHOLD)
+        {
+                       MacReg |= (0x1000 << 8);
+        }
+        else
+        {
+                       MacReg |= (pAd->CommonCfg.RtsThreshold << 8);
+        }
+
+       RTMP_IO_WRITE32(pAd, TX_RTS_CFG, MacReg);
+
+       // Initial common protection settings
+       RTMPZeroMemory(Protect, sizeof(Protect));
+       ProtCfg4.word = 0;
+       ProtCfg.word = 0;
+       ProtCfg.field.TxopAllowGF40 = 1;
+       ProtCfg.field.TxopAllowGF20 = 1;
+       ProtCfg.field.TxopAllowMM40 = 1;
+       ProtCfg.field.TxopAllowMM20 = 1;
+       ProtCfg.field.TxopAllowOfdm = 1;
+       ProtCfg.field.TxopAllowCck = 1;
+       ProtCfg.field.RTSThEn = 1;
+       ProtCfg.field.ProtectNav = ASIC_SHORTNAV;
+
+       // update PHY mode and rate
+       if (pAd->CommonCfg.Channel > 14)
+               ProtCfg.field.ProtectRate = 0x4000;
+       ProtCfg.field.ProtectRate |= pAd->CommonCfg.RtsRate;
+
+       // Handle legacy(B/G) protection
+       if (bDisableBGProtect)
+       {
+               //ProtCfg.field.ProtectRate = pAd->CommonCfg.RtsRate;
+               ProtCfg.field.ProtectCtrl = 0;
+               Protect[0] = ProtCfg.word;
+               Protect[1] = ProtCfg.word;
+               pAd->FlgCtsEnabled = 0; /* CTS-self is not used */
+       }
+       else
+       {
+               //ProtCfg.field.ProtectRate = pAd->CommonCfg.RtsRate;
+               ProtCfg.field.ProtectCtrl = 0;                  // CCK do not need to be protected
+               Protect[0] = ProtCfg.word;
+               ProtCfg.field.ProtectCtrl = ASIC_CTS;   // OFDM needs using CCK to protect
+               Protect[1] = ProtCfg.word;
+               pAd->FlgCtsEnabled = 1; /* CTS-self is used */
+       }
+
+#ifdef DOT11_N_SUPPORT
+       // Decide HT frame protection.
+       if ((SetMask & ALLN_SETPROTECT) != 0)
+       {
+               switch(OperationMode)
+               {
+                       case 0x0:
+                               // NO PROTECT
+                               // 1.All STAs in the BSS are 20/40 MHz HT
+                               // 2. in ai 20/40MHz BSS
+                               // 3. all STAs are 20MHz in a 20MHz BSS
+                               // Pure HT. no protection.
+
+                               // MM20_PROT_CFG
+                               //      Reserved (31:27)
+                               //      PROT_TXOP(25:20) -- 010111
+                               //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+                               //  PROT_CTRL(17:16) -- 00 (None)
+                               //      PROT_RATE(15:0)  -- 0x4004 (OFDM 24M)
+                               Protect[2] = 0x01744004;
+
+                               // MM40_PROT_CFG
+                               //      Reserved (31:27)
+                               //      PROT_TXOP(25:20) -- 111111
+                               //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+                               //  PROT_CTRL(17:16) -- 00 (None)
+                               //      PROT_RATE(15:0)  -- 0x4084 (duplicate OFDM 24M)
+                               Protect[3] = 0x03f44084;
+
+                               // CF20_PROT_CFG
+                               //      Reserved (31:27)
+                               //      PROT_TXOP(25:20) -- 010111
+                               //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+                               //  PROT_CTRL(17:16) -- 00 (None)
+                               //      PROT_RATE(15:0)  -- 0x4004 (OFDM 24M)
+                               Protect[4] = 0x01744004;
+
+                               // CF40_PROT_CFG
+                               //      Reserved (31:27)
+                               //      PROT_TXOP(25:20) -- 111111
+                               //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+                               //  PROT_CTRL(17:16) -- 00 (None)
+                               //      PROT_RATE(15:0)  -- 0x4084 (duplicate OFDM 24M)
+                               Protect[5] = 0x03f44084;
+
+                               if (bNonGFExist)
+                               {
+                                       // PROT_NAV(19:18)  -- 01 (Short NAV protectiion)
+                                       // PROT_CTRL(17:16) -- 01 (RTS/CTS)
+                                       Protect[4] = 0x01754004;
+                                       Protect[5] = 0x03f54084;
+                               }
+                               pAd->CommonCfg.IOTestParm.bRTSLongProtOn = FALSE;
+                               break;
+
+                       case 1:
+                               // This is "HT non-member protection mode."
+                               // If there may be non-HT STAs my BSS
+                               ProtCfg.word = 0x01744004;      // PROT_CTRL(17:16) : 0 (None)
+                               ProtCfg4.word = 0x03f44084; // duplicaet legacy 24M. BW set 1.
+                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED))
+                               {
+                                       ProtCfg.word = 0x01740003;      //ERP use Protection bit is set, use protection rate at Clause 18..
+                                       ProtCfg4.word = 0x03f40003; // Don't duplicate RTS/CTS in CCK mode. 0x03f40083;
+                               }
+                               //Assign Protection method for 20&40 MHz packets
+                               ProtCfg.field.ProtectCtrl = ASIC_RTS;
+                               ProtCfg.field.ProtectNav = ASIC_SHORTNAV;
+                               ProtCfg4.field.ProtectCtrl = ASIC_RTS;
+                               ProtCfg4.field.ProtectNav = ASIC_SHORTNAV;
+                               Protect[2] = ProtCfg.word;
+                               Protect[3] = ProtCfg4.word;
+                               Protect[4] = ProtCfg.word;
+                               Protect[5] = ProtCfg4.word;
+                               pAd->CommonCfg.IOTestParm.bRTSLongProtOn = TRUE;
+                               break;
+
+                       case 2:
+                               // If only HT STAs are in BSS. at least one is 20MHz. Only protect 40MHz packets
+                               ProtCfg.word = 0x01744004;  // PROT_CTRL(17:16) : 0 (None)
+                               ProtCfg4.word = 0x03f44084; // duplicaet legacy 24M. BW set 1.
+
+                               //Assign Protection method for 40MHz packets
+                               ProtCfg4.field.ProtectCtrl = ASIC_RTS;
+                               ProtCfg4.field.ProtectNav = ASIC_SHORTNAV;
+                               Protect[2] = ProtCfg.word;
+                               Protect[3] = ProtCfg4.word;
+                               if (bNonGFExist)
+                               {
+                                       ProtCfg.field.ProtectCtrl = ASIC_RTS;
+                                       ProtCfg.field.ProtectNav = ASIC_SHORTNAV;
+                               }
+                               Protect[4] = ProtCfg.word;
+                               Protect[5] = ProtCfg4.word;
+
+                               pAd->CommonCfg.IOTestParm.bRTSLongProtOn = FALSE;
+                               break;
+
+                       case 3:
+                               // HT mixed mode.        PROTECT ALL!
+                               // Assign Rate
+                               ProtCfg.word = 0x01744004;      //duplicaet legacy 24M. BW set 1.
+                               ProtCfg4.word = 0x03f44084;
+                               // both 20MHz and 40MHz are protected. Whether use RTS or CTS-to-self depends on the
+                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED))
+                               {
+                                       ProtCfg.word = 0x01740003;      //ERP use Protection bit is set, use protection rate at Clause 18..
+                                       ProtCfg4.word = 0x03f40003; // Don't duplicate RTS/CTS in CCK mode. 0x03f40083
+                               }
+                               //Assign Protection method for 20&40 MHz packets
+                               ProtCfg.field.ProtectCtrl = ASIC_RTS;
+                               ProtCfg.field.ProtectNav = ASIC_SHORTNAV;
+                               ProtCfg4.field.ProtectCtrl = ASIC_RTS;
+                               ProtCfg4.field.ProtectNav = ASIC_SHORTNAV;
+                               Protect[2] = ProtCfg.word;
+                               Protect[3] = ProtCfg4.word;
+                               Protect[4] = ProtCfg.word;
+                               Protect[5] = ProtCfg4.word;
+                               pAd->CommonCfg.IOTestParm.bRTSLongProtOn = TRUE;
+                               break;
+
+                       case 8:
+                               // Special on for Atheros problem n chip.
+                               Protect[2] = 0x01754004;
+                               Protect[3] = 0x03f54084;
+                               Protect[4] = 0x01754004;
+                               Protect[5] = 0x03f54084;
+                               pAd->CommonCfg.IOTestParm.bRTSLongProtOn = TRUE;
+                               break;
+               }
+       }
+#endif // DOT11_N_SUPPORT //
+
+       offset = CCK_PROT_CFG;
+       for (i = 0;i < 6;i++)
+       {
+                       if ((SetMask & (1<< i)))
+               {
+               RTMP_IO_WRITE32(pAd, offset + i*4, Protect[i]);
+       }
+}
+}
+
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicSwitchChannel(
+                                         IN PRTMP_ADAPTER pAd,
+       IN      UCHAR                   Channel,
+       IN      BOOLEAN                 bScan)
+{
+       ULONG                   R2 = 0, R3 = DEFAULT_RF_TX_POWER, R4 = 0;
+       CHAR    TxPwer = 0, TxPwer2 = DEFAULT_RF_TX_POWER; //Bbp94 = BBPR94_DEFAULT, TxPwer2 = DEFAULT_RF_TX_POWER;
+       UCHAR   index;
+       UINT32  Value = 0; //BbpReg, Value;
+       RTMP_RF_REGS *RFRegTable;
+       UCHAR   RFValue;
+
+       RFValue = 0;
+       // Search Tx power value
+       // We can't use ChannelList to search channel, since some central channl's txpowr doesn't list
+       // in ChannelList, so use TxPower array instead.
+       //
+       for (index = 0; index < MAX_NUM_OF_CHANNELS; index++)
+       {
+               if (Channel == pAd->TxPower[index].Channel)
+               {
+                       TxPwer = pAd->TxPower[index].Power;
+                       TxPwer2 = pAd->TxPower[index].Power2;
+                       break;
+               }
+       }
+
+       if (index == MAX_NUM_OF_CHANNELS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("AsicSwitchChannel: Can't find the Channel#%d \n", Channel));
+       }
+
+#ifdef RT30xx
+       // The RF programming sequence is difference between 3xxx and 2xxx
+       if ((IS_RT3070(pAd) || IS_RT3090(pAd)||IS_RT3390(pAd)) && ((pAd->RfIcType == RFIC_3020) || (pAd->RfIcType == RFIC_2020) ||
+               (pAd->RfIcType == RFIC_3021) || (pAd->RfIcType == RFIC_3022)))
+       {
+               /* modify by WY for Read RF Reg. error */
+
+               for (index = 0; index < NUM_OF_3020_CHNL; index++)
+               {
+                       if (Channel == FreqItems3020[index].Channel)
+                       {
+                               // Programming channel parameters
+                               RT30xxWriteRFRegister(pAd, RF_R02, FreqItems3020[index].N);
+                               RT30xxWriteRFRegister(pAd, RF_R03, FreqItems3020[index].K);
+                               RT30xxReadRFRegister(pAd, RF_R06, &RFValue);
+                               RFValue = (RFValue & 0xFC) | FreqItems3020[index].R;
+                               RT30xxWriteRFRegister(pAd, RF_R06, RFValue);
+
+                               // Set Tx0 Power
+                               RT30xxReadRFRegister(pAd, RF_R12, &RFValue);
+                               RFValue = (RFValue & 0xE0) | TxPwer;
+                               RT30xxWriteRFRegister(pAd, RF_R12, RFValue);
+
+                               // Set Tx1 Power
+                               RT30xxReadRFRegister(pAd, RF_R13, &RFValue);
+                               RFValue = (RFValue & 0xE0) | TxPwer2;
+                               RT30xxWriteRFRegister(pAd, RF_R13, RFValue);
+
+                               // Tx/Rx Stream setting
+                               RT30xxReadRFRegister(pAd, RF_R01, &RFValue);
+                               //if (IS_RT3090(pAd))
+                               //      RFValue |= 0x01; // Enable RF block.
+                               RFValue &= 0x03;        //clear bit[7~2]
+                               if (pAd->Antenna.field.TxPath == 1)
+                                       RFValue |= 0xA0;
+                               else if (pAd->Antenna.field.TxPath == 2)
+                                       RFValue |= 0x80;
+                               if (pAd->Antenna.field.RxPath == 1)
+                                       RFValue |= 0x50;
+                               else if (pAd->Antenna.field.RxPath == 2)
+                                       RFValue |= 0x40;
+                               RT30xxWriteRFRegister(pAd, RF_R01, RFValue);
+
+                               // Set RF offset
+                               RT30xxReadRFRegister(pAd, RF_R23, &RFValue);
+                               RFValue = (RFValue & 0x80) | pAd->RfFreqOffset;
+                               RT30xxWriteRFRegister(pAd, RF_R23, RFValue);
+
+                               // Set BW
+                               if (!bScan && (pAd->CommonCfg.BBPCurrentBW == BW_40))
+                               {
+                                       RFValue = pAd->Mlme.CaliBW40RfR24;
+                                       //DISABLE_11N_CHECK(pAd);
+                               }
+                               else
+                               {
+                                       RFValue = pAd->Mlme.CaliBW20RfR24;
+                               }
+                               RT30xxWriteRFRegister(pAd, RF_R24, RFValue);
+                               RT30xxWriteRFRegister(pAd, RF_R31, RFValue);
+
+                               // Enable RF tuning
+                               RT30xxReadRFRegister(pAd, RF_R07, &RFValue);
+                               RFValue = RFValue | 0x1;
+                               RT30xxWriteRFRegister(pAd, RF_R07, RFValue);
+
+                               // latch channel for future usage.
+                               pAd->LatchRfRegs.Channel = Channel;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("SwitchChannel#%d(RF=%d, Pwr0=%d, Pwr1=%d, %dT), N=0x%02X, K=0x%02X, R=0x%02X\n",
+                       Channel,
+                       pAd->RfIcType,
+                       TxPwer,
+                       TxPwer2,
+                       pAd->Antenna.field.TxPath,
+                       FreqItems3020[index].N,
+                       FreqItems3020[index].K,
+                       FreqItems3020[index].R));
+
+                               break;
+                       }
+               }
+       }
+       else
+#endif // RT30xx //
+       {
+               RFRegTable = RF2850RegTable;
+               switch (pAd->RfIcType)
+               {
+                       case RFIC_2820:
+                       case RFIC_2850:
+                       case RFIC_2720:
+                       case RFIC_2750:
+
+                               for (index = 0; index < NUM_OF_2850_CHNL; index++)
+                               {
+                                       if (Channel == RFRegTable[index].Channel)
+                                       {
+                                               R2 = RFRegTable[index].R2;
+                                               if (pAd->Antenna.field.TxPath == 1)
+                                               {
+                                                       R2 |= 0x4000;   // If TXpath is 1, bit 14 = 1;
+                                               }
+
+                                               if (pAd->Antenna.field.RxPath == 2)
+                                               {
+                                                       R2 |= 0x40;     // write 1 to off Rxpath.
+                                               }
+                                               else if (pAd->Antenna.field.RxPath == 1)
+                                               {
+                                                       R2 |= 0x20040;  // write 1 to off RxPath
+                                               }
+
+                                               if (Channel > 14)
+                                               {
+                                                       // initialize R3, R4
+                                                       R3 = (RFRegTable[index].R3 & 0xffffc1ff);
+                                                       R4 = (RFRegTable[index].R4 & (~0x001f87c0)) | (pAd->RfFreqOffset << 15);
+
+                                                       // 5G band power range: 0xF9~0X0F, TX0 Reg3 bit9/TX1 Reg4 bit6="0" means the TX power reduce 7dB
+                                                       // R3
+                                                       if ((TxPwer >= -7) && (TxPwer < 0))
+                                                       {
+                                                               TxPwer = (7+TxPwer);
+                                                               TxPwer = (TxPwer > 0xF) ? (0xF) : (TxPwer);
+                                                               R3 |= (TxPwer << 10);
+                                                               DBGPRINT(RT_DEBUG_ERROR, ("AsicSwitchChannel: TxPwer=%d \n", TxPwer));
+                                                       }
+                                                       else
+                                                       {
+                                                               TxPwer = (TxPwer > 0xF) ? (0xF) : (TxPwer);
+                                                               R3 |= (TxPwer << 10) | (1 << 9);
+                                                       }
+
+                                                       // R4
+                                                       if ((TxPwer2 >= -7) && (TxPwer2 < 0))
+                                                       {
+                                                               TxPwer2 = (7+TxPwer2);
+                                                               TxPwer2 = (TxPwer2 > 0xF) ? (0xF) : (TxPwer2);
+                                                               R4 |= (TxPwer2 << 7);
+                                                               DBGPRINT(RT_DEBUG_ERROR, ("AsicSwitchChannel: TxPwer2=%d \n", TxPwer2));
+                                                       }
+                                                       else
+                                                       {
+                                                               TxPwer2 = (TxPwer2 > 0xF) ? (0xF) : (TxPwer2);
+                                                               R4 |= (TxPwer2 << 7) | (1 << 6);
+                                                       }
+                                               }
+                                               else
+                                               {
+                                                       R3 = (RFRegTable[index].R3 & 0xffffc1ff) | (TxPwer << 9); // set TX power0
+                                               R4 = (RFRegTable[index].R4 & (~0x001f87c0)) | (pAd->RfFreqOffset << 15) | (TxPwer2 <<6);// Set freq Offset & TxPwr1
+                                               }
+
+                                               // Based on BBP current mode before changing RF channel.
+                                               if (!bScan && (pAd->CommonCfg.BBPCurrentBW == BW_40))
+                                               {
+                                                       R4 |=0x200000;
+                                               }
+
+                                               // Update variables
+                                               pAd->LatchRfRegs.Channel = Channel;
+                                               pAd->LatchRfRegs.R1 = RFRegTable[index].R1;
+                                               pAd->LatchRfRegs.R2 = R2;
+                                               pAd->LatchRfRegs.R3 = R3;
+                                               pAd->LatchRfRegs.R4 = R4;
+
+#ifdef DFS_DEBUG
+#ifdef DFS_FCC_BW40_FIX
+                                               if (pAd->infType == RTMP_DEV_INF_PCI) // RT2880 PCI
+                                               {
+                                                       /* only for RT2880 */
+                                                       // FCC DFS test
+                                                       pAd->LatchRfRegs.R1 |= 0x100;
+                                                       pAd->LatchRfRegs.R4 |= 0x00400000;
+                                               }
+#endif // DFS_FCC_BW40_FIX //
+#endif // DFS_DEBUG //
+
+                                               // Set RF value 1's set R3[bit2] = [0]
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+                                               RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 & (~0x04)));
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+                                               RTMPusecDelay(200);
+
+                                               // Set RF value 2's set R3[bit2] = [1]
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+                                               RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 | 0x04));
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+                                               RTMPusecDelay(200);
+
+                                               // Set RF value 3's set R3[bit2] = [0]
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+                                               RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 & (~0x04)));
+                                               RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+                                               break;
+                                       }
+                               }
+                               break;
+
+                       default:
+                               break;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("SwitchChannel#%d(RF=%d, Pwr0=%lu, Pwr1=%lu, %dT) to , R1=0x%08lx, R2=0x%08lx, R3=0x%08lx, R4=0x%08lx\n",
+                                                         Channel,
+                                                         pAd->RfIcType,
+                                                         (R3 & 0x00003e00) >> 9,
+                                                         (R4 & 0x000007c0) >> 6,
+                                                         pAd->Antenna.field.TxPath,
+                                                         pAd->LatchRfRegs.R1,
+                                                         pAd->LatchRfRegs.R2,
+                                                         pAd->LatchRfRegs.R3,
+                                                         pAd->LatchRfRegs.R4));
+       }
+
+       // Change BBP setting during siwtch from a->g, g->a
+       if (Channel <= 14)
+       {
+               ULONG   TxPinCfg = 0x00050F0A;//Gary 2007/08/09 0x050A0A
+
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R62, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R63, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R64, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R86, 0);//(0x44 - GET_LNA_GAIN(pAd)));    // According the Rory's suggestion to solve the middle range issue.
+               //RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0x62);
+
+               // Rx High power VGA offset for LNA select
+               if (pAd->NicConfig2.field.ExternalLNAForG)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0x62);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R75, 0x46);
+               }
+               else
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0x84);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R75, 0x50);
+               }
+
+               // 5G band selection PIN, bit1 and bit2 are complement
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Value);
+               Value &= (~0x6);
+               Value |= (0x04);
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+
+               // Turn off unused PA or LNA when only 1T or 1R
+               if (pAd->Antenna.field.TxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFFFF3;
+               }
+               if (pAd->Antenna.field.RxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFF3FF;
+               }
+
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+
+#if defined(RT3090) || defined(RT3390)
+               // PCIe PHY Transmit attenuation adjustment
+               if (IS_RT3090A(pAd) || IS_RT3390(pAd))
+               {
+                       TX_ATTENUATION_CTRL_STRUC TxAttenuationCtrl = {0};
+
+                       RTMP_IO_READ32(pAd, PCIE_PHY_TX_ATTENUATION_CTRL, &TxAttenuationCtrl.word);
+
+                       if (Channel == 14) // Channel #14
+                       {
+                               TxAttenuationCtrl.field.PCIE_PHY_TX_ATTEN_EN = 1; // Enable PCIe PHY Tx attenuation
+                               TxAttenuationCtrl.field.PCIE_PHY_TX_ATTEN_VALUE = 4; // 9/16 full drive level
+                       }
+                       else // Channel #1~#13
+                       {
+                               TxAttenuationCtrl.field.PCIE_PHY_TX_ATTEN_EN = 0; // Disable PCIe PHY Tx attenuation
+                               TxAttenuationCtrl.field.PCIE_PHY_TX_ATTEN_VALUE = 0; // n/a
+                       }
+
+                       RTMP_IO_WRITE32(pAd, PCIE_PHY_TX_ATTENUATION_CTRL, TxAttenuationCtrl.word);
+               }
+#endif
+       }
+       else
+       {
+               ULONG   TxPinCfg = 0x00050F05;//Gary 2007/8/9 0x050505
+
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R62, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R63, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R64, (0x37 - GET_LNA_GAIN(pAd)));
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R86, 0);//(0x44 - GET_LNA_GAIN(pAd)));   // According the Rory's suggestion to solve the middle range issue.
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0xF2);
+
+               // Rx High power VGA offset for LNA select
+               if (pAd->NicConfig2.field.ExternalLNAForA)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R75, 0x46);
+               }
+               else
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R75, 0x50);
+               }
+
+               // 5G band selection PIN, bit1 and bit2 are complement
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Value);
+               Value &= (~0x6);
+               Value |= (0x02);
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+
+               // Turn off unused PA or LNA when only 1T or 1R
+               if (pAd->Antenna.field.TxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFFFF3;
+               }
+               if (pAd->Antenna.field.RxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFF3FF;
+               }
+
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+
+       }
+
+       // R66 should be set according to Channel and use 20MHz when scanning
+       //RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, (0x2E + GET_LNA_GAIN(pAd)));
+       if (bScan)
+               RTMPSetAGCInitValue(pAd, BW_20);
+       else
+               RTMPSetAGCInitValue(pAd, pAd->CommonCfg.BBPCurrentBW);
+
+       //
+       // On 11A, We should delay and wait RF/BBP to be stable
+       // and the appropriate time should be 1000 micro seconds
+       // 2005/06/05 - On 11G, We also need this delay time. Otherwise it's difficult to pass the WHQL.
+       //
+       RTMPusecDelay(1000);
+}
+
+/*
+       ==========================================================================
+       Description:
+               This function is required for 2421 only, and should not be used during
+               site survey. It's only required after NIC decided to stay at a channel
+               for a longer period.
+               When this function is called, it's always after AsicSwitchChannel().
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicLockChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR Channel)
+{
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+#ifdef ANT_DIVERSITY_SUPPORT
+VOID   AsicAntennaSelect(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   Channel)
+{
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       if (pAd->Mlme.OneSecPeriodicRound % 2 == 1)
+#endif // CONFIG_STA_SUPPORT //
+       {
+               // patch for AsicSetRxAnt failed
+               pAd->RxAnt.EvaluatePeriod = 0;
+
+               // check every 2 second. If rcv-beacon less than 5 in the past 2 second, then AvgRSSI is no longer a
+               // valid indication of the distance between this AP and its clients.
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+               {
+                       SHORT   realavgrssi1;
+
+                       // if no traffic then reset average rssi to trigger evaluation
+#ifdef CONFIG_STA_SUPPORT
+                       if (pAd->StaCfg.NumOfAvgRssiSample < 5)
+                       {
+                               pAd->RxAnt.Pair1LastAvgRssi = (-99);
+                               pAd->RxAnt.Pair2LastAvgRssi = (-99);
+                               DBGPRINT(RT_DEBUG_TRACE, ("MlmePeriodicExec: no traffic/beacon, reset RSSI\n"));
+                       }
+
+                       pAd->StaCfg.NumOfAvgRssiSample = 0;
+                       realavgrssi1 = (pAd->RxAnt.Pair1AvgRssi[pAd->RxAnt.Pair1PrimaryRxAnt] >> 3);
+#endif // CONFIG_STA_SUPPORT //
+
+                       DBGPRINT(RT_DEBUG_TRACE,("Ant-realrssi0(%d), Lastrssi0(%d), EvaluateStableCnt=%d\n", realavgrssi1, pAd->RxAnt.Pair1LastAvgRssi, pAd->RxAnt.EvaluateStableCnt));
+
+                       // if the difference between two rssi is larger or less than 5, then evaluate the other antenna
+                       if ((pAd->RxAnt.EvaluateStableCnt < 2) || (realavgrssi1 > (pAd->RxAnt.Pair1LastAvgRssi + 5)) || (realavgrssi1 < (pAd->RxAnt.Pair1LastAvgRssi - 5)))
+                               AsicEvaluateRxAnt(pAd);
+
+                               pAd->RxAnt.Pair1LastAvgRssi = realavgrssi1;
+               }
+               else
+               {
+                       // if not connected, always switch antenna to try to connect
+                       UCHAR   temp;
+
+                       temp = pAd->RxAnt.Pair1PrimaryRxAnt;
+                       pAd->RxAnt.Pair1PrimaryRxAnt = pAd->RxAnt.Pair1SecondaryRxAnt;
+                       pAd->RxAnt.Pair1SecondaryRxAnt = temp;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MlmePeriodicExec: no connect, switch to another one to try connection\n"));
+
+                       AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+               }
+       }
+}
+#endif // ANT_DIVERSITY_SUPPORT //
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Antenna miscellaneous setting.
+
+       Arguments:
+               pAd                                             Pointer to our adapter
+               BandState                               Indicate current Band State.
+
+       Return Value:
+               None
+
+       IRQL <= DISPATCH_LEVEL
+
+       Note:
+               1.) Frame End type control
+                       only valid for G only (RF_2527 & RF_2529)
+                       0: means DPDT, set BBP R4 bit 5 to 1
+                       1: means SPDT, set BBP R4 bit 5 to 0
+
+
+       ========================================================================
+*/
+VOID   AsicAntennaSetting(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      ABGBAND_STATE   BandState)
+{
+}
+
+VOID AsicRfTuningExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+}
+
+/*
+       ==========================================================================
+       Description:
+               Gives CCK TX rate 2 more dB TX power.
+               This routine works only in LINK UP in INFRASTRUCTURE mode.
+
+               calculate desired Tx power in RF R3.Tx0~5,      should consider -
+               0. if current radio is a noisy environment (pAd->DrsCounters.fNoisyEnvironment)
+               1. TxPowerPercentage
+               2. auto calibration based on TSSI feedback
+               3. extra 2 db for CCK
+               4. -10 db upon very-short distance (AvgRSSI >= -40db) to AP
+
+       NOTE: Since this routine requires the value of (pAd->DrsCounters.fNoisyEnvironment),
+               it should be called AFTER MlmeDynamicTxRatSwitching()
+       ==========================================================================
+ */
+VOID AsicAdjustTxPower(
+       IN PRTMP_ADAPTER pAd)
+{
+       INT                     i, j;
+       CHAR            DeltaPwr = 0;
+       BOOLEAN         bAutoTxAgc = FALSE;
+       UCHAR           TssiRef, *pTssiMinusBoundary, *pTssiPlusBoundary, TxAgcStep;
+       UCHAR           BbpR1 = 0, BbpR49 = 0, idx;
+       PCHAR           pTxAgcCompensate;
+       ULONG           TxPwr[5];
+       CHAR            Value;
+#ifdef CONFIG_STA_SUPPORT
+       CHAR            Rssi = -127;
+#endif // CONFIG_STA_SUPPORT //
+#ifdef CARRIER_SENSE_NEW_ALGO
+       unsigned long flags; //KH Add to Fix PCIe Power-Saving bug
+#endif // CARRIER_SENSE_NEW_ALGO //
+
+
+#ifdef CARRIER_SENSE_NEW_ALGO
+       //KH Add to Fix PCIe Power-Saving bug<--
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       //KH Add to Fix PCIe Power-Saving bug-->
+#endif // CARRIER_SENSE_NEW_ALGO //
+
+#ifdef CONFIG_STA_SUPPORT
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE) ||
+#ifdef RTMP_MAC_PCI
+               (pAd->bPCIclkOff == TRUE) ||
+#endif // RTMP_MAC_PCI //
+               RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF) ||
+               RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+{
+
+#ifdef CARRIER_SENSE_NEW_ALGO
+       //KH Add to Fix PCIe Power-Saving bug<--
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+       //KH add to fix PCIe-Power Saving -->
+#endif // CARRIER_SENSE_NEW_ALGO //
+               return;
+}
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               Rssi = RTMPMaxRssi(pAd,
+                                                  pAd->StaCfg.RssiSample.AvgRssi0,
+                                                  pAd->StaCfg.RssiSample.AvgRssi1,
+                                                  pAd->StaCfg.RssiSample.AvgRssi2);
+#endif // CONFIG_STA_SUPPORT //
+
+       if (pAd->CommonCfg.BBPCurrentBW == BW_40)
+       {
+               if (pAd->CommonCfg.CentralChannel > 14)
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgGBand[4];
+               }
+       }
+       else
+       {
+               if (pAd->CommonCfg.Channel > 14)
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgGBand[4];
+               }
+       }
+
+       // TX power compensation for temperature variation based on TSSI. try every 4 second
+       if (pAd->Mlme.OneSecPeriodicRound % 4 == 0)
+       {
+               if (pAd->CommonCfg.Channel <= 14)
+               {
+                       /* bg channel */
+                       bAutoTxAgc         = pAd->bAutoTxAgcG;
+                       TssiRef            = pAd->TssiRefG;
+                       pTssiMinusBoundary = &pAd->TssiMinusBoundaryG[0];
+                       pTssiPlusBoundary  = &pAd->TssiPlusBoundaryG[0];
+                       TxAgcStep          = pAd->TxAgcStepG;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateG;
+               }
+               else
+               {
+                       /* a channel */
+                       bAutoTxAgc         = pAd->bAutoTxAgcA;
+                       TssiRef            = pAd->TssiRefA;
+                       pTssiMinusBoundary = &pAd->TssiMinusBoundaryA[0];
+                       pTssiPlusBoundary  = &pAd->TssiPlusBoundaryA[0];
+                       TxAgcStep          = pAd->TxAgcStepA;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateA;
+               }
+
+               if (bAutoTxAgc)
+               {
+                       /* BbpR1 is unsigned char */
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R49, &BbpR49);
+
+                       /* (p) TssiPlusBoundaryG[0] = 0 = (m) TssiMinusBoundaryG[0] */
+                       /* compensate: +4     +3   +2   +1    0   -1   -2   -3   -4 * steps */
+                       /* step value is defined in pAd->TxAgcStepG for tx power value */
+
+                       /* [4]+1+[4]   p4     p3   p2   p1   o1   m1   m2   m3   m4 */
+                       /* ex:         0x00 0x15 0x25 0x45 0x88 0xA0 0xB5 0xD0 0xF0
+                          above value are examined in mass factory production */
+                       /*             [4]    [3]  [2]  [1]  [0]  [1]  [2]  [3]  [4] */
+
+                       /* plus (+) is 0x00 ~ 0x45, minus (-) is 0xa0 ~ 0xf0 */
+                       /* if value is between p1 ~ o1 or o1 ~ s1, no need to adjust tx power */
+                       /* if value is 0xa5, tx power will be -= TxAgcStep*(2-1) */
+
+                       if (BbpR49 > pTssiMinusBoundary[1])
+                       {
+                               // Reading is larger than the reference value
+                               // check for how large we need to decrease the Tx power
+                               for (idx = 1; idx < 5; idx++)
+                               {
+                                       if (BbpR49 <= pTssiMinusBoundary[idx])  // Found the range
+                                               break;
+                               }
+                               // The index is the step we should decrease, idx = 0 means there is nothing to compensate
+//                             if (R3 > (ULONG) (TxAgcStep * (idx-1)))
+                                       *pTxAgcCompensate = -(TxAgcStep * (idx-1));
+//                             else
+//                                     *pTxAgcCompensate = -((UCHAR)R3);
+
+                               DeltaPwr += (*pTxAgcCompensate);
+                               DBGPRINT(RT_DEBUG_TRACE, ("-- Tx Power, BBP R1=%x, TssiRef=%x, TxAgcStep=%x, step = -%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, idx-1));
+                       }
+                       else if (BbpR49 < pTssiPlusBoundary[1])
+                       {
+                               // Reading is smaller than the reference value
+                               // check for how large we need to increase the Tx power
+                               for (idx = 1; idx < 5; idx++)
+                               {
+                                       if (BbpR49 >= pTssiPlusBoundary[idx])   // Found the range
+                                               break;
+                               }
+                               // The index is the step we should increase, idx = 0 means there is nothing to compensate
+                               *pTxAgcCompensate = TxAgcStep * (idx-1);
+                               DeltaPwr += (*pTxAgcCompensate);
+                               DBGPRINT(RT_DEBUG_TRACE, ("++ Tx Power, BBP R1=%x, TssiRef=%x, TxAgcStep=%x, step = +%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, idx-1));
+                       }
+                       else
+                       {
+                               *pTxAgcCompensate = 0;
+                               DBGPRINT(RT_DEBUG_TRACE, ("   Tx Power, BBP R49=%x, TssiRef=%x, TxAgcStep=%x, step = +%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, 0));
+                       }
+               }
+       }
+       else
+       {
+               if (pAd->CommonCfg.Channel <= 14)
+               {
+                       bAutoTxAgc         = pAd->bAutoTxAgcG;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateG;
+               }
+               else
+               {
+                       bAutoTxAgc         = pAd->bAutoTxAgcA;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateA;
+               }
+
+               if (bAutoTxAgc)
+                       DeltaPwr += (*pTxAgcCompensate);
+       }
+
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &BbpR1);
+       BbpR1 &= 0xFC;
+
+#ifdef SINGLE_SKU
+       // Handle regulatory max tx power constrain
+       do
+       {
+               UCHAR    TxPwrInEEPROM = 0xFF, CountryTxPwr = 0xFF, criterion;
+               UCHAR    AdjustMaxTxPwr[40];
+
+               if (pAd->CommonCfg.Channel > 14) // 5G band
+                       TxPwrInEEPROM = ((pAd->CommonCfg.DefineMaxTxPwr & 0xFF00) >> 8);
+               else // 2.4G band
+                       TxPwrInEEPROM = (pAd->CommonCfg.DefineMaxTxPwr & 0x00FF);
+               CountryTxPwr = GetCuntryMaxTxPwr(pAd, pAd->CommonCfg.Channel);
+
+               // error handling, range check
+               if ((TxPwrInEEPROM > 0x50) || (CountryTxPwr > 0x50))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR,("AsicAdjustTxPower - Invalid max tx power (=0x%02x), CountryTxPwr=%d\n", TxPwrInEEPROM, CountryTxPwr));
+                       break;
+               }
+
+               criterion = *((PUCHAR)TxPwr + 2) & 0xF;        // FAE use OFDM 6M as criterion
+
+               DBGPRINT_RAW(RT_DEBUG_TRACE,("AsicAdjustTxPower (criterion=%d, TxPwrInEEPROM=%d, CountryTxPwr=%d)\n", criterion, TxPwrInEEPROM, CountryTxPwr));
+
+               // Adjust max tx power according to the relationship of tx power in E2PROM
+               for (i=0; i<5; i++)
+               {
+                       // CCK will have 4dBm larger than OFDM
+                       // Therefore, we should separate to parse the tx power field
+                       if (i == 0)
+                       {
+                               for (j=0; j<8; j++)
+                               {
+                                       Value = (CHAR)((TxPwr[i] >> j*4) & 0x0F);
+
+                                       if (j < 4)
+                                       {
+                                               // CCK will have 4dBm larger than OFDM
+                                               AdjustMaxTxPwr[i*8+j] = TxPwrInEEPROM + (Value - criterion) + 4;
+                                       }
+                                       else
+                                       {
+                                               AdjustMaxTxPwr[i*8+j] = TxPwrInEEPROM + (Value - criterion);
+                                       }
+                                       DBGPRINT_RAW(RT_DEBUG_TRACE,("AsicAdjustTxPower (i/j=%d/%d, Value=%d, %d)\n", i, j, Value, AdjustMaxTxPwr[i*8+j]));
+                               }
+                       }
+                       else
+                       {
+                               for (j=0; j<8; j++)
+                               {
+                                       Value = (CHAR)((TxPwr[i] >> j*4) & 0x0F);
+
+                                       AdjustMaxTxPwr[i*8+j] = TxPwrInEEPROM + (Value - criterion);
+                                       DBGPRINT_RAW(RT_DEBUG_TRACE,("AsicAdjustTxPower (i/j=%d/%d, Value=%d, %d)\n", i, j, Value, AdjustMaxTxPwr[i*8+j]));
+                               }
+                       }
+               }
+
+               // Adjust tx power according to the relationship
+               for (i=0; i<5; i++)
+               {
+                       if (TxPwr[i] != 0xffffffff)
+                       {
+                               for (j=0; j<8; j++)
+                               {
+                                       Value = (CHAR)((TxPwr[i] >> j*4) & 0x0F);
+
+                                       // The system tx power is larger than the regulatory, the power should be restrain
+                                       if (AdjustMaxTxPwr[i*8+j] > CountryTxPwr)
+                                       {
+                                               // decrease to zero and don't need to take care BBPR1
+                                               if ((Value - (AdjustMaxTxPwr[i*8+j] - CountryTxPwr)) > 0)
+                                                       Value -= (AdjustMaxTxPwr[i*8+j] - CountryTxPwr);
+                                               else
+                                                       Value = 0;
+
+                                               DBGPRINT_RAW(RT_DEBUG_TRACE,("AsicAdjustTxPower (i/j=%d/%d, Value=%d, %d)\n", i, j, Value, AdjustMaxTxPwr[i*8+j]));
+                                       }
+                                       else
+                                               DBGPRINT_RAW(RT_DEBUG_TRACE,("AsicAdjustTxPower (i/j=%d/%d, Value=%d, %d, no change)\n", i, j, Value, AdjustMaxTxPwr[i*8+j]));
+
+                                               TxPwr[i] = (TxPwr[i] & ~(0x0000000F << j*4)) | (Value << j*4);
+                               }
+                       }
+               }
+       } while (FALSE);
+#endif // SINGLE_SKU //
+
+       /* calculate delta power based on the percentage specified from UI */
+       // E2PROM setting is calibrated for maximum TX power (i.e. 100%)
+       // We lower TX power here according to the percentage specified from UI
+       if (pAd->CommonCfg.TxPowerPercentage == 0xffffffff)       // AUTO TX POWER control
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       // to patch high power issue with some APs, like Belkin N1.
+                       if (Rssi > -35)
+                       {
+                               BbpR1 |= 0x02;          // DeltaPwr -= 12;
+                       }
+                       else if (Rssi > -40)
+                       {
+                               BbpR1 |= 0x01;          // DeltaPwr -= 6;
+                       }
+                       else
+               ;
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 90)  // 91 ~ 100% & AUTO, treat as 100% in terms of mW
+               ;
+       else if (pAd->CommonCfg.TxPowerPercentage > 60)  // 61 ~ 90%, treat as 75% in terms of mW               // DeltaPwr -= 1;
+       {
+               DeltaPwr -= 1;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 30)  // 31 ~ 60%, treat as 50% in terms of mW               // DeltaPwr -= 3;
+       {
+               DeltaPwr -= 3;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 15)  // 16 ~ 30%, treat as 25% in terms of mW               // DeltaPwr -= 6;
+       {
+               BbpR1 |= 0x01;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 9)   // 10 ~ 15%, treat as 12.5% in terms of mW             // DeltaPwr -= 9;
+       {
+               BbpR1 |= 0x01;
+               DeltaPwr -= 3;
+       }
+       else                                           // 0 ~ 9 %, treat as MIN(~3%) in terms of mW             // DeltaPwr -= 12;
+       {
+               BbpR1 |= 0x02;
+       }
+
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, BbpR1);
+
+       /* reset different new tx power for different TX rate */
+       for(i=0; i<5; i++)
+       {
+               if (TxPwr[i] != 0xffffffff)
+               {
+                       for (j=0; j<8; j++)
+                       {
+                               Value = (CHAR)((TxPwr[i] >> j*4) & 0x0F); /* 0 ~ 15 */
+
+                               if ((Value + DeltaPwr) < 0)
+                               {
+                                       Value = 0; /* min */
+                               }
+                               else if ((Value + DeltaPwr) > 0xF)
+                               {
+                                       Value = 0xF; /* max */
+                               }
+                               else
+                               {
+                                       Value += DeltaPwr; /* temperature compensation */
+                               }
+
+                               /* fill new value to CSR offset */
+                               TxPwr[i] = (TxPwr[i] & ~(0x0000000F << j*4)) | (Value << j*4);
+                       }
+
+                       /* write tx power value to CSR */
+                       /* TX_PWR_CFG_0 (8 tx rate) for TX power for OFDM 12M/18M
+                                                                                       TX power for OFDM 6M/9M
+                                                                                       TX power for CCK5.5M/11M
+                                                                                       TX power for CCK1M/2M */
+                       /* TX_PWR_CFG_1 ~ TX_PWR_CFG_4 */
+                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, TxPwr[i]);
+               }
+       }
+
+#ifdef CARRIER_SENSE_NEW_ALGO
+       //KH Add to Fix PCIe Power-Saving bug<--
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+       //KH add to fix PCIe-Power Saving -->
+#endif // CARRIER_SENSE_NEW_ALGO //
+
+}
+
+
+#ifdef CONFIG_STA_SUPPORT
+VOID AsicResetBBPAgent(
+IN PRTMP_ADAPTER pAd)
+{
+       BBP_CSR_CFG_STRUC       BbpCsr;
+       DBGPRINT(RT_DEBUG_ERROR, ("Reset BBP Agent busy bit.!! \n"));
+       // Still need to find why BBP agent keeps busy, but in fact, hardware still function ok. Now clear busy first.
+       RTMP_IO_READ32(pAd, H2M_BBP_AGENT, &BbpCsr.word);
+       BbpCsr.field.Busy = 0;
+       RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, BbpCsr.word);
+}
+/*
+       ==========================================================================
+       Description:
+               put PHY to sleep here, and set next wakeup timer. PHY doesn't not wakeup
+               automatically. Instead, MCU will issue a TwakeUpInterrupt to host after
+               the wakeup timer timeout. Driver has to issue a separate command to wake
+               PHY up.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicSleepThenAutoWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT TbttNumToNextWakeUp)
+{
+       RTMP_STA_SLEEP_THEN_AUTO_WAKEUP(pAd, TbttNumToNextWakeUp);
+}
+
+/*
+       ==========================================================================
+       Description:
+               AsicForceWakeup() is used whenever manual wakeup is required
+               AsicForceSleep() should only be used when not in INFRA BSS. When
+               in INFRA BSS, we should use AsicSleepThenAutoWakeup() instead.
+       ==========================================================================
+ */
+VOID AsicForceSleep(
+       IN PRTMP_ADAPTER pAd)
+{
+
+}
+
+/*
+       ==========================================================================
+       Description:
+               AsicForceWakeup() is used whenever Twakeup timer (set via AsicSleepThenAutoWakeup)
+               expired.
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+       ==========================================================================
+ */
+VOID AsicForceWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN    bFromTx)
+{
+    DBGPRINT(RT_DEBUG_INFO, ("--> AsicForceWakeup \n"));
+    RTMP_STA_FORCE_WAKEUP(pAd, bFromTx);
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+/*
+       ==========================================================================
+       Description:
+               Set My BSSID
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicSetBssid(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pBssid)
+{
+       ULONG             Addr4;
+       DBGPRINT(RT_DEBUG_TRACE, ("==============> AsicSetBssid %x:%x:%x:%x:%x:%x\n",
+               pBssid[0],pBssid[1],pBssid[2],pBssid[3], pBssid[4],pBssid[5]));
+
+       Addr4 = (ULONG)(pBssid[0])               |
+                       (ULONG)(pBssid[1] << 8)  |
+                       (ULONG)(pBssid[2] << 16) |
+                       (ULONG)(pBssid[3] << 24);
+       RTMP_IO_WRITE32(pAd, MAC_BSSID_DW0, Addr4);
+
+       Addr4 = 0;
+       // always one BSSID in STA mode
+       Addr4 = (ULONG)(pBssid[4]) | (ULONG)(pBssid[5] << 8);
+
+       RTMP_IO_WRITE32(pAd, MAC_BSSID_DW1, Addr4);
+}
+
+VOID AsicSetMcastWC(
+       IN PRTMP_ADAPTER pAd)
+{
+       MAC_TABLE_ENTRY *pEntry = &pAd->MacTab.Content[MCAST_WCID];
+       USHORT          offset;
+
+       pEntry->Sst        = SST_ASSOC;
+       pEntry->Aid        = MCAST_WCID;        // Softap supports 1 BSSID and use WCID=0 as multicast Wcid index
+       pEntry->PsMode     = PWR_ACTIVE;
+       pEntry->CurrTxRate = pAd->CommonCfg.MlmeRate;
+       offset = MAC_WCID_BASE + BSS0Mcast_WCID * HW_WCID_ENTRY_SIZE;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicDelWcidTab(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR        Wcid)
+{
+       ULONG             Addr0 = 0x0, Addr1 = 0x0;
+       ULONG           offset;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("AsicDelWcidTab==>Wcid = 0x%x\n",Wcid));
+       offset = MAC_WCID_BASE + Wcid * HW_WCID_ENTRY_SIZE;
+       RTMP_IO_WRITE32(pAd, offset, Addr0);
+       offset += 4;
+       RTMP_IO_WRITE32(pAd, offset, Addr1);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicEnableRDG(
+       IN PRTMP_ADAPTER pAd)
+{
+       TX_LINK_CFG_STRUC       TxLinkCfg;
+       UINT32                          Data = 0;
+
+       RTMP_IO_READ32(pAd, TX_LINK_CFG, &TxLinkCfg.word);
+       TxLinkCfg.field.TxRDGEn = 1;
+       RTMP_IO_WRITE32(pAd, TX_LINK_CFG, TxLinkCfg.word);
+
+       RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &Data);
+       Data  &= 0xFFFFFF00;
+       Data  |= 0x80;
+       RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Data);
+
+       //OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicDisableRDG(
+       IN PRTMP_ADAPTER pAd)
+{
+       TX_LINK_CFG_STRUC       TxLinkCfg;
+       UINT32                          Data = 0;
+
+
+       RTMP_IO_READ32(pAd, TX_LINK_CFG, &TxLinkCfg.word);
+       TxLinkCfg.field.TxRDGEn = 0;
+       RTMP_IO_WRITE32(pAd, TX_LINK_CFG, TxLinkCfg.word);
+
+       RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &Data);
+
+       Data  &= 0xFFFFFF00;
+       //Data  |= 0x20;
+#ifndef WIFI_TEST
+       //if ( pAd->CommonCfg.bEnableTxBurst )
+       //      Data |= 0x60; // for performance issue not set the TXOP to 0
+#endif
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_DYNAMIC_BE_TXOP_ACTIVE)
+#ifdef DOT11_N_SUPPORT
+               && (pAd->MacTab.fAnyStationMIMOPSDynamic == FALSE)
+#endif // DOT11_N_SUPPORT //
+       )
+       {
+               // For CWC test, change txop from 0x30 to 0x20 in TxBurst mode
+               if (pAd->CommonCfg.bEnableTxBurst)
+               Data |= 0x20;
+       }
+       RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Data);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicDisableSync(
+       IN PRTMP_ADAPTER pAd)
+{
+       BCN_TIME_CFG_STRUC csr;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--->Disable TSF synchronization\n"));
+
+       // 2003-12-20 disable TSF and TBTT while NIC in power-saving have side effect
+       //                        that NIC will never wakes up because TSF stops and no more
+       //                        TBTT interrupts
+       pAd->TbttTickCount = 0;
+       RTMP_IO_READ32(pAd, BCN_TIME_CFG, &csr.word);
+       csr.field.bBeaconGen = 0;
+       csr.field.bTBTTEnable = 0;
+       csr.field.TsfSyncMode = 0;
+       csr.field.bTsfTicking = 0;
+       RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr.word);
+
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicEnableBssSync(
+       IN PRTMP_ADAPTER pAd)
+{
+       BCN_TIME_CFG_STRUC csr;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--->AsicEnableBssSync(INFRA mode)\n"));
+
+       RTMP_IO_READ32(pAd, BCN_TIME_CFG, &csr.word);
+//     RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, 0x00000000);
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               csr.field.BeaconInterval = pAd->CommonCfg.BeaconPeriod << 4; // ASIC register in units of 1/16 TU
+               csr.field.bTsfTicking = 1;
+               csr.field.TsfSyncMode = 1; // sync TSF in INFRASTRUCTURE mode
+               csr.field.bBeaconGen  = 0; // do NOT generate BEACON
+               csr.field.bTBTTEnable = 1;
+       }
+#endif // CONFIG_STA_SUPPORT //
+       RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr.word);
+}
+
+/*
+       ==========================================================================
+       Description:
+       Note:
+               BEACON frame in shared memory should be built ok before this routine
+               can be called. Otherwise, a garbage frame maybe transmitted out every
+               Beacon period.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicEnableIbssSync(
+       IN PRTMP_ADAPTER pAd)
+{
+       BCN_TIME_CFG_STRUC csr9;
+       PUCHAR                  ptr;
+       UINT i;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--->AsicEnableIbssSync(ADHOC mode. MPDUtotalByteCount = %d)\n", pAd->BeaconTxWI.MPDUtotalByteCount));
+
+       RTMP_IO_READ32(pAd, BCN_TIME_CFG, &csr9.word);
+       csr9.field.bBeaconGen = 0;
+       csr9.field.bTBTTEnable = 0;
+       csr9.field.bTsfTicking = 0;
+       RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr9.word);
+
+#ifdef RTMP_MAC_PCI
+       // move BEACON TXD and frame content to on-chip memory
+       ptr = (PUCHAR)&pAd->BeaconTxWI;
+       for (i=0; i<TXWI_SIZE; i+=4)  // 16-byte TXWI field
+       {
+               UINT32 longptr =  *ptr + (*(ptr+1)<<8) + (*(ptr+2)<<16) + (*(ptr+3)<<24);
+               RTMP_IO_WRITE32(pAd, HW_BEACON_BASE0 + i, longptr);
+               ptr += 4;
+       }
+
+       // start right after the 16-byte TXWI field
+       ptr = pAd->BeaconBuf;
+       for (i=0; i< pAd->BeaconTxWI.MPDUtotalByteCount; i+=4)
+       {
+               UINT32 longptr =  *ptr + (*(ptr+1)<<8) + (*(ptr+2)<<16) + (*(ptr+3)<<24);
+               RTMP_IO_WRITE32(pAd, HW_BEACON_BASE0 + TXWI_SIZE + i, longptr);
+               ptr +=4;
+       }
+#endif // RTMP_MAC_PCI //
+
+
+       //
+       // For Wi-Fi faily generated beacons between participating stations.
+       // Set TBTT phase adaptive adjustment step to 8us (default 16us)
+       // don't change settings 2006-5- by Jerry
+       //RTMP_IO_WRITE32(pAd, TBTT_SYNC_CFG, 0x00001010);
+
+       // start sending BEACON
+       csr9.field.BeaconInterval = pAd->CommonCfg.BeaconPeriod << 4; // ASIC register in units of 1/16 TU
+       csr9.field.bTsfTicking = 1;
+       csr9.field.TsfSyncMode = 2; // sync TSF in IBSS mode
+       csr9.field.bTBTTEnable = 1;
+       csr9.field.bBeaconGen = 1;
+       RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr9.word);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicSetEdcaParm(
+       IN PRTMP_ADAPTER pAd,
+       IN PEDCA_PARM    pEdcaParm)
+{
+       EDCA_AC_CFG_STRUC   Ac0Cfg, Ac1Cfg, Ac2Cfg, Ac3Cfg;
+       AC_TXOP_CSR0_STRUC csr0;
+       AC_TXOP_CSR1_STRUC csr1;
+       AIFSN_CSR_STRUC    AifsnCsr;
+       CWMIN_CSR_STRUC    CwminCsr;
+       CWMAX_CSR_STRUC    CwmaxCsr;
+       int i;
+
+       Ac0Cfg.word = 0;
+       Ac1Cfg.word = 0;
+       Ac2Cfg.word = 0;
+       Ac3Cfg.word = 0;
+       if ((pEdcaParm == NULL) || (pEdcaParm->bValid == FALSE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("AsicSetEdcaParm\n"));
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_WMM_INUSED);
+               for (i=0; i<MAX_LEN_OF_MAC_TABLE; i++)
+               {
+                       if (pAd->MacTab.Content[i].ValidAsCLI || pAd->MacTab.Content[i].ValidAsApCli)
+                               CLIENT_STATUS_CLEAR_FLAG(&pAd->MacTab.Content[i], fCLIENT_STATUS_WMM_CAPABLE);
+               }
+
+               //========================================================
+               //      MAC Register has a copy .
+               //========================================================
+//#ifndef WIFI_TEST
+               if( pAd->CommonCfg.bEnableTxBurst )
+               {
+                       // For CWC test, change txop from 0x30 to 0x20 in TxBurst mode
+                       Ac0Cfg.field.AcTxop = 0x20; // Suggest by John for TxBurst in HT Mode
+               }
+               else
+                       Ac0Cfg.field.AcTxop = 0;        // QID_AC_BE
+//#else
+//             Ac0Cfg.field.AcTxop = 0;        // QID_AC_BE
+//#endif
+               Ac0Cfg.field.Cwmin = CW_MIN_IN_BITS;
+               Ac0Cfg.field.Cwmax = CW_MAX_IN_BITS;
+               Ac0Cfg.field.Aifsn = 2;
+               RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Ac0Cfg.word);
+
+               Ac1Cfg.field.AcTxop = 0;        // QID_AC_BK
+               Ac1Cfg.field.Cwmin = CW_MIN_IN_BITS;
+               Ac1Cfg.field.Cwmax = CW_MAX_IN_BITS;
+               Ac1Cfg.field.Aifsn = 2;
+               RTMP_IO_WRITE32(pAd, EDCA_AC1_CFG, Ac1Cfg.word);
+
+               if (pAd->CommonCfg.PhyMode == PHY_11B)
+               {
+                       Ac2Cfg.field.AcTxop = 192;      // AC_VI: 192*32us ~= 6ms
+                       Ac3Cfg.field.AcTxop = 96;       // AC_VO: 96*32us  ~= 3ms
+               }
+               else
+               {
+                       Ac2Cfg.field.AcTxop = 96;       // AC_VI: 96*32us ~= 3ms
+                       Ac3Cfg.field.AcTxop = 48;       // AC_VO: 48*32us ~= 1.5ms
+               }
+               Ac2Cfg.field.Cwmin = CW_MIN_IN_BITS;
+               Ac2Cfg.field.Cwmax = CW_MAX_IN_BITS;
+               Ac2Cfg.field.Aifsn = 2;
+               RTMP_IO_WRITE32(pAd, EDCA_AC2_CFG, Ac2Cfg.word);
+               Ac3Cfg.field.Cwmin = CW_MIN_IN_BITS;
+               Ac3Cfg.field.Cwmax = CW_MAX_IN_BITS;
+               Ac3Cfg.field.Aifsn = 2;
+               RTMP_IO_WRITE32(pAd, EDCA_AC3_CFG, Ac3Cfg.word);
+
+               //========================================================
+               //      DMA Register has a copy too.
+               //========================================================
+               csr0.field.Ac0Txop = 0;         // QID_AC_BE
+               csr0.field.Ac1Txop = 0;         // QID_AC_BK
+               RTMP_IO_WRITE32(pAd, WMM_TXOP0_CFG, csr0.word);
+               if (pAd->CommonCfg.PhyMode == PHY_11B)
+               {
+                       csr1.field.Ac2Txop = 192;               // AC_VI: 192*32us ~= 6ms
+                       csr1.field.Ac3Txop = 96;                // AC_VO: 96*32us  ~= 3ms
+               }
+               else
+               {
+                       csr1.field.Ac2Txop = 96;                // AC_VI: 96*32us ~= 3ms
+                       csr1.field.Ac3Txop = 48;                // AC_VO: 48*32us ~= 1.5ms
+               }
+               RTMP_IO_WRITE32(pAd, WMM_TXOP1_CFG, csr1.word);
+
+               CwminCsr.word = 0;
+               CwminCsr.field.Cwmin0 = CW_MIN_IN_BITS;
+               CwminCsr.field.Cwmin1 = CW_MIN_IN_BITS;
+               CwminCsr.field.Cwmin2 = CW_MIN_IN_BITS;
+               CwminCsr.field.Cwmin3 = CW_MIN_IN_BITS;
+               RTMP_IO_WRITE32(pAd, WMM_CWMIN_CFG, CwminCsr.word);
+
+               CwmaxCsr.word = 0;
+               CwmaxCsr.field.Cwmax0 = CW_MAX_IN_BITS;
+               CwmaxCsr.field.Cwmax1 = CW_MAX_IN_BITS;
+               CwmaxCsr.field.Cwmax2 = CW_MAX_IN_BITS;
+               CwmaxCsr.field.Cwmax3 = CW_MAX_IN_BITS;
+               RTMP_IO_WRITE32(pAd, WMM_CWMAX_CFG, CwmaxCsr.word);
+
+               RTMP_IO_WRITE32(pAd, WMM_AIFSN_CFG, 0x00002222);
+
+               NdisZeroMemory(&pAd->CommonCfg.APEdcaParm, sizeof(EDCA_PARM));
+       }
+       else
+       {
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_WMM_INUSED);
+               //========================================================
+               //      MAC Register has a copy.
+               //========================================================
+               //
+               // Modify Cwmin/Cwmax/Txop on queue[QID_AC_VI], Recommend by Jerry 2005/07/27
+               // To degrade our VIDO Queue's throughput for WiFi WMM S3T07 Issue.
+               //
+               //pEdcaParm->Txop[QID_AC_VI] = pEdcaParm->Txop[QID_AC_VI] * 7 / 10; // rt2860c need this
+
+               Ac0Cfg.field.AcTxop =  pEdcaParm->Txop[QID_AC_BE];
+               Ac0Cfg.field.Cwmin= pEdcaParm->Cwmin[QID_AC_BE];
+               Ac0Cfg.field.Cwmax = pEdcaParm->Cwmax[QID_AC_BE];
+               Ac0Cfg.field.Aifsn = pEdcaParm->Aifsn[QID_AC_BE]; //+1;
+
+               Ac1Cfg.field.AcTxop =  pEdcaParm->Txop[QID_AC_BK];
+               Ac1Cfg.field.Cwmin = pEdcaParm->Cwmin[QID_AC_BK]; //+2;
+               Ac1Cfg.field.Cwmax = pEdcaParm->Cwmax[QID_AC_BK];
+               Ac1Cfg.field.Aifsn = pEdcaParm->Aifsn[QID_AC_BK]; //+1;
+
+               Ac2Cfg.field.AcTxop = (pEdcaParm->Txop[QID_AC_VI] * 6) / 10;
+               if(pAd->Antenna.field.TxPath == 1)
+               {
+                       Ac2Cfg.field.Cwmin = pEdcaParm->Cwmin[QID_AC_VI] + 1;
+                       Ac2Cfg.field.Cwmax = pEdcaParm->Cwmax[QID_AC_VI] + 1;
+               }
+               else
+               {
+               Ac2Cfg.field.Cwmin = pEdcaParm->Cwmin[QID_AC_VI];
+               Ac2Cfg.field.Cwmax = pEdcaParm->Cwmax[QID_AC_VI];
+               }
+               Ac2Cfg.field.Aifsn = pEdcaParm->Aifsn[QID_AC_VI] + 1;
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef INF_AMAZON_SE
+#endif // INF_AMAZON_SE //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       // Tuning for Wi-Fi WMM S06
+                       if (pAd->CommonCfg.bWiFiTest &&
+                               pEdcaParm->Aifsn[QID_AC_VI] == 10)
+                               Ac2Cfg.field.Aifsn -= 1;
+
+                       // Tuning for TGn Wi-Fi 5.2.32
+                       // STA TestBed changes in this item: conexant legacy sta ==> broadcom 11n sta
+                       if (STA_TGN_WIFI_ON(pAd) &&
+                               pEdcaParm->Aifsn[QID_AC_VI] == 10)
+                       {
+                               Ac0Cfg.field.Aifsn = 3;
+                               Ac2Cfg.field.AcTxop = 5;
+                       }
+
+#ifdef RT30xx
+                       if (pAd->RfIcType == RFIC_3020 || pAd->RfIcType == RFIC_2020)
+                       {
+                               // Tuning for WiFi WMM S3-T07: connexant legacy sta ==> broadcom 11n sta.
+                               Ac2Cfg.field.Aifsn = 5;
+                       }
+#endif // RT30xx //
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               Ac3Cfg.field.AcTxop = pEdcaParm->Txop[QID_AC_VO];
+               Ac3Cfg.field.Cwmin = pEdcaParm->Cwmin[QID_AC_VO];
+               Ac3Cfg.field.Cwmax = pEdcaParm->Cwmax[QID_AC_VO];
+               Ac3Cfg.field.Aifsn = pEdcaParm->Aifsn[QID_AC_VO];
+
+//#ifdef WIFI_TEST
+               if (pAd->CommonCfg.bWiFiTest)
+               {
+                       if (Ac3Cfg.field.AcTxop == 102)
+                       {
+                       Ac0Cfg.field.AcTxop = pEdcaParm->Txop[QID_AC_BE] ? pEdcaParm->Txop[QID_AC_BE] : 10;
+                               Ac0Cfg.field.Aifsn  = pEdcaParm->Aifsn[QID_AC_BE]-1; /* AIFSN must >= 1 */
+                       Ac1Cfg.field.AcTxop = pEdcaParm->Txop[QID_AC_BK];
+                               Ac1Cfg.field.Aifsn  = pEdcaParm->Aifsn[QID_AC_BK];
+                       Ac2Cfg.field.AcTxop = pEdcaParm->Txop[QID_AC_VI];
+                       } /* End of if */
+               }
+//#endif // WIFI_TEST //
+
+               RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Ac0Cfg.word);
+               RTMP_IO_WRITE32(pAd, EDCA_AC1_CFG, Ac1Cfg.word);
+               RTMP_IO_WRITE32(pAd, EDCA_AC2_CFG, Ac2Cfg.word);
+               RTMP_IO_WRITE32(pAd, EDCA_AC3_CFG, Ac3Cfg.word);
+
+
+               //========================================================
+               //      DMA Register has a copy too.
+               //========================================================
+               csr0.field.Ac0Txop = Ac0Cfg.field.AcTxop;
+               csr0.field.Ac1Txop = Ac1Cfg.field.AcTxop;
+               RTMP_IO_WRITE32(pAd, WMM_TXOP0_CFG, csr0.word);
+
+               csr1.field.Ac2Txop = Ac2Cfg.field.AcTxop;
+               csr1.field.Ac3Txop = Ac3Cfg.field.AcTxop;
+               RTMP_IO_WRITE32(pAd, WMM_TXOP1_CFG, csr1.word);
+
+               CwminCsr.word = 0;
+               CwminCsr.field.Cwmin0 = pEdcaParm->Cwmin[QID_AC_BE];
+               CwminCsr.field.Cwmin1 = pEdcaParm->Cwmin[QID_AC_BK];
+               CwminCsr.field.Cwmin2 = pEdcaParm->Cwmin[QID_AC_VI];
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       CwminCsr.field.Cwmin3 = pEdcaParm->Cwmin[QID_AC_VO] - 1; //for TGn wifi test
+#endif // CONFIG_STA_SUPPORT //
+               RTMP_IO_WRITE32(pAd, WMM_CWMIN_CFG, CwminCsr.word);
+
+               CwmaxCsr.word = 0;
+               CwmaxCsr.field.Cwmax0 = pEdcaParm->Cwmax[QID_AC_BE];
+               CwmaxCsr.field.Cwmax1 = pEdcaParm->Cwmax[QID_AC_BK];
+               CwmaxCsr.field.Cwmax2 = pEdcaParm->Cwmax[QID_AC_VI];
+               CwmaxCsr.field.Cwmax3 = pEdcaParm->Cwmax[QID_AC_VO];
+               RTMP_IO_WRITE32(pAd, WMM_CWMAX_CFG, CwmaxCsr.word);
+
+               AifsnCsr.word = 0;
+               AifsnCsr.field.Aifsn0 = Ac0Cfg.field.Aifsn; //pEdcaParm->Aifsn[QID_AC_BE];
+               AifsnCsr.field.Aifsn1 = Ac1Cfg.field.Aifsn; //pEdcaParm->Aifsn[QID_AC_BK];
+               AifsnCsr.field.Aifsn2 = Ac2Cfg.field.Aifsn; //pEdcaParm->Aifsn[QID_AC_VI];
+#ifdef INF_AMAZON_SE
+#endif // INF_AMAZON_SE //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       // Tuning for Wi-Fi WMM S06
+                       if (pAd->CommonCfg.bWiFiTest &&
+                               pEdcaParm->Aifsn[QID_AC_VI] == 10)
+                               AifsnCsr.field.Aifsn2 = Ac2Cfg.field.Aifsn - 4;
+
+                       // Tuning for TGn Wi-Fi 5.2.32
+                       // STA TestBed changes in this item: connexant legacy sta ==> broadcom 11n sta
+                       if (STA_TGN_WIFI_ON(pAd) &&
+                               pEdcaParm->Aifsn[QID_AC_VI] == 10)
+                       {
+                               AifsnCsr.field.Aifsn0 = 3;
+                               AifsnCsr.field.Aifsn2 = 7;
+                       }
+
+                       if (INFRA_ON(pAd))
+                               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[BSSID_WCID], fCLIENT_STATUS_WMM_CAPABLE);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       AifsnCsr.field.Aifsn3 = Ac3Cfg.field.Aifsn - 1; //pEdcaParm->Aifsn[QID_AC_VO]; //for TGn wifi test
+#ifdef RT30xx
+                       // TODO: Shiang, this modification also suitable for RT3052/RT3050 ???
+                       if (pAd->RfIcType == RFIC_3020 || pAd->RfIcType == RFIC_2020)
+                       {
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                                       AifsnCsr.field.Aifsn2 = 0x2; //pEdcaParm->Aifsn[QID_AC_VI]; //for WiFi WMM S4-T04.
+                       }
+#endif // RT30xx //
+               }
+#endif // CONFIG_STA_SUPPORT //
+               RTMP_IO_WRITE32(pAd, WMM_AIFSN_CFG, AifsnCsr.word);
+
+               NdisMoveMemory(&pAd->CommonCfg.APEdcaParm, pEdcaParm, sizeof(EDCA_PARM));
+               if (!ADHOC_ON(pAd))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("EDCA [#%d]: AIFSN CWmin CWmax  TXOP(us)  ACM\n", pEdcaParm->EdcaUpdateCount));
+                       DBGPRINT(RT_DEBUG_TRACE,("     AC_BE      %2d     %2d     %2d      %4d     %d\n",
+                                                                        pEdcaParm->Aifsn[0],
+                                                                        pEdcaParm->Cwmin[0],
+                                                                        pEdcaParm->Cwmax[0],
+                                                                        pEdcaParm->Txop[0]<<5,
+                                                                        pEdcaParm->bACM[0]));
+                       DBGPRINT(RT_DEBUG_TRACE,("     AC_BK      %2d     %2d     %2d      %4d     %d\n",
+                                                                        pEdcaParm->Aifsn[1],
+                                                                        pEdcaParm->Cwmin[1],
+                                                                        pEdcaParm->Cwmax[1],
+                                                                        pEdcaParm->Txop[1]<<5,
+                                                                        pEdcaParm->bACM[1]));
+                       DBGPRINT(RT_DEBUG_TRACE,("     AC_VI      %2d     %2d     %2d      %4d     %d\n",
+                                                                        pEdcaParm->Aifsn[2],
+                                                                        pEdcaParm->Cwmin[2],
+                                                                        pEdcaParm->Cwmax[2],
+                                                                        pEdcaParm->Txop[2]<<5,
+                                                                        pEdcaParm->bACM[2]));
+                       DBGPRINT(RT_DEBUG_TRACE,("     AC_VO      %2d     %2d     %2d      %4d     %d\n",
+                                                                        pEdcaParm->Aifsn[3],
+                                                                        pEdcaParm->Cwmin[3],
+                                                                        pEdcaParm->Cwmax[3],
+                                                                        pEdcaParm->Txop[3]<<5,
+                                                                        pEdcaParm->bACM[3]));
+               }
+       }
+
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID   AsicSetSlotTime(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN bUseShortSlotTime)
+{
+       ULONG   SlotTime;
+       UINT32  RegValue = 0;
+
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->CommonCfg.Channel > 14)
+               bUseShortSlotTime = TRUE;
+#endif // CONFIG_STA_SUPPORT //
+
+       if (bUseShortSlotTime && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED))
+               return;
+       else if ((!bUseShortSlotTime) && (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED)))
+               return;
+
+       if (bUseShortSlotTime)
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED);
+       else
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED);
+
+       SlotTime = (bUseShortSlotTime)? 9 : 20;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // force using short SLOT time for FAE to demo performance when TxBurst is ON
+               if (((pAd->StaActive.SupportedPhyInfo.bHtEnable == FALSE) && (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED)))
+#ifdef DOT11_N_SUPPORT
+                       || ((pAd->StaActive.SupportedPhyInfo.bHtEnable == TRUE) && (pAd->CommonCfg.BACapability.field.Policy == BA_NOTUSE))
+#endif // DOT11_N_SUPPORT //
+                       )
+               {
+                       // In this case, we will think it is doing Wi-Fi test
+                       // And we will not set to short slot when bEnableTxBurst is TRUE.
+               }
+               else if (pAd->CommonCfg.bEnableTxBurst)
+               {
+                       OPSTATUS_SET_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED);
+                       SlotTime = 9;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       //
+       // For some reasons, always set it to short slot time.
+       //
+       // ToDo: Should consider capability with 11B
+       //
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (pAd->StaCfg.BssType == BSS_ADHOC)
+               {
+                       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED);
+                       SlotTime = 20;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       RTMP_IO_READ32(pAd, BKOFF_SLOT_CFG, &RegValue);
+       RegValue = RegValue & 0xFFFFFF00;
+
+       RegValue |= SlotTime;
+
+       RTMP_IO_WRITE32(pAd, BKOFF_SLOT_CFG, RegValue);
+}
+
+/*
+       ========================================================================
+       Description:
+               Add Shared key information into ASIC.
+               Update shared key, TxMic and RxMic to Asic Shared key table
+               Update its cipherAlg to Asic Shared key Mode.
+
+    Return:
+       ========================================================================
+*/
+VOID AsicAddSharedKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 BssIndex,
+       IN UCHAR                 KeyIdx,
+       IN UCHAR                 CipherAlg,
+       IN PUCHAR                pKey,
+       IN PUCHAR                pTxMic,
+       IN PUCHAR                pRxMic)
+{
+       ULONG offset; //, csr0;
+       SHAREDKEY_MODE_STRUC csr1;
+#ifdef RTMP_MAC_PCI
+       INT   i;
+#endif // RTMP_MAC_PCI //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("AsicAddSharedKeyEntry BssIndex=%d, KeyIdx=%d\n", BssIndex,KeyIdx));
+//============================================================================================
+
+       DBGPRINT(RT_DEBUG_TRACE,("AsicAddSharedKeyEntry: %s key #%d\n", CipherName[CipherAlg], BssIndex*4 + KeyIdx));
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("         Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+               pKey[0],pKey[1],pKey[2],pKey[3],pKey[4],pKey[5],pKey[6],pKey[7],pKey[8],pKey[9],pKey[10],pKey[11],pKey[12],pKey[13],pKey[14],pKey[15]));
+       if (pRxMic)
+       {
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("         Rx MIC Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       pRxMic[0],pRxMic[1],pRxMic[2],pRxMic[3],pRxMic[4],pRxMic[5],pRxMic[6],pRxMic[7]));
+       }
+       if (pTxMic)
+       {
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("         Tx MIC Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       pTxMic[0],pTxMic[1],pTxMic[2],pTxMic[3],pTxMic[4],pTxMic[5],pTxMic[6],pTxMic[7]));
+       }
+//============================================================================================
+       //
+       // fill key material - key + TX MIC + RX MIC
+       //
+#ifdef RTMP_MAC_PCI
+       offset = SHARED_KEY_TABLE_BASE + (4*BssIndex + KeyIdx)*HW_KEY_ENTRY_SIZE;
+       for (i=0; i<MAX_LEN_OF_SHARE_KEY; i++)
+       {
+               RTMP_IO_WRITE8(pAd, offset + i, pKey[i]);
+       }
+
+       offset += MAX_LEN_OF_SHARE_KEY;
+       if (pTxMic)
+       {
+               for (i=0; i<8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset + i, pTxMic[i]);
+               }
+       }
+
+       offset += 8;
+       if (pRxMic)
+       {
+               for (i=0; i<8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset + i, pRxMic[i]);
+               }
+       }
+#endif // RTMP_MAC_PCI //
+
+
+       //
+       // Update cipher algorithm. WSTA always use BSS0
+       //
+       RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE+4*(BssIndex/2), &csr1.word);
+       DBGPRINT(RT_DEBUG_TRACE,("Read: SHARED_KEY_MODE_BASE at this Bss[%d] KeyIdx[%d]= 0x%x \n", BssIndex,KeyIdx, csr1.word));
+       if ((BssIndex%2) == 0)
+       {
+               if (KeyIdx == 0)
+                       csr1.field.Bss0Key0CipherAlg = CipherAlg;
+               else if (KeyIdx == 1)
+                       csr1.field.Bss0Key1CipherAlg = CipherAlg;
+               else if (KeyIdx == 2)
+                       csr1.field.Bss0Key2CipherAlg = CipherAlg;
+               else
+                       csr1.field.Bss0Key3CipherAlg = CipherAlg;
+       }
+       else
+       {
+               if (KeyIdx == 0)
+                       csr1.field.Bss1Key0CipherAlg = CipherAlg;
+               else if (KeyIdx == 1)
+                       csr1.field.Bss1Key1CipherAlg = CipherAlg;
+               else if (KeyIdx == 2)
+                       csr1.field.Bss1Key2CipherAlg = CipherAlg;
+               else
+                       csr1.field.Bss1Key3CipherAlg = CipherAlg;
+       }
+       DBGPRINT(RT_DEBUG_TRACE,("Write: SHARED_KEY_MODE_BASE at this Bss[%d] = 0x%x \n", BssIndex, csr1.word));
+       RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE+4*(BssIndex/2), csr1.word);
+
+}
+
+//     IRQL = DISPATCH_LEVEL
+VOID AsicRemoveSharedKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 BssIndex,
+       IN UCHAR                 KeyIdx)
+{
+       //ULONG SecCsr0;
+       SHAREDKEY_MODE_STRUC csr1;
+
+       DBGPRINT(RT_DEBUG_TRACE,("AsicRemoveSharedKeyEntry: #%d \n", BssIndex*4 + KeyIdx));
+
+       RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE+4*(BssIndex/2), &csr1.word);
+       if ((BssIndex%2) == 0)
+       {
+               if (KeyIdx == 0)
+                       csr1.field.Bss0Key0CipherAlg = 0;
+               else if (KeyIdx == 1)
+                       csr1.field.Bss0Key1CipherAlg = 0;
+               else if (KeyIdx == 2)
+                       csr1.field.Bss0Key2CipherAlg = 0;
+               else
+                       csr1.field.Bss0Key3CipherAlg = 0;
+       }
+       else
+       {
+               if (KeyIdx == 0)
+                       csr1.field.Bss1Key0CipherAlg = 0;
+               else if (KeyIdx == 1)
+                       csr1.field.Bss1Key1CipherAlg = 0;
+               else if (KeyIdx == 2)
+                       csr1.field.Bss1Key2CipherAlg = 0;
+               else
+                       csr1.field.Bss1Key3CipherAlg = 0;
+       }
+       DBGPRINT(RT_DEBUG_TRACE,("Write: SHARED_KEY_MODE_BASE at this Bss[%d] = 0x%x \n", BssIndex, csr1.word));
+       RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE+4*(BssIndex/2), csr1.word);
+       ASSERT(BssIndex < 4);
+       ASSERT(KeyIdx < 4);
+
+}
+
+
+VOID AsicUpdateWCIDAttribute(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN UCHAR                BssIndex,
+       IN UCHAR        CipherAlg,
+       IN BOOLEAN              bUsePairewiseKeyTable)
+{
+       ULONG   WCIDAttri = 0, offset;
+
+       //
+       // Update WCID attribute.
+       // Only TxKey could update WCID attribute.
+       //
+       offset = MAC_WCID_ATTRIBUTE_BASE + (WCID * HW_WCID_ATTRI_SIZE);
+       WCIDAttri = (BssIndex << 4) | (CipherAlg << 1) | (bUsePairewiseKeyTable);
+       RTMP_IO_WRITE32(pAd, offset, WCIDAttri);
+}
+
+VOID AsicUpdateWCIDIVEIV(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN ULONG        uIV,
+       IN ULONG        uEIV)
+{
+       ULONG   offset;
+
+       offset = MAC_IVEIV_TABLE_BASE + (WCID * HW_IVEIV_ENTRY_SIZE);
+
+       RTMP_IO_WRITE32(pAd, offset, uIV);
+       RTMP_IO_WRITE32(pAd, offset + 4, uEIV);
+}
+
+VOID AsicUpdateRxWCIDTable(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN PUCHAR        pAddr)
+{
+       ULONG offset;
+       ULONG Addr;
+
+       offset = MAC_WCID_BASE + (WCID * HW_WCID_ENTRY_SIZE);
+       Addr = pAddr[0] + (pAddr[1] << 8) +(pAddr[2] << 16) +(pAddr[3] << 24);
+       RTMP_IO_WRITE32(pAd, offset, Addr);
+       Addr = pAddr[4] + (pAddr[5] << 8);
+       RTMP_IO_WRITE32(pAd, offset + 4, Addr);
+}
+
+
+/*
+    ========================================================================
+
+    Routine Description:
+        Set Cipher Key, Cipher algorithm, IV/EIV to Asic
+
+    Arguments:
+        pAd                     Pointer to our adapter
+        WCID                    WCID Entry number.
+        BssIndex                BSSID index, station or none multiple BSSID support
+                                this value should be 0.
+        KeyIdx                  This KeyIdx will set to IV's KeyID if bTxKey enabled
+        pCipherKey              Pointer to Cipher Key.
+        bUsePairewiseKeyTable   TRUE means saved the key in SharedKey table,
+                                otherwise PairewiseKey table
+        bTxKey                  This is the transmit key if enabled.
+
+    Return Value:
+        None
+
+    Note:
+        This routine will set the relative key stuff to Asic including WCID attribute,
+        Cipher Key, Cipher algorithm and IV/EIV.
+
+        IV/EIV will be update if this CipherKey is the transmission key because
+        ASIC will base on IV's KeyID value to select Cipher Key.
+
+        If bTxKey sets to FALSE, this is not the TX key, but it could be
+        RX key
+
+       For AP mode bTxKey must be always set to TRUE.
+    ========================================================================
+*/
+VOID AsicAddKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN UCHAR                BssIndex,
+       IN UCHAR                KeyIdx,
+       IN PCIPHER_KEY  pCipherKey,
+       IN BOOLEAN              bUsePairewiseKeyTable,
+       IN BOOLEAN              bTxKey)
+{
+       ULONG   offset;
+//     ULONG   WCIDAttri = 0;
+       UCHAR   IV4 = 0;
+       PUCHAR          pKey = pCipherKey->Key;
+//     ULONG           KeyLen = pCipherKey->KeyLen;
+       PUCHAR          pTxMic = pCipherKey->TxMic;
+       PUCHAR          pRxMic = pCipherKey->RxMic;
+       PUCHAR          pTxtsc = pCipherKey->TxTsc;
+       UCHAR           CipherAlg = pCipherKey->CipherAlg;
+       SHAREDKEY_MODE_STRUC csr1;
+#ifdef RTMP_MAC_PCI
+       UCHAR           i;
+#endif // RTMP_MAC_PCI //
+
+//     ASSERT(KeyLen <= MAX_LEN_OF_PEER_KEY);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> AsicAddKeyEntry\n"));
+       //
+       // 1.) decide key table offset
+       //
+       if (bUsePairewiseKeyTable)
+               offset = PAIRWISE_KEY_TABLE_BASE + (WCID * HW_KEY_ENTRY_SIZE);
+       else
+               offset = SHARED_KEY_TABLE_BASE + (4 * BssIndex + KeyIdx) * HW_KEY_ENTRY_SIZE;
+
+       //
+       // 2.) Set Key to Asic
+       //
+       //for (i = 0; i < KeyLen; i++)
+#ifdef RTMP_MAC_PCI
+       for (i = 0; i < MAX_LEN_OF_PEER_KEY; i++)
+       {
+               RTMP_IO_WRITE8(pAd, offset + i, pKey[i]);
+       }
+       offset += MAX_LEN_OF_PEER_KEY;
+
+       //
+       // 3.) Set MIC key if available
+       //
+       if (pTxMic)
+       {
+               for (i = 0; i < 8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset + i, pTxMic[i]);
+               }
+       }
+       offset += LEN_TKIP_TXMICK;
+
+       if (pRxMic)
+       {
+               for (i = 0; i < 8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset + i, pRxMic[i]);
+               }
+       }
+#endif // RTMP_MAC_PCI //
+
+
+       //
+       // 4.) Modify IV/EIV if needs
+       //     This will force Asic to use this key ID by setting IV.
+       //
+       if (bTxKey)
+       {
+#ifdef RTMP_MAC_PCI
+               offset = MAC_IVEIV_TABLE_BASE + (WCID * HW_IVEIV_ENTRY_SIZE);
+               //
+               // Write IV
+               //
+               RTMP_IO_WRITE8(pAd, offset, pTxtsc[1]);
+               RTMP_IO_WRITE8(pAd, offset + 1, ((pTxtsc[1] | 0x20) & 0x7f));
+               RTMP_IO_WRITE8(pAd, offset + 2, pTxtsc[0]);
+
+               IV4 = (KeyIdx << 6);
+               if ((CipherAlg == CIPHER_TKIP) || (CipherAlg == CIPHER_TKIP_NO_MIC) ||(CipherAlg == CIPHER_AES))
+                       IV4 |= 0x20;  // turn on extension bit means EIV existence
+
+               RTMP_IO_WRITE8(pAd, offset + 3, IV4);
+
+               //
+               // Write EIV
+               //
+               offset += 4;
+               for (i = 0; i < 4; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset + i, pTxtsc[i + 2]);
+               }
+#endif // RTMP_MAC_PCI //
+
+               AsicUpdateWCIDAttribute(pAd, WCID, BssIndex, CipherAlg, bUsePairewiseKeyTable);
+       }
+
+       if (!bUsePairewiseKeyTable)
+       {
+               //
+               // Only update the shared key security mode
+               //
+               RTMP_IO_READ32(pAd, SHARED_KEY_MODE_BASE + 4 * (BssIndex / 2), &csr1.word);
+               if ((BssIndex % 2) == 0)
+               {
+                       if (KeyIdx == 0)
+                               csr1.field.Bss0Key0CipherAlg = CipherAlg;
+                       else if (KeyIdx == 1)
+                               csr1.field.Bss0Key1CipherAlg = CipherAlg;
+                       else if (KeyIdx == 2)
+                               csr1.field.Bss0Key2CipherAlg = CipherAlg;
+                       else
+                               csr1.field.Bss0Key3CipherAlg = CipherAlg;
+               }
+               else
+               {
+                       if (KeyIdx == 0)
+                               csr1.field.Bss1Key0CipherAlg = CipherAlg;
+                       else if (KeyIdx == 1)
+                               csr1.field.Bss1Key1CipherAlg = CipherAlg;
+                       else if (KeyIdx == 2)
+                               csr1.field.Bss1Key2CipherAlg = CipherAlg;
+                       else
+                               csr1.field.Bss1Key3CipherAlg = CipherAlg;
+               }
+               RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE + 4 * (BssIndex / 2), csr1.word);
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== AsicAddKeyEntry\n"));
+}
+
+
+/*
+       ========================================================================
+       Description:
+               Add Pair-wise key material into ASIC.
+               Update pairwise key, TxMic and RxMic to Asic Pair-wise key table
+
+    Return:
+       ========================================================================
+*/
+VOID AsicAddPairwiseKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR        pAddr,
+       IN UCHAR                WCID,
+       IN CIPHER_KEY            *pCipherKey)
+{
+       INT i;
+       ULONG           offset;
+       PUCHAR           pKey = pCipherKey->Key;
+       PUCHAR           pTxMic = pCipherKey->TxMic;
+       PUCHAR           pRxMic = pCipherKey->RxMic;
+#ifdef DBG
+       UCHAR           CipherAlg = pCipherKey->CipherAlg;
+#endif // DBG //
+
+       // EKEY
+       offset = PAIRWISE_KEY_TABLE_BASE + (WCID * HW_KEY_ENTRY_SIZE);
+#ifdef RTMP_MAC_PCI
+       for (i=0; i<MAX_LEN_OF_PEER_KEY; i++)
+       {
+               RTMP_IO_WRITE8(pAd, offset + i, pKey[i]);
+       }
+#endif // RTMP_MAC_PCI //
+       for (i=0; i<MAX_LEN_OF_PEER_KEY; i+=4)
+       {
+               UINT32 Value;
+               RTMP_IO_READ32(pAd, offset + i, &Value);
+       }
+
+       offset += MAX_LEN_OF_PEER_KEY;
+
+       //  MIC KEY
+       if (pTxMic)
+       {
+#ifdef RTMP_MAC_PCI
+               for (i=0; i<8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset+i, pTxMic[i]);
+               }
+#endif // RTMP_MAC_PCI //
+       }
+       offset += 8;
+       if (pRxMic)
+       {
+#ifdef RTMP_MAC_PCI
+               for (i=0; i<8; i++)
+               {
+                       RTMP_IO_WRITE8(pAd, offset+i, pRxMic[i]);
+               }
+#endif // RTMP_MAC_PCI //
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("AsicAddPairwiseKeyEntry: WCID #%d Alg=%s\n",WCID, CipherName[CipherAlg]));
+       DBGPRINT(RT_DEBUG_TRACE,("      Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+               pKey[0],pKey[1],pKey[2],pKey[3],pKey[4],pKey[5],pKey[6],pKey[7],pKey[8],pKey[9],pKey[10],pKey[11],pKey[12],pKey[13],pKey[14],pKey[15]));
+       if (pRxMic)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("     Rx MIC Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       pRxMic[0],pRxMic[1],pRxMic[2],pRxMic[3],pRxMic[4],pRxMic[5],pRxMic[6],pRxMic[7]));
+       }
+       if (pTxMic)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("     Tx MIC Key = %02x:%02x:%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       pTxMic[0],pTxMic[1],pTxMic[2],pTxMic[3],pTxMic[4],pTxMic[5],pTxMic[6],pTxMic[7]));
+       }
+}
+/*
+       ========================================================================
+       Description:
+               Remove Pair-wise key material from ASIC.
+
+    Return:
+       ========================================================================
+*/
+VOID AsicRemovePairwiseKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 BssIdx,
+       IN UCHAR                 Wcid)
+{
+       ULONG           WCIDAttri;
+       USHORT          offset;
+
+       // re-set the entry's WCID attribute as OPEN-NONE.
+       offset = MAC_WCID_ATTRIBUTE_BASE + (Wcid * HW_WCID_ATTRI_SIZE);
+       WCIDAttri = (BssIdx<<4) | PAIRWISEKEYTABLE;
+       RTMP_IO_WRITE32(pAd, offset, WCIDAttri);
+}
+
+BOOLEAN AsicSendCommandToMcu(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 Command,
+       IN UCHAR                 Token,
+       IN UCHAR                 Arg0,
+       IN UCHAR                 Arg1)
+{
+
+
+       if (pAd->chipOps.sendCommandToMcu)
+               pAd->chipOps.sendCommandToMcu(pAd, Command, Token, Arg0, Arg1);
+
+       return TRUE;
+}
+
+
+VOID AsicSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant)
+{
+#ifdef RT33xx
+       RT33xxSetRxAnt(pAd, Ant);
+#else
+#ifdef RT30xx
+       /* RT3572 ATE need not to do this. */
+       RT30xxSetRxAnt(pAd, Ant);
+#endif // RT30xx //
+#endif // RT33xx //
+}
+
+
+VOID AsicTurnOffRFClk(
+       IN PRTMP_ADAPTER pAd,
+       IN      UCHAR           Channel)
+{
+       if (pAd->chipOps.AsicRfTurnOff)
+       {
+               pAd->chipOps.AsicRfTurnOff(pAd);
+       }
+       else
+       {
+               // RF R2 bit 18 = 0
+               UINT32                  R1 = 0, R2 = 0, R3 = 0;
+               UCHAR                   index;
+               RTMP_RF_REGS    *RFRegTable;
+
+               RFRegTable = RF2850RegTable;
+
+               switch (pAd->RfIcType)
+               {
+                       case RFIC_2820:
+                       case RFIC_2850:
+                       case RFIC_2720:
+                       case RFIC_2750:
+
+                               for (index = 0; index < NUM_OF_2850_CHNL; index++)
+                               {
+                                       if (Channel == RFRegTable[index].Channel)
+                                       {
+                                               R1 = RFRegTable[index].R1 & 0xffffdfff;
+                                               R2 = RFRegTable[index].R2 & 0xfffbffff;
+                                               R3 = RFRegTable[index].R3 & 0xfff3ffff;
+
+                                               RTMP_RF_IO_WRITE32(pAd, R1);
+                                               RTMP_RF_IO_WRITE32(pAd, R2);
+
+                                               // Program R1b13 to 1, R3/b18,19 to 0, R2b18 to 0.
+                                               // Set RF R2 bit18=0, R3 bit[18:19]=0
+                                               //if (pAd->StaCfg.bRadio == FALSE)
+                                               if (1)
+                                               {
+                                                       RTMP_RF_IO_WRITE32(pAd, R3);
+
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("AsicTurnOffRFClk#%d(RF=%d, ) , R2=0x%08x,  R3 = 0x%08x \n",
+                                                               Channel, pAd->RfIcType, R2, R3));
+                                               }
+                                               else
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("AsicTurnOffRFClk#%d(RF=%d, ) , R2=0x%08x \n",
+                                                               Channel, pAd->RfIcType, R2));
+                                               break;
+                                       }
+                               }
+                               break;
+
+                       default:
+                               break;
+               }
+       }
+}
+
+
+VOID AsicTurnOnRFClk(
+       IN PRTMP_ADAPTER pAd,
+       IN      UCHAR                   Channel)
+{
+       // RF R2 bit 18 = 0
+       UINT32                  R1 = 0, R2 = 0, R3 = 0;
+       UCHAR                   index;
+       RTMP_RF_REGS    *RFRegTable;
+
+#ifdef PCIE_PS_SUPPORT
+       // The RF programming sequence is difference between 3xxx and 2xxx
+       if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)))
+       {
+               return;
+       }
+#endif // PCIE_PS_SUPPORT //
+
+       RFRegTable = RF2850RegTable;
+
+       switch (pAd->RfIcType)
+       {
+               case RFIC_2820:
+               case RFIC_2850:
+               case RFIC_2720:
+               case RFIC_2750:
+
+                       for (index = 0; index < NUM_OF_2850_CHNL; index++)
+                       {
+                               if (Channel == RFRegTable[index].Channel)
+                               {
+                                       R3 = pAd->LatchRfRegs.R3;
+                                       R3 &= 0xfff3ffff;
+                                       R3 |= 0x00080000;
+                                       RTMP_RF_IO_WRITE32(pAd, R3);
+
+                                       R1 = RFRegTable[index].R1;
+                                       RTMP_RF_IO_WRITE32(pAd, R1);
+
+                                       R2 = RFRegTable[index].R2;
+                                       if (pAd->Antenna.field.TxPath == 1)
+                                       {
+                                               R2 |= 0x4000;   // If TXpath is 1, bit 14 = 1;
+                                       }
+
+                                       if (pAd->Antenna.field.RxPath == 2)
+                                       {
+                                               R2 |= 0x40;     // write 1 to off Rxpath.
+                                       }
+                                       else if (pAd->Antenna.field.RxPath == 1)
+                                       {
+                                               R2 |= 0x20040;  // write 1 to off RxPath
+                                       }
+                                       RTMP_RF_IO_WRITE32(pAd, R2);
+
+                                       break;
+                               }
+                       }
+                       break;
+
+               default:
+                       break;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("AsicTurnOnRFClk#%d(RF=%d, ) , R2=0x%08x\n",
+               Channel,
+               pAd->RfIcType,
+               R2));
+}
diff --git a/drivers/staging/rt3090/common/cmm_cfg.c b/drivers/staging/rt3090/common/cmm_cfg.c
new file mode 100644 (file)
index 0000000..d8be979
--- /dev/null
@@ -0,0 +1,295 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       cmm_cfg.c
+
+    Abstract:
+    Ralink WiFi Driver configuration related subroutines
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+char* GetPhyMode(
+       int Mode)
+{
+       switch(Mode)
+       {
+               case MODE_CCK:
+                       return "CCK";
+
+               case MODE_OFDM:
+                       return "OFDM";
+#ifdef DOT11_N_SUPPORT
+               case MODE_HTMIX:
+                       return "HTMIX";
+
+               case MODE_HTGREENFIELD:
+                       return "GREEN";
+#endif // DOT11_N_SUPPORT //
+               default:
+                       return "N/A";
+       }
+}
+
+
+char* GetBW(
+       int BW)
+{
+       switch(BW)
+       {
+               case BW_10:
+                       return "10M";
+
+               case BW_20:
+                       return "20M";
+#ifdef DOT11_N_SUPPORT
+               case BW_40:
+                       return "40M";
+#endif // DOT11_N_SUPPORT //
+               default:
+                       return "N/A";
+       }
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Country Region to pAd->CommonCfg.CountryRegion.
+        This command will not work, if the field of CountryRegion in eeprom is programmed.
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT RT_CfgSetCountryRegion(
+       IN PRTMP_ADAPTER        pAd,
+       IN PSTRING                      arg,
+       IN INT                          band)
+{
+       LONG region, regionMax;
+       UCHAR *pCountryRegion;
+
+       region = simple_strtol(arg, 0, 10);
+
+       if (band == BAND_24G)
+       {
+               pCountryRegion = &pAd->CommonCfg.CountryRegion;
+               regionMax = REGION_MAXIMUM_BG_BAND;
+       }
+       else
+       {
+               pCountryRegion = &pAd->CommonCfg.CountryRegionForABand;
+               regionMax = REGION_MAXIMUM_A_BAND;
+       }
+
+       // TODO: Is it neccesay for following check???
+       // Country can be set only when EEPROM not programmed
+       if (*pCountryRegion & 0x80)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("CfgSetCountryRegion():CountryRegion in eeprom was programmed\n"));
+               return FALSE;
+       }
+
+       if((region >= 0) && (region <= REGION_MAXIMUM_BG_BAND))
+       {
+               *pCountryRegion= (UCHAR) region;
+       }
+       else if ((region == REGION_31_BG_BAND) && (band == BAND_24G))
+       {
+               *pCountryRegion = (UCHAR) region;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("CfgSetCountryRegion():region(%ld) out of range!\n", region));
+               return FALSE;
+       }
+
+       return TRUE;
+
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Wireless Mode
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT RT_CfgSetWirelessMode(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       INT             MaxPhyMode = PHY_11G;
+       LONG    WirelessMode;
+
+#ifdef DOT11_N_SUPPORT
+       MaxPhyMode = PHY_11N_5G;
+#endif // DOT11_N_SUPPORT //
+
+       WirelessMode = simple_strtol(arg, 0, 10);
+       if (WirelessMode <= MaxPhyMode)
+       {
+               pAd->CommonCfg.PhyMode = WirelessMode;
+               pAd->CommonCfg.DesiredPhyMode = WirelessMode;
+               return TRUE;
+       }
+
+       return FALSE;
+
+}
+
+
+INT RT_CfgSetShortSlot(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       LONG ShortSlot;
+
+       ShortSlot = simple_strtol(arg, 0, 10);
+
+       if (ShortSlot == 1)
+               pAd->CommonCfg.bUseShortSlotTime = TRUE;
+       else if (ShortSlot == 0)
+               pAd->CommonCfg.bUseShortSlotTime = FALSE;
+       else
+               return FALSE;  //Invalid argument
+
+       return TRUE;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set WEP KEY base on KeyIdx
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    RT_CfgSetWepKey(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 keyString,
+       IN      CIPHER_KEY              *pSharedKey,
+       IN      INT                             keyIdx)
+{
+       INT                             KeyLen;
+       INT                             i;
+       UCHAR                   CipherAlg = CIPHER_NONE;
+       BOOLEAN                 bKeyIsHex = FALSE;
+
+       // TODO: Shall we do memset for the original key info??
+       memset(pSharedKey, 0, sizeof(CIPHER_KEY));
+       KeyLen = strlen(keyString);
+       switch (KeyLen)
+       {
+               case 5: //wep 40 Ascii type
+               case 13: //wep 104 Ascii type
+                       bKeyIsHex = FALSE;
+                       pSharedKey->KeyLen = KeyLen;
+                       NdisMoveMemory(pSharedKey->Key, keyString, KeyLen);
+                       break;
+
+               case 10: //wep 40 Hex type
+               case 26: //wep 104 Hex type
+                       for(i=0; i < KeyLen; i++)
+                       {
+                               if( !isxdigit(*(keyString+i)) )
+                                       return FALSE;  //Not Hex value;
+                       }
+                       bKeyIsHex = TRUE;
+                       pSharedKey->KeyLen = KeyLen/2 ;
+                       AtoH(keyString, pSharedKey->Key, pSharedKey->KeyLen);
+                       break;
+
+               default: //Invalid argument
+                       DBGPRINT(RT_DEBUG_TRACE, ("RT_CfgSetWepKey(keyIdx=%d):Invalid argument (arg=%s)\n", keyIdx, keyString));
+                       return FALSE;
+       }
+
+       pSharedKey->CipherAlg = ((KeyLen % 5) ? CIPHER_WEP128 : CIPHER_WEP64);
+       DBGPRINT(RT_DEBUG_TRACE, ("RT_CfgSetWepKey:(KeyIdx=%d,type=%s, Alg=%s)\n",
+                                               keyIdx, (bKeyIsHex == FALSE ? "Ascii" : "Hex"), CipherName[CipherAlg]));
+
+       return TRUE;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set WPA PSK key
+
+    Arguments:
+        pAdapter       Pointer to our adapter
+        keyString      WPA pre-shared key string
+        pHashStr       String used for password hash function
+        hashStrLen     Lenght of the hash string
+        pPMKBuf                Output buffer of WPAPSK key
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT RT_CfgSetWPAPSKKey(
+       IN RTMP_ADAPTER *pAd,
+       IN PSTRING              keyString,
+       IN UCHAR                *pHashStr,
+       IN INT                  hashStrLen,
+       OUT PUCHAR              pPMKBuf)
+{
+       int keyLen;
+       UCHAR keyMaterial[40];
+
+       keyLen = strlen(keyString);
+       if ((keyLen < 8) || (keyLen > 64))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("WPAPSK Key length(%d) error, required 8 ~ 64 characters!(keyStr=%s)\n",
+                                                                       keyLen, keyString));
+               return FALSE;
+       }
+
+       memset(pPMKBuf, 0, 32);
+       if (keyLen == 64)
+       {
+           AtoH(keyString, pPMKBuf, 32);
+       }
+       else
+       {
+           PasswordHash(keyString, pHashStr, hashStrLen, keyMaterial);
+           NdisMoveMemory(pPMKBuf, keyMaterial, 32);
+       }
+
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/common/cmm_data.c b/drivers/staging/rt3090/common/cmm_data.c
new file mode 100644 (file)
index 0000000..6340071
--- /dev/null
@@ -0,0 +1,2763 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       cmm_data.c
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#include "../rt_config.h"
+
+
+UCHAR  SNAP_802_1H[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00};
+UCHAR  SNAP_BRIDGE_TUNNEL[] = {0xaa, 0xaa, 0x03, 0x00, 0x00, 0xf8};
+// Add Cisco Aironet SNAP heade for CCX2 support
+UCHAR  SNAP_AIRONET[] = {0xaa, 0xaa, 0x03, 0x00, 0x40, 0x96, 0x00, 0x00};
+UCHAR  CKIP_LLC_SNAP[] = {0xaa, 0xaa, 0x03, 0x00, 0x40, 0x96, 0x00, 0x02};
+UCHAR  EAPOL_LLC_SNAP[]= {0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x88, 0x8e};
+UCHAR  EAPOL[] = {0x88, 0x8e};
+UCHAR   TPID[] = {0x81, 0x00}; /* VLAN related */
+
+UCHAR  IPX[] = {0x81, 0x37};
+UCHAR  APPLE_TALK[] = {0x80, 0xf3};
+UCHAR  RateIdToPlcpSignal[12] = {
+        0, /* RATE_1 */        1, /* RATE_2 */         2, /* RATE_5_5 */       3, /* RATE_11 */        // see BBP spec
+       11, /* RATE_6 */   15, /* RATE_9 */    10, /* RATE_12 */   14, /* RATE_18 */    // see IEEE802.11a-1999 p.14
+        9, /* RATE_24 */  13, /* RATE_36 */    8, /* RATE_48 */   12  /* RATE_54 */ }; // see IEEE802.11a-1999 p.14
+
+UCHAR   OfdmSignalToRateId[16] = {
+       RATE_54,  RATE_54,      RATE_54,  RATE_54,      // OFDM PLCP Signal = 0,  1,  2,  3 respectively
+       RATE_54,  RATE_54,      RATE_54,  RATE_54,      // OFDM PLCP Signal = 4,  5,  6,  7 respectively
+       RATE_48,  RATE_24,      RATE_12,  RATE_6,       // OFDM PLCP Signal = 8,  9,  10, 11 respectively
+       RATE_54,  RATE_36,      RATE_18,  RATE_9,       // OFDM PLCP Signal = 12, 13, 14, 15 respectively
+};
+
+UCHAR   OfdmRateToRxwiMCS[12] = {
+       0,  0,  0,  0,
+       0,  1,  2,  3,  // OFDM rate 6,9,12,18 = rxwi mcs 0,1,2,3
+       4,  5,  6,  7,  // OFDM rate 24,36,48,54 = rxwi mcs 4,5,6,7
+};
+UCHAR   RxwiMCSToOfdmRate[12] = {
+       RATE_6,  RATE_9,        RATE_12,  RATE_18,
+       RATE_24,  RATE_36,      RATE_48,  RATE_54,      // OFDM rate 6,9,12,18 = rxwi mcs 0,1,2,3
+       4,  5,  6,  7,  // OFDM rate 24,36,48,54 = rxwi mcs 4,5,6,7
+};
+
+char*   MCSToMbps[] = {"1Mbps","2Mbps","5.5Mbps","11Mbps","06Mbps","09Mbps","12Mbps","18Mbps","24Mbps","36Mbps","48Mbps","54Mbps","MM-0","MM-1","MM-2","MM-3","MM-4","MM-5","MM-6","MM-7","MM-8","MM-9","MM-10","MM-11","MM-12","MM-13","MM-14","MM-15","MM-32","ee1","ee2","ee3"};
+
+UCHAR default_cwmin[]={CW_MIN_IN_BITS, CW_MIN_IN_BITS, CW_MIN_IN_BITS-1, CW_MIN_IN_BITS-2};
+//UCHAR default_cwmax[]={CW_MAX_IN_BITS, CW_MAX_IN_BITS, CW_MIN_IN_BITS, CW_MIN_IN_BITS-1};
+UCHAR default_sta_aifsn[]={3,7,2,2};
+
+UCHAR MapUserPriorityToAccessCategory[8] = {QID_AC_BE, QID_AC_BK, QID_AC_BK, QID_AC_BE, QID_AC_VI, QID_AC_VI, QID_AC_VO, QID_AC_VO};
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               API for MLME to transmit management frame to AP (BSS Mode)
+       or station (IBSS Mode)
+
+       Arguments:
+               pAd Pointer to our adapter
+               pData           Pointer to the outgoing 802.11 frame
+               Length          Size of outgoing management frame
+
+       Return Value:
+               NDIS_STATUS_FAILURE
+               NDIS_STATUS_PENDING
+               NDIS_STATUS_SUCCESS
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS MiniportMMRequest(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   QueIdx,
+       IN      PUCHAR                  pData,
+       IN      UINT                    Length)
+{
+       PNDIS_PACKET    pPacket;
+       NDIS_STATUS     Status = NDIS_STATUS_SUCCESS;
+       ULONG                   FreeNum;
+       UCHAR                   rtmpHwHdr[TXINFO_SIZE + TXWI_SIZE]; //RTMP_HW_HDR_LEN];
+#ifdef RTMP_MAC_PCI
+       unsigned long   IrqFlags = 0;
+       UCHAR                   IrqState;
+#endif // RTMP_MAC_PCI //
+       BOOLEAN                 bUseDataQ = FALSE;
+       int                     retryCnt = 0;
+
+       ASSERT(Length <= MGMT_DMA_BUFFER_SIZE);
+
+       if ((QueIdx & MGMT_USE_QUEUE_FLAG) == MGMT_USE_QUEUE_FLAG)
+       {
+               bUseDataQ = TRUE;
+               QueIdx &= (~MGMT_USE_QUEUE_FLAG);
+       }
+
+#ifdef RTMP_MAC_PCI
+       // 2860C use Tx Ring
+       IrqState = pAd->irq_disabled;
+       if (pAd->MACVersion == 0x28600100)
+       {
+               QueIdx = (bUseDataQ ==TRUE ? QueIdx : 3);
+               bUseDataQ = TRUE;
+       }
+       if (bUseDataQ && (!IrqState))
+               RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+#endif // RTMP_MAC_PCI //
+
+       do
+       {
+               // Reset is in progress, stop immediately
+               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS) ||
+                        RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST)||
+                        !RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_START_UP))
+               {
+                       Status = NDIS_STATUS_FAILURE;
+                       break;
+               }
+
+               // Check Free priority queue
+               // Since we use PBF Queue2 for management frame.  Its corresponding DMA ring should be using TxRing.
+#ifdef RTMP_MAC_PCI
+               if (bUseDataQ)
+               {
+                       retryCnt = MAX_DATAMM_RETRY;
+                       // free Tx(QueIdx) resources
+                       RTMPFreeTXDUponTxDmaDone(pAd, QueIdx);
+                       FreeNum = GET_TXRING_FREENO(pAd, QueIdx);
+               }
+               else
+#endif // RTMP_MAC_PCI //
+               {
+                       FreeNum = GET_MGMTRING_FREENO(pAd);
+               }
+
+               if ((FreeNum > 0))
+               {
+                       // We need to reserve space for rtmp hardware header. i.e., TxWI for RT2860 and TxInfo+TxWI for RT2870
+                       NdisZeroMemory(&rtmpHwHdr, (TXINFO_SIZE + TXWI_SIZE));
+                       Status = RTMPAllocateNdisPacket(pAd, &pPacket, (PUCHAR)&rtmpHwHdr, (TXINFO_SIZE + TXWI_SIZE), pData, Length);
+                       if (Status != NDIS_STATUS_SUCCESS)
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("MiniportMMRequest (error:: can't allocate NDIS PACKET)\n"));
+                               break;
+                       }
+
+                       //pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_CCK;
+                       //pAd->CommonCfg.MlmeRate = RATE_2;
+
+
+#ifdef RTMP_MAC_PCI
+                       if (bUseDataQ)
+                       {
+                               Status = MlmeDataHardTransmit(pAd, QueIdx, pPacket);
+                               retryCnt--;
+                       }
+                       else
+#endif // RTMP_MAC_PCI //
+                               Status = MlmeHardTransmit(pAd, QueIdx, pPacket);
+                       if (Status == NDIS_STATUS_SUCCESS)
+                               retryCnt = 0;
+                       else
+                               RTMPFreeNdisPacket(pAd, pPacket);
+               }
+               else
+               {
+                       pAd->RalinkCounters.MgmtRingFullCount++;
+#ifdef RTMP_MAC_PCI
+                       if (bUseDataQ)
+                       {
+                               retryCnt--;
+                               DBGPRINT(RT_DEBUG_TRACE, ("retryCnt %d\n", retryCnt));
+                               if (retryCnt == 0)
+                               {
+                                       DBGPRINT(RT_DEBUG_ERROR, ("Qidx(%d), not enough space in DataRing, MgmtRingFullCount=%ld!\n",
+                                                                                       QueIdx, pAd->RalinkCounters.MgmtRingFullCount));
+                               }
+                       }
+#endif // RTMP_MAC_PCI //
+                       DBGPRINT(RT_DEBUG_ERROR, ("Qidx(%d), not enough space in MgmtRing, MgmtRingFullCount=%ld!\n",
+                                                                               QueIdx, pAd->RalinkCounters.MgmtRingFullCount));
+
+
+
+               }
+       } while (retryCnt > 0);
+
+
+#ifdef RTMP_MAC_PCI
+       if (bUseDataQ && (!IrqState))
+               RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+#endif // RTMP_MAC_PCI //
+
+       return Status;
+}
+
+
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Copy frame from waiting queue into relative ring buffer and set
+       appropriate ASIC register to kick hardware transmit function
+
+       Arguments:
+               pAd Pointer to our adapter
+               pBuffer         Pointer to      memory of outgoing frame
+               Length          Size of outgoing management frame
+
+       Return Value:
+               NDIS_STATUS_FAILURE
+               NDIS_STATUS_PENDING
+               NDIS_STATUS_SUCCESS
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS MlmeHardTransmit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   QueIdx,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PACKET_INFO     PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       UINT                    SrcBufLen;
+       PHEADER_802_11  pHeader_802_11;
+
+       if ((pAd->CommonCfg.RadarDetect.RDMode != RD_NORMAL_MODE)
+#ifdef CARRIER_DETECTION_SUPPORT
+#endif // CARRIER_DETECTION_SUPPORT //
+               )
+       {
+               return NDIS_STATUS_FAILURE;
+       }
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+       if (pSrcBufVA == NULL)
+               return NDIS_STATUS_FAILURE;
+
+       pHeader_802_11 = (PHEADER_802_11) (pSrcBufVA + TXINFO_SIZE + TXWI_SIZE);
+
+
+#ifdef RTMP_MAC_PCI
+       if ( pAd->MACVersion == 0x28600100 )
+               return MlmeHardTransmitTxRing(pAd,QueIdx,pPacket);
+       else
+#endif // RTMP_MAC_PCI //
+               return MlmeHardTransmitMgmtRing(pAd,QueIdx,pPacket);
+
+}
+
+
+NDIS_STATUS MlmeHardTransmitMgmtRing(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   QueIdx,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PACKET_INFO     PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       UINT                    SrcBufLen;
+       PHEADER_802_11  pHeader_802_11;
+       BOOLEAN                 bAckRequired, bInsertTimestamp;
+       UCHAR                   MlmeRate;
+       PTXWI_STRUC     pFirstTxWI;
+       MAC_TABLE_ENTRY *pMacEntry = NULL;
+       UCHAR                   PID;
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+
+       // Make sure MGMT ring resource won't be used by other threads
+       RTMP_SEM_LOCK(&pAd->MgmtRingLock);
+       if (pSrcBufVA == NULL)
+       {
+               // The buffer shouldn't be NULL
+                       RTMP_SEM_UNLOCK(&pAd->MgmtRingLock);
+               return NDIS_STATUS_FAILURE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // outgoing frame always wakeup PHY to prevent frame lost
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+                       AsicForceWakeup(pAd, TRUE);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       pFirstTxWI = (PTXWI_STRUC)(pSrcBufVA +  TXINFO_SIZE);
+       pHeader_802_11 = (PHEADER_802_11) (pSrcBufVA + TXINFO_SIZE + TXWI_SIZE); //TXWI_SIZE);
+
+       if (pHeader_802_11->Addr1[0] & 0x01)
+       {
+               MlmeRate = pAd->CommonCfg.BasicMlmeRate;
+       }
+       else
+       {
+               MlmeRate = pAd->CommonCfg.MlmeRate;
+       }
+
+       // Verify Mlme rate for a / g bands.
+       if ((pAd->LatchRfRegs.Channel > 14) && (MlmeRate < RATE_6)) // 11A band
+               MlmeRate = RATE_6;
+
+       if ((pHeader_802_11->FC.Type == BTYPE_DATA) &&
+               (pHeader_802_11->FC.SubType == SUBTYPE_QOS_NULL))
+       {
+               pMacEntry = MacTableLookup(pAd, pHeader_802_11->Addr1);
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Fixed W52 with Activity scan issue in ABG_MIXED and ABGN_MIXED mode.
+               if (pAd->CommonCfg.PhyMode == PHY_11ABG_MIXED
+#ifdef DOT11_N_SUPPORT
+                       || pAd->CommonCfg.PhyMode == PHY_11ABGN_MIXED
+#endif // DOT11_N_SUPPORT //
+               )
+               {
+                       if (pAd->LatchRfRegs.Channel > 14)
+                               pAd->CommonCfg.MlmeTransmit.field.MODE = 1;
+                       else
+                               pAd->CommonCfg.MlmeTransmit.field.MODE = 0;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       //
+       // Should not be hard code to set PwrMgmt to 0 (PWR_ACTIVE)
+       // Snice it's been set to 0 while on MgtMacHeaderInit
+       // By the way this will cause frame to be send on PWR_SAVE failed.
+       //
+       pHeader_802_11->FC.PwrMgmt = PWR_ACTIVE; // (pAd->StaCfg.Psm == PWR_SAVE);
+
+#ifdef CONFIG_STA_SUPPORT
+       //
+       // In WMM-UAPSD, mlme frame should be set psm as power saving but probe request frame
+       // Data-Null packets alse pass through MMRequest in RT2860, however, we hope control the psm bit to pass APSD
+//     if ((pHeader_802_11->FC.Type != BTYPE_DATA) && (pHeader_802_11->FC.Type != BTYPE_CNTL))
+       {
+               if ((pHeader_802_11->FC.SubType == SUBTYPE_ACTION) ||
+                       ((pHeader_802_11->FC.Type == BTYPE_DATA) &&
+                       ((pHeader_802_11->FC.SubType == SUBTYPE_QOS_NULL) ||
+                       (pHeader_802_11->FC.SubType == SUBTYPE_NULL_FUNC))))
+               {
+                       if (pAd->StaCfg.Psm == PWR_SAVE)
+                               pHeader_802_11->FC.PwrMgmt = PWR_SAVE;
+                       else
+                               pHeader_802_11->FC.PwrMgmt = pAd->CommonCfg.bAPSDForcePowerSave;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+
+
+       bInsertTimestamp = FALSE;
+       if (pHeader_802_11->FC.Type == BTYPE_CNTL) // must be PS-POLL
+       {
+#ifdef CONFIG_STA_SUPPORT
+               //Set PM bit in ps-poll, to fix WLK 1.2  PowerSaveMode_ext failure issue.
+               if ((pAd->OpMode == OPMODE_STA) && (pHeader_802_11->FC.SubType == SUBTYPE_PS_POLL))
+               {
+                       pHeader_802_11->FC.PwrMgmt = PWR_SAVE;
+               }
+#endif // CONFIG_STA_SUPPORT //
+               bAckRequired = FALSE;
+       }
+       else // BTYPE_MGMT or BTYPE_DATA(must be NULL frame)
+       {
+               //pAd->Sequence++;
+               //pHeader_802_11->Sequence = pAd->Sequence;
+
+               if (pHeader_802_11->Addr1[0] & 0x01) // MULTICAST, BROADCAST
+               {
+                       bAckRequired = FALSE;
+                       pHeader_802_11->Duration = 0;
+               }
+               else
+               {
+                       bAckRequired = TRUE;
+                       pHeader_802_11->Duration = RTMPCalcDuration(pAd, MlmeRate, 14);
+                       if ((pHeader_802_11->FC.SubType == SUBTYPE_PROBE_RSP) && (pHeader_802_11->FC.Type == BTYPE_MGMT))
+                       {
+                               bInsertTimestamp = TRUE;
+                               bAckRequired = FALSE; // Disable ACK to prevent retry 0x1f for Probe Response
+                       }
+                       else if ((pHeader_802_11->FC.SubType == SUBTYPE_PROBE_REQ) && (pHeader_802_11->FC.Type == BTYPE_MGMT))
+                       {
+                               bAckRequired = FALSE; // Disable ACK to prevent retry 0x1f for Probe Request
+                       }
+               }
+       }
+
+       pHeader_802_11->Sequence = pAd->Sequence++;
+       if (pAd->Sequence >0xfff)
+               pAd->Sequence = 0;
+
+       // Before radar detection done, mgmt frame can not be sent but probe req
+       // Because we need to use probe req to trigger driver to send probe req in passive scan
+       if ((pHeader_802_11->FC.SubType != SUBTYPE_PROBE_REQ)
+               && (pAd->CommonCfg.bIEEE80211H == 1)
+               && (pAd->CommonCfg.RadarDetect.RDMode != RD_NORMAL_MODE))
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("MlmeHardTransmit --> radar detect not in normal mode !!!\n"));
+//             if (!IrqState)
+               RTMP_SEM_UNLOCK(&pAd->MgmtRingLock);
+               return (NDIS_STATUS_FAILURE);
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pHeader_802_11, DIR_WRITE, FALSE);
+#endif
+
+       //
+       // fill scatter-and-gather buffer list into TXD. Internally created NDIS PACKET
+       // should always has only one physical buffer, and the whole frame size equals
+       // to the first scatter buffer size
+       //
+
+       // Initialize TX Descriptor
+       // For inter-frame gap, the number is for this frame and next frame
+       // For MLME rate, we will fix as 2Mb to match other vendor's implement
+//     pAd->CommonCfg.MlmeTransmit.field.MODE = 1;
+
+// management frame doesn't need encryption. so use RESERVED_WCID no matter u are sending to specific wcid or not.
+       PID = PID_MGMT;
+
+
+       if (pMacEntry == NULL)
+       {
+               RTMPWriteTxWI(pAd, pFirstTxWI, FALSE, FALSE, bInsertTimestamp, FALSE, bAckRequired, FALSE,
+               0, RESERVED_WCID, (SrcBufLen - TXINFO_SIZE - TXWI_SIZE), PID, 0,  (UCHAR)pAd->CommonCfg.MlmeTransmit.field.MCS, IFS_BACKOFF, FALSE, &pAd->CommonCfg.MlmeTransmit);
+       }
+       else
+       {
+               /* dont use low rate to send QoS Null data frame */
+               RTMPWriteTxWI(pAd, pFirstTxWI, FALSE, FALSE,
+                                       bInsertTimestamp, FALSE, bAckRequired, FALSE,
+                                       0, pMacEntry->Aid, (SrcBufLen - TXINFO_SIZE - TXWI_SIZE),
+                                       pMacEntry->MaxHTPhyMode.field.MCS, 0,
+                                       (UCHAR)pMacEntry->MaxHTPhyMode.field.MCS,
+                                       IFS_BACKOFF, FALSE, &pMacEntry->MaxHTPhyMode);
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)pFirstTxWI, TYPE_TXWI);
+#endif
+
+       // Now do hardware-depened kick out.
+       HAL_KickOutMgmtTx(pAd, QueIdx, pPacket, pSrcBufVA, SrcBufLen);
+
+       // Make sure to release MGMT ring resource
+//     if (!IrqState)
+               RTMP_SEM_UNLOCK(&pAd->MgmtRingLock);
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+/********************************************************************************
+
+       New DeQueue Procedures.
+
+ ********************************************************************************/
+
+#define DEQUEUE_LOCK(lock, bIntContext, IrqFlags)                              \
+                       do{                                                                                                     \
+                               if (bIntContext == FALSE)                                               \
+                               RTMP_IRQ_LOCK((lock), IrqFlags);                \
+                       }while(0)
+
+#define DEQUEUE_UNLOCK(lock, bIntContext, IrqFlags)                            \
+                       do{                                                                                                     \
+                               if (bIntContext == FALSE)                                               \
+                                       RTMP_IRQ_UNLOCK((lock), IrqFlags);      \
+                       }while(0)
+
+
+
+
+/*
+       ========================================================================
+       Tx Path design algorithm:
+               Basically, we divide the packets into four types, Broadcast/Multicast, 11N Rate(AMPDU, AMSDU, Normal), B/G Rate(ARALINK, Normal),
+               Specific Packet Type. Following show the classification rule and policy for each kinds of packets.
+                               Classification Rule=>
+                                       Multicast: (*addr1 & 0x01) == 0x01
+                                       Specific : bDHCPFrame, bARPFrame, bEAPOLFrame, etc.
+                                       11N Rate : If peer support HT
+                                                               (1).AMPDU  -- If TXBA is negotiated.
+                                                               (2).AMSDU  -- If AMSDU is capable for both peer and ourself.
+                                                                                       *). AMSDU can embedded in a AMPDU, but now we didn't support it.
+                                                               (3).Normal -- Other packets which send as 11n rate.
+
+                                       B/G Rate : If peer is b/g only.
+                                                               (1).ARALINK-- If both of peer/us supprot Ralink proprietary Aggregation and the TxRate is large than RATE_6
+                                                               (2).Normal -- Other packets which send as b/g rate.
+                                       Fragment:
+                                                               The packet must be unicast, NOT A-RALINK, NOT A-MSDU, NOT 11n, then can consider about fragment.
+
+                               Classified Packet Handle Rule=>
+                                       Multicast:
+                                                               No ACK,                 //pTxBlk->bAckRequired = FALSE;
+                                                               No WMM,                 //pTxBlk->bWMM = FALSE;
+                                                               No piggyback,   //pTxBlk->bPiggyBack = FALSE;
+                                                               Force LowRate,  //pTxBlk->bForceLowRate = TRUE;
+                                       Specific :      Basically, for specific packet, we should handle it specifically, but now all specific packets are use
+                                                                       the same policy to handle it.
+                                                               Force LowRate,  //pTxBlk->bForceLowRate = TRUE;
+
+                                       11N Rate :
+                                                               No piggyback,   //pTxBlk->bPiggyBack = FALSE;
+
+                                                               (1).AMSDU
+                                                                       pTxBlk->bWMM = TRUE;
+                                                               (2).AMPDU
+                                                                       pTxBlk->bWMM = TRUE;
+                                                               (3).Normal
+
+                                       B/G Rate :
+                                                               (1).ARALINK
+
+                                                               (2).Normal
+       ========================================================================
+*/
+static UCHAR TxPktClassification(
+       IN RTMP_ADAPTER *pAd,
+       IN PNDIS_PACKET  pPacket)
+{
+       UCHAR                   TxFrameType = TX_UNKOWN_FRAME;
+       UCHAR                   Wcid;
+       MAC_TABLE_ENTRY *pMacEntry = NULL;
+#ifdef DOT11_N_SUPPORT
+       BOOLEAN                 bHTRate = FALSE;
+#endif // DOT11_N_SUPPORT //
+
+       Wcid = RTMP_GET_PACKET_WCID(pPacket);
+       if (Wcid == MCAST_WCID)
+       {       // Handle for RA is Broadcast/Multicast Address.
+               return TX_MCAST_FRAME;
+       }
+
+       // Handle for unicast packets
+       pMacEntry = &pAd->MacTab.Content[Wcid];
+       if (RTMP_GET_PACKET_LOWRATE(pPacket))
+       {       // It's a specific packet need to force low rate, i.e., bDHCPFrame, bEAPOLFrame, bWAIFrame
+               TxFrameType = TX_LEGACY_FRAME;
+       }
+#ifdef DOT11_N_SUPPORT
+       else if (IS_HT_RATE(pMacEntry))
+       {       // it's a 11n capable packet
+
+               // Depends on HTPhyMode to check if the peer support the HTRate transmission.
+               //      Currently didn't support A-MSDU embedded in A-MPDU
+               bHTRate = TRUE;
+               if (RTMP_GET_PACKET_MOREDATA(pPacket) || (pMacEntry->PsMode == PWR_SAVE))
+                       TxFrameType = TX_LEGACY_FRAME;
+#ifdef UAPSD_AP_SUPPORT
+               else if (RTMP_GET_PACKET_EOSP(pPacket))
+                       TxFrameType = TX_LEGACY_FRAME;
+#endif // UAPSD_AP_SUPPORT //
+               else if((pMacEntry->TXBAbitmap & (1<<(RTMP_GET_PACKET_UP(pPacket)))) != 0)
+                       return TX_AMPDU_FRAME;
+               else if(CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_AMSDU_INUSED))
+                       return TX_AMSDU_FRAME;
+               else
+                       TxFrameType = TX_LEGACY_FRAME;
+       }
+#endif // DOT11_N_SUPPORT //
+       else
+       {       // it's a legacy b/g packet.
+               if ((CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_AGGREGATION_CAPABLE) && pAd->CommonCfg.bAggregationCapable) &&
+                       (RTMP_GET_PACKET_TXRATE(pPacket) >= RATE_6) &&
+                       (!(OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED) && CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_WMM_CAPABLE))))
+               {       // if peer support Ralink Aggregation, we use it.
+                       TxFrameType = TX_RALINK_FRAME;
+               }
+               else
+               {
+                       TxFrameType = TX_LEGACY_FRAME;
+               }
+       }
+
+       // Currently, our fragment only support when a unicast packet send as NOT-ARALINK, NOT-AMSDU and NOT-AMPDU.
+       if ((RTMP_GET_PACKET_FRAGMENTS(pPacket) > 1) && (TxFrameType == TX_LEGACY_FRAME))
+               TxFrameType = TX_FRAG_FRAME;
+
+       return TxFrameType;
+}
+
+
+BOOLEAN RTMP_FillTxBlkInfo(
+       IN RTMP_ADAPTER *pAd,
+       IN TX_BLK *pTxBlk)
+{
+       PACKET_INFO                     PacketInfo;
+       PNDIS_PACKET            pPacket;
+       PMAC_TABLE_ENTRY        pMacEntry = NULL;
+
+       pPacket = pTxBlk->pPacket;
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pTxBlk->pSrcBufHeader, &pTxBlk->SrcBufLen);
+
+       pTxBlk->Wcid                            = RTMP_GET_PACKET_WCID(pPacket);
+       pTxBlk->apidx                           = RTMP_GET_PACKET_IF(pPacket);
+       pTxBlk->UserPriority            = RTMP_GET_PACKET_UP(pPacket);
+       pTxBlk->FrameGap = IFS_HTTXOP;          // ASIC determine Frame Gap
+
+       if (RTMP_GET_PACKET_CLEAR_EAP_FRAME(pTxBlk->pPacket))
+               TX_BLK_SET_FLAG(pTxBlk, fTX_bClearEAPFrame);
+       else
+               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bClearEAPFrame);
+
+       // Default to clear this flag
+       TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bForceNonQoS);
+
+
+       if (pTxBlk->Wcid == MCAST_WCID)
+       {
+               pTxBlk->pMacEntry = NULL;
+               {
+#ifdef MCAST_RATE_SPECIFIC
+                       PUCHAR pDA = GET_OS_PKT_DATAPTR(pPacket);
+                       if (((*pDA & 0x01) == 0x01) && (*pDA != 0xff))
+                               pTxBlk->pTransmit = &pAd->CommonCfg.MCastPhyMode;
+                       else
+#endif // MCAST_RATE_SPECIFIC //
+                               pTxBlk->pTransmit = &pAd->MacTab.Content[MCAST_WCID].HTPhyMode;
+               }
+
+               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bAckRequired);    // AckRequired = FALSE, when broadcast packet in Adhoc mode.
+               //TX_BLK_SET_FLAG(pTxBlk, fTX_bForceLowRate);
+               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bAllowFrag);
+               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bWMM);
+               if (RTMP_GET_PACKET_MOREDATA(pPacket))
+               {
+                       TX_BLK_SET_FLAG(pTxBlk, fTX_bMoreData);
+               }
+
+       }
+       else
+       {
+               pTxBlk->pMacEntry = &pAd->MacTab.Content[pTxBlk->Wcid];
+               pTxBlk->pTransmit = &pTxBlk->pMacEntry->HTPhyMode;
+
+               pMacEntry = pTxBlk->pMacEntry;
+
+
+               // For all unicast packets, need Ack unless the Ack Policy is not set as NORMAL_ACK.
+               if (pAd->CommonCfg.AckPolicy[pTxBlk->QueIdx] != NORMAL_ACK)
+                       TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bAckRequired);
+               else
+                       TX_BLK_SET_FLAG(pTxBlk, fTX_bAckRequired);
+
+#ifdef CONFIG_STA_SUPPORT
+               if ((pAd->OpMode == OPMODE_STA) &&
+                       (ADHOC_ON(pAd)) &&
+                       (RX_FILTER_TEST_FLAG(pAd, fRX_FILTER_ACCEPT_PROMISCUOUS)))
+               {
+                       if(pAd->CommonCfg.PSPXlink)
+                               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bAckRequired);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               {
+
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       {
+
+                               // If support WMM, enable it.
+                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED) &&
+                                       CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_WMM_CAPABLE))
+                                       TX_BLK_SET_FLAG(pTxBlk, fTX_bWMM);
+
+//                             if (pAd->StaCfg.bAutoTxRateSwitch)
+//                                     TX_BLK_SET_FLAG(pTxBlk, fTX_AutoRateSwitch);
+                       }
+#endif // CONFIG_STA_SUPPORT //
+               }
+
+               if (pTxBlk->TxFrameType == TX_LEGACY_FRAME)
+               {
+                       if ( (RTMP_GET_PACKET_LOWRATE(pPacket)) ||
+                ((pAd->OpMode == OPMODE_AP) && (pMacEntry->MaxHTPhyMode.field.MODE == MODE_CCK) && (pMacEntry->MaxHTPhyMode.field.MCS == RATE_1)))
+                       {       // Specific packet, i.e., bDHCPFrame, bEAPOLFrame, bWAIFrame, need force low rate.
+                               pTxBlk->pTransmit = &pAd->MacTab.Content[MCAST_WCID].HTPhyMode;
+#ifdef DOT11_N_SUPPORT
+                               // Modify the WMM bit for ICV issue. If we have a packet with EOSP field need to set as 1, how to handle it???
+                               if (IS_HT_STA(pTxBlk->pMacEntry) &&
+                                       (CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_RALINK_CHIPSET)) &&
+                                       ((pAd->CommonCfg.bRdg == TRUE) && CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_RDG_CAPABLE)))
+                               {
+                                       TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bWMM);
+                                       TX_BLK_SET_FLAG(pTxBlk, fTX_bForceNonQoS);
+                               }
+#endif // DOT11_N_SUPPORT //
+                       }
+
+#ifdef DOT11_N_SUPPORT
+                       if ( (IS_HT_RATE(pMacEntry) == FALSE) &&
+                               (CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_PIGGYBACK_CAPABLE)))
+                       {       // Currently piggy-back only support when peer is operate in b/g mode.
+                               TX_BLK_SET_FLAG(pTxBlk, fTX_bPiggyBack);
+                       }
+#endif // DOT11_N_SUPPORT //
+
+                       if (RTMP_GET_PACKET_MOREDATA(pPacket))
+                       {
+                               TX_BLK_SET_FLAG(pTxBlk, fTX_bMoreData);
+                       }
+#ifdef UAPSD_AP_SUPPORT
+                       if (RTMP_GET_PACKET_EOSP(pPacket))
+                       {
+                               TX_BLK_SET_FLAG(pTxBlk, fTX_bWMM_UAPSD_EOSP);
+                       }
+#endif // UAPSD_AP_SUPPORT //
+               }
+               else if (pTxBlk->TxFrameType == TX_FRAG_FRAME)
+               {
+                       TX_BLK_SET_FLAG(pTxBlk, fTX_bAllowFrag);
+               }
+
+               pMacEntry->DebugTxCount++;
+       }
+
+       return TRUE;
+}
+
+
+BOOLEAN CanDoAggregateTransmit(
+       IN RTMP_ADAPTER *pAd,
+       IN NDIS_PACKET *pPacket,
+       IN TX_BLK               *pTxBlk)
+{
+
+       //DBGPRINT(RT_DEBUG_TRACE, ("Check if can do aggregation! TxFrameType=%d!\n", pTxBlk->TxFrameType));
+
+       if (RTMP_GET_PACKET_WCID(pPacket) == MCAST_WCID)
+               return FALSE;
+
+       if (RTMP_GET_PACKET_DHCP(pPacket) ||
+               RTMP_GET_PACKET_EAPOL(pPacket) ||
+               RTMP_GET_PACKET_WAI(pPacket))
+               return FALSE;
+
+       if ((pTxBlk->TxFrameType == TX_AMSDU_FRAME) &&
+               ((pTxBlk->TotalFrameLen + GET_OS_PKT_LEN(pPacket))> (RX_BUFFER_AGGRESIZE - 100)))
+       {       // For AMSDU, allow the packets with total length < max-amsdu size
+               return FALSE;
+       }
+
+       if ((pTxBlk->TxFrameType == TX_RALINK_FRAME) &&
+               (pTxBlk->TxPacketList.Number == 2))
+       {       // For RALINK-Aggregation, allow two frames in one batch.
+               return FALSE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       if ((INFRA_ON(pAd)) && (pAd->OpMode == OPMODE_STA)) // must be unicast to AP
+               return TRUE;
+       else
+#endif // CONFIG_STA_SUPPORT //
+               return FALSE;
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               To do the enqueue operation and extract the first item of waiting
+               list. If a number of available shared memory segments could meet
+               the request of extracted item, the extracted item will be fragmented
+               into shared memory segments.
+
+       Arguments:
+               pAd Pointer to our adapter
+               pQueue          Pointer to Waiting Queue
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPDeQueuePacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  BOOLEAN         bIntContext,
+       IN  UCHAR                       QIdx, /* BulkOutPipeId */
+       IN  UCHAR           Max_Tx_Packets)
+{
+       PQUEUE_ENTRY    pEntry = NULL;
+       PNDIS_PACKET    pPacket;
+       NDIS_STATUS     Status = NDIS_STATUS_SUCCESS;
+       UCHAR           Count=0;
+       PQUEUE_HEADER   pQueue;
+       ULONG           FreeNumber[NUM_OF_TX_RING];
+       UCHAR                   QueIdx, sQIdx, eQIdx;
+       unsigned long   IrqFlags = 0;
+       BOOLEAN                 hasTxDesc = FALSE;
+       TX_BLK                  TxBlk;
+       TX_BLK                  *pTxBlk;
+
+#ifdef DBG_DIAGNOSE
+       BOOLEAN                 firstRound;
+       RtmpDiagStruct  *pDiagStruct = &pAd->DiagStruct;
+#endif
+
+
+       if (QIdx == NUM_OF_TX_RING)
+       {
+               sQIdx = 0;
+               eQIdx = 3;      // 4 ACs, start from 0.
+       }
+       else
+       {
+               sQIdx = eQIdx = QIdx;
+       }
+
+       for (QueIdx=sQIdx; QueIdx <= eQIdx; QueIdx++)
+       {
+               Count=0;
+
+               RTMP_START_DEQUEUE(pAd, QueIdx, IrqFlags);
+
+#ifdef DBG_DIAGNOSE
+               firstRound = ((QueIdx == 0) ? TRUE : FALSE);
+#endif // DBG_DIAGNOSE //
+
+               while (1)
+               {
+                       if ((RTMP_TEST_FLAG(pAd, (fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS |
+                                                                               fRTMP_ADAPTER_RADIO_OFF |
+                                                                               fRTMP_ADAPTER_RESET_IN_PROGRESS |
+                                                                               fRTMP_ADAPTER_HALT_IN_PROGRESS |
+                                                                               fRTMP_ADAPTER_NIC_NOT_EXIST))))
+                       {
+                               RTMP_STOP_DEQUEUE(pAd, QueIdx, IrqFlags);
+                               return;
+                       }
+
+                       if (Count >= Max_Tx_Packets)
+                               break;
+
+                       DEQUEUE_LOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+                       if (&pAd->TxSwQueue[QueIdx] == NULL)
+                       {
+#ifdef DBG_DIAGNOSE
+                               if (firstRound == TRUE)
+                                       pDiagStruct->TxSWQueCnt[pDiagStruct->ArrayCurIdx][0]++;
+#endif // DBG_DIAGNOSE //
+                               DEQUEUE_UNLOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+                               break;
+                       }
+
+#ifdef RTMP_MAC_PCI
+                       FreeNumber[QueIdx] = GET_TXRING_FREENO(pAd, QueIdx);
+
+#ifdef DBG_DIAGNOSE
+                       if (firstRound == TRUE)
+                       {
+                               UCHAR   txDescNumLevel, txSwQNumLevel;
+
+                               txDescNumLevel = (TX_RING_SIZE - FreeNumber[QueIdx]); // Number of occupied hw desc.
+                               txDescNumLevel = ((txDescNumLevel <=15) ? txDescNumLevel : 15);
+                               pDiagStruct->TxDescCnt[pDiagStruct->ArrayCurIdx][txDescNumLevel]++;
+
+                               txSwQNumLevel = ((pAd->TxSwQueue[QueIdx].Number <=7) ? pAd->TxSwQueue[QueIdx].Number : 8);
+                               pDiagStruct->TxSWQueCnt[pDiagStruct->ArrayCurIdx][txSwQNumLevel]++;
+
+                               firstRound = FALSE;
+                       }
+#endif // DBG_DIAGNOSE //
+
+                       if (FreeNumber[QueIdx] <= 5)
+                       {
+                               // free Tx(QueIdx) resources
+                               RTMPFreeTXDUponTxDmaDone(pAd, QueIdx);
+                               FreeNumber[QueIdx] = GET_TXRING_FREENO(pAd, QueIdx);
+                       }
+#endif // RTMP_MAC_PCI //
+
+                       // probe the Queue Head
+                       pQueue = &pAd->TxSwQueue[QueIdx];
+                       if ((pEntry = pQueue->Head) == NULL)
+                       {
+                               DEQUEUE_UNLOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+                               break;
+                       }
+
+                       pTxBlk = &TxBlk;
+                       NdisZeroMemory((PUCHAR)pTxBlk, sizeof(TX_BLK));
+                       //InitializeQueueHeader(&pTxBlk->TxPacketList);         // Didn't need it because we already memzero it.
+                       pTxBlk->QueIdx = QueIdx;
+
+                       pPacket = QUEUE_ENTRY_TO_PACKET(pEntry);
+
+
+                       // Early check to make sure we have enoguh Tx Resource.
+                       hasTxDesc = RTMP_HAS_ENOUGH_FREE_DESC(pAd, pTxBlk, FreeNumber[QueIdx], pPacket);
+                       if (!hasTxDesc)
+                       {
+                               pAd->PrivateInfo.TxRingFullCnt++;
+
+                               DEQUEUE_UNLOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+
+                               break;
+                       }
+
+                       pTxBlk->TxFrameType = TxPktClassification(pAd, pPacket);
+                       pEntry = RemoveHeadQueue(pQueue);
+                       pTxBlk->TotalFrameNum++;
+                       pTxBlk->TotalFragNum += RTMP_GET_PACKET_FRAGMENTS(pPacket);     // The real fragment number maybe vary
+                       pTxBlk->TotalFrameLen += GET_OS_PKT_LEN(pPacket);
+                       pTxBlk->pPacket = pPacket;
+                       InsertTailQueue(&pTxBlk->TxPacketList, PACKET_TO_QUEUE_ENTRY(pPacket));
+
+                       if (pTxBlk->TxFrameType == TX_RALINK_FRAME || pTxBlk->TxFrameType == TX_AMSDU_FRAME)
+                       {
+                               // Enhance SW Aggregation Mechanism
+                               if (NEED_QUEUE_BACK_FOR_AGG(pAd, QueIdx, FreeNumber[QueIdx], pTxBlk->TxFrameType))
+                               {
+                                       InsertHeadQueue(pQueue, PACKET_TO_QUEUE_ENTRY(pPacket));
+                                       DEQUEUE_UNLOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+                                       break;
+                               }
+
+                               do{
+                                       if((pEntry = pQueue->Head) == NULL)
+                                               break;
+
+                                       // For TX_AMSDU_FRAME/TX_RALINK_FRAME, Need to check if next pakcet can do aggregation.
+                                       pPacket = QUEUE_ENTRY_TO_PACKET(pEntry);
+                                       FreeNumber[QueIdx] = GET_TXRING_FREENO(pAd, QueIdx);
+                                       hasTxDesc = RTMP_HAS_ENOUGH_FREE_DESC(pAd, pTxBlk, FreeNumber[QueIdx], pPacket);
+                                       if ((hasTxDesc == FALSE) || (CanDoAggregateTransmit(pAd, pPacket, pTxBlk) == FALSE))
+                                               break;
+
+                                       //Remove the packet from the TxSwQueue and insert into pTxBlk
+                                       pEntry = RemoveHeadQueue(pQueue);
+                                       ASSERT(pEntry);
+                                       pPacket = QUEUE_ENTRY_TO_PACKET(pEntry);
+                                       pTxBlk->TotalFrameNum++;
+                                       pTxBlk->TotalFragNum += RTMP_GET_PACKET_FRAGMENTS(pPacket);     // The real fragment number maybe vary
+                                       pTxBlk->TotalFrameLen += GET_OS_PKT_LEN(pPacket);
+                                       InsertTailQueue(&pTxBlk->TxPacketList, PACKET_TO_QUEUE_ENTRY(pPacket));
+                               }while(1);
+
+                               if (pTxBlk->TxPacketList.Number == 1)
+                                       pTxBlk->TxFrameType = TX_LEGACY_FRAME;
+                       }
+
+
+                       Count += pTxBlk->TxPacketList.Number;
+
+
+                               // Do HardTransmit now.
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               Status = STAHardTransmit(pAd, pTxBlk, QueIdx);
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RTMP_MAC_PCI
+                       DEQUEUE_UNLOCK(&pAd->irq_lock, bIntContext, IrqFlags);
+                       // static rate also need NICUpdateFifoStaCounters() function.
+                       //if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED))
+                               NICUpdateFifoStaCounters(pAd);
+#endif // RTMP_MAC_PCI //
+
+               }
+
+               RTMP_STOP_DEQUEUE(pAd, QueIdx, IrqFlags);
+
+
+#ifdef BLOCK_NET_IF
+               if ((pAd->blockQueueTab[QueIdx].SwTxQueueBlockFlag == TRUE)
+                       && (pAd->TxSwQueue[QueIdx].Number < 1))
+               {
+                       releaseNetIf(&pAd->blockQueueTab[QueIdx]);
+               }
+#endif // BLOCK_NET_IF //
+
+       }
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculates the duration which is required to transmit out frames
+       with given size and specified rate.
+
+       Arguments:
+               pAd     Pointer to our adapter
+               Rate                    Transmit rate
+               Size                    Frame size in units of byte
+
+       Return Value:
+               Duration number in units of usec
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+USHORT RTMPCalcDuration(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   Rate,
+       IN      ULONG                   Size)
+{
+       ULONG   Duration = 0;
+
+       if (Rate < RATE_FIRST_OFDM_RATE) // CCK
+       {
+               if ((Rate > RATE_1) && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED))
+                       Duration = 96;  // 72+24 preamble+plcp
+               else
+                       Duration = 192; // 144+48 preamble+plcp
+
+               Duration += (USHORT)((Size << 4) / RateIdTo500Kbps[Rate]);
+               if ((Size << 4) % RateIdTo500Kbps[Rate])
+                       Duration ++;
+       }
+       else if (Rate <= RATE_LAST_OFDM_RATE)// OFDM rates
+       {
+               Duration = 20 + 6;              // 16+4 preamble+plcp + Signal Extension
+               Duration += 4 * (USHORT)((11 + Size * 4) / RateIdTo500Kbps[Rate]);
+               if ((11 + Size * 4) % RateIdTo500Kbps[Rate])
+                       Duration += 4;
+       }
+       else    //mimo rate
+       {
+               Duration = 20 + 6;              // 16+4 preamble+plcp + Signal Extension
+       }
+
+       return (USHORT)Duration;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculates the duration which is required to transmit out frames
+       with given size and specified rate.
+
+       Arguments:
+               pTxWI           Pointer to head of each MPDU to HW.
+               Ack             Setting for Ack requirement bit
+               Fragment        Setting for Fragment bit
+               RetryMode       Setting for retry mode
+               Ifs             Setting for IFS gap
+               Rate            Setting for transmit rate
+               Service         Setting for service
+               Length          Frame length
+               TxPreamble      Short or Long preamble when using CCK rates
+               QueIdx - 0-3, according to 802.11e/d4.4 June/2003
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+    See also : BASmartHardTransmit()    !!!
+
+       ========================================================================
+*/
+VOID RTMPWriteTxWI(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXWI_STRUC     pOutTxWI,
+       IN      BOOLEAN                 FRAG,
+       IN      BOOLEAN                 CFACK,
+       IN      BOOLEAN                 InsTimestamp,
+       IN      BOOLEAN                 AMPDU,
+       IN      BOOLEAN                 Ack,
+       IN      BOOLEAN                 NSeq,           // HW new a sequence.
+       IN      UCHAR                   BASize,
+       IN      UCHAR                   WCID,
+       IN      ULONG                   Length,
+       IN      UCHAR                   PID,
+       IN      UCHAR                   TID,
+       IN      UCHAR                   TxRate,
+       IN      UCHAR                   Txopmode,
+       IN      BOOLEAN                 CfAck,
+       IN      HTTRANSMIT_SETTING      *pTransmit)
+{
+       PMAC_TABLE_ENTRY        pMac = NULL;
+       TXWI_STRUC              TxWI;
+       PTXWI_STRUC     pTxWI;
+
+       if (WCID < MAX_LEN_OF_MAC_TABLE)
+               pMac = &pAd->MacTab.Content[WCID];
+
+       //
+       // Always use Long preamble before verifiation short preamble functionality works well.
+       // Todo: remove the following line if short preamble functionality works
+       //
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+       NdisZeroMemory(&TxWI, TXWI_SIZE);
+       pTxWI = &TxWI;
+
+       pTxWI->FRAG= FRAG;
+
+       pTxWI->CFACK = CFACK;
+       pTxWI->TS= InsTimestamp;
+       pTxWI->AMPDU = AMPDU;
+       pTxWI->ACK = Ack;
+       pTxWI->txop= Txopmode;
+
+       pTxWI->NSEQ = NSeq;
+       // John tune the performace with Intel Client in 20 MHz performance
+#ifdef DOT11_N_SUPPORT
+       BASize = pAd->CommonCfg.TxBASize;
+       if (pAd->MACVersion == 0x28720200)
+       {
+               if( BASize >13 )
+                       BASize =13;
+       }
+       else
+       {
+               if( BASize >7 )
+                       BASize =7;
+       }
+       pTxWI->BAWinSize = BASize;
+       pTxWI->ShortGI = pTransmit->field.ShortGI;
+       pTxWI->STBC = pTransmit->field.STBC;
+#endif // DOT11_N_SUPPORT //
+
+       pTxWI->WirelessCliID = WCID;
+       pTxWI->MPDUtotalByteCount = Length;
+       pTxWI->PacketId = PID;
+
+       // If CCK or OFDM, BW must be 20
+       pTxWI->BW = (pTransmit->field.MODE <= MODE_OFDM) ? (BW_20) : (pTransmit->field.BW);
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       if (pTxWI->BW)
+               pTxWI->BW = (pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth == 0) ? (BW_20) : (pTransmit->field.BW);
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+       pTxWI->MCS = pTransmit->field.MCS;
+       pTxWI->PHYMODE = pTransmit->field.MODE;
+       pTxWI->CFACK = CfAck;
+
+#ifdef DOT11_N_SUPPORT
+       if (pMac)
+       {
+        if (pAd->CommonCfg.bMIMOPSEnable)
+        {
+               if ((pMac->MmpsMode == MMPS_DYNAMIC) && (pTransmit->field.MCS > 7))
+                       {
+                               // Dynamic MIMO Power Save Mode
+                               pTxWI->MIMOps = 1;
+                       }
+                       else if (pMac->MmpsMode == MMPS_STATIC)
+                       {
+                               // Static MIMO Power Save Mode
+                               if (pTransmit->field.MODE >= MODE_HTMIX && pTransmit->field.MCS > 7)
+                               {
+                                       pTxWI->MCS = 7;
+                                       pTxWI->MIMOps = 0;
+                               }
+                       }
+        }
+               //pTxWI->MIMOps = (pMac->PsMode == PWR_MMPS)? 1:0;
+               if (pMac->bIAmBadAtheros && (pMac->WepStatus != Ndis802_11WEPDisabled))
+               {
+                       pTxWI->MpduDensity = 7;
+               }
+               else
+               {
+               pTxWI->MpduDensity = pMac->MpduDensity;
+       }
+       }
+#endif // DOT11_N_SUPPORT //
+
+       pTxWI->PacketId = pTxWI->MCS;
+       NdisMoveMemory(pOutTxWI, &TxWI, sizeof(TXWI_STRUC));
+}
+
+
+VOID RTMPWriteTxWI_Data(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      OUT PTXWI_STRUC         pTxWI,
+       IN      TX_BLK                          *pTxBlk)
+{
+       HTTRANSMIT_SETTING      *pTransmit;
+       PMAC_TABLE_ENTRY        pMacEntry;
+#ifdef DOT11_N_SUPPORT
+       UCHAR                           BASize;
+#endif // DOT11_N_SUPPORT //
+
+
+       ASSERT(pTxWI);
+
+       pTransmit = pTxBlk->pTransmit;
+       pMacEntry = pTxBlk->pMacEntry;
+
+
+       //
+       // Always use Long preamble before verifiation short preamble functionality works well.
+       // Todo: remove the following line if short preamble functionality works
+       //
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+       NdisZeroMemory(pTxWI, TXWI_SIZE);
+
+       pTxWI->FRAG             = TX_BLK_TEST_FLAG(pTxBlk, fTX_bAllowFrag);
+       pTxWI->ACK              = TX_BLK_TEST_FLAG(pTxBlk, fTX_bAckRequired);
+       pTxWI->txop             = pTxBlk->FrameGap;
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+       if (pMacEntry &&
+               (pAd->StaCfg.BssType == BSS_INFRA) &&
+               (pMacEntry->ValidAsDls == TRUE))
+               pTxWI->WirelessCliID = BSSID_WCID;
+       else
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+       pTxWI->WirelessCliID            = pTxBlk->Wcid;
+
+       pTxWI->MPDUtotalByteCount       = pTxBlk->MpduHeaderLen + pTxBlk->SrcBufLen;
+       pTxWI->CFACK                            = TX_BLK_TEST_FLAG(pTxBlk, fTX_bPiggyBack);
+
+       // If CCK or OFDM, BW must be 20
+       pTxWI->BW = (pTransmit->field.MODE <= MODE_OFDM) ? (BW_20) : (pTransmit->field.BW);
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       if (pTxWI->BW)
+               pTxWI->BW = (pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth == 0) ? (BW_20) : (pTransmit->field.BW);
+#endif // DOT11N_DRAFT3 //
+       pTxWI->AMPDU    = ((pTxBlk->TxFrameType == TX_AMPDU_FRAME) ? TRUE : FALSE);
+
+       // John tune the performace with Intel Client in 20 MHz performance
+       BASize = pAd->CommonCfg.TxBASize;
+       if((pTxBlk->TxFrameType == TX_AMPDU_FRAME) && (pMacEntry))
+       {
+               UCHAR           RABAOriIdx = 0; //The RA's BA Originator table index.
+
+               RABAOriIdx = pTxBlk->pMacEntry->BAOriWcidArray[pTxBlk->UserPriority];
+               BASize = pAd->BATable.BAOriEntry[RABAOriIdx].BAWinSize;
+       }
+
+
+       pTxWI->TxBF = pTransmit->field.TxBF;
+       pTxWI->BAWinSize = BASize;
+       pTxWI->ShortGI = pTransmit->field.ShortGI;
+       pTxWI->STBC = pTransmit->field.STBC;
+#endif // DOT11_N_SUPPORT //
+
+       pTxWI->MCS = pTransmit->field.MCS;
+       pTxWI->PHYMODE = pTransmit->field.MODE;
+
+
+#ifdef DOT11_N_SUPPORT
+       if (pMacEntry)
+       {
+               if ((pMacEntry->MmpsMode == MMPS_DYNAMIC) && (pTransmit->field.MCS > 7))
+               {
+                       // Dynamic MIMO Power Save Mode
+                       pTxWI->MIMOps = 1;
+               }
+               else if (pMacEntry->MmpsMode == MMPS_STATIC)
+               {
+                       // Static MIMO Power Save Mode
+                       if (pTransmit->field.MODE >= MODE_HTMIX && pTransmit->field.MCS > 7)
+                       {
+                               pTxWI->MCS = 7;
+                               pTxWI->MIMOps = 0;
+                       }
+               }
+
+               if (pMacEntry->bIAmBadAtheros && (pMacEntry->WepStatus != Ndis802_11WEPDisabled))
+               {
+                       pTxWI->MpduDensity = 7;
+               }
+               else
+               {
+               pTxWI->MpduDensity = pMacEntry->MpduDensity;
+       }
+       }
+#endif // DOT11_N_SUPPORT //
+
+#ifdef DBG_DIAGNOSE
+               if (pTxBlk->QueIdx== 0)
+               {
+                       pAd->DiagStruct.TxDataCnt[pAd->DiagStruct.ArrayCurIdx]++;
+                       pAd->DiagStruct.TxMcsCnt[pAd->DiagStruct.ArrayCurIdx][pTxWI->MCS]++;
+               }
+#endif // DBG_DIAGNOSE //
+
+       // for rate adapation
+       pTxWI->PacketId = pTxWI->MCS;
+#ifdef INF_AMAZON_SE
+/*Iverson patch for WMM A5-T07 ,WirelessStaToWirelessSta do not bulk out aggregate */
+       if( RTMP_GET_PACKET_NOBULKOUT(pTxBlk->pPacket))
+       {
+               if(pTxWI->PHYMODE == MODE_CCK)
+               {
+                       pTxWI->PacketId = 6;
+               }
+       }
+#endif // INF_AMAZON_SE //
+}
+
+
+VOID RTMPWriteTxWI_Cache(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      OUT PTXWI_STRUC         pTxWI,
+       IN      TX_BLK                          *pTxBlk)
+{
+       PHTTRANSMIT_SETTING     /*pTxHTPhyMode,*/ pTransmit;
+       PMAC_TABLE_ENTRY        pMacEntry;
+
+       //
+       // update TXWI
+       //
+       pMacEntry = pTxBlk->pMacEntry;
+       pTransmit = pTxBlk->pTransmit;
+
+       //if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED))
+       //if (RTMPCheckEntryEnableAutoRateSwitch(pAd, pMacEntry))
+       //if (TX_BLK_TEST_FLAG(pTxBlk, fTX_AutoRateSwitch))
+       if (pMacEntry->bAutoTxRateSwitch)
+       {
+               pTxWI->txop = IFS_HTTXOP;
+
+               // If CCK or OFDM, BW must be 20
+               pTxWI->BW = (pTransmit->field.MODE <= MODE_OFDM) ? (BW_20) : (pTransmit->field.BW);
+               pTxWI->ShortGI = pTransmit->field.ShortGI;
+               pTxWI->STBC = pTransmit->field.STBC;
+
+               pTxWI->MCS = pTransmit->field.MCS;
+               pTxWI->PHYMODE = pTransmit->field.MODE;
+
+               // set PID for TxRateSwitching
+               pTxWI->PacketId = pTransmit->field.MCS;
+       }
+
+#ifdef DOT11_N_SUPPORT
+       pTxWI->AMPDU = ((pMacEntry->NoBADataCountDown == 0) ? TRUE: FALSE);
+       pTxWI->MIMOps = 0;
+
+#ifdef DOT11N_DRAFT3
+       if (pTxWI->BW)
+               pTxWI->BW = (pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth == 0) ? (BW_20) : (pTransmit->field.BW);
+#endif // DOT11N_DRAFT3 //
+
+    if (pAd->CommonCfg.bMIMOPSEnable)
+    {
+               // MIMO Power Save Mode
+               if ((pMacEntry->MmpsMode == MMPS_DYNAMIC) && (pTransmit->field.MCS > 7))
+               {
+                       // Dynamic MIMO Power Save Mode
+                       pTxWI->MIMOps = 1;
+               }
+               else if (pMacEntry->MmpsMode == MMPS_STATIC)
+               {
+                       // Static MIMO Power Save Mode
+                       if ((pTransmit->field.MODE >= MODE_HTMIX) && (pTransmit->field.MCS > 7))
+                       {
+                               pTxWI->MCS = 7;
+                               pTxWI->MIMOps = 0;
+                       }
+               }
+    }
+#endif // DOT11_N_SUPPORT //
+
+#ifdef DBG_DIAGNOSE
+       if (pTxBlk->QueIdx== 0)
+       {
+               pAd->DiagStruct.TxDataCnt[pAd->DiagStruct.ArrayCurIdx]++;
+               pAd->DiagStruct.TxMcsCnt[pAd->DiagStruct.ArrayCurIdx][pTxWI->MCS]++;
+       }
+#endif // DBG_DIAGNOSE //
+
+       pTxWI->MPDUtotalByteCount = pTxBlk->MpduHeaderLen + pTxBlk->SrcBufLen;
+
+}
+
+
+// should be called only when -
+// 1. MEADIA_CONNECTED
+// 2. AGGREGATION_IN_USED
+// 3. Fragmentation not in used
+// 4. either no previous frame (pPrevAddr1=NULL) .OR. previoud frame is aggregatible
+BOOLEAN TxFrameIsAggregatible(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pPrevAddr1,
+       IN      PUCHAR                  p8023hdr)
+{
+
+       // can't aggregate EAPOL (802.1x) frame
+       if ((p8023hdr[12] == 0x88) && (p8023hdr[13] == 0x8e))
+               return FALSE;
+
+       // can't aggregate multicast/broadcast frame
+       if (p8023hdr[0] & 0x01)
+               return FALSE;
+
+       if (INFRA_ON(pAd)) // must be unicast to AP
+               return TRUE;
+       else if ((pPrevAddr1 == NULL) || MAC_ADDR_EQUAL(pPrevAddr1, p8023hdr)) // unicast to same STA
+               return TRUE;
+       else
+               return FALSE;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+          Check the MSDU Aggregation policy
+       1.HT aggregation is A-MSDU
+       2.legaacy rate aggregation is software aggregation by Ralink.
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+BOOLEAN PeerIsAggreOn(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      ULONG              TxRate,
+       IN      PMAC_TABLE_ENTRY pMacEntry)
+{
+       ULONG   AFlags = (fCLIENT_STATUS_AMSDU_INUSED | fCLIENT_STATUS_AGGREGATION_CAPABLE);
+
+       if (pMacEntry != NULL && CLIENT_STATUS_TEST_FLAG(pMacEntry, AFlags))
+       {
+#ifdef DOT11_N_SUPPORT
+               if (pMacEntry->HTPhyMode.field.MODE >= MODE_HTMIX)
+               {
+                       return TRUE;
+               }
+#endif // DOT11_N_SUPPORT //
+
+#ifdef AGGREGATION_SUPPORT
+               if (TxRate >= RATE_6 && pAd->CommonCfg.bAggregationCapable && (!(OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED) && CLIENT_STATUS_TEST_FLAG(pMacEntry, fCLIENT_STATUS_WMM_CAPABLE))))
+               {       // legacy  Ralink Aggregation support
+                       return TRUE;
+               }
+#endif // AGGREGATION_SUPPORT //
+       }
+
+       return FALSE;
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Check and fine the packet waiting in SW queue with highest priority
+
+       Arguments:
+               pAd Pointer to our adapter
+
+       Return Value:
+               pQueue          Pointer to Waiting Queue
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+PQUEUE_HEADER  RTMPCheckTxSwQueue(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT PUCHAR                      pQueIdx)
+{
+
+       ULONG   Number;
+       // 2004-11-15 to be removed. test aggregation only
+//     if ((OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED)) && (*pNumber < 2))
+//              return NULL;
+
+       Number = pAd->TxSwQueue[QID_AC_BK].Number
+                        + pAd->TxSwQueue[QID_AC_BE].Number
+                        + pAd->TxSwQueue[QID_AC_VI].Number
+                        + pAd->TxSwQueue[QID_AC_VO].Number;
+                        /*+ pAd->TxSwQueue[QID_HCCA].Number;*/
+
+       if (pAd->TxSwQueue[QID_AC_VO].Head != NULL)
+       {
+               *pQueIdx = QID_AC_VO;
+               return (&pAd->TxSwQueue[QID_AC_VO]);
+       }
+       else if (pAd->TxSwQueue[QID_AC_VI].Head != NULL)
+       {
+               *pQueIdx = QID_AC_VI;
+               return (&pAd->TxSwQueue[QID_AC_VI]);
+       }
+       else if (pAd->TxSwQueue[QID_AC_BE].Head != NULL)
+       {
+               *pQueIdx = QID_AC_BE;
+               return (&pAd->TxSwQueue[QID_AC_BE]);
+       }
+       else if (pAd->TxSwQueue[QID_AC_BK].Head != NULL)
+       {
+               *pQueIdx = QID_AC_BK;
+               return (&pAd->TxSwQueue[QID_AC_BK]);
+       }
+       /*
+       else if (pAd->TxSwQueue[QID_HCCA].Head != NULL)
+       {
+               *pQueIdx = QID_HCCA;
+               return (&pAd->TxSwQueue[QID_HCCA]);
+       }
+       */
+
+       // No packet pending in Tx Sw queue
+       *pQueIdx = QID_AC_BK;
+
+       return (NULL);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Suspend MSDU transmission
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPSuspendMsduTransmission(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       DBGPRINT(RT_DEBUG_TRACE,("SCANNING, suspend MSDU transmission ...\n"));
+
+
+       //
+       // Before BSS_SCAN_IN_PROGRESS, we need to keep Current R66 value and
+       // use Lowbound as R66 value on ScanNextChannel(...)
+       //
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R66, &pAd->BbpTuning.R66CurrentValue);
+
+       // set BBP_R66 to 0x30/0x40 when scanning (AsicSwitchChannel will set R66 according to channel when scanning)
+       //RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, (0x26 + GET_LNA_GAIN(pAd)));
+       RTMPSetAGCInitValue(pAd, BW_20);
+
+       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+       //RTMP_IO_WRITE32(pAd, TX_CNTL_CSR, 0x000f0000);                // abort all TX rings
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Resume MSDU transmission
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPResumeMsduTransmission(
+       IN      PRTMP_ADAPTER   pAd)
+{
+//    UCHAR                    IrqState;
+
+       DBGPRINT(RT_DEBUG_TRACE,("SCAN done, resume MSDU transmission ...\n"));
+
+
+       // After finish BSS_SCAN_IN_PROGRESS, we need to restore Current R66 value
+       // R66 should not be 0
+       if (pAd->BbpTuning.R66CurrentValue == 0)
+       {
+               pAd->BbpTuning.R66CurrentValue = 0x38;
+               DBGPRINT_ERR(("RTMPResumeMsduTransmission, R66CurrentValue=0...\n"));
+       }
+
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, pAd->BbpTuning.R66CurrentValue);
+
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+// sample, for IRQ LOCK to SEM LOCK
+//    IrqState = pAd->irq_disabled;
+//     if (IrqState)
+//             RTMPDeQueuePacket(pAd, TRUE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+//    else
+       RTMPDeQueuePacket(pAd, FALSE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+}
+
+
+UINT deaggregate_AMSDU_announce(
+       IN      PRTMP_ADAPTER   pAd,
+       PNDIS_PACKET            pPacket,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize)
+{
+       USHORT                  PayloadSize;
+       USHORT                  SubFrameSize;
+       PHEADER_802_3   pAMSDUsubheader;
+       UINT                    nMSDU;
+    UCHAR                      Header802_3[14];
+
+       PUCHAR                  pPayload, pDA, pSA, pRemovedLLCSNAP;
+       PNDIS_PACKET    pClonePacket;
+
+
+
+       nMSDU = 0;
+
+       while (DataSize > LENGTH_802_3)
+       {
+
+               nMSDU++;
+
+               //hex_dump("subheader", pData, 64);
+               pAMSDUsubheader = (PHEADER_802_3)pData;
+               //pData += LENGTH_802_3;
+               PayloadSize = pAMSDUsubheader->Octet[1] + (pAMSDUsubheader->Octet[0]<<8);
+               SubFrameSize = PayloadSize + LENGTH_802_3;
+
+
+               if ((DataSize < SubFrameSize) || (PayloadSize > 1518 ))
+               {
+                       break;
+               }
+
+               //DBGPRINT(RT_DEBUG_TRACE,("%d subframe: Size = %d\n",  nMSDU, PayloadSize));
+
+               pPayload = pData + LENGTH_802_3;
+               pDA = pData;
+               pSA = pData + MAC_ADDR_LEN;
+
+               // convert to 802.3 header
+        CONVERT_TO_802_3(Header802_3, pDA, pSA, pPayload, PayloadSize, pRemovedLLCSNAP);
+
+#ifdef CONFIG_STA_SUPPORT
+               if ((Header802_3[12] == 0x88) && (Header802_3[13] == 0x8E) )
+               {
+                       /* avoid local heap overflow, use dyanamic allocation */
+                  MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+                       if (Elem != NULL)
+                       {
+                               memmove(Elem->Msg+(LENGTH_802_11 + LENGTH_802_1_H), pPayload, PayloadSize);
+                               Elem->MsgLen = LENGTH_802_11 + LENGTH_802_1_H + PayloadSize;
+                               //WpaEAPOLKeyAction(pAd, Elem);
+                               REPORT_MGMT_FRAME_TO_MLME(pAd, BSSID_WCID, Elem->Msg, Elem->MsgLen, 0, 0, 0, 0);
+                               kfree(Elem);
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (pRemovedLLCSNAP)
+                       {
+                               pPayload -= LENGTH_802_3;
+                               PayloadSize += LENGTH_802_3;
+                               NdisMoveMemory(pPayload, &Header802_3[0], LENGTH_802_3);
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               pClonePacket = ClonePacket(pAd, pPacket, pPayload, PayloadSize);
+               if (pClonePacket)
+               {
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               ANNOUNCE_OR_FORWARD_802_3_PACKET(pAd, pClonePacket, RTMP_GET_PACKET_IF(pPacket));
+#endif // CONFIG_STA_SUPPORT //
+               }
+
+
+               // A-MSDU has padding to multiple of 4 including subframe header.
+               // align SubFrameSize up to multiple of 4
+               SubFrameSize = (SubFrameSize+3)&(~0x3);
+
+
+               if (SubFrameSize > 1528 || SubFrameSize < 32)
+               {
+                       break;
+               }
+
+               if (DataSize > SubFrameSize)
+               {
+                       pData += SubFrameSize;
+                       DataSize -= SubFrameSize;
+               }
+               else
+               {
+                       // end of A-MSDU
+                       DataSize = 0;
+               }
+       }
+
+       // finally release original rx packet
+       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+
+       return nMSDU;
+}
+
+
+UINT BA_Reorder_AMSDU_Annnounce(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PUCHAR                  pData;
+       USHORT                  DataSize;
+       UINT                    nMSDU = 0;
+
+       pData = (PUCHAR) GET_OS_PKT_DATAPTR(pPacket);
+       DataSize = (USHORT) GET_OS_PKT_LEN(pPacket);
+
+       nMSDU = deaggregate_AMSDU_announce(pAd, pPacket, pData, DataSize);
+
+       return nMSDU;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Look up the MAC address in the MAC table. Return NULL if not found.
+       Return:
+               pEntry - pointer to the MAC entry; NULL is not found
+       ==========================================================================
+*/
+MAC_TABLE_ENTRY *MacTableLookup(
+       IN PRTMP_ADAPTER pAd,
+       PUCHAR pAddr)
+{
+       ULONG HashIdx;
+       MAC_TABLE_ENTRY *pEntry = NULL;
+
+       HashIdx = MAC_ADDR_HASH_INDEX(pAddr);
+       pEntry = pAd->MacTab.Hash[HashIdx];
+
+       while (pEntry && (pEntry->ValidAsCLI || pEntry->ValidAsWDS || pEntry->ValidAsApCli || pEntry->ValidAsMesh))
+       {
+               if (MAC_ADDR_EQUAL(pEntry->Addr, pAddr))
+               {
+                       break;
+               }
+               else
+                       pEntry = pEntry->pNext;
+       }
+
+       return pEntry;
+}
+
+MAC_TABLE_ENTRY *MacTableInsertEntry(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR                      pAddr,
+       IN      UCHAR                   apidx,
+       IN BOOLEAN      CleanAll)
+{
+       UCHAR HashIdx;
+       int i, FirstWcid;
+       MAC_TABLE_ENTRY *pEntry = NULL, *pCurrEntry;
+//     USHORT  offset;
+//     ULONG   addr;
+
+       // if FULL, return
+       if (pAd->MacTab.Size >= MAX_LEN_OF_MAC_TABLE)
+               return NULL;
+
+       FirstWcid = 1;
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       if (pAd->StaCfg.BssType == BSS_INFRA)
+               FirstWcid = 2;
+#endif // CONFIG_STA_SUPPORT //
+
+       // allocate one MAC entry
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+       for (i = FirstWcid; i< MAX_LEN_OF_MAC_TABLE; i++)   // skip entry#0 so that "entry index == AID" for fast lookup
+       {
+               // pick up the first available vacancy
+               if ((pAd->MacTab.Content[i].ValidAsCLI == FALSE) &&
+                       (pAd->MacTab.Content[i].ValidAsWDS == FALSE) &&
+                       (pAd->MacTab.Content[i].ValidAsApCli== FALSE) &&
+                       (pAd->MacTab.Content[i].ValidAsMesh == FALSE)
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+                       && (pAd->MacTab.Content[i].ValidAsDls == FALSE)
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+                       )
+               {
+                       pEntry = &pAd->MacTab.Content[i];
+                       if (CleanAll == TRUE)
+                       {
+                               pEntry->MaxSupportedRate = RATE_11;
+                               pEntry->CurrTxRate = RATE_11;
+                               NdisZeroMemory(pEntry, sizeof(MAC_TABLE_ENTRY));
+                               pEntry->PairwiseKey.KeyLen = 0;
+                               pEntry->PairwiseKey.CipherAlg = CIPHER_NONE;
+                       }
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+                       if (apidx >= MIN_NET_DEVICE_FOR_DLS)
+                       {
+                               pEntry->ValidAsCLI = FALSE;
+                               pEntry->ValidAsWDS = FALSE;
+                               pEntry->ValidAsApCli = FALSE;
+                               pEntry->ValidAsMesh = FALSE;
+                               pEntry->ValidAsDls = TRUE;
+                               pEntry->isCached = FALSE;
+                       }
+                       else
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+                       {
+
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       pEntry->ValidAsCLI = TRUE;
+                                       pEntry->ValidAsWDS = FALSE;
+                                       pEntry->ValidAsApCli = FALSE;
+                                       pEntry->ValidAsMesh = FALSE;
+                                       pEntry->ValidAsDls = FALSE;
+                               }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+
+                       pEntry->bIAmBadAtheros = FALSE;
+                       pEntry->pAd = pAd;
+                       pEntry->CMTimerRunning = FALSE;
+                       pEntry->EnqueueEapolStartTimerRunning = EAPOL_START_DISABLE;
+                       pEntry->RSNIE_Len = 0;
+                       NdisZeroMemory(pEntry->R_Counter, sizeof(pEntry->R_Counter));
+                       pEntry->ReTryCounter = PEER_MSG1_RETRY_TIMER_CTR;
+
+                       if (pEntry->ValidAsMesh)
+                               pEntry->apidx = (apidx - MIN_NET_DEVICE_FOR_MESH);
+                       else if (pEntry->ValidAsApCli)
+                               pEntry->apidx = (apidx - MIN_NET_DEVICE_FOR_APCLI);
+                       else if (pEntry->ValidAsWDS)
+                               pEntry->apidx = (apidx - MIN_NET_DEVICE_FOR_WDS);
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+                       else if (pEntry->ValidAsDls)
+                               pEntry->apidx = (apidx - MIN_NET_DEVICE_FOR_DLS);
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+                       else
+                               pEntry->apidx = apidx;
+
+
+                       {
+
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       pEntry->AuthMode = pAd->StaCfg.AuthMode;
+                                       pEntry->WepStatus = pAd->StaCfg.WepStatus;
+                                       pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+#ifdef RTMP_MAC_PCI
+                                       AsicRemovePairwiseKeyEntry(pAd, pEntry->apidx, (UCHAR)i);
+#endif // RTMP_MAC_PCI //
+                               }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+
+                       pEntry->GTKState = REKEY_NEGOTIATING;
+                       pEntry->PairwiseKey.KeyLen = 0;
+                       pEntry->PairwiseKey.CipherAlg = CIPHER_NONE;
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+                       if (pEntry->ValidAsDls == TRUE)
+                               pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+                       else
+#endif //QOS_DLS_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+                               pEntry->PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+
+                       pEntry->PMKID_CacheIdx = ENTRY_NOT_FOUND;
+                       COPY_MAC_ADDR(pEntry->Addr, pAddr);
+                       pEntry->Sst = SST_NOT_AUTH;
+                       pEntry->AuthState = AS_NOT_AUTH;
+                       pEntry->Aid = (USHORT)i;  //0;
+                       pEntry->CapabilityInfo = 0;
+                       pEntry->PsMode = PWR_ACTIVE;
+                       pEntry->PsQIdleCount = 0;
+                       pEntry->NoDataIdleCount = 0;
+                       pEntry->AssocDeadLine = MAC_TABLE_ASSOC_TIMEOUT;
+                       pEntry->ContinueTxFailCnt = 0;
+#ifdef WDS_SUPPORT
+                       pEntry->LockEntryTx = FALSE;
+                       pEntry->TimeStamp_toTxRing = 0;
+#endif // WDS_SUPPORT //
+                       InitializeQueueHeader(&pEntry->PsQueue);
+
+
+                       pAd->MacTab.Size ++;
+                       // Add this entry into ASIC RX WCID search table
+                       RTMP_STA_ENTRY_ADD(pAd, pEntry);
+
+
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MacTableInsertEntry - allocate entry #%d, Total= %d\n",i, pAd->MacTab.Size));
+                       break;
+               }
+       }
+
+       // add this MAC entry into HASH table
+       if (pEntry)
+       {
+               HashIdx = MAC_ADDR_HASH_INDEX(pAddr);
+               if (pAd->MacTab.Hash[HashIdx] == NULL)
+               {
+                       pAd->MacTab.Hash[HashIdx] = pEntry;
+               }
+               else
+               {
+                       pCurrEntry = pAd->MacTab.Hash[HashIdx];
+                       while (pCurrEntry->pNext != NULL)
+                               pCurrEntry = pCurrEntry->pNext;
+                       pCurrEntry->pNext = pEntry;
+               }
+       }
+
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+       return pEntry;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Delete a specified client from MAC table
+       ==========================================================================
+ */
+BOOLEAN MacTableDeleteEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT wcid,
+       IN PUCHAR pAddr)
+{
+       USHORT HashIdx;
+       MAC_TABLE_ENTRY *pEntry, *pPrevEntry, *pProbeEntry;
+       BOOLEAN Cancelled;
+       //USHORT        offset; // unused variable
+       //UCHAR j;                      // unused variable
+
+       if (wcid >= MAX_LEN_OF_MAC_TABLE)
+               return FALSE;
+
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+
+       HashIdx = MAC_ADDR_HASH_INDEX(pAddr);
+       //pEntry = pAd->MacTab.Hash[HashIdx];
+       pEntry = &pAd->MacTab.Content[wcid];
+
+       if (pEntry && (pEntry->ValidAsCLI || pEntry->ValidAsApCli || pEntry->ValidAsWDS || pEntry->ValidAsMesh
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+               || pEntry->ValidAsDls
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+               ))
+       {
+               if (MAC_ADDR_EQUAL(pEntry->Addr, pAddr))
+               {
+
+                       // Delete this entry from ASIC on-chip WCID Table
+                       RTMP_STA_ENTRY_MAC_RESET(pAd, wcid);
+
+#ifdef DOT11_N_SUPPORT
+                       // free resources of BA
+                       BASessionTearDownALL(pAd, pEntry->Aid);
+#endif // DOT11_N_SUPPORT //
+
+
+                       pPrevEntry = NULL;
+                       pProbeEntry = pAd->MacTab.Hash[HashIdx];
+                       ASSERT(pProbeEntry);
+
+                       // update Hash list
+                       do
+                       {
+                               if (pProbeEntry == pEntry)
+                               {
+                                       if (pPrevEntry == NULL)
+                                       {
+                                               pAd->MacTab.Hash[HashIdx] = pEntry->pNext;
+                                       }
+                                       else
+                                       {
+                                               pPrevEntry->pNext = pEntry->pNext;
+                                       }
+                                       break;
+                               }
+
+                               pPrevEntry = pProbeEntry;
+                               pProbeEntry = pProbeEntry->pNext;
+                       } while (pProbeEntry);
+
+                       // not found !!!
+                       ASSERT(pProbeEntry != NULL);
+
+                       RTMP_STA_ENTRY_KEY_DEL(pAd, BSS0, wcid);
+
+
+               if (pEntry->EnqueueEapolStartTimerRunning != EAPOL_START_DISABLE)
+               {
+            RTMPCancelTimer(&pEntry->EnqueueStartForPSKTimer, &Cancelled);
+                       pEntry->EnqueueEapolStartTimerRunning = EAPOL_START_DISABLE;
+        }
+
+
+                       NdisZeroMemory(pEntry, sizeof(MAC_TABLE_ENTRY));
+                       pAd->MacTab.Size --;
+                       DBGPRINT(RT_DEBUG_TRACE, ("MacTableDeleteEntry1 - Total= %d\n", pAd->MacTab.Size));
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_OFF, ("\n%s: Impossible Wcid = %d !!!!!\n", __FUNCTION__, wcid));
+               }
+       }
+
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+
+       //Reset operating mode when no Sta.
+       if (pAd->MacTab.Size == 0)
+       {
+#ifdef DOT11_N_SUPPORT
+               pAd->CommonCfg.AddHTInfo.AddHtInfo2.OperaionMode = 0;
+#endif // DOT11_N_SUPPORT //
+               //AsicUpdateProtect(pAd, 0 /*pAd->CommonCfg.AddHTInfo.AddHtInfo2.OperaionMode*/, (ALLN_SETPROTECT), TRUE, 0 /*pAd->MacTab.fAnyStationNonGF*/);
+               RTMP_UPDATE_PROTECT(pAd);  // edit by johnli, fix "in_interrupt" error when call "MacTableDeleteEntry" in Rx tasklet
+       }
+
+       return TRUE;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               This routine reset the entire MAC table. All packets pending in
+               the power-saving queues are freed here.
+       ==========================================================================
+ */
+VOID MacTableReset(
+       IN  PRTMP_ADAPTER  pAd)
+{
+       int         i;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("MacTableReset\n"));
+       //NdisAcquireSpinLock(&pAd->MacTabLock);
+
+
+       for (i=1; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+#ifdef RTMP_MAC_PCI
+               RTMP_STA_ENTRY_MAC_RESET(pAd, i);
+#endif // RTMP_MAC_PCI //
+               if (pAd->MacTab.Content[i].ValidAsCLI == TRUE)
+          {
+
+
+#ifdef DOT11_N_SUPPORT
+                       // free resources of BA
+                       BASessionTearDownALL(pAd, i);
+#endif // DOT11_N_SUPPORT //
+
+                       pAd->MacTab.Content[i].ValidAsCLI = FALSE;
+
+
+
+
+                       //AsicDelWcidTab(pAd, i);
+               }
+       }
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID AssocParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_ASSOC_REQ_STRUCT *AssocReq,
+       IN PUCHAR                     pAddr,
+       IN USHORT                     CapabilityInfo,
+       IN ULONG                      Timeout,
+       IN USHORT                     ListenIntv)
+{
+       COPY_MAC_ADDR(AssocReq->Addr, pAddr);
+       // Add mask to support 802.11b mode only
+       AssocReq->CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO; // not cf-pollable, not cf-poll-request
+       AssocReq->Timeout = Timeout;
+       AssocReq->ListenIntv = ListenIntv;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID DisassocParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_DISASSOC_REQ_STRUCT *DisassocReq,
+       IN PUCHAR pAddr,
+       IN USHORT Reason)
+{
+       COPY_MAC_ADDR(DisassocReq->Addr, pAddr);
+       DisassocReq->Reason = Reason;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Check the out going frame, if this is an DHCP or ARP datagram
+       will be duplicate another frame at low data rate transmit.
+
+       Arguments:
+               pAd             Pointer to our adapter
+               pPacket         Pointer to outgoing Ndis frame
+
+       Return Value:
+               TRUE            To be duplicate at Low data rate transmit. (1mb)
+               FALSE           Do nothing.
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+               MAC header + IP Header + UDP Header
+                 14 Bytes        20 Bytes
+
+               UDP Header
+               00|01|02|03|04|05|06|07|08|09|10|11|12|13|14|15|
+                                               Source Port
+               16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|
+                                       Destination Port
+
+               port 0x43 means Bootstrap Protocol, server.
+               Port 0x44 means Bootstrap Protocol, client.
+
+       ========================================================================
+*/
+
+BOOLEAN RTMPCheckDHCPFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PACKET_INFO     PacketInfo;
+       ULONG                   NumberOfBytesRead = 0;
+       ULONG                   CurrentOffset = 0;
+       PVOID                   pVirtualAddress = NULL;
+       UINT                    NdisBufferLength;
+       PUCHAR                  pSrc;
+       USHORT                  Protocol;
+       UCHAR                   ByteOffset36 = 0;
+       UCHAR                   ByteOffset38 = 0;
+       BOOLEAN                 ReadFirstParm = TRUE;
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, (PUCHAR *)&pVirtualAddress, &NdisBufferLength);
+
+       NumberOfBytesRead += NdisBufferLength;
+       pSrc = (PUCHAR) pVirtualAddress;
+       Protocol = *(pSrc + 12) * 256 + *(pSrc + 13);
+
+       //
+       // Check DHCP & BOOTP protocol
+       //
+       while (NumberOfBytesRead <= PacketInfo.TotalPacketLength)
+       {
+               if ((NumberOfBytesRead >= 35) && (ReadFirstParm == TRUE))
+               {
+                       CurrentOffset = 35 - (NumberOfBytesRead - NdisBufferLength);
+                       ByteOffset36 = *(pSrc + CurrentOffset);
+                       ReadFirstParm = FALSE;
+               }
+
+               if (NumberOfBytesRead >= 37)
+               {
+                       CurrentOffset = 37 - (NumberOfBytesRead - NdisBufferLength);
+                       ByteOffset38 = *(pSrc + CurrentOffset);
+                       //End of Read
+                       break;
+               }
+               return FALSE;
+       }
+
+       // Check for DHCP & BOOTP protocol
+       if ((ByteOffset36 != 0x44) || (ByteOffset38 != 0x43))
+               {
+               //
+               // 2054 (hex 0806) for ARP datagrams
+               // if this packet is not ARP datagrams, then do nothing
+               // ARP datagrams will also be duplicate at 1mb broadcast frames
+               //
+               if (Protocol != 0x0806 )
+                       return FALSE;
+               }
+
+       return TRUE;
+}
+
+
+BOOLEAN RTMPCheckEtherType(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+       USHORT  TypeLen;
+       UCHAR   Byte0, Byte1;
+       PUCHAR  pSrcBuf;
+       UINT32  pktLen;
+       UINT16  srcPort, dstPort;
+       BOOLEAN status = TRUE;
+
+
+       pSrcBuf = GET_OS_PKT_DATAPTR(pPacket);
+       pktLen = GET_OS_PKT_LEN(pPacket);
+
+       ASSERT(pSrcBuf);
+
+       RTMP_SET_PACKET_SPECIFIC(pPacket, 0);
+
+       // get Ethernet protocol field
+       TypeLen = (pSrcBuf[12] << 8) + pSrcBuf[13];
+
+       pSrcBuf += LENGTH_802_3;        // Skip the Ethernet Header.
+
+       if (TypeLen <= 1500)
+       {       // 802.3, 802.3 LLC
+               /*
+                       DestMAC(6) + SrcMAC(6) + Lenght(2) +
+                       DSAP(1) + SSAP(1) + Control(1) +
+                       if the DSAP = 0xAA, SSAP=0xAA, Contorl = 0x03, it has a 5-bytes SNAP header.
+                               => + SNAP (5, OriginationID(3) + etherType(2))
+               */
+               if (pSrcBuf[0] == 0xAA && pSrcBuf[1] == 0xAA && pSrcBuf[2] == 0x03)
+               {
+                       Sniff2BytesFromNdisBuffer((PNDIS_BUFFER)pSrcBuf, 6, &Byte0, &Byte1);
+                       RTMP_SET_PACKET_LLCSNAP(pPacket, 1);
+                       TypeLen = (USHORT)((Byte0 << 8) + Byte1);
+                       pSrcBuf += 8; // Skip this LLC/SNAP header
+               }
+               else
+               {
+                       //It just has 3-byte LLC header, maybe a legacy ether type frame. we didn't handle it.
+               }
+       }
+
+       // If it's a VLAN packet, get the real Type/Length field.
+       if (TypeLen == 0x8100)
+       {
+               /* 0x8100 means VLAN packets */
+
+               /* Dest. MAC Address (6-bytes) +
+                  Source MAC Address (6-bytes) +
+                  Length/Type = 802.1Q Tag Type (2-byte) +
+                  Tag Control Information (2-bytes) +
+                  Length / Type (2-bytes) +
+                  data payload (0-n bytes) +
+                  Pad (0-p bytes) +
+                  Frame Check Sequence (4-bytes) */
+
+               RTMP_SET_PACKET_VLAN(pPacket, 1);
+               Sniff2BytesFromNdisBuffer((PNDIS_BUFFER)pSrcBuf, 2, &Byte0, &Byte1);
+               TypeLen = (USHORT)((Byte0 << 8) + Byte1);
+
+               pSrcBuf += 4; // Skip the VLAN Header.
+       }
+
+       switch (TypeLen)
+       {
+               case 0x0800:
+                       {
+                               ASSERT((pktLen > 34));
+                               if (*(pSrcBuf + 9) == 0x11)
+                               {       // udp packet
+                                       ASSERT((pktLen > 34));  // 14 for ethernet header, 20 for IP header
+
+                                       pSrcBuf += 20;  // Skip the IP header
+                                       srcPort = OS_NTOHS(get_unaligned((PUINT16)(pSrcBuf)));
+                                       dstPort = OS_NTOHS(get_unaligned((PUINT16)(pSrcBuf+2)));
+
+                                       if ((srcPort==0x44 && dstPort==0x43) || (srcPort==0x43 && dstPort==0x44))
+                                       {       //It's a BOOTP/DHCP packet
+                                               RTMP_SET_PACKET_DHCP(pPacket, 1);
+                                       }
+                               }
+                       }
+                       break;
+               case 0x0806:
+                       {
+                               //ARP Packet.
+                               RTMP_SET_PACKET_DHCP(pPacket, 1);
+                       }
+                       break;
+               case 0x888e:
+                       {
+                               // EAPOL Packet.
+                               RTMP_SET_PACKET_EAPOL(pPacket, 1);
+                       }
+                       break;
+               default:
+                       status = FALSE;
+                       break;
+       }
+
+       return status;
+
+}
+
+
+
+VOID Update_Rssi_Sample(
+       IN PRTMP_ADAPTER        pAd,
+       IN RSSI_SAMPLE          *pRssi,
+       IN PRXWI_STRUC          pRxWI)
+               {
+       CHAR    rssi0 = pRxWI->RSSI0;
+       CHAR    rssi1 = pRxWI->RSSI1;
+       CHAR    rssi2 = pRxWI->RSSI2;
+
+       if (rssi0 != 0)
+       {
+               pRssi->LastRssi0        = ConvertToRssi(pAd, (CHAR)rssi0, RSSI_0);
+               pRssi->AvgRssi0X8       = (pRssi->AvgRssi0X8 - pRssi->AvgRssi0) + pRssi->LastRssi0;
+               pRssi->AvgRssi0 = pRssi->AvgRssi0X8 >> 3;
+       }
+
+       if (rssi1 != 0)
+       {
+               pRssi->LastRssi1        = ConvertToRssi(pAd, (CHAR)rssi1, RSSI_1);
+               pRssi->AvgRssi1X8       = (pRssi->AvgRssi1X8 - pRssi->AvgRssi1) + pRssi->LastRssi1;
+               pRssi->AvgRssi1 = pRssi->AvgRssi1X8 >> 3;
+       }
+
+       if (rssi2 != 0)
+       {
+               pRssi->LastRssi2        = ConvertToRssi(pAd, (CHAR)rssi2, RSSI_2);
+               pRssi->AvgRssi2X8  = (pRssi->AvgRssi2X8 - pRssi->AvgRssi2) + pRssi->LastRssi2;
+               pRssi->AvgRssi2 = pRssi->AvgRssi2X8 >> 3;
+       }
+}
+
+
+
+// Normal legacy Rx packet indication
+VOID Indicate_Legacy_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       PNDIS_PACKET    pRxPacket = pRxBlk->pRxPacket;
+       UCHAR                   Header802_3[LENGTH_802_3];
+
+       // 1. get 802.3 Header
+       // 2. remove LLC
+       //              a. pointer pRxBlk->pData to payload
+       //      b. modify pRxBlk->DataSize
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               RTMP_802_11_REMOVE_LLC_AND_CONVERT_TO_802_3(pRxBlk, Header802_3);
+#endif // CONFIG_STA_SUPPORT //
+
+       if (pRxBlk->DataSize > MAX_RX_PKT_LEN)
+       {
+
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+
+       STATS_INC_RX_PACKETS(pAd, FromWhichBSSID);
+
+
+       wlan_802_11_to_802_3_packet(pAd, pRxBlk, Header802_3, FromWhichBSSID);
+
+       //
+       // pass this 802.3 packet to upper layer or forward this packet to WM directly
+       //
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               ANNOUNCE_OR_FORWARD_802_3_PACKET(pAd, pRxPacket, FromWhichBSSID);
+#endif // CONFIG_STA_SUPPORT //
+
+}
+
+
+// Normal, AMPDU or AMSDU
+VOID CmmRxnonRalinkFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+#ifdef DOT11_N_SUPPORT
+       if (RX_BLK_TEST_FLAG(pRxBlk, fRX_AMPDU) && (pAd->CommonCfg.bDisableReordering == 0))
+       {
+               Indicate_AMPDU_Packet(pAd, pRxBlk, FromWhichBSSID);
+       }
+       else
+#endif // DOT11_N_SUPPORT //
+       {
+#ifdef DOT11_N_SUPPORT
+               if (RX_BLK_TEST_FLAG(pRxBlk, fRX_AMSDU))
+               {
+                       // handle A-MSDU
+                       Indicate_AMSDU_Packet(pAd, pRxBlk, FromWhichBSSID);
+               }
+               else
+#endif // DOT11_N_SUPPORT //
+               {
+                       Indicate_Legacy_Packet(pAd, pRxBlk, FromWhichBSSID);
+               }
+       }
+}
+
+
+VOID CmmRxRalinkFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       UCHAR                   Header802_3[LENGTH_802_3];
+       UINT16                  Msdu2Size;
+       UINT16                  Payload1Size, Payload2Size;
+       PUCHAR                  pData2;
+       PNDIS_PACKET    pPacket2 = NULL;
+
+
+
+       Msdu2Size = *(pRxBlk->pData) + (*(pRxBlk->pData+1) << 8);
+
+       if ((Msdu2Size <= 1536) && (Msdu2Size < pRxBlk->DataSize))
+       {
+               /* skip two byte MSDU2 len */
+               pRxBlk->pData += 2;
+               pRxBlk->DataSize -= 2;
+       }
+       else
+       {
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+       // get 802.3 Header and  remove LLC
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               RTMP_802_11_REMOVE_LLC_AND_CONVERT_TO_802_3(pRxBlk, Header802_3);
+#endif // CONFIG_STA_SUPPORT //
+
+
+       ASSERT(pRxBlk->pRxPacket);
+
+       // Ralink Aggregation frame
+       pAd->RalinkCounters.OneSecRxAggregationCount ++;
+       Payload1Size = pRxBlk->DataSize - Msdu2Size;
+       Payload2Size = Msdu2Size - LENGTH_802_3;
+
+       pData2 = pRxBlk->pData + Payload1Size + LENGTH_802_3;
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               pPacket2 = duplicate_pkt(pAd, (pData2-LENGTH_802_3), LENGTH_802_3, pData2, Payload2Size, FromWhichBSSID);
+#endif // CONFIG_STA_SUPPORT //
+
+       if (!pPacket2)
+       {
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+       // update payload size of 1st packet
+       pRxBlk->DataSize = Payload1Size;
+       wlan_802_11_to_802_3_packet(pAd, pRxBlk, Header802_3, FromWhichBSSID);
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               ANNOUNCE_OR_FORWARD_802_3_PACKET(pAd, pRxBlk->pRxPacket, FromWhichBSSID);
+#endif // CONFIG_STA_SUPPORT //
+
+       if (pPacket2)
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       ANNOUNCE_OR_FORWARD_802_3_PACKET(pAd, pPacket2, FromWhichBSSID);
+#endif // CONFIG_STA_SUPPORT //
+       }
+}
+
+
+#define RESET_FRAGFRAME(_fragFrame) \
+       {                                                               \
+               _fragFrame.RxSize = 0;          \
+               _fragFrame.Sequence = 0;        \
+               _fragFrame.LastFrag = 0;        \
+               _fragFrame.Flags = 0;           \
+       }
+
+
+PNDIS_PACKET RTMPDeFragmentDataFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk)
+{
+       PHEADER_802_11  pHeader = pRxBlk->pHeader;
+       PNDIS_PACKET    pRxPacket = pRxBlk->pRxPacket;
+       UCHAR                   *pData = pRxBlk->pData;
+       USHORT                  DataSize = pRxBlk->DataSize;
+       PNDIS_PACKET    pRetPacket = NULL;
+       UCHAR                   *pFragBuffer = NULL;
+       BOOLEAN                 bReassDone = FALSE;
+       UCHAR                   HeaderRoom = 0;
+
+
+       ASSERT(pHeader);
+
+       HeaderRoom = pData - (UCHAR *)pHeader;
+
+       // Re-assemble the fragmented packets
+       if (pHeader->Frag == 0)         // Frag. Number is 0 : First frag or only one pkt
+       {
+               // the first pkt of fragment, record it.
+               if (pHeader->FC.MoreFrag)
+               {
+                       ASSERT(pAd->FragFrame.pFragPacket);
+                       pFragBuffer = GET_OS_PKT_DATAPTR(pAd->FragFrame.pFragPacket);
+                       pAd->FragFrame.RxSize   = DataSize + HeaderRoom;
+                       NdisMoveMemory(pFragBuffer,      pHeader, pAd->FragFrame.RxSize);
+                       pAd->FragFrame.Sequence = pHeader->Sequence;
+                       pAd->FragFrame.LastFrag = pHeader->Frag;           // Should be 0
+                       ASSERT(pAd->FragFrame.LastFrag == 0);
+                       goto done;      // end of processing this frame
+               }
+       }
+       else    //Middle & End of fragment
+       {
+               if ((pHeader->Sequence != pAd->FragFrame.Sequence) ||
+                       (pHeader->Frag != (pAd->FragFrame.LastFrag + 1)))
+               {
+                       // Fragment is not the same sequence or out of fragment number order
+                       // Reset Fragment control blk
+                       RESET_FRAGFRAME(pAd->FragFrame);
+                       DBGPRINT(RT_DEBUG_ERROR, ("Fragment is not the same sequence or out of fragment number order.\n"));
+                       goto done; // give up this frame
+               }
+               else if ((pAd->FragFrame.RxSize + DataSize) > MAX_FRAME_SIZE)
+               {
+                       // Fragment frame is too large, it exeeds the maximum frame size.
+                       // Reset Fragment control blk
+                       RESET_FRAGFRAME(pAd->FragFrame);
+                       DBGPRINT(RT_DEBUG_ERROR, ("Fragment frame is too large, it exeeds the maximum frame size.\n"));
+                       goto done; // give up this frame
+               }
+
+        //
+               // Broadcom AP(BCM94704AGR) will send out LLC in fragment's packet, LLC only can accpet at first fragment.
+               // In this case, we will dropt it.
+               //
+               if (NdisEqualMemory(pData, SNAP_802_1H, sizeof(SNAP_802_1H)))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("Find another LLC at Middle or End fragment(SN=%d, Frag=%d)\n", pHeader->Sequence, pHeader->Frag));
+                       goto done; // give up this frame
+               }
+
+               pFragBuffer = GET_OS_PKT_DATAPTR(pAd->FragFrame.pFragPacket);
+
+               // concatenate this fragment into the re-assembly buffer
+               NdisMoveMemory((pFragBuffer + pAd->FragFrame.RxSize), pData, DataSize);
+               pAd->FragFrame.RxSize  += DataSize;
+               pAd->FragFrame.LastFrag = pHeader->Frag;           // Update fragment number
+
+               // Last fragment
+               if (pHeader->FC.MoreFrag == FALSE)
+               {
+                       bReassDone = TRUE;
+               }
+       }
+
+done:
+       // always release rx fragmented packet
+       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+
+       // return defragmented packet if packet is reassembled completely
+       // otherwise return NULL
+       if (bReassDone)
+       {
+               PNDIS_PACKET pNewFragPacket;
+
+               // allocate a new packet buffer for fragment
+               pNewFragPacket = RTMP_AllocateFragPacketBuffer(pAd, RX_BUFFER_NORMSIZE);
+               if (pNewFragPacket)
+               {
+                       // update RxBlk
+                       pRetPacket = pAd->FragFrame.pFragPacket;
+                       pAd->FragFrame.pFragPacket = pNewFragPacket;
+                       pRxBlk->pHeader = (PHEADER_802_11) GET_OS_PKT_DATAPTR(pRetPacket);
+                       pRxBlk->pData = (UCHAR *)pRxBlk->pHeader + HeaderRoom;
+                       pRxBlk->DataSize = pAd->FragFrame.RxSize - HeaderRoom;
+                       pRxBlk->pRxPacket = pRetPacket;
+               }
+               else
+               {
+                       RESET_FRAGFRAME(pAd->FragFrame);
+               }
+       }
+
+       return pRetPacket;
+}
+
+
+VOID Indicate_AMSDU_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       UINT                    nMSDU;
+
+       update_os_packet_info(pAd, pRxBlk, FromWhichBSSID);
+       RTMP_SET_PACKET_IF(pRxBlk->pRxPacket, FromWhichBSSID);
+       nMSDU = deaggregate_AMSDU_announce(pAd, pRxBlk->pRxPacket, pRxBlk->pData, pRxBlk->DataSize);
+}
+
+VOID Indicate_EAPOL_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       MAC_TABLE_ENTRY *pEntry = NULL;
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pEntry = &pAd->MacTab.Content[BSSID_WCID];
+               STARxEAPOLFrameIndicate(pAd, pEntry, pRxBlk, FromWhichBSSID);
+               return;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       if (pEntry == NULL)
+       {
+               DBGPRINT(RT_DEBUG_WARN, ("Indicate_EAPOL_Packet: drop and release the invalid packet.\n"));
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+}
+
+#define BCN_TBTT_OFFSET                64      //defer 64 us
+VOID ReSyncBeaconTime(
+       IN  PRTMP_ADAPTER   pAd)
+{
+
+       UINT32  Offset;
+
+
+       Offset = (pAd->TbttTickCount) % (BCN_TBTT_OFFSET);
+
+       pAd->TbttTickCount++;
+
+       //
+       // The updated BeaconInterval Value will affect Beacon Interval after two TBTT
+       // beacasue the original BeaconInterval had been loaded into next TBTT_TIMER
+       //
+       if (Offset == (BCN_TBTT_OFFSET-2))
+       {
+               BCN_TIME_CFG_STRUC csr;
+               RTMP_IO_READ32(pAd, BCN_TIME_CFG, &csr.word);
+               csr.field.BeaconInterval = (pAd->CommonCfg.BeaconPeriod << 4) - 1 ;     // ASIC register in units of 1/16 TU = 64us
+               RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr.word);
+       }
+       else
+       {
+               if (Offset == (BCN_TBTT_OFFSET-1))
+               {
+                       BCN_TIME_CFG_STRUC csr;
+
+                       RTMP_IO_READ32(pAd, BCN_TIME_CFG, &csr.word);
+                       csr.field.BeaconInterval = (pAd->CommonCfg.BeaconPeriod) << 4; // ASIC register in units of 1/16 TU
+                       RTMP_IO_WRITE32(pAd, BCN_TIME_CFG, csr.word);
+               }
+       }
+}
diff --git a/drivers/staging/rt3090/common/cmm_data_pci.c b/drivers/staging/rt3090/common/cmm_data_pci.c
new file mode 100644 (file)
index 0000000..084f819
--- /dev/null
@@ -0,0 +1,1576 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+*/
+
+/*
+   All functions in this file must be PCI-depended, or you should out your function
+       in other files.
+
+*/
+#include "../rt_config.h"
+
+
+USHORT RtmpPCI_WriteTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      BOOLEAN                 bIsLast,
+       OUT     USHORT                  *FreeNumber)
+{
+
+       UCHAR                   *pDMAHeaderBufVA;
+       USHORT                  TxIdx, RetTxIdx;
+       PTXD_STRUC              pTxD;
+       UINT32                  BufBasePaLow;
+       PRTMP_TX_RING   pTxRing;
+       USHORT                  hwHeaderLen;
+
+       //
+       // get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[pTxBlk->QueIdx];
+       TxIdx = pAd->TxRing[pTxBlk->QueIdx].TxCpuIdx;
+       pDMAHeaderBufVA = (PUCHAR) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+       BufBasePaLow = RTMP_GetPhysicalAddressLow(pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+
+       // copy TXINFO + TXWI + WLAN Header + LLC into DMA Header Buffer
+       if (pTxBlk->TxFrameType == TX_AMSDU_FRAME)
+       {
+               //hwHeaderLen = ROUND_UP(pTxBlk->MpduHeaderLen-LENGTH_AMSDU_SUBFRAMEHEAD, 4)+LENGTH_AMSDU_SUBFRAMEHEAD;
+               hwHeaderLen = pTxBlk->MpduHeaderLen - LENGTH_AMSDU_SUBFRAMEHEAD + pTxBlk->HdrPadLen + LENGTH_AMSDU_SUBFRAMEHEAD;
+       }
+       else
+       {
+               //hwHeaderLen = ROUND_UP(pTxBlk->MpduHeaderLen, 4);
+               hwHeaderLen = pTxBlk->MpduHeaderLen + pTxBlk->HdrPadLen;
+       }
+       NdisMoveMemory(pDMAHeaderBufVA, pTxBlk->HeaderBuf, TXINFO_SIZE + TXWI_SIZE + hwHeaderLen);
+
+       pTxRing->Cell[TxIdx].pNdisPacket = pTxBlk->pPacket;
+       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+       //
+       // build Tx Descriptor
+       //
+
+       pTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+       NdisZeroMemory(pTxD, TXD_SIZE);
+
+       pTxD->SDPtr0 = BufBasePaLow;
+       pTxD->SDLen0 = TXINFO_SIZE + TXWI_SIZE + hwHeaderLen; // include padding
+       pTxD->SDPtr1 = PCI_MAP_SINGLE(pAd, pTxBlk, 0, 1, PCI_DMA_TODEVICE);
+       pTxD->SDLen1 = pTxBlk->SrcBufLen;
+       pTxD->LastSec0 = 0;
+       pTxD->LastSec1 = (bIsLast) ? 1 : 0;
+
+       RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+
+       RetTxIdx = TxIdx;
+       //
+       // Update Tx index
+       //
+       INC_RING_INDEX(TxIdx, TX_RING_SIZE);
+       pTxRing->TxCpuIdx = TxIdx;
+
+       *FreeNumber -= 1;
+
+       return RetTxIdx;
+}
+
+
+USHORT RtmpPCI_WriteSingleTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      BOOLEAN                 bIsLast,
+       OUT     USHORT                  *FreeNumber)
+{
+
+       UCHAR                   *pDMAHeaderBufVA;
+       USHORT                  TxIdx, RetTxIdx;
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       UINT32                  BufBasePaLow;
+       PRTMP_TX_RING   pTxRing;
+       USHORT                  hwHeaderLen;
+
+       //
+       // get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[pTxBlk->QueIdx];
+       TxIdx = pAd->TxRing[pTxBlk->QueIdx].TxCpuIdx;
+       pDMAHeaderBufVA = (PUCHAR) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+       BufBasePaLow = RTMP_GetPhysicalAddressLow(pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+
+       // copy TXINFO + TXWI + WLAN Header + LLC into DMA Header Buffer
+       //hwHeaderLen = ROUND_UP(pTxBlk->MpduHeaderLen, 4);
+       hwHeaderLen = pTxBlk->MpduHeaderLen + pTxBlk->HdrPadLen;
+
+       NdisMoveMemory(pDMAHeaderBufVA, pTxBlk->HeaderBuf, TXINFO_SIZE + TXWI_SIZE + hwHeaderLen);
+
+       pTxRing->Cell[TxIdx].pNdisPacket = pTxBlk->pPacket;
+       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+       //
+       // build Tx Descriptor
+       //
+#ifndef RT_BIG_ENDIAN
+       pTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+#else
+       pDestTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+       TxD = *pDestTxD;
+       pTxD = &TxD;
+#endif
+       NdisZeroMemory(pTxD, TXD_SIZE);
+
+       pTxD->SDPtr0 = BufBasePaLow;
+       pTxD->SDLen0 = TXINFO_SIZE + TXWI_SIZE + hwHeaderLen; // include padding
+       pTxD->SDPtr1 = PCI_MAP_SINGLE(pAd, pTxBlk, 0, 1, PCI_DMA_TODEVICE);;
+       pTxD->SDLen1 = pTxBlk->SrcBufLen;
+       pTxD->LastSec0 = 0;
+       pTxD->LastSec1 = (bIsLast) ? 1 : 0;
+
+       RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)(pDMAHeaderBufVA + TXINFO_SIZE), TYPE_TXWI);
+       RTMPFrameEndianChange(pAd, (PUCHAR)(pDMAHeaderBufVA + TXINFO_SIZE + TXWI_SIZE), DIR_WRITE, FALSE);
+       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif // RT_BIG_ENDIAN //
+
+       RetTxIdx = TxIdx;
+       //
+       // Update Tx index
+       //
+       INC_RING_INDEX(TxIdx, TX_RING_SIZE);
+       pTxRing->TxCpuIdx = TxIdx;
+
+       *FreeNumber -= 1;
+
+       return RetTxIdx;
+}
+
+
+USHORT RtmpPCI_WriteMultiTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   frameNum,
+       OUT     USHORT                  *FreeNumber)
+{
+       BOOLEAN bIsLast;
+       UCHAR                   *pDMAHeaderBufVA;
+       USHORT                  TxIdx, RetTxIdx;
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       UINT32                  BufBasePaLow;
+       PRTMP_TX_RING   pTxRing;
+       USHORT                  hwHdrLen;
+       UINT32                  firstDMALen;
+
+       bIsLast = ((frameNum == (pTxBlk->TotalFrameNum - 1)) ? 1 : 0);
+
+       //
+       // get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[pTxBlk->QueIdx];
+       TxIdx = pAd->TxRing[pTxBlk->QueIdx].TxCpuIdx;
+       pDMAHeaderBufVA = (PUCHAR) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+       BufBasePaLow = RTMP_GetPhysicalAddressLow(pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+
+       if (frameNum == 0)
+       {
+               // copy TXINFO + TXWI + WLAN Header + LLC into DMA Header Buffer
+               if (pTxBlk->TxFrameType == TX_AMSDU_FRAME)
+                       //hwHdrLen = ROUND_UP(pTxBlk->MpduHeaderLen-LENGTH_AMSDU_SUBFRAMEHEAD, 4)+LENGTH_AMSDU_SUBFRAMEHEAD;
+                       hwHdrLen = pTxBlk->MpduHeaderLen - LENGTH_AMSDU_SUBFRAMEHEAD + pTxBlk->HdrPadLen + LENGTH_AMSDU_SUBFRAMEHEAD;
+               else if (pTxBlk->TxFrameType == TX_RALINK_FRAME)
+                       //hwHdrLen = ROUND_UP(pTxBlk->MpduHeaderLen-LENGTH_ARALINK_HEADER_FIELD, 4)+LENGTH_ARALINK_HEADER_FIELD;
+                       hwHdrLen = pTxBlk->MpduHeaderLen - LENGTH_ARALINK_HEADER_FIELD + pTxBlk->HdrPadLen + LENGTH_ARALINK_HEADER_FIELD;
+               else
+                       //hwHdrLen = ROUND_UP(pTxBlk->MpduHeaderLen, 4);
+                       hwHdrLen = pTxBlk->MpduHeaderLen + pTxBlk->HdrPadLen;
+
+               firstDMALen = TXINFO_SIZE + TXWI_SIZE + hwHdrLen;
+       }
+       else
+       {
+               firstDMALen = pTxBlk->MpduHeaderLen;
+       }
+
+       NdisMoveMemory(pDMAHeaderBufVA, pTxBlk->HeaderBuf, firstDMALen);
+
+       pTxRing->Cell[TxIdx].pNdisPacket = pTxBlk->pPacket;
+       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+       //
+       // build Tx Descriptor
+       //
+#ifndef RT_BIG_ENDIAN
+       pTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+#else
+       pDestTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+       TxD = *pDestTxD;
+       pTxD = &TxD;
+#endif
+       NdisZeroMemory(pTxD, TXD_SIZE);
+
+       pTxD->SDPtr0 = BufBasePaLow;
+       pTxD->SDLen0 = firstDMALen; // include padding
+       pTxD->SDPtr1 = PCI_MAP_SINGLE(pAd, pTxBlk, 0, 1, PCI_DMA_TODEVICE);;
+       pTxD->SDLen1 = pTxBlk->SrcBufLen;
+       pTxD->LastSec0 = 0;
+       pTxD->LastSec1 = (bIsLast) ? 1 : 0;
+
+       RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+
+#ifdef RT_BIG_ENDIAN
+       if (frameNum == 0)
+               RTMPFrameEndianChange(pAd, (PUCHAR)(pDMAHeaderBufVA+ TXINFO_SIZE + TXWI_SIZE), DIR_WRITE, FALSE);
+
+       if (frameNum != 0)
+               RTMPWIEndianChange((PUCHAR)(pDMAHeaderBufVA + TXINFO_SIZE), TYPE_TXWI);
+
+       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif // RT_BIG_ENDIAN //
+
+       RetTxIdx = TxIdx;
+       //
+       // Update Tx index
+       //
+       INC_RING_INDEX(TxIdx, TX_RING_SIZE);
+       pTxRing->TxCpuIdx = TxIdx;
+
+       *FreeNumber -= 1;
+
+       return RetTxIdx;
+
+}
+
+
+VOID RtmpPCI_FinalWriteTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      USHORT                  totalMPDUSize,
+       IN      USHORT                  FirstTxIdx)
+{
+
+       PTXWI_STRUC             pTxWI;
+       PRTMP_TX_RING   pTxRing;
+
+       //
+       // get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[pTxBlk->QueIdx];
+       pTxWI = (PTXWI_STRUC) pTxRing->Cell[FirstTxIdx].DmaBuf.AllocVa;
+       pTxWI->MPDUtotalByteCount = totalMPDUSize;
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)pTxWI, TYPE_TXWI);
+#endif // RT_BIG_ENDIAN //
+
+}
+
+
+VOID RtmpPCIDataLastTxIdx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   QueIdx,
+       IN      USHORT                  LastTxIdx)
+{
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       PRTMP_TX_RING   pTxRing;
+
+       //
+       // get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[QueIdx];
+
+       //
+       // build Tx Descriptor
+       //
+#ifndef RT_BIG_ENDIAN
+       pTxD = (PTXD_STRUC) pTxRing->Cell[LastTxIdx].AllocVa;
+#else
+       pDestTxD = (PTXD_STRUC) pTxRing->Cell[LastTxIdx].AllocVa;
+       TxD = *pDestTxD;
+       pTxD = &TxD;
+#endif
+
+       pTxD->LastSec1 = 1;
+
+#ifdef RT_BIG_ENDIAN
+       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif // RT_BIG_ENDIAN //
+
+}
+
+
+USHORT RtmpPCI_WriteFragTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   fragNum,
+       OUT     USHORT                  *FreeNumber)
+{
+       UCHAR                   *pDMAHeaderBufVA;
+       USHORT                  TxIdx, RetTxIdx;
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       UINT32                  BufBasePaLow;
+       PRTMP_TX_RING   pTxRing;
+       USHORT                  hwHeaderLen;
+       UINT32                  firstDMALen;
+
+       //
+       // Get Tx Ring Resource
+       //
+       pTxRing = &pAd->TxRing[pTxBlk->QueIdx];
+       TxIdx = pAd->TxRing[pTxBlk->QueIdx].TxCpuIdx;
+       pDMAHeaderBufVA = (PUCHAR) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+       BufBasePaLow = RTMP_GetPhysicalAddressLow(pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+
+       //
+       // Copy TXINFO + TXWI + WLAN Header + LLC into DMA Header Buffer
+       //
+       //hwHeaderLen = ROUND_UP(pTxBlk->MpduHeaderLen, 4);
+       hwHeaderLen = pTxBlk->MpduHeaderLen + pTxBlk->HdrPadLen;
+
+       firstDMALen = TXINFO_SIZE + TXWI_SIZE + hwHeaderLen;
+       NdisMoveMemory(pDMAHeaderBufVA, pTxBlk->HeaderBuf, firstDMALen);
+
+
+       //
+       // Build Tx Descriptor
+       //
+#ifndef RT_BIG_ENDIAN
+       pTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+#else
+       pDestTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+       TxD = *pDestTxD;
+       pTxD = &TxD;
+#endif
+       NdisZeroMemory(pTxD, TXD_SIZE);
+
+       if (fragNum == pTxBlk->TotalFragNum)
+       {
+               pTxRing->Cell[TxIdx].pNdisPacket = pTxBlk->pPacket;
+               pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+       }
+
+       pTxD->SDPtr0 = BufBasePaLow;
+       pTxD->SDLen0 = firstDMALen; // include padding
+       pTxD->SDPtr1 = PCI_MAP_SINGLE(pAd, pTxBlk, 0, 1, PCI_DMA_TODEVICE);
+       pTxD->SDLen1 = pTxBlk->SrcBufLen;
+       pTxD->LastSec0 = 0;
+       pTxD->LastSec1 = 1;
+
+       RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)(pDMAHeaderBufVA + TXINFO_SIZE), TYPE_TXWI);
+       RTMPFrameEndianChange(pAd, (PUCHAR)(pDMAHeaderBufVA + TXINFO_SIZE + TXWI_SIZE), DIR_WRITE, FALSE);
+       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+    WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif // RT_BIG_ENDIAN //
+
+       RetTxIdx = TxIdx;
+       pTxBlk->Priv += pTxBlk->SrcBufLen;
+
+       //
+       // Update Tx index
+       //
+       INC_RING_INDEX(TxIdx, TX_RING_SIZE);
+       pTxRing->TxCpuIdx = TxIdx;
+
+       *FreeNumber -= 1;
+
+       return RetTxIdx;
+
+}
+
+
+/*
+       Must be run in Interrupt context
+       This function handle PCI specific TxDesc and cpu index update and kick the packet out.
+ */
+int RtmpPCIMgmtKickOut(
+       IN RTMP_ADAPTER         *pAd,
+       IN UCHAR                        QueIdx,
+       IN PNDIS_PACKET         pPacket,
+       IN PUCHAR                       pSrcBufVA,
+       IN UINT                         SrcBufLen)
+{
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       ULONG                   SwIdx = pAd->MgmtRing.TxCpuIdx;
+
+#ifdef RT_BIG_ENDIAN
+    pDestTxD  = (PTXD_STRUC)pAd->MgmtRing.Cell[SwIdx].AllocVa;
+    TxD = *pDestTxD;
+    pTxD = &TxD;
+    RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#else
+       pTxD  = (PTXD_STRUC) pAd->MgmtRing.Cell[SwIdx].AllocVa;
+#endif
+
+       pAd->MgmtRing.Cell[SwIdx].pNdisPacket = pPacket;
+       pAd->MgmtRing.Cell[SwIdx].pNextNdisPacket = NULL;
+
+       RTMPWriteTxDescriptor(pAd, pTxD, TRUE, FIFO_MGMT);
+       pTxD->LastSec0 = 1;
+       pTxD->LastSec1 = 1;
+       pTxD->DMADONE = 0;
+       pTxD->SDLen1 = 0;
+       pTxD->SDPtr0 = PCI_MAP_SINGLE(pAd, pSrcBufVA, SrcBufLen, 0, PCI_DMA_TODEVICE);
+       pTxD->SDLen0 = SrcBufLen;
+
+#ifdef RT_BIG_ENDIAN
+       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+    WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+
+//==================================================================
+/*     DBGPRINT_RAW(RT_DEBUG_TRACE, ("MLMEHardTransmit\n"));
+       for (i = 0; i < (TXWI_SIZE+24); i++)
+       {
+
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("%x:", *(pSrcBufVA+i)));
+               if ( i%4 == 3)
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, (" :: "));
+               if ( i%16 == 15)
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("\n      "));
+       }
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("\n      "));*/
+//=======================================================================
+
+       pAd->RalinkCounters.KickTxCount++;
+       pAd->RalinkCounters.OneSecTxDoneCount++;
+
+       // Increase TX_CTX_IDX, but write to register later.
+       INC_RING_INDEX(pAd->MgmtRing.TxCpuIdx, MGMT_RING_SIZE);
+
+       RTMP_IO_WRITE32(pAd, TX_MGMTCTX_IDX,  pAd->MgmtRing.TxCpuIdx);
+
+       return 0;
+}
+
+
+#ifdef CONFIG_STA_SUPPORT
+/*
+       ========================================================================
+
+       Routine Description:
+               Check Rx descriptor, return NDIS_STATUS_FAILURE if any error dound
+
+       Arguments:
+               pRxD            Pointer to the Rx descriptor
+
+       Return Value:
+               NDIS_STATUS_SUCCESS     No err
+               NDIS_STATUS_FAILURE     Error
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS RTMPCheckRxError(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      PHEADER_802_11          pHeader,
+       IN      PRXWI_STRUC             pRxWI,
+       IN  PRT28XX_RXD_STRUC   pRxD)
+{
+       PCIPHER_KEY pWpaKey;
+       INT dBm;
+
+       // Phy errors & CRC errors
+       if (/*(pRxD->PhyErr) ||*/ (pRxD->Crc))
+       {
+               // Check RSSI for Noise Hist statistic collection.
+               dBm = (INT) (pRxWI->RSSI0) - pAd->BbpRssiToDbmDelta;
+               if (dBm <= -87)
+                       pAd->StaCfg.RPIDensity[0] += 1;
+               else if (dBm <= -82)
+                       pAd->StaCfg.RPIDensity[1] += 1;
+               else if (dBm <= -77)
+                       pAd->StaCfg.RPIDensity[2] += 1;
+               else if (dBm <= -72)
+                       pAd->StaCfg.RPIDensity[3] += 1;
+               else if (dBm <= -67)
+                       pAd->StaCfg.RPIDensity[4] += 1;
+               else if (dBm <= -62)
+                       pAd->StaCfg.RPIDensity[5] += 1;
+               else if (dBm <= -57)
+                       pAd->StaCfg.RPIDensity[6] += 1;
+               else if (dBm > -57)
+                       pAd->StaCfg.RPIDensity[7] += 1;
+
+               return(NDIS_STATUS_FAILURE);
+       }
+
+       // Add Rx size to channel load counter, we should ignore error counts
+       pAd->StaCfg.CLBusyBytes += (pRxD->SDL0 + 14);
+
+       // Drop ToDs promiscous frame, it is opened due to CCX 2 channel load statistics
+       if (pHeader != NULL)
+       {
+               if (pHeader->FC.ToDs)
+               {
+                       return(NDIS_STATUS_FAILURE);
+               }
+       }
+
+       // Drop not U2M frames, cant's drop here because we will drop beacon in this case
+       // I am kind of doubting the U2M bit operation
+       // if (pRxD->U2M == 0)
+       //      return(NDIS_STATUS_FAILURE);
+
+       // drop decyption fail frame
+       if (pRxD->CipherErr)
+       {
+               if (pRxD->CipherErr == 2)
+                       {DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: ICV ok but MICErr "));}
+               else if (pRxD->CipherErr == 1)
+                       {DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: ICV Err "));}
+               else if (pRxD->CipherErr == 3)
+                       DBGPRINT_RAW(RT_DEBUG_TRACE,("pRxD ERROR: Key not valid "));
+
+        if (((pRxD->CipherErr & 1) == 1) && pAd->CommonCfg.bWirelessEvent && INFRA_ON(pAd))
+            RTMPSendWirelessEvent(pAd, IW_ICV_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+
+               DBGPRINT_RAW(RT_DEBUG_TRACE,(" %d (len=%d, Mcast=%d, MyBss=%d, Wcid=%d, KeyId=%d)\n",
+                       pRxD->CipherErr,
+                       pRxD->SDL0,
+                       pRxD->Mcast | pRxD->Bcast,
+                       pRxD->MyBss,
+                       pRxWI->WirelessCliID,
+//                     CipherName[pRxD->CipherAlg],
+                       pRxWI->KeyIndex));
+
+               //
+               // MIC Error
+               //
+               if (pRxD->CipherErr == 2)
+               {
+                       pWpaKey = &pAd->SharedKey[BSS0][pRxWI->KeyIndex];
+#ifdef WPA_SUPPLICANT_SUPPORT
+            if (pAd->StaCfg.WpaSupplicantUP)
+                WpaSendMicFailureToWpaSupplicant(pAd,
+                                   (pWpaKey->Type == PAIRWISEKEY) ? TRUE:FALSE);
+            else
+#endif // WPA_SUPPLICANT_SUPPORT //
+                           RTMPReportMicError(pAd, pWpaKey);
+
+            if (((pRxD->CipherErr & 2) == 2) && pAd->CommonCfg.bWirelessEvent && INFRA_ON(pAd))
+                RTMPSendWirelessEvent(pAd, IW_MIC_ERROR_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+
+                       DBGPRINT_RAW(RT_DEBUG_ERROR,("Rx MIC Value error\n"));
+               }
+
+               if (pHeader == NULL)
+                       return(NDIS_STATUS_SUCCESS);
+               /*if ((pRxD->CipherAlg == CIPHER_AES) &&
+                       (pHeader->Sequence == pAd->FragFrame.Sequence))
+               {
+                       //
+                       // Acceptable since the First FragFrame no CipherErr problem.
+                       //
+                       return(NDIS_STATUS_SUCCESS);
+               }*/
+
+               return(NDIS_STATUS_FAILURE);
+       }
+
+       return(NDIS_STATUS_SUCCESS);
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+BOOLEAN  RTMPFreeTXDUponTxDmaDone(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        QueIdx)
+{
+       PRTMP_TX_RING pTxRing;
+       PTXD_STRUC        pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+#endif
+       PNDIS_PACKET  pPacket;
+       UCHAR   FREE = 0;
+       TXD_STRUC       TxD, *pOriTxD;
+       //ULONG         IrqFlags;
+       BOOLEAN                 bReschedule = FALSE;
+
+
+       ASSERT(QueIdx < NUM_OF_TX_RING);
+       pTxRing = &pAd->TxRing[QueIdx];
+
+       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QueIdx * RINGREG_DIFF, &pTxRing->TxDmaIdx);
+       while (pTxRing->TxSwFreeIdx != pTxRing->TxDmaIdx)
+       {
+//             RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+#ifdef RALINK_ATE
+#ifdef RALINK_28xx_QA
+               PHEADER_802_11  pHeader80211;
+
+               if ((ATE_ON(pAd)) && (pAd->ate.bQATxStart == TRUE))
+               {
+                       if (pAd->ate.QID == QueIdx)
+                       {
+                               pAd->ate.TxDoneCount++;
+                               pAd->RalinkCounters.KickTxCount++;
+
+                               /* always use QID_AC_BE and FIFO_EDCA */
+                               ASSERT(pAd->ate.QID == 0);
+                               pAd->ate.TxAc0++;
+
+                               FREE++;
+#ifndef RT_BIG_ENDIAN
+                               pTxD = (PTXD_STRUC) (pTxRing->Cell[pTxRing->TxSwFreeIdx].AllocVa);
+                               pOriTxD = pTxD;
+                       NdisMoveMemory(&TxD, pTxD, sizeof(TXD_STRUC));
+                               pTxD = &TxD;
+#else
+                       pDestTxD = (PTXD_STRUC) (pTxRing->Cell[pTxRing->TxSwFreeIdx].AllocVa);
+                       pOriTxD = pDestTxD ;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                               pTxD->DMADONE = 0;
+
+                               pHeader80211 = pTxRing->Cell[pTxRing->TxSwFreeIdx].DmaBuf.AllocVa + sizeof(TXWI_STRUC);
+#ifdef RT_BIG_ENDIAN
+                               RTMPFrameEndianChange(pAd, (PUCHAR)pHeader80211, DIR_READ, FALSE);
+#endif
+                               pHeader80211->Sequence = ++pAd->ate.seq;
+#ifdef RT_BIG_ENDIAN
+                               RTMPFrameEndianChange(pAd, (PUCHAR)pHeader80211, DIR_WRITE, FALSE);
+#endif
+
+                               if  ((pAd->ate.bQATxStart == TRUE) && (pAd->ate.Mode & ATE_TXFRAME) && (pAd->ate.TxDoneCount < pAd->ate.TxCount))
+                               {
+                                       pAd->RalinkCounters.TransmittedByteCount +=  (pTxD->SDLen1 + pTxD->SDLen0);
+                                       pAd->RalinkCounters.OneSecTransmittedByteCount += (pTxD->SDLen1 + pTxD->SDLen0);
+                                       pAd->RalinkCounters.OneSecDmaDoneCount[QueIdx] ++;
+                                       INC_RING_INDEX(pTxRing->TxSwFreeIdx, TX_RING_SIZE);
+
+                                       /* get TX_DTX_IDX again */
+                                       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QueIdx * RINGREG_DIFF ,  &pTxRing->TxDmaIdx);
+                                       goto kick_out;
+                               }
+                               else if ((pAd->ate.TxStatus == 1)/* or (pAd->ate.bQATxStart == TRUE) ??? */ && (pAd->ate.TxDoneCount == pAd->ate.TxCount))
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE,("all Tx is done\n"));
+
+                                       // Tx status enters idle mode.
+                                       pAd->ate.TxStatus = 0;
+                               }
+                               else if (!(pAd->ate.Mode & ATE_TXFRAME))
+                               {
+                                       /* not complete sending yet, but someone press the Stop TX botton */
+                                       DBGPRINT(RT_DEBUG_ERROR,("not complete sending yet, but someone pressed the Stop TX bottom\n"));
+                                       DBGPRINT(RT_DEBUG_ERROR,("pAd->ate.Mode = 0x%02x\n", pAd->ate.Mode));
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_OFF,("pTxRing->TxSwFreeIdx = %d\n", pTxRing->TxSwFreeIdx));
+                               }
+
+#ifndef RT_BIG_ENDIAN
+                       NdisMoveMemory(pOriTxD, pTxD, sizeof(TXD_STRUC));
+#else
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                       *pDestTxD = TxD;
+#endif // RT_BIG_ENDIAN //
+
+                               INC_RING_INDEX(pTxRing->TxSwFreeIdx, TX_RING_SIZE);
+                               continue;
+                       }
+               }
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+               // static rate also need NICUpdateFifoStaCounters() function.
+               //if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED))
+                       NICUpdateFifoStaCounters(pAd);
+
+               /* Note : If (pAd->ate.bQATxStart == TRUE), we will never reach here. */
+               FREE++;
+#ifndef RT_BIG_ENDIAN
+                pTxD = (PTXD_STRUC) (pTxRing->Cell[pTxRing->TxSwFreeIdx].AllocVa);
+               pOriTxD = pTxD;
+                NdisMoveMemory(&TxD, pTxD, sizeof(TXD_STRUC));
+               pTxD = &TxD;
+#else
+        pDestTxD = (PTXD_STRUC) (pTxRing->Cell[pTxRing->TxSwFreeIdx].AllocVa);
+        pOriTxD = pDestTxD ;
+        TxD = *pDestTxD;
+        pTxD = &TxD;
+        RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+
+               pTxD->DMADONE = 0;
+
+
+#ifdef RALINK_ATE
+               /* Execution of this block is not allowed when ATE is running. */
+               if (!(ATE_ON(pAd)))
+#endif // RALINK_ATE //
+               {
+                       pPacket = pTxRing->Cell[pTxRing->TxSwFreeIdx].pNdisPacket;
+                       if (pPacket)
+                       {
+#ifdef CONFIG_5VT_ENHANCE
+                               if (RTMP_GET_PACKET_5VT(pPacket))
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, 16, PCI_DMA_TODEVICE);
+                               else
+#endif // CONFIG_5VT_ENHANCE //
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+                       //Always assign pNdisPacket as NULL after clear
+                       pTxRing->Cell[pTxRing->TxSwFreeIdx].pNdisPacket = NULL;
+
+                       pPacket = pTxRing->Cell[pTxRing->TxSwFreeIdx].pNextNdisPacket;
+
+                       ASSERT(pPacket == NULL);
+                       if (pPacket)
+                       {
+#ifdef CONFIG_5VT_ENHANCE
+                               if (RTMP_GET_PACKET_5VT(pPacket))
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, 16, PCI_DMA_TODEVICE);
+                               else
+#endif // CONFIG_5VT_ENHANCE //
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+                       //Always assign pNextNdisPacket as NULL after clear
+                       pTxRing->Cell[pTxRing->TxSwFreeIdx].pNextNdisPacket = NULL;
+               }
+
+               pAd->RalinkCounters.TransmittedByteCount +=  (pTxD->SDLen1 + pTxD->SDLen0);
+               pAd->RalinkCounters.OneSecDmaDoneCount[QueIdx] ++;
+               INC_RING_INDEX(pTxRing->TxSwFreeIdx, TX_RING_SIZE);
+               /* get tx_tdx_idx again */
+               RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QueIdx * RINGREG_DIFF ,  &pTxRing->TxDmaIdx);
+#ifdef RT_BIG_ENDIAN
+        RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+        *pDestTxD = TxD;
+#else
+        NdisMoveMemory(pOriTxD, pTxD, sizeof(TXD_STRUC));
+#endif
+
+#ifdef RALINK_ATE
+#ifdef RALINK_28xx_QA
+kick_out:
+#endif // RALINK_28xx_QA //
+
+               /*
+                       ATE_TXCONT mode also need to send some normal frames, so let it in.
+                       ATE_STOP must be changed not to be 0xff
+                       to prevent it from running into this block.
+               */
+               if ((pAd->ate.Mode & ATE_TXFRAME) && (pAd->ate.QID == QueIdx))
+               {
+                       // TxDoneCount++ has been done if QA is used.
+                       if (pAd->ate.bQATxStart == FALSE)
+                       {
+                               pAd->ate.TxDoneCount++;
+                       }
+                       if (((pAd->ate.TxCount - pAd->ate.TxDoneCount + 1) >= TX_RING_SIZE))
+                       {
+                               /* Note : We increase TxCpuIdx here, not TxSwFreeIdx ! */
+                               INC_RING_INDEX(pAd->TxRing[QueIdx].TxCpuIdx, TX_RING_SIZE);
+#ifndef RT_BIG_ENDIAN
+                               pTxD = (PTXD_STRUC) (pTxRing->Cell[pAd->TxRing[QueIdx].TxCpuIdx].AllocVa);
+                               pOriTxD = pTxD;
+                       NdisMoveMemory(&TxD, pTxD, sizeof(TXD_STRUC));
+                               pTxD = &TxD;
+#else
+                       pDestTxD = (PTXD_STRUC) (pTxRing->Cell[pAd->TxRing[QueIdx].TxCpuIdx].AllocVa);
+                       pOriTxD = pDestTxD ;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                               pTxD->DMADONE = 0;
+#ifndef RT_BIG_ENDIAN
+                       NdisMoveMemory(pOriTxD, pTxD, sizeof(TXD_STRUC));
+#else
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                       *pDestTxD = TxD;
+#endif
+                               // kick Tx-Ring
+                               RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QueIdx * RINGREG_DIFF, pAd->TxRing[QueIdx].TxCpuIdx);
+                               pAd->RalinkCounters.KickTxCount++;
+                       }
+               }
+#endif // RALINK_ATE //
+//         RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+       }
+
+
+       return  bReschedule;
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process TX Rings DMA Done interrupt, running in DPC level
+
+       Arguments:
+               Adapter         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+BOOLEAN        RTMPHandleTxRingDmaDoneInterrupt(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      INT_SOURCE_CSR_STRUC TxRingBitmap)
+{
+//     UCHAR                   Count = 0;
+    unsigned long      IrqFlags;
+       BOOLEAN                 bReschedule = FALSE;
+
+       // Make sure Tx ring resource won't be used by other threads
+       //NdisAcquireSpinLock(&pAd->TxRingLock);
+
+       RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+
+       if (TxRingBitmap.field.Ac0DmaDone)
+               bReschedule = RTMPFreeTXDUponTxDmaDone(pAd, QID_AC_BE);
+/*
+       if (TxRingBitmap.field.HccaDmaDone)
+               bReschedule |= RTMPFreeTXDUponTxDmaDone(pAd, QID_HCCA);
+*/
+
+       if (TxRingBitmap.field.Ac3DmaDone)
+               bReschedule |= RTMPFreeTXDUponTxDmaDone(pAd, QID_AC_VO);
+
+       if (TxRingBitmap.field.Ac2DmaDone)
+               bReschedule |= RTMPFreeTXDUponTxDmaDone(pAd, QID_AC_VI);
+
+       if (TxRingBitmap.field.Ac1DmaDone)
+               bReschedule |= RTMPFreeTXDUponTxDmaDone(pAd, QID_AC_BK);
+
+       // Make sure to release Tx ring resource
+       //NdisReleaseSpinLock(&pAd->TxRingLock);
+       RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+
+       // Dequeue outgoing frames from TxSwQueue[] and process it
+       RTMPDeQueuePacket(pAd, FALSE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+
+       return  bReschedule;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process MGMT ring DMA done interrupt, running in DPC level
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPHandleMgmtRingDmaDoneInterrupt(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       PTXD_STRUC       pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       PNDIS_PACKET pPacket;
+//     int              i;
+       UCHAR   FREE = 0;
+       PRTMP_MGMT_RING pMgmtRing = &pAd->MgmtRing;
+
+       NdisAcquireSpinLock(&pAd->MgmtRingLock);
+
+       RTMP_IO_READ32(pAd, TX_MGMTDTX_IDX, &pMgmtRing->TxDmaIdx);
+       while (pMgmtRing->TxSwFreeIdx!= pMgmtRing->TxDmaIdx)
+       {
+               FREE++;
+#ifdef RT_BIG_ENDIAN
+        pDestTxD = (PTXD_STRUC) (pMgmtRing->Cell[pAd->MgmtRing.TxSwFreeIdx].AllocVa);
+        TxD = *pDestTxD;
+        pTxD = &TxD;
+               RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#else
+               pTxD = (PTXD_STRUC) (pMgmtRing->Cell[pAd->MgmtRing.TxSwFreeIdx].AllocVa);
+#endif
+               pTxD->DMADONE = 0;
+               pPacket = pMgmtRing->Cell[pMgmtRing->TxSwFreeIdx].pNdisPacket;
+
+
+               if (pPacket)
+               {
+                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+               }
+               pMgmtRing->Cell[pMgmtRing->TxSwFreeIdx].pNdisPacket = NULL;
+
+               pPacket = pMgmtRing->Cell[pMgmtRing->TxSwFreeIdx].pNextNdisPacket;
+               if (pPacket)
+               {
+                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+               }
+               pMgmtRing->Cell[pMgmtRing->TxSwFreeIdx].pNextNdisPacket = NULL;
+               INC_RING_INDEX(pMgmtRing->TxSwFreeIdx, MGMT_RING_SIZE);
+
+#ifdef RT_BIG_ENDIAN
+        RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+        WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, TRUE, TYPE_TXD);
+#endif
+       }
+       NdisReleaseSpinLock(&pAd->MgmtRingLock);
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+       Arguments:
+               Adapter         Pointer to our adapter. Dequeue all power safe delayed braodcast frames after beacon.
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID   RTMPHandleTBTTInterrupt(
+       IN PRTMP_ADAPTER pAd)
+{
+       {
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+               {
+               }
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+       Arguments:
+               pAd             Pointer to our adapter. Rewrite beacon content before next send-out.
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID   RTMPHandlePreTBTTInterrupt(
+       IN PRTMP_ADAPTER pAd)
+{
+       {
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("RTMPHandlePreTBTTInterrupt...\n"));
+               }
+       }
+
+
+}
+
+VOID   RTMPHandleRxCoherentInterrupt(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       WPDMA_GLO_CFG_STRUC     GloCfg;
+
+       if (pAd == NULL)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("====> pAd is NULL, return.\n"));
+               return;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> RTMPHandleRxCoherentInterrupt \n"));
+
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG , &GloCfg.word);
+
+       GloCfg.field.EnTXWriteBackDDONE = 0;
+       GloCfg.field.EnableRxDMA = 0;
+       GloCfg.field.EnableTxDMA = 0;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+
+       RTMPRingCleanUp(pAd, QID_AC_BE);
+       RTMPRingCleanUp(pAd, QID_AC_BK);
+       RTMPRingCleanUp(pAd, QID_AC_VI);
+       RTMPRingCleanUp(pAd, QID_AC_VO);
+       /*RTMPRingCleanUp(pAd, QID_HCCA);*/
+       RTMPRingCleanUp(pAd, QID_MGMT);
+       RTMPRingCleanUp(pAd, QID_RX);
+
+       RTMPEnableRxTx(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== RTMPHandleRxCoherentInterrupt \n"));
+}
+
+
+
+
+VOID DBGPRINT_TX_RING(
+       IN PRTMP_ADAPTER  pAd,
+       IN UCHAR          QueIdx)
+{
+       UINT32          Ac0Base;
+       UINT32          Ac0HwIdx = 0, Ac0SwIdx = 0, AC0freeIdx;
+       int                     i;
+//     PULONG          pTxD;
+       PULONG  ptemp;
+
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("=====================================================\n "  ));
+       switch (QueIdx)
+       {
+               case QID_AC_BE:
+                       RTMP_IO_READ32(pAd, TX_BASE_PTR0, &Ac0Base);
+                       RTMP_IO_READ32(pAd, TX_CTX_IDX0, &Ac0SwIdx);
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX0, &Ac0HwIdx);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("All QID_AC_BE DESCRIPTOR  \n "  ));
+                       for (i=0;i<TX_RING_SIZE;i++)
+                       {
+                               ptemp= (PULONG)pAd->TxRing[QID_AC_BE].Cell[i].AllocVa;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08lx: %08lx: %08lx: %08lx\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+                       }
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("  \n "  ));
+                       break;
+               case QID_AC_BK:
+                       RTMP_IO_READ32(pAd, TX_BASE_PTR1, &Ac0Base);
+                       RTMP_IO_READ32(pAd, TX_CTX_IDX1, &Ac0SwIdx);
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX1, &Ac0HwIdx);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("All QID_AC_BK DESCRIPTOR  \n "  ));
+                       for (i=0;i<TX_RING_SIZE;i++)
+                       {
+                               ptemp= (PULONG)pAd->TxRing[QID_AC_BK].Cell[i].AllocVa;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08lx: %08lx: %08lx: %08lx\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+                       }
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("  \n "  ));
+                       break;
+               case QID_AC_VI:
+                       RTMP_IO_READ32(pAd, TX_BASE_PTR2, &Ac0Base);
+                       RTMP_IO_READ32(pAd, TX_CTX_IDX2, &Ac0SwIdx);
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX2, &Ac0HwIdx);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("All QID_AC_VI DESCRIPTOR \n "  ));
+                       for (i=0;i<TX_RING_SIZE;i++)
+                       {
+                               ptemp= (PULONG)pAd->TxRing[QID_AC_VI].Cell[i].AllocVa;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08lx: %08lx: %08lx: %08lx\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+                       }
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("  \n "  ));
+                       break;
+               case QID_AC_VO:
+                       RTMP_IO_READ32(pAd, TX_BASE_PTR3, &Ac0Base);
+                       RTMP_IO_READ32(pAd, TX_CTX_IDX3, &Ac0SwIdx);
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX3, &Ac0HwIdx);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("All QID_AC_VO DESCRIPTOR \n "  ));
+                       for (i=0;i<TX_RING_SIZE;i++)
+                       {
+                               ptemp= (PULONG)pAd->TxRing[QID_AC_VO].Cell[i].AllocVa;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08lx: %08lx: %08lx: %08lx\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+                       }
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("  \n "  ));
+                       break;
+               case QID_MGMT:
+                       RTMP_IO_READ32(pAd, TX_BASE_PTR5, &Ac0Base);
+                       RTMP_IO_READ32(pAd, TX_CTX_IDX5, &Ac0SwIdx);
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX5, &Ac0HwIdx);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, (" All QID_MGMT  DESCRIPTOR \n "  ));
+                       for (i=0;i<MGMT_RING_SIZE;i++)
+                       {
+                               ptemp= (PULONG)pAd->MgmtRing.Cell[i].AllocVa;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08lx: %08lx: %08lx: %08lx\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+                       }
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("  \n "  ));
+                       break;
+
+               default:
+                       DBGPRINT_ERR(("DBGPRINT_TX_RING(Ring %d) not supported\n", QueIdx));
+                       break;
+       }
+       AC0freeIdx = pAd->TxRing[QueIdx].TxSwFreeIdx;
+
+       DBGPRINT(RT_DEBUG_TRACE,("TxRing%d, TX_DTX_IDX=%d, TX_CTX_IDX=%d\n", QueIdx, Ac0HwIdx, Ac0SwIdx));
+       DBGPRINT_RAW(RT_DEBUG_TRACE,("  TxSwFreeIdx[%d]", AC0freeIdx));
+       DBGPRINT_RAW(RT_DEBUG_TRACE,("  pending-NDIS=%ld\n", pAd->RalinkCounters.PendingNdisPacketCount));
+
+
+}
+
+
+VOID DBGPRINT_RX_RING(
+       IN PRTMP_ADAPTER  pAd)
+{
+       UINT32          Ac0Base;
+       UINT32          Ac0HwIdx = 0, Ac0SwIdx = 0, AC0freeIdx;
+//     PULONG   pTxD;
+       int                     i;
+       UINT32  *ptemp;
+//     PRXD_STRUC              pRxD;
+
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("=====================================================\n "  ));
+       RTMP_IO_READ32(pAd, RX_BASE_PTR, &Ac0Base);
+       RTMP_IO_READ32(pAd, RX_CRX_IDX, &Ac0SwIdx);
+       RTMP_IO_READ32(pAd, RX_DRX_IDX, &Ac0HwIdx);
+       AC0freeIdx = pAd->RxRing.RxSwReadIdx;
+
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("All RX DSP  \n "  ));
+       for (i=0;i<RX_RING_SIZE;i++)
+       {
+               ptemp = (UINT32 *)pAd->RxRing.Cell[i].AllocVa;
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("[%02d]  %08x: %08x: %08x: %08x\n " , i, *ptemp,*(ptemp+1),*(ptemp+2),*(ptemp+3)));
+       }
+       DBGPRINT(RT_DEBUG_TRACE,("RxRing, RX_DRX_IDX=%d, RX_CRX_IDX=%d \n", Ac0HwIdx, Ac0SwIdx));
+       DBGPRINT_RAW(RT_DEBUG_TRACE,("  RxSwReadIdx [%d]=", AC0freeIdx));
+       DBGPRINT_RAW(RT_DEBUG_TRACE,("  pending-NDIS=%ld\n", pAd->RalinkCounters.PendingNdisPacketCount));
+}
+
+
+PNDIS_PACKET GetPacketFromRxRing(
+       IN              PRTMP_ADAPTER   pAd,
+       OUT             PRT28XX_RXD_STRUC       pSaveRxD,
+       OUT             BOOLEAN                 *pbReschedule,
+       IN OUT  UINT32                  *pRxPending)
+{
+       PRXD_STRUC                              pRxD;
+#ifdef RT_BIG_ENDIAN
+       PRXD_STRUC                              pDestRxD;
+       RXD_STRUC                               RxD;
+#endif
+       PNDIS_PACKET                    pRxPacket = NULL;
+       PNDIS_PACKET                    pNewPacket;
+       PVOID                                   AllocVa;
+       NDIS_PHYSICAL_ADDRESS   AllocPa;
+       BOOLEAN                                 bReschedule = FALSE;
+
+       RTMP_SEM_LOCK(&pAd->RxRingLock);
+
+       if (*pRxPending == 0)
+       {
+               // Get how may packets had been received
+               RTMP_IO_READ32(pAd, RX_DRX_IDX , &pAd->RxRing.RxDmaIdx);
+
+               if (pAd->RxRing.RxSwReadIdx == pAd->RxRing.RxDmaIdx)
+               {
+                       // no more rx packets
+                       bReschedule = FALSE;
+                       goto done;
+               }
+
+               // get rx pending count
+               if (pAd->RxRing.RxDmaIdx > pAd->RxRing.RxSwReadIdx)
+                       *pRxPending = pAd->RxRing.RxDmaIdx - pAd->RxRing.RxSwReadIdx;
+               else
+                       *pRxPending     = pAd->RxRing.RxDmaIdx + RX_RING_SIZE - pAd->RxRing.RxSwReadIdx;
+
+       }
+
+#ifdef RT_BIG_ENDIAN
+       pDestRxD = (PRXD_STRUC) pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].AllocVa;
+       RxD = *pDestRxD;
+       pRxD = &RxD;
+       RTMPDescriptorEndianChange((PUCHAR)pRxD, TYPE_RXD);
+#else
+       // Point to Rx indexed rx ring descriptor
+       pRxD = (PRXD_STRUC) pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].AllocVa;
+#endif
+
+       if (pRxD->DDONE == 0)
+       {
+               *pRxPending = 0;
+               // DMAIndx had done but DDONE bit not ready
+               bReschedule = TRUE;
+               goto done;
+       }
+
+
+       // return rx descriptor
+       NdisMoveMemory(pSaveRxD, pRxD, RXD_SIZE);
+
+       pNewPacket = RTMP_AllocateRxPacketBuffer(pAd, RX_BUFFER_AGGRESIZE, FALSE, &AllocVa, &AllocPa);
+
+       if (pNewPacket)
+       {
+               // unmap the rx buffer
+               PCI_UNMAP_SINGLE(pAd, pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].DmaBuf.AllocPa,
+                                        pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].DmaBuf.AllocSize, PCI_DMA_FROMDEVICE);
+               pRxPacket = pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].pNdisPacket;
+
+               pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].DmaBuf.AllocSize      = RX_BUFFER_AGGRESIZE;
+               pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].pNdisPacket           = (PNDIS_PACKET) pNewPacket;
+               pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].DmaBuf.AllocVa        = AllocVa;
+               pAd->RxRing.Cell[pAd->RxRing.RxSwReadIdx].DmaBuf.AllocPa        = AllocPa;
+               /* update SDP0 to new buffer of rx packet */
+               pRxD->SDP0 = AllocPa;
+       }
+       else
+       {
+               //DBGPRINT(RT_DEBUG_TRACE,("No Rx Buffer\n"));
+               pRxPacket = NULL;
+               bReschedule = TRUE;
+       }
+
+       pRxD->DDONE = 0;
+
+       // had handled one rx packet
+       *pRxPending = *pRxPending - 1;
+
+       // update rx descriptor and kick rx
+#ifdef RT_BIG_ENDIAN
+       RTMPDescriptorEndianChange((PUCHAR)pRxD, TYPE_RXD);
+       WriteBackToDescriptor((PUCHAR)pDestRxD, (PUCHAR)pRxD, FALSE, TYPE_RXD);
+#endif
+       INC_RING_INDEX(pAd->RxRing.RxSwReadIdx, RX_RING_SIZE);
+
+       pAd->RxRing.RxCpuIdx = (pAd->RxRing.RxSwReadIdx == 0) ? (RX_RING_SIZE-1) : (pAd->RxRing.RxSwReadIdx-1);
+       RTMP_IO_WRITE32(pAd, RX_CRX_IDX, pAd->RxRing.RxCpuIdx);
+
+done:
+       RTMP_SEM_UNLOCK(&pAd->RxRingLock);
+       *pbReschedule = bReschedule;
+       return pRxPacket;
+}
+
+
+NDIS_STATUS MlmeHardTransmitTxRing(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   QueIdx,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PACKET_INFO     PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       UINT                    SrcBufLen;
+       PTXD_STRUC              pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       PHEADER_802_11  pHeader_802_11;
+       BOOLEAN                 bAckRequired, bInsertTimestamp;
+       ULONG                   SrcBufPA;
+       //UCHAR                 TxBufIdx;
+       UCHAR                   MlmeRate;
+       ULONG                   SwIdx = pAd->TxRing[QueIdx].TxCpuIdx;
+       PTXWI_STRUC     pFirstTxWI;
+       //ULONG i;
+       //HTTRANSMIT_SETTING    MlmeTransmit;   //Rate for this MGMT frame.
+       ULONG    FreeNum;
+       MAC_TABLE_ENTRY *pMacEntry = NULL;
+
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+
+
+       if (pSrcBufVA == NULL)
+       {
+               // The buffer shouldn't be NULL
+               return NDIS_STATUS_FAILURE;
+       }
+
+       // Make sure MGMT ring resource won't be used by other threads
+       //NdisAcquireSpinLock(&pAd->TxRingLock);
+
+       FreeNum = GET_TXRING_FREENO(pAd, QueIdx);
+
+       if (FreeNum == 0)
+       {
+               //NdisReleaseSpinLock(&pAd->TxRingLock);
+               return NDIS_STATUS_FAILURE;
+       }
+
+       SwIdx = pAd->TxRing[QueIdx].TxCpuIdx;
+
+#ifndef RT_BIG_ENDIAN
+       pTxD  = (PTXD_STRUC) pAd->TxRing[QueIdx].Cell[SwIdx].AllocVa;
+#else
+    pDestTxD  = (PTXD_STRUC)pAd->TxRing[QueIdx].Cell[SwIdx].AllocVa;
+    TxD = *pDestTxD;
+    pTxD = &TxD;
+    RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+
+       if (pAd->TxRing[QueIdx].Cell[SwIdx].pNdisPacket)
+       {
+               DBGPRINT(RT_DEBUG_OFF, ("MlmeHardTransmit Error\n"));
+               //NdisReleaseSpinLock(&pAd->TxRingLock);
+               return NDIS_STATUS_FAILURE;
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // outgoing frame always wakeup PHY to prevent frame lost
+               // if (pAd->StaCfg.Psm == PWR_SAVE)
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+                       AsicForceWakeup(pAd, TRUE);
+       }
+#endif // CONFIG_STA_SUPPORT //
+       pFirstTxWI      =(PTXWI_STRUC)pSrcBufVA;
+
+       pHeader_802_11 = (PHEADER_802_11) (pSrcBufVA + TXWI_SIZE);
+       if (pHeader_802_11->Addr1[0] & 0x01)
+       {
+               MlmeRate = pAd->CommonCfg.BasicMlmeRate;
+       }
+       else
+       {
+               MlmeRate = pAd->CommonCfg.MlmeRate;
+       }
+
+       if ((pHeader_802_11->FC.Type == BTYPE_DATA) &&
+               (pHeader_802_11->FC.SubType == SUBTYPE_QOS_NULL))
+       {
+               pMacEntry = MacTableLookup(pAd, pHeader_802_11->Addr1);
+       }
+
+       // Verify Mlme rate for a / g bands.
+       if ((pAd->LatchRfRegs.Channel > 14) && (MlmeRate < RATE_6)) // 11A band
+               MlmeRate = RATE_6;
+
+       //
+       // Should not be hard code to set PwrMgmt to 0 (PWR_ACTIVE)
+       // Snice it's been set to 0 while on MgtMacHeaderInit
+       // By the way this will cause frame to be send on PWR_SAVE failed.
+       //
+       //
+       // In WMM-UAPSD, mlme frame should be set psm as power saving but probe request frame
+#ifdef CONFIG_STA_SUPPORT
+    // Data-Null packets alse pass through MMRequest in RT2860, however, we hope control the psm bit to pass APSD
+       if (pHeader_802_11->FC.Type != BTYPE_DATA)
+    {
+       if ((pHeader_802_11->FC.SubType == SUBTYPE_PROBE_REQ) || !(pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable))
+       {
+               pHeader_802_11->FC.PwrMgmt = PWR_ACTIVE;
+       }
+       else
+       {
+               pHeader_802_11->FC.PwrMgmt = pAd->CommonCfg.bAPSDForcePowerSave;
+       }
+    }
+#endif // CONFIG_STA_SUPPORT //
+
+       bInsertTimestamp = FALSE;
+       if (pHeader_802_11->FC.Type == BTYPE_CNTL) // must be PS-POLL
+       {
+               bAckRequired = FALSE;
+       }
+       else // BTYPE_MGMT or BTYPE_DATA(must be NULL frame)
+       {
+               if (pHeader_802_11->Addr1[0] & 0x01) // MULTICAST, BROADCAST
+               {
+                       bAckRequired = FALSE;
+                       pHeader_802_11->Duration = 0;
+               }
+               else
+               {
+                       bAckRequired = TRUE;
+                       pHeader_802_11->Duration = RTMPCalcDuration(pAd, MlmeRate, 14);
+                       if (pHeader_802_11->FC.SubType == SUBTYPE_PROBE_RSP)
+                       {
+                               bInsertTimestamp = TRUE;
+                       }
+               }
+       }
+       pHeader_802_11->Sequence = pAd->Sequence++;
+       if (pAd->Sequence > 0xfff)
+               pAd->Sequence = 0;
+       // Before radar detection done, mgmt frame can not be sent but probe req
+       // Because we need to use probe req to trigger driver to send probe req in passive scan
+       if ((pHeader_802_11->FC.SubType != SUBTYPE_PROBE_REQ)
+               && (pAd->CommonCfg.bIEEE80211H == 1)
+               && (pAd->CommonCfg.RadarDetect.RDMode != RD_NORMAL_MODE))
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("MlmeHardTransmit --> radar detect not in normal mode !!!\n"));
+               //NdisReleaseSpinLock(&pAd->TxRingLock);
+               return (NDIS_STATUS_FAILURE);
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pHeader_802_11, DIR_WRITE, FALSE);
+#endif
+       //
+       // fill scatter-and-gather buffer list into TXD. Internally created NDIS PACKET
+       // should always has only one ohysical buffer, and the whole frame size equals
+       // to the first scatter buffer size
+       //
+
+       // Initialize TX Descriptor
+       // For inter-frame gap, the number is for this frame and next frame
+       // For MLME rate, we will fix as 2Mb to match other vendor's implement
+//     pAd->CommonCfg.MlmeTransmit.field.MODE = 1;
+
+// management frame doesn't need encryption. so use RESERVED_WCID no matter u are sending to specific wcid or not.
+       // Only beacon use Nseq=TRUE. So here we use Nseq=FALSE.
+       if (pMacEntry == NULL)
+       {
+       RTMPWriteTxWI(pAd, pFirstTxWI, FALSE, FALSE, bInsertTimestamp, FALSE, bAckRequired, FALSE,
+               0, RESERVED_WCID, (SrcBufLen - TXWI_SIZE), PID_MGMT, 0,  (UCHAR)pAd->CommonCfg.MlmeTransmit.field.MCS, IFS_BACKOFF, FALSE, &pAd->CommonCfg.MlmeTransmit);
+       }
+       else
+       {
+               RTMPWriteTxWI(pAd, pFirstTxWI, FALSE, FALSE,
+                                       bInsertTimestamp, FALSE, bAckRequired, FALSE,
+                                       0, pMacEntry->Aid, (SrcBufLen - TXWI_SIZE),
+                                       pMacEntry->MaxHTPhyMode.field.MCS, 0,
+                                       (UCHAR)pMacEntry->MaxHTPhyMode.field.MCS,
+                                       IFS_BACKOFF, FALSE, &pMacEntry->MaxHTPhyMode);
+       }
+
+       pAd->TxRing[QueIdx].Cell[SwIdx].pNdisPacket = pPacket;
+       pAd->TxRing[QueIdx].Cell[SwIdx].pNextNdisPacket = NULL;
+//     pFirstTxWI->MPDUtotalByteCount = SrcBufLen - TXWI_SIZE;
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)pFirstTxWI, TYPE_TXWI);
+#endif
+       SrcBufPA = PCI_MAP_SINGLE(pAd, pSrcBufVA, SrcBufLen, 0, PCI_DMA_TODEVICE);
+
+
+       RTMPWriteTxDescriptor(pAd, pTxD, TRUE, FIFO_EDCA);
+       pTxD->LastSec0 = 1;
+       pTxD->LastSec1 = 1;
+       pTxD->SDLen0 = SrcBufLen;
+       pTxD->SDLen1 = 0;
+       pTxD->SDPtr0 = SrcBufPA;
+       pTxD->DMADONE = 0;
+
+#ifdef RT_BIG_ENDIAN
+    RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+    WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+
+       pAd->RalinkCounters.KickTxCount++;
+       pAd->RalinkCounters.OneSecTxDoneCount++;
+
+       // Increase TX_CTX_IDX, but write to register later.
+       INC_RING_INDEX(pAd->TxRing[QueIdx].TxCpuIdx, TX_RING_SIZE);
+
+       RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QueIdx*0x10,  pAd->TxRing[QueIdx].TxCpuIdx);
+
+       // Make sure to release MGMT ring resource
+//     NdisReleaseSpinLock(&pAd->TxRingLock);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+NDIS_STATUS MlmeDataHardTransmit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   QueIdx,
+       IN      PNDIS_PACKET    pPacket)
+{
+       if ((pAd->CommonCfg.RadarDetect.RDMode != RD_NORMAL_MODE)
+               )
+       {
+               return NDIS_STATUS_FAILURE;
+       }
+
+       return MlmeHardTransmitTxRing(pAd,QueIdx,pPacket);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculates the duration which is required to transmit out frames
+       with given size and specified rate.
+
+       Arguments:
+               pTxD            Pointer to transmit descriptor
+               Ack             Setting for Ack requirement bit
+               Fragment        Setting for Fragment bit
+               RetryMode       Setting for retry mode
+               Ifs             Setting for IFS gap
+               Rate            Setting for transmit rate
+               Service         Setting for service
+               Length          Frame length
+               TxPreamble      Short or Long preamble when using CCK rates
+               QueIdx - 0-3, according to 802.11e/d4.4 June/2003
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID RTMPWriteTxDescriptor(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXD_STRUC              pTxD,
+       IN      BOOLEAN                 bWIV,
+       IN      UCHAR                   QueueSEL)
+{
+       //
+       // Always use Long preamble before verifiation short preamble functionality works well.
+       // Todo: remove the following line if short preamble functionality works
+       //
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+
+       pTxD->WIV       = (bWIV) ? 1: 0;
+       pTxD->QSEL= (QueueSEL);
+       //RT2860c??  fixed using EDCA queue for test...  We doubt Queue1 has problem.  2006-09-26 Jan
+       //pTxD->QSEL= FIFO_EDCA;
+       /*
+       if (pAd->bGenOneHCCA == TRUE)
+               pTxD->QSEL= FIFO_HCCA;
+       */
+       pTxD->DMADONE = 0;
+}
diff --git a/drivers/staging/rt3090/common/cmm_info.c b/drivers/staging/rt3090/common/cmm_info.c
new file mode 100644 (file)
index 0000000..5be0714
--- /dev/null
@@ -0,0 +1,3717 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       cmm_info.c
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#include "../rt_config.h"
+
+
+INT    Show_SSID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_WirelessMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_TxBurst_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_TxPreamble_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_TxPower_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_Channel_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_BGProtection_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_RTSThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_FragThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+#ifdef DOT11_N_SUPPORT
+INT    Show_HtBw_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtMcs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtGi_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtOpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtExtcha_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtMpduDensity_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtBaWinSize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtRdg_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtAmsdu_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_HtAutoBa_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+#endif // DOT11_N_SUPPORT //
+
+INT    Show_CountryRegion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_CountryRegionABand_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_CountryCode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+#ifdef AGGREGATION_SUPPORT
+INT    Show_PktAggregate_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+#endif // AGGREGATION_SUPPORT //
+
+#ifdef WMM_SUPPORT
+INT    Show_WmmCapable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+#endif // WMM_SUPPORT //
+
+INT    Show_IEEE80211H_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+#ifdef CONFIG_STA_SUPPORT
+INT    Show_NetworkType_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+#endif // CONFIG_STA_SUPPORT //
+
+INT    Show_AuthMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_EncrypType_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_DefaultKeyID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_Key1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_Key2_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_Key3_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_Key4_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+INT    Show_WPAPSK_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf);
+
+static struct {
+       PSTRING name;
+       INT (*show_proc)(PRTMP_ADAPTER pAdapter, PSTRING arg);
+} *PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC, RTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC[] = {
+       {"SSID",                                        Show_SSID_Proc},
+       {"WirelessMode",                        Show_WirelessMode_Proc},
+       {"TxBurst",                                     Show_TxBurst_Proc},
+       {"TxPreamble",                          Show_TxPreamble_Proc},
+       {"TxPower",                                     Show_TxPower_Proc},
+       {"Channel",                                     Show_Channel_Proc},
+       {"BGProtection",                        Show_BGProtection_Proc},
+       {"RTSThreshold",                        Show_RTSThreshold_Proc},
+       {"FragThreshold",                       Show_FragThreshold_Proc},
+#ifdef DOT11_N_SUPPORT
+       {"HtBw",                                        Show_HtBw_Proc},
+       {"HtMcs",                                       Show_HtMcs_Proc},
+       {"HtGi",                                        Show_HtGi_Proc},
+       {"HtOpMode",                            Show_HtOpMode_Proc},
+       {"HtExtcha",                            Show_HtExtcha_Proc},
+       {"HtMpduDensity",                       Show_HtMpduDensity_Proc},
+       {"HtBaWinSize",                 Show_HtBaWinSize_Proc},
+       {"HtRdg",                               Show_HtRdg_Proc},
+       {"HtAmsdu",                             Show_HtAmsdu_Proc},
+       {"HtAutoBa",                    Show_HtAutoBa_Proc},
+#endif // DOT11_N_SUPPORT //
+       {"CountryRegion",                       Show_CountryRegion_Proc},
+       {"CountryRegionABand",          Show_CountryRegionABand_Proc},
+       {"CountryCode",                         Show_CountryCode_Proc},
+#ifdef AGGREGATION_SUPPORT
+       {"PktAggregate",                        Show_PktAggregate_Proc},
+#endif
+
+#ifdef WMM_SUPPORT
+       {"WmmCapable",                          Show_WmmCapable_Proc},
+#endif
+       {"IEEE80211H",                          Show_IEEE80211H_Proc},
+#ifdef CONFIG_STA_SUPPORT
+    {"NetworkType",                            Show_NetworkType_Proc},
+#endif // CONFIG_STA_SUPPORT //
+       {"AuthMode",                            Show_AuthMode_Proc},
+       {"EncrypType",                          Show_EncrypType_Proc},
+       {"DefaultKeyID",                        Show_DefaultKeyID_Proc},
+       {"Key1",                                        Show_Key1_Proc},
+       {"Key2",                                        Show_Key2_Proc},
+       {"Key3",                                        Show_Key3_Proc},
+       {"Key4",                                        Show_Key4_Proc},
+       {"WPAPSK",                                      Show_WPAPSK_Proc},
+       {NULL, NULL}
+};
+
+/*
+    ==========================================================================
+    Description:
+        Get Driver version.
+
+    Return:
+    ==========================================================================
+*/
+INT Set_DriverVersion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               DBGPRINT(RT_DEBUG_TRACE, ("Driver version-%s\n", STA_DRIVER_VERSION));
+#endif // CONFIG_STA_SUPPORT //
+
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Country Region.
+        This command will not work, if the field of CountryRegion in eeprom is programmed.
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_CountryRegion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       int retval;
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+       return -EOPNOTSUPP;
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+       retval = RT_CfgSetCountryRegion(pAd, arg, BAND_24G);
+       if (retval == FALSE)
+               return FALSE;
+
+       // if set country region, driver needs to be reset
+       BuildChannelList(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_CountryRegion_Proc::(CountryRegion=%d)\n", pAd->CommonCfg.CountryRegion));
+
+       return TRUE;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Country Region for A band.
+        This command will not work, if the field of CountryRegion in eeprom is programmed.
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_CountryRegionABand_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       int retval;
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+       return -EOPNOTSUPP;
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+       retval = RT_CfgSetCountryRegion(pAd, arg, BAND_5G);
+       if (retval == FALSE)
+               return FALSE;
+
+       // if set country region, driver needs to be reset
+       BuildChannelList(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_CountryRegionABand_Proc::(CountryRegion=%d)\n", pAd->CommonCfg.CountryRegionForABand));
+
+       return TRUE;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Wireless Mode
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_WirelessMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       INT     success = TRUE;
+
+       success = RT_CfgSetWirelessMode(pAd, arg);
+       if (success)
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       LONG    WirelessMode = pAd->CommonCfg.PhyMode;
+
+                       RTMPSetPhyMode(pAd, WirelessMode);
+#ifdef DOT11_N_SUPPORT
+                       if (WirelessMode >= PHY_11ABGN_MIXED)
+                       {
+                               pAd->CommonCfg.BACapability.field.AutoBA = TRUE;
+                               pAd->CommonCfg.REGBACapability.field.AutoBA = TRUE;
+                       }
+                       else
+                       {
+                               pAd->CommonCfg.BACapability.field.AutoBA = FALSE;
+                               pAd->CommonCfg.REGBACapability.field.AutoBA = FALSE;
+                       }
+#endif // DOT11_N_SUPPORT //
+                       // Set AdhocMode rates
+                       if (pAd->StaCfg.BssType == BSS_ADHOC)
+                       {
+                               MlmeUpdateTxRates(pAd, FALSE, 0);
+                               MakeIbssBeacon(pAd);           // re-build BEACON frame
+                               AsicEnableIbssSync(pAd);       // copy to on-chip memory
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               // it is needed to set SSID to take effect
+#ifdef DOT11_N_SUPPORT
+               SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_WirelessMode_Proc::(=%d)\n", pAd->CommonCfg.PhyMode));
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Set_WirelessMode_Proc::parameters out of range\n"));
+       }
+
+       return success;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Channel
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_Channel_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       INT             success = TRUE;
+       UCHAR   Channel;
+
+       Channel = (UCHAR) simple_strtol(arg, 0, 10);
+
+       // check if this channel is valid
+       if (ChannelSanity(pAd, Channel) == TRUE)
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       pAd->CommonCfg.Channel = Channel;
+
+                       if (MONITOR_ON(pAd))
+                       {
+#ifdef DOT11_N_SUPPORT
+                               N_ChannelCheck(pAd);
+                               if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED &&
+                                       pAd->CommonCfg.RegTransmitSetting.field.BW == BW_40)
+                               {
+                                       N_SetCenCh(pAd);
+                                               AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                                               AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("BW_40, control_channel(%d), CentralChannel(%d) \n",
+                                                               pAd->CommonCfg.Channel, pAd->CommonCfg.CentralChannel));
+                               }
+                               else
+#endif // DOT11_N_SUPPORT //
+                               {
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("BW_20, Channel(%d)\n", pAd->CommonCfg.Channel));
+                               }
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+               success = TRUE;
+       }
+       else
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       success = FALSE;
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+
+       if (success == TRUE)
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_Channel_Proc::(Channel=%d)\n", pAd->CommonCfg.Channel));
+
+       return success;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Short Slot Time Enable or Disable
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_ShortSlot_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       int retval;
+
+       retval = RT_CfgSetShortSlot(pAd, arg);
+       if (retval == TRUE)
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_ShortSlot_Proc::(ShortSlot=%d)\n", pAd->CommonCfg.bUseShortSlotTime));
+
+       return retval;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Set Tx power
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_TxPower_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       LONG TxPower;
+       INT   success = FALSE;
+
+       TxPower = simple_strtol(arg, 0, 10);
+       if (TxPower <= 100)
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       pAd->CommonCfg.TxPowerDefault = TxPower;
+                       pAd->CommonCfg.TxPowerPercentage = pAd->CommonCfg.TxPowerDefault;
+               }
+#endif // CONFIG_STA_SUPPORT //
+               success = TRUE;
+       }
+       else
+               success = FALSE;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_TxPower_Proc::(TxPowerPercentage=%ld)\n", pAd->CommonCfg.TxPowerPercentage));
+
+       return success;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set 11B/11G Protection
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_BGProtection_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       switch (simple_strtol(arg, 0, 10))
+       {
+               case 0: //AUTO
+                       pAd->CommonCfg.UseBGProtection = 0;
+                       break;
+               case 1: //Always On
+                       pAd->CommonCfg.UseBGProtection = 1;
+                       break;
+               case 2: //Always OFF
+                       pAd->CommonCfg.UseBGProtection = 2;
+                       break;
+               default:  //Invalid argument
+                       return FALSE;
+       }
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_BGProtection_Proc::(BGProtection=%ld)\n", pAd->CommonCfg.UseBGProtection));
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set TxPreamble
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_TxPreamble_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       RT_802_11_PREAMBLE      Preamble;
+
+       Preamble = simple_strtol(arg, 0, 10);
+
+
+       switch (Preamble)
+       {
+               case Rt802_11PreambleShort:
+                       pAd->CommonCfg.TxPreamble = Preamble;
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               MlmeSetTxPreamble(pAd, Rt802_11PreambleShort);
+#endif // CONFIG_STA_SUPPORT //
+                       break;
+               case Rt802_11PreambleLong:
+#ifdef CONFIG_STA_SUPPORT
+               case Rt802_11PreambleAuto:
+                       // if user wants AUTO, initialize to LONG here, then change according to AP's
+                       // capability upon association.
+#endif // CONFIG_STA_SUPPORT //
+                       pAd->CommonCfg.TxPreamble = Preamble;
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               MlmeSetTxPreamble(pAd, Rt802_11PreambleLong);
+#endif // CONFIG_STA_SUPPORT //
+                       break;
+               default: //Invalid argument
+                       return FALSE;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_TxPreamble_Proc::(TxPreamble=%ld)\n", pAd->CommonCfg.TxPreamble));
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set RTS Threshold
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_RTSThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+        NDIS_802_11_RTS_THRESHOLD           RtsThresh;
+
+       RtsThresh = simple_strtol(arg, 0, 10);
+
+       if((RtsThresh > 0) && (RtsThresh <= MAX_RTS_THRESHOLD))
+               pAd->CommonCfg.RtsThreshold  = (USHORT)RtsThresh;
+#ifdef CONFIG_STA_SUPPORT
+       else if (RtsThresh == 0)
+               pAd->CommonCfg.RtsThreshold = MAX_RTS_THRESHOLD;
+#endif // CONFIG_STA_SUPPORT //
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_RTSThreshold_Proc::(RTSThreshold=%d)\n", pAd->CommonCfg.RtsThreshold));
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Fragment Threshold
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_FragThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+        NDIS_802_11_FRAGMENTATION_THRESHOLD     FragThresh;
+
+       FragThresh = simple_strtol(arg, 0, 10);
+
+       if (FragThresh > MAX_FRAG_THRESHOLD || FragThresh < MIN_FRAG_THRESHOLD)
+       {
+               //Illegal FragThresh so we set it to default
+               pAd->CommonCfg.FragmentThreshold = MAX_FRAG_THRESHOLD;
+       }
+       else if (FragThresh % 2 == 1)
+       {
+               // The length of each fragment shall always be an even number of octets, except for the last fragment
+               // of an MSDU or MMPDU, which may be either an even or an odd number of octets.
+               pAd->CommonCfg.FragmentThreshold = (USHORT)(FragThresh - 1);
+       }
+       else
+       {
+               pAd->CommonCfg.FragmentThreshold = (USHORT)FragThresh;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (pAd->CommonCfg.FragmentThreshold == MAX_FRAG_THRESHOLD)
+                       pAd->CommonCfg.bUseZeroToDisableFragment = TRUE;
+               else
+                       pAd->CommonCfg.bUseZeroToDisableFragment = FALSE;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_FragThreshold_Proc::(FragThreshold=%d)\n", pAd->CommonCfg.FragmentThreshold));
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set TxBurst
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_TxBurst_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       LONG TxBurst;
+
+       TxBurst = simple_strtol(arg, 0, 10);
+       if (TxBurst == 1)
+               pAd->CommonCfg.bEnableTxBurst = TRUE;
+       else if (TxBurst == 0)
+               pAd->CommonCfg.bEnableTxBurst = FALSE;
+       else
+               return FALSE;  //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_TxBurst_Proc::(TxBurst=%d)\n", pAd->CommonCfg.bEnableTxBurst));
+
+       return TRUE;
+}
+
+#ifdef AGGREGATION_SUPPORT
+/*
+    ==========================================================================
+    Description:
+        Set TxBurst
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_PktAggregate_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       LONG aggre;
+
+       aggre = simple_strtol(arg, 0, 10);
+
+       if (aggre == 1)
+               pAd->CommonCfg.bAggregationCapable = TRUE;
+       else if (aggre == 0)
+               pAd->CommonCfg.bAggregationCapable = FALSE;
+       else
+               return FALSE;  //Invalid argument
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_PktAggregate_Proc::(AGGRE=%d)\n", pAd->CommonCfg.bAggregationCapable));
+
+       return TRUE;
+}
+#endif
+
+
+#ifdef INF_AMAZON_PPA
+INT    Set_INF_AMAZON_SE_PPA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  arg)
+{
+       ULONG aggre;
+       UINT status;
+
+       aggre = simple_strtol(arg, 0, 10);
+
+       if (aggre == 1)
+       {
+               if(pAd->PPAEnable==TRUE)
+               {
+                       printk("INF_AMAZON_SE_PPA already enabled \n");
+               }
+               else
+               {
+                       if (ppa_hook_directpath_register_dev_fn)
+                       {
+                               UINT32 g_if_id;
+
+                               if (pAd->pDirectpathCb == NULL)
+                               {
+                                        pAd->pDirectpathCb = (PPA_DIRECTPATH_CB *) kmalloc (sizeof(PPA_DIRECTPATH_CB), GFP_ATOMIC);
+                                       printk("Realloc memory for  pDirectpathCb ??\n");
+                               }
+
+                               /* register callback */
+                               pAd->pDirectpathCb->rx_fn = NULL;
+                               pAd->pDirectpathCb->stop_tx_fn = NULL;
+                               pAd->pDirectpathCb->start_tx_fn = NULL;
+
+                               status = ppa_hook_directpath_register_dev_fn(&g_if_id, pAd->net_dev, pAd->pDirectpathCb, PPA_F_DIRECTPATH_ETH_IF);
+
+                               if(status==1)
+                               {
+                                       pAd->g_if_id=g_if_id;
+                                       printk("register INF_AMAZON_SE_PPA success :ret:%d id:%d:%d\n",status,pAd->g_if_id,g_if_id);
+                                       pAd->PPAEnable=TRUE;
+                               }
+                               else
+                               {
+                                       printk("register INF_AMAZON_SE_PPA fail :ret:%d\n",status);
+                               }
+
+                       }
+                       else
+                       {
+                               printk("INF_AMAZON_SE_PPA enable fail : there is no INF_AMAZON_SE_PPA module . \n");
+                       }
+               }
+
+
+       }
+       else if (aggre == 0)
+       {
+               if(pAd->PPAEnable==FALSE)
+               {
+
+printk("INF_AMAZON_SE_PPA already disable \n");
+               }
+               else
+               {
+                       if (ppa_hook_directpath_register_dev_fn)
+                       {
+                               UINT32 g_if_id;
+                               g_if_id=pAd->g_if_id;
+                               printk("g_if_id=%d \n",pAd->g_if_id);
+                               status=ppa_hook_directpath_register_dev_fn(&g_if_id, pAd->net_dev, NULL, PPA_F_DIRECTPATH_DEREGISTER);
+
+                               if(status==1)
+                               {
+                                       pAd->g_if_id=0;
+                                       printk("unregister INF_AMAZON_SE_PPA success :ret:%d\n",status);
+                                       pAd->PPAEnable=FALSE;
+                               }
+                               else
+                               {
+                                       printk("unregister INF_AMAZON_SE_PPA fail :ret:%d\n",status);
+                               }
+
+                       }
+                       else
+                       {
+                               printk("INF_AMAZON_SE_PPA enable fail : there is no INF_AMAZON_SE_PPA module . \n");
+                       }
+               }
+
+       }
+       else
+       {
+               printk("Invalid argument %d \n",aggre);
+               return FALSE;  //Invalid argument
+       }
+
+       return TRUE;
+
+}
+#endif // INF_AMAZON_PPA //
+
+
+/*
+    ==========================================================================
+    Description:
+        Set IEEE80211H.
+        This parameter is 1 when needs radar detection, otherwise 0
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_IEEE80211H_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    LONG ieee80211h;
+
+       ieee80211h = simple_strtol(arg, 0, 10);
+
+       if (ieee80211h == 1)
+               pAd->CommonCfg.bIEEE80211H = TRUE;
+       else if (ieee80211h == 0)
+               pAd->CommonCfg.bIEEE80211H = FALSE;
+       else
+               return FALSE;  //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_IEEE80211H_Proc::(IEEE80211H=%d)\n", pAd->CommonCfg.bIEEE80211H));
+
+       return TRUE;
+}
+
+
+#ifdef DBG
+/*
+    ==========================================================================
+    Description:
+        For Debug information
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_Debug_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       DBGPRINT(RT_DEBUG_TRACE, ("==> Set_Debug_Proc *******************\n"));
+
+    if(simple_strtol(arg, 0, 10) <= RT_DEBUG_LOUD)
+        RTDebugLevel = simple_strtol(arg, 0, 10);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== Set_Debug_Proc(RTDebugLevel = %ld)\n", RTDebugLevel));
+
+       return TRUE;
+}
+#endif
+
+INT    Show_DescInfo_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+#ifdef RTMP_MAC_PCI
+       INT i, QueIdx=0;
+//  ULONG      RegValue;
+        PRT28XX_RXD_STRUC pRxD;
+        PTXD_STRUC pTxD;
+       PRTMP_TX_RING   pTxRing = &pAd->TxRing[QueIdx];
+       PRTMP_MGMT_RING pMgmtRing = &pAd->MgmtRing;
+       PRTMP_RX_RING   pRxRing = &pAd->RxRing;
+
+       for(i=0;i<TX_RING_SIZE;i++)
+       {
+           pTxD = (PTXD_STRUC) pTxRing->Cell[i].AllocVa;
+           DBGPRINT(RT_DEBUG_OFF, ("Desc #%d\n",i));
+           hex_dump("Tx Descriptor", (PUCHAR)pTxD, 16);
+           DBGPRINT(RT_DEBUG_OFF, ("pTxD->DMADONE = %x\n", pTxD->DMADONE));
+       }
+       DBGPRINT(RT_DEBUG_OFF, ("---------------------------------------------------\n"));
+       for(i=0;i<MGMT_RING_SIZE;i++)
+       {
+           pTxD = (PTXD_STRUC) pMgmtRing->Cell[i].AllocVa;
+           DBGPRINT(RT_DEBUG_OFF, ("Desc #%d\n",i));
+           hex_dump("Mgmt Descriptor", (PUCHAR)pTxD, 16);
+           DBGPRINT(RT_DEBUG_OFF, ("pMgmt->DMADONE = %x\n", pTxD->DMADONE));
+       }
+       DBGPRINT(RT_DEBUG_OFF, ("---------------------------------------------------\n"));
+       for(i=0;i<RX_RING_SIZE;i++)
+       {
+           pRxD = (PRT28XX_RXD_STRUC) pRxRing->Cell[i].AllocVa;
+           DBGPRINT(RT_DEBUG_OFF, ("Desc #%d\n",i));
+           hex_dump("Rx Descriptor", (PUCHAR)pRxD, 16);
+           DBGPRINT(RT_DEBUG_OFF, ("pRxD->DDONE = %x\n", pRxD->DDONE));
+       }
+#endif // RTMP_MAC_PCI //
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Reset statistics counter
+
+    Arguments:
+        pAdapter            Pointer to our adapter
+        arg
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_ResetStatCounter_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       //UCHAR           i;
+       //MAC_TABLE_ENTRY *pEntry;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==>Set_ResetStatCounter_Proc\n"));
+
+       // add the most up-to-date h/w raw counters into software counters
+       NICUpdateRawCounters(pAd);
+
+       NdisZeroMemory(&pAd->WlanCounters, sizeof(COUNTER_802_11));
+       NdisZeroMemory(&pAd->Counters8023, sizeof(COUNTER_802_3));
+       NdisZeroMemory(&pAd->RalinkCounters, sizeof(COUNTER_RALINK));
+
+       // Reset HotSpot counter
+
+
+       return TRUE;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Add WPA key process.
+               In Adhoc WPANONE, bPairwise = 0;  KeyIdx = 0;
+
+       Arguments:
+               pAd                                     Pointer to our adapter
+               pBuf                                                    Pointer to the where the key stored
+
+       Return Value:
+               NDIS_SUCCESS                                    Add key successfully
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+
+BOOLEAN RTMPCheckStrPrintAble(
+    IN  CHAR *pInPutStr,
+    IN  UCHAR strLen)
+{
+    UCHAR i=0;
+
+    for (i=0; i<strLen; i++)
+    {
+        if ((pInPutStr[i] < 0x21) ||
+            (pInPutStr[i] > 0x7E))
+            return FALSE;
+    }
+
+    return TRUE;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Remove WPA Key process
+
+       Arguments:
+               pAd                                     Pointer to our adapter
+               pBuf                                                    Pointer to the where the key stored
+
+       Return Value:
+               NDIS_SUCCESS                                    Add key successfully
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+#ifdef CONFIG_STA_SUPPORT
+VOID    RTMPSetDesiredRates(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  LONG            Rates)
+{
+    NDIS_802_11_RATES aryRates;
+
+    memset(&aryRates, 0x00, sizeof(NDIS_802_11_RATES));
+    switch (pAdapter->CommonCfg.PhyMode)
+    {
+        case PHY_11A: // A only
+            switch (Rates)
+            {
+                case 6000000: //6M
+                    aryRates[0] = 0x0c; // 6M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_0;
+                    break;
+                case 9000000: //9M
+                    aryRates[0] = 0x12; // 9M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_1;
+                    break;
+                case 12000000: //12M
+                    aryRates[0] = 0x18; // 12M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_2;
+                    break;
+                case 18000000: //18M
+                    aryRates[0] = 0x24; // 18M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_3;
+                    break;
+                case 24000000: //24M
+                    aryRates[0] = 0x30; // 24M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_4;
+                    break;
+                case 36000000: //36M
+                    aryRates[0] = 0x48; // 36M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_5;
+                    break;
+                case 48000000: //48M
+                    aryRates[0] = 0x60; // 48M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_6;
+                    break;
+                case 54000000: //54M
+                    aryRates[0] = 0x6c; // 54M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_7;
+                    break;
+                case -1: //Auto
+                default:
+                    aryRates[0] = 0x6c; // 54Mbps
+                    aryRates[1] = 0x60; // 48Mbps
+                    aryRates[2] = 0x48; // 36Mbps
+                    aryRates[3] = 0x30; // 24Mbps
+                    aryRates[4] = 0x24; // 18M
+                    aryRates[5] = 0x18; // 12M
+                    aryRates[6] = 0x12; // 9M
+                    aryRates[7] = 0x0c; // 6M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+                    break;
+            }
+            break;
+        case PHY_11BG_MIXED: // B/G Mixed
+        case PHY_11B: // B only
+        case PHY_11ABG_MIXED: // A/B/G Mixed
+        default:
+            switch (Rates)
+            {
+                case 1000000: //1M
+                    aryRates[0] = 0x02;
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_0;
+                    break;
+                case 2000000: //2M
+                    aryRates[0] = 0x04;
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_1;
+                    break;
+                case 5000000: //5.5M
+                    aryRates[0] = 0x0b; // 5.5M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_2;
+                    break;
+                case 11000000: //11M
+                    aryRates[0] = 0x16; // 11M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_3;
+                    break;
+                case 6000000: //6M
+                    aryRates[0] = 0x0c; // 6M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_0;
+                    break;
+                case 9000000: //9M
+                    aryRates[0] = 0x12; // 9M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_1;
+                    break;
+                case 12000000: //12M
+                    aryRates[0] = 0x18; // 12M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_2;
+                    break;
+                case 18000000: //18M
+                    aryRates[0] = 0x24; // 18M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_3;
+                    break;
+                case 24000000: //24M
+                    aryRates[0] = 0x30; // 24M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_4;
+                    break;
+                case 36000000: //36M
+                    aryRates[0] = 0x48; // 36M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_5;
+                    break;
+                case 48000000: //48M
+                    aryRates[0] = 0x60; // 48M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_6;
+                    break;
+                case 54000000: //54M
+                    aryRates[0] = 0x6c; // 54M
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_7;
+                    break;
+                case -1: //Auto
+                default:
+                    if (pAdapter->CommonCfg.PhyMode == PHY_11B)
+                    { //B Only
+                        aryRates[0] = 0x16; // 11Mbps
+                        aryRates[1] = 0x0b; // 5.5Mbps
+                        aryRates[2] = 0x04; // 2Mbps
+                        aryRates[3] = 0x02; // 1Mbps
+                    }
+                    else
+                    { //(B/G) Mixed or (A/B/G) Mixed
+                        aryRates[0] = 0x6c; // 54Mbps
+                        aryRates[1] = 0x60; // 48Mbps
+                        aryRates[2] = 0x48; // 36Mbps
+                        aryRates[3] = 0x30; // 24Mbps
+                        aryRates[4] = 0x16; // 11Mbps
+                        aryRates[5] = 0x0b; // 5.5Mbps
+                        aryRates[6] = 0x04; // 2Mbps
+                        aryRates[7] = 0x02; // 1Mbps
+                    }
+                    pAdapter->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+                    break;
+            }
+            break;
+    }
+
+    NdisZeroMemory(pAdapter->CommonCfg.DesireRate, MAX_LEN_OF_SUPPORTED_RATES);
+    NdisMoveMemory(pAdapter->CommonCfg.DesireRate, &aryRates, sizeof(NDIS_802_11_RATES));
+    DBGPRINT(RT_DEBUG_TRACE, (" RTMPSetDesiredRates (%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x)\n",
+        pAdapter->CommonCfg.DesireRate[0],pAdapter->CommonCfg.DesireRate[1],
+        pAdapter->CommonCfg.DesireRate[2],pAdapter->CommonCfg.DesireRate[3],
+        pAdapter->CommonCfg.DesireRate[4],pAdapter->CommonCfg.DesireRate[5],
+        pAdapter->CommonCfg.DesireRate[6],pAdapter->CommonCfg.DesireRate[7] ));
+    // Changing DesiredRate may affect the MAX TX rate we used to TX frames out
+    MlmeUpdateTxRates(pAdapter, FALSE, 0);
+}
+
+NDIS_STATUS RTMPWPARemoveKeyProc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PVOID                   pBuf)
+{
+       PNDIS_802_11_REMOVE_KEY pKey;
+       ULONG                                   KeyIdx;
+       NDIS_STATUS                     Status = NDIS_STATUS_FAILURE;
+       BOOLEAN         bTxKey;                 // Set the key as transmit key
+       BOOLEAN         bPairwise;              // Indicate the key is pairwise key
+       BOOLEAN         bKeyRSC;                // indicate the receive  SC set by KeyRSC value.
+                                                               // Otherwise, it will set by the NIC.
+       BOOLEAN         bAuthenticator; // indicate key is set by authenticator.
+       INT             i;
+
+       DBGPRINT(RT_DEBUG_TRACE,("---> RTMPWPARemoveKeyProc\n"));
+
+       pKey = (PNDIS_802_11_REMOVE_KEY) pBuf;
+       KeyIdx = pKey->KeyIndex & 0xff;
+       // Bit 31 of Add-key, Tx Key
+       bTxKey             = (pKey->KeyIndex & 0x80000000) ? TRUE : FALSE;
+       // Bit 30 of Add-key PairwiseKey
+       bPairwise          = (pKey->KeyIndex & 0x40000000) ? TRUE : FALSE;
+       // Bit 29 of Add-key KeyRSC
+       bKeyRSC            = (pKey->KeyIndex & 0x20000000) ? TRUE : FALSE;
+       // Bit 28 of Add-key Authenticator
+       bAuthenticator = (pKey->KeyIndex & 0x10000000) ? TRUE : FALSE;
+
+       // 1. If bTx is TRUE, return failure information
+       if (bTxKey == TRUE)
+               return(NDIS_STATUS_INVALID_DATA);
+
+       // 2. Check Pairwise Key
+       if (bPairwise)
+       {
+               // a. If BSSID is broadcast, remove all pairwise keys.
+               // b. If not broadcast, remove the pairwise specified by BSSID
+               for (i = 0; i < SHARE_KEY_NUM; i++)
+               {
+                       if (MAC_ADDR_EQUAL(pAd->SharedKey[BSS0][i].BssId, pKey->BSSID))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("RTMPWPARemoveKeyProc(KeyIdx=%d)\n", i));
+                               pAd->SharedKey[BSS0][i].KeyLen = 0;
+                               pAd->SharedKey[BSS0][i].CipherAlg = CIPHER_NONE;
+                               AsicRemoveSharedKeyEntry(pAd, BSS0, (UCHAR)i);
+                               Status = NDIS_STATUS_SUCCESS;
+                               break;
+                       }
+               }
+       }
+       // 3. Group Key
+       else
+       {
+               // a. If BSSID is broadcast, remove all group keys indexed
+               // b. If BSSID matched, delete the group key indexed.
+               DBGPRINT(RT_DEBUG_TRACE,("RTMPWPARemoveKeyProc(KeyIdx=%ld)\n", KeyIdx));
+               pAd->SharedKey[BSS0][KeyIdx].KeyLen = 0;
+               pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CIPHER_NONE;
+               AsicRemoveSharedKeyEntry(pAd, BSS0, (UCHAR)KeyIdx);
+               Status = NDIS_STATUS_SUCCESS;
+       }
+
+       return (Status);
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+#ifdef CONFIG_STA_SUPPORT
+/*
+       ========================================================================
+
+       Routine Description:
+               Remove All WPA Keys
+
+       Arguments:
+               pAd                                     Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPWPARemoveAllKeys(
+       IN      PRTMP_ADAPTER   pAd)
+{
+
+       UCHAR   i;
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPWPARemoveAllKeys(AuthMode=%d, WepStatus=%d)\n", pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus));
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+       // For WEP/CKIP, there is no need to remove it, since WinXP won't set it again after
+       // Link up. And it will be replaced if user changed it.
+       if (pAd->StaCfg.AuthMode < Ndis802_11AuthModeWPA)
+               return;
+
+       // For WPA-None, there is no need to remove it, since WinXP won't set it again after
+       // Link up. And it will be replaced if user changed it.
+       if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+               return;
+
+       // set BSSID wcid entry of the Pair-wise Key table as no-security mode
+       AsicRemovePairwiseKeyEntry(pAd, BSS0, BSSID_WCID);
+
+       // set all shared key mode as no-security.
+       for (i = 0; i < SHARE_KEY_NUM; i++)
+    {
+               DBGPRINT(RT_DEBUG_TRACE,("remove %s key #%d\n", CipherName[pAd->SharedKey[BSS0][i].CipherAlg], i));
+               NdisZeroMemory(&pAd->SharedKey[BSS0][i], sizeof(CIPHER_KEY));
+
+               AsicRemoveSharedKeyEntry(pAd, BSS0, i);
+       }
+       RTMP_SET_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               As STA's BSSID is a WC too, it uses shared key table.
+               This function write correct unicast TX key to ASIC WCID.
+               And we still make a copy in our MacTab.Content[BSSID_WCID].PairwiseKey.
+               Caller guarantee TKIP/AES always has keyidx = 0. (pairwise key)
+               Caller guarantee WEP calls this function when set Txkey,  default key index=0~3.
+
+       Arguments:
+               pAd                                     Pointer to our adapter
+               pKey                                                    Pointer to the where the key stored
+
+       Return Value:
+               NDIS_SUCCESS                                    Add key successfully
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+/*
+       ========================================================================
+       Routine Description:
+               Change NIC PHY mode. Re-association may be necessary. possible settings
+               include - PHY_11B, PHY_11BG_MIXED, PHY_11A, and PHY_11ABG_MIXED
+
+       Arguments:
+               pAd - Pointer to our adapter
+               phymode  -
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID   RTMPSetPhyMode(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      ULONG phymode)
+{
+       INT i;
+       // the selected phymode must be supported by the RF IC encoded in E2PROM
+
+       // if no change, do nothing
+       /* bug fix
+       if (pAd->CommonCfg.PhyMode == phymode)
+               return;
+    */
+       pAd->CommonCfg.PhyMode = (UCHAR)phymode;
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPSetPhyMode : PhyMode=%d, channel=%d \n", pAd->CommonCfg.PhyMode, pAd->CommonCfg.Channel));
+#ifdef EXT_BUILD_CHANNEL_LIST
+       BuildChannelListEx(pAd);
+#else
+       BuildChannelList(pAd);
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+       // sanity check user setting
+       for (i = 0; i < pAd->ChannelListNum; i++)
+       {
+               if (pAd->CommonCfg.Channel == pAd->ChannelList[i].Channel)
+                       break;
+       }
+
+       if (i == pAd->ChannelListNum)
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       pAd->CommonCfg.Channel = FirstChannel(pAd);
+#endif // CONFIG_STA_SUPPORT //
+               DBGPRINT(RT_DEBUG_ERROR, ("RTMPSetPhyMode: channel is out of range, use first channel=%d \n", pAd->CommonCfg.Channel));
+       }
+
+       NdisZeroMemory(pAd->CommonCfg.SupRate, MAX_LEN_OF_SUPPORTED_RATES);
+       NdisZeroMemory(pAd->CommonCfg.ExtRate, MAX_LEN_OF_SUPPORTED_RATES);
+       NdisZeroMemory(pAd->CommonCfg.DesireRate, MAX_LEN_OF_SUPPORTED_RATES);
+       switch (phymode) {
+               case PHY_11B:
+                       pAd->CommonCfg.SupRate[0]  = 0x82;        // 1 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[1]  = 0x84;        // 2 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[2]  = 0x8B;        // 5.5 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[3]  = 0x96;        // 11 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRateLen  = 4;
+                       pAd->CommonCfg.ExtRateLen  = 0;
+                       pAd->CommonCfg.DesireRate[0]  = 2;         // 1 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[1]  = 4;         // 2 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[2]  = 11;    // 5.5 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[3]  = 22;    // 11 mbps, in units of 0.5 Mbps
+                       //pAd->CommonCfg.HTPhyMode.field.MODE = MODE_CCK; // This MODE is only FYI. not use
+                       break;
+
+               case PHY_11G:
+               case PHY_11BG_MIXED:
+               case PHY_11ABG_MIXED:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11N_2_4G:
+               case PHY_11ABGN_MIXED:
+               case PHY_11BGN_MIXED:
+               case PHY_11GN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                       pAd->CommonCfg.SupRate[0]  = 0x82;        // 1 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[1]  = 0x84;        // 2 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[2]  = 0x8B;        // 5.5 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[3]  = 0x96;        // 11 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[4]  = 0x12;        // 9 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[5]  = 0x24;        // 18 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[6]  = 0x48;        // 36 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[7]  = 0x6c;        // 54 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRateLen  = 8;
+                       pAd->CommonCfg.ExtRate[0]  = 0x0C;        // 6 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.ExtRate[1]  = 0x18;        // 12 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.ExtRate[2]  = 0x30;        // 24 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.ExtRate[3]  = 0x60;        // 48 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.ExtRateLen  = 4;
+                       pAd->CommonCfg.DesireRate[0]  = 2;         // 1 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[1]  = 4;         // 2 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[2]  = 11;    // 5.5 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[3]  = 22;    // 11 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[4]  = 12;    // 6 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[5]  = 18;    // 9 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[6]  = 24;    // 12 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[7]  = 36;    // 18 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[8]  = 48;    // 24 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[9]  = 72;    // 36 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[10] = 96;    // 48 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[11] = 108;   // 54 mbps, in units of 0.5 Mbps
+                       break;
+
+               case PHY_11A:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11AN_MIXED:
+               case PHY_11AGN_MIXED:
+               case PHY_11N_5G:
+#endif // DOT11_N_SUPPORT //
+                       pAd->CommonCfg.SupRate[0]  = 0x8C;        // 6 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[1]  = 0x12;        // 9 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[2]  = 0x98;        // 12 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[3]  = 0x24;        // 18 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[4]  = 0xb0;        // 24 mbps, in units of 0.5 Mbps, basic rate
+                       pAd->CommonCfg.SupRate[5]  = 0x48;        // 36 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[6]  = 0x60;        // 48 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRate[7]  = 0x6c;        // 54 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.SupRateLen  = 8;
+                       pAd->CommonCfg.ExtRateLen  = 0;
+                       pAd->CommonCfg.DesireRate[0]  = 12;    // 6 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[1]  = 18;    // 9 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[2]  = 24;    // 12 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[3]  = 36;    // 18 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[4]  = 48;    // 24 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[5]  = 72;    // 36 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[6]  = 96;    // 48 mbps, in units of 0.5 Mbps
+                       pAd->CommonCfg.DesireRate[7]  = 108;   // 54 mbps, in units of 0.5 Mbps
+                       //pAd->CommonCfg.HTPhyMode.field.MODE = MODE_OFDM; // This MODE is only FYI. not use
+                       break;
+
+               default:
+                       break;
+       }
+
+
+       pAd->CommonCfg.BandState = UNKNOWN_BAND;
+}
+
+
+#ifdef DOT11_N_SUPPORT
+/*
+       ========================================================================
+       Routine Description:
+               Caller ensures we has 802.11n support.
+               Calls at setting HT from AP/STASetinformation
+
+       Arguments:
+               pAd - Pointer to our adapter
+               phymode  -
+
+       ========================================================================
+*/
+VOID   RTMPSetHT(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      OID_SET_HT_PHYMODE *pHTPhyMode)
+{
+       //ULONG *pmcs;
+       UINT32  Value = 0;
+       UCHAR   BBPValue = 0;
+       UCHAR   BBP3Value = 0;
+       UCHAR   RxStream = pAd->CommonCfg.RxStream;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSetHT : HT_mode(%d), ExtOffset(%d), MCS(%d), BW(%d), STBC(%d), SHORTGI(%d)\n",
+                                                                               pHTPhyMode->HtMode, pHTPhyMode->ExtOffset,
+                                                                               pHTPhyMode->MCS, pHTPhyMode->BW,
+                                                                               pHTPhyMode->STBC, pHTPhyMode->SHORTGI));
+
+       // Don't zero supportedHyPhy structure.
+       RTMPZeroMemory(&pAd->CommonCfg.HtCapability, sizeof(pAd->CommonCfg.HtCapability));
+       RTMPZeroMemory(&pAd->CommonCfg.AddHTInfo, sizeof(pAd->CommonCfg.AddHTInfo));
+       RTMPZeroMemory(&pAd->CommonCfg.NewExtChanOffset, sizeof(pAd->CommonCfg.NewExtChanOffset));
+       RTMPZeroMemory(&pAd->CommonCfg.DesiredHtPhy, sizeof(pAd->CommonCfg.DesiredHtPhy));
+
+       if (pAd->CommonCfg.bRdg)
+       {
+               pAd->CommonCfg.HtCapability.ExtHtCapInfo.PlusHTC = 1;
+               pAd->CommonCfg.HtCapability.ExtHtCapInfo.RDGSupport = 1;
+       }
+       else
+       {
+               pAd->CommonCfg.HtCapability.ExtHtCapInfo.PlusHTC = 0;
+               pAd->CommonCfg.HtCapability.ExtHtCapInfo.RDGSupport = 0;
+       }
+
+       pAd->CommonCfg.HtCapability.HtCapParm.MaxRAmpduFactor = 3;
+       pAd->CommonCfg.DesiredHtPhy.MaxRAmpduFactor = 3;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSetHT : RxBAWinLimit = %d\n", pAd->CommonCfg.BACapability.field.RxBAWinLimit));
+
+       // Mimo power save, A-MSDU size,
+       pAd->CommonCfg.DesiredHtPhy.AmsduEnable = (USHORT)pAd->CommonCfg.BACapability.field.AmsduEnable;
+       pAd->CommonCfg.DesiredHtPhy.AmsduSize = (UCHAR)pAd->CommonCfg.BACapability.field.AmsduSize;
+       pAd->CommonCfg.DesiredHtPhy.MimoPs = (UCHAR)pAd->CommonCfg.BACapability.field.MMPSmode;
+       pAd->CommonCfg.DesiredHtPhy.MpduDensity = (UCHAR)pAd->CommonCfg.BACapability.field.MpduDensity;
+
+       pAd->CommonCfg.HtCapability.HtCapInfo.AMsduSize = (USHORT)pAd->CommonCfg.BACapability.field.AmsduSize;
+       pAd->CommonCfg.HtCapability.HtCapInfo.MimoPs = (USHORT)pAd->CommonCfg.BACapability.field.MMPSmode;
+       pAd->CommonCfg.HtCapability.HtCapParm.MpduDensity = (UCHAR)pAd->CommonCfg.BACapability.field.MpduDensity;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSetHT : AMsduSize = %d, MimoPs = %d, MpduDensity = %d, MaxRAmpduFactor = %d\n",
+                                                                                                       pAd->CommonCfg.DesiredHtPhy.AmsduSize,
+                                                                                                       pAd->CommonCfg.DesiredHtPhy.MimoPs,
+                                                                                                       pAd->CommonCfg.DesiredHtPhy.MpduDensity,
+                                                                                                       pAd->CommonCfg.DesiredHtPhy.MaxRAmpduFactor));
+
+       if(pHTPhyMode->HtMode == HTMODE_GF)
+       {
+               pAd->CommonCfg.HtCapability.HtCapInfo.GF = 1;
+               pAd->CommonCfg.DesiredHtPhy.GF = 1;
+       }
+       else
+               pAd->CommonCfg.DesiredHtPhy.GF = 0;
+
+       // Decide Rx MCSSet
+       switch (RxStream)
+       {
+               case 1:
+                       pAd->CommonCfg.HtCapability.MCSSet[0] =  0xff;
+                       pAd->CommonCfg.HtCapability.MCSSet[1] =  0x00;
+                       break;
+
+               case 2:
+                       pAd->CommonCfg.HtCapability.MCSSet[0] =  0xff;
+                       pAd->CommonCfg.HtCapability.MCSSet[1] =  0xff;
+                       break;
+
+               case 3: // 3*3
+                       pAd->CommonCfg.HtCapability.MCSSet[0] =  0xff;
+                       pAd->CommonCfg.HtCapability.MCSSet[1] =  0xff;
+                       pAd->CommonCfg.HtCapability.MCSSet[2] =  0xff;
+                       break;
+       }
+
+       if (pAd->CommonCfg.bForty_Mhz_Intolerant && (pAd->CommonCfg.Channel <= 14) && (pHTPhyMode->BW == BW_40) )
+       {
+               pHTPhyMode->BW = BW_20;
+               pAd->CommonCfg.HtCapability.HtCapInfo.Forty_Mhz_Intolerant = 1;
+       }
+
+       if(pHTPhyMode->BW == BW_40)
+       {
+               pAd->CommonCfg.HtCapability.MCSSet[4] = 0x1; // MCS 32
+               pAd->CommonCfg.HtCapability.HtCapInfo.ChannelWidth = 1;
+               if (pAd->CommonCfg.Channel <= 14)
+                       pAd->CommonCfg.HtCapability.HtCapInfo.CCKmodein40 = 1;
+
+               pAd->CommonCfg.DesiredHtPhy.ChannelWidth = 1;
+               pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth = 1;
+               pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset = (pHTPhyMode->ExtOffset == EXTCHA_BELOW)? (EXTCHA_BELOW): EXTCHA_ABOVE;
+               // Set Regsiter for extension channel position.
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Value);
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBP3Value);
+               if ((pHTPhyMode->ExtOffset == EXTCHA_BELOW))
+               {
+                       Value |= 0x1;
+                       BBP3Value |= (0x20);
+                       RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+               }
+               else if ((pHTPhyMode->ExtOffset == EXTCHA_ABOVE))
+               {
+                       Value &= 0xfe;
+                       BBP3Value &= (~0x20);
+                       RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+               }
+
+               // Turn on BBP 40MHz mode now only as AP .
+               // Sta can turn on BBP 40MHz after connection with 40MHz AP. Sta only broadcast 40MHz capability before connection.
+               if ((pAd->OpMode == OPMODE_AP) || INFRA_ON(pAd) || ADHOC_ON(pAd)
+                       )
+               {
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue &= (~0x18);
+                       BBPValue |= 0x10;
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBP3Value);
+                       pAd->CommonCfg.BBPCurrentBW = BW_40;
+               }
+       }
+       else
+       {
+               pAd->CommonCfg.HtCapability.HtCapInfo.ChannelWidth = 0;
+               pAd->CommonCfg.DesiredHtPhy.ChannelWidth = 0;
+               pAd->CommonCfg.AddHTInfo.AddHtInfo.RecomWidth = 0;
+               pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset = EXTCHA_NONE;
+               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel;
+               // Turn on BBP 20MHz mode by request here.
+               {
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue &= (~0x18);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+                       pAd->CommonCfg.BBPCurrentBW = BW_20;
+               }
+       }
+
+       if(pHTPhyMode->STBC == STBC_USE)
+       {
+               pAd->CommonCfg.HtCapability.HtCapInfo.TxSTBC = 1;
+               pAd->CommonCfg.DesiredHtPhy.TxSTBC = 1;
+               pAd->CommonCfg.HtCapability.HtCapInfo.RxSTBC = 1;
+               pAd->CommonCfg.DesiredHtPhy.RxSTBC = 1;
+       }
+       else
+       {
+               pAd->CommonCfg.DesiredHtPhy.TxSTBC = 0;
+               pAd->CommonCfg.DesiredHtPhy.RxSTBC = 0;
+       }
+
+       if(pHTPhyMode->SHORTGI == GI_400)
+       {
+               pAd->CommonCfg.HtCapability.HtCapInfo.ShortGIfor20 = 1;
+               pAd->CommonCfg.HtCapability.HtCapInfo.ShortGIfor40 = 1;
+               pAd->CommonCfg.DesiredHtPhy.ShortGIfor20 = 1;
+               pAd->CommonCfg.DesiredHtPhy.ShortGIfor40 = 1;
+       }
+       else
+       {
+               pAd->CommonCfg.HtCapability.HtCapInfo.ShortGIfor20 = 0;
+               pAd->CommonCfg.HtCapability.HtCapInfo.ShortGIfor40 = 0;
+               pAd->CommonCfg.DesiredHtPhy.ShortGIfor20 = 0;
+               pAd->CommonCfg.DesiredHtPhy.ShortGIfor40 = 0;
+       }
+
+       // We support link adaptation for unsolicit MCS feedback, set to 2.
+       pAd->CommonCfg.HtCapability.ExtHtCapInfo.MCSFeedback = MCSFBK_NONE; //MCSFBK_UNSOLICIT;
+       pAd->CommonCfg.AddHTInfo.ControlChan = pAd->CommonCfg.Channel;
+       // 1, the extension channel above the control channel.
+
+       // EDCA parameters used for AP's own transmission
+       if (pAd->CommonCfg.APEdcaParm.bValid == FALSE)
+       {
+               pAd->CommonCfg.APEdcaParm.bValid = TRUE;
+               pAd->CommonCfg.APEdcaParm.Aifsn[0] = 3;
+               pAd->CommonCfg.APEdcaParm.Aifsn[1] = 7;
+               pAd->CommonCfg.APEdcaParm.Aifsn[2] = 1;
+               pAd->CommonCfg.APEdcaParm.Aifsn[3] = 1;
+
+               pAd->CommonCfg.APEdcaParm.Cwmin[0] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmin[1] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmin[2] = 3;
+               pAd->CommonCfg.APEdcaParm.Cwmin[3] = 2;
+
+               pAd->CommonCfg.APEdcaParm.Cwmax[0] = 6;
+               pAd->CommonCfg.APEdcaParm.Cwmax[1] = 10;
+               pAd->CommonCfg.APEdcaParm.Cwmax[2] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmax[3] = 3;
+
+               pAd->CommonCfg.APEdcaParm.Txop[0]  = 0;
+               pAd->CommonCfg.APEdcaParm.Txop[1]  = 0;
+               pAd->CommonCfg.APEdcaParm.Txop[2]  = 94;
+               pAd->CommonCfg.APEdcaParm.Txop[3]  = 47;
+       }
+       AsicSetEdcaParm(pAd, &pAd->CommonCfg.APEdcaParm);
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+               RTMPSetIndividualHT(pAd, 0);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+}
+
+/*
+       ========================================================================
+       Routine Description:
+               Caller ensures we has 802.11n support.
+               Calls at setting HT from AP/STASetinformation
+
+       Arguments:
+               pAd - Pointer to our adapter
+               phymode  -
+
+       ========================================================================
+*/
+VOID   RTMPSetIndividualHT(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      UCHAR                           apidx)
+{
+       PRT_HT_PHY_INFO         pDesired_ht_phy = NULL;
+       UCHAR   TxStream = pAd->CommonCfg.TxStream;
+       UCHAR   DesiredMcs      = MCS_AUTO;
+
+       do
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       pDesired_ht_phy = &pAd->StaCfg.DesiredHtPhyInfo;
+                       DesiredMcs = pAd->StaCfg.DesiredTransmitSetting.field.MCS;
+                       //pAd->StaCfg.bAutoTxRateSwitch = (DesiredMcs == MCS_AUTO) ? TRUE : FALSE;
+                               break;
+               }
+#endif // CONFIG_STA_SUPPORT //
+       } while (FALSE);
+
+       if (pDesired_ht_phy == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("RTMPSetIndividualHT: invalid apidx(%d)\n", apidx));
+               return;
+       }
+       RTMPZeroMemory(pDesired_ht_phy, sizeof(RT_HT_PHY_INFO));
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSetIndividualHT : Desired MCS = %d\n", DesiredMcs));
+       // Check the validity of MCS
+       if ((TxStream == 1) && ((DesiredMcs >= MCS_8) && (DesiredMcs <= MCS_15)))
+       {
+               DBGPRINT(RT_DEBUG_WARN, ("RTMPSetIndividualHT: MCS(%d) is invalid in 1S, reset it as MCS_7\n", DesiredMcs));
+               DesiredMcs = MCS_7;
+       }
+
+       if ((pAd->CommonCfg.DesiredHtPhy.ChannelWidth == BW_20) && (DesiredMcs == MCS_32))
+       {
+               DBGPRINT(RT_DEBUG_WARN, ("RTMPSetIndividualHT: MCS_32 is only supported in 40-MHz, reset it as MCS_0\n"));
+               DesiredMcs = MCS_0;
+       }
+
+       pDesired_ht_phy->bHtEnable = TRUE;
+
+       // Decide desired Tx MCS
+       switch (TxStream)
+       {
+               case 1:
+                       if (DesiredMcs == MCS_AUTO)
+                       {
+                               pDesired_ht_phy->MCSSet[0]= 0xff;
+                               pDesired_ht_phy->MCSSet[1]= 0x00;
+                       }
+                       else if (DesiredMcs <= MCS_7)
+                       {
+                               pDesired_ht_phy->MCSSet[0]= 1<<DesiredMcs;
+                               pDesired_ht_phy->MCSSet[1]= 0x00;
+                       }
+                       break;
+
+               case 2:
+                       if (DesiredMcs == MCS_AUTO)
+                       {
+                               pDesired_ht_phy->MCSSet[0]= 0xff;
+                               pDesired_ht_phy->MCSSet[1]= 0xff;
+                       }
+                       else if (DesiredMcs <= MCS_15)
+                       {
+                               ULONG mode;
+
+                               mode = DesiredMcs / 8;
+                               if (mode < 2)
+                                       pDesired_ht_phy->MCSSet[mode] = (1 << (DesiredMcs - mode * 8));
+                       }
+                       break;
+
+               case 3: // 3*3
+                       if (DesiredMcs == MCS_AUTO)
+                       {
+                               /* MCS0 ~ MCS23, 3 bytes */
+                               pDesired_ht_phy->MCSSet[0]= 0xff;
+                               pDesired_ht_phy->MCSSet[1]= 0xff;
+                               pDesired_ht_phy->MCSSet[2]= 0xff;
+                       }
+                       else if (DesiredMcs <= MCS_23)
+                       {
+                               ULONG mode;
+
+                               mode = DesiredMcs / 8;
+                               if (mode < 3)
+                                       pDesired_ht_phy->MCSSet[mode] = (1 << (DesiredMcs - mode * 8));
+                       }
+                       break;
+       }
+
+       if(pAd->CommonCfg.DesiredHtPhy.ChannelWidth == BW_40)
+       {
+               if (DesiredMcs == MCS_AUTO || DesiredMcs == MCS_32)
+                       pDesired_ht_phy->MCSSet[4] = 0x1;
+       }
+
+       // update HT Rate setting
+    if (pAd->OpMode == OPMODE_STA)
+        MlmeUpdateHtTxRates(pAd, BSS0);
+    else
+           MlmeUpdateHtTxRates(pAd, apidx);
+}
+
+
+/*
+       ========================================================================
+       Routine Description:
+               Update HT IE from our capability.
+
+       Arguments:
+               Send all HT IE in beacon/probe rsp/assoc rsp/action frame.
+
+
+       ========================================================================
+*/
+VOID   RTMPUpdateHTIE(
+       IN      RT_HT_CAPABILITY        *pRtHt,
+       IN              UCHAR                           *pMcsSet,
+       OUT             HT_CAPABILITY_IE *pHtCapability,
+       OUT             ADD_HT_INFO_IE          *pAddHtInfo)
+{
+       RTMPZeroMemory(pHtCapability, sizeof(HT_CAPABILITY_IE));
+       RTMPZeroMemory(pAddHtInfo, sizeof(ADD_HT_INFO_IE));
+
+               pHtCapability->HtCapInfo.ChannelWidth = pRtHt->ChannelWidth;
+               pHtCapability->HtCapInfo.MimoPs = pRtHt->MimoPs;
+               pHtCapability->HtCapInfo.GF = pRtHt->GF;
+               pHtCapability->HtCapInfo.ShortGIfor20 = pRtHt->ShortGIfor20;
+               pHtCapability->HtCapInfo.ShortGIfor40 = pRtHt->ShortGIfor40;
+               pHtCapability->HtCapInfo.TxSTBC = pRtHt->TxSTBC;
+               pHtCapability->HtCapInfo.RxSTBC = pRtHt->RxSTBC;
+               pHtCapability->HtCapInfo.AMsduSize = pRtHt->AmsduSize;
+               pHtCapability->HtCapParm.MaxRAmpduFactor = pRtHt->MaxRAmpduFactor;
+               pHtCapability->HtCapParm.MpduDensity = pRtHt->MpduDensity;
+
+               pAddHtInfo->AddHtInfo.ExtChanOffset = pRtHt->ExtChanOffset ;
+               pAddHtInfo->AddHtInfo.RecomWidth = pRtHt->RecomWidth;
+               pAddHtInfo->AddHtInfo2.OperaionMode = pRtHt->OperaionMode;
+               pAddHtInfo->AddHtInfo2.NonGfPresent = pRtHt->NonGfPresent;
+               RTMPMoveMemory(pAddHtInfo->MCSSet, /*pRtHt->MCSSet*/pMcsSet, 4); // rt2860 only support MCS max=32, no need to copy all 16 uchar.
+
+        DBGPRINT(RT_DEBUG_TRACE,("RTMPUpdateHTIE <== \n"));
+}
+#endif // DOT11_N_SUPPORT //
+
+/*
+       ========================================================================
+       Description:
+               Add Client security information into ASIC WCID table and IVEIV table.
+    Return:
+       ========================================================================
+*/
+VOID   RTMPAddWcidAttributeEntry(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   BssIdx,
+       IN      UCHAR                   KeyIdx,
+       IN      UCHAR                   CipherAlg,
+       IN      MAC_TABLE_ENTRY *pEntry)
+{
+       UINT32          WCIDAttri = 0;
+       USHORT          offset;
+       UCHAR           IVEIV = 0;
+       USHORT          Wcid = 0;
+
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (BssIdx > BSS0)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("RTMPAddWcidAttributeEntry: The BSS-index(%d) is out of range for Infra link. \n", BssIdx));
+                               return;
+                       }
+
+                       // 1.   In ADHOC mode, the AID is wcid number. And NO mesh link exists.
+                       // 2.   In Infra mode, the AID:1 MUST be wcid of infra STA.
+                       //                                         the AID:2~ assign to mesh link entry.
+                       if (pEntry)
+                               Wcid = pEntry->Aid;
+                       else
+                               Wcid = MCAST_WCID;
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       // Update WCID attribute table
+       offset = MAC_WCID_ATTRIBUTE_BASE + (Wcid * HW_WCID_ATTRI_SIZE);
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (pEntry && pEntry->ValidAsMesh)
+                       WCIDAttri = (CipherAlg<<1) | PAIRWISEKEYTABLE;
+#ifdef QOS_DLS_SUPPORT
+               else if ((pEntry) && (pEntry->ValidAsDls) &&
+                                       ((CipherAlg == CIPHER_TKIP) ||
+                                       (CipherAlg == CIPHER_TKIP_NO_MIC) ||
+                                       (CipherAlg == CIPHER_AES) ||
+                                       (CipherAlg == CIPHER_NONE)))
+                       WCIDAttri = (CipherAlg<<1) | PAIRWISEKEYTABLE;
+#endif // QOS_DLS_SUPPORT //
+               else
+               WCIDAttri = (CipherAlg<<1) | SHAREDKEYTABLE;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       RTMP_IO_WRITE32(pAd, offset, WCIDAttri);
+
+
+       // Update IV/EIV table
+       offset = MAC_IVEIV_TABLE_BASE + (Wcid * HW_IVEIV_ENTRY_SIZE);
+
+       // WPA mode
+       if ((CipherAlg == CIPHER_TKIP) || (CipherAlg == CIPHER_TKIP_NO_MIC) || (CipherAlg == CIPHER_AES))
+       {
+               // Eiv bit on. keyid always is 0 for pairwise key
+               IVEIV = (KeyIdx <<6) | 0x20;
+       }
+       else
+       {
+               // WEP KeyIdx is default tx key.
+               IVEIV = (KeyIdx << 6);
+       }
+
+       // For key index and ext IV bit, so only need to update the position(offset+3).
+#ifdef RTMP_MAC_PCI
+       RTMP_IO_WRITE8(pAd, offset+3, IVEIV);
+#endif // RTMP_MAC_PCI //
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPAddWcidAttributeEntry: WCID #%d, KeyIndex #%d, Alg=%s\n",Wcid, KeyIdx, CipherName[CipherAlg]));
+       DBGPRINT(RT_DEBUG_TRACE,("      WCIDAttri = 0x%x \n",  WCIDAttri));
+
+}
+
+/*
+    ==========================================================================
+    Description:
+        Parse encryption type
+Arguments:
+    pAdapter                    Pointer to our adapter
+    wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+    ==========================================================================
+*/
+PSTRING GetEncryptType(CHAR enc)
+{
+    if(enc == Ndis802_11WEPDisabled)
+        return "NONE";
+    if(enc == Ndis802_11WEPEnabled)
+       return "WEP";
+    if(enc == Ndis802_11Encryption2Enabled)
+       return "TKIP";
+    if(enc == Ndis802_11Encryption3Enabled)
+       return "AES";
+       if(enc == Ndis802_11Encryption4Enabled)
+       return "TKIPAES";
+    else
+       return "UNKNOW";
+}
+
+PSTRING GetAuthMode(CHAR auth)
+{
+    if(auth == Ndis802_11AuthModeOpen)
+       return "OPEN";
+    if(auth == Ndis802_11AuthModeShared)
+       return "SHARED";
+       if(auth == Ndis802_11AuthModeAutoSwitch)
+       return "AUTOWEP";
+    if(auth == Ndis802_11AuthModeWPA)
+       return "WPA";
+    if(auth == Ndis802_11AuthModeWPAPSK)
+       return "WPAPSK";
+    if(auth == Ndis802_11AuthModeWPANone)
+       return "WPANONE";
+    if(auth == Ndis802_11AuthModeWPA2)
+       return "WPA2";
+    if(auth == Ndis802_11AuthModeWPA2PSK)
+       return "WPA2PSK";
+       if(auth == Ndis802_11AuthModeWPA1WPA2)
+       return "WPA1WPA2";
+       if(auth == Ndis802_11AuthModeWPA1PSKWPA2PSK)
+       return "WPA1PSKWPA2PSK";
+
+       return "UNKNOW";
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Get site survey results
+       Arguments:
+           pAdapter                    Pointer to our adapter
+           wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+                       1.) UI needs to wait 4 seconds after issue a site survey command
+                       2.) iwpriv ra0 get_site_survey
+                       3.) UI needs to prepare at least 4096bytes to get the results
+    ==========================================================================
+*/
+#define        LINE_LEN        (4+33+20+23+9+7+3)      // Channel+SSID+Bssid+Security+Signal+WiressMode+NetworkType
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+VOID   RTMPCommSiteSurveyData(
+       IN  PSTRING             msg,
+       IN  PBSS_ENTRY  pBss)
+{
+       INT         Rssi = 0;
+       UINT        Rssi_Quality = 0;
+       NDIS_802_11_NETWORK_TYPE    wireless_mode;
+       CHAR            Ssid[MAX_LEN_OF_SSID +1];
+       STRING          SecurityStr[32] = {0};
+       NDIS_802_11_ENCRYPTION_STATUS   ap_cipher = Ndis802_11EncryptionDisabled;
+       NDIS_802_11_AUTHENTICATION_MODE ap_auth_mode = Ndis802_11AuthModeOpen;
+
+       memset(Ssid, 0 ,(MAX_LEN_OF_SSID +1));
+
+               //Channel
+               sprintf(msg+strlen(msg),"%-4d", pBss->Channel);
+               //SSID
+               memcpy(Ssid, pBss->Ssid, pBss->SsidLen);
+               Ssid[pBss->SsidLen] = '\0';
+               sprintf(msg+strlen(msg),"%-33s", Ssid);
+               //BSSID
+               sprintf(msg+strlen(msg),"%02x:%02x:%02x:%02x:%02x:%02x   ",
+                       pBss->Bssid[0],
+                       pBss->Bssid[1],
+                       pBss->Bssid[2],
+                       pBss->Bssid[3],
+                       pBss->Bssid[4],
+                       pBss->Bssid[5]);
+
+       //Security
+       if ((Ndis802_11AuthModeWPA <= pBss->AuthMode) &&
+               (pBss->AuthMode <= Ndis802_11AuthModeWPA1PSKWPA2PSK))
+       {
+               if (pBss->AuthModeAux == Ndis802_11AuthModeWPANone)
+               {
+                       ap_auth_mode = pBss->AuthMode;
+                       if (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled)
+                               ap_cipher = pBss->WPA.PairCipher;
+                       else
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+               }
+               else if (pBss->AuthModeAux == Ndis802_11AuthModeOpen)
+               {
+                       ap_auth_mode = pBss->AuthMode;
+                       if ((ap_auth_mode == Ndis802_11AuthModeWPA) ||
+                               (ap_auth_mode == Ndis802_11AuthModeWPAPSK))
+                       {
+                               if (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled)
+                                       ap_cipher = pBss->WPA.PairCipher;
+                               else
+                                       ap_cipher = Ndis802_11Encryption4Enabled;
+                       }
+                       else if ((ap_auth_mode == Ndis802_11AuthModeWPA2) ||
+                                        (ap_auth_mode == Ndis802_11AuthModeWPA2PSK))
+                       {
+                               if (pBss->WPA2.PairCipherAux == Ndis802_11WEPDisabled)
+                                       ap_cipher = pBss->WPA2.PairCipher;
+                               else
+                                       ap_cipher = Ndis802_11Encryption4Enabled;
+                       }
+               }
+               else if ((pBss->AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                                (pBss->AuthMode == Ndis802_11AuthModeWPA2PSK))
+               {
+                       if ((pBss->AuthModeAux == Ndis802_11AuthModeWPAPSK) ||
+                               (pBss->AuthModeAux == Ndis802_11AuthModeWPA2PSK))
+                               ap_auth_mode = Ndis802_11AuthModeWPA1PSKWPA2PSK;
+                       else
+                               ap_auth_mode = pBss->AuthMode;
+
+                       if (pBss->WPA.PairCipher != pBss->WPA2.PairCipher)
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux != pBss->WPA2.PairCipherAux))
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux == pBss->WPA2.PairCipherAux) &&
+                                        (pBss->WPA.PairCipherAux != Ndis802_11WEPDisabled))
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux == pBss->WPA2.PairCipherAux) &&
+                                        (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled))
+                               ap_cipher = pBss->WPA.PairCipher;
+               }
+               else if ((pBss->AuthMode == Ndis802_11AuthModeWPA) ||
+                                (pBss->AuthMode == Ndis802_11AuthModeWPA2))
+               {
+                       if ((pBss->AuthModeAux == Ndis802_11AuthModeWPA) ||
+                               (pBss->AuthMode == Ndis802_11AuthModeWPA2))
+                               ap_auth_mode = Ndis802_11AuthModeWPA1WPA2;
+                       else
+                               ap_auth_mode = pBss->AuthMode;
+
+                       if (pBss->WPA.PairCipher != pBss->WPA2.PairCipher)
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux != pBss->WPA2.PairCipherAux))
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux == pBss->WPA2.PairCipherAux) &&
+                                        (pBss->WPA.PairCipherAux != Ndis802_11WEPDisabled))
+                               ap_cipher = Ndis802_11Encryption4Enabled;
+                       else if ((pBss->WPA.PairCipher == pBss->WPA2.PairCipher) &&
+                                        (pBss->WPA.PairCipherAux == pBss->WPA2.PairCipherAux) &&
+                                        (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled))
+                               ap_cipher = pBss->WPA.PairCipher;
+               }
+
+               sprintf(SecurityStr, "%s/%s", GetAuthMode((CHAR)ap_auth_mode), GetEncryptType((CHAR)ap_cipher));
+       }
+       else
+       {
+               ap_auth_mode = pBss->AuthMode;
+               ap_cipher = pBss->WepStatus;
+               if (ap_cipher == Ndis802_11WEPDisabled)
+                       sprintf(SecurityStr, "NONE");
+               else if (ap_cipher == Ndis802_11WEPEnabled)
+                       sprintf(SecurityStr, "WEP");
+               else
+                       sprintf(SecurityStr, "%s/%s", GetAuthMode((CHAR)ap_auth_mode), GetEncryptType((CHAR)ap_cipher));
+       }
+
+       sprintf(msg+strlen(msg), "%-23s", SecurityStr);
+
+               // Rssi
+               Rssi = (INT)pBss->Rssi;
+               if (Rssi >= -50)
+                       Rssi_Quality = 100;
+               else if (Rssi >= -80)    // between -50 ~ -80dbm
+                       Rssi_Quality = (UINT)(24 + ((Rssi + 80) * 26)/10);
+               else if (Rssi >= -90)   // between -80 ~ -90dbm
+                       Rssi_Quality = (UINT)(((Rssi + 90) * 26)/10);
+               else    // < -84 dbm
+                       Rssi_Quality = 0;
+               sprintf(msg+strlen(msg),"%-9d", Rssi_Quality);
+               // Wireless Mode
+               wireless_mode = NetworkTypeInUseSanity(pBss);
+               if (wireless_mode == Ndis802_11FH ||
+                       wireless_mode == Ndis802_11DS)
+                       sprintf(msg+strlen(msg),"%-7s", "11b");
+               else if (wireless_mode == Ndis802_11OFDM5)
+                       sprintf(msg+strlen(msg),"%-7s", "11a");
+               else if (wireless_mode == Ndis802_11OFDM5_N)
+                       sprintf(msg+strlen(msg),"%-7s", "11a/n");
+               else if (wireless_mode == Ndis802_11OFDM24)
+                       sprintf(msg+strlen(msg),"%-7s", "11b/g");
+               else if (wireless_mode == Ndis802_11OFDM24_N)
+                       sprintf(msg+strlen(msg),"%-7s", "11b/g/n");
+               else
+                       sprintf(msg+strlen(msg),"%-7s", "unknow");
+               //Network Type
+               if (pBss->BssType == BSS_ADHOC)
+                       sprintf(msg+strlen(msg),"%-3s", " Ad");
+               else
+                       sprintf(msg+strlen(msg),"%-3s", " In");
+
+        sprintf(msg+strlen(msg),"\n");
+
+       return;
+}
+
+VOID RTMPIoctlGetSiteSurvey(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq)
+{
+       PSTRING         msg;
+       INT             i=0;
+       INT                     WaitCnt;
+       INT             Status=0;
+    INT         max_len = LINE_LEN;
+       PBSS_ENTRY      pBss;
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+       os_alloc_mem(NULL, (PUCHAR *)&msg, sizeof(CHAR)*((MAX_LEN_OF_BSS_TABLE)*max_len));
+
+       if (msg == NULL)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMPIoctlGetSiteSurvey - msg memory alloc fail.\n"));
+               return;
+       }
+
+       memset(msg, 0 ,(MAX_LEN_OF_BSS_TABLE)*max_len );
+       sprintf(msg,"%s","\n");
+       sprintf(msg+strlen(msg),"%-4s%-33s%-20s%-23s%-9s%-7s%-3s\n",
+           "Ch", "SSID", "BSSID", "Security", "Siganl(%)", "W-Mode", " NT");
+
+#ifdef CONFIG_STA_SUPPORT
+
+#endif // CONFIG_STA_SUPPORT //
+
+       WaitCnt = 0;
+#ifdef CONFIG_STA_SUPPORT
+       pAdapter->StaCfg.bScanReqIsFromWebUI = TRUE;
+       while ((ScanRunning(pAdapter) == TRUE) && (WaitCnt++ < 200))
+               OS_WAIT(500);
+#endif // CONFIG_STA_SUPPORT //
+
+       for(i=0; i<pAdapter->ScanTab.BssNr ;i++)
+       {
+               pBss = &pAdapter->ScanTab.BssEntry[i];
+
+               if( pBss->Channel==0)
+                       break;
+
+               if((strlen(msg)+max_len ) >= IW_SCAN_MAX_DATA)
+                       break;
+
+
+               RTMPCommSiteSurveyData(msg, pBss);
+
+#ifdef CONFIG_STA_SUPPORT
+
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       pAdapter->StaCfg.bScanReqIsFromWebUI = FALSE;
+#endif // CONFIG_STA_SUPPORT //
+       wrq->u.data.length = strlen(msg);
+       Status = copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPIoctlGetSiteSurvey - wrq->u.data.length = %d\n", wrq->u.data.length));
+       os_free_mem(NULL, (PUCHAR)msg);
+}
+
+#define        MAC_LINE_LEN    (14+4+4+10+10+10+6+6)   // Addr+aid+psm+datatime+rxbyte+txbyte+current tx rate+last tx rate
+VOID RTMPIoctlGetMacTable(
+       IN PRTMP_ADAPTER pAd,
+       IN struct iwreq *wrq)
+{
+       INT i;
+       RT_802_11_MAC_TABLE MacTab;
+       char *msg;
+
+       MacTab.Num = 0;
+       for (i=0; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               if (pAd->MacTab.Content[i].ValidAsCLI && (pAd->MacTab.Content[i].Sst == SST_ASSOC))
+               {
+                       COPY_MAC_ADDR(MacTab.Entry[MacTab.Num].Addr, &pAd->MacTab.Content[i].Addr);
+                       MacTab.Entry[MacTab.Num].Aid = (UCHAR)pAd->MacTab.Content[i].Aid;
+                       MacTab.Entry[MacTab.Num].Psm = pAd->MacTab.Content[i].PsMode;
+#ifdef DOT11_N_SUPPORT
+                       MacTab.Entry[MacTab.Num].MimoPs = pAd->MacTab.Content[i].MmpsMode;
+#endif // DOT11_N_SUPPORT //
+
+                       // Fill in RSSI per entry
+                       MacTab.Entry[MacTab.Num].AvgRssi0 = pAd->MacTab.Content[i].RssiSample.AvgRssi0;
+                       MacTab.Entry[MacTab.Num].AvgRssi1 = pAd->MacTab.Content[i].RssiSample.AvgRssi1;
+                       MacTab.Entry[MacTab.Num].AvgRssi2 = pAd->MacTab.Content[i].RssiSample.AvgRssi2;
+
+                       // the connected time per entry
+                       MacTab.Entry[MacTab.Num].ConnectedTime = pAd->MacTab.Content[i].StaConnectTime;
+                       MacTab.Entry[MacTab.Num].TxRate.field.MCS = pAd->MacTab.Content[i].HTPhyMode.field.MCS;
+                       MacTab.Entry[MacTab.Num].TxRate.field.BW = pAd->MacTab.Content[i].HTPhyMode.field.BW;
+                       MacTab.Entry[MacTab.Num].TxRate.field.ShortGI = pAd->MacTab.Content[i].HTPhyMode.field.ShortGI;
+                       MacTab.Entry[MacTab.Num].TxRate.field.STBC = pAd->MacTab.Content[i].HTPhyMode.field.STBC;
+                       MacTab.Entry[MacTab.Num].TxRate.field.rsv = pAd->MacTab.Content[i].HTPhyMode.field.rsv;
+                       MacTab.Entry[MacTab.Num].TxRate.field.MODE = pAd->MacTab.Content[i].HTPhyMode.field.MODE;
+                       MacTab.Entry[MacTab.Num].TxRate.word = pAd->MacTab.Content[i].HTPhyMode.word;
+
+                       MacTab.Num += 1;
+               }
+       }
+       wrq->u.data.length = sizeof(RT_802_11_MAC_TABLE);
+       if (copy_to_user(wrq->u.data.pointer, &MacTab, wrq->u.data.length))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s: copy_to_user() fail\n", __FUNCTION__));
+       }
+
+       msg = kmalloc(sizeof(CHAR)*(MAX_LEN_OF_MAC_TABLE*MAC_LINE_LEN), MEM_ALLOC_FLAG);
+       if (msg == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s():Alloc memory failed\n", __FUNCTION__));
+               return;
+       }
+       memset(msg, 0 ,MAX_LEN_OF_MAC_TABLE*MAC_LINE_LEN );
+       sprintf(msg,"%s","\n");
+       sprintf(msg+strlen(msg),"%-14s%-4s%-4s%-10s%-10s%-10s%-6s%-6s\n",
+               "MAC", "AID", "PSM", "LDT", "RxB", "TxB","CTxR", "LTxR");
+
+       for (i=0; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[i];
+               if (pEntry->ValidAsCLI && (pEntry->Sst == SST_ASSOC))
+               {
+                       if((strlen(msg)+MAC_LINE_LEN ) >= (MAX_LEN_OF_MAC_TABLE*MAC_LINE_LEN) )
+                               break;
+                       sprintf(msg+strlen(msg),"%02x%02x%02x%02x%02x%02x  ",
+                               pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
+                               pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5]);
+                       sprintf(msg+strlen(msg),"%-4d", (int)pEntry->Aid);
+                       sprintf(msg+strlen(msg),"%-4d", (int)pEntry->PsMode);
+                       sprintf(msg+strlen(msg),"%-10d",0/*pAd->MacTab.Content[i].HSCounter.LastDataPacketTime*/); // ToDo
+                       sprintf(msg+strlen(msg),"%-10d",0/*pAd->MacTab.Content[i].HSCounter.TotalRxByteCount*/); // ToDo
+                       sprintf(msg+strlen(msg),"%-10d",0/*pAd->MacTab.Content[i].HSCounter.TotalTxByteCount*/); // ToDo
+                       sprintf(msg+strlen(msg),"%-6d",RateIdToMbps[pAd->MacTab.Content[i].CurrTxRate]);
+                       sprintf(msg+strlen(msg),"%-6d\n",0/*RateIdToMbps[pAd->MacTab.Content[i].LastTxRate]*/); // ToDo
+               }
+       }
+       // for compatible with old API just do the printk to console
+       //wrq->u.data.length = strlen(msg);
+       //if (copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s", msg));
+       }
+
+       kfree(msg);
+}
+
+
+#ifdef DOT11_N_SUPPORT
+INT    Set_BASetup_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    UCHAR mac[6], tid;
+       PSTRING token;
+       STRING sepValue[] = ":", DASH = '-';
+       INT i;
+    MAC_TABLE_ENTRY *pEntry;
+
+/*
+       The BASetup inupt string format should be xx:xx:xx:xx:xx:xx-d,
+               =>The six 2 digit hex-decimal number previous are the Mac address,
+               =>The seventh decimal number is the tid value.
+*/
+       //DBGPRINT(RT_DEBUG_TRACE,("\n%s\n", arg));
+
+       if(strlen(arg) < 19)  //Mac address acceptable format 01:02:03:04:05:06 length 17 plus the "-" and tid value in decimal format.
+               return FALSE;
+
+       token = strchr(arg, DASH);
+       if ((token != NULL) && (strlen(token)>1))
+       {
+               tid = (UCHAR) simple_strtol((token+1), 0, 10);
+               if (tid > 15)
+                       return FALSE;
+
+               *token = '\0';
+               for (i = 0, token = rstrtok(arg, &sepValue[0]); token; token = rstrtok(NULL, &sepValue[0]), i++)
+               {
+                       if((strlen(token) != 2) || (!isxdigit(*token)) || (!isxdigit(*(token+1))))
+                               return FALSE;
+                       AtoH(token, (&mac[i]), 1);
+               }
+               if(i != 6)
+                       return FALSE;
+
+               DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x-%02x\n",
+                                                               mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], tid));
+
+           pEntry = MacTableLookup(pAd, (PUCHAR) mac);
+
+       if (pEntry) {
+               DBGPRINT(RT_DEBUG_OFF, ("\nSetup BA Session: Tid = %d\n", tid));
+               BAOriSessionSetUp(pAd, pEntry, tid, 0, 100, TRUE);
+       }
+
+               return TRUE;
+       }
+
+       return FALSE;
+
+}
+
+INT    Set_BADecline_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG bBADecline;
+
+       bBADecline = simple_strtol(arg, 0, 10);
+
+       if (bBADecline == 0)
+       {
+               pAd->CommonCfg.bBADecline = FALSE;
+       }
+       else if (bBADecline == 1)
+       {
+               pAd->CommonCfg.bBADecline = TRUE;
+       }
+       else
+       {
+               return FALSE; //Invalid argument
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_BADecline_Proc::(BADecline=%d)\n", pAd->CommonCfg.bBADecline));
+
+       return TRUE;
+}
+
+INT    Set_BAOriTearDown_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    UCHAR mac[6], tid;
+       PSTRING token;
+       STRING sepValue[] = ":", DASH = '-';
+       INT i;
+    MAC_TABLE_ENTRY *pEntry;
+
+    //DBGPRINT(RT_DEBUG_TRACE,("\n%s\n", arg));
+/*
+       The BAOriTearDown inupt string format should be xx:xx:xx:xx:xx:xx-d,
+               =>The six 2 digit hex-decimal number previous are the Mac address,
+               =>The seventh decimal number is the tid value.
+*/
+    if(strlen(arg) < 19)  //Mac address acceptable format 01:02:03:04:05:06 length 17 plus the "-" and tid value in decimal format.
+               return FALSE;
+
+       token = strchr(arg, DASH);
+       if ((token != NULL) && (strlen(token)>1))
+       {
+               tid = simple_strtol((token+1), 0, 10);
+               if (tid > NUM_OF_TID)
+                       return FALSE;
+
+               *token = '\0';
+               for (i = 0, token = rstrtok(arg, &sepValue[0]); token; token = rstrtok(NULL, &sepValue[0]), i++)
+               {
+                       if((strlen(token) != 2) || (!isxdigit(*token)) || (!isxdigit(*(token+1))))
+                               return FALSE;
+                       AtoH(token, (&mac[i]), 1);
+               }
+               if(i != 6)
+                       return FALSE;
+
+           DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x-%02x",
+                                                               mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], tid));
+
+           pEntry = MacTableLookup(pAd, (PUCHAR) mac);
+
+           if (pEntry) {
+               DBGPRINT(RT_DEBUG_OFF, ("\nTear down Ori BA Session: Tid = %d\n", tid));
+               BAOriSessionTearDown(pAd, pEntry->Aid, tid, FALSE, TRUE);
+           }
+
+               return TRUE;
+       }
+
+       return FALSE;
+
+}
+
+INT    Set_BARecTearDown_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    UCHAR mac[6], tid;
+       PSTRING token;
+       STRING sepValue[] = ":", DASH = '-';
+       INT i;
+    MAC_TABLE_ENTRY *pEntry;
+
+    //DBGPRINT(RT_DEBUG_TRACE,("\n%s\n", arg));
+/*
+       The BARecTearDown inupt string format should be xx:xx:xx:xx:xx:xx-d,
+               =>The six 2 digit hex-decimal number previous are the Mac address,
+               =>The seventh decimal number is the tid value.
+*/
+    if(strlen(arg) < 19)  //Mac address acceptable format 01:02:03:04:05:06 length 17 plus the "-" and tid value in decimal format.
+               return FALSE;
+
+       token = strchr(arg, DASH);
+       if ((token != NULL) && (strlen(token)>1))
+       {
+               tid = simple_strtol((token+1), 0, 10);
+               if (tid > NUM_OF_TID)
+                       return FALSE;
+
+               *token = '\0';
+               for (i = 0, token = rstrtok(arg, &sepValue[0]); token; token = rstrtok(NULL, &sepValue[0]), i++)
+               {
+                       if((strlen(token) != 2) || (!isxdigit(*token)) || (!isxdigit(*(token+1))))
+                               return FALSE;
+                       AtoH(token, (&mac[i]), 1);
+               }
+               if(i != 6)
+                       return FALSE;
+
+               DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x-%02x",
+                                                               mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], tid));
+
+               pEntry = MacTableLookup(pAd, (PUCHAR) mac);
+
+               if (pEntry) {
+                   DBGPRINT(RT_DEBUG_OFF, ("\nTear down Rec BA Session: Tid = %d\n", tid));
+                   BARecSessionTearDown(pAd, pEntry->Aid, tid, FALSE);
+               }
+
+               return TRUE;
+       }
+
+       return FALSE;
+
+}
+
+INT    Set_HtBw_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG HtBw;
+
+       HtBw = simple_strtol(arg, 0, 10);
+       if (HtBw == BW_40)
+               pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_40;
+       else if (HtBw == BW_20)
+               pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_20;
+       else
+               return FALSE;  //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtBw_Proc::(HtBw=%d)\n", pAd->CommonCfg.RegTransmitSetting.field.BW));
+
+       return TRUE;
+}
+
+INT    Set_HtMcs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG HtMcs, Mcs_tmp;
+#ifdef CONFIG_STA_SUPPORT
+    BOOLEAN bAutoRate = FALSE;
+#endif // CONFIG_STA_SUPPORT //
+
+       Mcs_tmp = simple_strtol(arg, 0, 10);
+
+       if (Mcs_tmp <= 15 || Mcs_tmp == 32)
+               HtMcs = Mcs_tmp;
+       else
+               HtMcs = MCS_AUTO;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pAd->StaCfg.DesiredTransmitSetting.field.MCS = HtMcs;
+               pAd->StaCfg.bAutoTxRateSwitch = (HtMcs == MCS_AUTO) ? TRUE:FALSE;
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_HtMcs_Proc::(HtMcs=%d, bAutoTxRateSwitch = %d)\n",
+                                               pAd->StaCfg.DesiredTransmitSetting.field.MCS, pAd->StaCfg.bAutoTxRateSwitch));
+
+               if ((pAd->CommonCfg.PhyMode < PHY_11ABGN_MIXED) ||
+                       (pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE < MODE_HTMIX))
+               {
+               if ((pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO) &&
+                               (HtMcs >= 0 && HtMcs <= 3) &&
+                   (pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode == FIXED_TXMODE_CCK))
+                       {
+                               RTMPSetDesiredRates(pAd, (LONG) (RateIdToMbps[HtMcs] * 1000000));
+                       }
+               else if ((pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO) &&
+                                       (HtMcs >= 0 && HtMcs <= 7) &&
+                       (pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode == FIXED_TXMODE_OFDM))
+                       {
+                               RTMPSetDesiredRates(pAd, (LONG) (RateIdToMbps[HtMcs+4] * 1000000));
+                       }
+                       else
+                               bAutoRate = TRUE;
+
+                       if (bAutoRate)
+                       {
+                   pAd->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+                               RTMPSetDesiredRates(pAd, -1);
+                       }
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_HtMcs_Proc::(FixedTxMode=%d)\n",pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode));
+               }
+        if (ADHOC_ON(pAd))
+            return TRUE;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       SetCommonHT(pAd);
+
+       return TRUE;
+}
+
+INT    Set_HtGi_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG HtGi;
+
+       HtGi = simple_strtol(arg, 0, 10);
+
+       if ( HtGi == GI_400)
+               pAd->CommonCfg.RegTransmitSetting.field.ShortGI = GI_400;
+       else if ( HtGi == GI_800 )
+               pAd->CommonCfg.RegTransmitSetting.field.ShortGI = GI_800;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtGi_Proc::(ShortGI=%d)\n",pAd->CommonCfg.RegTransmitSetting.field.ShortGI));
+
+       return TRUE;
+}
+
+
+INT    Set_HtTxBASize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR Size;
+
+       Size = simple_strtol(arg, 0, 10);
+
+       if (Size <=0 || Size >=64)
+       {
+               Size = 8;
+       }
+       pAd->CommonCfg.TxBASize = Size-1;
+       DBGPRINT(RT_DEBUG_ERROR, ("Set_HtTxBASize ::(TxBASize= %d)\n", Size));
+
+       return TRUE;
+}
+
+INT    Set_HtDisallowTKIP_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value == 1)
+       {
+               pAd->CommonCfg.HT_DisallowTKIP = TRUE;
+       }
+       else
+       {
+               pAd->CommonCfg.HT_DisallowTKIP = FALSE;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtDisallowTKIP_Proc ::%s\n",
+                               (pAd->CommonCfg.HT_DisallowTKIP == TRUE) ? "enabled" : "disabled"));
+
+       return TRUE;
+}
+
+INT    Set_HtOpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value == HTMODE_GF)
+               pAd->CommonCfg.RegTransmitSetting.field.HTMODE  = HTMODE_GF;
+       else if ( Value == HTMODE_MM )
+               pAd->CommonCfg.RegTransmitSetting.field.HTMODE  = HTMODE_MM;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtOpMode_Proc::(HtOpMode=%d)\n",pAd->CommonCfg.RegTransmitSetting.field.HTMODE));
+
+       return TRUE;
+
+}
+
+INT    Set_HtStbc_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value == STBC_USE)
+               pAd->CommonCfg.RegTransmitSetting.field.STBC = STBC_USE;
+       else if ( Value == STBC_NONE )
+               pAd->CommonCfg.RegTransmitSetting.field.STBC = STBC_NONE;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_Stbc_Proc::(HtStbc=%d)\n",pAd->CommonCfg.RegTransmitSetting.field.STBC));
+
+       return TRUE;
+}
+
+INT    Set_HtHtc_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->HTCEnable = FALSE;
+       else if ( Value ==1 )
+        pAd->HTCEnable = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtHtc_Proc::(HtHtc=%d)\n",pAd->HTCEnable));
+
+       return TRUE;
+}
+
+INT    Set_HtExtcha_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value == 0)
+               pAd->CommonCfg.RegTransmitSetting.field.EXTCHA  = EXTCHA_BELOW;
+       else if ( Value ==1 )
+        pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = EXTCHA_ABOVE;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtExtcha_Proc::(HtExtcha=%d)\n",pAd->CommonCfg.RegTransmitSetting.field.EXTCHA));
+
+       return TRUE;
+}
+
+INT    Set_HtMpduDensity_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value <=7 && Value >= 0)
+               pAd->CommonCfg.BACapability.field.MpduDensity = Value;
+       else
+               pAd->CommonCfg.BACapability.field.MpduDensity = 4;
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtMpduDensity_Proc::(HtMpduDensity=%d)\n",pAd->CommonCfg.BACapability.field.MpduDensity));
+
+       return TRUE;
+}
+
+INT    Set_HtBaWinSize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+
+       if (Value >=1 && Value <= 64)
+       {
+               pAd->CommonCfg.REGBACapability.field.RxBAWinLimit = Value;
+               pAd->CommonCfg.BACapability.field.RxBAWinLimit = Value;
+       }
+       else
+       {
+        pAd->CommonCfg.REGBACapability.field.RxBAWinLimit = 64;
+               pAd->CommonCfg.BACapability.field.RxBAWinLimit = 64;
+       }
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtBaWinSize_Proc::(HtBaWinSize=%d)\n",pAd->CommonCfg.BACapability.field.RxBAWinLimit));
+
+       return TRUE;
+}
+
+INT    Set_HtRdg_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value == 0)
+               pAd->CommonCfg.bRdg = FALSE;
+       else if ( Value ==1 )
+       {
+               pAd->HTCEnable = TRUE;
+        pAd->CommonCfg.bRdg = TRUE;
+       }
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtRdg_Proc::(HtRdg=%d)\n",pAd->CommonCfg.bRdg));
+
+       return TRUE;
+}
+
+INT    Set_HtLinkAdapt_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->bLinkAdapt = FALSE;
+       else if ( Value ==1 )
+       {
+                       pAd->HTCEnable = TRUE;
+                       pAd->bLinkAdapt = TRUE;
+       }
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtLinkAdapt_Proc::(HtLinkAdapt=%d)\n",pAd->bLinkAdapt));
+
+       return TRUE;
+}
+
+INT    Set_HtAmsdu_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->CommonCfg.BACapability.field.AmsduEnable = FALSE;
+       else if ( Value == 1 )
+        pAd->CommonCfg.BACapability.field.AmsduEnable = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtAmsdu_Proc::(HtAmsdu=%d)\n",pAd->CommonCfg.BACapability.field.AmsduEnable));
+
+       return TRUE;
+}
+
+INT    Set_HtAutoBa_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+       {
+               pAd->CommonCfg.BACapability.field.AutoBA = FALSE;
+               pAd->CommonCfg.BACapability.field.Policy = BA_NOTUSE;
+       }
+    else if (Value == 1)
+    {
+               pAd->CommonCfg.BACapability.field.AutoBA = TRUE;
+               pAd->CommonCfg.BACapability.field.Policy = IMMED_BA;
+    }
+       else
+               return FALSE; //Invalid argument
+
+    pAd->CommonCfg.REGBACapability.field.AutoBA = pAd->CommonCfg.BACapability.field.AutoBA;
+       pAd->CommonCfg.REGBACapability.field.Policy = pAd->CommonCfg.BACapability.field.Policy;
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtAutoBa_Proc::(HtAutoBa=%d)\n",pAd->CommonCfg.BACapability.field.AutoBA));
+
+       return TRUE;
+
+}
+
+INT    Set_HtProtect_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->CommonCfg.bHTProtect = FALSE;
+    else if (Value == 1)
+               pAd->CommonCfg.bHTProtect = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtProtect_Proc::(HtProtect=%d)\n",pAd->CommonCfg.bHTProtect));
+
+       return TRUE;
+}
+
+INT    Set_SendPSMPAction_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    UCHAR mac[6], mode;
+       PSTRING token;
+       STRING sepValue[] = ":", DASH = '-';
+       INT i;
+    MAC_TABLE_ENTRY *pEntry;
+
+    //DBGPRINT(RT_DEBUG_TRACE,("\n%s\n", arg));
+/*
+       The BARecTearDown inupt string format should be xx:xx:xx:xx:xx:xx-d,
+               =>The six 2 digit hex-decimal number previous are the Mac address,
+               =>The seventh decimal number is the mode value.
+*/
+    if(strlen(arg) < 19)  //Mac address acceptable format 01:02:03:04:05:06 length 17 plus the "-" and mode value in decimal format.
+               return FALSE;
+
+       token = strchr(arg, DASH);
+       if ((token != NULL) && (strlen(token)>1))
+       {
+               mode = simple_strtol((token+1), 0, 10);
+               if (mode > MMPS_ENABLE)
+                       return FALSE;
+
+               *token = '\0';
+               for (i = 0, token = rstrtok(arg, &sepValue[0]); token; token = rstrtok(NULL, &sepValue[0]), i++)
+               {
+                       if((strlen(token) != 2) || (!isxdigit(*token)) || (!isxdigit(*(token+1))))
+                               return FALSE;
+                       AtoH(token, (&mac[i]), 1);
+               }
+               if(i != 6)
+                       return FALSE;
+
+               DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x-%02x",
+                                                               mac[0], mac[1], mac[2], mac[3], mac[4], mac[5], mode));
+
+               pEntry = MacTableLookup(pAd, mac);
+
+               if (pEntry) {
+                   DBGPRINT(RT_DEBUG_OFF, ("\nSendPSMPAction MIPS mode = %d\n", mode));
+                   SendPSMPAction(pAd, pEntry->Aid, mode);
+               }
+
+               return TRUE;
+       }
+
+       return FALSE;
+
+
+}
+
+INT    Set_HtMIMOPSmode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+       if (Value <=3 && Value >= 0)
+               pAd->CommonCfg.BACapability.field.MMPSmode = Value;
+       else
+               pAd->CommonCfg.BACapability.field.MMPSmode = 3;
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtMIMOPSmode_Proc::(MIMOPS mode=%d)\n",pAd->CommonCfg.BACapability.field.MMPSmode));
+
+       return TRUE;
+}
+
+
+INT    Set_ForceShortGI_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->WIFItestbed.bShortGI = FALSE;
+       else if (Value == 1)
+               pAd->WIFItestbed.bShortGI = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_ForceShortGI_Proc::(ForceShortGI=%d)\n", pAd->WIFItestbed.bShortGI));
+
+       return TRUE;
+}
+
+
+
+INT    Set_ForceGF_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->WIFItestbed.bGreenField = FALSE;
+       else if (Value == 1)
+               pAd->WIFItestbed.bGreenField = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       SetCommonHT(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_ForceGF_Proc::(ForceGF=%d)\n", pAd->WIFItestbed.bGreenField));
+
+       return TRUE;
+}
+
+INT    Set_HtMimoPs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+       if (Value == 0)
+               pAd->CommonCfg.bMIMOPSEnable = FALSE;
+       else if (Value == 1)
+               pAd->CommonCfg.bMIMOPSEnable = TRUE;
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_HtMimoPs_Proc::(HtMimoPs=%d)\n",pAd->CommonCfg.bMIMOPSEnable));
+
+       return TRUE;
+}
+#endif // DOT11_N_SUPPORT //
+
+
+#ifdef DOT11_N_SUPPORT
+INT    SetCommonHT(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       OID_SET_HT_PHYMODE              SetHT;
+
+       if (pAd->CommonCfg.PhyMode < PHY_11ABGN_MIXED)
+               return FALSE;
+
+       SetHT.PhyMode = pAd->CommonCfg.PhyMode;
+       SetHT.TransmitNo = ((UCHAR)pAd->Antenna.field.TxPath);
+       SetHT.HtMode = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.HTMODE;
+       SetHT.ExtOffset = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.EXTCHA;
+       SetHT.MCS = MCS_AUTO;
+       SetHT.BW = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.BW;
+       SetHT.STBC = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.STBC;
+       SetHT.SHORTGI = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.ShortGI;
+
+       RTMPSetHT(pAd, &SetHT);
+
+       return TRUE;
+}
+#endif // DOT11_N_SUPPORT //
+
+INT    Set_FixedTxMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR   fix_tx_mode = FIXED_TXMODE_HT;
+
+       if (strcmp(arg, "OFDM") == 0 || strcmp(arg, "ofdm") == 0)
+       {
+               fix_tx_mode = FIXED_TXMODE_OFDM;
+       }
+       else if (strcmp(arg, "CCK") == 0 || strcmp(arg, "cck") == 0)
+       {
+        fix_tx_mode = FIXED_TXMODE_CCK;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode = fix_tx_mode;
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_FixedTxMode_Proc::(FixedTxMode=%d)\n", fix_tx_mode));
+
+       return TRUE;
+}
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+INT    Set_OpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ULONG Value;
+
+       Value = simple_strtol(arg, 0, 10);
+
+#ifdef RTMP_MAC_PCI
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+#endif // RTMP_MAC_PCI //
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Can not switch operate mode on interface up !! \n"));
+               return FALSE;
+       }
+
+       if (Value == 0)
+               pAd->OpMode = OPMODE_STA;
+       else if (Value == 1)
+               pAd->OpMode = OPMODE_AP;
+       else
+               return FALSE; //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_OpMode_Proc::(OpMode=%s)\n", pAd->OpMode == 1 ? "AP Mode" : "STA Mode"));
+
+       return TRUE;
+}
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+
+
+INT Set_LongRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg)
+{
+       TX_RTY_CFG_STRUC        tx_rty_cfg;
+       UCHAR                           LongRetryLimit = (UCHAR)simple_strtol(arg, 0, 10);
+
+       RTMP_IO_READ32(pAdapter, TX_RTY_CFG, &tx_rty_cfg.word);
+       tx_rty_cfg.field.LongRtyLimit = LongRetryLimit;
+       RTMP_IO_WRITE32(pAdapter, TX_RTY_CFG, tx_rty_cfg.word);
+       DBGPRINT(RT_DEBUG_TRACE, ("IF Set_LongRetryLimit_Proc::(tx_rty_cfg=0x%x)\n", tx_rty_cfg.word));
+       return TRUE;
+}
+
+INT Set_ShortRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg)
+{
+       TX_RTY_CFG_STRUC        tx_rty_cfg;
+       UCHAR                           ShortRetryLimit = (UCHAR)simple_strtol(arg, 0, 10);
+
+       RTMP_IO_READ32(pAdapter, TX_RTY_CFG, &tx_rty_cfg.word);
+       tx_rty_cfg.field.ShortRtyLimit = ShortRetryLimit;
+       RTMP_IO_WRITE32(pAdapter, TX_RTY_CFG, tx_rty_cfg.word);
+       DBGPRINT(RT_DEBUG_TRACE, ("IF Set_ShortRetryLimit_Proc::(tx_rty_cfg=0x%x)\n", tx_rty_cfg.word));
+       return TRUE;
+}
+
+
+/////////////////////////////////////////////////////////////////////////
+PSTRING RTMPGetRalinkAuthModeStr(
+    IN  NDIS_802_11_AUTHENTICATION_MODE authMode)
+{
+       switch(authMode)
+       {
+               case Ndis802_11AuthModeOpen:
+                       return "OPEN";
+               case Ndis802_11AuthModeWPAPSK:
+                       return "WPAPSK";
+               case Ndis802_11AuthModeShared:
+                       return "SHARED";
+               case Ndis802_11AuthModeWPA:
+                       return "WPA";
+               case Ndis802_11AuthModeWPA2:
+                       return "WPA2";
+               case Ndis802_11AuthModeWPA2PSK:
+                       return "WPA2PSK";
+        case Ndis802_11AuthModeWPA1PSKWPA2PSK:
+                       return "WPAPSKWPA2PSK";
+        case Ndis802_11AuthModeWPA1WPA2:
+                       return "WPA1WPA2";
+               case Ndis802_11AuthModeWPANone:
+                       return "WPANONE";
+               default:
+                       return "UNKNOW";
+       }
+}
+
+PSTRING RTMPGetRalinkEncryModeStr(
+    IN  USHORT encryMode)
+{
+       switch(encryMode)
+       {
+               case Ndis802_11WEPDisabled:
+                       return "NONE";
+               case Ndis802_11WEPEnabled:
+                       return "WEP";
+               case Ndis802_11Encryption2Enabled:
+                       return "TKIP";
+               case Ndis802_11Encryption3Enabled:
+                       return "AES";
+        case Ndis802_11Encryption4Enabled:
+                       return "TKIPAES";
+               default:
+                       return "UNKNOW";
+       }
+}
+
+INT RTMPShowCfgValue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 pName,
+       IN      PSTRING                 pBuf)
+{
+       INT     Status = 0;
+
+       for (PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC = RTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC++)
+       {
+               if (!strcmp(pName, PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name))
+               {
+                       if(PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->show_proc(pAd, pBuf))
+                               Status = -EINVAL;
+                       break;  //Exit for loop.
+               }
+       }
+
+       if(PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name == NULL)
+       {
+               sprintf(pBuf, "\n");
+               for (PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC = RTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name; PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC++)
+                       sprintf(pBuf, "%s%s\n", pBuf, PRTMP_PRIVATE_STA_SHOW_CFG_VALUE_PROC->name);
+       }
+
+       return Status;
+}
+
+INT    Show_SSID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               sprintf(pBuf, "\t%s", pAd->CommonCfg.Ssid);
+#endif // CONFIG_STA_SUPPORT //
+       return 0;
+}
+
+INT    Show_WirelessMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.PhyMode)
+       {
+               case PHY_11BG_MIXED:
+                       sprintf(pBuf, "\t11B/G");
+                       break;
+               case PHY_11B:
+                       sprintf(pBuf, "\t11B");
+                       break;
+               case PHY_11A:
+                       sprintf(pBuf, "\t11A");
+                       break;
+               case PHY_11ABG_MIXED:
+                       sprintf(pBuf, "\t11A/B/G");
+                       break;
+               case PHY_11G:
+                       sprintf(pBuf, "\t11G");
+                       break;
+#ifdef DOT11_N_SUPPORT
+               case PHY_11ABGN_MIXED:
+                       sprintf(pBuf, "\t11A/B/G/N");
+                       break;
+               case PHY_11N_2_4G:
+                       sprintf(pBuf, "\t11N only with 2.4G");
+                       break;
+               case PHY_11GN_MIXED:
+                       sprintf(pBuf, "\t11G/N");
+                       break;
+               case PHY_11AN_MIXED:
+                       sprintf(pBuf, "\t11A/N");
+                       break;
+               case PHY_11BGN_MIXED:
+                       sprintf(pBuf, "\t11B/G/N");
+                       break;
+               case PHY_11AGN_MIXED:
+                       sprintf(pBuf, "\t11A/G/N");
+                       break;
+               case PHY_11N_5G:
+                       sprintf(pBuf, "\t11N only with 5G");
+                       break;
+#endif // DOT11_N_SUPPORT //
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%d)", pAd->CommonCfg.PhyMode);
+                       break;
+       }
+       return 0;
+}
+
+
+INT    Show_TxBurst_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.bEnableTxBurst ? "TRUE":"FALSE");
+       return 0;
+}
+
+INT    Show_TxPreamble_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.TxPreamble)
+       {
+               case Rt802_11PreambleShort:
+                       sprintf(pBuf, "\tShort");
+                       break;
+               case Rt802_11PreambleLong:
+                       sprintf(pBuf, "\tLong");
+                       break;
+               case Rt802_11PreambleAuto:
+                       sprintf(pBuf, "\tAuto");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%lu)", pAd->CommonCfg.TxPreamble);
+                       break;
+       }
+
+       return 0;
+}
+
+INT    Show_TxPower_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%lu", pAd->CommonCfg.TxPowerPercentage);
+       return 0;
+}
+
+INT    Show_Channel_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%d", pAd->CommonCfg.Channel);
+       return 0;
+}
+
+INT    Show_BGProtection_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.UseBGProtection)
+       {
+               case 1: //Always On
+                       sprintf(pBuf, "\tON");
+                       break;
+               case 2: //Always OFF
+                       sprintf(pBuf, "\tOFF");
+                       break;
+               case 0: //AUTO
+                       sprintf(pBuf, "\tAuto");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%lu)", pAd->CommonCfg.UseBGProtection);
+                       break;
+       }
+       return 0;
+}
+
+INT    Show_RTSThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%u", pAd->CommonCfg.RtsThreshold);
+       return 0;
+}
+
+INT    Show_FragThreshold_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%u", pAd->CommonCfg.FragmentThreshold);
+       return 0;
+}
+
+#ifdef DOT11_N_SUPPORT
+INT    Show_HtBw_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       if (pAd->CommonCfg.RegTransmitSetting.field.BW == BW_40)
+       {
+               sprintf(pBuf, "\t40 MHz");
+       }
+       else
+       {
+        sprintf(pBuf, "\t20 MHz");
+       }
+       return 0;
+}
+
+INT    Show_HtMcs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               sprintf(pBuf, "\t%u", pAd->StaCfg.DesiredTransmitSetting.field.MCS);
+#endif // CONFIG_STA_SUPPORT //
+       return 0;
+}
+
+INT    Show_HtGi_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.RegTransmitSetting.field.ShortGI)
+       {
+               case GI_400:
+                       sprintf(pBuf, "\tGI_400");
+                       break;
+               case GI_800:
+                       sprintf(pBuf, "\tGI_800");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%u)", pAd->CommonCfg.RegTransmitSetting.field.ShortGI);
+                       break;
+       }
+       return 0;
+}
+
+INT    Show_HtOpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.RegTransmitSetting.field.HTMODE)
+       {
+               case HTMODE_GF:
+                       sprintf(pBuf, "\tGF");
+                       break;
+               case HTMODE_MM:
+                       sprintf(pBuf, "\tMM");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%u)", pAd->CommonCfg.RegTransmitSetting.field.HTMODE);
+                       break;
+       }
+       return 0;
+}
+
+INT    Show_HtExtcha_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->CommonCfg.RegTransmitSetting.field.EXTCHA)
+       {
+               case EXTCHA_BELOW:
+                       sprintf(pBuf, "\tBelow");
+                       break;
+               case EXTCHA_ABOVE:
+                       sprintf(pBuf, "\tAbove");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%u)", pAd->CommonCfg.RegTransmitSetting.field.EXTCHA);
+                       break;
+       }
+       return 0;
+}
+
+
+INT    Show_HtMpduDensity_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%u", pAd->CommonCfg.BACapability.field.MpduDensity);
+       return 0;
+}
+
+INT    Show_HtBaWinSize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%u", pAd->CommonCfg.BACapability.field.RxBAWinLimit);
+       return 0;
+}
+
+INT    Show_HtRdg_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.bRdg ? "TRUE":"FALSE");
+       return 0;
+}
+
+INT    Show_HtAmsdu_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.BACapability.field.AmsduEnable ? "TRUE":"FALSE");
+       return 0;
+}
+
+INT    Show_HtAutoBa_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.BACapability.field.AutoBA ? "TRUE":"FALSE");
+       return 0;
+}
+#endif // DOT11_N_SUPPORT //
+
+INT    Show_CountryRegion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%d", pAd->CommonCfg.CountryRegion);
+       return 0;
+}
+
+INT    Show_CountryRegionABand_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%d", pAd->CommonCfg.CountryRegionForABand);
+       return 0;
+}
+
+INT    Show_CountryCode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.CountryCode);
+       return 0;
+}
+
+#ifdef AGGREGATION_SUPPORT
+INT    Show_PktAggregate_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.bAggregationCapable ? "TRUE":"FALSE");
+       return 0;
+}
+#endif // AGGREGATION_SUPPORT //
+
+#ifdef WMM_SUPPORT
+INT    Show_WmmCapable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               sprintf(pBuf, "\t%s", pAd->CommonCfg.bWmmCapable ? "TRUE":"FALSE");
+#endif // CONFIG_STA_SUPPORT //
+
+       return 0;
+}
+#endif // WMM_SUPPORT //
+
+INT    Show_IEEE80211H_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       sprintf(pBuf, "\t%s", pAd->CommonCfg.bIEEE80211H ? "TRUE":"FALSE");
+       return 0;
+}
+
+#ifdef CONFIG_STA_SUPPORT
+INT    Show_NetworkType_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       switch(pAd->StaCfg.BssType)
+       {
+               case BSS_ADHOC:
+                       sprintf(pBuf, "\tAdhoc");
+                       break;
+               case BSS_INFRA:
+                       sprintf(pBuf, "\tInfra");
+                       break;
+               case BSS_ANY:
+                       sprintf(pBuf, "\tAny");
+                       break;
+               case BSS_MONITOR:
+                       sprintf(pBuf, "\tMonitor");
+                       break;
+               default:
+                       sprintf(pBuf, "\tUnknow Value(%d)", pAd->StaCfg.BssType);
+                       break;
+       }
+       return 0;
+}
+
+
+#endif // CONFIG_STA_SUPPORT //
+
+INT    Show_AuthMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       NDIS_802_11_AUTHENTICATION_MODE AuthMode = Ndis802_11AuthModeOpen;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               AuthMode = pAd->StaCfg.AuthMode;
+#endif // CONFIG_STA_SUPPORT //
+
+       if ((AuthMode >= Ndis802_11AuthModeOpen) &&
+               (AuthMode <= Ndis802_11AuthModeWPA1PSKWPA2PSK))
+               sprintf(pBuf, "\t%s", RTMPGetRalinkAuthModeStr(AuthMode));
+       else
+               sprintf(pBuf, "\tUnknow Value(%d)", AuthMode);
+
+       return 0;
+}
+
+INT    Show_EncrypType_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       NDIS_802_11_WEP_STATUS  WepStatus = Ndis802_11WEPDisabled;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               WepStatus = pAd->StaCfg.WepStatus;
+#endif // CONFIG_STA_SUPPORT //
+
+       if ((WepStatus >= Ndis802_11WEPEnabled) &&
+               (WepStatus <= Ndis802_11Encryption4KeyAbsent))
+               sprintf(pBuf, "\t%s", RTMPGetRalinkEncryModeStr(WepStatus));
+       else
+               sprintf(pBuf, "\tUnknow Value(%d)", WepStatus);
+
+       return 0;
+}
+
+INT    Show_DefaultKeyID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       UCHAR DefaultKeyId = 0;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               DefaultKeyId = pAd->StaCfg.DefaultKeyId;
+#endif // CONFIG_STA_SUPPORT //
+
+       sprintf(pBuf, "\t%d", DefaultKeyId);
+
+       return 0;
+}
+
+INT    Show_WepKey_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  INT                         KeyIdx,
+       OUT     PSTRING                 pBuf)
+{
+       UCHAR   Key[16] = {0}, KeyLength = 0;
+       INT             index = BSS0;
+
+       KeyLength = pAd->SharedKey[index][KeyIdx].KeyLen;
+       NdisMoveMemory(Key, pAd->SharedKey[index][KeyIdx].Key, KeyLength);
+
+       //check key string is ASCII or not
+    if (RTMPCheckStrPrintAble((PCHAR)Key, KeyLength))
+        sprintf(pBuf, "\t%s", Key);
+    else
+    {
+        int idx;
+        sprintf(pBuf, "\t");
+        for (idx = 0; idx < KeyLength; idx++)
+            sprintf(pBuf+strlen(pBuf), "%02X", Key[idx]);
+    }
+       return 0;
+}
+
+INT    Show_Key1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       Show_WepKey_Proc(pAd, 0, pBuf);
+       return 0;
+}
+
+INT    Show_Key2_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       Show_WepKey_Proc(pAd, 1, pBuf);
+       return 0;
+}
+
+INT    Show_Key3_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       Show_WepKey_Proc(pAd, 2, pBuf);
+       return 0;
+}
+
+INT    Show_Key4_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       Show_WepKey_Proc(pAd, 3, pBuf);
+       return 0;
+}
+
+INT    Show_WPAPSK_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT     PSTRING                 pBuf)
+{
+       INT     idx;
+       UCHAR   PMK[32] = {0};
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               NdisMoveMemory(PMK, pAd->StaCfg.PMK, 32);
+#endif // CONFIG_STA_SUPPORT //
+
+    sprintf(pBuf, "\tPMK = ");
+    for (idx = 0; idx < 32; idx++)
+        sprintf(pBuf+strlen(pBuf), "%02X", PMK[idx]);
+
+       return 0;
+}
diff --git a/drivers/staging/rt3090/common/cmm_mac_pci.c b/drivers/staging/rt3090/common/cmm_mac_pci.c
new file mode 100644 (file)
index 0000000..8e16363
--- /dev/null
@@ -0,0 +1,1757 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+*/
+
+#ifdef RTMP_MAC_PCI
+
+#include "../rt_config.h"
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Allocate DMA memory blocks for send, receive
+
+       Arguments:
+               Adapter         Pointer to our adapter
+
+       Return Value:
+               NDIS_STATUS_SUCCESS
+               NDIS_STATUS_FAILURE
+               NDIS_STATUS_RESOURCES
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS    RTMPAllocTxRxRingMemory(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       NDIS_STATUS             Status = NDIS_STATUS_SUCCESS;
+       ULONG                   RingBasePaHigh;
+       ULONG                   RingBasePaLow;
+       PVOID                   RingBaseVa;
+       INT                             index, num;
+       PTXD_STRUC              pTxD;
+       PRXD_STRUC              pRxD;
+       ULONG                   ErrorValue = 0;
+       PRTMP_TX_RING   pTxRing;
+       PRTMP_DMABUF    pDmaBuf;
+       PNDIS_PACKET    pPacket;
+//     PRTMP_REORDERBUF        pReorderBuf;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> RTMPAllocTxRxRingMemory\n"));
+       do
+       {
+               //
+               // Allocate all ring descriptors, include TxD, RxD, MgmtD.
+               // Although each size is different, to prevent cacheline and alignment
+               // issue, I intentional set them all to 64 bytes.
+               //
+               for (num=0; num<NUM_OF_TX_RING; num++)
+               {
+                       ULONG  BufBasePaHigh;
+                       ULONG  BufBasePaLow;
+                       PVOID  BufBaseVa;
+
+                       //
+                       // Allocate Tx ring descriptor's memory (5 TX rings = 4 ACs + 1 HCCA)
+                       //
+                       pAd->TxDescRing[num].AllocSize = TX_RING_SIZE * TXD_SIZE;
+                       RTMP_AllocateTxDescMemory(
+                               pAd,
+                               num,
+                               pAd->TxDescRing[num].AllocSize,
+                               FALSE,
+                               &pAd->TxDescRing[num].AllocVa,
+                               &pAd->TxDescRing[num].AllocPa);
+
+                       if (pAd->TxDescRing[num].AllocVa == NULL)
+                       {
+                               ErrorValue = ERRLOG_OUT_OF_SHARED_MEMORY;
+                               DBGPRINT_ERR(("Failed to allocate a big buffer\n"));
+                               Status = NDIS_STATUS_RESOURCES;
+                               break;
+                       }
+
+                       // Zero init this memory block
+                       NdisZeroMemory(pAd->TxDescRing[num].AllocVa, pAd->TxDescRing[num].AllocSize);
+
+                       // Save PA & VA for further operation
+                       RingBasePaHigh = RTMP_GetPhysicalAddressHigh(pAd->TxDescRing[num].AllocPa);
+                       RingBasePaLow  = RTMP_GetPhysicalAddressLow (pAd->TxDescRing[num].AllocPa);
+                       RingBaseVa     = pAd->TxDescRing[num].AllocVa;
+
+                       //
+                       // Allocate all 1st TXBuf's memory for this TxRing
+                       //
+                       pAd->TxBufSpace[num].AllocSize = TX_RING_SIZE * TX_DMA_1ST_BUFFER_SIZE;
+                       RTMP_AllocateFirstTxBuffer(
+                               pAd,
+                               num,
+                               pAd->TxBufSpace[num].AllocSize,
+                               FALSE,
+                               &pAd->TxBufSpace[num].AllocVa,
+                               &pAd->TxBufSpace[num].AllocPa);
+
+                       if (pAd->TxBufSpace[num].AllocVa == NULL)
+                       {
+                               ErrorValue = ERRLOG_OUT_OF_SHARED_MEMORY;
+                               DBGPRINT_ERR(("Failed to allocate a big buffer\n"));
+                               Status = NDIS_STATUS_RESOURCES;
+                               break;
+                       }
+
+                       // Zero init this memory block
+                       NdisZeroMemory(pAd->TxBufSpace[num].AllocVa, pAd->TxBufSpace[num].AllocSize);
+
+                       // Save PA & VA for further operation
+                       BufBasePaHigh = RTMP_GetPhysicalAddressHigh(pAd->TxBufSpace[num].AllocPa);
+                       BufBasePaLow  = RTMP_GetPhysicalAddressLow (pAd->TxBufSpace[num].AllocPa);
+                       BufBaseVa     = pAd->TxBufSpace[num].AllocVa;
+
+                       //
+                       // Initialize Tx Ring Descriptor and associated buffer memory
+                       //
+                       pTxRing = &pAd->TxRing[num];
+                       for (index = 0; index < TX_RING_SIZE; index++)
+                       {
+                               pTxRing->Cell[index].pNdisPacket = NULL;
+                               pTxRing->Cell[index].pNextNdisPacket = NULL;
+                               // Init Tx Ring Size, Va, Pa variables
+                               pTxRing->Cell[index].AllocSize = TXD_SIZE;
+                               pTxRing->Cell[index].AllocVa = RingBaseVa;
+                               RTMP_SetPhysicalAddressHigh(pTxRing->Cell[index].AllocPa, RingBasePaHigh);
+                               RTMP_SetPhysicalAddressLow (pTxRing->Cell[index].AllocPa, RingBasePaLow);
+
+                               // Setup Tx Buffer size & address. only 802.11 header will store in this space
+                               pDmaBuf = &pTxRing->Cell[index].DmaBuf;
+                               pDmaBuf->AllocSize = TX_DMA_1ST_BUFFER_SIZE;
+                               pDmaBuf->AllocVa = BufBaseVa;
+                               RTMP_SetPhysicalAddressHigh(pDmaBuf->AllocPa, BufBasePaHigh);
+                               RTMP_SetPhysicalAddressLow(pDmaBuf->AllocPa, BufBasePaLow);
+
+                               // link the pre-allocated TxBuf to TXD
+                               pTxD = (PTXD_STRUC) pTxRing->Cell[index].AllocVa;
+                               pTxD->SDPtr0 = BufBasePaLow;
+                               // advance to next ring descriptor address
+                               pTxD->DMADONE = 1;
+#ifdef RT_BIG_ENDIAN
+                               RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                               RingBasePaLow += TXD_SIZE;
+                               RingBaseVa = (PUCHAR) RingBaseVa + TXD_SIZE;
+
+                               // advance to next TxBuf address
+                               BufBasePaLow += TX_DMA_1ST_BUFFER_SIZE;
+                               BufBaseVa = (PUCHAR) BufBaseVa + TX_DMA_1ST_BUFFER_SIZE;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("TxRing[%d]: total %d entry allocated\n", num, index));
+               }
+               if (Status == NDIS_STATUS_RESOURCES)
+                       break;
+
+               //
+               // Allocate MGMT ring descriptor's memory except Tx ring which allocated eariler
+               //
+               pAd->MgmtDescRing.AllocSize = MGMT_RING_SIZE * TXD_SIZE;
+               RTMP_AllocateMgmtDescMemory(
+                       pAd,
+                       pAd->MgmtDescRing.AllocSize,
+                       FALSE,
+                       &pAd->MgmtDescRing.AllocVa,
+                       &pAd->MgmtDescRing.AllocPa);
+
+               if (pAd->MgmtDescRing.AllocVa == NULL)
+               {
+                       ErrorValue = ERRLOG_OUT_OF_SHARED_MEMORY;
+                       DBGPRINT_ERR(("Failed to allocate a big buffer\n"));
+                       Status = NDIS_STATUS_RESOURCES;
+                       break;
+               }
+
+               // Zero init this memory block
+               NdisZeroMemory(pAd->MgmtDescRing.AllocVa, pAd->MgmtDescRing.AllocSize);
+
+               // Save PA & VA for further operation
+               RingBasePaHigh = RTMP_GetPhysicalAddressHigh(pAd->MgmtDescRing.AllocPa);
+               RingBasePaLow  = RTMP_GetPhysicalAddressLow (pAd->MgmtDescRing.AllocPa);
+               RingBaseVa     = pAd->MgmtDescRing.AllocVa;
+
+               //
+               // Initialize MGMT Ring and associated buffer memory
+               //
+               for (index = 0; index < MGMT_RING_SIZE; index++)
+               {
+                       pAd->MgmtRing.Cell[index].pNdisPacket = NULL;
+                       pAd->MgmtRing.Cell[index].pNextNdisPacket = NULL;
+                       // Init MGMT Ring Size, Va, Pa variables
+                       pAd->MgmtRing.Cell[index].AllocSize = TXD_SIZE;
+                       pAd->MgmtRing.Cell[index].AllocVa = RingBaseVa;
+                       RTMP_SetPhysicalAddressHigh(pAd->MgmtRing.Cell[index].AllocPa, RingBasePaHigh);
+                       RTMP_SetPhysicalAddressLow (pAd->MgmtRing.Cell[index].AllocPa, RingBasePaLow);
+
+                       // Offset to next ring descriptor address
+                       RingBasePaLow += TXD_SIZE;
+                       RingBaseVa = (PUCHAR) RingBaseVa + TXD_SIZE;
+
+                       // link the pre-allocated TxBuf to TXD
+                       pTxD = (PTXD_STRUC) pAd->MgmtRing.Cell[index].AllocVa;
+                       pTxD->DMADONE = 1;
+
+#ifdef RT_BIG_ENDIAN
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                       // no pre-allocated buffer required in MgmtRing for scatter-gather case
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("MGMT Ring: total %d entry allocated\n", index));
+
+               //
+               // Allocate RX ring descriptor's memory except Tx ring which allocated eariler
+               //
+               pAd->RxDescRing.AllocSize = RX_RING_SIZE * RXD_SIZE;
+               RTMP_AllocateRxDescMemory(
+                       pAd,
+                       pAd->RxDescRing.AllocSize,
+                       FALSE,
+                       &pAd->RxDescRing.AllocVa,
+                       &pAd->RxDescRing.AllocPa);
+
+               if (pAd->RxDescRing.AllocVa == NULL)
+               {
+                       ErrorValue = ERRLOG_OUT_OF_SHARED_MEMORY;
+                       DBGPRINT_ERR(("Failed to allocate a big buffer\n"));
+                       Status = NDIS_STATUS_RESOURCES;
+                       break;
+               }
+
+               // Zero init this memory block
+               NdisZeroMemory(pAd->RxDescRing.AllocVa, pAd->RxDescRing.AllocSize);
+
+
+               DBGPRINT(RT_DEBUG_OFF,
+                                       ("RX DESC %p  size = %ld\n", pAd->RxDescRing.AllocVa, pAd->RxDescRing.AllocSize));
+
+               // Save PA & VA for further operation
+               RingBasePaHigh = RTMP_GetPhysicalAddressHigh(pAd->RxDescRing.AllocPa);
+               RingBasePaLow  = RTMP_GetPhysicalAddressLow (pAd->RxDescRing.AllocPa);
+               RingBaseVa     = pAd->RxDescRing.AllocVa;
+
+               //
+               // Initialize Rx Ring and associated buffer memory
+               //
+               for (index = 0; index < RX_RING_SIZE; index++)
+               {
+                       // Init RX Ring Size, Va, Pa variables
+                       pAd->RxRing.Cell[index].AllocSize = RXD_SIZE;
+                       pAd->RxRing.Cell[index].AllocVa = RingBaseVa;
+                       RTMP_SetPhysicalAddressHigh(pAd->RxRing.Cell[index].AllocPa, RingBasePaHigh);
+                       RTMP_SetPhysicalAddressLow (pAd->RxRing.Cell[index].AllocPa, RingBasePaLow);
+
+                       //NdisZeroMemory(RingBaseVa, RXD_SIZE);
+
+                       // Offset to next ring descriptor address
+                       RingBasePaLow += RXD_SIZE;
+                       RingBaseVa = (PUCHAR) RingBaseVa + RXD_SIZE;
+
+                       // Setup Rx associated Buffer size & allocate share memory
+                       pDmaBuf = &pAd->RxRing.Cell[index].DmaBuf;
+                       pDmaBuf->AllocSize = RX_BUFFER_AGGRESIZE;
+                       pPacket = RTMP_AllocateRxPacketBuffer(
+                               pAd,
+                               pDmaBuf->AllocSize,
+                               FALSE,
+                               &pDmaBuf->AllocVa,
+                               &pDmaBuf->AllocPa);
+
+                       /* keep allocated rx packet */
+                       pAd->RxRing.Cell[index].pNdisPacket = pPacket;
+
+                       // Error handling
+                       if (pDmaBuf->AllocVa == NULL)
+                       {
+                               ErrorValue = ERRLOG_OUT_OF_SHARED_MEMORY;
+                               DBGPRINT_ERR(("Failed to allocate RxRing's 1st buffer\n"));
+                               Status = NDIS_STATUS_RESOURCES;
+                               break;
+                       }
+
+                       // Zero init this memory block
+                       NdisZeroMemory(pDmaBuf->AllocVa, pDmaBuf->AllocSize);
+
+                       // Write RxD buffer address & allocated buffer length
+                       pRxD = (PRXD_STRUC) pAd->RxRing.Cell[index].AllocVa;
+                       pRxD->SDP0 = RTMP_GetPhysicalAddressLow(pDmaBuf->AllocPa);
+                       pRxD->DDONE = 0;
+
+#ifdef RT_BIG_ENDIAN
+                       RTMPDescriptorEndianChange((PUCHAR)pRxD, TYPE_RXD);
+#endif
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Rx Ring: total %d entry allocated\n", index));
+
+       }       while (FALSE);
+
+
+       NdisZeroMemory(&pAd->FragFrame, sizeof(FRAGMENT_FRAME));
+       pAd->FragFrame.pFragPacket =  RTMP_AllocateFragPacketBuffer(pAd, RX_BUFFER_NORMSIZE);
+
+       if (pAd->FragFrame.pFragPacket == NULL)
+       {
+               Status = NDIS_STATUS_RESOURCES;
+       }
+
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               // Log error inforamtion
+               NdisWriteErrorLogEntry(
+                       pAd->AdapterHandle,
+                       NDIS_ERROR_CODE_OUT_OF_RESOURCES,
+                       1,
+                       ErrorValue);
+       }
+
+       // Following code segment get from original func:NICInitTxRxRingAndBacklogQueue(), now should integrate it to here.
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("--> NICInitTxRxRingAndBacklogQueue\n"));
+
+/*
+               // Disable DMA.
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+               GloCfg.word &= 0xff0;
+               GloCfg.field.EnTXWriteBackDDONE =1;
+               RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+*/
+
+               // Initialize all transmit related software queues
+               for(index = 0; index < NUM_OF_TX_RING; index++)
+               {
+                       InitializeQueueHeader(&pAd->TxSwQueue[index]);
+                       // Init TX rings index pointer
+                       pAd->TxRing[index].TxSwFreeIdx = 0;
+                       pAd->TxRing[index].TxCpuIdx = 0;
+                       //RTMP_IO_WRITE32(pAd, (TX_CTX_IDX0 + i * 0x10) ,  pAd->TxRing[i].TX_CTX_IDX);
+               }
+
+               // Init RX Ring index pointer
+               pAd->RxRing.RxSwReadIdx = 0;
+               pAd->RxRing.RxCpuIdx = RX_RING_SIZE - 1;
+               //RTMP_IO_WRITE32(pAd, RX_CRX_IDX, pAd->RxRing.RX_CRX_IDX0);
+
+
+               // init MGMT ring index pointer
+               pAd->MgmtRing.TxSwFreeIdx = 0;
+               pAd->MgmtRing.TxCpuIdx = 0;
+
+               pAd->PrivateInfo.TxRingFullCnt = 0;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("<-- NICInitTxRxRingAndBacklogQueue\n"));
+       }
+
+       DBGPRINT_S(Status, ("<-- RTMPAllocTxRxRingMemory, Status=%x\n", Status));
+       return Status;
+}
+
+
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Reset NIC Asics. Call after rest DMA. So reset TX_CTX_IDX to zero.
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               Reset NIC to initial state AS IS system boot up time.
+
+       ========================================================================
+*/
+VOID   RTMPRingCleanUp(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   RingType)
+{
+       PTXD_STRUC              pTxD;
+       PRXD_STRUC              pRxD;
+       PQUEUE_ENTRY    pEntry;
+       PNDIS_PACKET    pPacket;
+       int                             i;
+       PRTMP_TX_RING   pTxRing;
+       unsigned long   IrqFlags;
+       //UINT32                        RxSwReadIdx;
+
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPRingCleanUp(RingIdx=%d, Pending-NDIS=%ld)\n", RingType, pAd->RalinkCounters.PendingNdisPacketCount));
+       switch (RingType)
+       {
+               case QID_AC_BK:
+               case QID_AC_BE:
+               case QID_AC_VI:
+               case QID_AC_VO:
+               /*case QID_HCCA:*/
+
+                       pTxRing = &pAd->TxRing[RingType];
+
+                       RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+                       // We have to clean all descriptors in case some error happened with reset
+                       for (i=0; i<TX_RING_SIZE; i++) // We have to scan all TX ring
+                       {
+                               pTxD  = (PTXD_STRUC) pTxRing->Cell[i].AllocVa;
+
+                               pPacket = (PNDIS_PACKET) pTxRing->Cell[i].pNdisPacket;
+                               // release scatter-and-gather NDIS_PACKET
+                               if (pPacket)
+                               {
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                                       pTxRing->Cell[i].pNdisPacket = NULL;
+                               }
+
+                               pPacket = (PNDIS_PACKET) pTxRing->Cell[i].pNextNdisPacket;
+                               // release scatter-and-gather NDIS_PACKET
+                               if (pPacket)
+                               {
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                                       pTxRing->Cell[i].pNextNdisPacket = NULL;
+                               }
+                       }
+
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + RingType * 0x10, &pTxRing->TxDmaIdx);
+                       pTxRing->TxSwFreeIdx = pTxRing->TxDmaIdx;
+                       pTxRing->TxCpuIdx = pTxRing->TxDmaIdx;
+                       RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + RingType * 0x10, pTxRing->TxCpuIdx);
+
+                       RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+
+                       RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+                       while (pAd->TxSwQueue[RingType].Head != NULL)
+                       {
+                               pEntry = RemoveHeadQueue(&pAd->TxSwQueue[RingType]);
+                               pPacket = QUEUE_ENTRY_TO_PACKET(pEntry);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                               DBGPRINT(RT_DEBUG_TRACE,("Release 1 NDIS packet from s/w backlog queue\n"));
+                       }
+                       RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+                       break;
+
+               case QID_MGMT:
+                       // We have to clean all descriptors in case some error happened with reset
+                       NdisAcquireSpinLock(&pAd->MgmtRingLock);
+
+                       for (i=0; i<MGMT_RING_SIZE; i++)
+                       {
+                               pTxD  = (PTXD_STRUC) pAd->MgmtRing.Cell[i].AllocVa;
+
+                               pPacket = (PNDIS_PACKET) pAd->MgmtRing.Cell[i].pNdisPacket;
+                               // rlease scatter-and-gather NDIS_PACKET
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                               }
+                               pAd->MgmtRing.Cell[i].pNdisPacket = NULL;
+
+                               pPacket = (PNDIS_PACKET) pAd->MgmtRing.Cell[i].pNextNdisPacket;
+                               // release scatter-and-gather NDIS_PACKET
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                       }
+                               pAd->MgmtRing.Cell[i].pNextNdisPacket = NULL;
+
+                       }
+
+                       RTMP_IO_READ32(pAd, TX_MGMTDTX_IDX, &pAd->MgmtRing.TxDmaIdx);
+                       pAd->MgmtRing.TxSwFreeIdx = pAd->MgmtRing.TxDmaIdx;
+                       pAd->MgmtRing.TxCpuIdx = pAd->MgmtRing.TxDmaIdx;
+                       RTMP_IO_WRITE32(pAd, TX_MGMTCTX_IDX, pAd->MgmtRing.TxCpuIdx);
+
+                       NdisReleaseSpinLock(&pAd->MgmtRingLock);
+                       pAd->RalinkCounters.MgmtRingFullCount = 0;
+                       break;
+
+               case QID_RX:
+                       // We have to clean all descriptors in case some error happened with reset
+                       NdisAcquireSpinLock(&pAd->RxRingLock);
+
+                       for (i=0; i<RX_RING_SIZE; i++)
+                       {
+                               pRxD  = (PRXD_STRUC) pAd->RxRing.Cell[i].AllocVa;
+                pRxD->DDONE = 0 ;
+                       }
+
+                       RTMP_IO_READ32(pAd, RX_DRX_IDX, &pAd->RxRing.RxDmaIdx);
+                       pAd->RxRing.RxSwReadIdx = pAd->RxRing.RxDmaIdx;
+                       pAd->RxRing.RxCpuIdx = ((pAd->RxRing.RxDmaIdx == 0) ? (RX_RING_SIZE-1) : (pAd->RxRing.RxDmaIdx-1));
+                       RTMP_IO_WRITE32(pAd, RX_CRX_IDX, pAd->RxRing.RxCpuIdx);
+
+                       NdisReleaseSpinLock(&pAd->RxRingLock);
+                       break;
+
+               default:
+                       break;
+       }
+}
+
+
+VOID RTMPFreeTxRxRingMemory(
+    IN  PRTMP_ADAPTER   pAd)
+{
+       int index, num , j;
+       PRTMP_TX_RING pTxRing;
+       PTXD_STRUC        pTxD;
+       PNDIS_PACKET  pPacket;
+       unsigned int  IrqFlags;
+
+       //POS_COOKIE pObj =(POS_COOKIE) pAd->OS_Cookie;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> RTMPFreeTxRxRingMemory\n"));
+
+       // Free TxSwQueue Packet
+       for (index=0; index <NUM_OF_TX_RING; index++)
+       {
+               PQUEUE_ENTRY pEntry;
+               PNDIS_PACKET pPacket;
+               PQUEUE_HEADER   pQueue;
+
+               RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+               pQueue = &pAd->TxSwQueue[index];
+               while (pQueue->Head)
+               {
+                       pEntry = RemoveHeadQueue(pQueue);
+                       pPacket = QUEUE_ENTRY_TO_PACKET(pEntry);
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+               }
+               RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+       }
+
+       // Free Tx Ring Packet
+       for (index=0;index< NUM_OF_TX_RING;index++)
+       {
+               pTxRing = &pAd->TxRing[index];
+
+               for (j=0; j< TX_RING_SIZE; j++)
+               {
+                       pTxD = (PTXD_STRUC) (pTxRing->Cell[j].AllocVa);
+                       pPacket = pTxRing->Cell[j].pNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+                       //Always assign pNdisPacket as NULL after clear
+                       pTxRing->Cell[j].pNdisPacket = NULL;
+
+                       pPacket = pTxRing->Cell[j].pNextNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+                       //Always assign pNextNdisPacket as NULL after clear
+                       pTxRing->Cell[pTxRing->TxSwFreeIdx].pNextNdisPacket = NULL;
+
+               }
+       }
+
+       for (index = RX_RING_SIZE - 1 ; index >= 0; index--)
+       {
+               if ((pAd->RxRing.Cell[index].DmaBuf.AllocVa) && (pAd->RxRing.Cell[index].pNdisPacket))
+               {
+                       PCI_UNMAP_SINGLE(pAd, pAd->RxRing.Cell[index].DmaBuf.AllocPa, pAd->RxRing.Cell[index].DmaBuf.AllocSize, PCI_DMA_FROMDEVICE);
+                       RELEASE_NDIS_PACKET(pAd, pAd->RxRing.Cell[index].pNdisPacket, NDIS_STATUS_SUCCESS);
+               }
+       }
+       NdisZeroMemory(pAd->RxRing.Cell, RX_RING_SIZE * sizeof(RTMP_DMACB));
+
+       if (pAd->RxDescRing.AllocVa)
+    {
+               RTMP_FreeDescMemory(pAd, pAd->RxDescRing.AllocSize, pAd->RxDescRing.AllocVa, pAd->RxDescRing.AllocPa);
+    }
+    NdisZeroMemory(&pAd->RxDescRing, sizeof(RTMP_DMABUF));
+
+       if (pAd->MgmtDescRing.AllocVa)
+       {
+               RTMP_FreeDescMemory(pAd, pAd->MgmtDescRing.AllocSize, pAd->MgmtDescRing.AllocVa, pAd->MgmtDescRing.AllocPa);
+       }
+       NdisZeroMemory(&pAd->MgmtDescRing, sizeof(RTMP_DMABUF));
+
+       for (num = 0; num < NUM_OF_TX_RING; num++)
+       {
+       if (pAd->TxBufSpace[num].AllocVa)
+               {
+                       RTMP_FreeFirstTxBuffer(pAd, pAd->TxBufSpace[num].AllocSize, FALSE, pAd->TxBufSpace[num].AllocVa, pAd->TxBufSpace[num].AllocPa);
+           }
+           NdisZeroMemory(&pAd->TxBufSpace[num], sizeof(RTMP_DMABUF));
+
+       if (pAd->TxDescRing[num].AllocVa)
+               {
+                       RTMP_FreeDescMemory(pAd, pAd->TxDescRing[num].AllocSize, pAd->TxDescRing[num].AllocVa, pAd->TxDescRing[num].AllocPa);
+           }
+           NdisZeroMemory(&pAd->TxDescRing[num], sizeof(RTMP_DMABUF));
+       }
+
+       if (pAd->FragFrame.pFragPacket)
+               RELEASE_NDIS_PACKET(pAd, pAd->FragFrame.pFragPacket, NDIS_STATUS_SUCCESS);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- RTMPFreeTxRxRingMemory\n"));
+}
+
+
+/***************************************************************************
+  *
+  *    register related procedures.
+  *
+  **************************************************************************/
+/*
+========================================================================
+Routine Description:
+    Disable DMA.
+
+Arguments:
+       *pAd                            the raxx interface data pointer
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+VOID RT28XXDMADisable(
+       IN RTMP_ADAPTER                 *pAd)
+{
+       WPDMA_GLO_CFG_STRUC     GloCfg;
+
+
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+       GloCfg.word &= 0xff0;
+       GloCfg.field.EnTXWriteBackDDONE =1;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Enable DMA.
+
+Arguments:
+       *pAd                            the raxx interface data pointer
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+VOID RT28XXDMAEnable(
+       IN RTMP_ADAPTER                 *pAd)
+{
+       WPDMA_GLO_CFG_STRUC     GloCfg;
+       int i = 0;
+
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x4);
+       do
+       {
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+               if ((GloCfg.field.TxDMABusy == 0)  && (GloCfg.field.RxDMABusy == 0))
+                       break;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("==>  DMABusy\n"));
+               RTMPusecDelay(1000);
+               i++;
+       }while ( i <200);
+
+       RTMPusecDelay(50);
+
+       GloCfg.field.EnTXWriteBackDDONE = 1;
+       GloCfg.field.WPDMABurstSIZE = 2;
+       GloCfg.field.EnableRxDMA = 1;
+       GloCfg.field.EnableTxDMA = 1;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== WRITE DMA offset 0x208 = 0x%x\n", GloCfg.word));
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+
+}
+
+
+BOOLEAN AsicCheckCommanOk(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 Command)
+{
+       UINT32  CmdStatus = 0, CID = 0, i;
+       UINT32  ThisCIDMask = 0;
+
+       i = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, H2M_MAILBOX_CID, &CID);
+               // Find where the command is. Because this is randomly specified by firmware.
+               if ((CID & CID0MASK) == Command)
+               {
+                       ThisCIDMask = CID0MASK;
+                       break;
+               }
+               else if ((((CID & CID1MASK)>>8) & 0xff) == Command)
+               {
+                       ThisCIDMask = CID1MASK;
+                       break;
+               }
+               else if ((((CID & CID2MASK)>>16) & 0xff) == Command)
+               {
+                       ThisCIDMask = CID2MASK;
+                       break;
+               }
+               else if ((((CID & CID3MASK)>>24) & 0xff) == Command)
+               {
+                       ThisCIDMask = CID3MASK;
+                       break;
+               }
+
+               RTMPusecDelay(100);
+               i++;
+       }while (i < 200);
+
+       // Get CommandStatus Value
+       RTMP_IO_READ32(pAd, H2M_MAILBOX_STATUS, &CmdStatus);
+
+       // This command's status is at the same position as command. So AND command position's bitmask to read status.
+       if (i < 200)
+       {
+               // If Status is 1, the comamnd is success.
+               if (((CmdStatus & ThisCIDMask) == 0x1) || ((CmdStatus & ThisCIDMask) == 0x100)
+                       || ((CmdStatus & ThisCIDMask) == 0x10000) || ((CmdStatus & ThisCIDMask) == 0x1000000))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("--> AsicCheckCommanOk CID = 0x%x, CmdStatus= 0x%x \n", CID, CmdStatus));
+                       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_STATUS, 0xffffffff);
+                       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CID, 0xffffffff);
+                       return TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("--> AsicCheckCommanFail1 CID = 0x%x, CmdStatus= 0x%x \n", CID, CmdStatus));
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("--> AsicCheckCommanFail2 Timeout Command = %d, CmdStatus= 0x%x \n", Command, CmdStatus));
+       }
+       // Clear Command and Status.
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_STATUS, 0xffffffff);
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CID, 0xffffffff);
+
+       return FALSE;
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Write Beacon buffer to Asic.
+
+Arguments:
+       *pAd                            the raxx interface data pointer
+
+Return Value:
+       None
+
+Note:
+========================================================================
+*/
+VOID RT28xx_UpdateBeaconToAsic(
+       IN RTMP_ADAPTER         *pAd,
+       IN INT                          apidx,
+       IN ULONG                        FrameLen,
+       IN ULONG                        UpdatePos)
+{
+       ULONG                           CapInfoPos = 0;
+       UCHAR                   *ptr, *ptr_update, *ptr_capinfo;
+       UINT                    i;
+       BOOLEAN                 bBcnReq = FALSE;
+       UCHAR                   bcn_idx = 0;
+
+
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s() : No valid Interface be found.\n", __FUNCTION__));
+               return;
+       }
+
+       //if ((pAd->WdsTab.Mode == WDS_BRIDGE_MODE)
+       //      || ((pAd->ApCfg.MBSSID[apidx].MSSIDDev == NULL)
+       //              || !(pAd->ApCfg.MBSSID[apidx].MSSIDDev->flags & IFF_UP))
+       //      )
+       if (bBcnReq == FALSE)
+       {
+               /* when the ra interface is down, do not send its beacon frame */
+               /* clear all zero */
+               for(i=0; i<TXWI_SIZE; i+=4)
+                       RTMP_IO_WRITE32(pAd, pAd->BeaconOffset[bcn_idx] + i, 0x00);
+       }
+       else
+       {
+               ptr = (PUCHAR)&pAd->BeaconTxWI;
+#ifdef RT_BIG_ENDIAN
+               RTMPWIEndianChange(ptr, TYPE_TXWI);
+#endif
+               for (i=0; i<TXWI_SIZE; i+=4)  // 16-byte TXWI field
+               {
+                       UINT32 longptr =  *ptr + (*(ptr+1)<<8) + (*(ptr+2)<<16) + (*(ptr+3)<<24);
+                       RTMP_IO_WRITE32(pAd, pAd->BeaconOffset[bcn_idx] + i, longptr);
+                       ptr += 4;
+               }
+
+               // Update CapabilityInfo in Beacon
+               for (i = CapInfoPos; i < (CapInfoPos+2); i++)
+               {
+                       RTMP_IO_WRITE8(pAd, pAd->BeaconOffset[bcn_idx] + TXWI_SIZE + i, *ptr_capinfo);
+                       ptr_capinfo ++;
+               }
+
+               if (FrameLen > UpdatePos)
+               {
+                       for (i= UpdatePos; i< (FrameLen); i++)
+                       {
+                               RTMP_IO_WRITE8(pAd, pAd->BeaconOffset[bcn_idx] + TXWI_SIZE + i, *ptr_update);
+                               ptr_update ++;
+                       }
+               }
+
+       }
+
+}
+
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RT28xxPciStaAsicForceWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN       bFromTx)
+{
+    AUTO_WAKEUP_STRUC  AutoWakeupCfg;
+
+    if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+        return;
+
+    if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WAKEUP_NOW))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("waking up now!\n"));
+        return;
+    }
+
+    OPSTATUS_SET_FLAG(pAd, fOP_STATUS_WAKEUP_NOW);
+
+    RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_GO_TO_SLEEP_NOW);
+
+    if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+               &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+    {
+        // Support PCIe Advance Power Save
+       if (bFromTx == TRUE
+                       &&(pAd->Mlme.bPsPollTimerRunning == TRUE))
+       {
+            pAd->Mlme.bPsPollTimerRunning = FALSE;
+               RTMPPCIeLinkCtrlValueRestore(pAd, RESTORE_WAKEUP);
+               RTMPusecDelay(3000);
+            DBGPRINT(RT_DEBUG_TRACE, ("=======AsicForceWakeup===bFromTx\n"));
+       }
+
+               AutoWakeupCfg.word = 0;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+
+        if (RT28xxPciAsicRadioOn(pAd, DOT11POWERSAVE))
+        {
+#ifdef PCIE_PS_SUPPORT
+                       // add by johnli, RF power sequence setup, load RF normal operation-mode setup
+                       if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd))
+                       {
+                               RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+
+                               if (pChipOps->AsicReverseRfFromSleepMode)
+                                       pChipOps->AsicReverseRfFromSleepMode(pAd);
+                       }
+                       else
+#endif // PCIE_PS_SUPPORT //
+                       {
+                       // end johnli
+                               // In Radio Off, we turn off RF clk, So now need to call ASICSwitchChannel again.
+                               if (INFRA_ON(pAd) && (pAd->CommonCfg.CentralChannel != pAd->CommonCfg.Channel)
+                                       && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+                               {
+                                       // Must using 40MHz.
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+                               }
+                               else
+                               {
+                                       // Must using 20MHz.
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                               }
+                       }
+        }
+#ifdef PCIE_PS_SUPPORT
+               // 3090 MCU Wakeup command needs more time to be stable.
+               // Before stable, don't issue other MCU command to prevent from firmware error.
+               if (((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)) && IS_VERSION_AFTER_F(pAd)
+                       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+                       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+                       {
+                       DBGPRINT(RT_DEBUG_TRACE, ("<==RT28xxPciStaAsicForceWakeup::Release the MCU Lock(3090)\n"));
+                       RTMP_SEM_LOCK(&pAd->McuCmdLock);
+                       pAd->brt30xxBanMcuCmd = FALSE;
+                       RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+                       }
+#endif // PCIE_PS_SUPPORT //
+    }
+    else
+    {
+        // PCI, 2860-PCIe
+         DBGPRINT(RT_DEBUG_TRACE, ("<==RT28xxPciStaAsicForceWakeup::Original PCI Power Saving\n"));
+        AsicSendCommandToMcu(pAd, 0x31, 0xff, 0x00, 0x02);
+        AutoWakeupCfg.word = 0;
+           RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+    }
+
+    OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+    OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_WAKEUP_NOW);
+    DBGPRINT(RT_DEBUG_TRACE, ("<=======RT28xxPciStaAsicForceWakeup\n"));
+}
+
+
+VOID RT28xxPciStaAsicSleepThenAutoWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT TbttNumToNextWakeUp)
+{
+       BOOLEAN brc;
+
+       if (pAd->StaCfg.bRadio == FALSE)
+       {
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+               return;
+       }
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+               &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+       {
+               ULONG   Now = 0;
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WAKEUP_NOW))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("waking up now!\n"));
+                       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+                       return;
+               }
+
+               NdisGetSystemUpTime(&Now);
+               // If last send NULL fram time is too close to this receiving beacon (within 8ms), don't go to sleep for this DTM.
+               // Because Some AP can't queuing outgoing frames immediately.
+               if (((pAd->Mlme.LastSendNULLpsmTime + 8) >= Now) && (pAd->Mlme.LastSendNULLpsmTime <= Now))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Now = %lu, LastSendNULLpsmTime=%lu :  RxCountSinceLastNULL = %lu. \n", Now, pAd->Mlme.LastSendNULLpsmTime, pAd->RalinkCounters.RxCountSinceLastNULL));
+                       return;
+               }
+               else if ((pAd->RalinkCounters.RxCountSinceLastNULL > 0) && ((pAd->Mlme.LastSendNULLpsmTime + pAd->CommonCfg.BeaconPeriod) >= Now))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Now = %lu, LastSendNULLpsmTime=%lu: RxCountSinceLastNULL = %lu > 0 \n", Now, pAd->Mlme.LastSendNULLpsmTime,  pAd->RalinkCounters.RxCountSinceLastNULL));
+                       return;
+               }
+
+               brc = RT28xxPciAsicRadioOff(pAd, DOT11POWERSAVE, TbttNumToNextWakeUp);
+               if (brc==TRUE)
+                       OPSTATUS_SET_FLAG(pAd, fOP_STATUS_DOZE);
+       }
+       else
+       {
+               AUTO_WAKEUP_STRUC       AutoWakeupCfg;
+               // we have decided to SLEEP, so at least do it for a BEACON period.
+               if (TbttNumToNextWakeUp == 0)
+                       TbttNumToNextWakeUp = 1;
+
+               //RTMP_IO_WRITE32(pAd, INT_MASK_CSR, AutoWakeupInt);
+
+               AutoWakeupCfg.word = 0;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+               AutoWakeupCfg.field.NumofSleepingTbtt = TbttNumToNextWakeUp - 1;
+               AutoWakeupCfg.field.EnableAutoWakeup = 1;
+               AutoWakeupCfg.field.AutoLeadTime = 5;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+               AsicSendCommandToMcu(pAd, 0x30, 0xff, 0xff, 0x00);   // send POWER-SAVE command to MCU. Timeout 40us.
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_DOZE);
+               DBGPRINT(RT_DEBUG_TRACE, ("<-- %s, TbttNumToNextWakeUp=%d \n", __FUNCTION__, TbttNumToNextWakeUp));
+       }
+
+}
+
+
+VOID PsPollWakeExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+       unsigned long flags;
+
+    DBGPRINT(RT_DEBUG_TRACE,("-->PsPollWakeExec \n"));
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+    if (pAd->Mlme.bPsPollTimerRunning)
+    {
+           RTMPPCIeLinkCtrlValueRestore(pAd, RESTORE_WAKEUP);
+    }
+    pAd->Mlme.bPsPollTimerRunning = FALSE;
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+#ifdef PCIE_PS_SUPPORT
+       // For rt30xx power solution 3, Use software timer to wake up in psm. So call
+       // AsicForceWakeup here instead of handling twakeup interrupt.
+       if (((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd))
+       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("<--PsPollWakeExec::3090 calls AsicForceWakeup(pAd, DOT11POWERSAVE) in advance \n"));
+               AsicForceWakeup(pAd, DOT11POWERSAVE);
+       }
+
+#endif // PCIE_PS_SUPPORT //
+}
+
+VOID  RadioOnExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+       RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+       WPDMA_GLO_CFG_STRUC     DmaCfg;
+       BOOLEAN                         Cancelled;
+
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("-->RadioOnExec() return on fOP_STATUS_DOZE == TRUE; \n"));
+//KH Debug: Add the compile flag "RT2860 and condition
+#ifdef RTMP_PCI_SUPPORT
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+                       &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               RTMPSetTimer(&pAd->Mlme.RadioOnOffTimer, 10);
+#endif // RTMP_PCI_SUPPORT //
+               return;
+       }
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("-->RadioOnExec() return on SCAN_IN_PROGRESS; \n"));
+
+
+#ifdef RTMP_PCI_SUPPORT
+if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+       &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               RTMPSetTimer(&pAd->Mlme.RadioOnOffTimer, 10);
+#endif // RTMP_PCI_SUPPORT //
+               return;
+       }
+//KH Debug: need to check. I add the compile flag "CONFIG_STA_SUPPORT" to enclose the following codes.
+#ifdef RTMP_PCI_SUPPORT
+if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+       &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+       {
+       pAd->Mlme.bPsPollTimerRunning = FALSE;
+       RTMPCancelTimer(&pAd->Mlme.PsPollTimer, &Cancelled);
+       }
+#endif // RTMP_PCI_SUPPORT //
+       if (pAd->StaCfg.bRadio == TRUE)
+       {
+               pAd->bPCIclkOff = FALSE;
+               RTMPRingCleanUp(pAd, QID_AC_BK);
+               RTMPRingCleanUp(pAd, QID_AC_BE);
+               RTMPRingCleanUp(pAd, QID_AC_VI);
+               RTMPRingCleanUp(pAd, QID_AC_VO);
+               /*RTMPRingCleanUp(pAd, QID_HCCA);*/
+               RTMPRingCleanUp(pAd, QID_MGMT);
+               RTMPRingCleanUp(pAd, QID_RX);
+
+               // 2. Send wake up command.
+               AsicSendCommandToMcu(pAd, 0x31, PowerWakeCID, 0x00, 0x02);
+               // 2-1. wait command ok.
+               AsicCheckCommanOk(pAd, PowerWakeCID);
+
+               // When PCI clock is off, don't want to service interrupt. So when back to clock on, enable interrupt.
+               //RTMP_IO_WRITE32(pAd, INT_MASK_CSR, (DELAYINTMASK|RxINT));
+               RTMP_ASIC_INTERRUPT_ENABLE(pAd);
+
+               // 3. Enable Tx DMA.
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &DmaCfg.word);
+               DmaCfg.field.EnableTxDMA = 1;
+               RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, DmaCfg.word);
+
+               // In Radio Off, we turn off RF clk, So now need to call ASICSwitchChannel again.
+               if (INFRA_ON(pAd) && (pAd->CommonCfg.CentralChannel != pAd->CommonCfg.Channel)
+                       && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+               {
+                       // Must using 40MHz.
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+               }
+               else
+               {
+                       // Must using 20MHz.
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+               }
+//KH Debug:The following codes should be enclosed by RT3090 compile flag
+               if (pChipOps->AsicReverseRfFromSleepMode)
+                       pChipOps->AsicReverseRfFromSleepMode(pAd);
+#ifdef PCIE_PS_SUPPORT
+#ifdef CONFIG_STA_SUPPORT
+// 3090 MCU Wakeup command needs more time to be stable.
+// Before stable, don't issue other MCU command to prevent from firmware error.
+if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+       {
+       RTMP_SEM_LOCK(&pAd->McuCmdLock);
+       pAd->brt30xxBanMcuCmd = FALSE;
+       RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+       }
+#endif // CONFIG_STA_SUPPORT //
+#endif // PCIE_PS_SUPPORT //
+               // Clear Radio off flag
+               RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+
+               // Set LED
+               RTMPSetLED(pAd, LED_RADIO_ON);
+
+        if (pAd->StaCfg.Psm == PWR_ACTIVE)
+        {
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, pAd->StaCfg.BBPR3);
+        }
+       }
+       else
+       {
+               RT28xxPciAsicRadioOff(pAd, GUIRADIO_OFF, 0);
+       }
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+/*
+       ==========================================================================
+       Description:
+               This routine sends command to firmware and turn our chip to wake up mode from power save mode.
+               Both RadioOn and .11 power save function needs to call this routine.
+       Input:
+               Level = GUIRADIO_OFF : call this function is from Radio Off to Radio On.  Need to restore PCI host value.
+               Level = other value : normal wake up function.
+
+       ==========================================================================
+ */
+BOOLEAN RT28xxPciAsicRadioOn(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR     Level)
+{
+    //WPDMA_GLO_CFG_STRUC      DmaCfg;
+#ifdef CONFIG_STA_SUPPORT
+       BOOLEAN                         Cancelled;
+#endif // CONFIG_STA_SUPPORT //
+    //UINT32                       MACValue;
+
+       if (pAd->OpMode == OPMODE_AP && Level==DOT11POWERSAVE)
+               return FALSE;
+
+#ifdef CONFIG_STA_SUPPORT
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+       {
+               if (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               {
+           pAd->Mlme.bPsPollTimerRunning = FALSE;
+               RTMPCancelTimer(&pAd->Mlme.PsPollTimer, &Cancelled);
+               }
+               if ((pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)&&
+               ((Level == GUIRADIO_OFF) || (Level == GUI_IDLE_POWER_SAVE))
+               ||(RTMP_TEST_PSFLAG(pAd, fRTMP_PS_SET_PCI_CLK_OFF_COMMAND)))
+               {
+                       // Some chips don't need to delay 6ms, so copy RTMPPCIePowerLinkCtrlRestore
+                       // return condition here.
+                       /*
+                       if (((pAd->MACVersion&0xffff0000) != 0x28600000)
+                               && ((pAd->DeviceID == NIC2860_PCIe_DEVICE_ID)
+                               ||(pAd->DeviceID == NIC2790_PCIe_DEVICE_ID)))
+                       */
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("RT28xxPciAsicRadioOn ()\n"));
+                       // 1. Set PCI Link Control in Configuration Space.
+                       RTMPPCIeLinkCtrlValueRestore(pAd, RESTORE_WAKEUP);
+                       RTMPusecDelay(6000);
+               }
+       }
+       }
+
+#ifdef PCIE_PS_SUPPORT
+if (!(((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))))
+#endif // PCIE_PS_SUPPORT //
+       {
+    pAd->bPCIclkOff = FALSE;
+               DBGPRINT(RT_DEBUG_TRACE, ("PSM :309xbPCIclkOff == %d\n", pAd->bPCIclkOff));
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+       // 2. Send wake up command.
+       AsicSendCommandToMcu(pAd, 0x31, PowerWakeCID, 0x00, 0x02);
+       pAd->bPCIclkOff = FALSE;
+       // 2-1. wait command ok.
+       AsicCheckCommanOk(pAd, PowerWakeCID);
+       RTMP_ASIC_INTERRUPT_ENABLE(pAd);
+
+
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+       if (Level == GUI_IDLE_POWER_SAVE)
+       {
+#ifdef  PCIE_PS_SUPPORT
+
+                       // add by johnli, RF power sequence setup, load RF normal operation-mode setup
+                       if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)))
+                       {
+                               RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+
+                               if (pChipOps->AsicReverseRfFromSleepMode)
+                                       pChipOps->AsicReverseRfFromSleepMode(pAd);
+#ifdef CONFIG_STA_SUPPORT
+                               // 3090 MCU Wakeup command needs more time to be stable.
+                               // Before stable, don't issue other MCU command to prevent from firmware error.
+                               if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+                                       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+                                       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+                                       {
+                                               RTMP_SEM_LOCK(&pAd->McuCmdLock);
+                                               pAd->brt30xxBanMcuCmd = FALSE;
+                                               RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+                                       }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+                       else
+                       // end johnli
+#endif // PCIE_PS_SUPPORT //
+                       {
+                       // In Radio Off, we turn off RF clk, So now need to call ASICSwitchChannel again.
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                               if (INFRA_ON(pAd) && (pAd->CommonCfg.CentralChannel != pAd->CommonCfg.Channel)
+                                       && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+                               {
+                                       // Must using 40MHz.
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+                               }
+                               else
+                               {
+                                       // Must using 20MHz.
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                               }
+                               }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+       }
+        return TRUE;
+
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               This routine sends command to firmware and turn our chip to power save mode.
+               Both RadioOff and .11 power save function needs to call this routine.
+       Input:
+               Level = GUIRADIO_OFF  : GUI Radio Off mode
+               Level = DOT11POWERSAVE  : 802.11 power save mode
+               Level = RTMP_HALT  : When Disable device.
+
+       ==========================================================================
+ */
+BOOLEAN RT28xxPciAsicRadioOff(
+       IN PRTMP_ADAPTER    pAd,
+       IN UCHAR            Level,
+       IN USHORT           TbttNumToNextWakeUp)
+{
+#ifdef CONFIG_STA_SUPPORT
+       WPDMA_GLO_CFG_STRUC     DmaCfg;
+       UCHAR           i, tempBBP_R3 = 0;
+#endif // CONFIG_STA_SUPPORT //
+       BOOLEAN         brc = FALSE, Cancelled;
+    UINT32             TbTTTime = 0;
+       UINT32          PsPollTime = 0/*, MACValue*/;
+    ULONG              BeaconPeriodTime;
+    UINT32             RxDmaIdx, RxCpuIdx;
+       DBGPRINT(RT_DEBUG_TRACE, ("AsicRadioOff ===> Lv= %d, TxCpuIdx = %d, TxDmaIdx = %d. RxCpuIdx = %d, RxDmaIdx = %d.\n", Level,pAd->TxRing[0].TxCpuIdx, pAd->TxRing[0].TxDmaIdx, pAd->RxRing.RxCpuIdx, pAd->RxRing.RxDmaIdx));
+
+       if (pAd->OpMode == OPMODE_AP && Level==DOT11POWERSAVE)
+               return FALSE;
+
+    // Check Rx DMA busy status, if more than half is occupied, give up this radio off.
+       RTMP_IO_READ32(pAd, RX_DRX_IDX , &RxDmaIdx);
+       RTMP_IO_READ32(pAd, RX_CRX_IDX , &RxCpuIdx);
+       if ((RxDmaIdx > RxCpuIdx) && ((RxDmaIdx - RxCpuIdx) > RX_RING_SIZE/3))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("AsicRadioOff ===> return1. RxDmaIdx = %d ,  RxCpuIdx = %d. \n", RxDmaIdx, RxCpuIdx));
+               return FALSE;
+       }
+       else if ((RxCpuIdx >= RxDmaIdx) && ((RxCpuIdx - RxDmaIdx) < RX_RING_SIZE/3))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("AsicRadioOff ===> return2.  RxCpuIdx = %d. RxDmaIdx = %d ,  \n", RxCpuIdx, RxDmaIdx));
+               return FALSE;
+       }
+
+    // Once go into this function, disable tx because don't want too many packets in queue to prevent HW stops.
+       //pAd->bPCIclkOffDisableTx = TRUE;
+       RTMP_SET_PSFLAG(pAd, fRTMP_PS_DISABLE_TX);
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+               && pAd->OpMode == OPMODE_STA
+#ifdef CONFIG_STA_SUPPORT
+               &&pAd->StaCfg.PSControl.field.EnableNewPS == TRUE
+#endif // CONFIG_STA_SUPPORT //
+               )
+       {
+
+           RTMPCancelTimer(&pAd->Mlme.RadioOnOffTimer, &Cancelled);
+           RTMPCancelTimer(&pAd->Mlme.PsPollTimer,     &Cancelled);
+
+           if (Level == DOT11POWERSAVE)
+               {
+                       RTMP_IO_READ32(pAd, TBTT_TIMER, &TbTTTime);
+                       TbTTTime &= 0x1ffff;
+                       // 00. check if need to do sleep in this DTIM period.   If next beacon will arrive within 30ms , ...doesn't necessarily sleep.
+                       // TbTTTime uint = 64us, LEAD_TIME unit = 1024us, PsPollTime unit = 1ms
+               if  (((64*TbTTTime) <((LEAD_TIME*1024) + 40000)) && (TbttNumToNextWakeUp == 0))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("TbTTTime = 0x%x , give up this sleep. \n", TbTTTime));
+                   OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+                   //pAd->bPCIclkOffDisableTx = FALSE;
+                   RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_DISABLE_TX);
+                               return FALSE;
+                       }
+                       else
+                       {
+                               PsPollTime = (64*TbTTTime- LEAD_TIME*1024)/1000;
+#ifdef PCIE_PS_SUPPORT
+#ifdef CONFIG_STA_SUPPORT
+                               if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+                               && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+                               && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+                               {
+                                                       PsPollTime -= 5;
+                               }
+                               else
+#endif // CONFIG_STA_SUPPORT //
+#endif // PCIE_PS_SUPPORT //
+                               PsPollTime -= 3;
+
+                   BeaconPeriodTime = pAd->CommonCfg.BeaconPeriod*102/100;
+                               if (TbttNumToNextWakeUp > 0)
+                                       PsPollTime += ((TbttNumToNextWakeUp -1) * BeaconPeriodTime);
+
+                   pAd->Mlme.bPsPollTimerRunning = TRUE;
+                               RTMPSetTimer(&pAd->Mlme.PsPollTimer, PsPollTime);
+                       }
+               }
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("RT28xxPciAsicRadioOff::Level!=DOT11POWERSAVE \n"));
+       }
+
+       pAd->bPCIclkOffDisableTx = FALSE;
+    RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+
+#ifdef CONFIG_STA_SUPPORT
+    // Set to 1R.
+       if (pAd->Antenna.field.RxPath > 1 && pAd->OpMode == OPMODE_STA)
+       {
+    tempBBP_R3 = (pAd->StaCfg.BBPR3 & 0xE7);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, tempBBP_R3);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // In Radio Off, we turn off RF clk, So now need to call ASICSwitchChannel again.
+       if ((INFRA_ON(pAd) || pAd->OpMode == OPMODE_AP) && (pAd->CommonCfg.CentralChannel != pAd->CommonCfg.Channel)
+               && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+       {
+               // Must using 40MHz.
+               AsicTurnOffRFClk(pAd, pAd->CommonCfg.CentralChannel);
+       }
+       else
+       {
+               // Must using 20MHz.
+               AsicTurnOffRFClk(pAd, pAd->CommonCfg.Channel);
+       }
+
+       if (Level != RTMP_HALT)
+       {
+               // Change Interrupt bitmask.
+    // When PCI clock is off, don't want to service interrupt.
+       RTMP_IO_WRITE32(pAd, INT_MASK_CSR, AutoWakeupInt);
+       }
+       else
+       {
+               RTMP_ASIC_INTERRUPT_DISABLE(pAd);
+       }
+
+
+       RTMP_IO_WRITE32(pAd, RX_CRX_IDX, pAd->RxRing.RxCpuIdx);
+       //  2. Send Sleep command
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_STATUS, 0xffffffff);
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CID, 0xffffffff);
+       // send POWER-SAVE command to MCU. high-byte = 1 save power as much as possible. high byte = 0 save less power
+       AsicSendCommandToMcu(pAd, 0x30, PowerSafeCID, 0xff, 0x1);
+       //  2-1. Wait command success
+       // Status = 1 : success, Status = 2, already sleep, Status = 3, Maybe MAC is busy so can't finish this task.
+       brc = AsicCheckCommanOk(pAd, PowerSafeCID);
+
+       //  3. After 0x30 command is ok, send radio off command. lowbyte = 0 for power safe.
+       // If 0x30 command is not ok this time, we can ignore 0x35 command. It will make sure not cause firmware'r problem.
+       if ((Level == DOT11POWERSAVE) && (brc == TRUE))
+       {
+               AsicSendCommandToMcu(pAd, 0x35, PowerRadioOffCID, 0, 0x00);     // lowbyte = 0 means to do power safe, NOT turn off radio.
+               //  3-1. Wait command success
+               AsicCheckCommanOk(pAd, PowerRadioOffCID);
+       }
+       else if (brc == TRUE)
+       {
+               AsicSendCommandToMcu(pAd, 0x35, PowerRadioOffCID, 1, 0x00);     // lowbyte = 0 means to do power safe, NOT turn off radio.
+               //  3-1. Wait command success
+               AsicCheckCommanOk(pAd, PowerRadioOffCID);
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       // 1. Wait DMA not busy
+       i = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &DmaCfg.word);
+               if ((DmaCfg.field.RxDMABusy == 0) && (DmaCfg.field.TxDMABusy == 0))
+                       break;
+               RTMPusecDelay(20);
+               i++;
+       }while(i < 50);
+
+       /*
+       if (i >= 50)
+       {
+               pAd->CheckDmaBusyCount++;
+               DBGPRINT(RT_DEBUG_TRACE, ("DMA Rx keeps busy.  return on AsicRadioOff () CheckDmaBusyCount = %d \n", pAd->CheckDmaBusyCount));
+       }
+       else
+       {
+               pAd->CheckDmaBusyCount = 0;
+       }
+       */
+#endif // CONFIG_STA_SUPPORT //
+//KH Debug:My original codes have the follwoing codes, but currecnt codes do not have it.
+// Disable for stability. If PCIE Link Control is modified for advance power save, re-covery this code segment.
+RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0x1280);
+//OPSTATUS_SET_FLAG(pAd, fOP_STATUS_CLKSELECT_40MHZ);
+
+#ifdef PCIE_PS_SUPPORT
+#ifdef CONFIG_STA_SUPPORT
+if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+       {
+       DBGPRINT(RT_DEBUG_TRACE, ("RT28xxPciAsicRadioOff::3090 return to skip the following TbttNumToNextWakeUp setting for 279x\n"));
+       pAd->bPCIclkOff = TRUE;
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_DISABLE_TX);
+       // For this case, doesn't need to below actions, so return here.
+       return brc;
+       }
+#endif // CONFIG_STA_SUPPORT //
+#endif // PCIE_PS_SUPPORT //
+       if (Level == DOT11POWERSAVE)
+       {
+               AUTO_WAKEUP_STRUC       AutoWakeupCfg;
+               //RTMPSetTimer(&pAd->Mlme.PsPollTimer, 90);
+
+               // we have decided to SLEEP, so at least do it for a BEACON period.
+               if (TbttNumToNextWakeUp == 0)
+                       TbttNumToNextWakeUp = 1;
+
+               AutoWakeupCfg.word = 0;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+
+               // 1. Set auto wake up timer.
+               AutoWakeupCfg.field.NumofSleepingTbtt = TbttNumToNextWakeUp - 1;
+               AutoWakeupCfg.field.EnableAutoWakeup = 1;
+               AutoWakeupCfg.field.AutoLeadTime = LEAD_TIME;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       //  4-1. If it's to disable our device. Need to restore PCI Configuration Space to its original value.
+       if (Level == RTMP_HALT && pAd->OpMode == OPMODE_STA)
+       {
+               if ((brc == TRUE) && (i < 50))
+                       RTMPPCIeLinkCtrlSetting(pAd, 1);
+       }
+       //  4. Set PCI configuration Space Link Comtrol fields.  Only Radio Off needs to call this function
+       else if (pAd->OpMode == OPMODE_STA)
+       {
+               if ((brc == TRUE) && (i < 50))
+                       RTMPPCIeLinkCtrlSetting(pAd, 3);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       //pAd->bPCIclkOffDisableTx = FALSE;
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_DISABLE_TX);
+       return TRUE;
+}
+
+
+
+
+VOID RT28xxPciMlmeRadioOn(
+       IN PRTMP_ADAPTER pAd)
+{
+    if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
+               return;
+
+    DBGPRINT(RT_DEBUG_TRACE,("%s===>\n", __FUNCTION__));
+
+    if ((pAd->OpMode == OPMODE_AP) ||
+        ((pAd->OpMode == OPMODE_STA)
+        && (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+#ifdef CONFIG_STA_SUPPORT
+        ||pAd->StaCfg.PSControl.field.EnableNewPS == FALSE
+#endif // CONFIG_STA_SUPPORT //
+        )))
+    {
+       RT28xxPciAsicRadioOn(pAd, GUI_IDLE_POWER_SAVE);
+       //NICResetFromError(pAd);
+
+       RTMPRingCleanUp(pAd, QID_AC_BK);
+       RTMPRingCleanUp(pAd, QID_AC_BE);
+       RTMPRingCleanUp(pAd, QID_AC_VI);
+       RTMPRingCleanUp(pAd, QID_AC_VO);
+       /*RTMPRingCleanUp(pAd, QID_HCCA);*/
+       RTMPRingCleanUp(pAd, QID_MGMT);
+       RTMPRingCleanUp(pAd, QID_RX);
+
+       // Enable Tx/Rx
+       RTMPEnableRxTx(pAd);
+
+       // Clear Radio off flag
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+           // Set LED
+           RTMPSetLED(pAd, LED_RADIO_ON);
+    }
+
+#ifdef CONFIG_STA_SUPPORT
+    if ((pAd->OpMode == OPMODE_STA) &&
+        (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+        &&(pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+    {
+        BOOLEAN                Cancelled;
+
+       RTMPPCIeLinkCtrlValueRestore(pAd, RESTORE_WAKEUP);
+
+        pAd->Mlme.bPsPollTimerRunning = FALSE;
+       RTMPCancelTimer(&pAd->Mlme.PsPollTimer, &Cancelled);
+       RTMPCancelTimer(&pAd->Mlme.RadioOnOffTimer,     &Cancelled);
+       RTMPSetTimer(&pAd->Mlme.RadioOnOffTimer, 40);
+    }
+#endif // CONFIG_STA_SUPPORT //
+}
+
+
+VOID RT28xxPciMlmeRadioOFF(
+       IN PRTMP_ADAPTER pAd)
+{
+       BOOLEAN brc=TRUE;
+
+    if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
+       return;
+
+#ifdef CONFIG_STA_SUPPORT
+       // Link down first if any association exists
+       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST))
+       {
+               if (INFRA_ON(pAd) || ADHOC_ON(pAd))
+               {
+                       MLME_DISASSOC_REQ_STRUCT DisReq;
+                       MLME_QUEUE_ELEM *pMsgElem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+
+                       if (pMsgElem)
+                       {
+                               COPY_MAC_ADDR(&DisReq.Addr, pAd->CommonCfg.Bssid);
+                               DisReq.Reason =  REASON_DISASSOC_STA_LEAVING;
+
+                               pMsgElem->Machine = ASSOC_STATE_MACHINE;
+                               pMsgElem->MsgType = MT2_MLME_DISASSOC_REQ;
+                               pMsgElem->MsgLen = sizeof(MLME_DISASSOC_REQ_STRUCT);
+                               NdisMoveMemory(pMsgElem->Msg, &DisReq, sizeof(MLME_DISASSOC_REQ_STRUCT));
+
+                               MlmeDisassocReqAction(pAd, pMsgElem);
+                               kfree(pMsgElem);
+
+                               RTMPusecDelay(1000);
+                       }
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+    DBGPRINT(RT_DEBUG_TRACE,("%s===>\n", __FUNCTION__));
+
+       // Set LED
+       //RTMPSetLED(pAd, LED_RADIO_OFF);
+       // Set Radio off flag
+       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+    {
+       BOOLEAN         Cancelled;
+       if (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               {
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+       {
+                       RTMPCancelTimer(&pAd->MlmeAux.ScanTimer, &Cancelled);
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+       }
+                       // If during power safe mode.
+                       if (pAd->StaCfg.bRadio == TRUE)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("-->MlmeRadioOff() return on bRadio == TRUE; \n"));
+                               return;
+                       }
+                       // Always radio on since the NIC needs to set the MCU command (LED_RADIO_OFF).
+                       if (IDLE_ON(pAd) &&
+                               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF)))
+                       {
+                               RT28xxPciAsicRadioOn(pAd, GUI_IDLE_POWER_SAVE);
+                       }
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+        {
+            BOOLEAN Cancelled;
+            pAd->Mlme.bPsPollTimerRunning = FALSE;
+            RTMPCancelTimer(&pAd->Mlme.PsPollTimer,    &Cancelled);
+               RTMPCancelTimer(&pAd->Mlme.RadioOnOffTimer,     &Cancelled);
+        }
+               }
+
+        // Link down first if any association exists
+        if (INFRA_ON(pAd) || ADHOC_ON(pAd))
+            LinkDown(pAd, FALSE);
+        RTMPusecDelay(10000);
+        //==========================================
+        // Clean up old bss table
+        BssTableInit(&pAd->ScanTab);
+
+        /*
+        if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+        {
+            RTMPSetTimer(&pAd->Mlme.RadioOnOffTimer, 10);
+            return;
+        }
+        */
+    }
+#endif // CONFIG_STA_SUPPORT //
+       // Set LED.Move to here for fixing LED bug. This flag must be called after LinkDown
+       RTMPSetLED(pAd, LED_RADIO_OFF);
+
+#ifdef CONFIG_STA_SUPPORT
+//KH Debug:All PCIe devices need to use timer to execute radio off function, or the PCIe&&EnableNewPS needs.
+//KH Ans:It is right, because only when the PCIe and EnableNewPs is true, we need to delay the RadioOffTimer
+//to avoid the deadlock with PCIe Power saving function.
+if (pAd->OpMode == OPMODE_STA&&
+       OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)&&
+       pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+       {
+       RTMPSetTimer(&pAd->Mlme.RadioOnOffTimer, 10);
+       }
+else
+#endif // CONFIG_STA_SUPPORT //
+{
+
+
+       brc=RT28xxPciAsicRadioOff(pAd, GUIRADIO_OFF, 0);
+
+       if (brc==FALSE)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("%s call RT28xxPciAsicRadioOff fail !!\n", __FUNCTION__));
+       }
+}
+/*
+       // Disable Tx/Rx DMA
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);          // disable DMA
+       GloCfg.field.EnableTxDMA = 0;
+       GloCfg.field.EnableRxDMA = 0;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);          // abort all TX rings
+
+
+       // MAC_SYS_CTRL => value = 0x0 => 40mA
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0);
+
+       // PWR_PIN_CFG => value = 0x0 => 40mA
+       RTMP_IO_WRITE32(pAd, PWR_PIN_CFG, 0);
+
+       // TX_PIN_CFG => value = 0x0 => 20mA
+       RTMP_IO_WRITE32(pAd, TX_PIN_CFG, 0);
+
+       if (pAd->CommonCfg.BBPCurrentBW == BW_40)
+       {
+               // Must using 40MHz.
+               AsicTurnOffRFClk(pAd, pAd->CommonCfg.CentralChannel);
+       }
+       else
+       {
+               // Must using 20MHz.
+               AsicTurnOffRFClk(pAd, pAd->CommonCfg.Channel);
+       }
+
+       // Waiting for DMA idle
+       i = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+               if ((GloCfg.field.TxDMABusy == 0) && (GloCfg.field.RxDMABusy == 0))
+                       break;
+
+               RTMPusecDelay(1000);
+       }while (i++ < 100);
+*/
+}
+
+#endif // RTMP_MAC_PCI //
diff --git a/drivers/staging/rt3090/common/cmm_profile.c b/drivers/staging/rt3090/common/cmm_profile.c
new file mode 100644 (file)
index 0000000..5803f42
--- /dev/null
@@ -0,0 +1,2321 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       cmm_profile.c
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#include "../rt_config.h"
+
+
+#define ETH_MAC_ADDR_STR_LEN 17  // in format of xx:xx:xx:xx:xx:xx
+
+// We assume the s1 is a sting, s2 is a memory space with 6 bytes. and content of s1 will be changed.
+BOOLEAN rtstrmactohex(PSTRING s1, PSTRING s2)
+{
+       int i = 0;
+       PSTRING ptokS = s1, ptokE = s1;
+
+       if (strlen(s1) != ETH_MAC_ADDR_STR_LEN)
+               return FALSE;
+
+       while((*ptokS) != '\0')
+       {
+               if((ptokE = strchr(ptokS, ':')) != NULL)
+                       *ptokE++ = '\0';
+               if ((strlen(ptokS) != 2) || (!isxdigit(*ptokS)) || (!isxdigit(*(ptokS+1))))
+                       break; // fail
+               AtoH(ptokS, (PUCHAR)&s2[i++], 1);
+               ptokS = ptokE;
+               if (i == 6)
+                       break; // parsing finished
+       }
+
+       return ( i == 6 ? TRUE : FALSE);
+
+}
+
+
+// we assume the s1 and s2 both are strings.
+BOOLEAN rtstrcasecmp(PSTRING s1, PSTRING s2)
+{
+       PSTRING p1 = s1, p2 = s2;
+
+       if (strlen(s1) != strlen(s2))
+               return FALSE;
+
+       while(*p1 != '\0')
+       {
+               if((*p1 != *p2) && ((*p1 ^ *p2) != 0x20))
+                       return FALSE;
+               p1++;
+               p2++;
+       }
+
+       return TRUE;
+}
+
+// we assume the s1 (buffer) and s2 (key) both are strings.
+PSTRING rtstrstruncasecmp(PSTRING s1, PSTRING s2)
+{
+       INT l1, l2, i;
+       char temp1, temp2;
+
+       l2 = strlen(s2);
+       if (!l2)
+               return (char *) s1;
+
+       l1 = strlen(s1);
+
+       while (l1 >= l2)
+       {
+               l1--;
+
+               for(i=0; i<l2; i++)
+               {
+                       temp1 = *(s1+i);
+                       temp2 = *(s2+i);
+
+                       if (('a' <= temp1) && (temp1 <= 'z'))
+                               temp1 = 'A'+(temp1-'a');
+                       if (('a' <= temp2) && (temp2 <= 'z'))
+                               temp2 = 'A'+(temp2-'a');
+
+                       if (temp1 != temp2)
+                               break;
+               }
+
+               if (i == l2)
+                       return (char *) s1;
+
+               s1++;
+       }
+
+       return NULL; // not found
+}
+
+//add by kathy
+
+ /**
+  * strstr - Find the first substring in a %NUL terminated string
+  * @s1: The string to be searched
+  * @s2: The string to search for
+  */
+PSTRING rtstrstr(PSTRING s1,const PSTRING s2)
+{
+       INT l1, l2;
+
+       l2 = strlen(s2);
+       if (!l2)
+               return s1;
+
+       l1 = strlen(s1);
+
+       while (l1 >= l2)
+       {
+               l1--;
+               if (!memcmp(s1,s2,l2))
+                       return s1;
+               s1++;
+       }
+
+       return NULL;
+}
+
+/**
+ * rstrtok - Split a string into tokens
+ * @s: The string to be searched
+ * @ct: The characters to search for
+ * * WARNING: strtok is deprecated, use strsep instead. However strsep is not compatible with old architecture.
+ */
+PSTRING __rstrtok;
+PSTRING rstrtok(PSTRING s,const PSTRING ct)
+{
+       PSTRING sbegin, send;
+
+       sbegin  = s ? s : __rstrtok;
+       if (!sbegin)
+       {
+               return NULL;
+       }
+
+       sbegin += strspn(sbegin,ct);
+       if (*sbegin == '\0')
+       {
+               __rstrtok = NULL;
+               return( NULL );
+       }
+
+       send = strpbrk( sbegin, ct);
+       if (send && *send != '\0')
+               *send++ = '\0';
+
+       __rstrtok = send;
+
+       return (sbegin);
+}
+
+/**
+ * delimitcnt - return the count of a given delimiter in a given string.
+ * @s: The string to be searched.
+ * @ct: The delimiter to search for.
+ * Notice : We suppose the delimiter is a single-char string(for example : ";").
+ */
+INT delimitcnt(PSTRING s,PSTRING ct)
+{
+       INT count = 0;
+       /* point to the beginning of the line */
+       PSTRING token = s;
+
+       for ( ;; )
+       {
+               token = strpbrk(token, ct); /* search for delimiters */
+
+        if ( token == NULL )
+               {
+                       /* advanced to the terminating null character */
+                       break;
+               }
+               /* skip the delimiter */
+           ++token;
+
+               /*
+                * Print the found text: use len with %.*s to specify field width.
+                */
+
+               /* accumulate delimiter count */
+           ++count;
+       }
+    return count;
+}
+
+/*
+  * converts the Internet host address from the standard numbers-and-dots notation
+  * into binary data.
+  * returns nonzero if the address is valid, zero if not.
+  */
+int rtinet_aton(PSTRING cp, unsigned int *addr)
+{
+       unsigned int    val;
+       int             base, n;
+       STRING          c;
+       unsigned int    parts[4];
+       unsigned int    *pp = parts;
+
+       for (;;)
+    {
+         /*
+          * Collect number up to ``.''.
+          * Values are specified as for C:
+          *    0x=hex, 0=octal, other=decimal.
+          */
+         val = 0;
+         base = 10;
+         if (*cp == '0')
+         {
+             if (*++cp == 'x' || *cp == 'X')
+                 base = 16, cp++;
+             else
+                 base = 8;
+         }
+         while ((c = *cp) != '\0')
+         {
+             if (isdigit((unsigned char) c))
+             {
+                 val = (val * base) + (c - '0');
+                 cp++;
+                 continue;
+             }
+             if (base == 16 && isxdigit((unsigned char) c))
+             {
+                 val = (val << 4) +
+                     (c + 10 - (islower((unsigned char) c) ? 'a' : 'A'));
+                 cp++;
+                 continue;
+             }
+             break;
+         }
+         if (*cp == '.')
+         {
+             /*
+              * Internet format: a.b.c.d a.b.c   (with c treated as 16-bits)
+              * a.b     (with b treated as 24 bits)
+              */
+             if (pp >= parts + 3 || val > 0xff)
+                 return 0;
+             *pp++ = val, cp++;
+         }
+         else
+             break;
+     }
+
+     /*
+      * Check for trailing junk.
+      */
+     while (*cp)
+         if (!isspace((unsigned char) *cp++))
+             return 0;
+
+     /*
+      * Concoct the address according to the number of parts specified.
+      */
+     n = pp - parts + 1;
+     switch (n)
+     {
+
+         case 1:         /* a -- 32 bits */
+             break;
+
+         case 2:         /* a.b -- 8.24 bits */
+             if (val > 0xffffff)
+                 return 0;
+             val |= parts[0] << 24;
+             break;
+
+         case 3:         /* a.b.c -- 8.8.16 bits */
+             if (val > 0xffff)
+                 return 0;
+             val |= (parts[0] << 24) | (parts[1] << 16);
+             break;
+
+         case 4:         /* a.b.c.d -- 8.8.8.8 bits */
+             if (val > 0xff)
+                 return 0;
+             val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8);
+             break;
+     }
+
+     *addr = htonl(val);
+     return 1;
+
+}
+
+/*
+    ========================================================================
+
+    Routine Description:
+        Find key section for Get key parameter.
+
+    Arguments:
+        buffer                      Pointer to the buffer to start find the key section
+        section                     the key of the secion to be find
+
+    Return Value:
+        NULL                        Fail
+        Others                      Success
+    ========================================================================
+*/
+PSTRING RTMPFindSection(
+    IN  PSTRING   buffer)
+{
+    STRING temp_buf[32];
+    PSTRING  ptr;
+
+    strcpy(temp_buf, "Default");
+
+    if((ptr = rtstrstr(buffer, temp_buf)) != NULL)
+            return (ptr+strlen("\n"));
+        else
+            return NULL;
+}
+
+/*
+    ========================================================================
+
+    Routine Description:
+        Get key parameter.
+
+    Arguments:
+       key                     Pointer to key string
+       dest                    Pointer to destination
+       destsize                The datasize of the destination
+       buffer          Pointer to the buffer to start find the key
+       bTrimSpace      Set true if you want to strip the space character of the result pattern
+
+    Return Value:
+        TRUE                        Success
+        FALSE                       Fail
+
+    Note:
+       This routine get the value with the matched key (case case-sensitive)
+       For SSID and security key related parameters, we SHALL NOT trim the space(' ') character.
+    ========================================================================
+*/
+INT RTMPGetKeyParameter(
+    IN PSTRING key,
+    OUT PSTRING dest,
+    IN INT destsize,
+    IN PSTRING buffer,
+    IN BOOLEAN bTrimSpace)
+{
+       PSTRING pMemBuf, temp_buf1 = NULL, temp_buf2 = NULL;
+       PSTRING start_ptr, end_ptr;
+       PSTRING ptr;
+       PSTRING offset = NULL;
+       INT  len, keyLen;
+
+
+       keyLen = strlen(key);
+       os_alloc_mem(NULL, (PUCHAR *)&pMemBuf, MAX_PARAM_BUFFER_SIZE  * 2);
+       if (pMemBuf == NULL)
+               return (FALSE);
+
+       memset(pMemBuf, 0, MAX_PARAM_BUFFER_SIZE * 2);
+       temp_buf1 = pMemBuf;
+       temp_buf2 = (PSTRING)(pMemBuf + MAX_PARAM_BUFFER_SIZE);
+
+
+       //find section
+       if((offset = RTMPFindSection(buffer)) == NULL)
+       {
+               os_free_mem(NULL, (PUCHAR)pMemBuf);
+               return (FALSE);
+       }
+
+       strcpy(temp_buf1, "\n");
+       strcat(temp_buf1, key);
+       strcat(temp_buf1, "=");
+
+       //search key
+       if((start_ptr=rtstrstr(offset, temp_buf1)) == NULL)
+       {
+               os_free_mem(NULL, (PUCHAR)pMemBuf);
+               return (FALSE);
+       }
+
+       start_ptr += strlen("\n");
+       if((end_ptr = rtstrstr(start_ptr, "\n"))==NULL)
+               end_ptr = start_ptr+strlen(start_ptr);
+
+       if (end_ptr<start_ptr)
+       {
+               os_free_mem(NULL, (PUCHAR)pMemBuf);
+               return (FALSE);
+       }
+
+       NdisMoveMemory(temp_buf2, start_ptr, end_ptr-start_ptr);
+       temp_buf2[end_ptr-start_ptr]='\0';
+       if((start_ptr=rtstrstr(temp_buf2, "=")) == NULL)
+       {
+               os_free_mem(NULL, (PUCHAR)pMemBuf);
+               return (FALSE);
+       }
+       ptr = (start_ptr +1);
+       //trim special characters, i.e.,  TAB or space
+       while(*start_ptr != 0x00)
+       {
+               if( ((*ptr == ' ') && bTrimSpace) || (*ptr == '\t') )
+                       ptr++;
+               else
+                       break;
+       }
+       len = strlen(start_ptr);
+
+       memset(dest, 0x00, destsize);
+       strncpy(dest, ptr, ((len >= destsize) ? destsize: len));
+
+       os_free_mem(NULL, (PUCHAR)pMemBuf);
+
+       return TRUE;
+}
+
+
+/*
+    ========================================================================
+
+    Routine Description:
+        Get multiple key parameter.
+
+    Arguments:
+        key                         Pointer to key string
+        dest                        Pointer to destination
+        destsize                    The datasize of the destination
+        buffer                      Pointer to the buffer to start find the key
+
+    Return Value:
+        TRUE                        Success
+        FALSE                       Fail
+
+    Note:
+        This routine get the value with the matched key (case case-sensitive)
+    ========================================================================
+*/
+INT RTMPGetKeyParameterWithOffset(
+    IN  PSTRING   key,
+    OUT PSTRING   dest,
+    OUT        USHORT  *end_offset,
+    IN  INT     destsize,
+    IN  PSTRING   buffer,
+    IN BOOLEAN bTrimSpace)
+{
+    PSTRING temp_buf1 = NULL;
+    PSTRING temp_buf2 = NULL;
+    PSTRING start_ptr;
+    PSTRING end_ptr;
+    PSTRING ptr;
+    PSTRING offset = 0;
+    INT  len;
+
+       if (*end_offset >= MAX_INI_BUFFER_SIZE)
+               return (FALSE);
+
+       os_alloc_mem(NULL, (PUCHAR *)&temp_buf1, MAX_PARAM_BUFFER_SIZE);
+
+       if(temp_buf1 == NULL)
+        return (FALSE);
+
+       os_alloc_mem(NULL, (PUCHAR *)&temp_buf2, MAX_PARAM_BUFFER_SIZE);
+       if(temp_buf2 == NULL)
+       {
+               os_free_mem(NULL, (PUCHAR)temp_buf1);
+        return (FALSE);
+       }
+
+    //find section
+       if(*end_offset == 0)
+    {
+               if ((offset = RTMPFindSection(buffer)) == NULL)
+               {
+                       os_free_mem(NULL, (PUCHAR)temp_buf1);
+               os_free_mem(NULL, (PUCHAR)temp_buf2);
+           return (FALSE);
+               }
+    }
+       else
+               offset = buffer + (*end_offset);
+
+    strcpy(temp_buf1, "\n");
+    strcat(temp_buf1, key);
+    strcat(temp_buf1, "=");
+
+    //search key
+    if((start_ptr=rtstrstr(offset, temp_buf1))==NULL)
+    {
+               os_free_mem(NULL, (PUCHAR)temp_buf1);
+       os_free_mem(NULL, (PUCHAR)temp_buf2);
+        return (FALSE);
+    }
+
+    start_ptr+=strlen("\n");
+    if((end_ptr=rtstrstr(start_ptr, "\n"))==NULL)
+       end_ptr=start_ptr+strlen(start_ptr);
+
+    if (end_ptr<start_ptr)
+    {
+               os_free_mem(NULL, (PUCHAR)temp_buf1);
+       os_free_mem(NULL, (PUCHAR)temp_buf2);
+        return (FALSE);
+    }
+
+       *end_offset = end_ptr - buffer;
+
+    NdisMoveMemory(temp_buf2, start_ptr, end_ptr-start_ptr);
+    temp_buf2[end_ptr-start_ptr]='\0';
+    len = strlen(temp_buf2);
+    strcpy(temp_buf1, temp_buf2);
+    if((start_ptr=rtstrstr(temp_buf1, "=")) == NULL)
+    {
+               os_free_mem(NULL, (PUCHAR)temp_buf1);
+       os_free_mem(NULL, (PUCHAR)temp_buf2);
+        return (FALSE);
+    }
+
+    strcpy(temp_buf2, start_ptr+1);
+    ptr = temp_buf2;
+    //trim space or tab
+    while(*ptr != 0x00)
+    {
+        if((bTrimSpace && (*ptr == ' ')) || (*ptr == '\t') )
+            ptr++;
+        else
+           break;
+    }
+
+    len = strlen(ptr);
+    memset(dest, 0x00, destsize);
+    strncpy(dest, ptr, len >= destsize ?  destsize: len);
+
+       os_free_mem(NULL, (PUCHAR)temp_buf1);
+    os_free_mem(NULL, (PUCHAR)temp_buf2);
+    return TRUE;
+}
+
+
+static int rtmp_parse_key_buffer_from_file(IN  PRTMP_ADAPTER pAd,IN  PSTRING buffer,IN  ULONG KeyType,IN  INT BSSIdx,IN  INT KeyIdx)
+{
+       PSTRING         keybuff;
+       //INT                   i = BSSIdx, idx = KeyIdx, retVal;
+       ULONG           KeyLen;
+       //UCHAR         CipherAlg = CIPHER_WEP64;
+       CIPHER_KEY      *pSharedKey;
+
+       keybuff = buffer;
+       KeyLen = strlen(keybuff);
+       pSharedKey = &pAd->SharedKey[BSSIdx][KeyIdx];
+
+       if(((KeyType != 0) && (KeyType != 1)) ||
+           ((KeyType == 0) && (KeyLen != 10) && (KeyLen != 26)) ||
+           ((KeyType== 1) && (KeyLen != 5) && (KeyLen != 13)))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Key%dStr is Invalid key length(%ld) or Type(%ld)\n",
+                                                               KeyIdx+1, KeyLen, KeyType));
+               return FALSE;
+       }
+       else
+       {
+               return RT_CfgSetWepKey(pAd, buffer, pSharedKey, KeyIdx);
+       }
+
+}
+
+
+static void rtmp_read_key_parms_from_file(IN  PRTMP_ADAPTER pAd, PSTRING tmpbuf, PSTRING buffer)
+{
+       STRING          tok_str[16];
+       PSTRING         macptr;
+       INT                     i = 0, idx;
+       ULONG           KeyType[MAX_MBSSID_NUM];
+       ULONG           KeyIdx;
+
+       NdisZeroMemory(KeyType, sizeof(KeyType));
+
+       //DefaultKeyID
+       if(RTMPGetKeyParameter("DefaultKeyID", tmpbuf, 25, buffer, TRUE))
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       KeyIdx = simple_strtol(tmpbuf, 0, 10);
+                       if((KeyIdx >= 1 ) && (KeyIdx <= 4))
+                               pAd->StaCfg.DefaultKeyId = (UCHAR) (KeyIdx - 1);
+                       else
+                               pAd->StaCfg.DefaultKeyId = 0;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("DefaultKeyID(0~3)=%d\n", pAd->StaCfg.DefaultKeyId));
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+
+       for (idx = 0; idx < 4; idx++)
+       {
+               sprintf(tok_str, "Key%dType", idx + 1);
+               //Key1Type
+               if (RTMPGetKeyParameter(tok_str, tmpbuf, 128, buffer, TRUE))
+               {
+                   for (i = 0, macptr = rstrtok(tmpbuf,";"); macptr; macptr = rstrtok(NULL,";"), i++)
+                   {
+                               /*
+                                       do sanity check for KeyType length;
+                                       or in station mode, the KeyType length > 1,
+                                       the code will overwrite the stack of caller
+                                       (RTMPSetProfileParameters) and cause srcbuf = NULL
+                               */
+                               if (i < MAX_MBSSID_NUM)
+                                       KeyType[i] = simple_strtol(macptr, 0, 10);
+                   }
+
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       {
+                               sprintf(tok_str, "Key%dStr", idx + 1);
+                               if (RTMPGetKeyParameter(tok_str, tmpbuf, 128, buffer, FALSE))
+                               {
+                                       rtmp_parse_key_buffer_from_file(pAd, tmpbuf, KeyType[BSS0], BSS0, idx);
+                               }
+                       }
+#endif // CONFIG_STA_SUPPORT //
+               }
+       }
+}
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+static void rtmp_read_sta_wmm_parms_from_file(IN  PRTMP_ADAPTER pAd, char *tmpbuf, char *buffer)
+{
+       PSTRING                                 macptr;
+       INT                                             i=0;
+       BOOLEAN                                 bWmmEnable = FALSE;
+
+       //WmmCapable
+       if(RTMPGetKeyParameter("WmmCapable", tmpbuf, 32, buffer, TRUE))
+       {
+               if(simple_strtol(tmpbuf, 0, 10) != 0) //Enable
+               {
+                       pAd->CommonCfg.bWmmCapable = TRUE;
+                       bWmmEnable = TRUE;
+               }
+               else //Disable
+               {
+                       pAd->CommonCfg.bWmmCapable = FALSE;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("WmmCapable=%d\n", pAd->CommonCfg.bWmmCapable));
+       }
+
+#ifdef QOS_DLS_SUPPORT
+       //DLSCapable
+       if(RTMPGetKeyParameter("DLSCapable", tmpbuf, 32, buffer, TRUE))
+       {
+               if(simple_strtol(tmpbuf, 0, 10) != 0)  //Enable
+               {
+                       pAd->CommonCfg.bDLSCapable = TRUE;
+               }
+               else //Disable
+               {
+                       pAd->CommonCfg.bDLSCapable = FALSE;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("bDLSCapable=%d\n", pAd->CommonCfg.bDLSCapable));
+       }
+#endif // QOS_DLS_SUPPORT //
+
+       //AckPolicy for AC_BK, AC_BE, AC_VI, AC_VO
+       if(RTMPGetKeyParameter("AckPolicy", tmpbuf, 32, buffer, TRUE))
+       {
+               for (i = 0, macptr = rstrtok(tmpbuf,";"); macptr; macptr = rstrtok(NULL,";"), i++)
+               {
+                       pAd->CommonCfg.AckPolicy[i] = (UCHAR)simple_strtol(macptr, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("AckPolicy[%d]=%d\n", i, pAd->CommonCfg.AckPolicy[i]));
+               }
+       }
+
+       if (bWmmEnable)
+       {
+               //APSDCapable
+               if(RTMPGetKeyParameter("APSDCapable", tmpbuf, 10, buffer, TRUE))
+               {
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)  //Enable
+                               pAd->CommonCfg.bAPSDCapable = TRUE;
+                       else
+                               pAd->CommonCfg.bAPSDCapable = FALSE;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("APSDCapable=%d\n", pAd->CommonCfg.bAPSDCapable));
+               }
+
+               //MaxSPLength
+               if(RTMPGetKeyParameter("MaxSPLength", tmpbuf, 10, buffer, TRUE))
+               {
+                       pAd->CommonCfg.MaxSPLength = simple_strtol(tmpbuf, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MaxSPLength=%d\n", pAd->CommonCfg.MaxSPLength));
+               }
+
+               //APSDAC for AC_BE, AC_BK, AC_VI, AC_VO
+               if(RTMPGetKeyParameter("APSDAC", tmpbuf, 32, buffer, TRUE))
+               {
+                       BOOLEAN apsd_ac[4];
+
+                       for (i = 0, macptr = rstrtok(tmpbuf,";"); macptr; macptr = rstrtok(NULL,";"), i++)
+                       {
+                               apsd_ac[i] = (BOOLEAN)simple_strtol(macptr, 0, 10);
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("APSDAC%d  %d\n", i,  apsd_ac[i]));
+                       }
+
+                       pAd->CommonCfg.bAPSDAC_BE = apsd_ac[0];
+                       pAd->CommonCfg.bAPSDAC_BK = apsd_ac[1];
+                       pAd->CommonCfg.bAPSDAC_VI = apsd_ac[2];
+                       pAd->CommonCfg.bAPSDAC_VO = apsd_ac[3];
+
+                       pAd->CommonCfg.bACMAPSDTr[0] = apsd_ac[0];
+                       pAd->CommonCfg.bACMAPSDTr[1] = apsd_ac[1];
+                       pAd->CommonCfg.bACMAPSDTr[2] = apsd_ac[2];
+                       pAd->CommonCfg.bACMAPSDTr[3] = apsd_ac[3];
+               }
+       }
+
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+#ifdef DOT11_N_SUPPORT
+static void HTParametersHook(
+       IN      PRTMP_ADAPTER pAd,
+       IN      PSTRING           pValueStr,
+       IN      PSTRING           pInput)
+{
+
+       long Value;
+
+    if (RTMPGetKeyParameter("HT_PROTECT", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value == 0)
+        {
+            pAd->CommonCfg.bHTProtect = FALSE;
+        }
+        else
+        {
+            pAd->CommonCfg.bHTProtect = TRUE;
+        }
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: Protection  = %s\n", (Value==0) ? "Disable" : "Enable"));
+    }
+
+    if (RTMPGetKeyParameter("HT_MIMOPSEnable", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value == 0)
+        {
+            pAd->CommonCfg.bMIMOPSEnable = FALSE;
+        }
+        else
+        {
+            pAd->CommonCfg.bMIMOPSEnable = TRUE;
+        }
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: MIMOPSEnable  = %s\n", (Value==0) ? "Disable" : "Enable"));
+    }
+
+
+    if (RTMPGetKeyParameter("HT_MIMOPSMode", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value > MMPS_ENABLE)
+        {
+                       pAd->CommonCfg.BACapability.field.MMPSmode = MMPS_ENABLE;
+        }
+        else
+        {
+            //TODO: add mimo power saving mechanism
+            pAd->CommonCfg.BACapability.field.MMPSmode = MMPS_ENABLE;
+                       //pAd->CommonCfg.BACapability.field.MMPSmode = Value;
+        }
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: MIMOPS Mode  = %d\n", (INT) Value));
+    }
+
+    if (RTMPGetKeyParameter("HT_BADecline", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value == 0)
+        {
+            pAd->CommonCfg.bBADecline = FALSE;
+        }
+        else
+        {
+            pAd->CommonCfg.bBADecline = TRUE;
+        }
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: BA Decline  = %s\n", (Value==0) ? "Disable" : "Enable"));
+    }
+
+
+    if (RTMPGetKeyParameter("HT_DisableReordering", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value == 0)
+        {
+            pAd->CommonCfg.bDisableReordering = FALSE;
+        }
+        else
+        {
+            pAd->CommonCfg.bDisableReordering = TRUE;
+        }
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: DisableReordering  = %s\n", (Value==0) ? "Disable" : "Enable"));
+    }
+
+    if (RTMPGetKeyParameter("HT_AutoBA", pValueStr, 25, pInput, TRUE))
+    {
+        Value = simple_strtol(pValueStr, 0, 10);
+        if (Value == 0)
+        {
+            pAd->CommonCfg.BACapability.field.AutoBA = FALSE;
+                       pAd->CommonCfg.BACapability.field.Policy = BA_NOTUSE;
+        }
+        else
+        {
+            pAd->CommonCfg.BACapability.field.AutoBA = TRUE;
+                       pAd->CommonCfg.BACapability.field.Policy = IMMED_BA;
+        }
+        pAd->CommonCfg.REGBACapability.field.AutoBA = pAd->CommonCfg.BACapability.field.AutoBA;
+        DBGPRINT(RT_DEBUG_TRACE, ("HT: Auto BA  = %s\n", (Value==0) ? "Disable" : "Enable"));
+    }
+
+       // Tx_+HTC frame
+    if (RTMPGetKeyParameter("HT_HTC", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->HTCEnable = FALSE;
+               }
+               else
+               {
+            pAd->HTCEnable = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Tx +HTC frame = %s\n", (Value==0) ? "Disable" : "Enable"));
+       }
+
+       // Enable HT Link Adaptation Control
+       if (RTMPGetKeyParameter("HT_LinkAdapt", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->bLinkAdapt = FALSE;
+               }
+               else
+               {
+                       pAd->HTCEnable = TRUE;
+                       pAd->bLinkAdapt = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Link Adaptation Control = %s\n", (Value==0) ? "Disable" : "Enable(+HTC)"));
+       }
+
+       // Reverse Direction Mechanism
+    if (RTMPGetKeyParameter("HT_RDG", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->CommonCfg.bRdg = FALSE;
+               }
+               else
+               {
+                       pAd->HTCEnable = TRUE;
+            pAd->CommonCfg.bRdg = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: RDG = %s\n", (Value==0) ? "Disable" : "Enable(+HTC)"));
+       }
+
+
+
+
+       // Tx A-MSUD ?
+    if (RTMPGetKeyParameter("HT_AMSDU", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->CommonCfg.BACapability.field.AmsduEnable = FALSE;
+               }
+               else
+               {
+            pAd->CommonCfg.BACapability.field.AmsduEnable = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Tx A-MSDU = %s\n", (Value==0) ? "Disable" : "Enable"));
+       }
+
+       // MPDU Density
+    if (RTMPGetKeyParameter("HT_MpduDensity", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value <=7 && Value >= 0)
+               {
+                       pAd->CommonCfg.BACapability.field.MpduDensity = Value;
+                       DBGPRINT(RT_DEBUG_TRACE, ("HT: MPDU Density = %d\n", (INT) Value));
+               }
+               else
+               {
+                       pAd->CommonCfg.BACapability.field.MpduDensity = 4;
+                       DBGPRINT(RT_DEBUG_TRACE, ("HT: MPDU Density = %d (Default)\n", 4));
+               }
+       }
+
+       // Max Rx BA Window Size
+    if (RTMPGetKeyParameter("HT_BAWinSize", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value >=1 && Value <= 64)
+               {
+                       pAd->CommonCfg.REGBACapability.field.RxBAWinLimit = Value;
+                       pAd->CommonCfg.BACapability.field.RxBAWinLimit = Value;
+                       DBGPRINT(RT_DEBUG_TRACE, ("HT: BA Windw Size = %d\n", (INT) Value));
+               }
+               else
+               {
+            pAd->CommonCfg.REGBACapability.field.RxBAWinLimit = 64;
+                       pAd->CommonCfg.BACapability.field.RxBAWinLimit = 64;
+                       DBGPRINT(RT_DEBUG_TRACE, ("HT: BA Windw Size = 64 (Defualt)\n"));
+               }
+
+       }
+
+       // Guard Interval
+       if (RTMPGetKeyParameter("HT_GI", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value == GI_400)
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.ShortGI = GI_400;
+               }
+               else
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.ShortGI = GI_800;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Guard Interval = %s\n", (Value==GI_400) ? "400" : "800" ));
+       }
+
+       // HT Operation Mode : Mixed Mode , Green Field
+       if (RTMPGetKeyParameter("HT_OpMode", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value == HTMODE_GF)
+               {
+
+                       pAd->CommonCfg.RegTransmitSetting.field.HTMODE  = HTMODE_GF;
+               }
+               else
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.HTMODE  = HTMODE_MM;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Operate Mode = %s\n", (Value==HTMODE_GF) ? "Green Field" : "Mixed Mode" ));
+       }
+
+       // Fixed Tx mode : CCK, OFDM
+       if (RTMPGetKeyParameter("FixedTxMode", pValueStr, 25, pInput, TRUE))
+       {
+               UCHAR   fix_tx_mode;
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       fix_tx_mode = FIXED_TXMODE_HT;
+
+                       if (strcmp(pValueStr, "OFDM") == 0 || strcmp(pValueStr, "ofdm") == 0)
+                       {
+                               fix_tx_mode = FIXED_TXMODE_OFDM;
+                       }
+                       else if (strcmp(pValueStr, "CCK") == 0 || strcmp(pValueStr, "cck") == 0)
+                       {
+                       fix_tx_mode = FIXED_TXMODE_CCK;
+                       }
+                       else if (strcmp(pValueStr, "HT") == 0 || strcmp(pValueStr, "ht") == 0)
+                       {
+                       fix_tx_mode = FIXED_TXMODE_HT;
+               }
+               else
+               {
+                               Value = simple_strtol(pValueStr, 0, 10);
+                               // 1 : CCK
+                               // 2 : OFDM
+                               // otherwise : HT
+                               if (Value == FIXED_TXMODE_CCK || Value == FIXED_TXMODE_OFDM)
+                                       fix_tx_mode = Value;
+                               else
+                                       fix_tx_mode = FIXED_TXMODE_HT;
+               }
+
+                       pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode = fix_tx_mode;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Fixed Tx Mode = %d\n", fix_tx_mode));
+
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+
+       // Channel Width
+       if (RTMPGetKeyParameter("HT_BW", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value == BW_40)
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_40;
+               }
+               else
+               {
+            pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_20;
+               }
+
+#ifdef MCAST_RATE_SPECIFIC
+               pAd->CommonCfg.MCastPhyMode.field.BW = pAd->CommonCfg.RegTransmitSetting.field.BW;
+#endif // MCAST_RATE_SPECIFIC //
+
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Channel Width = %s\n", (Value==BW_40) ? "40 MHz" : "20 MHz" ));
+       }
+
+       if (RTMPGetKeyParameter("HT_EXTCHA", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value == 0)
+               {
+
+                       pAd->CommonCfg.RegTransmitSetting.field.EXTCHA  = EXTCHA_BELOW;
+               }
+               else
+               {
+            pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = EXTCHA_ABOVE;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Ext Channel = %s\n", (Value==0) ? "BELOW" : "ABOVE" ));
+       }
+
+       // MSC
+       if (RTMPGetKeyParameter("HT_MCS", pValueStr, 50, pInput, TRUE))
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       Value = simple_strtol(pValueStr, 0, 10);
+
+//                     if ((Value >= 0 && Value <= 15) || (Value == 32))
+                       if ((Value >= 0 && Value <= 23) || (Value == 32)) // 3*3
+               {
+                               pAd->StaCfg.DesiredTransmitSetting.field.MCS  = Value;
+                               pAd->StaCfg.bAutoTxRateSwitch = FALSE;
+                               DBGPRINT(RT_DEBUG_TRACE, ("HT: MCS = %d\n", pAd->StaCfg.DesiredTransmitSetting.field.MCS));
+               }
+               else
+               {
+                               pAd->StaCfg.DesiredTransmitSetting.field.MCS  = MCS_AUTO;
+                               pAd->StaCfg.bAutoTxRateSwitch = TRUE;
+                               DBGPRINT(RT_DEBUG_TRACE, ("HT: MCS = AUTO\n"));
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       // STBC
+    if (RTMPGetKeyParameter("HT_STBC", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == STBC_USE)
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.STBC = STBC_USE;
+               }
+               else
+               {
+                       pAd->CommonCfg.RegTransmitSetting.field.STBC = STBC_NONE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: STBC = %d\n", pAd->CommonCfg.RegTransmitSetting.field.STBC));
+       }
+
+       // 40_Mhz_Intolerant
+       if (RTMPGetKeyParameter("HT_40MHZ_INTOLERANT", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->CommonCfg.bForty_Mhz_Intolerant = FALSE;
+               }
+               else
+               {
+                       pAd->CommonCfg.bForty_Mhz_Intolerant = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: 40MHZ INTOLERANT = %d\n", pAd->CommonCfg.bForty_Mhz_Intolerant));
+       }
+       //HT_TxStream
+       if(RTMPGetKeyParameter("HT_TxStream", pValueStr, 10, pInput, TRUE))
+       {
+               switch (simple_strtol(pValueStr, 0, 10))
+               {
+                       case 1:
+                               pAd->CommonCfg.TxStream = 1;
+                               break;
+                       case 2:
+                               pAd->CommonCfg.TxStream = 2;
+                               break;
+                       case 3: // 3*3
+                       default:
+                               pAd->CommonCfg.TxStream = 3;
+
+                               if (pAd->MACVersion < RALINK_2883_VERSION)
+                                       pAd->CommonCfg.TxStream = 2; // only 2 tx streams for RT2860 series
+                               break;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Tx Stream = %d\n", pAd->CommonCfg.TxStream));
+       }
+       //HT_RxStream
+       if(RTMPGetKeyParameter("HT_RxStream", pValueStr, 10, pInput, TRUE))
+       {
+               switch (simple_strtol(pValueStr, 0, 10))
+               {
+                       case 1:
+                               pAd->CommonCfg.RxStream = 1;
+                               break;
+                       case 2:
+                               pAd->CommonCfg.RxStream = 2;
+                               break;
+                       case 3:
+                       default:
+                               pAd->CommonCfg.RxStream = 3;
+
+                               if (pAd->MACVersion < RALINK_2883_VERSION)
+                                       pAd->CommonCfg.RxStream = 2; // only 2 rx streams for RT2860 series
+                               break;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Rx Stream = %d\n", pAd->CommonCfg.RxStream));
+       }
+       //2008/11/05: KH add to support Antenna power-saving of AP<--
+       //Green AP
+       if(RTMPGetKeyParameter("GreenAP", pValueStr, 10, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+               if (Value == 0)
+               {
+                       pAd->CommonCfg.bGreenAPEnable = FALSE;
+               }
+               else
+               {
+                       pAd->CommonCfg.bGreenAPEnable = TRUE;
+               }
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Green AP= %d\n", pAd->CommonCfg.bGreenAPEnable));
+       }
+
+       // HT_DisallowTKIP
+       if (RTMPGetKeyParameter("HT_DisallowTKIP", pValueStr, 25, pInput, TRUE))
+       {
+               Value = simple_strtol(pValueStr, 0, 10);
+
+               if (Value == 1)
+               {
+                       pAd->CommonCfg.HT_DisallowTKIP = TRUE;
+               }
+               else
+               {
+                       pAd->CommonCfg.HT_DisallowTKIP = FALSE;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("HT: Disallow TKIP mode = %s\n", (pAd->CommonCfg.HT_DisallowTKIP == TRUE) ? "ON" : "OFF" ));
+       }
+
+
+       //2008/11/05:KH add to support Antenna power-saving of AP-->
+}
+#endif // DOT11_N_SUPPORT //
+
+
+NDIS_STATUS    RTMPSetProfileParameters(
+       IN RTMP_ADAPTER *pAd,
+       IN PSTRING      pBuffer)
+{
+       PSTRING                                 tmpbuf;
+       ULONG                                   RtsThresh;
+       ULONG                                   FragThresh;
+       PSTRING                                 macptr;
+       INT                                             i = 0, retval;
+       tmpbuf = kmalloc(MAX_PARAM_BUFFER_SIZE, MEM_ALLOC_FLAG);
+       if(tmpbuf == NULL)
+               return NDIS_STATUS_FAILURE;
+
+       do
+       {
+               // set file parameter to portcfg
+               //CountryRegion
+               if(RTMPGetKeyParameter("CountryRegion", tmpbuf, 25, pBuffer, TRUE))
+               {
+                       retval = RT_CfgSetCountryRegion(pAd, tmpbuf, BAND_24G);
+                       DBGPRINT(RT_DEBUG_TRACE, ("CountryRegion=%d\n", pAd->CommonCfg.CountryRegion));
+               }
+               //CountryRegionABand
+               if(RTMPGetKeyParameter("CountryRegionABand", tmpbuf, 25, pBuffer, TRUE))
+               {
+                       retval = RT_CfgSetCountryRegion(pAd, tmpbuf, BAND_5G);
+                       DBGPRINT(RT_DEBUG_TRACE, ("CountryRegionABand=%d\n", pAd->CommonCfg.CountryRegionForABand));
+               }
+#ifdef RTMP_EFUSE_SUPPORT
+#ifdef RT30xx
+               //EfuseBufferMode
+               if(RTMPGetKeyParameter("EfuseBufferMode", tmpbuf, 25, pBuffer, TRUE))
+               {
+                       pAd->bEEPROMFile = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+                       DBGPRINT(RT_DEBUG_TRACE, ("EfuseBufferMode=%d\n", pAd->bUseEfuse));
+               }
+#endif // RT30xx //
+#endif // RTMP_EFUSE_SUPPORT //
+               //CountryCode
+               if(RTMPGetKeyParameter("CountryCode", tmpbuf, 25, pBuffer, TRUE))
+               {
+                       NdisMoveMemory(pAd->CommonCfg.CountryCode, tmpbuf , 2);
+#ifdef CONFIG_STA_SUPPORT
+#ifdef EXT_BUILD_CHANNEL_LIST
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               NdisMoveMemory(pAd->StaCfg.StaOriCountryCode, tmpbuf , 2);
+#endif // EXT_BUILD_CHANNEL_LIST //
+#endif // CONFIG_STA_SUPPORT //
+                       if (strlen((PSTRING) pAd->CommonCfg.CountryCode) != 0)
+                       {
+                               pAd->CommonCfg.bCountryFlag = TRUE;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("CountryCode=%s\n", pAd->CommonCfg.CountryCode));
+               }
+               //ChannelGeography
+               if(RTMPGetKeyParameter("ChannelGeography", tmpbuf, 25, pBuffer, TRUE))
+               {
+                       UCHAR Geography = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+                       if (Geography <= BOTH)
+                       {
+                               pAd->CommonCfg.Geography = Geography;
+                               pAd->CommonCfg.CountryCode[2] =
+                                       (pAd->CommonCfg.Geography == BOTH) ? ' ' : ((pAd->CommonCfg.Geography == IDOR) ? 'I' : 'O');
+#ifdef CONFIG_STA_SUPPORT
+#ifdef EXT_BUILD_CHANNEL_LIST
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                                       pAd->StaCfg.StaOriGeography = pAd->CommonCfg.Geography;
+#endif // EXT_BUILD_CHANNEL_LIST //
+#endif // CONFIG_STA_SUPPORT //
+                               DBGPRINT(RT_DEBUG_TRACE, ("ChannelGeography=%d\n", pAd->CommonCfg.Geography));
+                       }
+               }
+               else
+               {
+                       pAd->CommonCfg.Geography = BOTH;
+                       pAd->CommonCfg.CountryCode[2] = ' ';
+               }
+
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       //SSID
+                       if (RTMPGetKeyParameter("SSID", tmpbuf, 256, pBuffer, FALSE))
+                       {
+                               if (strlen(tmpbuf) <= 32)
+                               {
+                                               pAd->CommonCfg.SsidLen = (UCHAR) strlen(tmpbuf);
+                                       NdisZeroMemory(pAd->CommonCfg.Ssid, NDIS_802_11_LENGTH_SSID);
+                                       NdisMoveMemory(pAd->CommonCfg.Ssid, tmpbuf, pAd->CommonCfg.SsidLen);
+                                       pAd->MlmeAux.AutoReconnectSsidLen = pAd->CommonCfg.SsidLen;
+                                       NdisZeroMemory(pAd->MlmeAux.AutoReconnectSsid, NDIS_802_11_LENGTH_SSID);
+                                       NdisMoveMemory(pAd->MlmeAux.AutoReconnectSsid, tmpbuf, pAd->MlmeAux.AutoReconnectSsidLen);
+                                       pAd->MlmeAux.SsidLen = pAd->CommonCfg.SsidLen;
+                                       NdisZeroMemory(pAd->MlmeAux.Ssid, NDIS_802_11_LENGTH_SSID);
+                                       NdisMoveMemory(pAd->MlmeAux.Ssid, tmpbuf, pAd->MlmeAux.SsidLen);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("%s::(SSID=%s)\n", __FUNCTION__, tmpbuf));
+                               }
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       //NetworkType
+                       if (RTMPGetKeyParameter("NetworkType", tmpbuf, 25, pBuffer, TRUE))
+                       {
+                               pAd->bConfigChanged = TRUE;
+                               if (strcmp(tmpbuf, "Adhoc") == 0)
+                                       pAd->StaCfg.BssType = BSS_ADHOC;
+                               else //Default Infrastructure mode
+                                       pAd->StaCfg.BssType = BSS_INFRA;
+                               // Reset Ralink supplicant to not use, it will be set to start when UI set PMK key
+                               pAd->StaCfg.WpaState = SS_NOTUSE;
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::(NetworkType=%d)\n", __FUNCTION__, pAd->StaCfg.BssType));
+                       }
+               }
+#ifdef RTMP_MAC_PCI
+               //NewPCIePS
+               if(RTMPGetKeyParameter("NewPCIePS", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       UCHAR temp_buffer = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+                       if(temp_buffer>0)
+                               pAd->StaCfg.PSControl.field.EnableNewPS=TRUE;
+                               else
+                                       pAd->StaCfg.PSControl.field.EnableNewPS=FALSE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("NewPCIePS=%d\n", pAd->StaCfg.PSControl.field.EnableNewPS));
+               }
+#endif // RTMP_MAC_PCI //
+#ifdef RT3090
+               //PCIePowerLevel
+
+               if(RTMPGetKeyParameter("PCIePowerLevel", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       pAd->StaCfg.PSControl.field.rt30xxPowerMode = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+                       DBGPRINT(RT_DEBUG_TRACE, ("PCIePowerLevel=%d\n", pAd->StaCfg.PSControl.field.rt30xxPowerMode));
+               }
+               //FollowHostASPM
+               if(RTMPGetKeyParameter("FollowHostASPM", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       UCHAR temp_buffer = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+
+                       if(temp_buffer>0)
+                               pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM=TRUE;
+                               else
+                                       pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM=FALSE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("rt30xxFollowHostASPM=%d\n", pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM));
+               }
+               //ForceTestASPM
+               if(RTMPGetKeyParameter("ForceTestASPM", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       UCHAR temp_buffer = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+
+                       if(temp_buffer>0)
+                               pAd->StaCfg.PSControl.field.rt30xxForceASPMTest=TRUE;
+                               else
+                                       pAd->StaCfg.PSControl.field.rt30xxForceASPMTest=FALSE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("rt30xxForceASPM=%d\n", pAd->StaCfg.PSControl.field.rt30xxForceASPMTest));
+               }
+#endif // RT3090 //
+#endif // CONFIG_STA_SUPPORT //
+               //Channel
+               if(RTMPGetKeyParameter("Channel", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       pAd->CommonCfg.Channel = (UCHAR) simple_strtol(tmpbuf, 0, 10);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Channel=%d\n", pAd->CommonCfg.Channel));
+               }
+               //WirelessMode
+               if(RTMPGetKeyParameter("WirelessMode", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       RT_CfgSetWirelessMode(pAd, tmpbuf);
+                       DBGPRINT(RT_DEBUG_TRACE, ("PhyMode=%d\n", pAd->CommonCfg.PhyMode));
+               }
+           //BasicRate
+               if(RTMPGetKeyParameter("BasicRate", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       pAd->CommonCfg.BasicRateBitmap = (ULONG) simple_strtol(tmpbuf, 0, 10);
+                       DBGPRINT(RT_DEBUG_TRACE, ("BasicRate=%ld\n", pAd->CommonCfg.BasicRateBitmap));
+               }
+               //BeaconPeriod
+               if(RTMPGetKeyParameter("BeaconPeriod", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       pAd->CommonCfg.BeaconPeriod = (USHORT) simple_strtol(tmpbuf, 0, 10);
+                       DBGPRINT(RT_DEBUG_TRACE, ("BeaconPeriod=%d\n", pAd->CommonCfg.BeaconPeriod));
+               }
+           //TxPower
+               if(RTMPGetKeyParameter("TxPower", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       pAd->CommonCfg.TxPowerPercentage = (ULONG) simple_strtol(tmpbuf, 0, 10);
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               pAd->CommonCfg.TxPowerDefault = pAd->CommonCfg.TxPowerPercentage;
+#endif // CONFIG_STA_SUPPORT //
+                       DBGPRINT(RT_DEBUG_TRACE, ("TxPower=%ld\n", pAd->CommonCfg.TxPowerPercentage));
+               }
+               //BGProtection
+               if(RTMPGetKeyParameter("BGProtection", tmpbuf, 10, pBuffer, TRUE))
+               {
+       //#if 0 //#ifndef WIFI_TEST
+       //              pAd->CommonCfg.UseBGProtection = 2;// disable b/g protection for throughput test
+       //#else
+                       switch (simple_strtol(tmpbuf, 0, 10))
+                       {
+                               case 1: //Always On
+                                       pAd->CommonCfg.UseBGProtection = 1;
+                                       break;
+                               case 2: //Always OFF
+                                       pAd->CommonCfg.UseBGProtection = 2;
+                                       break;
+                               case 0: //AUTO
+                               default:
+                                       pAd->CommonCfg.UseBGProtection = 0;
+                                       break;
+                       }
+       //#endif
+                       DBGPRINT(RT_DEBUG_TRACE, ("BGProtection=%ld\n", pAd->CommonCfg.UseBGProtection));
+               }
+               //OLBCDetection
+               if(RTMPGetKeyParameter("DisableOLBC", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       switch (simple_strtol(tmpbuf, 0, 10))
+                       {
+                               case 1: //disable OLBC Detection
+                                       pAd->CommonCfg.DisableOLBCDetect = 1;
+                                       break;
+                               case 0: //enable OLBC Detection
+                                       pAd->CommonCfg.DisableOLBCDetect = 0;
+                                       break;
+                               default:
+                                       pAd->CommonCfg.DisableOLBCDetect= 0;
+                                       break;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("OLBCDetection=%ld\n", pAd->CommonCfg.DisableOLBCDetect));
+               }
+               //TxPreamble
+               if(RTMPGetKeyParameter("TxPreamble", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       switch (simple_strtol(tmpbuf, 0, 10))
+                       {
+                               case Rt802_11PreambleShort:
+                                       pAd->CommonCfg.TxPreamble = Rt802_11PreambleShort;
+                                       break;
+                               case Rt802_11PreambleLong:
+                               default:
+                                       pAd->CommonCfg.TxPreamble = Rt802_11PreambleLong;
+                                       break;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("TxPreamble=%ld\n", pAd->CommonCfg.TxPreamble));
+               }
+               //RTSThreshold
+               if(RTMPGetKeyParameter("RTSThreshold", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       RtsThresh = simple_strtol(tmpbuf, 0, 10);
+                       if( (RtsThresh >= 1) && (RtsThresh <= MAX_RTS_THRESHOLD) )
+                               pAd->CommonCfg.RtsThreshold  = (USHORT)RtsThresh;
+                       else
+                               pAd->CommonCfg.RtsThreshold = MAX_RTS_THRESHOLD;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("RTSThreshold=%d\n", pAd->CommonCfg.RtsThreshold));
+               }
+               //FragThreshold
+               if(RTMPGetKeyParameter("FragThreshold", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       FragThresh = simple_strtol(tmpbuf, 0, 10);
+                       pAd->CommonCfg.bUseZeroToDisableFragment = FALSE;
+
+                       if (FragThresh > MAX_FRAG_THRESHOLD || FragThresh < MIN_FRAG_THRESHOLD)
+                       { //illegal FragThresh so we set it to default
+                               pAd->CommonCfg.FragmentThreshold = MAX_FRAG_THRESHOLD;
+                               pAd->CommonCfg.bUseZeroToDisableFragment = TRUE;
+                       }
+                       else if (FragThresh % 2 == 1)
+                       {
+                               // The length of each fragment shall always be an even number of octets, except for the last fragment
+                               // of an MSDU or MMPDU, which may be either an even or an odd number of octets.
+                               pAd->CommonCfg.FragmentThreshold = (USHORT)(FragThresh - 1);
+                       }
+                       else
+                       {
+                               pAd->CommonCfg.FragmentThreshold = (USHORT)FragThresh;
+                       }
+                       //pAd->CommonCfg.AllowFragSize = (pAd->CommonCfg.FragmentThreshold) - LENGTH_802_11 - LENGTH_CRC;
+                       DBGPRINT(RT_DEBUG_TRACE, ("FragThreshold=%d\n", pAd->CommonCfg.FragmentThreshold));
+               }
+               //TxBurst
+               if(RTMPGetKeyParameter("TxBurst", tmpbuf, 10, pBuffer, TRUE))
+               {
+       //#ifdef WIFI_TEST
+       //                                              pAd->CommonCfg.bEnableTxBurst = FALSE;
+       //#else
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)  //Enable
+                               pAd->CommonCfg.bEnableTxBurst = TRUE;
+                       else //Disable
+                               pAd->CommonCfg.bEnableTxBurst = FALSE;
+       //#endif
+                       DBGPRINT(RT_DEBUG_TRACE, ("TxBurst=%d\n", pAd->CommonCfg.bEnableTxBurst));
+               }
+
+#ifdef AGGREGATION_SUPPORT
+               //PktAggregate
+               if(RTMPGetKeyParameter("PktAggregate", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)  //Enable
+                               pAd->CommonCfg.bAggregationCapable = TRUE;
+                       else //Disable
+                               pAd->CommonCfg.bAggregationCapable = FALSE;
+#ifdef PIGGYBACK_SUPPORT
+                       pAd->CommonCfg.bPiggyBackCapable = pAd->CommonCfg.bAggregationCapable;
+#endif // PIGGYBACK_SUPPORT //
+                       DBGPRINT(RT_DEBUG_TRACE, ("PktAggregate=%d\n", pAd->CommonCfg.bAggregationCapable));
+               }
+#else
+               pAd->CommonCfg.bAggregationCapable = FALSE;
+               pAd->CommonCfg.bPiggyBackCapable = FALSE;
+#endif // AGGREGATION_SUPPORT //
+
+               // WmmCapable
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       rtmp_read_sta_wmm_parms_from_file(pAd, tmpbuf, pBuffer);
+#endif // CONFIG_STA_SUPPORT //
+
+               //ShortSlot
+               if(RTMPGetKeyParameter("ShortSlot", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       RT_CfgSetShortSlot(pAd, tmpbuf);
+                       DBGPRINT(RT_DEBUG_TRACE, ("ShortSlot=%d\n", pAd->CommonCfg.bUseShortSlotTime));
+               }
+               //IEEE80211H
+               if(RTMPGetKeyParameter("IEEE80211H", tmpbuf, 10, pBuffer, TRUE))
+               {
+                   for (i = 0, macptr = rstrtok(tmpbuf,";"); macptr; macptr = rstrtok(NULL,";"), i++)
+                   {
+                               if(simple_strtol(macptr, 0, 10) != 0)  //Enable
+                                       pAd->CommonCfg.bIEEE80211H = TRUE;
+                               else //Disable
+                                       pAd->CommonCfg.bIEEE80211H = FALSE;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("IEEE80211H=%d\n", pAd->CommonCfg.bIEEE80211H));
+                   }
+               }
+               //CSPeriod
+               if(RTMPGetKeyParameter("CSPeriod", tmpbuf, 10, pBuffer, TRUE))
+               {
+                   if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.CSPeriod = simple_strtol(tmpbuf, 0, 10);
+                       else
+                               pAd->CommonCfg.RadarDetect.CSPeriod = 0;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("CSPeriod=%d\n", pAd->CommonCfg.RadarDetect.CSPeriod));
+               }
+
+#ifdef MERGE_ARCH_TEAM
+               // DfsLowerLimit
+               if(RTMPGetKeyParameter("DfsLowerLimit", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.DfsLowerLimit = simple_strtol(tmpbuf, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("DfsLowerLimit=%ld\n", pAd->CommonCfg.RadarDetect.DfsLowerLimit));
+               }
+
+               // DfsUpperLimit
+               if(RTMPGetKeyParameter("DfsUpperLimit", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.DfsUpperLimit = simple_strtol(tmpbuf, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("DfsUpperLimit=%ld\n", pAd->CommonCfg.RadarDetect.DfsUpperLimit));
+               }
+
+               // FixDfsLimit
+               if(RTMPGetKeyParameter("FixDfsLimit", tmpbuf, 10, pBuffer, TRUE))
+               {
+                   if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.FixDfsLimit = TRUE;
+                       else
+                               pAd->CommonCfg.RadarDetect.FixDfsLimit = FALSE;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("FixDfsLimit=%d\n", pAd->CommonCfg.RadarDetect.FixDfsLimit));
+               }
+
+               // LongPulseRadarTh
+               if(RTMPGetKeyParameter("LongPulseRadarTh", tmpbuf, 10, pBuffer, TRUE))
+               {
+                   if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.LongPulseRadarTh = simple_strtol(tmpbuf, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("LongPulseRadarTh=%d\n", pAd->CommonCfg.RadarDetect.LongPulseRadarTh));
+               }
+
+               // AvgRssiReq
+               if(RTMPGetKeyParameter("AvgRssiReq", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.RadarDetect.AvgRssiReq = simple_strtol(tmpbuf, 0, 10);
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("AvgRssiReq=%d\n", pAd->CommonCfg.RadarDetect.AvgRssiReq));
+               }
+
+#endif // MERGE_ARCH_TEAM //
+
+               //RDRegion
+               if(RTMPGetKeyParameter("RDRegion", tmpbuf, 128, pBuffer, TRUE))
+               {
+                                               RADAR_DETECT_STRUCT     *pRadarDetect = &pAd->CommonCfg.RadarDetect;
+                       if ((strncmp(tmpbuf, "JAP_W53", 7) == 0) || (strncmp(tmpbuf, "jap_w53", 7) == 0))
+                       {
+                                                       pRadarDetect->RDDurRegion = JAP_W53;
+                                                       pRadarDetect->DfsSessionTime = 15;
+                       }
+                       else if ((strncmp(tmpbuf, "JAP_W56", 7) == 0) || (strncmp(tmpbuf, "jap_w56", 7) == 0))
+                       {
+                                                       pRadarDetect->RDDurRegion = JAP_W56;
+                                                       pRadarDetect->DfsSessionTime = 13;
+                       }
+                       else if ((strncmp(tmpbuf, "JAP", 3) == 0) || (strncmp(tmpbuf, "jap", 3) == 0))
+                       {
+                                                       pRadarDetect->RDDurRegion = JAP;
+                                                       pRadarDetect->DfsSessionTime = 5;
+                       }
+                       else  if ((strncmp(tmpbuf, "FCC", 3) == 0) || (strncmp(tmpbuf, "fcc", 3) == 0))
+                       {
+                                                       pRadarDetect->RDDurRegion = FCC;
+                                                       pRadarDetect->DfsSessionTime = 5;
+#ifdef DFS_FCC_BW40_FIX
+                                                       pRadarDetect->DfsSessionFccOff = 0;
+#endif // DFS_FCC_BW40_FIX //
+                       }
+                       else if ((strncmp(tmpbuf, "CE", 2) == 0) || (strncmp(tmpbuf, "ce", 2) == 0))
+                       {
+                                                       pRadarDetect->RDDurRegion = CE;
+                                                       pRadarDetect->DfsSessionTime = 13;
+                       }
+                       else
+                       {
+                                                       pRadarDetect->RDDurRegion = CE;
+                                                       pRadarDetect->DfsSessionTime = 13;
+                       }
+
+                                               DBGPRINT(RT_DEBUG_TRACE, ("RDRegion=%d\n", pRadarDetect->RDDurRegion));
+               }
+               else
+               {
+                       pAd->CommonCfg.RadarDetect.RDDurRegion = CE;
+                       pAd->CommonCfg.RadarDetect.DfsSessionTime = 13;
+               }
+
+               //WirelessEvent
+               if(RTMPGetKeyParameter("WirelessEvent", tmpbuf, 10, pBuffer, TRUE))
+               {
+#if WIRELESS_EXT >= 15
+                   if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.bWirelessEvent = simple_strtol(tmpbuf, 0, 10);
+                       else
+                               pAd->CommonCfg.bWirelessEvent = 0;      // disable
+#else
+                       pAd->CommonCfg.bWirelessEvent = 0;      // disable
+#endif
+                               DBGPRINT(RT_DEBUG_TRACE, ("WirelessEvent=%d\n", pAd->CommonCfg.bWirelessEvent));
+               }
+               if(RTMPGetKeyParameter("WiFiTest", tmpbuf, 10, pBuffer, TRUE))
+               {
+                   if(simple_strtol(tmpbuf, 0, 10) != 0)
+                               pAd->CommonCfg.bWiFiTest= simple_strtol(tmpbuf, 0, 10);
+                       else
+                               pAd->CommonCfg.bWiFiTest = 0;   // disable
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("WiFiTest=%d\n", pAd->CommonCfg.bWiFiTest));
+               }
+               //AuthMode
+               if(RTMPGetKeyParameter("AuthMode", tmpbuf, 128, pBuffer, TRUE))
+               {
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       {
+                               if ((strcmp(tmpbuf, "WEPAUTO") == 0) || (strcmp(tmpbuf, "wepauto") == 0))
+                                   pAd->StaCfg.AuthMode = Ndis802_11AuthModeAutoSwitch;
+                               else if ((strcmp(tmpbuf, "SHARED") == 0) || (strcmp(tmpbuf, "shared") == 0))
+                                   pAd->StaCfg.AuthMode = Ndis802_11AuthModeShared;
+                               else if ((strcmp(tmpbuf, "WPAPSK") == 0) || (strcmp(tmpbuf, "wpapsk") == 0))
+                                   pAd->StaCfg.AuthMode = Ndis802_11AuthModeWPAPSK;
+                               else if ((strcmp(tmpbuf, "WPANONE") == 0) || (strcmp(tmpbuf, "wpanone") == 0))
+                                   pAd->StaCfg.AuthMode = Ndis802_11AuthModeWPANone;
+                               else if ((strcmp(tmpbuf, "WPA2PSK") == 0) || (strcmp(tmpbuf, "wpa2psk") == 0))
+                                                           pAd->StaCfg.AuthMode = Ndis802_11AuthModeWPA2PSK;
+#ifdef WPA_SUPPLICANT_SUPPORT
+                                                       else if ((strcmp(tmpbuf, "WPA") == 0) || (strcmp(tmpbuf, "wpa") == 0))
+                                           pAd->StaCfg.AuthMode = Ndis802_11AuthModeWPA;
+                                                       else if ((strcmp(tmpbuf, "WPA2") == 0) || (strcmp(tmpbuf, "wpa2") == 0))
+                                                           pAd->StaCfg.AuthMode = Ndis802_11AuthModeWPA2;
+#endif // WPA_SUPPLICANT_SUPPORT //
+                               else
+                                   pAd->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+
+                               pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::(EncrypType=%d)\n", __FUNCTION__, pAd->StaCfg.WepStatus));
+                       }
+#endif // CONFIG_STA_SUPPORT //
+               }
+               //EncrypType
+               if(RTMPGetKeyParameter("EncrypType", tmpbuf, 128, pBuffer, TRUE))
+               {
+
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       {
+                               if ((strcmp(tmpbuf, "WEP") == 0) || (strcmp(tmpbuf, "wep") == 0))
+                                       pAd->StaCfg.WepStatus   = Ndis802_11WEPEnabled;
+                               else if ((strcmp(tmpbuf, "TKIP") == 0) || (strcmp(tmpbuf, "tkip") == 0))
+                                       pAd->StaCfg.WepStatus   = Ndis802_11Encryption2Enabled;
+                               else if ((strcmp(tmpbuf, "AES") == 0) || (strcmp(tmpbuf, "aes") == 0))
+                                       pAd->StaCfg.WepStatus   = Ndis802_11Encryption3Enabled;
+                               else
+                                       pAd->StaCfg.WepStatus   = Ndis802_11WEPDisabled;
+
+                               // Update all wepstatus related
+                               pAd->StaCfg.PairCipher          = pAd->StaCfg.WepStatus;
+                               pAd->StaCfg.GroupCipher         = pAd->StaCfg.WepStatus;
+                               pAd->StaCfg.OrigWepStatus       = pAd->StaCfg.WepStatus;
+                               pAd->StaCfg.bMixCipher          = FALSE;
+
+                               //RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, 0);
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::(EncrypType=%d)\n", __FUNCTION__, pAd->StaCfg.WepStatus));
+                       }
+#endif // CONFIG_STA_SUPPORT //
+               }
+
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if(RTMPGetKeyParameter("WPAPSK", tmpbuf, 512, pBuffer, FALSE))
+                       {
+                               int     ret = TRUE;
+
+                               tmpbuf[strlen(tmpbuf)] = '\0'; // make STA can process .$^& for WPAPSK input
+
+                               if ((pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPAPSK) &&
+                                       (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPA2PSK) &&
+                                       (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPANone)
+                                       )
+                               {
+                                       ret = FALSE;
+                               }
+                               else
+                               {
+                                       ret = RT_CfgSetWPAPSKKey(pAd, tmpbuf, (PUCHAR)pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen, pAd->StaCfg.PMK);
+                               }
+
+                               if (ret == TRUE)
+                               {
+                       RTMPZeroMemory(pAd->StaCfg.WpaPassPhrase, 64);
+                       RTMPMoveMemory(pAd->StaCfg.WpaPassPhrase, tmpbuf, strlen(tmpbuf));
+                                       pAd->StaCfg.WpaPassPhraseLen= strlen(tmpbuf);
+
+                                       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                                               (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+                                       {
+                                               // Start STA supplicant state machine
+                                               pAd->StaCfg.WpaState = SS_START;
+                                       }
+                                       else if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+                                       {
+                                               pAd->StaCfg.WpaState = SS_NOTUSE;
+                                       }
+                                       DBGPRINT(RT_DEBUG_TRACE, ("%s::(WPAPSK=%s)\n", __FUNCTION__, tmpbuf));
+                               }
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               //DefaultKeyID, KeyType, KeyStr
+               rtmp_read_key_parms_from_file(pAd, tmpbuf, pBuffer);
+
+
+               //HSCounter
+               /*if(RTMPGetKeyParameter("HSCounter", tmpbuf, 10, pBuffer, TRUE))
+               {
+                       switch (simple_strtol(tmpbuf, 0, 10))
+                       {
+                               case 1: //Enable
+                                       pAd->CommonCfg.bEnableHSCounter = TRUE;
+                                       break;
+                               case 0: //Disable
+                               default:
+                                       pAd->CommonCfg.bEnableHSCounter = FALSE;
+                                       break;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, "HSCounter=%d\n", pAd->CommonCfg.bEnableHSCounter);
+               }*/
+
+#ifdef DOT11_N_SUPPORT
+               HTParametersHook(pAd, tmpbuf, pBuffer);
+#endif // DOT11_N_SUPPORT //
+
+
+#ifdef CARRIER_DETECTION_SUPPORT
+                       //CarrierDetect
+                       if(RTMPGetKeyParameter("CarrierDetect", tmpbuf, 128, pBuffer, TRUE))
+                       {
+                               if ((strncmp(tmpbuf, "0", 1) == 0))
+                                       pAd->CommonCfg.CarrierDetect.Enable = FALSE;
+                               else if ((strncmp(tmpbuf, "1", 1) == 0))
+                                       pAd->CommonCfg.CarrierDetect.Enable = TRUE;
+                               else
+                                       pAd->CommonCfg.CarrierDetect.Enable = FALSE;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("CarrierDetect.Enable=%d\n", pAd->CommonCfg.CarrierDetect.Enable));
+                       }
+                       else
+                               pAd->CommonCfg.CarrierDetect.Enable = FALSE;
+#endif // CARRIER_DETECTION_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       //PSMode
+                       if (RTMPGetKeyParameter("PSMode", tmpbuf, 10, pBuffer, TRUE))
+                       {
+                               if (pAd->StaCfg.BssType == BSS_INFRA)
+                               {
+                                       if ((strcmp(tmpbuf, "MAX_PSP") == 0) || (strcmp(tmpbuf, "max_psp") == 0))
+                                       {
+                                               // do NOT turn on PSM bit here, wait until MlmeCheckForPsmChange()
+                                               // to exclude certain situations.
+                                               //         MlmeSetPsm(pAd, PWR_SAVE);
+                                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM);
+                                               if (pAd->StaCfg.bWindowsACCAMEnable == FALSE)
+                                                       pAd->StaCfg.WindowsPowerMode = Ndis802_11PowerModeMAX_PSP;
+                                               pAd->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeMAX_PSP;
+                                               pAd->StaCfg.DefaultListenCount = 5;
+                                       }
+                                       else if ((strcmp(tmpbuf, "Fast_PSP") == 0) || (strcmp(tmpbuf, "fast_psp") == 0)
+                                               || (strcmp(tmpbuf, "FAST_PSP") == 0))
+                                       {
+                                               // do NOT turn on PSM bit here, wait until MlmeCheckForPsmChange()
+                                               // to exclude certain situations.
+                                               //         MlmeSetPsmBit(pAd, PWR_SAVE);
+                                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM);
+                                               if (pAd->StaCfg.bWindowsACCAMEnable == FALSE)
+                                                       pAd->StaCfg.WindowsPowerMode = Ndis802_11PowerModeFast_PSP;
+                                               pAd->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeFast_PSP;
+                                               pAd->StaCfg.DefaultListenCount = 3;
+                                       }
+                                       else if ((strcmp(tmpbuf, "Legacy_PSP") == 0) || (strcmp(tmpbuf, "legacy_psp") == 0)
+                                               || (strcmp(tmpbuf, "LEGACY_PSP") == 0))
+                                       {
+                                               // do NOT turn on PSM bit here, wait until MlmeCheckForPsmChange()
+                                               // to exclude certain situations.
+                                               //         MlmeSetPsmBit(pAd, PWR_SAVE);
+                                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM);
+                                               if (pAd->StaCfg.bWindowsACCAMEnable == FALSE)
+                                                       pAd->StaCfg.WindowsPowerMode = Ndis802_11PowerModeLegacy_PSP;
+                                               pAd->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeLegacy_PSP;
+                                               pAd->StaCfg.DefaultListenCount = 3;
+                                       }
+                                       else
+                                       { //Default Ndis802_11PowerModeCAM
+                                               // clear PSM bit immediately
+                                               RTMP_SET_PSM_BIT(pAd, PWR_ACTIVE);
+                                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM);
+                                               if (pAd->StaCfg.bWindowsACCAMEnable == FALSE)
+                                                       pAd->StaCfg.WindowsPowerMode = Ndis802_11PowerModeCAM;
+                                               pAd->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeCAM;
+                                       }
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PSMode=%ld\n", pAd->StaCfg.WindowsPowerMode));
+                               }
+                       }
+                       // AutoRoaming by RSSI
+                       if (RTMPGetKeyParameter("AutoRoaming", tmpbuf, 32, pBuffer, TRUE))
+                       {
+                               if (simple_strtol(tmpbuf, 0, 10) == 0)
+                                       pAd->StaCfg.bAutoRoaming = FALSE;
+                               else
+                                       pAd->StaCfg.bAutoRoaming = TRUE;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("AutoRoaming=%d\n", pAd->StaCfg.bAutoRoaming));
+                       }
+                       // RoamThreshold
+                       if (RTMPGetKeyParameter("RoamThreshold", tmpbuf, 32, pBuffer, TRUE))
+                       {
+                               long lInfo = simple_strtol(tmpbuf, 0, 10);
+
+                               if (lInfo > 90 || lInfo < 60)
+                                       pAd->StaCfg.dBmToRoam = -70;
+                               else
+                                       pAd->StaCfg.dBmToRoam = (CHAR)(-1)*lInfo;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("RoamThreshold=%d  dBm\n", pAd->StaCfg.dBmToRoam));
+                       }
+
+                       if(RTMPGetKeyParameter("TGnWifiTest", tmpbuf, 10, pBuffer, TRUE))
+                       {
+                               if(simple_strtol(tmpbuf, 0, 10) == 0)
+                                       pAd->StaCfg.bTGnWifiTest = FALSE;
+                               else
+                                       pAd->StaCfg.bTGnWifiTest = TRUE;
+                                       DBGPRINT(RT_DEBUG_TRACE, ("TGnWifiTest=%d\n", pAd->StaCfg.bTGnWifiTest));
+                       }
+
+                       // Beacon Lost Time
+                       if (RTMPGetKeyParameter("BeaconLostTime", tmpbuf, 32, pBuffer, TRUE))
+                       {
+                               ULONG lInfo = (ULONG)simple_strtol(tmpbuf, 0, 10);
+
+                               if ((lInfo != 0) && (lInfo <= 60))
+                                       pAd->StaCfg.BeaconLostTime = (lInfo * OS_HZ);
+                               DBGPRINT(RT_DEBUG_TRACE, ("BeaconLostTime=%ld \n", pAd->StaCfg.BeaconLostTime));
+                       }
+
+
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if(RTMPGetKeyParameter("AntDiversity", tmpbuf, 10, pBuffer, TRUE))
+                       {
+                               for (i = 0, macptr = rstrtok(tmpbuf,";"); macptr; macptr = rstrtok(NULL,";"), i++)
+                               {
+                                       UCHAR Ant = simple_strtol(tmpbuf, 0, 10);
+                                       if(Ant < 3)
+                                               pAd->CommonCfg.bRxAntDiversity = Ant;
+                                       else
+                                               pAd->CommonCfg.bRxAntDiversity = ANT_DIVERSITY_DISABLE;
+
+                                       DBGPRINT(RT_DEBUG_ERROR, ("AntDiversity=%d\n", pAd->CommonCfg.bRxAntDiversity));
+                               }
+                       }
+               }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+       }while(0);
+
+
+       kfree(tmpbuf);
+
+       return NDIS_STATUS_SUCCESS;
+
+}
+
+
+#ifdef MULTIPLE_CARD_SUPPORT
+// record whether the card in the card list is used in the card file
+UINT8  MC_CardUsed[MAX_NUM_OF_MULTIPLE_CARD];
+// record used card mac address in the card list
+static UINT8  MC_CardMac[MAX_NUM_OF_MULTIPLE_CARD][6];
+
+/*
+========================================================================
+Routine Description:
+    Get card profile path.
+
+Arguments:
+    pAd
+
+Return Value:
+    TRUE               - Find a card profile
+       FALSE           - use default profile
+
+Note:
+========================================================================
+*/
+BOOLEAN RTMP_CardInfoRead(
+       IN      PRTMP_ADAPTER pAd)
+{
+#define MC_SELECT_CARDID               0       /* use CARD ID (0 ~ 31) to identify different cards */
+#define MC_SELECT_MAC                  1       /* use CARD MAC to identify different cards */
+#define MC_SELECT_CARDTYPE             2       /* use CARD type (abgn or bgn) to identify different cards */
+
+#define LETTER_CASE_TRANSLATE(txt_p, card_id)                  \
+       {       UINT32 _len; char _char;                                                \
+               for(_len=0; _len<strlen(card_id); _len++) {             \
+                       _char = *(txt_p + _len);                                        \
+                       if (('A' <= _char) && (_char <= 'Z'))           \
+                               *(txt_p+_len) = 'a'+(_char-'A');                \
+               } }
+
+       RTMP_OS_FD srcf;
+       INT retval;
+       PSTRING buffer, tmpbuf;
+       STRING card_id_buf[30], RFIC_word[30];
+       BOOLEAN flg_match_ok = FALSE;
+       INT32 card_select_method;
+       INT32 card_free_id, card_nouse_id, card_same_mac_id, card_match_id;
+       EEPROM_ANTENNA_STRUC antenna;
+       USHORT addr01, addr23, addr45;
+       UINT8 mac[6];
+       UINT32 data, card_index;
+       UCHAR *start_ptr;
+       RTMP_OS_FS_INFO osFSInfo;
+
+       // init
+       buffer = kmalloc(MAX_INI_BUFFER_SIZE, MEM_ALLOC_FLAG);
+       if (buffer == NULL)
+               return FALSE;
+
+       tmpbuf = kmalloc(MAX_PARAM_BUFFER_SIZE, MEM_ALLOC_FLAG);
+       if(tmpbuf == NULL)
+       {
+               kfree(buffer);
+               return NDIS_STATUS_FAILURE;
+       }
+
+       // get RF IC type
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &data);
+
+       if ((data & 0x30) == 0)
+               pAd->EEPROMAddressNum = 6;      // 93C46
+       else if ((data & 0x30) == 0x10)
+               pAd->EEPROMAddressNum = 8;      // 93C66
+       else
+               pAd->EEPROMAddressNum = 8;      // 93C86
+
+       RT28xx_EEPROM_READ16(pAd, EEPROM_NIC1_OFFSET, antenna.word);
+
+       if ((antenna.field.RfIcType == RFIC_2850) ||
+               (antenna.field.RfIcType == RFIC_2750))
+       {
+               /* ABGN card */
+               strcpy(RFIC_word, "abgn");
+       }
+       else
+       {
+               /* BGN card */
+               strcpy(RFIC_word, "bgn");
+       }
+
+       // get MAC address
+       RT28xx_EEPROM_READ16(pAd, 0x04, addr01);
+       RT28xx_EEPROM_READ16(pAd, 0x06, addr23);
+       RT28xx_EEPROM_READ16(pAd, 0x08, addr45);
+
+       mac[0] = (UCHAR)(addr01 & 0xff);
+       mac[1] = (UCHAR)(addr01 >> 8);
+       mac[2] = (UCHAR)(addr23 & 0xff);
+       mac[3] = (UCHAR)(addr23 >> 8);
+       mac[4] = (UCHAR)(addr45 & 0xff);
+       mac[5] = (UCHAR)(addr45 >> 8);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("mac addr=%02x:%02x:%02x:%02x:%02x:%02x!\n", PRINT_MAC(mac)));
+
+       RtmpOSFSInfoChange(&osFSInfo, TRUE);
+       // open card information file
+       srcf = RtmpOSFileOpen(CARD_INFO_PATH, O_RDONLY, 0);
+       if (IS_FILE_OPEN_ERR(srcf))
+       {
+               /* card information file does not exist */
+                       DBGPRINT(RT_DEBUG_TRACE,
+                               ("--> Error opening %s\n", CARD_INFO_PATH));
+               goto  free_resource;
+       }
+
+       /* card information file exists so reading the card information */
+       memset(buffer, 0x00, MAX_INI_BUFFER_SIZE);
+       retval = RtmpOSFileRead(srcf, buffer, MAX_INI_BUFFER_SIZE);
+       if (retval < 0)
+       {
+               /* read fail */
+                       DBGPRINT(RT_DEBUG_TRACE,
+                               ("--> Read %s error %d\n", CARD_INFO_PATH, -retval));
+       }
+       else
+       {
+               /* get card selection method */
+               memset(tmpbuf, 0x00, MAX_PARAM_BUFFER_SIZE);
+               card_select_method = MC_SELECT_CARDTYPE; // default
+
+               if (RTMPGetKeyParameter("SELECT", tmpbuf, 256, buffer, TRUE))
+               {
+                       if (strcmp(tmpbuf, "CARDID") == 0)
+                               card_select_method = MC_SELECT_CARDID;
+                       else if (strcmp(tmpbuf, "MAC") == 0)
+                               card_select_method = MC_SELECT_MAC;
+                       else if (strcmp(tmpbuf, "CARDTYPE") == 0)
+                               card_select_method = MC_SELECT_CARDTYPE;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE,
+                               ("MC> Card Selection = %d\n", card_select_method));
+
+               // init
+               card_free_id = -1;
+               card_nouse_id = -1;
+               card_same_mac_id = -1;
+               card_match_id = -1;
+
+               // search current card information records
+               for(card_index=0;
+                       card_index<MAX_NUM_OF_MULTIPLE_CARD;
+                       card_index++)
+               {
+                       if ((*(UINT32 *)&MC_CardMac[card_index][0] == 0) &&
+                               (*(UINT16 *)&MC_CardMac[card_index][4] == 0))
+                       {
+                               // MAC is all-0 so the entry is available
+                               MC_CardUsed[card_index] = 0;
+
+                               if (card_free_id < 0)
+                                       card_free_id = card_index; // 1st free entry
+                       }
+                       else
+                       {
+                               if (memcmp(MC_CardMac[card_index], mac, 6) == 0)
+                               {
+                                       // we find the entry with same MAC
+                                       if (card_same_mac_id < 0)
+                                               card_same_mac_id = card_index; // 1st same entry
+                               }
+                               else
+                               {
+                                       // MAC is not all-0 but used flag == 0
+                                       if ((MC_CardUsed[card_index] == 0) &&
+                                               (card_nouse_id < 0))
+                                       {
+                                               card_nouse_id = card_index; // 1st available entry
+                                       }
+                               }
+                       }
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE,
+                               ("MC> Free = %d, Same = %d, NOUSE = %d\n",
+                               card_free_id, card_same_mac_id, card_nouse_id));
+
+               if ((card_same_mac_id >= 0) &&
+                       ((card_select_method == MC_SELECT_CARDID) ||
+                       (card_select_method == MC_SELECT_CARDTYPE)))
+               {
+                       // same MAC entry is found
+                       card_match_id = card_same_mac_id;
+
+                       if (card_select_method == MC_SELECT_CARDTYPE)
+                       {
+                               // for CARDTYPE
+                               sprintf(card_id_buf, "%02dCARDTYPE%s",
+                                               card_match_id, RFIC_word);
+
+                               if ((start_ptr = (PUCHAR)rtstrstruncasecmp(buffer, card_id_buf)) != NULL)
+                               {
+                                       // we found the card ID
+                                       LETTER_CASE_TRANSLATE(start_ptr, card_id_buf);
+                               }
+                       }
+               }
+               else
+               {
+                       // the card is 1st plug-in, try to find the match card profile
+                       switch(card_select_method)
+                       {
+                               case MC_SELECT_CARDID: // CARDID
+                               default:
+                                       if (card_free_id >= 0)
+                                               card_match_id = card_free_id;
+                                       else
+                                               card_match_id = card_nouse_id;
+                                       break;
+
+                               case MC_SELECT_MAC: // MAC
+                                       sprintf(card_id_buf, "MAC%02x:%02x:%02x:%02x:%02x:%02x",
+                                                       mac[0], mac[1], mac[2],
+                                                       mac[3], mac[4], mac[5]);
+
+                                       /* try to find the key word in the card file */
+                                       if ((start_ptr = (PUCHAR)rtstrstruncasecmp(buffer, card_id_buf)) != NULL)
+                                       {
+                                               LETTER_CASE_TRANSLATE(start_ptr, card_id_buf);
+
+                                               /* get the row ID (2 ASCII characters) */
+                                               start_ptr -= 2;
+                                               card_id_buf[0] = *(start_ptr);
+                                               card_id_buf[1] = *(start_ptr+1);
+                                               card_id_buf[2] = 0x00;
+
+                                               card_match_id = simple_strtol(card_id_buf, 0, 10);
+                                       }
+                                       break;
+
+                               case MC_SELECT_CARDTYPE: // CARDTYPE
+                                       card_nouse_id = -1;
+
+                                       for(card_index=0;
+                                               card_index<MAX_NUM_OF_MULTIPLE_CARD;
+                                               card_index++)
+                                       {
+                                               sprintf(card_id_buf, "%02dCARDTYPE%s",
+                                                               card_index, RFIC_word);
+
+                                               if ((start_ptr = (PUCHAR)rtstrstruncasecmp(buffer,
+                                                                                                       card_id_buf)) != NULL)
+                                               {
+                                                       LETTER_CASE_TRANSLATE(start_ptr, card_id_buf);
+
+                                                       if (MC_CardUsed[card_index] == 0)
+                                                       {
+                                                               /* current the card profile is not used */
+                                                               if ((*(UINT32 *)&MC_CardMac[card_index][0] == 0) &&
+                                                                       (*(UINT16 *)&MC_CardMac[card_index][4] == 0))
+                                                               {
+                                                                       // find it and no previous card use it
+                                                                       card_match_id = card_index;
+                                                                       break;
+                                                               }
+                                                               else
+                                                               {
+                                                                       // ever a card use it
+                                                                       if (card_nouse_id < 0)
+                                                                               card_nouse_id = card_index;
+                                                               }
+                                                       }
+                                               }
+                                       }
+
+                                       // if not find a free one, use the available one
+                                       if (card_match_id < 0)
+                                               card_match_id = card_nouse_id;
+                                       break;
+                       }
+               }
+
+               if (card_match_id >= 0)
+               {
+                       // make up search keyword
+                       switch(card_select_method)
+                       {
+                               case MC_SELECT_CARDID: // CARDID
+                                       sprintf(card_id_buf, "%02dCARDID", card_match_id);
+                                       break;
+
+                               case MC_SELECT_MAC: // MAC
+                                       sprintf(card_id_buf,
+                                                       "%02dmac%02x:%02x:%02x:%02x:%02x:%02x",
+                                                       card_match_id,
+                                                       mac[0], mac[1], mac[2],
+                                                       mac[3], mac[4], mac[5]);
+                                       break;
+
+                               case MC_SELECT_CARDTYPE: // CARDTYPE
+                               default:
+                                       sprintf(card_id_buf, "%02dcardtype%s",
+                                                       card_match_id, RFIC_word);
+                                       break;
+                       }
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("Search Keyword = %s\n", card_id_buf));
+
+                       // read card file path
+                       if (RTMPGetKeyParameter(card_id_buf, tmpbuf, 256, buffer, TRUE))
+                       {
+                               if (strlen(tmpbuf) < sizeof(pAd->MC_FileName))
+                               {
+                                       // backup card information
+                                       pAd->MC_RowID = card_match_id; /* base 0 */
+                                       MC_CardUsed[card_match_id] = 1;
+                                       memcpy(MC_CardMac[card_match_id], mac, sizeof(mac));
+
+                                       // backup card file path
+                                       NdisMoveMemory(pAd->MC_FileName, tmpbuf , strlen(tmpbuf));
+                                       pAd->MC_FileName[strlen(tmpbuf)] = '\0';
+                                       flg_match_ok = TRUE;
+
+                                       DBGPRINT(RT_DEBUG_TRACE,
+                                                       ("Card Profile Name = %s\n", pAd->MC_FileName));
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_ERROR,
+                                                       ("Card Profile Name length too large!\n"));
+                               }
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR,
+                                               ("Can not find search key word in card.dat!\n"));
+                       }
+
+                       if ((flg_match_ok != TRUE) &&
+                               (card_match_id < MAX_NUM_OF_MULTIPLE_CARD))
+                       {
+                               MC_CardUsed[card_match_id] = 0;
+                               memset(MC_CardMac[card_match_id], 0, sizeof(mac));
+                       }
+               } // if (card_match_id >= 0)
+       }
+
+
+       // close file
+       retval = RtmpOSFileClose(srcf);
+
+free_resource:
+       RtmpOSFSInfoChange(&osFSInfo, FALSE);
+       kfree(buffer);
+       kfree(tmpbuf);
+
+       return flg_match_ok;
+}
+#endif // MULTIPLE_CARD_SUPPORT //
diff --git a/drivers/staging/rt3090/common/cmm_sanity.c b/drivers/staging/rt3090/common/cmm_sanity.c
new file mode 100644 (file)
index 0000000..de631c3
--- /dev/null
@@ -0,0 +1,1718 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       sanity.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John Chang  2004-09-01      add WMM support
+*/
+
+#include "../rt_config.h"
+
+
+extern UCHAR   CISCO_OUI[];
+
+extern UCHAR   WPA_OUI[];
+extern UCHAR   RSN_OUI[];
+extern UCHAR   WME_INFO_ELEM[];
+extern UCHAR   WME_PARM_ELEM[];
+extern UCHAR   Ccx2QosInfo[];
+extern UCHAR   RALINK_OUI[];
+extern UCHAR   BROADCOM_OUI[];
+extern UCHAR    WPS_OUI[];
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN MlmeAddBAReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2)
+{
+    PMLME_ADDBA_REQ_STRUCT   pInfo;
+
+    pInfo = (MLME_ADDBA_REQ_STRUCT *)Msg;
+
+    if ((MsgLen != sizeof(MLME_ADDBA_REQ_STRUCT)))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - message lenght not correct.\n"));
+        return FALSE;
+    }
+
+    if ((pInfo->Wcid >= MAX_LEN_OF_MAC_TABLE))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - The peer Mac is not associated yet.\n"));
+        return FALSE;
+    }
+
+       /*
+    if ((pInfo->BaBufSize > MAX_RX_REORDERBUF) || (pInfo->BaBufSize < 2))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - Rx Reordering buffer too big or too small\n"));
+        return FALSE;
+    }
+       */
+
+    if ((pInfo->pAddr[0]&0x01) == 0x01)
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeAddBAReqSanity fail - broadcast address not support BA\n"));
+        return FALSE;
+    }
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN MlmeDelBAReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen)
+{
+       MLME_DELBA_REQ_STRUCT *pInfo;
+       pInfo = (MLME_DELBA_REQ_STRUCT *)Msg;
+
+    if ((MsgLen != sizeof(MLME_DELBA_REQ_STRUCT)))
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - message lenght not correct.\n"));
+        return FALSE;
+    }
+
+    if ((pInfo->Wcid >= MAX_LEN_OF_MAC_TABLE))
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - The peer Mac is not associated yet.\n"));
+        return FALSE;
+    }
+
+    if ((pInfo->TID & 0xf0))
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - The peer TID is incorrect.\n"));
+        return FALSE;
+    }
+
+       if (NdisEqualMemory(pAd->MacTab.Content[pInfo->Wcid].Addr, pInfo->Addr, MAC_ADDR_LEN) == 0)
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("MlmeDelBAReqSanity fail - the peer addr dosen't exist.\n"));
+        return FALSE;
+    }
+
+    return TRUE;
+}
+
+BOOLEAN PeerAddBAReqActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen,
+       OUT PUCHAR pAddr2)
+{
+       PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
+       PFRAME_ADDBA_REQ pAddFrame;
+       pAddFrame = (PFRAME_ADDBA_REQ)(pMsg);
+       if (MsgLen < (sizeof(FRAME_ADDBA_REQ)))
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request frame length size = %ld incorrect\n", MsgLen));
+               return FALSE;
+       }
+       // we support immediate BA.
+#ifdef UNALIGNMENT_SUPPORT
+       {
+               BA_PARM         tmpBaParm;
+
+               NdisMoveMemory((PUCHAR)(&tmpBaParm), (PUCHAR)(&pAddFrame->BaParm), sizeof(BA_PARM));
+               *(USHORT *)(&tmpBaParm) = cpu2le16(*(USHORT *)(&tmpBaParm));
+               NdisMoveMemory((PUCHAR)(&pAddFrame->BaParm), (PUCHAR)(&tmpBaParm), sizeof(BA_PARM));
+       }
+#else
+       *(USHORT *)(&pAddFrame->BaParm) = cpu2le16(*(USHORT *)(&pAddFrame->BaParm));
+#endif
+       pAddFrame->TimeOutValue = cpu2le16(pAddFrame->TimeOutValue);
+       pAddFrame->BaStartSeq.word = cpu2le16(pAddFrame->BaStartSeq.word);
+
+       if (pAddFrame->BaParm.BAPolicy != IMMED_BA)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request Ba Policy[%d] not support\n", pAddFrame->BaParm.BAPolicy));
+               DBGPRINT(RT_DEBUG_ERROR,("ADDBA Request. tid=%x, Bufsize=%x, AMSDUSupported=%x \n", pAddFrame->BaParm.TID, pAddFrame->BaParm.BufSize, pAddFrame->BaParm.AMSDUSupported));
+               return FALSE;
+       }
+
+       // we support immediate BA.
+       if (pAddFrame->BaParm.TID &0xfff0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Request incorrect TID = %d\n", pAddFrame->BaParm.TID));
+               return FALSE;
+       }
+       COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+       return TRUE;
+}
+
+BOOLEAN PeerAddBARspActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen)
+{
+       //PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
+       PFRAME_ADDBA_RSP pAddFrame;
+
+       pAddFrame = (PFRAME_ADDBA_RSP)(pMsg);
+       if (MsgLen < (sizeof(FRAME_ADDBA_RSP)))
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBARspActionSanity: ADDBA Response frame length size = %ld incorrect\n", MsgLen));
+               return FALSE;
+       }
+       // we support immediate BA.
+#ifdef UNALIGNMENT_SUPPORT
+       {
+               BA_PARM         tmpBaParm;
+
+               NdisMoveMemory((PUCHAR)(&tmpBaParm), (PUCHAR)(&pAddFrame->BaParm), sizeof(BA_PARM));
+               *(USHORT *)(&tmpBaParm) = cpu2le16(*(USHORT *)(&tmpBaParm));
+               NdisMoveMemory((PUCHAR)(&pAddFrame->BaParm), (PUCHAR)(&tmpBaParm), sizeof(BA_PARM));
+       }
+#else
+       *(USHORT *)(&pAddFrame->BaParm) = cpu2le16(*(USHORT *)(&pAddFrame->BaParm));
+#endif
+       pAddFrame->StatusCode = cpu2le16(pAddFrame->StatusCode);
+       pAddFrame->TimeOutValue = cpu2le16(pAddFrame->TimeOutValue);
+
+       if (pAddFrame->BaParm.BAPolicy != IMMED_BA)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBAReqActionSanity: ADDBA Response Ba Policy[%d] not support\n", pAddFrame->BaParm.BAPolicy));
+               return FALSE;
+       }
+
+       // we support immediate BA.
+       if (pAddFrame->BaParm.TID &0xfff0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("PeerAddBARspActionSanity: ADDBA Response incorrect TID = %d\n", pAddFrame->BaParm.TID));
+               return FALSE;
+       }
+       return TRUE;
+
+}
+
+BOOLEAN PeerDelBAActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN UCHAR Wcid,
+    IN VOID *pMsg,
+    IN ULONG MsgLen )
+{
+       //PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
+       PFRAME_DELBA_REQ  pDelFrame;
+       if (MsgLen != (sizeof(FRAME_DELBA_REQ)))
+               return FALSE;
+
+       if (Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return FALSE;
+
+       pDelFrame = (PFRAME_DELBA_REQ)(pMsg);
+
+       *(USHORT *)(&pDelFrame->DelbaParm) = cpu2le16(*(USHORT *)(&pDelFrame->DelbaParm));
+       pDelFrame->ReasonCode = cpu2le16(pDelFrame->ReasonCode);
+
+       if (pDelFrame->DelbaParm.TID &0xfff0)
+               return FALSE;
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerBeaconAndProbeRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    IN UCHAR  MsgChannel,
+    OUT PUCHAR pAddr2,
+    OUT PUCHAR pBssid,
+    OUT CHAR Ssid[],
+    OUT UCHAR *pSsidLen,
+    OUT UCHAR *pBssType,
+    OUT USHORT *pBeaconPeriod,
+    OUT UCHAR *pChannel,
+    OUT UCHAR *pNewChannel,
+    OUT LARGE_INTEGER *pTimestamp,
+    OUT CF_PARM *pCfParm,
+    OUT USHORT *pAtimWin,
+    OUT USHORT *pCapabilityInfo,
+    OUT UCHAR *pErp,
+    OUT UCHAR *pDtimCount,
+    OUT UCHAR *pDtimPeriod,
+    OUT UCHAR *pBcastFlag,
+    OUT UCHAR *pMessageToMe,
+    OUT UCHAR SupRate[],
+    OUT UCHAR *pSupRateLen,
+    OUT UCHAR ExtRate[],
+    OUT UCHAR *pExtRateLen,
+    OUT        UCHAR *pCkipFlag,
+    OUT        UCHAR *pAironetCellPowerLimit,
+    OUT PEDCA_PARM       pEdcaParm,
+    OUT PQBSS_LOAD_PARM  pQbssLoad,
+    OUT PQOS_CAPABILITY_PARM pQosCapability,
+    OUT ULONG *pRalinkIe,
+    OUT UCHAR           *pHtCapabilityLen,
+#ifdef CONFIG_STA_SUPPORT
+    OUT UCHAR           *pPreNHtCapabilityLen,
+#endif // CONFIG_STA_SUPPORT //
+    OUT HT_CAPABILITY_IE *pHtCapability,
+       OUT UCHAR                *AddHtInfoLen,
+       OUT ADD_HT_INFO_IE *AddHtInfo,
+       OUT UCHAR *NewExtChannelOffset,         // Ht extension channel offset(above or below)
+    OUT USHORT *LengthVIE,
+    OUT        PNDIS_802_11_VARIABLE_IEs pVIE)
+{
+    UCHAR                              *Ptr;
+#ifdef CONFIG_STA_SUPPORT
+       UCHAR                           TimLen;
+#endif // CONFIG_STA_SUPPORT //
+    PFRAME_802_11              pFrame;
+    PEID_STRUCT         pEid;
+    UCHAR                              SubType;
+    UCHAR                              Sanity;
+    //UCHAR                            ECWMin, ECWMax;
+    //MAC_CSR9_STRUC           Csr9;
+    ULONG                              Length = 0;
+
+       // For some 11a AP which didn't have DS_IE, we use two conditions to decide the channel
+       //      1. If the AP is 11n enabled, then check the control channel.
+       //      2. If the AP didn't have any info about channel, use the channel we received this frame as the channel. (May inaccuracy!!)
+       UCHAR                   CtrlChannel = 0;
+
+    // Add for 3 necessary EID field check
+    Sanity = 0;
+
+    *pAtimWin = 0;
+    *pErp = 0;
+    *pDtimCount = 0;
+    *pDtimPeriod = 0;
+    *pBcastFlag = 0;
+    *pMessageToMe = 0;
+    *pExtRateLen = 0;
+    *pCkipFlag = 0;                            // Default of CkipFlag is 0
+    *pAironetCellPowerLimit = 0xFF;  // Default of AironetCellPowerLimit is 0xFF
+    *LengthVIE = 0;                                    // Set the length of VIE to init value 0
+    *pHtCapabilityLen = 0;                                     // Set the length of VIE to init value 0
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+               *pPreNHtCapabilityLen = 0;                                      // Set the length of VIE to init value 0
+#endif // CONFIG_STA_SUPPORT //
+    *AddHtInfoLen = 0;                                 // Set the length of VIE to init value 0
+    *pRalinkIe = 0;
+    *pNewChannel = 0;
+    *NewExtChannelOffset = 0xff;       //Default 0xff means no such IE
+    pCfParm->bValid = FALSE;        // default: no IE_CF found
+    pQbssLoad->bValid = FALSE;      // default: no IE_QBSS_LOAD found
+    pEdcaParm->bValid = FALSE;      // default: no IE_EDCA_PARAMETER found
+    pQosCapability->bValid = FALSE; // default: no IE_QOS_CAPABILITY found
+
+    pFrame = (PFRAME_802_11)Msg;
+
+    // get subtype from header
+    SubType = (UCHAR)pFrame->Hdr.FC.SubType;
+
+    // get Addr2 and BSSID from header
+    COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+    COPY_MAC_ADDR(pBssid, pFrame->Hdr.Addr3);
+
+//     hex_dump("Beacon", Msg, MsgLen);
+
+    Ptr = pFrame->Octet;
+    Length += LENGTH_802_11;
+
+    // get timestamp from payload and advance the pointer
+    NdisMoveMemory(pTimestamp, Ptr, TIMESTAMP_LEN);
+
+       pTimestamp->u.LowPart = cpu2le32(pTimestamp->u.LowPart);
+       pTimestamp->u.HighPart = cpu2le32(pTimestamp->u.HighPart);
+
+    Ptr += TIMESTAMP_LEN;
+    Length += TIMESTAMP_LEN;
+
+    // get beacon interval from payload and advance the pointer
+    NdisMoveMemory(pBeaconPeriod, Ptr, 2);
+    Ptr += 2;
+    Length += 2;
+
+    // get capability info from payload and advance the pointer
+    NdisMoveMemory(pCapabilityInfo, Ptr, 2);
+    Ptr += 2;
+    Length += 2;
+
+    if (CAP_IS_ESS_ON(*pCapabilityInfo))
+        *pBssType = BSS_INFRA;
+    else
+        *pBssType = BSS_ADHOC;
+
+    pEid = (PEID_STRUCT) Ptr;
+
+    // get variable fields from payload and advance the pointer
+    while ((Length + 2 + pEid->Len) <= MsgLen)
+    {
+        //
+        // Secure copy VIE to VarIE[MAX_VIE_LEN] didn't overflow.
+        //
+        if ((*LengthVIE + pEid->Len + 2) >= MAX_VIE_LEN)
+        {
+            DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - Variable IEs out of resource [len(=%d) > MAX_VIE_LEN(=%d)]\n",
+                    (*LengthVIE + pEid->Len + 2), MAX_VIE_LEN));
+            break;
+        }
+
+        switch(pEid->Eid)
+        {
+            case IE_SSID:
+                // Already has one SSID EID in this beacon, ignore the second one
+                if (Sanity & 0x1)
+                    break;
+                if(pEid->Len <= MAX_LEN_OF_SSID)
+                {
+                    NdisMoveMemory(Ssid, pEid->Octet, pEid->Len);
+                    *pSsidLen = pEid->Len;
+                    Sanity |= 0x1;
+                }
+                else
+                {
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid->Len));
+                    return FALSE;
+                }
+                break;
+
+            case IE_SUPP_RATES:
+                if(pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES)
+                {
+                    Sanity |= 0x2;
+                    NdisMoveMemory(SupRate, pEid->Octet, pEid->Len);
+                    *pSupRateLen = pEid->Len;
+
+                    // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
+                    // from ScanTab. We should report as is. And filter out unsupported
+                    // rates in MlmeAux.
+                    // Check against the supported rates
+                    // RTMPCheckRates(pAd, SupRate, pSupRateLen);
+                }
+                else
+                {
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SUPP_RATES (len=%d)\n",pEid->Len));
+                    return FALSE;
+                }
+                break;
+
+            case IE_HT_CAP:
+                       if (pEid->Len >= SIZE_HT_CAP_IE)  //Note: allow extension.!!
+                       {
+                               NdisMoveMemory(pHtCapability, pEid->Octet, sizeof(HT_CAPABILITY_IE));
+                               *pHtCapabilityLen = SIZE_HT_CAP_IE;     // Nnow we only support 26 bytes.
+
+                               *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
+#ifdef UNALIGNMENT_SUPPORT
+                               {
+                                       EXT_HT_CAP_INFO extHtCapInfo;
+                                       NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                       *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
+                                       NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                               }
+#else
+                               *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
+#endif // UNALIGNMENT_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       *pPreNHtCapabilityLen = 0;      // Now we only support 26 bytes.
+
+                                       Ptr = (PUCHAR) pVIE;
+                                       NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
+                                       *LengthVIE += (pEid->Len + 2);
+                               }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_HT_CAP. pEid->Len = %d\n", pEid->Len));
+                       }
+
+               break;
+            case IE_ADD_HT:
+                       if (pEid->Len >= sizeof(ADD_HT_INFO_IE))
+                       {
+                               // This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only
+                               // copy first sizeof(ADD_HT_INFO_IE)
+                               NdisMoveMemory(AddHtInfo, pEid->Octet, sizeof(ADD_HT_INFO_IE));
+                               *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;
+
+                               CtrlChannel = AddHtInfo->ControlChan;
+
+                               *(USHORT *)(&AddHtInfo->AddHtInfo2) = cpu2le16(*(USHORT *)(&AddHtInfo->AddHtInfo2));
+                               *(USHORT *)(&AddHtInfo->AddHtInfo3) = cpu2le16(*(USHORT *)(&AddHtInfo->AddHtInfo3));
+
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       Ptr = (PUCHAR) pVIE;
+                                       NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
+                                       *LengthVIE += (pEid->Len + 2);
+                               }
+#endif // CONFIG_STA_SUPPORT //
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_ADD_HT. \n"));
+                       }
+
+               break;
+            case IE_SECONDARY_CH_OFFSET:
+                       if (pEid->Len == 1)
+                       {
+                               *NewExtChannelOffset = pEid->Octet[0];
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerBeaconAndProbeRspSanity - wrong IE_SECONDARY_CH_OFFSET. \n"));
+                       }
+
+               break;
+            case IE_FH_PARM:
+                DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity(IE_FH_PARM) \n"));
+                break;
+
+            case IE_DS_PARM:
+                if(pEid->Len == 1)
+                {
+                    *pChannel = *pEid->Octet;
+#ifdef CONFIG_STA_SUPPORT
+                                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                                       {
+                                               if (ChannelSanity(pAd, *pChannel) == 0)
+                                               {
+
+                                                       return FALSE;
+                                               }
+                                       }
+#endif // CONFIG_STA_SUPPORT //
+                    Sanity |= 0x4;
+                }
+                else
+                {
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_DS_PARM (len=%d)\n",pEid->Len));
+                    return FALSE;
+                }
+                break;
+
+            case IE_CF_PARM:
+                if(pEid->Len == 6)
+                {
+                    pCfParm->bValid = TRUE;
+                    pCfParm->CfpCount = pEid->Octet[0];
+                    pCfParm->CfpPeriod = pEid->Octet[1];
+                    pCfParm->CfpMaxDuration = pEid->Octet[2] + 256 * pEid->Octet[3];
+                    pCfParm->CfpDurRemaining = pEid->Octet[4] + 256 * pEid->Octet[5];
+                }
+                else
+                {
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_CF_PARM\n"));
+                    return FALSE;
+                }
+                break;
+
+            case IE_IBSS_PARM:
+                if(pEid->Len == 2)
+                {
+                    NdisMoveMemory(pAtimWin, pEid->Octet, pEid->Len);
+                }
+                else
+                {
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_IBSS_PARM\n"));
+                    return FALSE;
+                }
+                break;
+
+#ifdef CONFIG_STA_SUPPORT
+            case IE_TIM:
+                if(INFRA_ON(pAd) && SubType == SUBTYPE_BEACON)
+                {
+                    GetTimBit((PCHAR)pEid, pAd->StaActive.Aid, &TimLen, pBcastFlag, pDtimCount, pDtimPeriod, pMessageToMe);
+                }
+                break;
+#endif // CONFIG_STA_SUPPORT //
+            case IE_CHANNEL_SWITCH_ANNOUNCEMENT:
+                if(pEid->Len == 3)
+                {
+                       *pNewChannel = pEid->Octet[1];  //extract new channel number
+                }
+                break;
+
+            // New for WPA
+            // CCX v2 has the same IE, we need to parse that too
+            // Wifi WMM use the same IE vale, need to parse that too
+            // case IE_WPA:
+            case IE_VENDOR_SPECIFIC:
+                // Check Broadcom/Atheros 802.11n OUI version, for HT Capability IE.
+                // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan.
+                /*if (NdisEqualMemory(pEid->Octet, BROADCOM_OUI, 3) && (pEid->Len >= 4))
+                {
+                       if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 30))
+                       {
+                               {
+                                       NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE));
+                                       *pHtCapabilityLen = SIZE_HT_CAP_IE;     // Nnow we only support 26 bytes.
+                               }
+                       }
+                       if ((pEid->Octet[3] == OUI_BROADCOM_HT) && (pEid->Len >= 26))
+                       {
+                               {
+                                       NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE));
+                                       *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;    // Nnow we only support 26 bytes.
+                               }
+                       }
+                }
+                               */
+                // Check the OUI version, filter out non-standard usage
+                if (NdisEqualMemory(pEid->Octet, RALINK_OUI, 3) && (pEid->Len == 7))
+                {
+                    //*pRalinkIe = pEid->Octet[3];
+                    if (pEid->Octet[3] != 0)
+                                       *pRalinkIe = pEid->Octet[3];
+                               else
+                                       *pRalinkIe = 0xf0000000; // Set to non-zero value (can't set bit0-2) to represent this is Ralink Chip. So at linkup, we will set ralinkchip flag.
+                }
+#ifdef CONFIG_STA_SUPPORT
+#ifdef DOT11_N_SUPPORT
+               // This HT IE is before IEEE draft set HT IE value.2006-09-28 by Jan.
+
+                // Other vendors had production before IE_HT_CAP value is assigned. To backward support those old-firmware AP,
+                // Check broadcom-defiend pre-802.11nD1.0 OUI for HT related IE, including HT Capatilities IE and HT Information IE
+                else if ((*pHtCapabilityLen == 0) && NdisEqualMemory(pEid->Octet, PRE_N_HT_OUI, 3) && (pEid->Len >= 4) && (pAd->OpMode == OPMODE_STA))
+                {
+                    if ((pEid->Octet[3] == OUI_PREN_HT_CAP) && (pEid->Len >= 30) && (*pHtCapabilityLen == 0))
+                    {
+                        NdisMoveMemory(pHtCapability, &pEid->Octet[4], sizeof(HT_CAPABILITY_IE));
+                        *pPreNHtCapabilityLen = SIZE_HT_CAP_IE;
+                    }
+
+                    if ((pEid->Octet[3] == OUI_PREN_ADD_HT) && (pEid->Len >= 26))
+                    {
+                        NdisMoveMemory(AddHtInfo, &pEid->Octet[4], sizeof(ADD_HT_INFO_IE));
+                        *AddHtInfoLen = SIZE_ADD_HT_INFO_IE;
+                    }
+                }
+#endif // DOT11_N_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+                else if (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
+                {
+                    // Copy to pVIE which will report to microsoft bssid list.
+                    Ptr = (PUCHAR) pVIE;
+                    NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
+                    *LengthVIE += (pEid->Len + 2);
+                }
+                else if (NdisEqualMemory(pEid->Octet, WME_PARM_ELEM, 6) && (pEid->Len == 24))
+                {
+                    PUCHAR ptr;
+                    int i;
+
+                    // parsing EDCA parameters
+                    pEdcaParm->bValid          = TRUE;
+                    pEdcaParm->bQAck           = FALSE; // pEid->Octet[0] & 0x10;
+                    pEdcaParm->bQueueRequest   = FALSE; // pEid->Octet[0] & 0x20;
+                    pEdcaParm->bTxopRequest    = FALSE; // pEid->Octet[0] & 0x40;
+                    pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f;
+                    pEdcaParm->bAPSDCapable    = (pEid->Octet[6] & 0x80) ? 1 : 0;
+                    ptr = &pEid->Octet[8];
+                    for (i=0; i<4; i++)
+                    {
+                        UCHAR aci = (*ptr & 0x60) >> 5; // b5~6 is AC INDEX
+                        pEdcaParm->bACM[aci]  = (((*ptr) & 0x10) == 0x10);   // b5 is ACM
+                        pEdcaParm->Aifsn[aci] = (*ptr) & 0x0f;               // b0~3 is AIFSN
+                        pEdcaParm->Cwmin[aci] = *(ptr+1) & 0x0f;             // b0~4 is Cwmin
+                        pEdcaParm->Cwmax[aci] = *(ptr+1) >> 4;               // b5~8 is Cwmax
+                        pEdcaParm->Txop[aci]  = *(ptr+2) + 256 * (*(ptr+3)); // in unit of 32-us
+                        ptr += 4; // point to next AC
+                    }
+                }
+                else if (NdisEqualMemory(pEid->Octet, WME_INFO_ELEM, 6) && (pEid->Len == 7))
+                {
+                    // parsing EDCA parameters
+                    pEdcaParm->bValid          = TRUE;
+                    pEdcaParm->bQAck           = FALSE; // pEid->Octet[0] & 0x10;
+                    pEdcaParm->bQueueRequest   = FALSE; // pEid->Octet[0] & 0x20;
+                    pEdcaParm->bTxopRequest    = FALSE; // pEid->Octet[0] & 0x40;
+                    pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f;
+                    pEdcaParm->bAPSDCapable    = (pEid->Octet[6] & 0x80) ? 1 : 0;
+
+                    // use default EDCA parameter
+                    pEdcaParm->bACM[QID_AC_BE]  = 0;
+                    pEdcaParm->Aifsn[QID_AC_BE] = 3;
+                    pEdcaParm->Cwmin[QID_AC_BE] = CW_MIN_IN_BITS;
+                    pEdcaParm->Cwmax[QID_AC_BE] = CW_MAX_IN_BITS;
+                    pEdcaParm->Txop[QID_AC_BE]  = 0;
+
+                    pEdcaParm->bACM[QID_AC_BK]  = 0;
+                    pEdcaParm->Aifsn[QID_AC_BK] = 7;
+                    pEdcaParm->Cwmin[QID_AC_BK] = CW_MIN_IN_BITS;
+                    pEdcaParm->Cwmax[QID_AC_BK] = CW_MAX_IN_BITS;
+                    pEdcaParm->Txop[QID_AC_BK]  = 0;
+
+                    pEdcaParm->bACM[QID_AC_VI]  = 0;
+                    pEdcaParm->Aifsn[QID_AC_VI] = 2;
+                    pEdcaParm->Cwmin[QID_AC_VI] = CW_MIN_IN_BITS-1;
+                    pEdcaParm->Cwmax[QID_AC_VI] = CW_MAX_IN_BITS;
+                    pEdcaParm->Txop[QID_AC_VI]  = 96;   // AC_VI: 96*32us ~= 3ms
+
+                    pEdcaParm->bACM[QID_AC_VO]  = 0;
+                    pEdcaParm->Aifsn[QID_AC_VO] = 2;
+                    pEdcaParm->Cwmin[QID_AC_VO] = CW_MIN_IN_BITS-2;
+                    pEdcaParm->Cwmax[QID_AC_VO] = CW_MAX_IN_BITS-1;
+                    pEdcaParm->Txop[QID_AC_VO]  = 48;   // AC_VO: 48*32us ~= 1.5ms
+                }
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+
+                break;
+
+            case IE_EXT_SUPP_RATES:
+                if (pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES)
+                {
+                    NdisMoveMemory(ExtRate, pEid->Octet, pEid->Len);
+                    *pExtRateLen = pEid->Len;
+
+                    // TODO: 2004-09-14 not a good design here, cause it exclude extra rates
+                    // from ScanTab. We should report as is. And filter out unsupported
+                    // rates in MlmeAux.
+                    // Check against the supported rates
+                    // RTMPCheckRates(pAd, ExtRate, pExtRateLen);
+                }
+                break;
+
+            case IE_ERP:
+                if (pEid->Len == 1)
+                {
+                    *pErp = (UCHAR)pEid->Octet[0];
+                }
+                break;
+
+            case IE_AIRONET_CKIP:
+                // 0. Check Aironet IE length, it must be larger or equal to 28
+                // Cisco AP350 used length as 28
+                // Cisco AP12XX used length as 30
+                if (pEid->Len < (CKIP_NEGOTIATION_LENGTH - 2))
+                    break;
+
+                // 1. Copy CKIP flag byte to buffer for process
+                *pCkipFlag = *(pEid->Octet + 8);
+                break;
+
+            case IE_AP_TX_POWER:
+                // AP Control of Client Transmit Power
+                //0. Check Aironet IE length, it must be 6
+                if (pEid->Len != 0x06)
+                    break;
+
+                // Get cell power limit in dBm
+                if (NdisEqualMemory(pEid->Octet, CISCO_OUI, 3) == 1)
+                    *pAironetCellPowerLimit = *(pEid->Octet + 4);
+                break;
+
+            // WPA2 & 802.11i RSN
+            case IE_RSN:
+                // There is no OUI for version anymore, check the group cipher OUI before copying
+                if (RTMPEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
+                {
+                    // Copy to pVIE which will report to microsoft bssid list.
+                    Ptr = (PUCHAR) pVIE;
+                    NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
+                    *LengthVIE += (pEid->Len + 2);
+                }
+                break;
+#ifdef CONFIG_STA_SUPPORT
+#ifdef EXT_BUILD_CHANNEL_LIST
+                       case IE_COUNTRY:
+                               Ptr = (PUCHAR) pVIE;
+                NdisMoveMemory(Ptr + *LengthVIE, &pEid->Eid, pEid->Len + 2);
+                *LengthVIE += (pEid->Len + 2);
+                               break;
+#endif // EXT_BUILD_CHANNEL_LIST //
+#endif // CONFIG_STA_SUPPORT //
+
+
+            default:
+                break;
+        }
+
+        Length = Length + 2 + pEid->Len;  // Eid[1] + Len[1]+ content[Len]
+        pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
+    }
+
+    // For some 11a AP. it did not have the channel EID, patch here
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               UCHAR LatchRfChannel = MsgChannel;
+               if ((pAd->LatchRfRegs.Channel > 14) && ((Sanity & 0x4) == 0))
+               {
+                       if (CtrlChannel != 0)
+                               *pChannel = CtrlChannel;
+                       else
+                               *pChannel = LatchRfChannel;
+                       Sanity |= 0x4;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       if (Sanity != 0x7)
+       {
+               DBGPRINT(RT_DEBUG_LOUD, ("PeerBeaconAndProbeRspSanity - missing field, Sanity=0x%02x\n", Sanity));
+               return FALSE;
+       }
+       else
+       {
+               return TRUE;
+       }
+
+}
+
+#ifdef DOT11N_DRAFT3
+/*
+       ==========================================================================
+       Description:
+               MLME message sanity check for some IE addressed  in 802.11n d3.03.
+       Return:
+               TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+BOOLEAN PeerBeaconAndProbeRspSanity2(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *Msg,
+       IN ULONG MsgLen,
+       OUT UCHAR       *RegClass)
+{
+       CHAR                            *Ptr;
+       PFRAME_802_11           pFrame;
+       PEID_STRUCT                     pEid;
+       ULONG                           Length = 0;
+
+       pFrame = (PFRAME_802_11)Msg;
+
+       *RegClass = 0;
+       Ptr = (PCHAR) pFrame->Octet;
+       Length += LENGTH_802_11;
+
+       // get timestamp from payload and advance the pointer
+       Ptr += TIMESTAMP_LEN;
+       Length += TIMESTAMP_LEN;
+
+       // get beacon interval from payload and advance the pointer
+       Ptr += 2;
+       Length += 2;
+
+       // get capability info from payload and advance the pointer
+       Ptr += 2;
+       Length += 2;
+
+       pEid = (PEID_STRUCT) Ptr;
+
+       // get variable fields from payload and advance the pointer
+       while ((Length + 2 + pEid->Len) <= MsgLen)
+       {
+               switch(pEid->Eid)
+               {
+                       case IE_SUPP_REG_CLASS:
+                               if(pEid->Len > 0)
+                               {
+                                       *RegClass = *pEid->Octet;
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAndProbeRspSanity - wrong IE_SSID (len=%d)\n",pEid->Len));
+                                       return FALSE;
+                               }
+                               break;
+               }
+
+               Length = Length + 2 + pEid->Len;  // Eid[1] + Len[1]+ content[Len]
+               pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
+       }
+
+       return TRUE;
+
+}
+#endif // DOT11N_DRAFT3 //
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+ */
+BOOLEAN MlmeScanReqSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *Msg,
+       IN ULONG MsgLen,
+       OUT UCHAR *pBssType,
+       OUT CHAR Ssid[],
+       OUT UCHAR *pSsidLen,
+       OUT UCHAR *pScanType)
+{
+       MLME_SCAN_REQ_STRUCT *Info;
+
+       Info = (MLME_SCAN_REQ_STRUCT *)(Msg);
+       *pBssType = Info->BssType;
+       *pSsidLen = Info->SsidLen;
+       NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen);
+       *pScanType = Info->ScanType;
+
+       if ((*pBssType == BSS_INFRA || *pBssType == BSS_ADHOC || *pBssType == BSS_ANY)
+               && (*pScanType == SCAN_ACTIVE || *pScanType == SCAN_PASSIVE
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+               ))
+       {
+               return TRUE;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqSanity fail - wrong BssType or ScanType\n"));
+               return FALSE;
+       }
+}
+
+// IRQL = DISPATCH_LEVEL
+UCHAR ChannelSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN UCHAR channel)
+{
+    int i;
+
+    for (i = 0; i < pAd->ChannelListNum; i ++)
+    {
+        if (channel == pAd->ChannelList[i].Channel)
+            return 1;
+    }
+    return 0;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerDeauthSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *pReason)
+{
+    PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
+
+    COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+    NdisMoveMemory(pReason, &pFrame->Octet[0], 2);
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerAuthSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr,
+    OUT USHORT *pAlg,
+    OUT USHORT *pSeq,
+    OUT USHORT *pStatus,
+    CHAR *pChlgText)
+{
+    PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
+
+    COPY_MAC_ADDR(pAddr,   pFrame->Hdr.Addr2);
+    NdisMoveMemory(pAlg,    &pFrame->Octet[0], 2);
+    NdisMoveMemory(pSeq,    &pFrame->Octet[2], 2);
+    NdisMoveMemory(pStatus, &pFrame->Octet[4], 2);
+
+    if (*pAlg == AUTH_MODE_OPEN)
+    {
+        if (*pSeq == 1 || *pSeq == 2)
+        {
+            return TRUE;
+        }
+        else
+        {
+            DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n"));
+            return FALSE;
+        }
+    }
+    else if (*pAlg == AUTH_MODE_KEY)
+    {
+        if (*pSeq == 1 || *pSeq == 4)
+        {
+            return TRUE;
+        }
+        else if (*pSeq == 2 || *pSeq == 3)
+        {
+            NdisMoveMemory(pChlgText, &pFrame->Octet[8], CIPHER_TEXT_LEN);
+            return TRUE;
+        }
+        else
+        {
+            DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong Seg#\n"));
+            return FALSE;
+        }
+    }
+    else
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("PeerAuthSanity fail - wrong algorithm\n"));
+        return FALSE;
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+ */
+BOOLEAN MlmeAuthReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr,
+    OUT ULONG *pTimeout,
+    OUT USHORT *pAlg)
+{
+    MLME_AUTH_REQ_STRUCT *pInfo;
+
+    pInfo  = (MLME_AUTH_REQ_STRUCT *)Msg;
+    COPY_MAC_ADDR(pAddr, pInfo->Addr);
+    *pTimeout = pInfo->Timeout;
+    *pAlg = pInfo->Alg;
+
+    if (((*pAlg == AUTH_MODE_KEY) ||(*pAlg == AUTH_MODE_OPEN)
+       ) &&
+        ((*pAddr & 0x01) == 0))
+    {
+        return TRUE;
+    }
+    else
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeAuthReqSanity fail - wrong algorithm\n"));
+        return FALSE;
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN MlmeAssocReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pApAddr,
+    OUT USHORT *pCapabilityInfo,
+    OUT ULONG *pTimeout,
+    OUT USHORT *pListenIntv)
+{
+    MLME_ASSOC_REQ_STRUCT *pInfo;
+
+    pInfo = (MLME_ASSOC_REQ_STRUCT *)Msg;
+    *pTimeout = pInfo->Timeout;                             // timeout
+    COPY_MAC_ADDR(pApAddr, pInfo->Addr);                   // AP address
+    *pCapabilityInfo = pInfo->CapabilityInfo;               // capability info
+    *pListenIntv = pInfo->ListenIntv;
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerDisassocSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *pReason)
+{
+    PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
+
+    COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+    NdisMoveMemory(pReason, &pFrame->Octet[0], 2);
+
+    return TRUE;
+}
+
+/*
+       ========================================================================
+       Routine Description:
+               Sanity check NetworkType (11b, 11g or 11a)
+
+       Arguments:
+               pBss - Pointer to BSS table.
+
+       Return Value:
+        Ndis802_11DS .......(11b)
+        Ndis802_11OFDM24....(11g)
+        Ndis802_11OFDM5.....(11a)
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+NDIS_802_11_NETWORK_TYPE NetworkTypeInUseSanity(
+    IN PBSS_ENTRY pBss)
+{
+       NDIS_802_11_NETWORK_TYPE        NetWorkType;
+       UCHAR                                           rate, i;
+
+       NetWorkType = Ndis802_11DS;
+
+       if (pBss->Channel <= 14)
+       {
+               //
+               // First check support Rate.
+               //
+               for (i = 0; i < pBss->SupRateLen; i++)
+               {
+                       rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit
+                       if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22))
+                       {
+                               continue;
+                       }
+                       else
+                       {
+                               //
+                               // Otherwise (even rate > 108) means Ndis802_11OFDM24
+                               //
+                               NetWorkType = Ndis802_11OFDM24;
+                               break;
+                       }
+               }
+
+               //
+               // Second check Extend Rate.
+               //
+               if (NetWorkType != Ndis802_11OFDM24)
+               {
+                       for (i = 0; i < pBss->ExtRateLen; i++)
+                       {
+                               rate = pBss->SupRate[i] & 0x7f; // Mask out basic rate set bit
+                               if ((rate == 2) || (rate == 4) || (rate == 11) || (rate == 22))
+                               {
+                                       continue;
+                               }
+                               else
+                               {
+                                       //
+                                       // Otherwise (even rate > 108) means Ndis802_11OFDM24
+                                       //
+                                       NetWorkType = Ndis802_11OFDM24;
+                                       break;
+                               }
+                       }
+               }
+       }
+       else
+       {
+               NetWorkType = Ndis802_11OFDM5;
+       }
+
+    if (pBss->HtCapabilityLen != 0)
+    {
+        if (NetWorkType == Ndis802_11OFDM5)
+            NetWorkType = Ndis802_11OFDM5_N;
+        else
+            NetWorkType = Ndis802_11OFDM24_N;
+    }
+
+       return NetWorkType;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Check the validity of the received EAPoL frame
+    Return:
+        TRUE if all parameters are OK,
+        FALSE otherwise
+    ==========================================================================
+ */
+BOOLEAN PeerWpaMessageSanity(
+    IN PRTMP_ADAPTER           pAd,
+    IN PEAPOL_PACKET           pMsg,
+    IN ULONG                           MsgLen,
+    IN UCHAR                           MsgType,
+    IN MAC_TABLE_ENTRY         *pEntry)
+{
+       UCHAR                   mic[LEN_KEY_DESC_MIC], digest[80], KEYDATA[MAX_LEN_OF_RSNIE];
+       BOOLEAN                 bReplayDiff = FALSE;
+       BOOLEAN                 bWPA2 = FALSE;
+       KEY_INFO                EapolKeyInfo;
+       UCHAR                   GroupKeyIndex = 0;
+
+
+       NdisZeroMemory(mic, sizeof(mic));
+       NdisZeroMemory(digest, sizeof(digest));
+       NdisZeroMemory(KEYDATA, sizeof(KEYDATA));
+       NdisZeroMemory((PUCHAR)&EapolKeyInfo, sizeof(EapolKeyInfo));
+
+       NdisMoveMemory((PUCHAR)&EapolKeyInfo, (PUCHAR)&pMsg->KeyDesc.KeyInfo, sizeof(KEY_INFO));
+
+       *((USHORT *)&EapolKeyInfo) = cpu2le16(*((USHORT *)&EapolKeyInfo));
+
+       // Choose WPA2 or not
+       if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
+               bWPA2 = TRUE;
+
+       // 0. Check MsgType
+       if ((MsgType > EAPOL_GROUP_MSG_2) || (MsgType < EAPOL_PAIR_MSG_1))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("The message type is invalid(%d)! \n", MsgType));
+               return FALSE;
+       }
+
+       // 1. Replay counter check
+       if (MsgType == EAPOL_PAIR_MSG_1 || MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1) // For supplicant
+    {
+       // First validate replay counter, only accept message with larger replay counter.
+               // Let equal pass, some AP start with all zero replay counter
+               UCHAR   ZeroReplay[LEN_KEY_DESC_REPLAY];
+
+        NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY);
+               if ((RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY) != 1) &&
+                       (RTMPCompareMemory(pMsg->KeyDesc.ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
+       {
+                       bReplayDiff = TRUE;
+       }
+       }
+       else if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_4 || MsgType == EAPOL_GROUP_MSG_2)    // For authenticator
+       {
+               // check Replay Counter coresponds to MSG from authenticator, otherwise discard
+       if (!NdisEqualMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY))
+       {
+                       bReplayDiff = TRUE;
+       }
+       }
+
+       // Replay Counter different condition
+       if (bReplayDiff)
+       {
+               // send wireless event - for replay counter different
+               if (pAd->CommonCfg.bWirelessEvent)
+                       RTMPSendWirelessEvent(pAd, IW_REPLAY_COUNTER_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+               if (MsgType < EAPOL_GROUP_MSG_1)
+               {
+               DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in pairwise msg %d of 4-way handshake!\n", MsgType));
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("Replay Counter Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
+               }
+
+               hex_dump("Receive replay counter ", pMsg->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+               hex_dump("Current replay counter ", pEntry->R_Counter, LEN_KEY_DESC_REPLAY);
+        return FALSE;
+       }
+
+       // 2. Verify MIC except Pairwise Msg1
+       if (MsgType != EAPOL_PAIR_MSG_1)
+       {
+               UCHAR                   rcvd_mic[LEN_KEY_DESC_MIC];
+
+               // Record the received MIC for check later
+               NdisMoveMemory(rcvd_mic, pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
+               NdisZeroMemory(pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
+
+        if (EapolKeyInfo.KeyDescVer == DESC_TYPE_TKIP) // TKIP
+        {
+            HMAC_MD5(pEntry->PTK, LEN_EAP_MICK, (PUCHAR)pMsg, MsgLen, mic, MD5_DIGEST_SIZE);
+        }
+        else if (EapolKeyInfo.KeyDescVer == DESC_TYPE_AES)     // AES
+        {
+            HMAC_SHA1(pEntry->PTK, LEN_EAP_MICK, (PUCHAR)pMsg, MsgLen, digest, SHA1_DIGEST_SIZE);
+            NdisMoveMemory(mic, digest, LEN_KEY_DESC_MIC);
+        }
+
+        if (!NdisEqualMemory(rcvd_mic, mic, LEN_KEY_DESC_MIC))
+        {
+                       // send wireless event - for MIC different
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_MIC_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+                       if (MsgType < EAPOL_GROUP_MSG_1)
+                       {
+               DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in pairwise msg %d of 4-way handshake!\n", MsgType));
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in group msg %d of 2-way handshake!\n", (MsgType - EAPOL_PAIR_MSG_4)));
+                       }
+
+                       hex_dump("Received MIC", rcvd_mic, LEN_KEY_DESC_MIC);
+                       hex_dump("Desired  MIC", mic, LEN_KEY_DESC_MIC);
+
+                       return FALSE;
+        }
+       }
+
+       // 1. Decrypt the Key Data field if GTK is included.
+       // 2. Extract the context of the Key Data field if it exist.
+       // The field in pairwise_msg_2_WPA1(WPA2) & pairwise_msg_3_WPA1 is clear.
+       // The field in group_msg_1_WPA1(WPA2) & pairwise_msg_3_WPA2 is encrypted.
+       if (CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen) > 0)
+       {
+               // Decrypt this field
+               if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2) || (MsgType == EAPOL_GROUP_MSG_1))
+               {
+                       if(
+                               (EapolKeyInfo.KeyDescVer == DESC_TYPE_AES))
+                       {
+                               // AES
+                               AES_GTK_KEY_UNWRAP(&pEntry->PTK[16], KEYDATA,
+                                                                       CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen),
+                                                                       pMsg->KeyDesc.KeyData);
+                       }
+                       else
+                       {
+                               INT     i;
+                               UCHAR   Key[32];
+                               // Decrypt TKIP GTK
+                               // Construct 32 bytes RC4 Key
+                               NdisMoveMemory(Key, pMsg->KeyDesc.KeyIv, 16);
+                               NdisMoveMemory(&Key[16], &pEntry->PTK[16], 16);
+                               ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, Key, 32);
+                               //discard first 256 bytes
+                               for(i = 0; i < 256; i++)
+                                       ARCFOUR_BYTE(&pAd->PrivateInfo.WEPCONTEXT);
+                               // Decrypt GTK. Becareful, there is no ICV to check the result is correct or not
+                               ARCFOUR_DECRYPT(&pAd->PrivateInfo.WEPCONTEXT, KEYDATA,
+                                                               pMsg->KeyDesc.KeyData,
+                                                               CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen));
+                       }
+
+                       if (!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))
+                               GroupKeyIndex = EapolKeyInfo.KeyIndex;
+
+               }
+               else if ((MsgType == EAPOL_PAIR_MSG_2) || (MsgType == EAPOL_PAIR_MSG_3 && !bWPA2))
+               {
+                       NdisMoveMemory(KEYDATA, pMsg->KeyDesc.KeyData, CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen));
+               }
+               else
+               {
+
+                       return TRUE;
+               }
+
+               // Parse Key Data field to
+               // 1. verify RSN IE for pairwise_msg_2_WPA1(WPA2) ,pairwise_msg_3_WPA1(WPA2)
+               // 2. verify KDE format for pairwise_msg_3_WPA2, group_msg_1_WPA2
+               // 3. update shared key for pairwise_msg_3_WPA2, group_msg_1_WPA1(WPA2)
+               if (!RTMPParseEapolKeyData(pAd, KEYDATA,
+                                                                 CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyDataLen),
+                                                                 GroupKeyIndex, MsgType, bWPA2, pEntry))
+               {
+                       return FALSE;
+               }
+       }
+
+       return TRUE;
+
+}
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+BOOLEAN MlmeDlsReqSanity(
+       IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PRT_802_11_DLS *pDLS,
+    OUT PUSHORT pReason)
+{
+       MLME_DLS_REQ_STRUCT *pInfo;
+
+    pInfo = (MLME_DLS_REQ_STRUCT *)Msg;
+
+       *pDLS = pInfo->pDLS;
+       *pReason = pInfo->Reason;
+
+       return TRUE;
+}
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef QOS_DLS_SUPPORT
+BOOLEAN PeerDlsReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pDlsTimeout,
+    OUT UCHAR *pRatesLen,
+    OUT UCHAR Rates[],
+       OUT UCHAR *pHtCapabilityLen,
+    OUT HT_CAPABILITY_IE *pHtCapability)
+{
+       CHAR            *Ptr;
+    PFRAME_802_11      Fr = (PFRAME_802_11)Msg;
+       PEID_STRUCT  eid_ptr;
+
+    // to prevent caller from using garbage output value
+    *pCapabilityInfo   = 0;
+    *pDlsTimeout       = 0;
+       *pHtCapabilityLen = 0;
+
+    Ptr = (PCHAR)Fr->Octet;
+
+       // offset to destination MAC address (Category and Action field)
+    Ptr += 2;
+
+    // get DA from payload and advance the pointer
+    NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+    // get SA from payload and advance the pointer
+    NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+    // get capability info from payload and advance the pointer
+    NdisMoveMemory(pCapabilityInfo, Ptr, 2);
+    Ptr += 2;
+
+    // get capability info from payload and advance the pointer
+    NdisMoveMemory(pDlsTimeout, Ptr, 2);
+    Ptr += 2;
+
+       // Category and Action field + DA + SA + capability + Timeout
+       eid_ptr = (PEID_STRUCT) &Fr->Octet[18];
+
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((UCHAR*)Fr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_SUPP_RATES:
+                if ((eid_ptr->Len <= MAX_LEN_OF_SUPPORTED_RATES) && (eid_ptr->Len > 0))
+                {
+                    NdisMoveMemory(Rates, eid_ptr->Octet, eid_ptr->Len);
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - IE_SUPP_RATES., Len=%d. Rates[0]=%x\n",eid_ptr->Len, Rates[0]));
+                    DBGPRINT(RT_DEBUG_TRACE, ("Rates[1]=%x %x %x %x %x %x %x\n", Rates[1], Rates[2], Rates[3], Rates[4], Rates[5], Rates[6], Rates[7]));
+                    *pRatesLen = eid_ptr->Len;
+                }
+                else
+                {
+                    *pRatesLen = 8;
+                                       Rates[0] = 0x82;
+                                       Rates[1] = 0x84;
+                                       Rates[2] = 0x8b;
+                                       Rates[3] = 0x96;
+                                       Rates[4] = 0x12;
+                                       Rates[5] = 0x24;
+                                       Rates[6] = 0x48;
+                                       Rates[7] = 0x6c;
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - wrong IE_SUPP_RATES., Len=%d\n",eid_ptr->Len));
+                }
+                               break;
+
+                       case IE_EXT_SUPP_RATES:
+                if (eid_ptr->Len + *pRatesLen <= MAX_LEN_OF_SUPPORTED_RATES)
+                {
+                    NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, eid_ptr->Len);
+                    *pRatesLen = (*pRatesLen) + eid_ptr->Len;
+                }
+                else
+                {
+                    NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, MAX_LEN_OF_SUPPORTED_RATES - (*pRatesLen));
+                    *pRatesLen = MAX_LEN_OF_SUPPORTED_RATES;
+                }
+                               break;
+
+                       case IE_HT_CAP:
+                               if (eid_ptr->Len >= sizeof(HT_CAPABILITY_IE))
+                               {
+                                       NdisMoveMemory(pHtCapability, eid_ptr->Octet, sizeof(HT_CAPABILITY_IE));
+
+                                       *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
+#ifdef UNALIGNMENT_SUPPORT
+                                       {
+                                               EXT_HT_CAP_INFO extHtCapInfo;
+
+                                               NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                               *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
+                                               NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                       }
+#else
+                                       *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
+#endif // UNALIGNMENT_SUPPORT //
+                                       *pHtCapabilityLen = sizeof(HT_CAPABILITY_IE);
+
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - IE_HT_CAP\n"));
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsReqSanity - wrong IE_HT_CAP.eid_ptr->Len = %d\n", eid_ptr->Len));
+                               }
+                               break;
+
+                       default:
+                               break;
+               }
+
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+    return TRUE;
+}
+
+BOOLEAN PeerDlsRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pStatus,
+    OUT UCHAR *pRatesLen,
+    OUT UCHAR Rates[],
+    OUT UCHAR *pHtCapabilityLen,
+    OUT HT_CAPABILITY_IE *pHtCapability)
+{
+    CHAR            *Ptr;
+    PFRAME_802_11      Fr = (PFRAME_802_11)Msg;
+       PEID_STRUCT  eid_ptr;
+
+    // to prevent caller from using garbage output value
+    *pStatus           = 0;
+    *pCapabilityInfo   = 0;
+       *pHtCapabilityLen = 0;
+
+    Ptr = (PCHAR)Fr->Octet;
+
+       // offset to destination MAC address (Category and Action field)
+    Ptr += 2;
+
+       // get status code from payload and advance the pointer
+    NdisMoveMemory(pStatus, Ptr, 2);
+    Ptr += 2;
+
+    // get DA from payload and advance the pointer
+    NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+    // get SA from payload and advance the pointer
+    NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+       if (pStatus == 0)
+       {
+           // get capability info from payload and advance the pointer
+           NdisMoveMemory(pCapabilityInfo, Ptr, 2);
+           Ptr += 2;
+       }
+
+       // Category and Action field + status code + DA + SA + capability
+       eid_ptr = (PEID_STRUCT) &Fr->Octet[18];
+
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((UCHAR*)Fr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_SUPP_RATES:
+                if ((eid_ptr->Len <= MAX_LEN_OF_SUPPORTED_RATES) && (eid_ptr->Len > 0))
+                {
+                    NdisMoveMemory(Rates, eid_ptr->Octet, eid_ptr->Len);
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - IE_SUPP_RATES., Len=%d. Rates[0]=%x\n",eid_ptr->Len, Rates[0]));
+                    DBGPRINT(RT_DEBUG_TRACE, ("Rates[1]=%x %x %x %x %x %x %x\n", Rates[1], Rates[2], Rates[3], Rates[4], Rates[5], Rates[6], Rates[7]));
+                    *pRatesLen = eid_ptr->Len;
+                }
+                else
+                {
+                    *pRatesLen = 8;
+                                       Rates[0] = 0x82;
+                                       Rates[1] = 0x84;
+                                       Rates[2] = 0x8b;
+                                       Rates[3] = 0x96;
+                                       Rates[4] = 0x12;
+                                       Rates[5] = 0x24;
+                                       Rates[6] = 0x48;
+                                       Rates[7] = 0x6c;
+                    DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - wrong IE_SUPP_RATES., Len=%d\n",eid_ptr->Len));
+                }
+                               break;
+
+                       case IE_EXT_SUPP_RATES:
+                if (eid_ptr->Len + *pRatesLen <= MAX_LEN_OF_SUPPORTED_RATES)
+                {
+                    NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, eid_ptr->Len);
+                    *pRatesLen = (*pRatesLen) + eid_ptr->Len;
+                }
+                else
+                {
+                    NdisMoveMemory(&Rates[*pRatesLen], eid_ptr->Octet, MAX_LEN_OF_SUPPORTED_RATES - (*pRatesLen));
+                    *pRatesLen = MAX_LEN_OF_SUPPORTED_RATES;
+                }
+                               break;
+
+                       case IE_HT_CAP:
+                               if (eid_ptr->Len >= sizeof(HT_CAPABILITY_IE))
+                               {
+                                       NdisMoveMemory(pHtCapability, eid_ptr->Octet, sizeof(HT_CAPABILITY_IE));
+
+                                       *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
+#ifdef UNALIGNMENT_SUPPORT
+                                       {
+                                               EXT_HT_CAP_INFO extHtCapInfo;
+
+                                               NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&pHtCapability->ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                               *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
+                                               NdisMoveMemory((PUCHAR)(&pHtCapability->ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                       }
+#else
+                                       *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
+#endif // UNALIGNMENT_SUPPORT //
+                                       *pHtCapabilityLen = sizeof(HT_CAPABILITY_IE);
+
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - IE_HT_CAP\n"));
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerDlsRspSanity - wrong IE_HT_CAP.eid_ptr->Len = %d\n", eid_ptr->Len));
+                               }
+                               break;
+
+                       default:
+                               break;
+               }
+
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+    return TRUE;
+}
+
+BOOLEAN PeerDlsTearDownSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pReason)
+{
+    CHAR            *Ptr;
+    PFRAME_802_11      Fr = (PFRAME_802_11)Msg;
+
+    // to prevent caller from using garbage output value
+    *pReason   = 0;
+
+    Ptr = (PCHAR)Fr->Octet;
+
+       // offset to destination MAC address (Category and Action field)
+    Ptr += 2;
+
+    // get DA from payload and advance the pointer
+    NdisMoveMemory(pDA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+    // get SA from payload and advance the pointer
+    NdisMoveMemory(pSA, Ptr, MAC_ADDR_LEN);
+    Ptr += MAC_ADDR_LEN;
+
+       // get reason code from payload and advance the pointer
+    NdisMoveMemory(pReason, Ptr, 2);
+    Ptr += 2;
+
+    return TRUE;
+}
+#endif // QOS_DLS_SUPPORT //
diff --git a/drivers/staging/rt3090/common/cmm_sync.c b/drivers/staging/rt3090/common/cmm_sync.c
new file mode 100644 (file)
index 0000000..6d7b974
--- /dev/null
@@ -0,0 +1,734 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       cmm_sync.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John Chang      2004-09-01      modified for rt2561/2661
+*/
+
+#include "../rt_config.h"
+
+
+// 2.4 Ghz channel plan index in the TxPower arrays.
+#define        BG_BAND_REGION_0_START  0                       // 1,2,3,4,5,6,7,8,9,10,11
+#define        BG_BAND_REGION_0_SIZE   11
+#define        BG_BAND_REGION_1_START  0                       // 1,2,3,4,5,6,7,8,9,10,11,12,13
+#define        BG_BAND_REGION_1_SIZE   13
+#define        BG_BAND_REGION_2_START  9                       // 10,11
+#define        BG_BAND_REGION_2_SIZE   2
+#define        BG_BAND_REGION_3_START  9                       // 10,11,12,13
+#define        BG_BAND_REGION_3_SIZE   4
+#define        BG_BAND_REGION_4_START  13                      // 14
+#define        BG_BAND_REGION_4_SIZE   1
+#define        BG_BAND_REGION_5_START  0                       // 1,2,3,4,5,6,7,8,9,10,11,12,13,14
+#define        BG_BAND_REGION_5_SIZE   14
+#define        BG_BAND_REGION_6_START  2                       // 3,4,5,6,7,8,9
+#define        BG_BAND_REGION_6_SIZE   7
+#define        BG_BAND_REGION_7_START  4                       // 5,6,7,8,9,10,11,12,13
+#define        BG_BAND_REGION_7_SIZE   9
+#define        BG_BAND_REGION_31_START 0                       // 1,2,3,4,5,6,7,8,9,10,11,12,13,14
+#define        BG_BAND_REGION_31_SIZE  14
+
+// 5 Ghz channel plan index in the TxPower arrays.
+UCHAR A_BAND_REGION_0_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165};
+UCHAR A_BAND_REGION_1_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140};
+UCHAR A_BAND_REGION_2_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64};
+UCHAR A_BAND_REGION_3_CHANNEL_LIST[]={52, 56, 60, 64, 149, 153, 157, 161};
+UCHAR A_BAND_REGION_4_CHANNEL_LIST[]={149, 153, 157, 161, 165};
+UCHAR A_BAND_REGION_5_CHANNEL_LIST[]={149, 153, 157, 161};
+UCHAR A_BAND_REGION_6_CHANNEL_LIST[]={36, 40, 44, 48};
+UCHAR A_BAND_REGION_7_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165, 169, 173};
+UCHAR A_BAND_REGION_8_CHANNEL_LIST[]={52, 56, 60, 64};
+UCHAR A_BAND_REGION_9_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165};
+UCHAR A_BAND_REGION_10_CHANNEL_LIST[]={36, 40, 44, 48, 149, 153, 157, 161, 165};
+UCHAR A_BAND_REGION_11_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 149, 153, 157, 161};
+UCHAR A_BAND_REGION_12_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140};
+UCHAR A_BAND_REGION_13_CHANNEL_LIST[]={52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161};
+UCHAR A_BAND_REGION_14_CHANNEL_LIST[]={36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149, 153, 157, 161, 165};
+UCHAR A_BAND_REGION_15_CHANNEL_LIST[]={149, 153, 157, 161, 165, 169, 173};
+
+
+//BaSizeArray follows the 802.11n definition as MaxRxFactor.  2^(13+factor) bytes. When factor =0, it's about Ba buffer size =8.
+UCHAR BaSizeArray[4] = {8,16,32,64};
+
+/*
+       ==========================================================================
+       Description:
+               Update StaCfg->ChannelList[] according to 1) Country Region 2) RF IC type,
+               and 3) PHY-mode user selected.
+               The outcome is used by driver when doing site survey.
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID BuildChannelList(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR i, j, index=0, num=0;
+       PUCHAR  pChannelList = NULL;
+
+       NdisZeroMemory(pAd->ChannelList, MAX_NUM_OF_CHANNELS * sizeof(CHANNEL_TX_POWER));
+
+       // if not 11a-only mode, channel list starts from 2.4Ghz band
+       if ((pAd->CommonCfg.PhyMode != PHY_11A)
+#ifdef DOT11_N_SUPPORT
+               && (pAd->CommonCfg.PhyMode != PHY_11AN_MIXED) && (pAd->CommonCfg.PhyMode != PHY_11N_5G)
+#endif // DOT11_N_SUPPORT //
+       )
+       {
+               switch (pAd->CommonCfg.CountryRegion  & 0x7f)
+               {
+                       case REGION_0_BG_BAND:  // 1 -11
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_0_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_0_SIZE);
+                               index += BG_BAND_REGION_0_SIZE;
+                               break;
+                       case REGION_1_BG_BAND:  // 1 - 13
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_1_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_1_SIZE);
+                               index += BG_BAND_REGION_1_SIZE;
+                               break;
+                       case REGION_2_BG_BAND:  // 10 - 11
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_2_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_2_SIZE);
+                               index += BG_BAND_REGION_2_SIZE;
+                               break;
+                       case REGION_3_BG_BAND:  // 10 - 13
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_3_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_3_SIZE);
+                               index += BG_BAND_REGION_3_SIZE;
+                               break;
+                       case REGION_4_BG_BAND:  // 14
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_4_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_4_SIZE);
+                               index += BG_BAND_REGION_4_SIZE;
+                               break;
+                       case REGION_5_BG_BAND:  // 1 - 14
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_5_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_5_SIZE);
+                               index += BG_BAND_REGION_5_SIZE;
+                               break;
+                       case REGION_6_BG_BAND:  // 3 - 9
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_6_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_6_SIZE);
+                               index += BG_BAND_REGION_6_SIZE;
+                               break;
+                       case REGION_7_BG_BAND:  // 5 - 13
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_7_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_7_SIZE);
+                               index += BG_BAND_REGION_7_SIZE;
+                               break;
+                       case REGION_31_BG_BAND: // 1 - 14
+                               NdisMoveMemory(&pAd->ChannelList[index], &pAd->TxPower[BG_BAND_REGION_31_START], sizeof(CHANNEL_TX_POWER) * BG_BAND_REGION_31_SIZE);
+                               index += BG_BAND_REGION_31_SIZE;
+                               break;
+                       default:            // Error. should never happen
+                               break;
+               }
+               for (i=0; i<index; i++)
+                       pAd->ChannelList[i].MaxTxPwr = 20;
+       }
+
+       if ((pAd->CommonCfg.PhyMode == PHY_11A) || (pAd->CommonCfg.PhyMode == PHY_11ABG_MIXED)
+#ifdef DOT11_N_SUPPORT
+               || (pAd->CommonCfg.PhyMode == PHY_11ABGN_MIXED) || (pAd->CommonCfg.PhyMode == PHY_11AN_MIXED)
+               || (pAd->CommonCfg.PhyMode == PHY_11AGN_MIXED) || (pAd->CommonCfg.PhyMode == PHY_11N_5G)
+#endif // DOT11_N_SUPPORT //
+       )
+       {
+               switch (pAd->CommonCfg.CountryRegionForABand & 0x7f)
+               {
+                       case REGION_0_A_BAND:
+                               num = sizeof(A_BAND_REGION_0_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_0_CHANNEL_LIST;
+                               break;
+                       case REGION_1_A_BAND:
+                               num = sizeof(A_BAND_REGION_1_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_1_CHANNEL_LIST;
+                               break;
+                       case REGION_2_A_BAND:
+                               num = sizeof(A_BAND_REGION_2_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_2_CHANNEL_LIST;
+                               break;
+                       case REGION_3_A_BAND:
+                               num = sizeof(A_BAND_REGION_3_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_3_CHANNEL_LIST;
+                               break;
+                       case REGION_4_A_BAND:
+                               num = sizeof(A_BAND_REGION_4_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_4_CHANNEL_LIST;
+                               break;
+                       case REGION_5_A_BAND:
+                               num = sizeof(A_BAND_REGION_5_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_5_CHANNEL_LIST;
+                               break;
+                       case REGION_6_A_BAND:
+                               num = sizeof(A_BAND_REGION_6_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_6_CHANNEL_LIST;
+                               break;
+                       case REGION_7_A_BAND:
+                               num = sizeof(A_BAND_REGION_7_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_7_CHANNEL_LIST;
+                               break;
+                       case REGION_8_A_BAND:
+                               num = sizeof(A_BAND_REGION_8_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_8_CHANNEL_LIST;
+                               break;
+                       case REGION_9_A_BAND:
+                               num = sizeof(A_BAND_REGION_9_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_9_CHANNEL_LIST;
+                               break;
+                       case REGION_10_A_BAND:
+                               num = sizeof(A_BAND_REGION_10_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_10_CHANNEL_LIST;
+                               break;
+                       case REGION_11_A_BAND:
+                               num = sizeof(A_BAND_REGION_11_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_11_CHANNEL_LIST;
+                               break;
+                       case REGION_12_A_BAND:
+                               num = sizeof(A_BAND_REGION_12_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_12_CHANNEL_LIST;
+                               break;
+                       case REGION_13_A_BAND:
+                               num = sizeof(A_BAND_REGION_13_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_13_CHANNEL_LIST;
+                               break;
+                       case REGION_14_A_BAND:
+                               num = sizeof(A_BAND_REGION_14_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_14_CHANNEL_LIST;
+                               break;
+                       case REGION_15_A_BAND:
+                               num = sizeof(A_BAND_REGION_15_CHANNEL_LIST)/sizeof(UCHAR);
+                               pChannelList = A_BAND_REGION_15_CHANNEL_LIST;
+                               break;
+                       default:            // Error. should never happen
+                               DBGPRINT(RT_DEBUG_WARN,("countryregion=%d not support", pAd->CommonCfg.CountryRegionForABand));
+                               break;
+               }
+
+               if (num != 0)
+               {
+                       UCHAR RadarCh[15]={52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140};
+                       for (i=0; i<num; i++)
+                       {
+                               for (j=0; j<MAX_NUM_OF_CHANNELS; j++)
+                               {
+                                       if (pChannelList[i] == pAd->TxPower[j].Channel)
+                                               NdisMoveMemory(&pAd->ChannelList[index+i], &pAd->TxPower[j], sizeof(CHANNEL_TX_POWER));
+                                       }
+                               for (j=0; j<15; j++)
+                               {
+                                       if (pChannelList[i] == RadarCh[j])
+                                               pAd->ChannelList[index+i].DfsReq = TRUE;
+                               }
+                               pAd->ChannelList[index+i].MaxTxPwr = 20;
+                       }
+                       index += num;
+               }
+       }
+
+       pAd->ChannelListNum = index;
+       DBGPRINT(RT_DEBUG_TRACE,("country code=%d/%d, RFIC=%d, PHY mode=%d, support %d channels\n",
+               pAd->CommonCfg.CountryRegion, pAd->CommonCfg.CountryRegionForABand, pAd->RfIcType, pAd->CommonCfg.PhyMode, pAd->ChannelListNum));
+#ifdef DBG
+       for (i=0;i<pAd->ChannelListNum;i++)
+       {
+               DBGPRINT_RAW(RT_DEBUG_TRACE,("BuildChannel # %d :: Pwr0 = %d, Pwr1 =%d, \n ", pAd->ChannelList[i].Channel, pAd->ChannelList[i].Power, pAd->ChannelList[i].Power2));
+       }
+#endif
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine return the first channel number according to the country
+               code selection and RF IC selection (signal band or dual band). It is called
+               whenever driver need to start a site survey of all supported channels.
+       Return:
+               ch - the first channel number of current country code setting
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+ */
+UCHAR FirstChannel(
+       IN PRTMP_ADAPTER pAd)
+{
+       return pAd->ChannelList[0].Channel;
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine returns the next channel number. This routine is called
+               during driver need to start a site survey of all supported channels.
+       Return:
+               next_channel - the next channel number valid in current country code setting.
+       Note:
+               return 0 if no more next channel
+       ==========================================================================
+ */
+UCHAR NextChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR channel)
+{
+       int i;
+       UCHAR next_channel = 0;
+
+       for (i = 0; i < (pAd->ChannelListNum - 1); i++)
+               if (channel == pAd->ChannelList[i].Channel)
+               {
+                       next_channel = pAd->ChannelList[i+1].Channel;
+                       break;
+       }
+       return next_channel;
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine is for Cisco Compatible Extensions 2.X
+               Spec31. AP Control of Client Transmit Power
+       Return:
+               None
+       Note:
+          Required by Aironet dBm(mW)
+                  0dBm(1mW),   1dBm(5mW), 13dBm(20mW), 15dBm(30mW),
+                 17dBm(50mw), 20dBm(100mW)
+
+          We supported
+                  3dBm(Lowest), 6dBm(10%), 9dBm(25%), 12dBm(50%),
+                 14dBm(75%),   15dBm(100%)
+
+               The client station's actual transmit power shall be within +/- 5dB of
+               the minimum value or next lower value.
+       ==========================================================================
+ */
+VOID ChangeToCellPowerLimit(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR         AironetCellPowerLimit)
+{
+       //valud 0xFF means that hasn't found power limit information
+       //from the AP's Beacon/Probe response.
+       if (AironetCellPowerLimit == 0xFF)
+               return;
+
+       if (AironetCellPowerLimit < 6) //Used Lowest Power Percentage.
+               pAd->CommonCfg.TxPowerPercentage = 6;
+       else if (AironetCellPowerLimit < 9)
+               pAd->CommonCfg.TxPowerPercentage = 10;
+       else if (AironetCellPowerLimit < 12)
+               pAd->CommonCfg.TxPowerPercentage = 25;
+       else if (AironetCellPowerLimit < 14)
+               pAd->CommonCfg.TxPowerPercentage = 50;
+       else if (AironetCellPowerLimit < 15)
+               pAd->CommonCfg.TxPowerPercentage = 75;
+       else
+               pAd->CommonCfg.TxPowerPercentage = 100; //else used maximum
+
+       if (pAd->CommonCfg.TxPowerPercentage > pAd->CommonCfg.TxPowerDefault)
+               pAd->CommonCfg.TxPowerPercentage = pAd->CommonCfg.TxPowerDefault;
+
+}
+
+CHAR   ConvertToRssi(
+       IN PRTMP_ADAPTER        pAd,
+       IN CHAR                         Rssi,
+       IN UCHAR                        RssiNumber)
+{
+       UCHAR   RssiOffset, LNAGain;
+
+       // Rssi equals to zero should be an invalid value
+       if (Rssi == 0)
+               return -99;
+
+       LNAGain = GET_LNA_GAIN(pAd);
+    if (pAd->LatchRfRegs.Channel > 14)
+    {
+        if (RssiNumber == 0)
+                       RssiOffset = pAd->ARssiOffset0;
+               else if (RssiNumber == 1)
+                       RssiOffset = pAd->ARssiOffset1;
+               else
+                       RssiOffset = pAd->ARssiOffset2;
+    }
+    else
+    {
+        if (RssiNumber == 0)
+                       RssiOffset = pAd->BGRssiOffset0;
+               else if (RssiNumber == 1)
+                       RssiOffset = pAd->BGRssiOffset1;
+               else
+                       RssiOffset = pAd->BGRssiOffset2;
+    }
+
+    return (-12 - RssiOffset - LNAGain - Rssi);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Scan next channel
+       ==========================================================================
+ */
+VOID ScanNextChannel(
+       IN PRTMP_ADAPTER pAd)
+{
+       HEADER_802_11   Hdr80211;
+       PUCHAR          pOutBuffer = NULL;
+       NDIS_STATUS     NStatus;
+       ULONG           FrameLen = 0;
+       UCHAR           SsidLen = 0, ScanType = pAd->MlmeAux.ScanType, BBPValue = 0;
+#ifdef CONFIG_STA_SUPPORT
+       USHORT          Status;
+       PHEADER_802_11  pHdr80211;
+#endif // CONFIG_STA_SUPPORT //
+       UINT                    ScanTimeIn5gChannel = SHORT_CHANNEL_TIME;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (MONITOR_ON(pAd))
+                       return;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RALINK_ATE
+       // Nothing to do in ATE mode.
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       if (pAd->MlmeAux.Channel == 0)
+       {
+               if ((pAd->CommonCfg.BBPCurrentBW == BW_40)
+#ifdef CONFIG_STA_SUPPORT
+                       && (INFRA_ON(pAd)
+                               || (pAd->OpMode == OPMODE_AP))
+#endif // CONFIG_STA_SUPPORT //
+                       )
+               {
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+                       BBPValue &= (~0x18);
+                       BBPValue |= 0x10;
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - End of SCAN, restore to 40MHz channel %d, Total BSS[%02d]\n",pAd->CommonCfg.CentralChannel, pAd->ScanTab.BssNr));
+               }
+               else
+               {
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - End of SCAN, restore to channel %d, Total BSS[%02d]\n",pAd->CommonCfg.Channel, pAd->ScanTab.BssNr));
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       //
+                       // To prevent data lost.
+                       // Send an NULL data with turned PSM bit on to current associated AP before SCAN progress.
+                       // Now, we need to send an NULL data with turned PSM bit off to AP, when scan progress done
+                       //
+                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED) && (INFRA_ON(pAd)))
+                       {
+                               NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);
+                               if (NStatus     == NDIS_STATUS_SUCCESS)
+                               {
+                                       pHdr80211 = (PHEADER_802_11) pOutBuffer;
+                                       MgtMacHeaderInit(pAd, pHdr80211, SUBTYPE_NULL_FUNC, 1, pAd->CommonCfg.Bssid, pAd->CommonCfg.Bssid);
+                                       pHdr80211->Duration = 0;
+                                       pHdr80211->FC.Type = BTYPE_DATA;
+                                       pHdr80211->FC.PwrMgmt = (pAd->StaCfg.Psm == PWR_SAVE);
+
+                                       // Send using priority queue
+                                       MiniportMMRequest(pAd, 0, pOutBuffer, sizeof(HEADER_802_11));
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqAction -- Send PSM Data frame\n"));
+                                       MlmeFreeMemory(pAd, pOutBuffer);
+                                       RTMPusecDelay(5000);
+                               }
+                       }
+
+                       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+                       Status = MLME_SUCCESS;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_SCAN_CONF, 2, &Status);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+
+               RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+       }
+       else
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+               // BBP and RF are not accessible in PS mode, we has to wake them up first
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+                       AsicForceWakeup(pAd, TRUE);
+
+                       // leave PSM during scanning. otherwise we may lost ProbeRsp & BEACON
+                       if (pAd->StaCfg.Psm == PWR_SAVE)
+                               RTMP_SET_PSM_BIT(pAd, PWR_ACTIVE);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               AsicSwitchChannel(pAd, pAd->MlmeAux.Channel, TRUE);
+               AsicLockChannel(pAd, pAd->MlmeAux.Channel);
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (pAd->MlmeAux.Channel > 14)
+                       {
+                               if ((pAd->CommonCfg.bIEEE80211H == 1) && RadarChannelCheck(pAd, pAd->MlmeAux.Channel))
+                               {
+                                       ScanType = SCAN_PASSIVE;
+                                       ScanTimeIn5gChannel = MIN_CHANNEL_TIME;
+                               }
+                       }
+
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+                       // carrier detection
+                       if (pAd->CommonCfg.CarrierDetect.Enable == TRUE)
+                       {
+                               ScanType = SCAN_PASSIVE;
+                               ScanTimeIn5gChannel = MIN_CHANNEL_TIME;
+                       }
+#endif // CARRIER_DETECTION_SUPPORT //
+               }
+
+#endif // CONFIG_STA_SUPPORT //
+
+               //Global country domain(ch1-11:active scan, ch12-14 passive scan)
+               if ((pAd->MlmeAux.Channel <= 14) && (pAd->MlmeAux.Channel >= 12) && ((pAd->CommonCfg.CountryRegion & 0x7f) == REGION_31_BG_BAND))
+               {
+                       ScanType = SCAN_PASSIVE;
+               }
+
+               // We need to shorten active scan time in order for WZC connect issue
+               // Chnage the channel scan time for CISCO stuff based on its IAPP announcement
+               if (ScanType == FAST_SCAN_ACTIVE)
+                       RTMPSetTimer(&pAd->MlmeAux.ScanTimer, FAST_ACTIVE_SCAN_TIME);
+               else // must be SCAN_PASSIVE or SCAN_ACTIVE
+               {
+                       if ((pAd->CommonCfg.PhyMode == PHY_11ABG_MIXED)
+#ifdef DOT11_N_SUPPORT
+                               || (pAd->CommonCfg.PhyMode == PHY_11ABGN_MIXED) || (pAd->CommonCfg.PhyMode == PHY_11AGN_MIXED)
+#endif // DOT11_N_SUPPORT //
+                       )
+                       {
+                               if (pAd->MlmeAux.Channel > 14)
+                                       RTMPSetTimer(&pAd->MlmeAux.ScanTimer, ScanTimeIn5gChannel);
+                               else
+                               RTMPSetTimer(&pAd->MlmeAux.ScanTimer, MIN_CHANNEL_TIME);
+                       }
+                       else
+                               RTMPSetTimer(&pAd->MlmeAux.ScanTimer, MAX_CHANNEL_TIME);
+               }
+
+               if ((ScanType == SCAN_ACTIVE)
+                       || (ScanType == FAST_SCAN_ACTIVE)
+                       )
+               {
+                       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+                       if (NStatus != NDIS_STATUS_SUCCESS)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("SYNC - ScanNextChannel() allocate memory fail\n"));
+#ifdef CONFIG_STA_SUPPORT
+                               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               {
+                                       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+                                       Status = MLME_FAIL_NO_RESOURCE;
+                                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_SCAN_CONF, 2, &Status);
+                               }
+#endif // CONFIG_STA_SUPPORT //
+
+                               return;
+                       }
+
+                       // There is no need to send broadcast probe request if active scan is in effect.
+                       if ((ScanType == SCAN_ACTIVE) || (ScanType == FAST_SCAN_ACTIVE)
+                               )
+                               SsidLen = pAd->MlmeAux.SsidLen;
+                       else
+                               SsidLen = 0;
+
+#ifdef CONFIG_STA_SUPPORT
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                               MgtMacHeaderInit(pAd, &Hdr80211, SUBTYPE_PROBE_REQ, 0, BROADCAST_ADDR, BROADCAST_ADDR);
+#endif // CONFIG_STA_SUPPORT //
+
+
+                       MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                                         sizeof(HEADER_802_11),    &Hdr80211,
+                                                         1,                        &SsidIe,
+                                                         1,                        &SsidLen,
+                                                         SsidLen,                              pAd->MlmeAux.Ssid,
+                                                         1,                        &SupRateIe,
+                                                         1,                        &pAd->CommonCfg.SupRateLen,
+                                                         pAd->CommonCfg.SupRateLen,  pAd->CommonCfg.SupRate,
+                                                         END_OF_ARGS);
+
+                       if (pAd->CommonCfg.ExtRateLen)
+                       {
+                               ULONG Tmp;
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &Tmp,
+                                                                 1,                                &ExtRateIe,
+                                                                 1,                                &pAd->CommonCfg.ExtRateLen,
+                                                                 pAd->CommonCfg.ExtRateLen,          pAd->CommonCfg.ExtRate,
+                                                                 END_OF_ARGS);
+                               FrameLen += Tmp;
+                       }
+
+#ifdef DOT11_N_SUPPORT
+                       if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+                       {
+                               ULONG   Tmp;
+                               UCHAR   HtLen;
+                               UCHAR   BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
+#ifdef RT_BIG_ENDIAN
+                               HT_CAPABILITY_IE HtCapabilityTmp;
+#endif
+                               if (pAd->bBroadComHT == TRUE)
+                               {
+                                       HtLen = pAd->MlmeAux.HtCapabilityLen + 4;
+#ifdef RT_BIG_ENDIAN
+                                       NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, SIZE_HT_CAP_IE);
+                                       *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+#ifdef UNALIGNMENT_SUPPORT
+                                       {
+                                               EXT_HT_CAP_INFO extHtCapInfo;
+
+                                               NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&HtCapabilityTmp.ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                               *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
+                                               NdisMoveMemory((PUCHAR)(&HtCapabilityTmp.ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                       }
+#else
+                                       *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = cpu2le16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+#endif // UNALIGNMENT_SUPPORT //
+
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,          &Tmp,
+                                                                       1,                                &WpaIe,
+                                                                       1,                                &HtLen,
+                                                                       4,                                &BROADCOM[0],
+                                                                       pAd->MlmeAux.HtCapabilityLen,     &HtCapabilityTmp,
+                                                                       END_OF_ARGS);
+#else
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,          &Tmp,
+                                                                       1,                                &WpaIe,
+                                                                       1,                                &HtLen,
+                                                                       4,                                &BROADCOM[0],
+                                                                       pAd->MlmeAux.HtCapabilityLen,     &pAd->MlmeAux.HtCapability,
+                                                                       END_OF_ARGS);
+#endif // RT_BIG_ENDIAN //
+                               }
+                               else
+                               {
+                                       HtLen = pAd->MlmeAux.HtCapabilityLen;
+#ifdef RT_BIG_ENDIAN
+                                       NdisMoveMemory(&HtCapabilityTmp, &pAd->CommonCfg.HtCapability, SIZE_HT_CAP_IE);
+                                       *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+#ifdef UNALIGNMENT_SUPPORT
+                                       {
+                                               EXT_HT_CAP_INFO extHtCapInfo;
+
+                                               NdisMoveMemory((PUCHAR)(&extHtCapInfo), (PUCHAR)(&HtCapabilityTmp.ExtHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                               *(USHORT *)(&extHtCapInfo) = cpu2le16(*(USHORT *)(&extHtCapInfo));
+                                               NdisMoveMemory((PUCHAR)(&HtCapabilityTmp.ExtHtCapInfo), (PUCHAR)(&extHtCapInfo), sizeof(EXT_HT_CAP_INFO));
+                                       }
+#else
+                                       *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = cpu2le16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+#endif // UNALIGNMENT_SUPPORT //
+
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,          &Tmp,
+                                                                       1,                                &HtCapIe,
+                                                                       1,                                &HtLen,
+                                                                       HtLen,                            &HtCapabilityTmp,
+                                                                       END_OF_ARGS);
+#else
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,          &Tmp,
+                                                                       1,                                &HtCapIe,
+                                                                       1,                                &HtLen,
+                                                                       HtLen,                            &pAd->CommonCfg.HtCapability,
+                                                                       END_OF_ARGS);
+#endif // RT_BIG_ENDIAN //
+                               }
+                               FrameLen += Tmp;
+
+#ifdef DOT11N_DRAFT3
+                               if (pAd->CommonCfg.BACapability.field.b2040CoexistScanSup == 1)
+                               {
+                                       ULONG           Tmp;
+                                       HtLen = 1;
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,            &Tmp,
+                                                                         1,                                    &ExtHtCapIe,
+                                                                         1,                                    &HtLen,
+                                                                         1,                            &pAd->CommonCfg.BSSCoexist2040.word,
+                                                                         END_OF_ARGS);
+
+                                       FrameLen += Tmp;
+                               }
+#endif // DOT11N_DRAFT3 //
+                       }
+#endif // DOT11_N_SUPPORT //
+
+
+                       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+                       MlmeFreeMemory(pAd, pOutBuffer);
+               }
+
+               // For SCAN_CISCO_PASSIVE, do nothing and silently wait for beacon or other probe reponse
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       pAd->Mlme.SyncMachine.CurrState = SCAN_LISTEN;
+#endif // CONFIG_STA_SUPPORT //
+
+       }
+}
+
+VOID MgtProbReqMacHeaderInit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN OUT PHEADER_802_11 pHdr80211,
+       IN UCHAR SubType,
+       IN UCHAR ToDs,
+       IN PUCHAR pDA,
+       IN PUCHAR pBssid)
+{
+       NdisZeroMemory(pHdr80211, sizeof(HEADER_802_11));
+
+       pHdr80211->FC.Type = BTYPE_MGMT;
+       pHdr80211->FC.SubType = SubType;
+       if (SubType == SUBTYPE_ACK)
+               pHdr80211->FC.Type = BTYPE_CNTL;
+       pHdr80211->FC.ToDs = ToDs;
+       COPY_MAC_ADDR(pHdr80211->Addr1, pDA);
+       COPY_MAC_ADDR(pHdr80211->Addr2, pAd->CurrentAddress);
+       COPY_MAC_ADDR(pHdr80211->Addr3, pBssid);
+}
diff --git a/drivers/staging/rt3090/common/cmm_tkip.c b/drivers/staging/rt3090/common/cmm_tkip.c
new file mode 100644 (file)
index 0000000..0b474f2
--- /dev/null
@@ -0,0 +1,966 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       cmm_tkip.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Paul Wu         02-25-02                Initial
+*/
+
+#include "../rt_config.h"
+
+
+// Rotation functions on 32 bit values
+#define ROL32( A, n ) \
+       ( ((A) << (n)) | ( ((A)>>(32-(n))) & ( (1UL << (n)) - 1 ) ) )
+#define ROR32( A, n ) ROL32( (A), 32-(n) )
+
+UINT Tkip_Sbox_Lower[256] =
+{
+       0xA5,0x84,0x99,0x8D,0x0D,0xBD,0xB1,0x54,
+       0x50,0x03,0xA9,0x7D,0x19,0x62,0xE6,0x9A,
+       0x45,0x9D,0x40,0x87,0x15,0xEB,0xC9,0x0B,
+       0xEC,0x67,0xFD,0xEA,0xBF,0xF7,0x96,0x5B,
+       0xC2,0x1C,0xAE,0x6A,0x5A,0x41,0x02,0x4F,
+       0x5C,0xF4,0x34,0x08,0x93,0x73,0x53,0x3F,
+       0x0C,0x52,0x65,0x5E,0x28,0xA1,0x0F,0xB5,
+       0x09,0x36,0x9B,0x3D,0x26,0x69,0xCD,0x9F,
+       0x1B,0x9E,0x74,0x2E,0x2D,0xB2,0xEE,0xFB,
+       0xF6,0x4D,0x61,0xCE,0x7B,0x3E,0x71,0x97,
+       0xF5,0x68,0x00,0x2C,0x60,0x1F,0xC8,0xED,
+       0xBE,0x46,0xD9,0x4B,0xDE,0xD4,0xE8,0x4A,
+       0x6B,0x2A,0xE5,0x16,0xC5,0xD7,0x55,0x94,
+       0xCF,0x10,0x06,0x81,0xF0,0x44,0xBA,0xE3,
+       0xF3,0xFE,0xC0,0x8A,0xAD,0xBC,0x48,0x04,
+       0xDF,0xC1,0x75,0x63,0x30,0x1A,0x0E,0x6D,
+       0x4C,0x14,0x35,0x2F,0xE1,0xA2,0xCC,0x39,
+       0x57,0xF2,0x82,0x47,0xAC,0xE7,0x2B,0x95,
+       0xA0,0x98,0xD1,0x7F,0x66,0x7E,0xAB,0x83,
+       0xCA,0x29,0xD3,0x3C,0x79,0xE2,0x1D,0x76,
+       0x3B,0x56,0x4E,0x1E,0xDB,0x0A,0x6C,0xE4,
+       0x5D,0x6E,0xEF,0xA6,0xA8,0xA4,0x37,0x8B,
+       0x32,0x43,0x59,0xB7,0x8C,0x64,0xD2,0xE0,
+       0xB4,0xFA,0x07,0x25,0xAF,0x8E,0xE9,0x18,
+       0xD5,0x88,0x6F,0x72,0x24,0xF1,0xC7,0x51,
+       0x23,0x7C,0x9C,0x21,0xDD,0xDC,0x86,0x85,
+       0x90,0x42,0xC4,0xAA,0xD8,0x05,0x01,0x12,
+       0xA3,0x5F,0xF9,0xD0,0x91,0x58,0x27,0xB9,
+       0x38,0x13,0xB3,0x33,0xBB,0x70,0x89,0xA7,
+       0xB6,0x22,0x92,0x20,0x49,0xFF,0x78,0x7A,
+       0x8F,0xF8,0x80,0x17,0xDA,0x31,0xC6,0xB8,
+       0xC3,0xB0,0x77,0x11,0xCB,0xFC,0xD6,0x3A
+};
+
+UINT Tkip_Sbox_Upper[256] =
+{
+       0xC6,0xF8,0xEE,0xF6,0xFF,0xD6,0xDE,0x91,
+       0x60,0x02,0xCE,0x56,0xE7,0xB5,0x4D,0xEC,
+       0x8F,0x1F,0x89,0xFA,0xEF,0xB2,0x8E,0xFB,
+       0x41,0xB3,0x5F,0x45,0x23,0x53,0xE4,0x9B,
+       0x75,0xE1,0x3D,0x4C,0x6C,0x7E,0xF5,0x83,
+       0x68,0x51,0xD1,0xF9,0xE2,0xAB,0x62,0x2A,
+       0x08,0x95,0x46,0x9D,0x30,0x37,0x0A,0x2F,
+       0x0E,0x24,0x1B,0xDF,0xCD,0x4E,0x7F,0xEA,
+       0x12,0x1D,0x58,0x34,0x36,0xDC,0xB4,0x5B,
+       0xA4,0x76,0xB7,0x7D,0x52,0xDD,0x5E,0x13,
+       0xA6,0xB9,0x00,0xC1,0x40,0xE3,0x79,0xB6,
+       0xD4,0x8D,0x67,0x72,0x94,0x98,0xB0,0x85,
+       0xBB,0xC5,0x4F,0xED,0x86,0x9A,0x66,0x11,
+       0x8A,0xE9,0x04,0xFE,0xA0,0x78,0x25,0x4B,
+       0xA2,0x5D,0x80,0x05,0x3F,0x21,0x70,0xF1,
+       0x63,0x77,0xAF,0x42,0x20,0xE5,0xFD,0xBF,
+       0x81,0x18,0x26,0xC3,0xBE,0x35,0x88,0x2E,
+       0x93,0x55,0xFC,0x7A,0xC8,0xBA,0x32,0xE6,
+       0xC0,0x19,0x9E,0xA3,0x44,0x54,0x3B,0x0B,
+       0x8C,0xC7,0x6B,0x28,0xA7,0xBC,0x16,0xAD,
+       0xDB,0x64,0x74,0x14,0x92,0x0C,0x48,0xB8,
+       0x9F,0xBD,0x43,0xC4,0x39,0x31,0xD3,0xF2,
+       0xD5,0x8B,0x6E,0xDA,0x01,0xB1,0x9C,0x49,
+       0xD8,0xAC,0xF3,0xCF,0xCA,0xF4,0x47,0x10,
+       0x6F,0xF0,0x4A,0x5C,0x38,0x57,0x73,0x97,
+       0xCB,0xA1,0xE8,0x3E,0x96,0x61,0x0D,0x0F,
+       0xE0,0x7C,0x71,0xCC,0x90,0x06,0xF7,0x1C,
+       0xC2,0x6A,0xAE,0x69,0x17,0x99,0x3A,0x27,
+       0xD9,0xEB,0x2B,0x22,0xD2,0xA9,0x07,0x33,
+       0x2D,0x3C,0x15,0xC9,0x87,0xAA,0x50,0xA5,
+       0x03,0x59,0x09,0x1A,0x65,0xD7,0x84,0xD0,
+       0x82,0x29,0x5A,0x1E,0x7B,0xA8,0x6D,0x2C
+};
+
+//
+// Expanded IV for TKIP function.
+//
+typedef        struct  PACKED _IV_CONTROL_
+{
+       union PACKED
+       {
+               struct PACKED
+               {
+                       UCHAR           rc0;
+                       UCHAR           rc1;
+                       UCHAR           rc2;
+
+                       union PACKED
+                       {
+                               struct PACKED
+                               {
+#ifdef RT_BIG_ENDIAN
+                                       UCHAR   KeyID:2;
+                                       UCHAR   ExtIV:1;
+                                       UCHAR   Rsvd:5;
+#else
+                                       UCHAR   Rsvd:5;
+                                       UCHAR   ExtIV:1;
+                                       UCHAR   KeyID:2;
+#endif
+                               }       field;
+                               UCHAR           Byte;
+                       }       CONTROL;
+               }       field;
+
+               ULONG   word;
+       }       IV16;
+
+       ULONG   IV32;
+}      TKIP_IV, *PTKIP_IV;
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Convert from UCHAR[] to ULONG in a portable way
+
+       Arguments:
+      pMICKey          pointer to MIC Key
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+ULONG  RTMPTkipGetUInt32(
+       IN      PUCHAR  pMICKey)
+{
+       ULONG   res = 0;
+       INT             i;
+
+       for (i = 0; i < 4; i++)
+       {
+               res |= (*pMICKey++) << (8 * i);
+       }
+
+       return res;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Convert from ULONG to UCHAR[] in a portable way
+
+       Arguments:
+      pDst                     pointer to destination for convert ULONG to UCHAR[]
+      val                      the value for convert
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPTkipPutUInt32(
+       IN OUT  PUCHAR          pDst,
+       IN              ULONG           val)
+{
+       INT i;
+
+       for(i = 0; i < 4; i++)
+       {
+               *pDst++ = (UCHAR) (val & 0xff);
+               val >>= 8;
+       }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Set the MIC Key.
+
+       Arguments:
+      pAd              Pointer to our adapter
+      pMICKey          pointer to MIC Key
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPTkipSetMICKey(
+       IN      PTKIP_KEY_INFO  pTkip,
+       IN      PUCHAR                  pMICKey)
+{
+       // Set the key
+       pTkip->K0 = RTMPTkipGetUInt32(pMICKey);
+       pTkip->K1 = RTMPTkipGetUInt32(pMICKey + 4);
+       // and reset the message
+       pTkip->L = pTkip->K0;
+       pTkip->R = pTkip->K1;
+       pTkip->nBytesInM = 0;
+       pTkip->M = 0;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculate the MIC Value.
+
+       Arguments:
+      pAd              Pointer to our adapter
+      uChar                    Append this uChar
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPTkipAppendByte(
+       IN      PTKIP_KEY_INFO  pTkip,
+       IN      UCHAR                   uChar)
+{
+       // Append the byte to our word-sized buffer
+       pTkip->M |= (uChar << (8* pTkip->nBytesInM));
+       pTkip->nBytesInM++;
+       // Process the word if it is full.
+       if( pTkip->nBytesInM >= 4 )
+       {
+               pTkip->L ^= pTkip->M;
+               pTkip->R ^= ROL32( pTkip->L, 17 );
+               pTkip->L += pTkip->R;
+               pTkip->R ^= ((pTkip->L & 0xff00ff00) >> 8) | ((pTkip->L & 0x00ff00ff) << 8);
+               pTkip->L += pTkip->R;
+               pTkip->R ^= ROL32( pTkip->L, 3 );
+               pTkip->L += pTkip->R;
+               pTkip->R ^= ROR32( pTkip->L, 2 );
+               pTkip->L += pTkip->R;
+               // Clear the buffer
+               pTkip->M = 0;
+               pTkip->nBytesInM = 0;
+       }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculate the MIC Value.
+
+       Arguments:
+      pAd              Pointer to our adapter
+      pSrc                     Pointer to source data for Calculate MIC Value
+      Len                      Indicate the length of the source data
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPTkipAppend(
+       IN      PTKIP_KEY_INFO  pTkip,
+       IN      PUCHAR                  pSrc,
+       IN      UINT                    nBytes)
+{
+       // This is simple
+       while(nBytes > 0)
+       {
+               RTMPTkipAppendByte(pTkip, *pSrc++);
+               nBytes--;
+       }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Get the MIC Value.
+
+       Arguments:
+      pAd              Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               the MIC Value is store in pAd->PrivateInfo.MIC
+       ========================================================================
+*/
+VOID   RTMPTkipGetMIC(
+       IN      PTKIP_KEY_INFO  pTkip)
+{
+       // Append the minimum padding
+       RTMPTkipAppendByte(pTkip, 0x5a );
+       RTMPTkipAppendByte(pTkip, 0 );
+       RTMPTkipAppendByte(pTkip, 0 );
+       RTMPTkipAppendByte(pTkip, 0 );
+       RTMPTkipAppendByte(pTkip, 0 );
+       // and then zeroes until the length is a multiple of 4
+       while( pTkip->nBytesInM != 0 )
+       {
+               RTMPTkipAppendByte(pTkip, 0 );
+       }
+       // The appendByte function has already computed the result.
+       RTMPTkipPutUInt32(pTkip->MIC, pTkip->L);
+       RTMPTkipPutUInt32(pTkip->MIC + 4, pTkip->R);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init Tkip function.
+
+       Arguments:
+      pAd              Pointer to our adapter
+               pTKey       Pointer to the Temporal Key (TK), TK shall be 128bits.
+               KeyId           TK Key ID
+               pTA                     Pointer to transmitter address
+               pMICKey         pointer to MIC Key
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPInitTkipEngine(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pKey,
+       IN      UCHAR                   KeyId,
+       IN      PUCHAR                  pTA,
+       IN      PUCHAR                  pMICKey,
+       IN      PUCHAR                  pTSC,
+       OUT     PULONG                  pIV16,
+       OUT     PULONG                  pIV32)
+{
+       TKIP_IV tkipIv;
+
+       // Prepare 8 bytes TKIP encapsulation for MPDU
+       NdisZeroMemory(&tkipIv, sizeof(TKIP_IV));
+       tkipIv.IV16.field.rc0 = *(pTSC + 1);
+       tkipIv.IV16.field.rc1 = (tkipIv.IV16.field.rc0 | 0x20) & 0x7f;
+       tkipIv.IV16.field.rc2 = *pTSC;
+       tkipIv.IV16.field.CONTROL.field.ExtIV = 1;  // 0: non-extended IV, 1: an extended IV
+       tkipIv.IV16.field.CONTROL.field.KeyID = KeyId;
+//     tkipIv.IV32 = *(PULONG)(pTSC + 2);
+       NdisMoveMemory(&tkipIv.IV32, (pTSC + 2), 4);   // Copy IV
+
+       *pIV16 = tkipIv.IV16.word;
+       *pIV32 = tkipIv.IV32;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init MIC Value calculation function which include set MIC key &
+               calculate first 16 bytes (DA + SA + priority +  0)
+
+       Arguments:
+      pAd              Pointer to our adapter
+               pTKey       Pointer to the Temporal Key (TK), TK shall be 128bits.
+               pDA                     Pointer to DA address
+               pSA                     Pointer to SA address
+               pMICKey         pointer to MIC Key
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPInitMICEngine(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pKey,
+       IN      PUCHAR                  pDA,
+       IN      PUCHAR                  pSA,
+       IN  UCHAR           UserPriority,
+       IN      PUCHAR                  pMICKey)
+{
+       ULONG Priority = UserPriority;
+
+       // Init MIC value calculation
+       RTMPTkipSetMICKey(&pAd->PrivateInfo.Tx, pMICKey);
+       // DA
+       RTMPTkipAppend(&pAd->PrivateInfo.Tx, pDA, MAC_ADDR_LEN);
+       // SA
+       RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSA, MAC_ADDR_LEN);
+       // Priority + 3 bytes of 0
+       RTMPTkipAppend(&pAd->PrivateInfo.Tx, (PUCHAR)&Priority, 4);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Compare MIC value of received MSDU
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pSrc        Pointer to the received Plain text data
+               pDA                     Pointer to DA address
+               pSA                     Pointer to SA address
+               pMICKey         pointer to MIC Key
+               Len         the length of the received plain text data exclude MIC value
+
+       Return Value:
+               TRUE        MIC value matched
+               FALSE       MIC value mismatched
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+BOOLEAN        RTMPTkipCompareMICValue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pSrc,
+       IN      PUCHAR                  pDA,
+       IN      PUCHAR                  pSA,
+       IN      PUCHAR                  pMICKey,
+       IN      UCHAR                   UserPriority,
+       IN      UINT                    Len)
+{
+       UCHAR   OldMic[8];
+       ULONG   Priority = UserPriority;
+
+       // Init MIC value calculation
+       RTMPTkipSetMICKey(&pAd->PrivateInfo.Rx, pMICKey);
+       // DA
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pDA, MAC_ADDR_LEN);
+       // SA
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSA, MAC_ADDR_LEN);
+       // Priority + 3 bytes of 0
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, (PUCHAR)&Priority, 4);
+
+       // Calculate MIC value from plain text data
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSrc, Len);
+
+       // Get MIC valude from received frame
+       NdisMoveMemory(OldMic, pSrc + Len, 8);
+
+       // Get MIC value from decrypted plain data
+       RTMPTkipGetMIC(&pAd->PrivateInfo.Rx);
+
+       // Move MIC value from MSDU, this steps should move to data path.
+       // Since the MIC value might cross MPDUs.
+       if(!NdisEqualMemory(pAd->PrivateInfo.Rx.MIC, OldMic, 8))
+       {
+               DBGPRINT_RAW(RT_DEBUG_ERROR, ("RTMPTkipCompareMICValue(): TKIP MIC Error !\n"));  //MIC error.
+
+
+               return (FALSE);
+       }
+       return (TRUE);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Compare MIC value of received MSDU
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pLLC            LLC header
+               pSrc        Pointer to the received Plain text data
+               pDA                     Pointer to DA address
+               pSA                     Pointer to SA address
+               pMICKey         pointer to MIC Key
+               Len         the length of the received plain text data exclude MIC value
+
+       Return Value:
+               TRUE        MIC value matched
+               FALSE       MIC value mismatched
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+BOOLEAN        RTMPTkipCompareMICValueWithLLC(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pLLC,
+       IN      PUCHAR                  pSrc,
+       IN      PUCHAR                  pDA,
+       IN      PUCHAR                  pSA,
+       IN      PUCHAR                  pMICKey,
+       IN      UINT                    Len)
+{
+       UCHAR   OldMic[8];
+       ULONG   Priority = 0;
+
+       // Init MIC value calculation
+       RTMPTkipSetMICKey(&pAd->PrivateInfo.Rx, pMICKey);
+       // DA
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pDA, MAC_ADDR_LEN);
+       // SA
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSA, MAC_ADDR_LEN);
+       // Priority + 3 bytes of 0
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, (PUCHAR)&Priority, 4);
+
+       // Start with LLC header
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pLLC, 8);
+
+       // Calculate MIC value from plain text data
+       RTMPTkipAppend(&pAd->PrivateInfo.Rx, pSrc, Len);
+
+       // Get MIC valude from received frame
+       NdisMoveMemory(OldMic, pSrc + Len, 8);
+
+       // Get MIC value from decrypted plain data
+       RTMPTkipGetMIC(&pAd->PrivateInfo.Rx);
+
+       // Move MIC value from MSDU, this steps should move to data path.
+       // Since the MIC value might cross MPDUs.
+       if(!NdisEqualMemory(pAd->PrivateInfo.Rx.MIC, OldMic, 8))
+       {
+               DBGPRINT_RAW(RT_DEBUG_ERROR, ("RTMPTkipCompareMICValueWithLLC(): TKIP MIC Error !\n"));  //MIC error.
+
+
+               return (FALSE);
+       }
+       return (TRUE);
+}
+/*
+       ========================================================================
+
+       Routine Description:
+               Copy frame from waiting queue into relative ring buffer and set
+       appropriate ASIC register to kick hardware transmit function
+
+       Arguments:
+               pAd             Pointer to our adapter
+               PNDIS_PACKET    Pointer to Ndis Packet for MIC calculation
+               pEncap                  Pointer to LLC encap data
+               LenEncap                Total encap length, might be 0 which indicates no encap
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPCalculateMICValue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR                  pEncap,
+       IN      PCIPHER_KEY             pKey,
+       IN      UCHAR                   apidx)
+{
+       PACKET_INFO             PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       UINT                    SrcBufLen;
+       PUCHAR                  pSrc;
+    UCHAR           UserPriority;
+       UCHAR                   vlan_offset = 0;
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+
+       UserPriority = RTMP_GET_PACKET_UP(pPacket);
+       pSrc = pSrcBufVA;
+
+       // determine if this is a vlan packet
+       if (((*(pSrc + 12) << 8) + *(pSrc + 13)) == 0x8100)
+               vlan_offset = 4;
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+       {
+               RTMPInitMICEngine(
+                       pAd,
+                       pKey->Key,
+                       pSrc,
+                       pSrc + 6,
+                       UserPriority,
+                       pKey->TxMic);
+       }
+
+
+       if (pEncap != NULL)
+       {
+               // LLC encapsulation
+               RTMPTkipAppend(&pAd->PrivateInfo.Tx, pEncap, 6);
+               // Protocol Type
+               RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSrc + 12 + vlan_offset, 2);
+       }
+       SrcBufLen -= (14 + vlan_offset);
+       pSrc += (14 + vlan_offset);
+       do
+       {
+               if (SrcBufLen > 0)
+               {
+                       RTMPTkipAppend(&pAd->PrivateInfo.Tx, pSrc, SrcBufLen);
+               }
+
+               break;  // No need handle next packet
+
+       }       while (TRUE);           // End of copying payload
+
+       // Compute the final MIC Value
+       RTMPTkipGetMIC(&pAd->PrivateInfo.Tx);
+}
+
+
+/************************************************************/
+/* tkip_sbox()                                                                                                                         */
+/* Returns a 16 bit value from a 64K entry table. The Table */
+/* is synthesized from two 256 entry byte wide tables.         */
+/************************************************************/
+
+UINT tkip_sbox(UINT index)
+{
+       UINT index_low;
+       UINT index_high;
+       UINT left, right;
+
+       index_low = (index % 256);
+       index_high = ((index >> 8) % 256);
+
+       left = Tkip_Sbox_Lower[index_low] + (Tkip_Sbox_Upper[index_low] * 256);
+       right = Tkip_Sbox_Upper[index_high] + (Tkip_Sbox_Lower[index_high] * 256);
+
+       return (left ^ right);
+}
+
+UINT rotr1(UINT a)
+{
+       unsigned int b;
+
+       if ((a & 0x01) == 0x01)
+       {
+               b = (a >> 1) | 0x8000;
+       }
+       else
+       {
+               b = (a >> 1) & 0x7fff;
+       }
+       b = b % 65536;
+       return b;
+}
+
+VOID RTMPTkipMixKey(
+       UCHAR *key,
+       UCHAR *ta,
+       ULONG pnl, /* Least significant 16 bits of PN */
+       ULONG pnh, /* Most significant 32 bits of PN */
+       UCHAR *rc4key,
+       UINT *p1k)
+{
+
+       UINT tsc0;
+       UINT tsc1;
+       UINT tsc2;
+
+       UINT ppk0;
+       UINT ppk1;
+       UINT ppk2;
+       UINT ppk3;
+       UINT ppk4;
+       UINT ppk5;
+
+       INT i;
+       INT j;
+
+       tsc0 = (unsigned int)((pnh >> 16) % 65536); /* msb */
+       tsc1 = (unsigned int)(pnh % 65536);
+       tsc2 = (unsigned int)(pnl % 65536); /* lsb */
+
+       /* Phase 1, step 1 */
+       p1k[0] = tsc1;
+       p1k[1] = tsc0;
+       p1k[2] = (UINT)(ta[0] + (ta[1]*256));
+       p1k[3] = (UINT)(ta[2] + (ta[3]*256));
+       p1k[4] = (UINT)(ta[4] + (ta[5]*256));
+
+       /* Phase 1, step 2 */
+       for (i=0; i<8; i++)
+       {
+               j = 2*(i & 1);
+               p1k[0] = (p1k[0] + tkip_sbox( (p1k[4] ^ ((256*key[1+j]) + key[j])) % 65536 )) % 65536;
+               p1k[1] = (p1k[1] + tkip_sbox( (p1k[0] ^ ((256*key[5+j]) + key[4+j])) % 65536 )) % 65536;
+               p1k[2] = (p1k[2] + tkip_sbox( (p1k[1] ^ ((256*key[9+j]) + key[8+j])) % 65536 )) % 65536;
+               p1k[3] = (p1k[3] + tkip_sbox( (p1k[2] ^ ((256*key[13+j]) + key[12+j])) % 65536 )) % 65536;
+               p1k[4] = (p1k[4] + tkip_sbox( (p1k[3] ^ (((256*key[1+j]) + key[j]))) % 65536 )) % 65536;
+               p1k[4] = (p1k[4] + i) % 65536;
+       }
+
+       /* Phase 2, Step 1 */
+       ppk0 = p1k[0];
+       ppk1 = p1k[1];
+       ppk2 = p1k[2];
+       ppk3 = p1k[3];
+       ppk4 = p1k[4];
+       ppk5 = (p1k[4] + tsc2) % 65536;
+
+       /* Phase2, Step 2 */
+       ppk0 = ppk0 + tkip_sbox( (ppk5 ^ ((256*key[1]) + key[0])) % 65536);
+       ppk1 = ppk1 + tkip_sbox( (ppk0 ^ ((256*key[3]) + key[2])) % 65536);
+       ppk2 = ppk2 + tkip_sbox( (ppk1 ^ ((256*key[5]) + key[4])) % 65536);
+       ppk3 = ppk3 + tkip_sbox( (ppk2 ^ ((256*key[7]) + key[6])) % 65536);
+       ppk4 = ppk4 + tkip_sbox( (ppk3 ^ ((256*key[9]) + key[8])) % 65536);
+       ppk5 = ppk5 + tkip_sbox( (ppk4 ^ ((256*key[11]) + key[10])) % 65536);
+
+       ppk0 = ppk0 + rotr1(ppk5 ^ ((256*key[13]) + key[12]));
+       ppk1 = ppk1 + rotr1(ppk0 ^ ((256*key[15]) + key[14]));
+       ppk2 = ppk2 + rotr1(ppk1);
+       ppk3 = ppk3 + rotr1(ppk2);
+       ppk4 = ppk4 + rotr1(ppk3);
+       ppk5 = ppk5 + rotr1(ppk4);
+
+       /* Phase 2, Step 3 */
+    /* Phase 2, Step 3 */
+
+       tsc0 = (unsigned int)((pnh >> 16) % 65536); /* msb */
+       tsc1 = (unsigned int)(pnh % 65536);
+       tsc2 = (unsigned int)(pnl % 65536); /* lsb */
+
+       rc4key[0] = (tsc2 >> 8) % 256;
+       rc4key[1] = (((tsc2 >> 8) % 256) | 0x20) & 0x7f;
+       rc4key[2] = tsc2 % 256;
+       rc4key[3] = ((ppk5 ^ ((256*key[1]) + key[0])) >> 1) % 256;
+
+       rc4key[4] = ppk0 % 256;
+       rc4key[5] = (ppk0 >> 8) % 256;
+
+       rc4key[6] = ppk1 % 256;
+       rc4key[7] = (ppk1 >> 8) % 256;
+
+       rc4key[8] = ppk2 % 256;
+       rc4key[9] = (ppk2 >> 8) % 256;
+
+       rc4key[10] = ppk3 % 256;
+       rc4key[11] = (ppk3 >> 8) % 256;
+
+       rc4key[12] = ppk4 % 256;
+       rc4key[13] = (ppk4 >> 8) % 256;
+
+       rc4key[14] = ppk5 % 256;
+       rc4key[15] = (ppk5 >> 8) % 256;
+}
+
+
+//
+// TRUE: Success!
+// FALSE: Decrypt Error!
+//
+BOOLEAN RTMPSoftDecryptTKIP(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pData,
+       IN ULONG        DataByteCnt,
+       IN UCHAR    UserPriority,
+       IN PCIPHER_KEY  pWpaKey)
+{
+       UCHAR                   KeyID;
+       UINT                    HeaderLen;
+    UCHAR                      fc0;
+       UCHAR                   fc1;
+       USHORT                  fc;
+       UINT                    frame_type;
+       UINT                    frame_subtype;
+    UINT                       from_ds;
+    UINT                       to_ds;
+       INT                             a4_exists;
+       INT                             qc_exists;
+       USHORT                  duration;
+       USHORT                  seq_control;
+       USHORT                  qos_control;
+       UCHAR                   TA[MAC_ADDR_LEN];
+       UCHAR                   DA[MAC_ADDR_LEN];
+       UCHAR                   SA[MAC_ADDR_LEN];
+       UCHAR                   RC4Key[16];
+       UINT                    p1k[5]; //for mix_key;
+       ULONG                   pnl;/* Least significant 16 bits of PN */
+       ULONG                   pnh;/* Most significant 32 bits of PN */
+       UINT                    num_blocks;
+       UINT                    payload_remainder;
+       ARCFOURCONTEXT  ArcFourContext;
+       UINT                    crc32 = 0;
+       UINT                    trailfcs = 0;
+       UCHAR                   MIC[8];
+       UCHAR                   TrailMIC[8];
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE);
+#endif
+
+       fc0 = *pData;
+       fc1 = *(pData + 1);
+
+       fc = *((PUSHORT)pData);
+
+       frame_type = ((fc0 >> 2) & 0x03);
+       frame_subtype = ((fc0 >> 4) & 0x0f);
+
+    from_ds = (fc1 & 0x2) >> 1;
+    to_ds = (fc1 & 0x1);
+
+    a4_exists = (from_ds & to_ds);
+    qc_exists = ((frame_subtype == 0x08) ||    /* Assumed QoS subtypes */
+                  (frame_subtype == 0x09) ||   /* Likely to change.    */
+                  (frame_subtype == 0x0a) ||
+                  (frame_subtype == 0x0b)
+                 );
+
+       HeaderLen = 24;
+       if (a4_exists)
+               HeaderLen += 6;
+
+       KeyID = *((PUCHAR)(pData+ HeaderLen + 3));
+       KeyID = KeyID >> 6;
+
+       if (pWpaKey[KeyID].KeyLen == 0)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMPSoftDecryptTKIP failed!(KeyID[%d] Length can not be 0)\n", KeyID));
+               return FALSE;
+       }
+
+       duration = *((PUSHORT)(pData+2));
+
+       seq_control = *((PUSHORT)(pData+22));
+
+       if (qc_exists)
+       {
+               if (a4_exists)
+               {
+                       qos_control = *((PUSHORT)(pData+30));
+               }
+               else
+               {
+                       qos_control = *((PUSHORT)(pData+24));
+               }
+       }
+
+       if (to_ds == 0 && from_ds == 1)
+       {
+               NdisMoveMemory(DA, pData+4, MAC_ADDR_LEN);
+               NdisMoveMemory(SA, pData+16, MAC_ADDR_LEN);
+               NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN);  //BSSID
+       }
+       else if (to_ds == 0 && from_ds == 0 )
+       {
+               NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN);
+               NdisMoveMemory(DA, pData+4, MAC_ADDR_LEN);
+               NdisMoveMemory(SA, pData+10, MAC_ADDR_LEN);
+       }
+       else if (to_ds == 1 && from_ds == 0)
+       {
+               NdisMoveMemory(SA, pData+10, MAC_ADDR_LEN);
+               NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN);
+               NdisMoveMemory(DA, pData+16, MAC_ADDR_LEN);
+       }
+       else if (to_ds == 1 && from_ds == 1)
+       {
+               NdisMoveMemory(TA, pData+10, MAC_ADDR_LEN);
+               NdisMoveMemory(DA, pData+16, MAC_ADDR_LEN);
+               NdisMoveMemory(SA, pData+22, MAC_ADDR_LEN);
+       }
+
+       num_blocks = (DataByteCnt - 16) / 16;
+       payload_remainder = (DataByteCnt - 16) % 16;
+
+       pnl = (*(pData + HeaderLen)) * 256 + *(pData + HeaderLen + 2);
+       pnh = *((PULONG)(pData + HeaderLen + 4));
+       pnh = cpu2le32(pnh);
+       RTMPTkipMixKey(pWpaKey[KeyID].Key, TA, pnl, pnh, RC4Key, p1k);
+
+       ARCFOUR_INIT(&ArcFourContext, RC4Key, 16);
+
+       ARCFOUR_DECRYPT(&ArcFourContext, pData + HeaderLen, pData + HeaderLen + 8, DataByteCnt - HeaderLen - 8);
+       NdisMoveMemory(&trailfcs, pData + DataByteCnt - 8 - 4, 4);
+       crc32 = RTMP_CALC_FCS32(PPPINITFCS32, pData + HeaderLen, DataByteCnt - HeaderLen - 8 - 4);  //Skip IV+EIV 8 bytes & Skip last 4 bytes(FCS).
+       crc32 ^= 0xffffffff;             /* complement */
+
+    if(crc32 != cpu2le32(trailfcs))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMPSoftDecryptTKIP, WEP Data ICV Error !\n"));       //ICV error.
+
+               return (FALSE);
+       }
+
+       NdisMoveMemory(TrailMIC, pData + DataByteCnt - 8 - 8 - 4, 8);
+       RTMPInitMICEngine(pAd, pWpaKey[KeyID].Key, DA, SA, UserPriority, pWpaKey[KeyID].RxMic);
+       RTMPTkipAppend(&pAd->PrivateInfo.Tx, pData + HeaderLen, DataByteCnt - HeaderLen - 8 - 12);
+       RTMPTkipGetMIC(&pAd->PrivateInfo.Tx);
+       NdisMoveMemory(MIC, pAd->PrivateInfo.Tx.MIC, 8);
+
+       if (!NdisEqualMemory(MIC, TrailMIC, 8))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("RTMPSoftDecryptTKIP, WEP Data MIC Error !\n"));       //MIC error.
+               //RTMPReportMicError(pAd, &pWpaKey[KeyID]);     // marked by AlbertY @ 20060630
+               return (FALSE);
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (PUCHAR)pData, DIR_READ, FALSE);
+#endif
+       //DBGPRINT(RT_DEBUG_TRACE, "RTMPSoftDecryptTKIP Decript done!!\n");
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/common/cmm_wep.c b/drivers/staging/rt3090/common/cmm_wep.c
new file mode 100644 (file)
index 0000000..d8ddfb2
--- /dev/null
@@ -0,0 +1,500 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_wep.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Paul Wu         10-28-02                Initial
+*/
+
+#include "../rt_config.h"
+
+
+UINT FCSTAB_32[256] =
+{
+       0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
+       0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
+       0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
+       0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
+       0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
+       0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
+       0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
+       0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
+       0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
+       0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
+       0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
+       0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
+       0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
+       0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
+       0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
+       0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
+       0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
+       0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
+       0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
+       0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
+       0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
+       0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
+       0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
+       0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
+       0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
+       0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
+       0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
+       0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
+       0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
+       0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
+       0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
+       0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
+       0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
+       0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
+       0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
+       0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
+       0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
+       0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
+       0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
+       0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
+       0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
+       0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
+       0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
+       0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
+       0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
+       0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
+       0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
+       0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
+       0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
+       0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
+       0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
+       0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
+       0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
+       0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
+       0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
+       0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
+       0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
+       0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
+       0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
+       0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
+       0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
+       0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
+       0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
+       0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d
+};
+
+/*
+UCHAR   WEPKEY[] = {
+               //IV
+               0x00, 0x11, 0x22,
+               //WEP KEY
+               0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC
+       };
+ */
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init WEP function.
+
+       Arguments:
+      pAd              Pointer to our adapter
+               pKey        Pointer to the WEP KEY
+               KeyId              WEP Key ID
+               KeyLen      the length of WEP KEY
+               pDest       Pointer to the destination which Encryption data will store in.
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPInitWepEngine(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pKey,
+       IN      UCHAR                   KeyId,
+       IN      UCHAR                   KeyLen,
+       IN OUT  PUCHAR          pDest)
+{
+       UINT i;
+       UCHAR   WEPKEY[] = {
+               //IV
+               0x00, 0x11, 0x22,
+               //WEP KEY
+               0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC
+       };
+
+       pAd->PrivateInfo.FCSCRC32 = PPPINITFCS32;   //Init crc32.
+
+    {
+               NdisMoveMemory(WEPKEY + 3, pKey, KeyLen);
+
+        for(i = 0; i < 3; i++)
+                       WEPKEY[i] = RandomByte(pAd);   //Call mlme RandomByte() function.
+               ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, WEPKEY, KeyLen + 3);  //INIT SBOX, KEYLEN+3(IV)
+
+               NdisMoveMemory(pDest, WEPKEY, 3);  //Append Init Vector
+    }
+       *(pDest+3) = (KeyId << 6);       //Append KEYID
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Encrypt transimitted data
+
+       Arguments:
+      pAd              Pointer to our adapter
+      pSrc        Pointer to the transimitted source data that will be encrypt
+      pDest       Pointer to the destination where entryption data will be store in.
+      Len                      Indicate the length of the source data
+
+       Return Value:
+      None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPEncryptData(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pSrc,
+       IN      PUCHAR                  pDest,
+       IN      UINT                    Len)
+{
+       pAd->PrivateInfo.FCSCRC32 = RTMP_CALC_FCS32(pAd->PrivateInfo.FCSCRC32, pSrc, Len);
+       ARCFOUR_ENCRYPT(&pAd->PrivateInfo.WEPCONTEXT, pDest, pSrc, Len);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Decrypt received WEP data
+
+       Arguments:
+               pAdapter                Pointer to our adapter
+               pSrc        Pointer to the received data
+               Len         the length of the received data
+
+       Return Value:
+               TRUE        Decrypt WEP data success
+               FALSE       Decrypt WEP data failed
+
+       Note:
+
+       ========================================================================
+*/
+BOOLEAN        RTMPSoftDecryptWEP(
+       IN PRTMP_ADAPTER        pAd,
+       IN PUCHAR                       pData,
+       IN ULONG                        DataByteCnt,
+       IN PCIPHER_KEY          pGroupKey)
+{
+       UINT    trailfcs;
+       UINT    crc32;
+       UCHAR   KeyIdx;
+       UCHAR   WEPKEY[] = {
+               //IV
+               0x00, 0x11, 0x22,
+               //WEP KEY
+               0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC
+       };
+       UCHAR   *pPayload = (UCHAR *)pData + LENGTH_802_11;
+       ULONG   payload_len = DataByteCnt - LENGTH_802_11;
+
+       NdisMoveMemory(WEPKEY, pPayload, 3);    //Get WEP IV
+
+       KeyIdx = (*(pPayload + 3) & 0xc0) >> 6;
+       if (pGroupKey[KeyIdx].KeyLen == 0)
+               return (FALSE);
+
+       NdisMoveMemory(WEPKEY + 3, pGroupKey[KeyIdx].Key, pGroupKey[KeyIdx].KeyLen);
+       ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, WEPKEY, pGroupKey[KeyIdx].KeyLen + 3);
+       ARCFOUR_DECRYPT(&pAd->PrivateInfo.WEPCONTEXT, pPayload, pPayload + 4, payload_len - 4);
+       NdisMoveMemory(&trailfcs, pPayload + payload_len - 8, 4);
+       crc32 = RTMP_CALC_FCS32(PPPINITFCS32, pPayload, payload_len - 8);  //Skip last 4 bytes(FCS).
+       crc32 ^= 0xffffffff;             /* complement */
+
+    if(crc32 != cpu2le32(trailfcs))
+    {
+               DBGPRINT(RT_DEBUG_TRACE, ("! WEP Data CRC Error !\n"));  //CRC error.
+               return (FALSE);
+       }
+       return (TRUE);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               The Stream Cipher Encryption Algorithm "ARCFOUR" initialize
+
+       Arguments:
+          Ctx         Pointer to ARCFOUR CONTEXT (SBOX)
+               pKey        Pointer to the WEP KEY
+               KeyLen      Indicate the length fo the WEP KEY
+
+       Return Value:
+          None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   ARCFOUR_INIT(
+       IN      PARCFOURCONTEXT Ctx,
+       IN      PUCHAR                  pKey,
+       IN      UINT                    KeyLen)
+{
+       UCHAR   t, u;
+       UINT    keyindex;
+       UINT    stateindex;
+       PUCHAR  state;
+       UINT    counter;
+
+       state = Ctx->STATE;
+       Ctx->X = 0;
+       Ctx->Y = 0;
+       for (counter = 0; counter < 256; counter++)
+               state[counter] = (UCHAR)counter;
+       keyindex = 0;
+       stateindex = 0;
+       for (counter = 0; counter < 256; counter++)
+       {
+               t = state[counter];
+               stateindex = (stateindex + pKey[keyindex] + t) & 0xff;
+               u = state[stateindex];
+               state[stateindex] = t;
+               state[counter] = u;
+               if (++keyindex >= KeyLen)
+                       keyindex = 0;
+       }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Get bytes from ARCFOUR CONTEXT (S-BOX)
+
+       Arguments:
+          Ctx         Pointer to ARCFOUR CONTEXT (SBOX)
+
+       Return Value:
+          UCHAR  - the value of the ARCFOUR CONTEXT (S-BOX)
+
+       Note:
+
+       ========================================================================
+*/
+UCHAR  ARCFOUR_BYTE(
+       IN      PARCFOURCONTEXT         Ctx)
+{
+  UINT x;
+  UINT y;
+  UCHAR sx, sy;
+  PUCHAR state;
+
+  state = Ctx->STATE;
+  x = (Ctx->X + 1) & 0xff;
+  sx = state[x];
+  y = (sx + Ctx->Y) & 0xff;
+  sy = state[y];
+  Ctx->X = x;
+  Ctx->Y = y;
+  state[y] = sx;
+  state[x] = sy;
+
+  return(state[(sx + sy) & 0xff]);
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               The Stream Cipher Decryption Algorithm
+
+       Arguments:
+               Ctx         Pointer to ARCFOUR CONTEXT (SBOX)
+               pDest                   Pointer to the Destination
+               pSrc        Pointer to the Source data
+               Len         Indicate the length of the Source data
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   ARCFOUR_DECRYPT(
+       IN      PARCFOURCONTEXT Ctx,
+       IN      PUCHAR                  pDest,
+       IN      PUCHAR                  pSrc,
+       IN      UINT                    Len)
+{
+       UINT i;
+
+       for (i = 0; i < Len; i++)
+               pDest[i] = pSrc[i] ^ ARCFOUR_BYTE(Ctx);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               The Stream Cipher Encryption Algorithm
+
+       Arguments:
+               Ctx         Pointer to ARCFOUR CONTEXT (SBOX)
+               pDest                   Pointer to the Destination
+               pSrc        Pointer to the Source data
+               Len         Indicate the length of the Source dta
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   ARCFOUR_ENCRYPT(
+       IN      PARCFOURCONTEXT Ctx,
+       IN      PUCHAR                  pDest,
+       IN      PUCHAR                  pSrc,
+       IN      UINT                    Len)
+{
+       UINT i;
+
+       for (i = 0; i < Len; i++)
+               pDest[i] = pSrc[i] ^ ARCFOUR_BYTE(Ctx);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               The Stream Cipher Encryption Algorithm which conform to the special requirement to encrypt  GTK.
+
+       Arguments:
+               Ctx         Pointer to ARCFOUR CONTEXT (SBOX)
+               pDest                   Pointer to the Destination
+               pSrc        Pointer to the Source data
+               Len         Indicate the length of the Source dta
+
+
+       ========================================================================
+*/
+
+VOID   WPAARCFOUR_ENCRYPT(
+       IN      PARCFOURCONTEXT Ctx,
+       IN      PUCHAR                  pDest,
+       IN      PUCHAR                  pSrc,
+       IN      UINT                    Len)
+{
+       UINT i;
+        //discard first 256 bytes
+       for (i = 0; i < 256; i++)
+            ARCFOUR_BYTE(Ctx);
+
+       for (i = 0; i < Len; i++)
+               pDest[i] = pSrc[i] ^ ARCFOUR_BYTE(Ctx);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calculate a new FCS given the current FCS and the new data.
+
+       Arguments:
+               Fcs           the original FCS value
+               Cp          pointer to the data which will be calculate the FCS
+               Len         the length of the data
+
+       Return Value:
+               UINT - FCS 32 bits
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+UINT   RTMP_CALC_FCS32(
+       IN      UINT    Fcs,
+       IN      PUCHAR  Cp,
+       IN      INT             Len)
+{
+       while (Len--)
+          Fcs = (((Fcs) >> 8) ^ FCSTAB_32[((Fcs) ^ (*Cp++)) & 0xff]);
+
+       return (Fcs);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Get last FCS and encrypt it to the destination
+
+       Arguments:
+               pDest                   Pointer to the Destination
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPSetICV(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR  pDest)
+{
+       pAd->PrivateInfo.FCSCRC32 ^= 0xffffffff;             /* complement */
+       pAd->PrivateInfo.FCSCRC32 = cpu2le32(pAd->PrivateInfo.FCSCRC32);
+
+       ARCFOUR_ENCRYPT(&pAd->PrivateInfo.WEPCONTEXT, pDest, (PUCHAR) &pAd->PrivateInfo.FCSCRC32, 4);
+}
diff --git a/drivers/staging/rt3090/common/cmm_wpa.c b/drivers/staging/rt3090/common/cmm_wpa.c
new file mode 100644 (file)
index 0000000..35f4701
--- /dev/null
@@ -0,0 +1,3149 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       wpa.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Jan     Lee             03-07-22                Initial
+       Paul Lin        03-11-28                Modify for supplicant
+*/
+
+#include "../rt_config.h"
+
+
+// WPA OUI
+UCHAR          OUI_WPA_NONE_AKM[4]             = {0x00, 0x50, 0xF2, 0x00};
+UCHAR       OUI_WPA_VERSION[4]      = {0x00, 0x50, 0xF2, 0x01};
+UCHAR       OUI_WPA_WEP40[4]      = {0x00, 0x50, 0xF2, 0x01};
+UCHAR       OUI_WPA_TKIP[4]     = {0x00, 0x50, 0xF2, 0x02};
+UCHAR       OUI_WPA_CCMP[4]     = {0x00, 0x50, 0xF2, 0x04};
+UCHAR       OUI_WPA_WEP104[4]      = {0x00, 0x50, 0xF2, 0x05};
+UCHAR       OUI_WPA_8021X_AKM[4]       = {0x00, 0x50, 0xF2, 0x01};
+UCHAR       OUI_WPA_PSK_AKM[4]      = {0x00, 0x50, 0xF2, 0x02};
+// WPA2 OUI
+UCHAR       OUI_WPA2_WEP40[4]   = {0x00, 0x0F, 0xAC, 0x01};
+UCHAR       OUI_WPA2_TKIP[4]        = {0x00, 0x0F, 0xAC, 0x02};
+UCHAR       OUI_WPA2_CCMP[4]        = {0x00, 0x0F, 0xAC, 0x04};
+UCHAR       OUI_WPA2_8021X_AKM[4]   = {0x00, 0x0F, 0xAC, 0x01};
+UCHAR       OUI_WPA2_PSK_AKM[4]                = {0x00, 0x0F, 0xAC, 0x02};
+UCHAR       OUI_WPA2_WEP104[4]   = {0x00, 0x0F, 0xAC, 0x05};
+
+
+
+static VOID    ConstructEapolKeyData(
+       IN      PMAC_TABLE_ENTRY        pEntry,
+       IN      UCHAR                   GroupKeyWepStatus,
+       IN      UCHAR                   keyDescVer,
+       IN      UCHAR                   MsgType,
+       IN      UCHAR                   DefaultKeyIdx,
+       IN      UCHAR                   *GTK,
+       IN      UCHAR                   *RSNIE,
+       IN      UCHAR                   RSNIE_LEN,
+       OUT PEAPOL_PACKET   pMsg);
+
+static VOID    CalculateMIC(
+       IN      UCHAR                   KeyDescVer,
+       IN      UCHAR                   *PTK,
+       OUT PEAPOL_PACKET   pMsg);
+
+static VOID WpaEAPPacketAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+static VOID WpaEAPOLASFAlertAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+static VOID WpaEAPOLLogoffAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+static VOID WpaEAPOLStartAction(
+    IN PRTMP_ADAPTER    pAd,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+static VOID WpaEAPOLKeyAction(
+    IN PRTMP_ADAPTER    pAd,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+/*
+    ==========================================================================
+    Description:
+        association state machine init, including state transition and timer init
+    Parameters:
+        S - pointer to the association state machine
+    ==========================================================================
+ */
+VOID WpaStateMachineInit(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  STATE_MACHINE *S,
+    OUT STATE_MACHINE_FUNC Trans[])
+{
+    StateMachineInit(S, (STATE_MACHINE_FUNC *)Trans, MAX_WPA_PTK_STATE, MAX_WPA_MSG, (STATE_MACHINE_FUNC)Drop, WPA_PTK, WPA_MACHINE_BASE);
+
+    StateMachineSetAction(S, WPA_PTK, MT2_EAPPacket, (STATE_MACHINE_FUNC)WpaEAPPacketAction);
+    StateMachineSetAction(S, WPA_PTK, MT2_EAPOLStart, (STATE_MACHINE_FUNC)WpaEAPOLStartAction);
+    StateMachineSetAction(S, WPA_PTK, MT2_EAPOLLogoff, (STATE_MACHINE_FUNC)WpaEAPOLLogoffAction);
+    StateMachineSetAction(S, WPA_PTK, MT2_EAPOLKey, (STATE_MACHINE_FUNC)WpaEAPOLKeyAction);
+    StateMachineSetAction(S, WPA_PTK, MT2_EAPOLASFAlert, (STATE_MACHINE_FUNC)WpaEAPOLASFAlertAction);
+}
+
+/*
+    ==========================================================================
+    Description:
+        this is state machine function.
+        When receiving EAP packets which is  for 802.1x authentication use.
+        Not use in PSK case
+    Return:
+    ==========================================================================
+*/
+VOID WpaEAPPacketAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+VOID WpaEAPOLASFAlertAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+VOID WpaEAPOLLogoffAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+/*
+    ==========================================================================
+    Description:
+       Start 4-way HS when rcv EAPOL_START which may create by our driver in assoc.c
+    Return:
+    ==========================================================================
+*/
+VOID WpaEAPOLStartAction(
+    IN PRTMP_ADAPTER    pAd,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+    MAC_TABLE_ENTRY     *pEntry;
+    PHEADER_802_11      pHeader;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("WpaEAPOLStartAction ===> \n"));
+
+    pHeader = (PHEADER_802_11)Elem->Msg;
+
+    //For normaol PSK, we enqueue an EAPOL-Start command to trigger the process.
+    if (Elem->MsgLen == 6)
+        pEntry = MacTableLookup(pAd, Elem->Msg);
+    else
+    {
+        pEntry = MacTableLookup(pAd, pHeader->Addr2);
+    }
+
+    if (pEntry)
+    {
+               DBGPRINT(RT_DEBUG_TRACE, (" PortSecured(%d), WpaState(%d), AuthMode(%d), PMKID_CacheIdx(%d) \n", pEntry->PortSecured, pEntry->WpaState, pEntry->AuthMode, pEntry->PMKID_CacheIdx));
+
+        if ((pEntry->PortSecured == WPA_802_1X_PORT_NOT_SECURED)
+                       && (pEntry->WpaState < AS_PTKSTART)
+            && ((pEntry->AuthMode == Ndis802_11AuthModeWPAPSK) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK) || ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) && (pEntry->PMKID_CacheIdx != ENTRY_NOT_FOUND))))
+        {
+            pEntry->PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
+            pEntry->WpaState = AS_INITPSK;
+            pEntry->PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+            NdisZeroMemory(pEntry->R_Counter, sizeof(pEntry->R_Counter));
+            pEntry->ReTryCounter = PEER_MSG1_RETRY_TIMER_CTR;
+
+            WPAStart4WayHS(pAd, pEntry, PEER_MSG1_RETRY_EXEC_INTV);
+        }
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+        This is state machine function.
+        When receiving EAPOL packets which is  for 802.1x key management.
+        Use both in WPA, and WPAPSK case.
+        In this function, further dispatch to different functions according to the received packet.  3 categories are :
+          1.  normal 4-way pairwisekey and 2-way groupkey handshake
+          2.  MIC error (Countermeasures attack)  report packet from STA.
+          3.  Request for pairwise/group key update from STA
+    Return:
+    ==========================================================================
+*/
+VOID WpaEAPOLKeyAction(
+    IN PRTMP_ADAPTER    pAd,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+    MAC_TABLE_ENTRY     *pEntry;
+    PHEADER_802_11      pHeader;
+    PEAPOL_PACKET       pEapol_packet;
+       KEY_INFO                        peerKeyInfo;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("WpaEAPOLKeyAction ===>\n"));
+
+    pHeader = (PHEADER_802_11)Elem->Msg;
+    pEapol_packet = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+
+       NdisZeroMemory((PUCHAR)&peerKeyInfo, sizeof(peerKeyInfo));
+       NdisMoveMemory((PUCHAR)&peerKeyInfo, (PUCHAR)&pEapol_packet->KeyDesc.KeyInfo, sizeof(KEY_INFO));
+
+       hex_dump("Received Eapol frame", (unsigned char *)pEapol_packet, (Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H));
+
+       *((USHORT *)&peerKeyInfo) = cpu2le16(*((USHORT *)&peerKeyInfo));
+
+    do
+    {
+        pEntry = MacTableLookup(pAd, pHeader->Addr2);
+
+               if (!pEntry || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
+            break;
+
+               if (pEntry->AuthMode < Ndis802_11AuthModeWPA)
+                               break;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPoL-Key frame from STA %02X-%02X-%02X-%02X-%02X-%02X\n", PRINT_MAC(pEntry->Addr)));
+
+        if (((pEapol_packet->ProVer != EAPOL_VER) && (pEapol_packet->ProVer != EAPOL_VER2)) ||
+                       ((pEapol_packet->KeyDesc.Type != WPA1_KEY_DESC) && (pEapol_packet->KeyDesc.Type != WPA2_KEY_DESC)))
+        {
+            DBGPRINT(RT_DEBUG_ERROR, ("Key descripter does not match with WPA rule\n"));
+            break;
+        }
+
+               // The value 1 shall be used for all EAPOL-Key frames to and from a STA when
+               // neither the group nor pairwise ciphers are CCMP for Key Descriptor 1.
+               if ((pEntry->WepStatus == Ndis802_11Encryption2Enabled) && (peerKeyInfo.KeyDescVer != DESC_TYPE_TKIP))
+        {
+               DBGPRINT(RT_DEBUG_ERROR, ("Key descripter version not match(TKIP) \n"));
+           break;
+       }
+               // The value 2 shall be used for all EAPOL-Key frames to and from a STA when
+               // either the pairwise or the group cipher is AES-CCMP for Key Descriptor 2.
+       else if ((pEntry->WepStatus == Ndis802_11Encryption3Enabled) && (peerKeyInfo.KeyDescVer != DESC_TYPE_AES))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Key descripter version not match(AES) \n"));
+               break;
+       }
+
+               // Check if this STA is in class 3 state and the WPA state is started
+        if ((pEntry->Sst == SST_ASSOC) && (pEntry->WpaState >= AS_INITPSK))
+        {
+                       // Check the Key Ack (bit 7) of the Key Information to determine the Authenticator
+                       // or not.
+                       // An EAPOL-Key frame that is sent by the Supplicant in response to an EAPOL-
+                       // Key frame from the Authenticator must not have the Ack bit set.
+                       if (peerKeyInfo.KeyAck == 1)
+                       {
+                               // The frame is snet by Authenticator.
+                               // So the Supplicant side shall handle this.
+
+                               if ((peerKeyInfo.Secure == 0) && (peerKeyInfo.Request == 0) &&
+                                       (peerKeyInfo.Error == 0) && (peerKeyInfo.KeyType == PAIRWISEKEY))
+                               {
+                                       // Process 1. the message 1 of 4-way HS in WPA or WPA2
+                                       //                        EAPOL-Key(0,0,1,0,P,0,0,ANonce,0,DataKD_M1)
+                                       //                 2. the message 3 of 4-way HS in WPA
+                                       //                        EAPOL-Key(0,1,1,1,P,0,KeyRSC,ANonce,MIC,DataKD_M3)
+                                       if (peerKeyInfo.KeyMic == 0)
+                       PeerPairMsg1Action(pAd, pEntry, Elem);
+                       else
+                       PeerPairMsg3Action(pAd, pEntry, Elem);
+                               }
+                               else if ((peerKeyInfo.Secure == 1) &&
+                                                (peerKeyInfo.KeyMic == 1) &&
+                                                (peerKeyInfo.Request == 0) &&
+                                                (peerKeyInfo.Error == 0))
+                               {
+                                       // Process 1. the message 3 of 4-way HS in WPA2
+                                       //                        EAPOL-Key(1,1,1,1,P,0,KeyRSC,ANonce,MIC,DataKD_M3)
+                                       //                 2. the message 1 of group KS in WPA or WPA2
+                                       //                        EAPOL-Key(1,1,1,0,G,0,Key RSC,0, MIC,GTK[N])
+                                       if (peerKeyInfo.KeyType == PAIRWISEKEY)
+                                               PeerPairMsg3Action(pAd, pEntry, Elem);
+                                       else
+                                               PeerGroupMsg1Action(pAd, pEntry, Elem);
+                               }
+                       }
+                       else
+                       {
+                               // The frame is snet by Supplicant.
+                               // So the Authenticator side shall handle this.
+                               if ((peerKeyInfo.Request == 0) &&
+                                                (peerKeyInfo.Error == 0) &&
+                                                (peerKeyInfo.KeyMic == 1))
+                               {
+                                       if (peerKeyInfo.Secure == 0 && peerKeyInfo.KeyType == PAIRWISEKEY)
+                                       {
+                                               // EAPOL-Key(0,1,0,0,P,0,0,SNonce,MIC,Data)
+                                               // Process 1. message 2 of 4-way HS in WPA or WPA2
+                                               //                 2. message 4 of 4-way HS in WPA
+                                               if (CONV_ARRARY_TO_UINT16(pEapol_packet->KeyDesc.KeyDataLen) == 0)
+                                               {
+                                                       PeerPairMsg4Action(pAd, pEntry, Elem);
+                       }
+                                               else
+                                               {
+                                                       PeerPairMsg2Action(pAd, pEntry, Elem);
+                                               }
+                                       }
+                                       else if (peerKeyInfo.Secure == 1 && peerKeyInfo.KeyType == PAIRWISEKEY)
+                                       {
+                                               // EAPOL-Key(1,1,0,0,P,0,0,0,MIC,0)
+                                               // Process message 4 of 4-way HS in WPA2
+                                               PeerPairMsg4Action(pAd, pEntry, Elem);
+                                       }
+                                       else if (peerKeyInfo.Secure == 1 && peerKeyInfo.KeyType == GROUPKEY)
+                                       {
+                                               // EAPOL-Key(1,1,0,0,G,0,0,0,MIC,0)
+                                               // Process message 2 of Group key HS in WPA or WPA2
+                                               PeerGroupMsg2Action(pAd, pEntry, &Elem->Msg[LENGTH_802_11], (Elem->MsgLen - LENGTH_802_11));
+                                       }
+                               }
+                       }
+        }
+    }while(FALSE);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Copy frame from waiting queue into relative ring buffer and set
+       appropriate ASIC register to kick hardware encryption before really
+       sent out to air.
+
+       Arguments:
+               pAd             Pointer to our adapter
+               PNDIS_PACKET    Pointer to outgoing Ndis frame
+               NumberOfFrag    Number of fragment required
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID    RTMPToWirelessSta(
+    IN  PRTMP_ADAPTER          pAd,
+    IN  PMAC_TABLE_ENTRY       pEntry,
+    IN  PUCHAR                 pHeader802_3,
+    IN  UINT                   HdrLen,
+    IN  PUCHAR                 pData,
+    IN  UINT                   DataLen,
+    IN BOOLEAN                         bClearFrame)
+{
+    PNDIS_PACKET    pPacket;
+    NDIS_STATUS     Status;
+
+       if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
+               return;
+
+    do {
+               // build a NDIS packet
+               Status = RTMPAllocateNdisPacket(pAd, &pPacket, pHeader802_3, HdrLen, pData, DataLen);
+               if (Status != NDIS_STATUS_SUCCESS)
+               break;
+
+
+                       if (bClearFrame)
+                               RTMP_SET_PACKET_CLEAR_EAP_FRAME(pPacket, 1);
+                       else
+                               RTMP_SET_PACKET_CLEAR_EAP_FRAME(pPacket, 0);
+               {
+                       RTMP_SET_PACKET_SOURCE(pPacket, PKTSRC_NDIS);
+
+                       RTMP_SET_PACKET_NET_DEVICE_MBSSID(pPacket, MAIN_MBSSID);        // set a default value
+                       if(pEntry->apidx != 0)
+                       RTMP_SET_PACKET_NET_DEVICE_MBSSID(pPacket, pEntry->apidx);
+
+               RTMP_SET_PACKET_WCID(pPacket, (UCHAR)pEntry->Aid);
+                       RTMP_SET_PACKET_MOREDATA(pPacket, FALSE);
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                   // send out the packet
+               Status = STASendPacket(pAd, pPacket);
+           if (Status == NDIS_STATUS_SUCCESS)
+                       {
+                               UCHAR   Index;
+
+                               // Dequeue one frame from TxSwQueue0..3 queue and process it
+                               // There are three place calling dequeue for TX ring.
+                               // 1. Here, right after queueing the frame.
+                               // 2. At the end of TxRingTxDone service routine.
+                               // 3. Upon NDIS call RTMPSendPackets
+                               if((!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS)) &&
+                                       (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS)))
+                               {
+                                       for(Index = 0; Index < 5; Index ++)
+                                               if(pAd->TxSwQueue[Index].Number > 0)
+                                                       RTMPDeQueuePacket(pAd, FALSE, Index, MAX_TX_PROCESS);
+                               }
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+    } while (FALSE);
+}
+
+/*
+    ==========================================================================
+    Description:
+        This is a function to initilize 4-way handshake
+
+    Return:
+
+    ==========================================================================
+*/
+VOID WPAStart4WayHS(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN ULONG                   TimeInterval)
+{
+    UCHAR           Header802_3[14];
+    EAPOL_PACKET       EAPOLPKT;
+       PUINT8                  pBssid = NULL;
+       UCHAR                   group_cipher = Ndis802_11WEPDisabled;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("===> WPAStart4WayHS\n"));
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS | fRTMP_ADAPTER_HALT_IN_PROGRESS))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : The interface is closed...\n"));
+               return;
+       }
+
+
+       if (pBssid == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : No corresponding Authenticator.\n"));
+               return;
+    }
+
+       // Check the status
+    if ((pEntry->WpaState > AS_PTKSTART) || (pEntry->WpaState < AS_INITPMK))
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("[ERROR]WPAStart4WayHS : Not expect calling\n"));
+        return;
+    }
+
+
+       // Increment replay counter by 1
+       ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
+
+       // Randomly generate ANonce
+       GenRandom(pAd, (UCHAR *)pBssid, pEntry->ANonce);
+
+       // Construct EAPoL message - Pairwise Msg 1
+       // EAPOL-Key(0,0,1,0,P,0,0,ANonce,0,DataKD_M1)
+       NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+       ConstructEapolMsg(pEntry,
+                                         group_cipher,
+                                         EAPOL_PAIR_MSG_1,
+                                         0,                                    // Default key index
+                                         pEntry->ANonce,
+                                         NULL,                                 // TxRSC
+                                         NULL,                                 // GTK
+                                         NULL,                                 // RSNIE
+                                         0,                                    // RSNIE length
+                                         &EAPOLPKT);
+
+
+       // Make outgoing frame
+    MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
+    RTMPToWirelessSta(pAd, pEntry, Header802_3,
+                                         LENGTH_802_3, (PUCHAR)&EAPOLPKT,
+                                         CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4,
+                                         (pEntry->PortSecured == WPA_802_1X_PORT_SECURED) ? FALSE : TRUE);
+
+       // Trigger Retry Timer
+    RTMPModTimer(&pEntry->RetryTimer, TimeInterval);
+
+       // Update State
+    pEntry->WpaState = AS_PTKSTART;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== WPAStart4WayHS: send Msg1 of 4-way \n"));
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process Pairwise key Msg-1 of 4-way handshaking and send Msg-2
+
+       Arguments:
+               pAd                     Pointer to our adapter
+               Elem            Message body
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID PeerPairMsg1Action(
+       IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+       UCHAR                           PTK[80];
+       UCHAR               Header802_3[14];
+       PEAPOL_PACKET           pMsg1;
+       UINT                    MsgLen;
+       EAPOL_PACKET            EAPOLPKT;
+       PUINT8                          pCurrentAddr = NULL;
+       PUINT8                          pmk_ptr = NULL;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+       PUINT8                          rsnie_ptr = NULL;
+       UCHAR                           rsnie_len = 0;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg1Action \n"));
+
+       if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
+               return;
+
+    if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
+        return;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pCurrentAddr = pAd->CurrentAddress;
+               pmk_ptr = pAd->StaCfg.PMK;
+               group_cipher = pAd->StaCfg.GroupCipher;
+               rsnie_ptr = pAd->StaCfg.RSN_IE;
+               rsnie_len = pAd->StaCfg.RSNIE_Len;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Store the received frame
+       pMsg1 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+       MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
+
+       // Sanity Check peer Pairwise message 1 - Replay Counter
+       if (PeerWpaMessageSanity(pAd, pMsg1, MsgLen, EAPOL_PAIR_MSG_1, pEntry) == FALSE)
+               return;
+
+       // Store Replay counter, it will use to verify message 3 and construct message 2
+       NdisMoveMemory(pEntry->R_Counter, pMsg1->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+
+       // Store ANonce
+       NdisMoveMemory(pEntry->ANonce, pMsg1->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
+
+       // Generate random SNonce
+       GenRandom(pAd, (UCHAR *)pCurrentAddr, pEntry->SNonce);
+
+       {
+           // Calculate PTK(ANonce, SNonce)
+           WpaDerivePTK(pAd,
+                               pmk_ptr,
+                               pEntry->ANonce,
+                                       pEntry->Addr,
+                                       pEntry->SNonce,
+                                       pCurrentAddr,
+                                   PTK,
+                                   LEN_PTK);
+
+               // Save key to PTK entry
+               NdisMoveMemory(pEntry->PTK, PTK, LEN_PTK);
+       }
+
+       // Update WpaState
+       pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
+
+       // Construct EAPoL message - Pairwise Msg 2
+       //  EAPOL-Key(0,1,0,0,P,0,0,SNonce,MIC,DataKD_M2)
+       NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+       ConstructEapolMsg(pEntry,
+                                         group_cipher,
+                                         EAPOL_PAIR_MSG_2,
+                                         0,                            // DefaultKeyIdx
+                                         pEntry->SNonce,
+                                         NULL,                         // TxRsc
+                                         NULL,                         // GTK
+                                         (UCHAR *)rsnie_ptr,
+                                         rsnie_len,
+                                         &EAPOLPKT);
+
+       // Make outgoing frame
+       MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
+
+       RTMPToWirelessSta(pAd, pEntry,
+                                         Header802_3, sizeof(Header802_3), (PUCHAR)&EAPOLPKT,
+                                         CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, TRUE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg1Action: send Msg2 of 4-way \n"));
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        When receiving the second packet of 4-way pairwisekey handshake.
+    Return:
+    ==========================================================================
+*/
+VOID PeerPairMsg2Action(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+       UCHAR                           PTK[80];
+    BOOLEAN             Cancelled;
+    PHEADER_802_11      pHeader;
+       EAPOL_PACKET        EAPOLPKT;
+       PEAPOL_PACKET       pMsg2;
+       UINT                    MsgLen;
+    UCHAR               Header802_3[LENGTH_802_3];
+       UCHAR                           TxTsc[6];
+       PUINT8                          pBssid = NULL;
+       PUINT8                          pmk_ptr = NULL;
+       PUINT8                          gtk_ptr = NULL;
+       UCHAR                           default_key = 0;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+       PUINT8                          rsnie_ptr = NULL;
+       UCHAR                           rsnie_len = 0;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg2Action \n"));
+
+    if ((!pEntry) || (!pEntry->ValidAsCLI))
+        return;
+
+    if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
+        return;
+
+    // check Entry in valid State
+    if (pEntry->WpaState < AS_PTKSTART)
+        return;
+
+
+
+    // pointer to 802.11 header
+       pHeader = (PHEADER_802_11)Elem->Msg;
+
+       // skip 802.11_header(24-byte) and LLC_header(8)
+       pMsg2 = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+       MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
+
+       // Store SNonce
+       NdisMoveMemory(pEntry->SNonce, pMsg2->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE);
+
+       {
+               // Derive PTK
+               WpaDerivePTK(pAd,
+                                       (UCHAR *)pmk_ptr,
+                                       pEntry->ANonce,                 // ANONCE
+                                       (UCHAR *)pBssid,
+                                       pEntry->SNonce,                 // SNONCE
+                                       pEntry->Addr,
+                                       PTK,
+                                       LEN_PTK);
+
+       NdisMoveMemory(pEntry->PTK, PTK, LEN_PTK);
+       }
+
+       // Sanity Check peer Pairwise message 2 - Replay Counter, MIC, RSNIE
+       if (PeerWpaMessageSanity(pAd, pMsg2, MsgLen, EAPOL_PAIR_MSG_2, pEntry) == FALSE)
+               return;
+
+    do
+    {
+        // delete retry timer
+               RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
+
+               // Change state
+        pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
+
+               // Increment replay counter by 1
+               ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
+
+               // Construct EAPoL message - Pairwise Msg 3
+               NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+               ConstructEapolMsg(pEntry,
+                                                 group_cipher,
+                                                 EAPOL_PAIR_MSG_3,
+                                                 default_key,
+                                                 pEntry->ANonce,
+                                                 TxTsc,
+                                                 (UCHAR *)gtk_ptr,
+                                                 (UCHAR *)rsnie_ptr,
+                                                 rsnie_len,
+                                                 &EAPOLPKT);
+
+        // Make outgoing frame
+        MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
+        RTMPToWirelessSta(pAd, pEntry, Header802_3, LENGTH_802_3,
+                                                 (PUCHAR)&EAPOLPKT,
+                                                 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4,
+                                                 (pEntry->PortSecured == WPA_802_1X_PORT_SECURED) ? FALSE : TRUE);
+
+        pEntry->ReTryCounter = PEER_MSG3_RETRY_TIMER_CTR;
+               RTMPSetTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV);
+
+               // Update State
+        pEntry->WpaState = AS_PTKINIT_NEGOTIATING;
+    }while(FALSE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg2Action: send Msg3 of 4-way \n"));
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process Pairwise key Msg 3 of 4-way handshaking and send Msg 4
+
+       Arguments:
+               pAd     Pointer to our adapter
+               Elem            Message body
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID PeerPairMsg3Action(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+       PHEADER_802_11          pHeader;
+       UCHAR               Header802_3[14];
+       EAPOL_PACKET            EAPOLPKT;
+       PEAPOL_PACKET           pMsg3;
+       UINT                    MsgLen;
+       PUINT8                          pCurrentAddr = NULL;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg3Action \n"));
+
+       if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
+               return;
+
+    if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
+               return;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pCurrentAddr = pAd->CurrentAddress;
+               group_cipher = pAd->StaCfg.GroupCipher;
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Record 802.11 header & the received EAPOL packet Msg3
+       pHeader = (PHEADER_802_11) Elem->Msg;
+       pMsg3 = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+       MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
+
+       // Sanity Check peer Pairwise message 3 - Replay Counter, MIC, RSNIE
+       if (PeerWpaMessageSanity(pAd, pMsg3, MsgLen, EAPOL_PAIR_MSG_3, pEntry) == FALSE)
+               return;
+
+       // Save Replay counter, it will use construct message 4
+       NdisMoveMemory(pEntry->R_Counter, pMsg3->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+
+       // Double check ANonce
+       if (!NdisEqualMemory(pEntry->ANonce, pMsg3->KeyDesc.KeyNonce, LEN_KEY_DESC_NONCE))
+       {
+               return;
+       }
+
+       // Construct EAPoL message - Pairwise Msg 4
+       NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+       ConstructEapolMsg(pEntry,
+                                         group_cipher,
+                                         EAPOL_PAIR_MSG_4,
+                                         0,                                    // group key index not used in message 4
+                                         NULL,                                 // Nonce not used in message 4
+                                         NULL,                                 // TxRSC not used in message 4
+                                         NULL,                                 // GTK not used in message 4
+                                         NULL,                                 // RSN IE not used in message 4
+                                         0,
+                                         &EAPOLPKT);
+
+       // Update WpaState
+       pEntry->WpaState = AS_PTKINITDONE;
+
+       // Update pairwise key
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               PCIPHER_KEY pSharedKey;
+
+               pSharedKey = &pAd->SharedKey[BSS0][0];
+
+               NdisMoveMemory(pAd->StaCfg.PTK, pEntry->PTK, LEN_PTK);
+
+               // Prepare pair-wise key information into shared key table
+               NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
+               pSharedKey->KeyLen = LEN_TKIP_EK;
+           NdisMoveMemory(pSharedKey->Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
+               NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
+               NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
+
+               // Decide its ChiperAlg
+               if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+                       pSharedKey->CipherAlg = CIPHER_TKIP;
+               else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+                       pSharedKey->CipherAlg = CIPHER_AES;
+               else
+                       pSharedKey->CipherAlg = CIPHER_NONE;
+
+               // Update these related information to MAC_TABLE_ENTRY
+               pEntry = &pAd->MacTab.Content[BSSID_WCID];
+               NdisMoveMemory(pEntry->PairwiseKey.Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
+               NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
+               NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
+               pEntry->PairwiseKey.CipherAlg = pSharedKey->CipherAlg;
+
+               // Update pairwise key information to ASIC Shared Key Table
+               AsicAddSharedKeyEntry(pAd,
+                                                         BSS0,
+                                                         0,
+                                                         pSharedKey->CipherAlg,
+                                                         pSharedKey->Key,
+                                                         pSharedKey->TxMic,
+                                                         pSharedKey->RxMic);
+
+               // Update ASIC WCID attribute table and IVEIV table
+               RTMPAddWcidAttributeEntry(pAd,
+                                                                 BSS0,
+                                                                 0,
+                                                                 pSharedKey->CipherAlg,
+                                                                 pEntry);
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // open 802.1x port control and privacy filter
+       if (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK ||
+               pEntry->AuthMode == Ndis802_11AuthModeWPA2)
+       {
+               pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+               pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+
+#ifdef CONFIG_STA_SUPPORT
+               STA_PORT_SECURED(pAd);
+           // Indicate Connected for GUI
+           pAd->IndicateMediaState = NdisMediaStateConnected;
+#endif // CONFIG_STA_SUPPORT //
+               DBGPRINT(RT_DEBUG_TRACE, ("PeerPairMsg3Action: AuthMode(%s) PairwiseCipher(%s) GroupCipher(%s) \n",
+                                                                       GetAuthMode(pEntry->AuthMode),
+                                                                       GetEncryptType(pEntry->WepStatus),
+                                                                       GetEncryptType(group_cipher)));
+       }
+       else
+       {
+       }
+
+       // Init 802.3 header and send out
+       MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
+       RTMPToWirelessSta(pAd, pEntry,
+                                         Header802_3, sizeof(Header802_3),
+                                         (PUCHAR)&EAPOLPKT,
+                                         CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, TRUE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerPairMsg3Action: send Msg4 of 4-way \n"));
+}
+
+/*
+    ==========================================================================
+    Description:
+        When receiving the last packet of 4-way pairwisekey handshake.
+        Initilize 2-way groupkey handshake following.
+    Return:
+    ==========================================================================
+*/
+VOID PeerPairMsg4Action(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+       PEAPOL_PACKET           pMsg4;
+    PHEADER_802_11      pHeader;
+    UINT               MsgLen;
+    BOOLEAN             Cancelled;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("===> PeerPairMsg4Action\n"));
+
+    do
+    {
+        if ((!pEntry) || (!pEntry->ValidAsCLI))
+            break;
+
+        if (Elem->MsgLen < (LENGTH_802_11 + LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2 ) )
+            break;
+
+        if (pEntry->WpaState < AS_PTKINIT_NEGOTIATING)
+            break;
+
+
+        // pointer to 802.11 header
+        pHeader = (PHEADER_802_11)Elem->Msg;
+
+               // skip 802.11_header(24-byte) and LLC_header(8)
+               pMsg4 = (PEAPOL_PACKET)&Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+               MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
+
+        // Sanity Check peer Pairwise message 4 - Replay Counter, MIC
+               if (PeerWpaMessageSanity(pAd, pMsg4, MsgLen, EAPOL_PAIR_MSG_4, pEntry) == FALSE)
+                       break;
+
+        // 3. uses the MLME.SETKEYS.request to configure PTK into MAC
+        NdisZeroMemory(&pEntry->PairwiseKey, sizeof(CIPHER_KEY));
+
+               // reset IVEIV in Asic
+               AsicUpdateWCIDIVEIV(pAd, pEntry->Aid, 1, 0);
+
+        pEntry->PairwiseKey.KeyLen = LEN_TKIP_EK;
+        NdisMoveMemory(pEntry->PairwiseKey.Key, &pEntry->PTK[32], LEN_TKIP_EK);
+        NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pEntry->PTK[TKIP_AP_RXMICK_OFFSET], LEN_TKIP_RXMICK);
+        NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pEntry->PTK[TKIP_AP_TXMICK_OFFSET], LEN_TKIP_TXMICK);
+
+               // Set pairwise key to Asic
+        {
+            pEntry->PairwiseKey.CipherAlg = CIPHER_NONE;
+            if (pEntry->WepStatus == Ndis802_11Encryption2Enabled)
+                pEntry->PairwiseKey.CipherAlg = CIPHER_TKIP;
+            else if (pEntry->WepStatus == Ndis802_11Encryption3Enabled)
+                pEntry->PairwiseKey.CipherAlg = CIPHER_AES;
+
+                       // Add Pair-wise key to Asic
+            AsicAddPairwiseKeyEntry(
+                pAd,
+                pEntry->Addr,
+                (UCHAR)pEntry->Aid,
+                &pEntry->PairwiseKey);
+
+                       // update WCID attribute table and IVEIV table for this entry
+                       RTMPAddWcidAttributeEntry(
+                               pAd,
+                               pEntry->apidx,
+                               0,
+                               pEntry->PairwiseKey.CipherAlg,
+                               pEntry);
+        }
+
+        // 4. upgrade state
+        pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+        pEntry->WpaState = AS_PTKINITDONE;
+               pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+
+
+               if (pEntry->AuthMode == Ndis802_11AuthModeWPA2 ||
+                       pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK)
+               {
+                       pEntry->GTKState = REKEY_ESTABLISHED;
+                       RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
+
+
+                       // send wireless event - for set key done WPA2
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA2_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+               DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA2, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
+                                                                       pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
+                                                                       pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
+                                                                       group_cipher,
+                                                                       GetEncryptType(group_cipher)));
+               }
+               else
+               {
+               // 5. init Group 2-way handshake if necessary.
+               WPAStart2WayGroupHS(pAd, pEntry);
+
+               pEntry->ReTryCounter = GROUP_MSG1_RETRY_TIMER_CTR;
+                       RTMPModTimer(&pEntry->RetryTimer, PEER_MSG3_RETRY_EXEC_INTV);
+               }
+    }while(FALSE);
+
+}
+
+/*
+    ==========================================================================
+    Description:
+        This is a function to send the first packet of 2-way groupkey handshake
+    Return:
+
+    ==========================================================================
+*/
+VOID WPAStart2WayGroupHS(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry)
+{
+    UCHAR               Header802_3[14];
+       UCHAR                           TxTsc[6];
+    EAPOL_PACKET       EAPOLPKT;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+       UCHAR                           default_key = 0;
+       PUINT8                          gnonce_ptr = NULL;
+       PUINT8                          gtk_ptr = NULL;
+       PUINT8                          pBssid = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> WPAStart2WayGroupHS\n"));
+
+    if ((!pEntry) || (!pEntry->ValidAsCLI))
+        return;
+
+
+    do
+    {
+        // Increment replay counter by 1
+               ADD_ONE_To_64BIT_VAR(pEntry->R_Counter);
+
+               // Construct EAPoL message - Group Msg 1
+               NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+               ConstructEapolMsg(pEntry,
+                                                 group_cipher,
+                                                 EAPOL_GROUP_MSG_1,
+                                                 default_key,
+                                                 (UCHAR *)gnonce_ptr,
+                                                 TxTsc,
+                                                 (UCHAR *)gtk_ptr,
+                                                 NULL,
+                                                 0,
+                                                 &EAPOLPKT);
+
+               // Make outgoing frame
+        MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pBssid, EAPOL);
+        RTMPToWirelessSta(pAd, pEntry,
+                                                 Header802_3, LENGTH_802_3,
+                                                 (PUCHAR)&EAPOLPKT,
+                                                 CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, FALSE);
+
+
+
+    }while (FALSE);
+
+    DBGPRINT(RT_DEBUG_TRACE, ("<=== WPAStart2WayGroupHS : send out Group Message 1 \n"));
+
+    return;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process Group key 2-way handshaking
+
+       Arguments:
+               pAd     Pointer to our adapter
+               Elem            Message body
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   PeerGroupMsg1Action(
+       IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem)
+{
+    UCHAR               Header802_3[14];
+       EAPOL_PACKET            EAPOLPKT;
+       PEAPOL_PACKET           pGroup;
+       UINT                    MsgLen;
+       BOOLEAN             Cancelled;
+       UCHAR                           default_key = 0;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+       PUINT8                          pCurrentAddr = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> PeerGroupMsg1Action \n"));
+
+       if ((!pEntry) || ((!pEntry->ValidAsCLI) && (!pEntry->ValidAsApCli)))
+        return;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pCurrentAddr = pAd->CurrentAddress;
+               group_cipher = pAd->StaCfg.GroupCipher;
+               default_key = pAd->StaCfg.DefaultKeyId;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Process Group Message 1 frame. skip 802.11 header(24) & LLC_SNAP header(8)
+       pGroup = (PEAPOL_PACKET) &Elem->Msg[LENGTH_802_11 + LENGTH_802_1_H];
+       MsgLen = Elem->MsgLen - LENGTH_802_11 - LENGTH_802_1_H;
+
+       // Sanity Check peer group message 1 - Replay Counter, MIC, RSNIE
+       if (PeerWpaMessageSanity(pAd, pGroup, MsgLen, EAPOL_GROUP_MSG_1, pEntry) == FALSE)
+               return;
+
+       // delete retry timer
+       RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
+
+       // Save Replay counter, it will use to construct message 2
+       NdisMoveMemory(pEntry->R_Counter, pGroup->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+
+       // Construct EAPoL message - Group Msg 2
+       NdisZeroMemory(&EAPOLPKT, sizeof(EAPOL_PACKET));
+       ConstructEapolMsg(pEntry,
+                                         group_cipher,
+                                         EAPOL_GROUP_MSG_2,
+                                         default_key,
+                                         NULL,                                 // Nonce not used
+                                         NULL,                                 // TxRSC not used
+                                         NULL,                                 // GTK not used
+                                         NULL,                                 // RSN IE not used
+                                         0,
+                                         &EAPOLPKT);
+
+    // open 802.1x port control and privacy filter
+       pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+       pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+
+#ifdef CONFIG_STA_SUPPORT
+       STA_PORT_SECURED(pAd);
+    // Indicate Connected for GUI
+    pAd->IndicateMediaState = NdisMediaStateConnected;
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("PeerGroupMsg1Action: AuthMode(%s) PairwiseCipher(%s) GroupCipher(%s) \n",
+                                                                       GetAuthMode(pEntry->AuthMode),
+                                                                       GetEncryptType(pEntry->WepStatus),
+                                                                       GetEncryptType(group_cipher)));
+
+       // init header and Fill Packet and send Msg 2 to authenticator
+       MAKE_802_3_HEADER(Header802_3, pEntry->Addr, pCurrentAddr, EAPOL);
+       RTMPToWirelessSta(pAd, pEntry,
+                                         Header802_3, sizeof(Header802_3),
+                                         (PUCHAR)&EAPOLPKT,
+                                         CONV_ARRARY_TO_UINT16(EAPOLPKT.Body_Len) + 4, FALSE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== PeerGroupMsg1Action: sned group message 2\n"));
+}
+
+/*
+    ==========================================================================
+    Description:
+        When receiving the last packet of 2-way groupkey handshake.
+    Return:
+    ==========================================================================
+*/
+VOID PeerGroupMsg2Action(
+    IN PRTMP_ADAPTER    pAd,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN VOID             *Msg,
+    IN UINT             MsgLen)
+{
+    UINT               Len;
+    PUCHAR             pData;
+    BOOLEAN            Cancelled;
+       PEAPOL_PACKET       pMsg2;
+       UCHAR                           group_cipher = Ndis802_11WEPDisabled;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> PeerGroupMsg2Action \n"));
+
+    do
+    {
+        if ((!pEntry) || (!pEntry->ValidAsCLI))
+            break;
+
+        if (MsgLen < (LENGTH_802_1_H + LENGTH_EAPOL_H + sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE - 2))
+            break;
+
+        if (pEntry->WpaState != AS_PTKINITDONE)
+            break;
+
+
+        pData = (PUCHAR)Msg;
+               pMsg2 = (PEAPOL_PACKET) (pData + LENGTH_802_1_H);
+        Len = MsgLen - LENGTH_802_1_H;
+
+               // Sanity Check peer group message 2 - Replay Counter, MIC
+               if (PeerWpaMessageSanity(pAd, pMsg2, Len, EAPOL_GROUP_MSG_2, pEntry) == FALSE)
+            break;
+
+        // 3.  upgrade state
+
+               RTMPCancelTimer(&pEntry->RetryTimer, &Cancelled);
+        pEntry->GTKState = REKEY_ESTABLISHED;
+
+               if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) || (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
+               {
+                       // send wireless event - for set key done WPA2
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA2_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+                       DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA2, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
+                                                                               pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
+                                                                               pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
+                                                                               group_cipher, GetEncryptType(group_cipher)));
+               }
+               else
+               {
+                       // send wireless event - for set key done WPA
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_SET_KEY_DONE_WPA1_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+               DBGPRINT(RT_DEBUG_OFF, ("AP SETKEYS DONE - WPA1, AuthMode(%d)=%s, WepStatus(%d)=%s, GroupWepStatus(%d)=%s\n\n",
+                                                                               pEntry->AuthMode, GetAuthMode(pEntry->AuthMode),
+                                                                               pEntry->WepStatus, GetEncryptType(pEntry->WepStatus),
+                                                                               group_cipher, GetEncryptType(group_cipher)));
+               }
+    }while(FALSE);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Classify WPA EAP message type
+
+       Arguments:
+               EAPType         Value of EAP message type
+               MsgType         Internal Message definition for MLME state machine
+
+       Return Value:
+               TRUE            Found appropriate message type
+               FALSE           No appropriate message type
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               All these constants are defined in wpa.h
+               For supplicant, there is only EAPOL Key message avaliable
+
+       ========================================================================
+*/
+BOOLEAN        WpaMsgTypeSubst(
+       IN      UCHAR   EAPType,
+       OUT     INT             *MsgType)
+{
+       switch (EAPType)
+       {
+               case EAPPacket:
+                       *MsgType = MT2_EAPPacket;
+                       break;
+               case EAPOLStart:
+                       *MsgType = MT2_EAPOLStart;
+                       break;
+               case EAPOLLogoff:
+                       *MsgType = MT2_EAPOLLogoff;
+                       break;
+               case EAPOLKey:
+                       *MsgType = MT2_EAPOLKey;
+                       break;
+               case EAPOLASFAlert:
+                       *MsgType = MT2_EAPOLASFAlert;
+                       break;
+               default:
+                       return FALSE;
+       }
+       return TRUE;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               The pseudo-random function(PRF) that hashes various inputs to
+               derive a pseudo-random value. To add liveness to the pseudo-random
+               value, a nonce should be one of the inputs.
+
+               It is used to generate PTK, GTK or some specific random value.
+
+       Arguments:
+               UCHAR   *key,           -       the key material for HMAC_SHA1 use
+               INT             key_len         -       the length of key
+               UCHAR   *prefix         -       a prefix label
+               INT             prefix_len      -       the length of the label
+               UCHAR   *data           -       a specific data with variable length
+               INT             data_len        -       the length of a specific data
+               INT             len                     -       the output lenght
+
+       Return Value:
+               UCHAR   *output         -       the calculated result
+
+       Note:
+               802.11i-2004    Annex H.3
+
+       ========================================================================
+*/
+VOID   PRF(
+       IN      UCHAR   *key,
+       IN      INT             key_len,
+       IN      UCHAR   *prefix,
+       IN      INT             prefix_len,
+       IN      UCHAR   *data,
+       IN      INT             data_len,
+       OUT     UCHAR   *output,
+       IN      INT             len)
+{
+       INT             i;
+    UCHAR   *input;
+       INT             currentindex = 0;
+       INT             total_len;
+
+       // Allocate memory for input
+       os_alloc_mem(NULL, (PUCHAR *)&input, 1024);
+
+    if (input == NULL)
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("!!!PRF: no memory!!!\n"));
+        return;
+    }
+
+       // Generate concatenation input
+       NdisMoveMemory(input, prefix, prefix_len);
+
+       // Concatenate a single octet containing 0
+       input[prefix_len] =     0;
+
+       // Concatenate specific data
+       NdisMoveMemory(&input[prefix_len + 1], data, data_len);
+       total_len =     prefix_len + 1 + data_len;
+
+       // Concatenate a single octet containing 0
+       // This octet shall be update later
+       input[total_len] = 0;
+       total_len++;
+
+       // Iterate to calculate the result by hmac-sha-1
+       // Then concatenate to last result
+       for     (i = 0; i <     (len + 19) / 20; i++)
+       {
+               HMAC_SHA1(key, key_len, input, total_len, &output[currentindex], SHA1_DIGEST_SIZE);
+               currentindex += 20;
+
+               // update the last octet
+               input[total_len - 1]++;
+       }
+    os_free_mem(NULL, input);
+}
+
+/*
+* F(P, S, c, i) = U1 xor U2 xor ... Uc
+* U1 = PRF(P, S || Int(i))
+* U2 = PRF(P, U1)
+* Uc = PRF(P, Uc-1)
+*/
+
+static void F(char *password, unsigned char *ssid, int ssidlength, int iterations, int count, unsigned char *output)
+{
+    unsigned char digest[36], digest1[SHA1_DIGEST_SIZE];
+    int i, j;
+
+    /* U1 = PRF(P, S || int(i)) */
+    memcpy(digest, ssid, ssidlength);
+    digest[ssidlength] = (unsigned char)((count>>24) & 0xff);
+    digest[ssidlength+1] = (unsigned char)((count>>16) & 0xff);
+    digest[ssidlength+2] = (unsigned char)((count>>8) & 0xff);
+    digest[ssidlength+3] = (unsigned char)(count & 0xff);
+    HMAC_SHA1((unsigned char*) password, (int) strlen(password), digest, ssidlength+4, digest1, SHA1_DIGEST_SIZE); // for WPA update
+
+    /* output = U1 */
+    memcpy(output, digest1, SHA1_DIGEST_SIZE);
+
+    for (i = 1; i < iterations; i++)
+    {
+        /* Un = PRF(P, Un-1) */
+        HMAC_SHA1((unsigned char*) password, (int) strlen(password), digest1, SHA1_DIGEST_SIZE, digest, SHA1_DIGEST_SIZE); // for WPA update
+        memcpy(digest1, digest, SHA1_DIGEST_SIZE);
+
+        /* output = output xor Un */
+        for (j = 0; j < SHA1_DIGEST_SIZE; j++)
+        {
+            output[j] ^= digest[j];
+        }
+    }
+}
+
+/*
+* password - ascii string up to 63 characters in length
+* ssid - octet string up to 32 octets
+* ssidlength - length of ssid in octets
+* output must be 40 octets in length and outputs 256 bits of key
+*/
+int PasswordHash(PSTRING password, PUCHAR ssid, INT ssidlength, PUCHAR output)
+{
+    if ((strlen(password) > 63) || (ssidlength > 32))
+        return 0;
+
+    F(password, ssid, ssidlength, 4096, 1, output);
+    F(password, ssid, ssidlength, 4096, 2, &output[SHA1_DIGEST_SIZE]);
+    return 1;
+}
+
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               It utilizes PRF-384 or PRF-512 to derive session-specific keys from a PMK.
+               It shall be called by 4-way handshake processing.
+
+       Arguments:
+               pAd     -       pointer to our pAdapter context
+               PMK             -       pointer to PMK
+               ANonce  -       pointer to ANonce
+               AA              -       pointer to Authenticator Address
+               SNonce  -       pointer to SNonce
+               SA              -       pointer to Supplicant Address
+               len             -       indicate the length of PTK (octet)
+
+       Return Value:
+               Output          pointer to the PTK
+
+       Note:
+               Refer to IEEE 802.11i-2004 8.5.1.2
+
+       ========================================================================
+*/
+VOID WpaDerivePTK(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   *PMK,
+       IN      UCHAR   *ANonce,
+       IN      UCHAR   *AA,
+       IN      UCHAR   *SNonce,
+       IN      UCHAR   *SA,
+       OUT     UCHAR   *output,
+       IN      UINT    len)
+{
+       UCHAR   concatenation[76];
+       UINT    CurrPos = 0;
+       UCHAR   temp[32];
+       UCHAR   Prefix[] = {'P', 'a', 'i', 'r', 'w', 'i', 's', 'e', ' ', 'k', 'e', 'y', ' ',
+                                               'e', 'x', 'p', 'a', 'n', 's', 'i', 'o', 'n'};
+
+       // initiate the concatenation input
+       NdisZeroMemory(temp, sizeof(temp));
+       NdisZeroMemory(concatenation, 76);
+
+       // Get smaller address
+       if (RTMPCompareMemory(SA, AA, 6) == 1)
+               NdisMoveMemory(concatenation, AA, 6);
+       else
+               NdisMoveMemory(concatenation, SA, 6);
+       CurrPos += 6;
+
+       // Get larger address
+       if (RTMPCompareMemory(SA, AA, 6) == 1)
+               NdisMoveMemory(&concatenation[CurrPos], SA, 6);
+       else
+               NdisMoveMemory(&concatenation[CurrPos], AA, 6);
+
+       // store the larger mac address for backward compatible of
+       // ralink proprietary STA-key issue
+       NdisMoveMemory(temp, &concatenation[CurrPos], MAC_ADDR_LEN);
+       CurrPos += 6;
+
+       // Get smaller Nonce
+       if (RTMPCompareMemory(ANonce, SNonce, 32) == 0)
+               NdisMoveMemory(&concatenation[CurrPos], temp, 32);      // patch for ralink proprietary STA-key issue
+       else if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
+               NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
+       else
+               NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
+       CurrPos += 32;
+
+       // Get larger Nonce
+       if (RTMPCompareMemory(ANonce, SNonce, 32) == 0)
+               NdisMoveMemory(&concatenation[CurrPos], temp, 32);      // patch for ralink proprietary STA-key issue
+       else if (RTMPCompareMemory(ANonce, SNonce, 32) == 1)
+               NdisMoveMemory(&concatenation[CurrPos], ANonce, 32);
+       else
+               NdisMoveMemory(&concatenation[CurrPos], SNonce, 32);
+       CurrPos += 32;
+
+       hex_dump("concatenation=", concatenation, 76);
+
+       // Use PRF to generate PTK
+       PRF(PMK, LEN_MASTER_KEY, Prefix, 22, concatenation, 76, output, len);
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Generate random number by software.
+
+       Arguments:
+               pAd             -       pointer to our pAdapter context
+               macAddr -       pointer to local MAC address
+
+       Return Value:
+
+       Note:
+               802.1ii-2004  Annex H.5
+
+       ========================================================================
+*/
+VOID   GenRandom(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   *macAddr,
+       OUT     UCHAR                   *random)
+{
+       INT             i, curr;
+       UCHAR   local[80], KeyCounter[32];
+       UCHAR   result[80];
+       ULONG   CurrentTime;
+       UCHAR   prefix[] = {'I', 'n', 'i', 't', ' ', 'C', 'o', 'u', 'n', 't', 'e', 'r'};
+
+       // Zero the related information
+       NdisZeroMemory(result, 80);
+       NdisZeroMemory(local, 80);
+       NdisZeroMemory(KeyCounter, 32);
+
+       for     (i = 0; i <     32;     i++)
+       {
+               // copy the local MAC address
+               COPY_MAC_ADDR(local, macAddr);
+               curr =  MAC_ADDR_LEN;
+
+               // concatenate the current time
+               NdisGetSystemUpTime(&CurrentTime);
+               NdisMoveMemory(&local[curr],  &CurrentTime,     sizeof(CurrentTime));
+               curr += sizeof(CurrentTime);
+
+               // concatenate the last result
+               NdisMoveMemory(&local[curr],  result, 32);
+               curr += 32;
+
+               // concatenate a variable
+               NdisMoveMemory(&local[curr],  &i,  2);
+               curr += 2;
+
+               // calculate the result
+               PRF(KeyCounter, 32, prefix,12, local, curr, result, 32);
+       }
+
+       NdisMoveMemory(random, result,  32);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Build cipher suite in RSN-IE.
+               It only shall be called by RTMPMakeRSNIE.
+
+       Arguments:
+               pAd                     -       pointer to our pAdapter context
+       ElementID       -       indicate the WPA1 or WPA2
+       WepStatus       -       indicate the encryption type
+               bMixCipher      -       a boolean to indicate the pairwise cipher and group
+                                               cipher are the same or not
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+static VOID RTMPMakeRsnIeCipher(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   ElementID,
+       IN      UINT                    WepStatus,
+       IN      BOOLEAN                 bMixCipher,
+       IN      UCHAR                   FlexibleCipher,
+       OUT     PUCHAR                  pRsnIe,
+       OUT     UCHAR                   *rsn_len)
+{
+       UCHAR   PairwiseCnt;
+
+       *rsn_len = 0;
+
+       // decide WPA2 or WPA1
+       if (ElementID == Wpa2Ie)
+       {
+               RSNIE2  *pRsnie_cipher = (RSNIE2*)pRsnIe;
+
+               // Assign the verson as 1
+               pRsnie_cipher->version = 1;
+
+        switch (WepStatus)
+        {
+               // TKIP mode
+            case Ndis802_11Encryption2Enabled:
+                NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
+                pRsnie_cipher->ucount = 1;
+                NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_TKIP, 4);
+                *rsn_len = sizeof(RSNIE2);
+                break;
+
+                       // AES mode
+            case Ndis802_11Encryption3Enabled:
+                               if (bMixCipher)
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
+                               else
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_CCMP, 4);
+                pRsnie_cipher->ucount = 1;
+                NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_CCMP, 4);
+                *rsn_len = sizeof(RSNIE2);
+                break;
+
+                       // TKIP-AES mix mode
+            case Ndis802_11Encryption4Enabled:
+                NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_TKIP, 4);
+
+                               PairwiseCnt = 1;
+                               // Insert WPA2 TKIP as the first pairwise cipher
+                               if (MIX_CIPHER_WPA2_TKIP_ON(FlexibleCipher))
+                               {
+                       NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_TKIP, 4);
+                                       // Insert WPA2 AES as the secondary pairwise cipher
+                                       if (MIX_CIPHER_WPA2_AES_ON(FlexibleCipher))
+                                       {
+                               NdisMoveMemory(pRsnie_cipher->ucast[0].oui + 4, OUI_WPA2_CCMP, 4);
+                                               PairwiseCnt = 2;
+                                       }
+                               }
+                               else
+                               {
+                                       // Insert WPA2 AES as the first pairwise cipher
+                                       NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA2_CCMP, 4);
+                               }
+
+                pRsnie_cipher->ucount = PairwiseCnt;
+                *rsn_len = sizeof(RSNIE2) + (4 * (PairwiseCnt - 1));
+                break;
+        }
+
+#ifdef CONFIG_STA_SUPPORT
+               if ((pAd->OpMode == OPMODE_STA) &&
+                       (pAd->StaCfg.GroupCipher != Ndis802_11Encryption2Enabled) &&
+                       (pAd->StaCfg.GroupCipher != Ndis802_11Encryption3Enabled))
+               {
+                       UINT    GroupCipher = pAd->StaCfg.GroupCipher;
+                       switch(GroupCipher)
+                       {
+                               case Ndis802_11GroupWEP40Enabled:
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_WEP40, 4);
+                                       break;
+                               case Ndis802_11GroupWEP104Enabled:
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA2_WEP104, 4);
+                                       break;
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               // swap for big-endian platform
+               pRsnie_cipher->version = cpu2le16(pRsnie_cipher->version);
+           pRsnie_cipher->ucount = cpu2le16(pRsnie_cipher->ucount);
+       }
+       else
+       {
+               RSNIE   *pRsnie_cipher = (RSNIE*)pRsnIe;
+
+               // Assign OUI and version
+               NdisMoveMemory(pRsnie_cipher->oui, OUI_WPA_VERSION, 4);
+        pRsnie_cipher->version = 1;
+
+               switch (WepStatus)
+               {
+                       // TKIP mode
+            case Ndis802_11Encryption2Enabled:
+                NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
+                pRsnie_cipher->ucount = 1;
+                NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_TKIP, 4);
+                *rsn_len = sizeof(RSNIE);
+                break;
+
+                       // AES mode
+            case Ndis802_11Encryption3Enabled:
+                               if (bMixCipher)
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
+                               else
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_CCMP, 4);
+                pRsnie_cipher->ucount = 1;
+                NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_CCMP, 4);
+                *rsn_len = sizeof(RSNIE);
+                break;
+
+                       // TKIP-AES mix mode
+            case Ndis802_11Encryption4Enabled:
+                NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_TKIP, 4);
+
+                               PairwiseCnt = 1;
+                               // Insert WPA TKIP as the first pairwise cipher
+                               if (MIX_CIPHER_WPA_TKIP_ON(FlexibleCipher))
+                               {
+                       NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_TKIP, 4);
+                                       // Insert WPA AES as the secondary pairwise cipher
+                                       if (MIX_CIPHER_WPA_AES_ON(FlexibleCipher))
+                                       {
+                               NdisMoveMemory(pRsnie_cipher->ucast[0].oui + 4, OUI_WPA_CCMP, 4);
+                                               PairwiseCnt = 2;
+                                       }
+                               }
+                               else
+                               {
+                                       // Insert WPA AES as the first pairwise cipher
+                                       NdisMoveMemory(pRsnie_cipher->ucast[0].oui, OUI_WPA_CCMP, 4);
+                               }
+
+                pRsnie_cipher->ucount = PairwiseCnt;
+                *rsn_len = sizeof(RSNIE) + (4 * (PairwiseCnt - 1));
+                break;
+        }
+
+#ifdef CONFIG_STA_SUPPORT
+               if ((pAd->OpMode == OPMODE_STA) &&
+                       (pAd->StaCfg.GroupCipher != Ndis802_11Encryption2Enabled) &&
+                       (pAd->StaCfg.GroupCipher != Ndis802_11Encryption3Enabled))
+               {
+                       UINT    GroupCipher = pAd->StaCfg.GroupCipher;
+                       switch(GroupCipher)
+                       {
+                               case Ndis802_11GroupWEP40Enabled:
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_WEP40, 4);
+                                       break;
+                               case Ndis802_11GroupWEP104Enabled:
+                                       NdisMoveMemory(pRsnie_cipher->mcast, OUI_WPA_WEP104, 4);
+                                       break;
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               // swap for big-endian platform
+               pRsnie_cipher->version = cpu2le16(pRsnie_cipher->version);
+           pRsnie_cipher->ucount = cpu2le16(pRsnie_cipher->ucount);
+       }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Build AKM suite in RSN-IE.
+               It only shall be called by RTMPMakeRSNIE.
+
+       Arguments:
+               pAd                     -       pointer to our pAdapter context
+       ElementID       -       indicate the WPA1 or WPA2
+       AuthMode        -       indicate the authentication mode
+               apidx           -       indicate the interface index
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+static VOID RTMPMakeRsnIeAKM(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   ElementID,
+       IN      UINT                    AuthMode,
+       IN      UCHAR                   apidx,
+       OUT     PUCHAR                  pRsnIe,
+       OUT     UCHAR                   *rsn_len)
+{
+       RSNIE_AUTH              *pRsnie_auth;
+       UCHAR                   AkmCnt = 1;             // default as 1
+
+       pRsnie_auth = (RSNIE_AUTH*)(pRsnIe + (*rsn_len));
+
+       // decide WPA2 or WPA1
+       if (ElementID == Wpa2Ie)
+       {
+
+               switch (AuthMode)
+        {
+            case Ndis802_11AuthModeWPA2:
+            case Ndis802_11AuthModeWPA1WPA2:
+                       NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA2_8021X_AKM, 4);
+                break;
+
+            case Ndis802_11AuthModeWPA2PSK:
+            case Ndis802_11AuthModeWPA1PSKWPA2PSK:
+                       NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA2_PSK_AKM, 4);
+                break;
+                       default:
+                               AkmCnt = 0;
+                               break;
+
+        }
+       }
+       else
+       {
+               switch (AuthMode)
+        {
+            case Ndis802_11AuthModeWPA:
+            case Ndis802_11AuthModeWPA1WPA2:
+                NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_8021X_AKM, 4);
+                break;
+
+            case Ndis802_11AuthModeWPAPSK:
+            case Ndis802_11AuthModeWPA1PSKWPA2PSK:
+                NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_PSK_AKM, 4);
+                break;
+
+                       case Ndis802_11AuthModeWPANone:
+                NdisMoveMemory(pRsnie_auth->auth[0].oui, OUI_WPA_NONE_AKM, 4);
+                break;
+                       default:
+                               AkmCnt = 0;
+                               break;
+        }
+       }
+
+       pRsnie_auth->acount = AkmCnt;
+       pRsnie_auth->acount = cpu2le16(pRsnie_auth->acount);
+
+       // update current RSNIE length
+       (*rsn_len) += (sizeof(RSNIE_AUTH) + (4 * (AkmCnt - 1)));
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Build capability in RSN-IE.
+               It only shall be called by RTMPMakeRSNIE.
+
+       Arguments:
+               pAd                     -       pointer to our pAdapter context
+       ElementID       -       indicate the WPA1 or WPA2
+               apidx           -       indicate the interface index
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+static VOID RTMPMakeRsnIeCap(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   ElementID,
+       IN      UCHAR                   apidx,
+       OUT     PUCHAR                  pRsnIe,
+       OUT     UCHAR                   *rsn_len)
+{
+       RSN_CAPABILITIES    *pRSN_Cap;
+
+       // it could be ignored in WPA1 mode
+       if (ElementID == WpaIe)
+               return;
+
+       pRSN_Cap = (RSN_CAPABILITIES*)(pRsnIe + (*rsn_len));
+
+
+       pRSN_Cap->word = cpu2le16(pRSN_Cap->word);
+
+       (*rsn_len) += sizeof(RSN_CAPABILITIES); // update current RSNIE length
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Build RSN IE context. It is not included element-ID and length.
+
+       Arguments:
+               pAd                     -       pointer to our pAdapter context
+       AuthMode        -       indicate the authentication mode
+       WepStatus       -       indicate the encryption type
+               apidx           -       indicate the interface index
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPMakeRSNIE(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  UINT            AuthMode,
+    IN  UINT            WepStatus,
+       IN      UCHAR                   apidx)
+{
+       PUCHAR          pRsnIe = NULL;                  // primary RSNIE
+       UCHAR           *rsnielen_cur_p = 0;    // the length of the primary RSNIE
+       UCHAR           *rsnielen_ex_cur_p = 0; // the length of the secondary RSNIE
+       UCHAR           PrimaryRsnie;
+       BOOLEAN         bMixCipher = FALSE;     // indicate the pairwise and group cipher are different
+       UCHAR           p_offset;
+       WPA_MIX_PAIR_CIPHER             FlexibleCipher = MIX_CIPHER_NOTUSE;     // it provide the more flexible cipher combination in WPA-WPA2 and TKIPAES mode
+
+       rsnielen_cur_p = NULL;
+       rsnielen_ex_cur_p = NULL;
+
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+#ifdef WPA_SUPPLICANT_SUPPORT
+                       if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
+                       {
+                               if (AuthMode < Ndis802_11AuthModeWPA)
+                                       return;
+                       }
+                       else
+#endif // WPA_SUPPLICANT_SUPPORT //
+                       {
+                               // Support WPAPSK or WPA2PSK in STA-Infra mode
+                               // Support WPANone in STA-Adhoc mode
+                               if ((AuthMode != Ndis802_11AuthModeWPAPSK) &&
+                                       (AuthMode != Ndis802_11AuthModeWPA2PSK) &&
+                                       (AuthMode != Ndis802_11AuthModeWPANone)
+                                       )
+                                       return;
+                       }
+
+                       DBGPRINT(RT_DEBUG_TRACE,("==> RTMPMakeRSNIE(STA)\n"));
+
+                       // Zero RSNIE context
+                       pAd->StaCfg.RSNIE_Len = 0;
+                       NdisZeroMemory(pAd->StaCfg.RSN_IE, MAX_LEN_OF_RSNIE);
+
+                       // Pointer to RSNIE
+                       rsnielen_cur_p = &pAd->StaCfg.RSNIE_Len;
+                       pRsnIe = pAd->StaCfg.RSN_IE;
+
+                       bMixCipher = pAd->StaCfg.bMixCipher;
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       // indicate primary RSNIE as WPA or WPA2
+       if ((AuthMode == Ndis802_11AuthModeWPA) ||
+               (AuthMode == Ndis802_11AuthModeWPAPSK) ||
+               (AuthMode == Ndis802_11AuthModeWPANone) ||
+               (AuthMode == Ndis802_11AuthModeWPA1WPA2) ||
+               (AuthMode == Ndis802_11AuthModeWPA1PSKWPA2PSK))
+               PrimaryRsnie = WpaIe;
+       else
+               PrimaryRsnie = Wpa2Ie;
+
+       {
+               // Build the primary RSNIE
+               // 1. insert cipher suite
+               RTMPMakeRsnIeCipher(pAd, PrimaryRsnie, WepStatus, bMixCipher, FlexibleCipher, pRsnIe, &p_offset);
+
+               // 2. insert AKM
+               RTMPMakeRsnIeAKM(pAd, PrimaryRsnie, AuthMode, apidx, pRsnIe, &p_offset);
+
+               // 3. insert capability
+               RTMPMakeRsnIeCap(pAd, PrimaryRsnie, apidx, pRsnIe, &p_offset);
+       }
+
+       // 4. update the RSNIE length
+       *rsnielen_cur_p = p_offset;
+
+       hex_dump("The primary RSNIE", pRsnIe, (*rsnielen_cur_p));
+
+
+}
+
+/*
+    ==========================================================================
+    Description:
+               Check whether the received frame is EAP frame.
+
+       Arguments:
+               pAd                             -       pointer to our pAdapter context
+               pEntry                  -       pointer to active entry
+               pData                   -       the received frame
+               DataByteCount   -       the received frame's length
+               FromWhichBSSID  -       indicate the interface index
+
+    Return:
+         TRUE                  -       This frame is EAP frame
+         FALSE                 -       otherwise
+    ==========================================================================
+*/
+BOOLEAN RTMPCheckWPAframe(
+    IN PRTMP_ADAPTER    pAd,
+    IN PMAC_TABLE_ENTRY        pEntry,
+    IN PUCHAR           pData,
+    IN ULONG            DataByteCount,
+       IN UCHAR                        FromWhichBSSID)
+{
+       ULONG   Body_len;
+       BOOLEAN Cancelled;
+
+
+    if(DataByteCount < (LENGTH_802_1_H + LENGTH_EAPOL_H))
+        return FALSE;
+
+
+       // Skip LLC header
+    if (NdisEqualMemory(SNAP_802_1H, pData, 6) ||
+        // Cisco 1200 AP may send packet with SNAP_BRIDGE_TUNNEL
+        NdisEqualMemory(SNAP_BRIDGE_TUNNEL, pData, 6))
+    {
+        pData += 6;
+    }
+       // Skip 2-bytes EAPoL type
+    if (NdisEqualMemory(EAPOL, pData, 2))
+//     if (*(UINT16 *)EAPOL == *(UINT16 *)pData)
+    {
+        pData += 2;
+    }
+    else
+        return FALSE;
+
+    switch (*(pData+1))
+    {
+        case EAPPacket:
+                       Body_len = (*(pData+2)<<8) | (*(pData+3));
+            DBGPRINT(RT_DEBUG_TRACE, ("Receive EAP-Packet frame, TYPE = 0, Length = %ld\n", Body_len));
+            break;
+        case EAPOLStart:
+            DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOL-Start frame, TYPE = 1 \n"));
+                       if (pEntry->EnqueueEapolStartTimerRunning != EAPOL_START_DISABLE)
+            {
+               DBGPRINT(RT_DEBUG_TRACE, ("Cancel the EnqueueEapolStartTimerRunning \n"));
+                RTMPCancelTimer(&pEntry->EnqueueStartForPSKTimer, &Cancelled);
+                pEntry->EnqueueEapolStartTimerRunning = EAPOL_START_DISABLE;
+            }
+            break;
+        case EAPOLLogoff:
+            DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOLLogoff frame, TYPE = 2 \n"));
+            break;
+        case EAPOLKey:
+                       Body_len = (*(pData+2)<<8) | (*(pData+3));
+            DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOL-Key frame, TYPE = 3, Length = %ld\n", Body_len));
+            break;
+        case EAPOLASFAlert:
+            DBGPRINT(RT_DEBUG_TRACE, ("Receive EAPOLASFAlert frame, TYPE = 4 \n"));
+            break;
+        default:
+            return FALSE;
+
+    }
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+               Report the EAP message type
+
+       Arguments:
+               msg             -       EAPOL_PAIR_MSG_1
+                                       EAPOL_PAIR_MSG_2
+                                       EAPOL_PAIR_MSG_3
+                                       EAPOL_PAIR_MSG_4
+                                       EAPOL_GROUP_MSG_1
+                                       EAPOL_GROUP_MSG_2
+
+    Return:
+         message type string
+
+    ==========================================================================
+*/
+PSTRING GetEapolMsgType(CHAR msg)
+{
+    if(msg == EAPOL_PAIR_MSG_1)
+        return "Pairwise Message 1";
+    else if(msg == EAPOL_PAIR_MSG_2)
+        return "Pairwise Message 2";
+       else if(msg == EAPOL_PAIR_MSG_3)
+        return "Pairwise Message 3";
+       else if(msg == EAPOL_PAIR_MSG_4)
+        return "Pairwise Message 4";
+       else if(msg == EAPOL_GROUP_MSG_1)
+        return "Group Message 1";
+       else if(msg == EAPOL_GROUP_MSG_2)
+        return "Group Message 2";
+    else
+       return "Invalid Message";
+}
+
+
+/*
+    ========================================================================
+
+    Routine Description:
+    Check Sanity RSN IE of EAPoL message
+
+    Arguments:
+
+    Return Value:
+
+
+    ========================================================================
+*/
+BOOLEAN RTMPCheckRSNIE(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pData,
+       IN  UCHAR           DataLen,
+       IN  MAC_TABLE_ENTRY *pEntry,
+       OUT     UCHAR                   *Offset)
+{
+       PUCHAR              pVIE;
+       UCHAR               len;
+       PEID_STRUCT         pEid;
+       BOOLEAN                         result = FALSE;
+
+       pVIE = pData;
+       len      = DataLen;
+       *Offset = 0;
+
+       while (len > sizeof(RSNIE2))
+       {
+               pEid = (PEID_STRUCT) pVIE;
+               // WPA RSN IE
+               if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4)))
+               {
+                       if ((pEntry->AuthMode == Ndis802_11AuthModeWPA || pEntry->AuthMode == Ndis802_11AuthModeWPAPSK) &&
+                               (NdisEqualMemory(pVIE, pEntry->RSN_IE, pEntry->RSNIE_Len)) &&
+                               (pEntry->RSNIE_Len == (pEid->Len + 2)))
+                       {
+                                       result = TRUE;
+                       }
+
+                       *Offset += (pEid->Len + 2);
+               }
+               // WPA2 RSN IE
+               else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3)))
+               {
+                       if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2 || pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK) &&
+                               (pEid->Eid == pEntry->RSN_IE[0]) &&
+                               ((pEid->Len + 2) >= pEntry->RSNIE_Len) &&
+                               (NdisEqualMemory(pEid->Octet, &pEntry->RSN_IE[2], pEntry->RSNIE_Len - 2)))
+                       {
+
+                                       result = TRUE;
+                       }
+
+                       *Offset += (pEid->Len + 2);
+               }
+               else
+               {
+                       break;
+               }
+
+               pVIE += (pEid->Len + 2);
+               len  -= (pEid->Len + 2);
+       }
+
+
+       return result;
+
+}
+
+
+/*
+    ========================================================================
+
+    Routine Description:
+    Parse KEYDATA field.  KEYDATA[] May contain 2 RSN IE and optionally GTK.
+    GTK  is encaptulated in KDE format at  p.83 802.11i D10
+
+    Arguments:
+
+    Return Value:
+
+    Note:
+        802.11i D10
+
+    ========================================================================
+*/
+BOOLEAN RTMPParseEapolKeyData(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKeyData,
+       IN  UCHAR           KeyDataLen,
+       IN      UCHAR                   GroupKeyIndex,
+       IN      UCHAR                   MsgType,
+       IN      BOOLEAN                 bWPA2,
+       IN  MAC_TABLE_ENTRY *pEntry)
+{
+    PKDE_ENCAP          pKDE = NULL;
+    PUCHAR              pMyKeyData = pKeyData;
+    UCHAR               KeyDataLength = KeyDataLen;
+    UCHAR               GTKLEN = 0;
+       UCHAR                           DefaultIdx = 0;
+       UCHAR                           skip_offset;
+
+       // Verify The RSN IE contained in pairewise_msg_2 && pairewise_msg_3 and skip it
+       if (MsgType == EAPOL_PAIR_MSG_2 || MsgType == EAPOL_PAIR_MSG_3)
+    {
+               // Check RSN IE whether it is WPA2/WPA2PSK
+               if (!RTMPCheckRSNIE(pAd, pKeyData, KeyDataLen, pEntry, &skip_offset))
+               {
+                       // send wireless event - for RSN IE different
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_RSNIE_DIFF_EVENT_FLAG, pEntry->Addr, pEntry->apidx, 0);
+
+               DBGPRINT(RT_DEBUG_ERROR, ("RSN_IE Different in msg %d of 4-way handshake!\n", MsgType));
+                       hex_dump("Receive RSN_IE ", pKeyData, KeyDataLen);
+                       hex_dump("Desired RSN_IE ", pEntry->RSN_IE, pEntry->RSNIE_Len);
+
+                       return FALSE;
+       }
+       else
+               {
+                       if (bWPA2 && MsgType == EAPOL_PAIR_MSG_3)
+                       {
+                               WpaShowAllsuite(pMyKeyData, skip_offset);
+
+                               // skip RSN IE
+                               pMyKeyData += skip_offset;
+                               KeyDataLength -= skip_offset;
+                               DBGPRINT(RT_DEBUG_TRACE, ("RTMPParseEapolKeyData ==> WPA2/WPA2PSK RSN IE matched in Msg 3, Length(%d) \n", skip_offset));
+                       }
+                       else
+                               return TRUE;
+               }
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPParseEapolKeyData ==> KeyDataLength %d without RSN_IE \n", KeyDataLength));
+       //hex_dump("remain data", pMyKeyData, KeyDataLength);
+
+
+       // Parse EKD format in pairwise_msg_3_WPA2 && group_msg_1_WPA2
+       if (bWPA2 && (MsgType == EAPOL_PAIR_MSG_3 || MsgType == EAPOL_GROUP_MSG_1))
+       {
+               if (KeyDataLength >= 8) // KDE format exclude GTK length
+       {
+               pKDE = (PKDE_ENCAP) pMyKeyData;
+
+
+                       DefaultIdx = pKDE->GTKEncap.Kid;
+
+                       // Sanity check - KED length
+                       if (KeyDataLength < (pKDE->Len + 2))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("ERROR: The len from KDE is too short \n"));
+                       return FALSE;
+               }
+
+                       // Get GTK length - refer to IEEE 802.11i-2004 p.82
+                       GTKLEN = pKDE->Len -6;
+                       if (GTKLEN < LEN_AES_KEY)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key length is too short (%d) \n", GTKLEN));
+                       return FALSE;
+                       }
+
+       }
+               else
+       {
+                       DBGPRINT(RT_DEBUG_ERROR, ("ERROR: KDE format length is too short \n"));
+               return FALSE;
+       }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("GTK in KDE format ,DefaultKeyID=%d, KeyLen=%d \n", DefaultIdx, GTKLEN));
+               // skip it
+               pMyKeyData += 8;
+               KeyDataLength -= 8;
+
+       }
+       else if (!bWPA2 && MsgType == EAPOL_GROUP_MSG_1)
+       {
+               DefaultIdx = GroupKeyIndex;
+               DBGPRINT(RT_DEBUG_TRACE, ("GTK DefaultKeyID=%d \n", DefaultIdx));
+       }
+
+       // Sanity check - shared key index must be 1 ~ 3
+       if (DefaultIdx < 1 || DefaultIdx > 3)
+    {
+       DBGPRINT(RT_DEBUG_ERROR, ("ERROR: GTK Key index(%d) is invalid in %s %s \n", DefaultIdx, ((bWPA2) ? "WPA2" : "WPA"), GetEapolMsgType(MsgType)));
+        return FALSE;
+    }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               PCIPHER_KEY pSharedKey;
+
+               // set key material, TxMic and RxMic
+               NdisMoveMemory(pAd->StaCfg.GTK, pMyKeyData, 32);
+               pAd->StaCfg.DefaultKeyId = DefaultIdx;
+
+               pSharedKey = &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId];
+
+               // Prepare pair-wise key information into shared key table
+               NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
+               pSharedKey->KeyLen = LEN_TKIP_EK;
+               NdisMoveMemory(pSharedKey->Key, pAd->StaCfg.GTK, LEN_TKIP_EK);
+               NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.GTK[16], LEN_TKIP_RXMICK);
+               NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.GTK[24], LEN_TKIP_TXMICK);
+
+               // Update Shared Key CipherAlg
+               pSharedKey->CipherAlg = CIPHER_NONE;
+               if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
+                       pSharedKey->CipherAlg = CIPHER_TKIP;
+               else if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)
+                       pSharedKey->CipherAlg = CIPHER_AES;
+               else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP40Enabled)
+                       pSharedKey->CipherAlg = CIPHER_WEP64;
+               else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP104Enabled)
+                       pSharedKey->CipherAlg = CIPHER_WEP128;
+
+
+               // Update group key information to ASIC Shared Key Table
+               AsicAddSharedKeyEntry(pAd,
+                                                         BSS0,
+                                                         pAd->StaCfg.DefaultKeyId,
+                                                         pSharedKey->CipherAlg,
+                                                         pSharedKey->Key,
+                                                         pSharedKey->TxMic,
+                                                         pSharedKey->RxMic);
+
+               // Update ASIC WCID attribute table and IVEIV table
+               RTMPAddWcidAttributeEntry(pAd,
+                                                                 BSS0,
+                                                                 pAd->StaCfg.DefaultKeyId,
+                                                                 pSharedKey->CipherAlg,
+                                                                 NULL);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       return TRUE;
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Construct EAPoL message for WPA handshaking
+               Its format is below,
+
+               +--------------------+
+               | Protocol Version       |  1 octet
+               +--------------------+
+               | Protocol Type          |      1 octet
+               +--------------------+
+               | Body Length            |  2 octets
+               +--------------------+
+               | Descriptor Type        |      1 octet
+               +--------------------+
+               | Key Information    |  2 octets
+               +--------------------+
+               | Key Length         |  1 octet
+               +--------------------+
+               | Key Repaly Counter |  8 octets
+               +--------------------+
+               | Key Nonce                  |  32 octets
+               +--------------------+
+               | Key IV                         |  16 octets
+               +--------------------+
+               | Key RSC                        |  8 octets
+               +--------------------+
+               | Key ID or Reserved |  8 octets
+               +--------------------+
+               | Key MIC                        |      16 octets
+               +--------------------+
+               | Key Data Length        |      2 octets
+               +--------------------+
+               | Key Data                       |      n octets
+               +--------------------+
+
+
+       Arguments:
+               pAd                     Pointer to our adapter
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   ConstructEapolMsg(
+       IN      PMAC_TABLE_ENTRY        pEntry,
+    IN UCHAR                           GroupKeyWepStatus,
+    IN UCHAR                           MsgType,
+    IN UCHAR                           DefaultKeyIdx,
+       IN      UCHAR                           *KeyNonce,
+       IN      UCHAR                           *TxRSC,
+       IN      UCHAR                           *GTK,
+       IN      UCHAR                           *RSNIE,
+       IN      UCHAR                           RSNIE_Len,
+    OUT PEAPOL_PACKET       pMsg)
+{
+       BOOLEAN bWPA2 = FALSE;
+       UCHAR   KeyDescVer;
+
+       // Choose WPA2 or not
+       if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) ||
+               (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
+               bWPA2 = TRUE;
+
+    // Init Packet and Fill header
+    pMsg->ProVer = EAPOL_VER;
+    pMsg->ProType = EAPOLKey;
+
+       // Default 95 bytes, the EAPoL-Key descriptor exclude Key-data field
+       SET_UINT16_TO_ARRARY(pMsg->Body_Len, LEN_EAPOL_KEY_MSG);
+
+       // Fill in EAPoL descriptor
+       if (bWPA2)
+               pMsg->KeyDesc.Type = WPA2_KEY_DESC;
+       else
+               pMsg->KeyDesc.Type = WPA1_KEY_DESC;
+
+       // Key Descriptor Version (bits 0-2) specifies the key descriptor version type
+       {
+               // Fill in Key information, refer to IEEE Std 802.11i-2004 page 78
+               // When either the pairwise or the group cipher is AES, the DESC_TYPE_AES(2) shall be used.
+               KeyDescVer = (((pEntry->WepStatus == Ndis802_11Encryption3Enabled) ||
+                                       (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)) ? (DESC_TYPE_AES) : (DESC_TYPE_TKIP));
+       }
+
+       pMsg->KeyDesc.KeyInfo.KeyDescVer = KeyDescVer;
+
+       // Specify Key Type as Group(0) or Pairwise(1)
+       if (MsgType >= EAPOL_GROUP_MSG_1)
+               pMsg->KeyDesc.KeyInfo.KeyType = GROUPKEY;
+       else
+               pMsg->KeyDesc.KeyInfo.KeyType = PAIRWISEKEY;
+
+       // Specify Key Index, only group_msg1_WPA1
+       if (!bWPA2 && (MsgType >= EAPOL_GROUP_MSG_1))
+               pMsg->KeyDesc.KeyInfo.KeyIndex = DefaultKeyIdx;
+
+       if (MsgType == EAPOL_PAIR_MSG_3)
+               pMsg->KeyDesc.KeyInfo.Install = 1;
+
+       if ((MsgType == EAPOL_PAIR_MSG_1) || (MsgType == EAPOL_PAIR_MSG_3) || (MsgType == EAPOL_GROUP_MSG_1))
+               pMsg->KeyDesc.KeyInfo.KeyAck = 1;
+
+       if (MsgType != EAPOL_PAIR_MSG_1)
+               pMsg->KeyDesc.KeyInfo.KeyMic = 1;
+
+       if ((bWPA2 && (MsgType >= EAPOL_PAIR_MSG_3)) ||
+               (!bWPA2 && (MsgType >= EAPOL_GROUP_MSG_1)))
+    {
+       pMsg->KeyDesc.KeyInfo.Secure = 1;
+    }
+
+       if (bWPA2 && ((MsgType == EAPOL_PAIR_MSG_3) ||
+               (MsgType == EAPOL_GROUP_MSG_1)))
+    {
+        pMsg->KeyDesc.KeyInfo.EKD_DL = 1;
+    }
+
+       // key Information element has done.
+       *(USHORT *)(&pMsg->KeyDesc.KeyInfo) = cpu2le16(*(USHORT *)(&pMsg->KeyDesc.KeyInfo));
+
+       // Fill in Key Length
+       {
+               if (MsgType >= EAPOL_GROUP_MSG_1)
+               {
+                       // the length of group key cipher
+                       pMsg->KeyDesc.KeyLength[1] = ((GroupKeyWepStatus == Ndis802_11Encryption2Enabled) ? TKIP_GTK_LENGTH : LEN_AES_KEY);
+               }
+               else
+               {
+                       // the length of pairwise key cipher
+                       pMsg->KeyDesc.KeyLength[1] = ((pEntry->WepStatus == Ndis802_11Encryption2Enabled) ? LEN_TKIP_KEY : LEN_AES_KEY);
+               }
+       }
+
+       // Fill in replay counter
+    NdisMoveMemory(pMsg->KeyDesc.ReplayCounter, pEntry->R_Counter, LEN_KEY_DESC_REPLAY);
+
+       // Fill Key Nonce field
+       // ANonce : pairwise_msg1 & pairwise_msg3
+       // SNonce : pairwise_msg2
+       // GNonce : group_msg1_wpa1
+       if ((MsgType <= EAPOL_PAIR_MSG_3) || ((!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))))
+       NdisMoveMemory(pMsg->KeyDesc.KeyNonce, KeyNonce, LEN_KEY_DESC_NONCE);
+
+       // Fill key IV - WPA2 as 0, WPA1 as random
+       if (!bWPA2 && (MsgType == EAPOL_GROUP_MSG_1))
+       {
+               // Suggest IV be random number plus some number,
+               NdisMoveMemory(pMsg->KeyDesc.KeyIv, &KeyNonce[16], LEN_KEY_DESC_IV);
+        pMsg->KeyDesc.KeyIv[15] += 2;
+       }
+
+    // Fill Key RSC field
+    // It contains the RSC for the GTK being installed.
+       if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2) || (MsgType == EAPOL_GROUP_MSG_1))
+       {
+        NdisMoveMemory(pMsg->KeyDesc.KeyRsc, TxRSC, 6);
+       }
+
+       // Clear Key MIC field for MIC calculation later
+    NdisZeroMemory(pMsg->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
+
+       ConstructEapolKeyData(pEntry,
+                                                 GroupKeyWepStatus,
+                                                 KeyDescVer,
+                                                 MsgType,
+                                                 DefaultKeyIdx,
+                                                 GTK,
+                                                 RSNIE,
+                                                 RSNIE_Len,
+                                                 pMsg);
+
+       // Calculate MIC and fill in KeyMic Field except Pairwise Msg 1.
+       if (MsgType != EAPOL_PAIR_MSG_1)
+       {
+               CalculateMIC(KeyDescVer, pEntry->PTK, pMsg);
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> ConstructEapolMsg for %s %s\n", ((bWPA2) ? "WPA2" : "WPA"), GetEapolMsgType(MsgType)));
+       DBGPRINT(RT_DEBUG_TRACE, ("          Body length = %d \n", CONV_ARRARY_TO_UINT16(pMsg->Body_Len)));
+       DBGPRINT(RT_DEBUG_TRACE, ("          Key length  = %d \n", CONV_ARRARY_TO_UINT16(pMsg->KeyDesc.KeyLength)));
+
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Construct the Key Data field of EAPoL message
+
+       Arguments:
+               pAd                     Pointer to our adapter
+               Elem            Message body
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   ConstructEapolKeyData(
+       IN      PMAC_TABLE_ENTRY        pEntry,
+       IN      UCHAR                   GroupKeyWepStatus,
+       IN      UCHAR                   keyDescVer,
+       IN      UCHAR                   MsgType,
+       IN      UCHAR                   DefaultKeyIdx,
+       IN      UCHAR                   *GTK,
+       IN      UCHAR                   *RSNIE,
+       IN      UCHAR                   RSNIE_LEN,
+       OUT PEAPOL_PACKET   pMsg)
+{
+       UCHAR           *mpool, *Key_Data, *Rc4GTK;
+       UCHAR       ekey[(LEN_KEY_DESC_IV+LEN_EAP_EK)];
+       ULONG           data_offset;
+       BOOLEAN         bWPA2Capable = FALSE;
+       PRTMP_ADAPTER   pAd = pEntry->pAd;
+       BOOLEAN         GTK_Included = FALSE;
+
+       // Choose WPA2 or not
+       if ((pEntry->AuthMode == Ndis802_11AuthModeWPA2) ||
+               (pEntry->AuthMode == Ndis802_11AuthModeWPA2PSK))
+               bWPA2Capable = TRUE;
+
+       if (MsgType == EAPOL_PAIR_MSG_1 ||
+               MsgType == EAPOL_PAIR_MSG_4 ||
+               MsgType == EAPOL_GROUP_MSG_2)
+               return;
+
+       // allocate memory pool
+       os_alloc_mem(NULL, (PUCHAR *)&mpool, 1500);
+
+    if (mpool == NULL)
+               return;
+
+       /* Rc4GTK Len = 512 */
+       Rc4GTK = (UCHAR *) ROUND_UP(mpool, 4);
+       /* Key_Data Len = 512 */
+       Key_Data = (UCHAR *) ROUND_UP(Rc4GTK + 512, 4);
+
+       NdisZeroMemory(Key_Data, 512);
+       SET_UINT16_TO_ARRARY(pMsg->KeyDesc.KeyDataLen, 0);
+       data_offset = 0;
+
+       // Encapsulate RSNIE in pairwise_msg2 & pairwise_msg3
+       if (RSNIE_LEN && ((MsgType == EAPOL_PAIR_MSG_2) || (MsgType == EAPOL_PAIR_MSG_3)))
+       {
+               PUINT8  pmkid_ptr = NULL;
+               UINT8   pmkid_len = 0;
+
+
+               RTMPInsertRSNIE(&Key_Data[data_offset],
+                                               (PULONG)&data_offset,
+                                               RSNIE,
+                                               RSNIE_LEN,
+                                               pmkid_ptr,
+                                               pmkid_len);
+       }
+
+
+       // Encapsulate KDE format in pairwise_msg3_WPA2 & group_msg1_WPA2
+       if (bWPA2Capable && ((MsgType == EAPOL_PAIR_MSG_3) || (MsgType == EAPOL_GROUP_MSG_1)))
+       {
+               // Key Data Encapsulation (KDE) format - 802.11i-2004  Figure-43w and Table-20h
+        Key_Data[data_offset + 0] = 0xDD;
+
+               if (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)
+               {
+                       Key_Data[data_offset + 1] = 0x16;// 4+2+16(OUI+DataType+DataField)
+               }
+               else
+               {
+                       Key_Data[data_offset + 1] = 0x26;// 4+2+32(OUI+DataType+DataField)
+               }
+
+        Key_Data[data_offset + 2] = 0x00;
+        Key_Data[data_offset + 3] = 0x0F;
+        Key_Data[data_offset + 4] = 0xAC;
+        Key_Data[data_offset + 5] = 0x01;
+
+               // GTK KDE format - 802.11i-2004  Figure-43x
+        Key_Data[data_offset + 6] = (DefaultKeyIdx & 0x03);
+        Key_Data[data_offset + 7] = 0x00;      // Reserved Byte
+
+               data_offset += 8;
+       }
+
+
+       // Encapsulate GTK
+       // Only for pairwise_msg3_WPA2 and group_msg1
+       if ((MsgType == EAPOL_PAIR_MSG_3 && bWPA2Capable) || (MsgType == EAPOL_GROUP_MSG_1))
+       {
+               // Fill in GTK
+               if (GroupKeyWepStatus == Ndis802_11Encryption3Enabled)
+               {
+                       NdisMoveMemory(&Key_Data[data_offset], GTK, LEN_AES_KEY);
+                       data_offset += LEN_AES_KEY;
+               }
+               else
+               {
+                       NdisMoveMemory(&Key_Data[data_offset], GTK, TKIP_GTK_LENGTH);
+                       data_offset += TKIP_GTK_LENGTH;
+               }
+
+               GTK_Included = TRUE;
+       }
+
+
+       // This whole key-data field shall be encrypted if a GTK is included.
+       // Encrypt the data material in key data field with KEK
+       if (GTK_Included)
+       {
+               //hex_dump("GTK_Included", Key_Data, data_offset);
+
+               if (
+                       (keyDescVer == DESC_TYPE_AES))
+               {
+                       UCHAR   remainder = 0;
+                       UCHAR   pad_len = 0;
+
+                       // Key Descriptor Version 2 or 3: AES key wrap, defined in IETF RFC 3394,
+                       // shall be used to encrypt the Key Data field using the KEK field from
+                       // the derived PTK.
+
+                       // If the Key Data field uses the NIST AES key wrap, then the Key Data field
+                       // shall be padded before encrypting if the key data length is less than 16
+                       // octets or if it is not a multiple of 8. The padding consists of appending
+                       // a single octet 0xdd followed by zero or more 0x00 octets.
+                       if ((remainder = data_offset & 0x07) != 0)
+                       {
+                               INT             i;
+
+                               pad_len = (8 - remainder);
+                               Key_Data[data_offset] = 0xDD;
+                               for (i = 1; i < pad_len; i++)
+                                       Key_Data[data_offset + i] = 0;
+
+                               data_offset += pad_len;
+                       }
+
+                       AES_GTK_KEY_WRAP(&pEntry->PTK[16], Key_Data, data_offset, Rc4GTK);
+            // AES wrap function will grow 8 bytes in length
+            data_offset += 8;
+               }
+               else
+               {
+                       /*      Key Descriptor Version 1: ARC4 is used to encrypt the Key Data field
+                               using the KEK field from the derived PTK. */
+
+                       // PREPARE Encrypted  "Key DATA" field.  (Encrypt GTK with RC4, usinf PTK[16]->[31] as Key, IV-field as IV)
+                       // put TxTsc in Key RSC field
+                       pAd->PrivateInfo.FCSCRC32 = PPPINITFCS32;   //Init crc32.
+
+                       // ekey is the contanetion of IV-field, and PTK[16]->PTK[31]
+                       NdisMoveMemory(ekey, pMsg->KeyDesc.KeyIv, LEN_KEY_DESC_IV);
+                       NdisMoveMemory(&ekey[LEN_KEY_DESC_IV], &pEntry->PTK[16], LEN_EAP_EK);
+                       ARCFOUR_INIT(&pAd->PrivateInfo.WEPCONTEXT, ekey, sizeof(ekey));  //INIT SBOX, KEYLEN+3(IV)
+                       pAd->PrivateInfo.FCSCRC32 = RTMP_CALC_FCS32(pAd->PrivateInfo.FCSCRC32, Key_Data, data_offset);
+                       WPAARCFOUR_ENCRYPT(&pAd->PrivateInfo.WEPCONTEXT, Rc4GTK, Key_Data, data_offset);
+               }
+
+               NdisMoveMemory(pMsg->KeyDesc.KeyData, Rc4GTK, data_offset);
+       }
+       else
+       {
+               NdisMoveMemory(pMsg->KeyDesc.KeyData, Key_Data, data_offset);
+       }
+
+       // Update key data length field and total body length
+       SET_UINT16_TO_ARRARY(pMsg->KeyDesc.KeyDataLen, data_offset);
+       INC_UINT16_TO_ARRARY(pMsg->Body_Len, data_offset);
+
+       os_free_mem(NULL, mpool);
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Calcaulate MIC. It is used during 4-ways handsharking.
+
+       Arguments:
+               pAd                             -       pointer to our pAdapter context
+       PeerWepStatus   -       indicate the encryption type
+
+       Return Value:
+
+       Note:
+
+       ========================================================================
+*/
+static VOID    CalculateMIC(
+       IN      UCHAR                   KeyDescVer,
+       IN      UCHAR                   *PTK,
+       OUT PEAPOL_PACKET   pMsg)
+{
+    UCHAR   *OutBuffer;
+       ULONG   FrameLen = 0;
+       UCHAR   mic[LEN_KEY_DESC_MIC];
+       UCHAR   digest[80];
+
+       // allocate memory for MIC calculation
+       os_alloc_mem(NULL, (PUCHAR *)&OutBuffer, 512);
+
+    if (OutBuffer == NULL)
+    {
+               DBGPRINT(RT_DEBUG_ERROR, ("!!!CalculateMIC: no memory!!!\n"));
+               return;
+    }
+
+       // make a frame for calculating MIC.
+    MakeOutgoingFrame(OutBuffer,               &FrameLen,
+                      CONV_ARRARY_TO_UINT16(pMsg->Body_Len) + 4,       pMsg,
+                      END_OF_ARGS);
+
+       NdisZeroMemory(mic, sizeof(mic));
+
+       // Calculate MIC
+    if (KeyDescVer == DESC_TYPE_AES)
+       {
+               HMAC_SHA1(PTK, LEN_EAP_MICK, OutBuffer,  FrameLen, digest, SHA1_DIGEST_SIZE);
+               NdisMoveMemory(mic, digest, LEN_KEY_DESC_MIC);
+       }
+       else
+       {
+               HMAC_MD5(PTK,  LEN_EAP_MICK, OutBuffer, FrameLen, mic, MD5_DIGEST_SIZE);
+       }
+
+       // store the calculated MIC
+       NdisMoveMemory(pMsg->KeyDesc.KeyMic, mic, LEN_KEY_DESC_MIC);
+
+       os_free_mem(NULL, OutBuffer);
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Some received frames can't decrypt by Asic, so decrypt them by software.
+
+       Arguments:
+               pAd                             -       pointer to our pAdapter context
+       PeerWepStatus   -       indicate the encryption type
+
+       Return Value:
+               NDIS_STATUS_SUCCESS             -       decryption successful
+               NDIS_STATUS_FAILURE             -       decryption failure
+
+       ========================================================================
+*/
+NDIS_STATUS    RTMPSoftDecryptBroadCastData(
+       IN      PRTMP_ADAPTER                                   pAd,
+       IN      RX_BLK                                                  *pRxBlk,
+       IN  NDIS_802_11_ENCRYPTION_STATUS       GroupCipher,
+       IN  PCIPHER_KEY                                         pShard_key)
+{
+       PRXWI_STRUC                     pRxWI = pRxBlk->pRxWI;
+
+
+
+       // handle WEP decryption
+       if (GroupCipher == Ndis802_11Encryption1Enabled)
+    {
+               if (RTMPSoftDecryptWEP(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount, pShard_key))
+               {
+
+                       //Minus IV[4] & ICV[4]
+                       pRxWI->MPDUtotalByteCount -= 8;
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("ERROR : Software decrypt WEP data fails.\n"));
+                       // give up this frame
+                       return NDIS_STATUS_FAILURE;
+               }
+       }
+       // handle TKIP decryption
+       else if (GroupCipher == Ndis802_11Encryption2Enabled)
+       {
+               if (RTMPSoftDecryptTKIP(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount, 0, pShard_key))
+               {
+
+                       //Minus 8 bytes MIC, 8 bytes IV/EIV, 4 bytes ICV
+                       pRxWI->MPDUtotalByteCount -= 20;
+               }
+        else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("ERROR : RTMPSoftDecryptTKIP Failed\n"));
+                       // give up this frame
+                       return NDIS_STATUS_FAILURE;
+        }
+       }
+       // handle AES decryption
+       else if (GroupCipher == Ndis802_11Encryption3Enabled)
+       {
+               if (RTMPSoftDecryptAES(pAd, pRxBlk->pData, pRxWI->MPDUtotalByteCount , pShard_key))
+               {
+
+                       //8 bytes MIC, 8 bytes IV/EIV (CCMP Header)
+                       pRxWI->MPDUtotalByteCount -= 16;
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("ERROR : RTMPSoftDecryptAES Failed\n"));
+                       // give up this frame
+                       return NDIS_STATUS_FAILURE;
+               }
+       }
+       else
+       {
+               // give up this frame
+               return NDIS_STATUS_FAILURE;
+       }
+
+       return NDIS_STATUS_SUCCESS;
+
+}
+
+
+PUINT8 GetSuiteFromRSNIE(
+               IN      PUINT8  rsnie,
+               IN      UINT    rsnie_len,
+               IN      UINT8   type,
+               OUT     UINT8   *count)
+{
+       PEID_STRUCT pEid;
+       INT                     len;
+       PUINT8          pBuf;
+       INT                     offset = 0;
+       PRSNIE_AUTH     pAkm;
+       UINT16          acount;
+       BOOLEAN         isWPA2 = FALSE;
+
+       pEid = (PEID_STRUCT)rsnie;
+       len = rsnie_len - 2;    // exclude IE and length
+       pBuf = (PUINT8)&pEid->Octet[0];
+
+
+
+       // set default value
+       *count = 0;
+
+       // Check length
+       if ((len <= 0) || (pEid->Len != len))
+       {
+               DBGPRINT_ERR(("%s : The length is invalid\n", __FUNCTION__));
+               return NULL;
+       }
+
+       // Check WPA or WPA2
+       if (pEid->Eid == IE_WPA)
+       {
+               PRSNIE  pRsnie = (PRSNIE)pBuf;
+               UINT16 ucount;
+
+               if (len < sizeof(RSNIE))
+               {
+                       DBGPRINT_ERR(("%s : The length is too short for WPA\n", __FUNCTION__));
+                       return NULL;
+               }
+
+               // Get the count of pairwise cipher
+               ucount = cpu2le16(pRsnie->ucount);
+               if (ucount > 2)
+               {
+                       DBGPRINT_ERR(("%s : The count(%d) of pairwise cipher is invlaid\n",
+                                                                                       __FUNCTION__, ucount));
+                       return NULL;
+               }
+
+               // Get the group cipher
+               if (type == GROUP_SUITE)
+               {
+                       *count = 1;
+                       return pRsnie->mcast;
+               }
+               // Get the pairwise cipher suite
+               else if (type == PAIRWISE_SUITE)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of pairwise cipher is %d\n",
+                                                                               __FUNCTION__, ucount));
+                       *count = ucount;
+                       return pRsnie->ucast[0].oui;
+               }
+
+               offset = sizeof(RSNIE) + (4 * (ucount - 1));
+
+       }
+       else if (pEid->Eid == IE_RSN)
+       {
+               PRSNIE2 pRsnie = (PRSNIE2)pBuf;
+               UINT16 ucount;
+
+               isWPA2 = TRUE;
+
+               if (len < sizeof(RSNIE2))
+               {
+                       DBGPRINT_ERR(("%s : The length is too short for WPA2\n", __FUNCTION__));
+                       return NULL;
+               }
+
+               // Get the count of pairwise cipher
+               ucount = cpu2le16(pRsnie->ucount);
+               if (ucount > 2)
+               {
+                       DBGPRINT_ERR(("%s : The count(%d) of pairwise cipher is invlaid\n",
+                                                                                       __FUNCTION__, ucount));
+                       return NULL;
+               }
+
+               // Get the group cipher
+               if (type == GROUP_SUITE)
+               {
+                       *count = 1;
+                       return pRsnie->mcast;
+               }
+               // Get the pairwise cipher suite
+               else if (type == PAIRWISE_SUITE)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of pairwise cipher is %d\n",
+                                                                               __FUNCTION__, ucount));
+                       *count = ucount;
+                       return pRsnie->ucast[0].oui;
+               }
+
+               offset = sizeof(RSNIE2) + (4 * (ucount - 1));
+
+       }
+       else
+       {
+               DBGPRINT_ERR(("%s : Unknown IE (%d)\n", __FUNCTION__, pEid->Eid));
+               return NULL;
+       }
+
+       // skip group cipher and pairwise cipher suite
+       pBuf += offset;
+       len -= offset;
+
+       if (len < sizeof(RSNIE_AUTH))
+       {
+               DBGPRINT_ERR(("%s : The length of RSNIE is too short\n", __FUNCTION__));
+               return NULL;
+       }
+
+       // pointer to AKM count
+       pAkm = (PRSNIE_AUTH)pBuf;
+
+       // Get the count of pairwise cipher
+       acount = cpu2le16(pAkm->acount);
+       if (acount > 2)
+       {
+               DBGPRINT_ERR(("%s : The count(%d) of AKM is invlaid\n",
+                                                                               __FUNCTION__, acount));
+               return NULL;
+       }
+
+       // Get the AKM suite
+       if (type == AKM_SUITE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s : The count of AKM is %d\n",
+                                                                       __FUNCTION__, acount));
+               *count = acount;
+               return pAkm->auth[0].oui;
+       }
+       offset = sizeof(RSNIE_AUTH) + (4 * (acount - 1));
+
+       pBuf += offset;
+       len -= offset;
+
+       // The remaining length must larger than (RSN-Capability(2) + PMKID-Count(2) + PMKID(16~))
+       if (len >= (sizeof(RSN_CAPABILITIES) + 2 + LEN_PMKID))
+       {
+               // Skip RSN capability and PMKID-Count
+               pBuf += (sizeof(RSN_CAPABILITIES) + 2);
+               len -= (sizeof(RSN_CAPABILITIES) + 2);
+
+               // Get PMKID
+               if (type == PMKID_LIST)
+               {
+                       *count = 1;
+                       return pBuf;
+               }
+       }
+       else
+       {
+               DBGPRINT_ERR(("%s : it can't get any more information beyond AKM \n", __FUNCTION__));
+               return NULL;
+       }
+
+       *count = 0;
+       //DBGPRINT_ERR(("%s : The type(%d) doesn't support \n", __FUNCTION__, type));
+       return NULL;
+
+}
+
+VOID WpaShowAllsuite(
+       IN      PUINT8  rsnie,
+       IN      UINT    rsnie_len)
+{
+       PUINT8 pSuite = NULL;
+       UINT8 count;
+
+       hex_dump("RSNIE", rsnie, rsnie_len);
+
+       // group cipher
+       if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, GROUP_SUITE, &count)) != NULL)
+       {
+               hex_dump("group cipher", pSuite, 4*count);
+       }
+
+       // pairwise cipher
+       if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, PAIRWISE_SUITE, &count)) != NULL)
+       {
+               hex_dump("pairwise cipher", pSuite, 4*count);
+       }
+
+       // AKM
+       if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, AKM_SUITE, &count)) != NULL)
+       {
+               hex_dump("AKM suite", pSuite, 4*count);
+       }
+
+       // PMKID
+       if ((pSuite = GetSuiteFromRSNIE(rsnie, rsnie_len, PMKID_LIST, &count)) != NULL)
+       {
+               hex_dump("PMKID", pSuite, LEN_PMKID);
+       }
+
+}
+
+VOID RTMPInsertRSNIE(
+       IN PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN PUINT8 rsnie_ptr,
+       IN UINT8  rsnie_len,
+       IN PUINT8 pmkid_ptr,
+       IN UINT8  pmkid_len)
+{
+       PUCHAR  pTmpBuf;
+       ULONG   TempLen = 0;
+       UINT8   extra_len = 0;
+       UINT16  pmk_count = 0;
+       UCHAR   ie_num;
+       UINT8   total_len = 0;
+    UCHAR      WPA2_OUI[3]={0x00,0x0F,0xAC};
+
+       pTmpBuf = pFrameBuf;
+
+       /* PMKID-List Must larger than 0 and the multiple of 16. */
+       if (pmkid_len > 0 && ((pmkid_len & 0x0f) == 0))
+       {
+               extra_len = sizeof(UINT16) + pmkid_len;
+
+               pmk_count = (pmkid_len >> 4);
+               pmk_count = cpu2le16(pmk_count);
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_WARN, ("%s : The length is PMKID-List is invalid (%d), so don't insert it.\n",
+                                                                       __FUNCTION__, pmkid_len));
+       }
+
+       if (rsnie_len != 0)
+       {
+               ie_num = IE_WPA;
+               total_len = rsnie_len;
+
+               if (NdisEqualMemory(rsnie_ptr + 2, WPA2_OUI, sizeof(WPA2_OUI)))
+               {
+                       ie_num = IE_RSN;
+                       total_len += extra_len;
+               }
+
+               /* construct RSNIE body */
+               MakeOutgoingFrame(pTmpBuf,                      &TempLen,
+                                                 1,                            &ie_num,
+                                                 1,                            &total_len,
+                                                 rsnie_len,            rsnie_ptr,
+                                                 END_OF_ARGS);
+
+               pTmpBuf += TempLen;
+               *pFrameLen = *pFrameLen + TempLen;
+
+               if (ie_num == IE_RSN)
+               {
+                       /* Insert PMKID-List field */
+                       if (extra_len > 0)
+                       {
+                               MakeOutgoingFrame(pTmpBuf,                                      &TempLen,
+                                                                 2,                                            &pmk_count,
+                                                                 pmkid_len,                            pmkid_ptr,
+                                                                 END_OF_ARGS);
+
+                               pTmpBuf += TempLen;
+                               *pFrameLen = *pFrameLen + TempLen;
+                       }
+               }
+       }
+
+       return;
+}
diff --git a/drivers/staging/rt3090/common/crypt_aes.c b/drivers/staging/rt3090/common/crypt_aes.c
new file mode 100644 (file)
index 0000000..f400f1e
--- /dev/null
@@ -0,0 +1,1007 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       crypt_aes.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+        Eddy        2009/01/19      Create AES-128, AES-192, AES-256, AES-CBC
+*/
+
+#include "crypt_aes.h"
+
+/* The value given by [x^(i-1),{00},{00},{00}], with x^(i-1) being powers of x in the field GF(2^8). */
+static const UINT32 aes_rcon[] = {
+       0x00000000, 0x01000000, 0x02000000, 0x04000000,
+    0x08000000, 0x10000000, 0x20000000, 0x40000000,
+    0x80000000, 0x1B000000, 0x36000000};
+
+static const UINT8 aes_sbox_enc[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5, 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7 ,0xab, 0x76, /* 0 */
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0, 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4 ,0x72, 0xc0, /* 1 */
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc, 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8 ,0x31, 0x15, /* 2 */
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a, 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27 ,0xb2, 0x75, /* 3 */
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0, 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3 ,0x2f, 0x84, /* 4 */
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b, 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c ,0x58, 0xcf, /* 5 */
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85, 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c ,0x9f, 0xa8, /* 6 */
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5, 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff ,0xf3, 0xd2, /* 7 */
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17, 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d ,0x19, 0x73, /* 8 */
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88, 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e ,0x0b, 0xdb, /* 9 */
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c, 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95 ,0xe4, 0x79, /* a */
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9, 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a ,0xae, 0x08, /* b */
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6, 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd ,0x8b, 0x8a, /* c */
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e, 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1 ,0x1d, 0x9e, /* d */
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94, 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55 ,0x28, 0xdf, /* e */
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68, 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54 ,0xbb, 0x16, /* f */
+};
+
+static const UINT8 aes_sbox_dec[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38, 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb, /* 0 */
+    0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87, 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb, /* 1 */
+    0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d, 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e, /* 2 */
+    0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2, 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25, /* 3 */
+    0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16, 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92, /* 4 */
+    0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda, 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84, /* 5 */
+    0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a, 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06, /* 6 */
+    0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02, 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b, /* 7 */
+    0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea, 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73, /* 8 */
+    0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85, 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e, /* 9 */
+    0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89, 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b, /* a */
+    0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20, 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4, /* b */
+    0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31, 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f, /* c */
+    0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d, 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef, /* d */
+    0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0, 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61, /* e */
+    0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26, 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d, /* f */
+};
+
+/* ArrayIndex*{02} */
+static const UINT8 aes_mul_2[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x02, 0x04, 0x06, 0x08, 0x0a, 0x0c, 0x0e, 0x10, 0x12, 0x14, 0x16, 0x18, 0x1a, 0x1c, 0x1e, /* 0 */
+    0x20, 0x22, 0x24, 0x26, 0x28, 0x2a, 0x2c, 0x2e, 0x30, 0x32, 0x34, 0x36, 0x38, 0x3a, 0x3c, 0x3e, /* 1 */
+    0x40, 0x42, 0x44, 0x46, 0x48, 0x4a, 0x4c, 0x4e, 0x50, 0x52, 0x54, 0x56, 0x58, 0x5a, 0x5c, 0x5e, /* 2 */
+    0x60, 0x62, 0x64, 0x66, 0x68, 0x6a, 0x6c, 0x6e, 0x70, 0x72, 0x74, 0x76, 0x78, 0x7a, 0x7c, 0x7e, /* 3 */
+    0x80, 0x82, 0x84, 0x86, 0x88, 0x8a, 0x8c, 0x8e, 0x90, 0x92, 0x94, 0x96, 0x98, 0x9a, 0x9c, 0x9e, /* 4 */
+    0xa0, 0xa2, 0xa4, 0xa6, 0xa8, 0xaa, 0xac, 0xae, 0xb0, 0xb2, 0xb4, 0xb6, 0xb8, 0xba, 0xbc, 0xbe, /* 5 */
+    0xc0, 0xc2, 0xc4, 0xc6, 0xc8, 0xca, 0xcc, 0xce, 0xd0, 0xd2, 0xd4, 0xd6, 0xd8, 0xda, 0xdc, 0xde, /* 6 */
+    0xe0, 0xe2, 0xe4, 0xe6, 0xe8, 0xea, 0xec, 0xee, 0xf0, 0xf2, 0xf4, 0xf6, 0xf8, 0xfa, 0xfc, 0xfe, /* 7 */
+    0x1b, 0x19, 0x1f, 0x1d, 0x13, 0x11, 0x17, 0x15, 0x0b, 0x09, 0x0f, 0x0d, 0x03, 0x01, 0x07, 0x05, /* 8 */
+    0x3b, 0x39, 0x3f, 0x3d, 0x33, 0x31, 0x37, 0x35, 0x2b, 0x29, 0x2f, 0x2d, 0x23, 0x21, 0x27, 0x25, /* 9 */
+    0x5b, 0x59, 0x5f, 0x5d, 0x53, 0x51, 0x57, 0x55, 0x4b, 0x49, 0x4f, 0x4d, 0x43, 0x41, 0x47, 0x45, /* a */
+    0x7b, 0x79, 0x7f, 0x7d, 0x73, 0x71, 0x77, 0x75, 0x6b, 0x69, 0x6f, 0x6d, 0x63, 0x61, 0x67, 0x65, /* b */
+    0x9b, 0x99, 0x9f, 0x9d, 0x93, 0x91, 0x97, 0x95, 0x8b, 0x89, 0x8f, 0x8d, 0x83, 0x81, 0x87, 0x85, /* c */
+    0xbb, 0xb9, 0xbf, 0xbd, 0xb3, 0xb1, 0xb7, 0xb5, 0xab, 0xa9, 0xaf, 0xad, 0xa3, 0xa1, 0xa7, 0xa5, /* d */
+    0xdb, 0xd9, 0xdf, 0xdd, 0xd3, 0xd1, 0xd7, 0xd5, 0xcb, 0xc9, 0xcf, 0xcd, 0xc3, 0xc1, 0xc7, 0xc5, /* e */
+    0xfb, 0xf9, 0xff, 0xfd, 0xf3, 0xf1, 0xf7, 0xf5, 0xeb, 0xe9, 0xef, 0xed, 0xe3, 0xe1, 0xe7, 0xe5, /* f */
+};
+
+/* ArrayIndex*{03} */
+static const UINT8 aes_mul_3[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x03, 0x06, 0x05, 0x0c, 0x0f, 0x0a, 0x09, 0x18, 0x1b, 0x1e, 0x1d, 0x14, 0x17, 0x12, 0x11, /* 0 */
+    0x30, 0x33, 0x36, 0x35, 0x3c, 0x3f, 0x3a, 0x39, 0x28, 0x2b, 0x2e, 0x2d, 0x24, 0x27, 0x22, 0x21, /* 1 */
+    0x60, 0x63, 0x66, 0x65, 0x6c, 0x6f, 0x6a, 0x69, 0x78, 0x7b, 0x7e, 0x7d, 0x74, 0x77, 0x72, 0x71, /* 2 */
+    0x50, 0x53, 0x56, 0x55, 0x5c, 0x5f, 0x5a, 0x59, 0x48, 0x4b, 0x4e, 0x4d, 0x44, 0x47, 0x42, 0x41, /* 3 */
+    0xc0, 0xc3, 0xc6, 0xc5, 0xcc, 0xcf, 0xca, 0xc9, 0xd8, 0xdb, 0xde, 0xdd, 0xd4, 0xd7, 0xd2, 0xd1, /* 4 */
+    0xf0, 0xf3, 0xf6, 0xf5, 0xfc, 0xff, 0xfa, 0xf9, 0xe8, 0xeb, 0xee, 0xed, 0xe4, 0xe7, 0xe2, 0xe1, /* 5 */
+    0xa0, 0xa3, 0xa6, 0xa5, 0xac, 0xaf, 0xaa, 0xa9, 0xb8, 0xbb, 0xbe, 0xbd, 0xb4, 0xb7, 0xb2, 0xb1, /* 6 */
+    0x90, 0x93, 0x96, 0x95, 0x9c, 0x9f, 0x9a, 0x99, 0x88, 0x8b, 0x8e, 0x8d, 0x84, 0x87, 0x82, 0x81, /* 7 */
+    0x9b, 0x98, 0x9d, 0x9e, 0x97, 0x94, 0x91, 0x92, 0x83, 0x80, 0x85, 0x86, 0x8f, 0x8c, 0x89, 0x8a, /* 8 */
+    0xab, 0xa8, 0xad, 0xae, 0xa7, 0xa4, 0xa1, 0xa2, 0xb3, 0xb0, 0xb5, 0xb6, 0xbf, 0xbc, 0xb9, 0xba, /* 9 */
+    0xfb, 0xf8, 0xfd, 0xfe, 0xf7, 0xf4, 0xf1, 0xf2, 0xe3, 0xe0, 0xe5, 0xe6, 0xef, 0xec, 0xe9, 0xea, /* a */
+    0xcb, 0xc8, 0xcd, 0xce, 0xc7, 0xc4, 0xc1, 0xc2, 0xd3, 0xd0, 0xd5, 0xd6, 0xdf, 0xdc, 0xd9, 0xda, /* b */
+    0x5b, 0x58, 0x5d, 0x5e, 0x57, 0x54, 0x51, 0x52, 0x43, 0x40, 0x45, 0x46, 0x4f, 0x4c, 0x49, 0x4a, /* c */
+    0x6b, 0x68, 0x6d, 0x6e, 0x67, 0x64, 0x61, 0x62, 0x73, 0x70, 0x75, 0x76, 0x7f, 0x7c, 0x79, 0x7a, /* d */
+    0x3b, 0x38, 0x3d, 0x3e, 0x37, 0x34, 0x31, 0x32, 0x23, 0x20, 0x25, 0x26, 0x2f, 0x2c, 0x29, 0x2a, /* e */
+    0x0b, 0x08, 0x0d, 0x0e, 0x07, 0x04, 0x01, 0x02, 0x13, 0x10, 0x15, 0x16, 0x1f, 0x1c, 0x19, 0x1a, /* f */
+};
+
+/* ArrayIndex*{09} */
+static const UINT8 aes_mul_9[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x09, 0x12, 0x1b, 0x24, 0x2d, 0x36, 0x3f, 0x48, 0x41, 0x5a, 0x53, 0x6c, 0x65, 0x7e, 0x77, /* 0 */
+    0x90, 0x99, 0x82, 0x8b, 0xb4, 0xbd, 0xa6, 0xaf, 0xd8, 0xd1, 0xca, 0xc3, 0xfc, 0xf5, 0xee, 0xe7, /* 1 */
+    0x3b, 0x32, 0x29, 0x20, 0x1f, 0x16, 0x0d, 0x04, 0x73, 0x7a, 0x61, 0x68, 0x57, 0x5e, 0x45, 0x4c, /* 2 */
+    0xab, 0xa2, 0xb9, 0xb0, 0x8f, 0x86, 0x9d, 0x94, 0xe3, 0xea, 0xf1, 0xf8, 0xc7, 0xce, 0xd5, 0xdc, /* 3 */
+    0x76, 0x7f, 0x64, 0x6d, 0x52, 0x5b, 0x40, 0x49, 0x3e, 0x37, 0x2c, 0x25, 0x1a, 0x13, 0x08, 0x01, /* 4 */
+    0xe6, 0xef, 0xf4, 0xfd, 0xc2, 0xcb, 0xd0, 0xd9, 0xae, 0xa7, 0xbc, 0xb5, 0x8a, 0x83, 0x98, 0x91, /* 5 */
+    0x4d, 0x44, 0x5f, 0x56, 0x69, 0x60, 0x7b, 0x72, 0x05, 0x0c, 0x17, 0x1e, 0x21, 0x28, 0x33, 0x3a, /* 6 */
+    0xdd, 0xd4, 0xcf, 0xc6, 0xf9, 0xf0, 0xeb, 0xe2, 0x95, 0x9c, 0x87, 0x8e, 0xb1, 0xb8, 0xa3, 0xaa, /* 7 */
+    0xec, 0xe5, 0xfe, 0xf7, 0xc8, 0xc1, 0xda, 0xd3, 0xa4, 0xad, 0xb6, 0xbf, 0x80, 0x89, 0x92, 0x9b, /* 8 */
+    0x7c, 0x75, 0x6e, 0x67, 0x58, 0x51, 0x4a, 0x43, 0x34, 0x3d, 0x26, 0x2f, 0x10, 0x19, 0x02, 0x0b, /* 9 */
+    0xd7, 0xde, 0xc5, 0xcc, 0xf3, 0xfa, 0xe1, 0xe8, 0x9f, 0x96, 0x8d, 0x84, 0xbb, 0xb2, 0xa9, 0xa0, /* a */
+    0x47, 0x4e, 0x55, 0x5c, 0x63, 0x6a, 0x71, 0x78, 0x0f, 0x06, 0x1d, 0x14, 0x2b, 0x22, 0x39, 0x30, /* b */
+    0x9a, 0x93, 0x88, 0x81, 0xbe, 0xb7, 0xac, 0xa5, 0xd2, 0xdb, 0xc0, 0xc9, 0xf6, 0xff, 0xe4, 0xed, /* c */
+    0x0a, 0x03, 0x18, 0x11, 0x2e, 0x27, 0x3c, 0x35, 0x42, 0x4b, 0x50, 0x59, 0x66, 0x6f, 0x74, 0x7d, /* d */
+    0xa1, 0xa8, 0xb3, 0xba, 0x85, 0x8c, 0x97, 0x9e, 0xe9, 0xe0, 0xfb, 0xf2, 0xcd, 0xc4, 0xdf, 0xd6, /* e */
+    0x31, 0x38, 0x23, 0x2a, 0x15, 0x1c, 0x07, 0x0e, 0x79, 0x70, 0x6b, 0x62, 0x5d, 0x54, 0x4f, 0x46, /* f */
+};
+
+/* ArrayIndex*{0b} */
+static const UINT8 aes_mul_b[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x0b, 0x16, 0x1d, 0x2c, 0x27, 0x3a, 0x31, 0x58, 0x53, 0x4e, 0x45, 0x74, 0x7f, 0x62, 0x69, /* 0 */
+    0xb0, 0xbb, 0xa6, 0xad, 0x9c, 0x97, 0x8a, 0x81, 0xe8, 0xe3, 0xfe, 0xf5, 0xc4, 0xcf, 0xd2, 0xd9, /* 1 */
+    0x7b, 0x70, 0x6d, 0x66, 0x57, 0x5c, 0x41, 0x4a, 0x23, 0x28, 0x35, 0x3e, 0x0f, 0x04, 0x19, 0x12, /* 2 */
+    0xcb, 0xc0, 0xdd, 0xd6, 0xe7, 0xec, 0xf1, 0xfa, 0x93, 0x98, 0x85, 0x8e, 0xbf, 0xb4, 0xa9, 0xa2, /* 3 */
+    0xf6, 0xfd, 0xe0, 0xeb, 0xda, 0xd1, 0xcc, 0xc7, 0xae, 0xa5, 0xb8, 0xb3, 0x82, 0x89, 0x94, 0x9f, /* 4 */
+    0x46, 0x4d, 0x50, 0x5b, 0x6a, 0x61, 0x7c, 0x77, 0x1e, 0x15, 0x08, 0x03, 0x32, 0x39, 0x24, 0x2f, /* 5 */
+    0x8d, 0x86, 0x9b, 0x90, 0xa1, 0xaa, 0xb7, 0xbc, 0xd5, 0xde, 0xc3, 0xc8, 0xf9, 0xf2, 0xef, 0xe4, /* 6 */
+    0x3d, 0x36, 0x2b, 0x20, 0x11, 0x1a, 0x07, 0x0c, 0x65, 0x6e, 0x73, 0x78, 0x49, 0x42, 0x5f, 0x54, /* 7 */
+    0xf7, 0xfc, 0xe1, 0xea, 0xdb, 0xd0, 0xcd, 0xc6, 0xaf, 0xa4, 0xb9, 0xb2, 0x83, 0x88, 0x95, 0x9e, /* 8 */
+    0x47, 0x4c, 0x51, 0x5a, 0x6b, 0x60, 0x7d, 0x76, 0x1f, 0x14, 0x09, 0x02, 0x33, 0x38, 0x25, 0x2e, /* 9 */
+    0x8c, 0x87, 0x9a, 0x91, 0xa0, 0xab, 0xb6, 0xbd, 0xd4, 0xdf, 0xc2, 0xc9, 0xf8, 0xf3, 0xee, 0xe5, /* a */
+    0x3c, 0x37, 0x2a, 0x21, 0x10, 0x1b, 0x06, 0x0d, 0x64, 0x6f, 0x72, 0x79, 0x48, 0x43, 0x5e, 0x55, /* b */
+    0x01, 0x0a, 0x17, 0x1c, 0x2d, 0x26, 0x3b, 0x30, 0x59, 0x52, 0x4f, 0x44, 0x75, 0x7e, 0x63, 0x68, /* c */
+    0xb1, 0xba, 0xa7, 0xac, 0x9d, 0x96, 0x8b, 0x80, 0xe9, 0xe2, 0xff, 0xf4, 0xc5, 0xce, 0xd3, 0xd8, /* d */
+    0x7a, 0x71, 0x6c, 0x67, 0x56, 0x5d, 0x40, 0x4b, 0x22, 0x29, 0x34, 0x3f, 0x0e, 0x05, 0x18, 0x13, /* e */
+    0xca, 0xc1, 0xdc, 0xd7, 0xe6, 0xed, 0xf0, 0xfb, 0x92, 0x99, 0x84, 0x8f, 0xbe, 0xb5, 0xa8, 0xa3, /* f */
+};
+
+/* ArrayIndex*{0d} */
+static const UINT8 aes_mul_d[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x0d, 0x1a, 0x17, 0x34, 0x39, 0x2e, 0x23, 0x68, 0x65, 0x72, 0x7f, 0x5c, 0x51, 0x46, 0x4b, /* 0 */
+    0xd0, 0xdd, 0xca, 0xc7, 0xe4, 0xe9, 0xfe, 0xf3, 0xb8, 0xb5, 0xa2, 0xaf, 0x8c, 0x81, 0x96, 0x9b, /* 1 */
+    0xbb, 0xb6, 0xa1, 0xac, 0x8f, 0x82, 0x95, 0x98, 0xd3, 0xde, 0xc9, 0xc4, 0xe7, 0xea, 0xfd, 0xf0, /* 2 */
+    0x6b, 0x66, 0x71, 0x7c, 0x5f, 0x52, 0x45, 0x48, 0x03, 0x0e, 0x19, 0x14, 0x37, 0x3a, 0x2d, 0x20, /* 3 */
+    0x6d, 0x60, 0x77, 0x7a, 0x59, 0x54, 0x43, 0x4e, 0x05, 0x08, 0x1f, 0x12, 0x31, 0x3c, 0x2b, 0x26, /* 4 */
+    0xbd, 0xb0, 0xa7, 0xaa, 0x89, 0x84, 0x93, 0x9e, 0xd5, 0xd8, 0xcf, 0xc2, 0xe1, 0xec, 0xfb, 0xf6, /* 5 */
+    0xd6, 0xdb, 0xcc, 0xc1, 0xe2, 0xef, 0xf8, 0xf5, 0xbe, 0xb3, 0xa4, 0xa9, 0x8a, 0x87, 0x90, 0x9d, /* 6 */
+    0x06, 0x0b, 0x1c, 0x11, 0x32, 0x3f, 0x28, 0x25, 0x6e, 0x63, 0x74, 0x79, 0x5a, 0x57, 0x40, 0x4d, /* 7 */
+    0xda, 0xd7, 0xc0, 0xcd, 0xee, 0xe3, 0xf4, 0xf9, 0xb2, 0xbf, 0xa8, 0xa5, 0x86, 0x8b, 0x9c, 0x91, /* 8 */
+    0x0a, 0x07, 0x10, 0x1d, 0x3e, 0x33, 0x24, 0x29, 0x62, 0x6f, 0x78, 0x75, 0x56, 0x5b, 0x4c, 0x41, /* 9 */
+    0x61, 0x6c, 0x7b, 0x76, 0x55, 0x58, 0x4f, 0x42, 0x09, 0x04, 0x13, 0x1e, 0x3d, 0x30, 0x27, 0x2a, /* a */
+    0xb1, 0xbc, 0xab, 0xa6, 0x85, 0x88, 0x9f, 0x92, 0xd9, 0xd4, 0xc3, 0xce, 0xed, 0xe0, 0xf7, 0xfa, /* b */
+    0xb7, 0xba, 0xad, 0xa0, 0x83, 0x8e, 0x99, 0x94, 0xdf, 0xd2, 0xc5, 0xc8, 0xeb, 0xe6, 0xf1, 0xfc, /* c */
+    0x67, 0x6a, 0x7d, 0x70, 0x53, 0x5e, 0x49, 0x44, 0x0f, 0x02, 0x15, 0x18, 0x3b, 0x36, 0x21, 0x2c, /* d */
+    0x0c, 0x01, 0x16, 0x1b, 0x38, 0x35, 0x22, 0x2f, 0x64, 0x69, 0x7e, 0x73, 0x50, 0x5d, 0x4a, 0x47, /* e */
+    0xdc, 0xd1, 0xc6, 0xcb, 0xe8, 0xe5, 0xf2, 0xff, 0xb4, 0xb9, 0xae, 0xa3, 0x80, 0x8d, 0x9a, 0x97, /* f */
+};
+
+/* ArrayIndex*{0e} */
+static const UINT8 aes_mul_e[] = {
+  /*  0     1     2     3     4     5     6     7     8     9     a     b     c     d     e     f    */
+    0x00, 0x0e, 0x1c, 0x12, 0x38, 0x36, 0x24, 0x2a, 0x70, 0x7e, 0x6c, 0x62, 0x48, 0x46, 0x54, 0x5a, /* 0 */
+    0xe0, 0xee, 0xfc, 0xf2, 0xd8, 0xd6, 0xc4, 0xca, 0x90, 0x9e, 0x8c, 0x82, 0xa8, 0xa6, 0xb4, 0xba, /* 1 */
+    0xdb, 0xd5, 0xc7, 0xc9, 0xe3, 0xed, 0xff, 0xf1, 0xab, 0xa5, 0xb7, 0xb9, 0x93, 0x9d, 0x8f, 0x81, /* 2 */
+    0x3b, 0x35, 0x27, 0x29, 0x03, 0x0d, 0x1f, 0x11, 0x4b, 0x45, 0x57, 0x59, 0x73, 0x7d, 0x6f, 0x61, /* 3 */
+    0xad, 0xa3, 0xb1, 0xbf, 0x95, 0x9b, 0x89, 0x87, 0xdd, 0xd3, 0xc1, 0xcf, 0xe5, 0xeb, 0xf9, 0xf7, /* 4 */
+    0x4d, 0x43, 0x51, 0x5f, 0x75, 0x7b, 0x69, 0x67, 0x3d, 0x33, 0x21, 0x2f, 0x05, 0x0b, 0x19, 0x17, /* 5 */
+    0x76, 0x78, 0x6a, 0x64, 0x4e, 0x40, 0x52, 0x5c, 0x06, 0x08, 0x1a, 0x14, 0x3e, 0x30, 0x22, 0x2c, /* 6 */
+    0x96, 0x98, 0x8a, 0x84, 0xae, 0xa0, 0xb2, 0xbc, 0xe6, 0xe8, 0xfa, 0xf4, 0xde, 0xd0, 0xc2, 0xcc, /* 7 */
+    0x41, 0x4f, 0x5d, 0x53, 0x79, 0x77, 0x65, 0x6b, 0x31, 0x3f, 0x2d, 0x23, 0x09, 0x07, 0x15, 0x1b, /* 8 */
+    0xa1, 0xaf, 0xbd, 0xb3, 0x99, 0x97, 0x85, 0x8b, 0xd1, 0xdf, 0xcd, 0xc3, 0xe9, 0xe7, 0xf5, 0xfb, /* 9 */
+    0x9a, 0x94, 0x86, 0x88, 0xa2, 0xac, 0xbe, 0xb0, 0xea, 0xe4, 0xf6, 0xf8, 0xd2, 0xdc, 0xce, 0xc0, /* a */
+    0x7a, 0x74, 0x66, 0x68, 0x42, 0x4c, 0x5e, 0x50, 0x0a, 0x04, 0x16, 0x18, 0x32, 0x3c, 0x2e, 0x20, /* b */
+    0xec, 0xe2, 0xf0, 0xfe, 0xd4, 0xda, 0xc8, 0xc6, 0x9c, 0x92, 0x80, 0x8e, 0xa4, 0xaa, 0xb8, 0xb6, /* c */
+    0x0c, 0x02, 0x10, 0x1e, 0x34, 0x3a, 0x28, 0x26, 0x7c, 0x72, 0x60, 0x6e, 0x44, 0x4a, 0x58, 0x56, /* d */
+    0x37, 0x39, 0x2b, 0x25, 0x0f, 0x01, 0x13, 0x1d, 0x47, 0x49, 0x5b, 0x55, 0x7f, 0x71, 0x63, 0x6d, /* e */
+    0xd7, 0xd9, 0xcb, 0xc5, 0xef, 0xe1, 0xf3, 0xfd, 0xa7, 0xa9, 0xbb, 0xb5, 0x9f, 0x91, 0x83, 0x8d, /* f */
+};
+
+
+/* For AES_CMAC */
+#define AES_MAC_LENGTH 16 /* 128-bit string */
+static UINT8 Const_Zero[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+static UINT8 Const_Rb[16] = {
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x87};
+
+
+/*
+========================================================================
+Routine Description:
+    AES key expansion (key schedule)
+
+Arguments:
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    paes_ctx         Pointer to AES_CTX_STRUC
+
+Return Value:
+    paes_ctx         Retrun the KeyWordExpansion of AES_CTX_STRUC
+
+Note:
+    Pseudo code for key expansion
+    ------------------------------------------
+       Nk = (key length/4);
+
+       while (i < Nk)
+           KeyWordExpansion[i] = word(key[4*i], key[4*i + 1], key[4*i + 2], key[4*i + 3]);
+           i++;
+       end while
+
+       while (i < ((key length/4 + 6 + 1)*4) )
+           temp = KeyWordExpansion[i - 1];
+           if (i % Nk ==0)
+               temp = SubWord(RotWord(temp)) ^ Rcon[i/Nk];
+           else if ((Nk > 6) && (i % 4 == 4))
+               temp = SubWord(temp);
+           end if
+
+           KeyWordExpansion[i] = KeyWordExpansion[i - Nk]^ temp;
+           i++;
+       end while
+========================================================================
+*/
+VOID AES_KeyExpansion (
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    INOUT AES_CTX_STRUC *paes_ctx)
+{
+    UINT KeyIndex = 0;
+    UINT NumberOfWordOfKey, NumberOfWordOfKeyExpansion;
+    UINT8  TempWord[AES_KEY_ROWS], Temp;
+    UINT32 Temprcon;
+
+    NumberOfWordOfKey = KeyLength >> 2;
+    while (KeyIndex < NumberOfWordOfKey)
+    {
+        paes_ctx->KeyWordExpansion[0][KeyIndex] = Key[4*KeyIndex];
+        paes_ctx->KeyWordExpansion[1][KeyIndex] = Key[4*KeyIndex + 1];
+        paes_ctx->KeyWordExpansion[2][KeyIndex] = Key[4*KeyIndex + 2];
+        paes_ctx->KeyWordExpansion[3][KeyIndex] = Key[4*KeyIndex + 3];
+        KeyIndex++;
+    } /* End of while */
+
+    NumberOfWordOfKeyExpansion = ((UINT) AES_KEY_ROWS) * ((KeyLength >> 2) + 6 + 1);
+    while (KeyIndex < NumberOfWordOfKeyExpansion)
+    {
+        TempWord[0] = paes_ctx->KeyWordExpansion[0][KeyIndex - 1];
+        TempWord[1] = paes_ctx->KeyWordExpansion[1][KeyIndex - 1];
+        TempWord[2] = paes_ctx->KeyWordExpansion[2][KeyIndex - 1];
+        TempWord[3] = paes_ctx->KeyWordExpansion[3][KeyIndex - 1];
+        if ((KeyIndex % NumberOfWordOfKey) == 0) {
+            Temprcon = aes_rcon[KeyIndex/NumberOfWordOfKey];
+            Temp = aes_sbox_enc[TempWord[1]]^((Temprcon >> 24) & 0xff);
+            TempWord[1] = aes_sbox_enc[TempWord[2]]^((Temprcon >> 16) & 0xff);
+            TempWord[2] = aes_sbox_enc[TempWord[3]]^((Temprcon >>  8) & 0xff);
+            TempWord[3] = aes_sbox_enc[TempWord[0]]^((Temprcon      ) & 0xff);
+            TempWord[0] = Temp;
+        } else if ((NumberOfWordOfKey > 6) && ((KeyIndex % NumberOfWordOfKey) == 4)) {
+            Temp = aes_sbox_enc[TempWord[0]];
+            TempWord[1] = aes_sbox_enc[TempWord[1]];
+            TempWord[2] = aes_sbox_enc[TempWord[2]];
+            TempWord[3] = aes_sbox_enc[TempWord[3]];
+            TempWord[0] = Temp;
+        }
+        paes_ctx->KeyWordExpansion[0][KeyIndex] = paes_ctx->KeyWordExpansion[0][KeyIndex - NumberOfWordOfKey]^TempWord[0];
+        paes_ctx->KeyWordExpansion[1][KeyIndex] = paes_ctx->KeyWordExpansion[1][KeyIndex - NumberOfWordOfKey]^TempWord[1];
+        paes_ctx->KeyWordExpansion[2][KeyIndex] = paes_ctx->KeyWordExpansion[2][KeyIndex - NumberOfWordOfKey]^TempWord[2];
+        paes_ctx->KeyWordExpansion[3][KeyIndex] = paes_ctx->KeyWordExpansion[3][KeyIndex - NumberOfWordOfKey]^TempWord[3];
+        KeyIndex++;
+    } /* End of while */
+} /* End of AES_KeyExpansion */
+
+
+/*
+========================================================================
+Routine Description:
+    AES encryption
+
+Arguments:
+    PlainBlock       The block of plain text, 16 bytes(128 bits) each block
+    PlainBlockSize   The length of block of plain text in bytes
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    CipherBlockSize  The length of allocated cipher block in bytes
+
+Return Value:
+    CipherBlock      Return cipher text
+    CipherBlockSize  Return the length of real used cipher block in bytes
+
+Note:
+    Reference to FIPS-PUB 197
+    1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
+    2. Transfer the plain block to state block
+    3. Main encryption rounds
+    4. Transfer the state block to cipher block
+    ------------------------------------------
+       NumberOfRound = (key length / 4) + 6;
+       state block = plain block;
+
+       AddRoundKey(state block, key);
+       for round = 1 to NumberOfRound
+           SubBytes(state block)
+           ShiftRows(state block)
+           MixColumns(state block)
+           AddRoundKey(state block, key);
+       end for
+
+       SubBytes(state block)
+       ShiftRows(state block)
+       AddRoundKey(state block, key);
+
+       cipher block = state block;
+========================================================================
+*/
+VOID AES_Encrypt (
+    IN UINT8 PlainBlock[],
+    IN UINT PlainBlockSize,
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    OUT UINT8 CipherBlock[],
+    INOUT UINT *CipherBlockSize)
+{
+    AES_CTX_STRUC aes_ctx;
+    UINT RowIndex, ColumnIndex;
+    UINT RoundIndex, NumberOfRound = 0;
+    UINT8 Temp, Row0, Row1, Row2, Row3;
+
+    /*
+     * 1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
+     */
+    if (PlainBlockSize != AES_BLOCK_SIZES) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: plain block size is %d bytes, it must be %d bytes(128 bits).\n",
+            PlainBlockSize, AES_BLOCK_SIZES));
+        return;
+    } /* End of if */
+    if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
+            KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
+        return;
+    } /* End of if */
+    if (*CipherBlockSize < AES_BLOCK_SIZES) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Encrypt: cipher block size is %d bytes, it must be %d bytes(128 bits).\n",
+            *CipherBlockSize, AES_BLOCK_SIZES));
+        return;
+    } /* End of if */
+
+    /*
+     * 2. Transfer the plain block to state block
+     */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] = PlainBlock[RowIndex + 4*ColumnIndex];
+
+    /*
+     *  3. Main encryption rounds
+     */
+    AES_KeyExpansion(Key, KeyLength, &aes_ctx);
+    NumberOfRound = (KeyLength >> 2) + 6;
+
+    /* AES_AddRoundKey */
+    RoundIndex = 0;
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+
+    for (RoundIndex = 1; RoundIndex < NumberOfRound;RoundIndex++)
+    {
+        /* AES_SubBytes */
+        for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+            for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+                aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_enc[aes_ctx.State[RowIndex][ColumnIndex]];
+
+        /* AES_ShiftRows */
+        Temp = aes_ctx.State[1][0];
+        aes_ctx.State[1][0] = aes_ctx.State[1][1];
+        aes_ctx.State[1][1] = aes_ctx.State[1][2];
+        aes_ctx.State[1][2] = aes_ctx.State[1][3];
+        aes_ctx.State[1][3] = Temp;
+        Temp = aes_ctx.State[2][0];
+        aes_ctx.State[2][0] = aes_ctx.State[2][2];
+        aes_ctx.State[2][2] = Temp;
+        Temp = aes_ctx.State[2][1];
+        aes_ctx.State[2][1] = aes_ctx.State[2][3];
+        aes_ctx.State[2][3] = Temp;
+        Temp = aes_ctx.State[3][3];
+        aes_ctx.State[3][3] = aes_ctx.State[3][2];
+        aes_ctx.State[3][2] = aes_ctx.State[3][1];
+        aes_ctx.State[3][1] = aes_ctx.State[3][0];
+        aes_ctx.State[3][0] = Temp;
+
+        /* AES_MixColumns */
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+        {
+            Row0 = aes_ctx.State[0][ColumnIndex];
+            Row1 = aes_ctx.State[1][ColumnIndex];
+            Row2 = aes_ctx.State[2][ColumnIndex];
+            Row3 = aes_ctx.State[3][ColumnIndex];
+            aes_ctx.State[0][ColumnIndex] = aes_mul_2[Row0]^aes_mul_3[Row1]^Row2^Row3;
+            aes_ctx.State[1][ColumnIndex] = Row0^aes_mul_2[Row1]^aes_mul_3[Row2]^Row3;
+            aes_ctx.State[2][ColumnIndex] = Row0^Row1^aes_mul_2[Row2]^aes_mul_3[Row3];
+            aes_ctx.State[3][ColumnIndex] = aes_mul_3[Row0]^Row1^Row2^aes_mul_2[Row3];
+        }
+
+        /* AES_AddRoundKey */
+        for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+            for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+                aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+    } /* End of for */
+
+    /* AES_SubBytes */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_enc[aes_ctx.State[RowIndex][ColumnIndex]];
+    /* AES_ShiftRows */
+    Temp = aes_ctx.State[1][0];
+    aes_ctx.State[1][0] = aes_ctx.State[1][1];
+    aes_ctx.State[1][1] = aes_ctx.State[1][2];
+    aes_ctx.State[1][2] = aes_ctx.State[1][3];
+    aes_ctx.State[1][3] = Temp;
+    Temp = aes_ctx.State[2][0];
+    aes_ctx.State[2][0] = aes_ctx.State[2][2];
+    aes_ctx.State[2][2] = Temp;
+    Temp = aes_ctx.State[2][1];
+    aes_ctx.State[2][1] = aes_ctx.State[2][3];
+    aes_ctx.State[2][3] = Temp;
+    Temp = aes_ctx.State[3][3];
+    aes_ctx.State[3][3] = aes_ctx.State[3][2];
+    aes_ctx.State[3][2] = aes_ctx.State[3][1];
+    aes_ctx.State[3][1] = aes_ctx.State[3][0];
+    aes_ctx.State[3][0] = Temp;
+    /* AES_AddRoundKey */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+
+    /*
+     * 4. Transfer the state block to cipher block
+     */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            CipherBlock[RowIndex + 4*ColumnIndex] = aes_ctx.State[RowIndex][ColumnIndex];
+
+    *CipherBlockSize = ((UINT) AES_STATE_ROWS)*((UINT) AES_STATE_COLUMNS);
+} /* End of AES_Encrypt */
+
+
+/*
+========================================================================
+Routine Description:
+    AES decryption
+
+Arguments:
+    CipherBlock      The block of cipher text, 16 bytes(128 bits) each block
+    CipherBlockSize  The length of block of cipher text in bytes
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    PlainBlockSize   The length of allocated plain block in bytes
+
+Return Value:
+    PlainBlock       Return plain text
+    PlainBlockSize  Return the length of real used plain block in bytes
+
+Note:
+    Reference to FIPS-PUB 197
+    1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
+    2. Transfer the cipher block to state block
+    3. Main decryption rounds
+    4. Transfer the state block to plain block
+    ------------------------------------------
+       NumberOfRound = (key length / 4) + 6;
+       state block = cipher block;
+
+       AddRoundKey(state block, key);
+       for round = NumberOfRound to 1
+           InvSubBytes(state block)
+           InvShiftRows(state block)
+           InvMixColumns(state block)
+           AddRoundKey(state block, key);
+       end for
+
+       InvSubBytes(state block)
+       InvShiftRows(state block)
+       AddRoundKey(state block, key);
+
+       plain block = state block;
+========================================================================
+*/
+VOID AES_Decrypt (
+    IN UINT8 CipherBlock[],
+    IN UINT CipherBlockSize,
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    OUT UINT8 PlainBlock[],
+    INOUT UINT *PlainBlockSize)
+{
+    AES_CTX_STRUC aes_ctx;
+    UINT RowIndex, ColumnIndex;
+    UINT RoundIndex, NumberOfRound = 0;
+    UINT8 Temp, Row0, Row1, Row2, Row3;
+
+    /*
+     * 1. Check if block size is 16 bytes(128 bits) and if key length is 16, 24, or 32 bytes(128, 192, or 256 bits)
+     */
+    if (*PlainBlockSize < AES_BLOCK_SIZES) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: plain block size is %d bytes, it must be %d bytes(128 bits).\n",
+            *PlainBlockSize, AES_BLOCK_SIZES));
+        return;
+    } /* End of if */
+    if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
+            KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
+        return;
+    } /* End of if */
+    if (CipherBlockSize != AES_BLOCK_SIZES) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_Decrypt: cipher block size is %d bytes, it must be %d bytes(128 bits).\n",
+            CipherBlockSize, AES_BLOCK_SIZES));
+        return;
+    } /* End of if */
+
+    /*
+     * 2. Transfer the cipher block to state block
+     */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] = CipherBlock[RowIndex + 4*ColumnIndex];
+
+    /*
+     *  3. Main decryption rounds
+     */
+    AES_KeyExpansion(Key, KeyLength, &aes_ctx);
+    NumberOfRound = (KeyLength >> 2) + 6;
+
+    /* AES_AddRoundKey */
+    RoundIndex = NumberOfRound;
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+
+    for (RoundIndex = (NumberOfRound - 1); RoundIndex > 0 ;RoundIndex--)
+    {
+        /* AES_InvShiftRows */
+        Temp = aes_ctx.State[1][3];
+        aes_ctx.State[1][3] = aes_ctx.State[1][2];
+        aes_ctx.State[1][2] = aes_ctx.State[1][1];
+        aes_ctx.State[1][1] = aes_ctx.State[1][0];
+        aes_ctx.State[1][0] = Temp;
+        Temp = aes_ctx.State[2][0];
+        aes_ctx.State[2][0] = aes_ctx.State[2][2];
+        aes_ctx.State[2][2] = Temp;
+        Temp = aes_ctx.State[2][1];
+        aes_ctx.State[2][1] = aes_ctx.State[2][3];
+        aes_ctx.State[2][3] = Temp;
+        Temp = aes_ctx.State[3][0];
+        aes_ctx.State[3][0] = aes_ctx.State[3][1];
+        aes_ctx.State[3][1] = aes_ctx.State[3][2];
+        aes_ctx.State[3][2] = aes_ctx.State[3][3];
+        aes_ctx.State[3][3] = Temp;
+
+        /* AES_InvSubBytes */
+        for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+            for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+                aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_dec[aes_ctx.State[RowIndex][ColumnIndex]];
+
+        /* AES_AddRoundKey */
+        for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+            for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+                aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+
+        /* AES_InvMixColumns */
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+        {
+            Row0 = aes_ctx.State[0][ColumnIndex];
+            Row1 = aes_ctx.State[1][ColumnIndex];
+            Row2 = aes_ctx.State[2][ColumnIndex];
+            Row3 = aes_ctx.State[3][ColumnIndex];
+            aes_ctx.State[0][ColumnIndex] = aes_mul_e[Row0]^aes_mul_b[Row1]^aes_mul_d[Row2]^aes_mul_9[Row3];
+            aes_ctx.State[1][ColumnIndex] = aes_mul_9[Row0]^aes_mul_e[Row1]^aes_mul_b[Row2]^aes_mul_d[Row3];
+            aes_ctx.State[2][ColumnIndex] = aes_mul_d[Row0]^aes_mul_9[Row1]^aes_mul_e[Row2]^aes_mul_b[Row3];
+            aes_ctx.State[3][ColumnIndex] = aes_mul_b[Row0]^aes_mul_d[Row1]^aes_mul_9[Row2]^aes_mul_e[Row3];
+        }
+    } /* End of for */
+
+    /* AES_InvShiftRows */
+    Temp = aes_ctx.State[1][3];
+    aes_ctx.State[1][3] = aes_ctx.State[1][2];
+    aes_ctx.State[1][2] = aes_ctx.State[1][1];
+    aes_ctx.State[1][1] = aes_ctx.State[1][0];
+    aes_ctx.State[1][0] = Temp;
+    Temp = aes_ctx.State[2][0];
+    aes_ctx.State[2][0] = aes_ctx.State[2][2];
+    aes_ctx.State[2][2] = Temp;
+    Temp = aes_ctx.State[2][1];
+    aes_ctx.State[2][1] = aes_ctx.State[2][3];
+    aes_ctx.State[2][3] = Temp;
+    Temp = aes_ctx.State[3][0];
+    aes_ctx.State[3][0] = aes_ctx.State[3][1];
+    aes_ctx.State[3][1] = aes_ctx.State[3][2];
+    aes_ctx.State[3][2] = aes_ctx.State[3][3];
+    aes_ctx.State[3][3] = Temp;
+    /* AES_InvSubBytes */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] = aes_sbox_dec[aes_ctx.State[RowIndex][ColumnIndex]];
+    /* AES_AddRoundKey */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            aes_ctx.State[RowIndex][ColumnIndex] ^= aes_ctx.KeyWordExpansion[RowIndex][(RoundIndex*((UINT) AES_STATE_COLUMNS)) + ColumnIndex];
+
+    /*
+     * 4. Transfer the state block to plain block
+     */
+    for (RowIndex = 0; RowIndex < AES_STATE_ROWS;RowIndex++)
+        for (ColumnIndex = 0; ColumnIndex < AES_STATE_COLUMNS;ColumnIndex++)
+            PlainBlock[RowIndex + 4*ColumnIndex] = aes_ctx.State[RowIndex][ColumnIndex];
+
+    *PlainBlockSize = ((UINT) AES_STATE_ROWS)*((UINT) AES_STATE_COLUMNS);
+} /* End of AES_Decrypt */
+
+
+/*
+========================================================================
+Routine Description:
+    AES-CBC encryption
+
+Arguments:
+    PlainText        Plain text
+    PlainTextLength  The length of plain text in bytes
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    IV               Initialization vector, it may be 16 bytes (128 bits)
+    IVLength         The length of initialization vector in bytes
+    CipherTextLength The length of allocated cipher text in bytes
+
+Return Value:
+    CipherText       Return cipher text
+    CipherTextLength Return the length of real used cipher text in bytes
+
+Note:
+    Reference to RFC 3602 and NIST 800-38A
+========================================================================
+*/
+VOID AES_CBC_Encrypt (
+    IN UINT8 PlainText[],
+    IN UINT PlainTextLength,
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    IN UINT8 IV[],
+    IN UINT IVLength,
+    OUT UINT8 CipherText[],
+    INOUT UINT *CipherTextLength)
+{
+    UINT PaddingSize, PlainBlockStart, CipherBlockStart, CipherBlockSize;
+    UINT Index;
+    UINT8 Block[AES_BLOCK_SIZES];
+
+    /*
+     * 1. Check the input parameters
+     *    - CipherTextLength > (PlainTextLength + Padding size), Padding size = block size - (PlainTextLength % block size)
+     *    - Key length must be 16, 24, or 32 bytes(128, 192, or 256 bits)
+     *    - IV length must be 16 bytes(128 bits)
+     */
+    PaddingSize = ((UINT) AES_BLOCK_SIZES) - (PlainTextLength % ((UINT)AES_BLOCK_SIZES));
+    if (*CipherTextLength < (PlainTextLength + PaddingSize)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: cipher text length is %d bytes < (plain text length %d bytes + padding size %d bytes).\n",
+            *CipherTextLength, PlainTextLength, PaddingSize));
+        return;
+    } /* End of if */
+    if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
+            KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
+        return;
+    } /* End of if */
+    if (IVLength != AES_CBC_IV_LENGTH) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Encrypt: IV length is %d bytes, it must be %d bytes(128bits).\n",
+            IVLength, AES_CBC_IV_LENGTH));
+        return;
+    } /* End of if */
+
+
+    /*
+     * 2. Main algorithm
+     *    - Plain text divide into serveral blocks (16 bytes/block)
+     *    - If plain text is divided with no remainder by block, add a new block and padding size = block(16 bytes)
+     *    - If plain text is not divided with no remainder by block, padding size = (block - remainder plain text)
+     *    - Execute AES_Encrypt procedure.
+     *
+     *    - Padding method: The remainder bytes will be filled with padding size (1 byte)
+     */
+    PlainBlockStart = 0;
+    CipherBlockStart = 0;
+    while ((PlainTextLength - PlainBlockStart) >= AES_BLOCK_SIZES)
+    {
+        if (CipherBlockStart == 0) {
+            for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                Block[Index] = PlainText[PlainBlockStart + Index]^IV[Index];
+        } else {
+            for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                Block[Index] = PlainText[PlainBlockStart + Index]^CipherText[CipherBlockStart - ((UINT) AES_BLOCK_SIZES) + Index];
+        } /* End of if */
+
+        CipherBlockSize = *CipherTextLength - CipherBlockStart;
+        AES_Encrypt(Block, AES_BLOCK_SIZES , Key, KeyLength, CipherText + CipherBlockStart, &CipherBlockSize);
+
+        PlainBlockStart += ((UINT) AES_BLOCK_SIZES);
+        CipherBlockStart += CipherBlockSize;
+    } /* End of while */
+
+    NdisMoveMemory(Block, (&PlainText[0] + PlainBlockStart), (PlainTextLength - PlainBlockStart));
+    NdisFillMemory((Block + (((UINT) AES_BLOCK_SIZES) -PaddingSize)), PaddingSize, (UINT8) PaddingSize);
+    if (CipherBlockStart == 0) {
+       for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+           Block[Index] ^= IV[Index];
+    } else {
+       for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+           Block[Index] ^= CipherText[CipherBlockStart - ((UINT) AES_BLOCK_SIZES) + Index];
+    } /* End of if */
+    CipherBlockSize = *CipherTextLength - CipherBlockStart;
+    AES_Encrypt(Block, AES_BLOCK_SIZES , Key, KeyLength, CipherText + CipherBlockStart, &CipherBlockSize);
+    CipherBlockStart += CipherBlockSize;
+    *CipherTextLength = CipherBlockStart;
+} /* End of AES_CBC_Encrypt */
+
+
+/*
+========================================================================
+Routine Description:
+    AES-CBC decryption
+
+Arguments:
+    CipherText       Cipher text
+    CipherTextLength The length of cipher text in bytes
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    IV               Initialization vector, it may be 16 bytes (128 bits)
+    IVLength         The length of initialization vector in bytes
+    PlainTextLength  The length of allocated plain text in bytes
+
+Return Value:
+    PlainText        Return plain text
+    PlainTextLength  Return the length of real used plain text in bytes
+
+Note:
+    Reference to RFC 3602 and NIST 800-38A
+========================================================================
+*/
+VOID AES_CBC_Decrypt (
+    IN UINT8 CipherText[],
+    IN UINT CipherTextLength,
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    IN UINT8 IV[],
+    IN UINT IVLength,
+    OUT UINT8 PlainText[],
+    INOUT UINT *PlainTextLength)
+{
+    UINT PaddingSize, PlainBlockStart, CipherBlockStart, PlainBlockSize;
+    UINT Index;
+
+    /*
+     * 1. Check the input parameters
+     *    - CipherTextLength must be divided with no remainder by block
+     *    - Key length must be 16, 24, or 32 bytes(128, 192, or 256 bits)
+     *    - IV length must be 16 bytes(128 bits)
+     */
+    if ((CipherTextLength % AES_BLOCK_SIZES) != 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: cipher text length is %d bytes, it can't be divided with no remainder by block size(%d).\n",
+            CipherTextLength, AES_BLOCK_SIZES));
+        return;
+    } /* End of if */
+    if ((KeyLength != AES_KEY128_LENGTH) && (KeyLength != AES_KEY192_LENGTH) && (KeyLength != AES_KEY256_LENGTH)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: key length is %d bytes, it must be %d, %d, or %d bytes(128, 192, or 256 bits).\n",
+            KeyLength, AES_KEY128_LENGTH, AES_KEY192_LENGTH, AES_KEY256_LENGTH));
+        return;
+    } /* End of if */
+    if (IVLength != AES_CBC_IV_LENGTH) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CBC_Decrypt: IV length is %d bytes, it must be %d bytes(128bits).\n",
+            IVLength, AES_CBC_IV_LENGTH));
+        return;
+    } /* End of if */
+
+
+    /*
+     * 2. Main algorithm
+     *    - Cypher text divide into serveral blocks (16 bytes/block)
+     *    - Execute AES_Decrypt procedure.
+     *    - Remove padding bytes, padding size is the last byte of plain text
+     */
+    CipherBlockStart = 0;
+    PlainBlockStart = 0;
+    while ((CipherTextLength - CipherBlockStart) >= AES_BLOCK_SIZES)
+    {
+        PlainBlockSize = *PlainTextLength - PlainBlockStart;
+        AES_Decrypt(CipherText + CipherBlockStart, AES_BLOCK_SIZES , Key, KeyLength, PlainText + PlainBlockStart, &PlainBlockSize);
+
+        if (PlainBlockStart == 0) {
+            for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                PlainText[PlainBlockStart + Index] ^= IV[Index];
+        } else {
+            for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                PlainText[PlainBlockStart + Index] ^= CipherText[CipherBlockStart + Index - ((UINT) AES_BLOCK_SIZES)];
+        } /* End of if */
+
+        CipherBlockStart += AES_BLOCK_SIZES;
+        PlainBlockStart += PlainBlockSize;
+    } /* End of while */
+
+    PaddingSize = (UINT8) PlainText[PlainBlockStart -1];
+    *PlainTextLength = PlainBlockStart - PaddingSize;
+
+} /* End of AES_CBC_Encrypt */
+
+
+
+/*
+========================================================================
+Routine Description:
+    AES-CMAC generate subkey
+
+Arguments:
+    Key        Cipher key 128 bits
+    KeyLength  The length of Cipher key in bytes
+
+Return Value:
+    SubKey1    SubKey 1 128 bits
+    SubKey2    SubKey 2 128 bits
+
+Note:
+    Reference to RFC 4493
+
+    Step 1.  L := AES-128(K, const_Zero);
+    Step 2.  if MSB(L) is equal to 0
+                then    K1 := L << 1;
+                else    K1 := (L << 1) XOR const_Rb;
+    Step 3.  if MSB(K1) is equal to 0
+                then    K2 := K1 << 1;
+                else    K2 := (K1 << 1) XOR const_Rb;
+    Step 4.  return K1, K2;
+========================================================================
+*/
+VOID AES_CMAC_GenerateSubKey (
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    OUT UINT8 SubKey1[],
+    OUT UINT8 SubKey2[])
+{
+    UINT8 MSB_L = 0, MSB_K1 = 0, Top_Bit = 0;
+    UINT  SubKey1_Length = 0;
+    INT   Index = 0;
+
+    if (KeyLength != AES_KEY128_LENGTH) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC_GenerateSubKey: key length is %d bytes, it must be %d bytes(128 bits).\n",
+            KeyLength, AES_KEY128_LENGTH));
+        return;
+    } /* End of if */
+
+    /* Step 1: L := AES-128(K, const_Zero); */
+    SubKey1_Length = 16;
+    AES_Encrypt(Const_Zero, sizeof(Const_Zero), Key, KeyLength, SubKey1, &SubKey1_Length);
+
+    /*
+     * Step 2.  if MSB(L) is equal to 0
+     *           then    K1 := L << 1;
+     *           else    K1 := (L << 1) XOR const_Rb;
+     */
+    MSB_L = SubKey1[0] & 0x80;
+    for(Index = 0; Index < 15; Index++) {
+        Top_Bit = (SubKey1[Index + 1] & 0x80)?1:0;
+        SubKey1[Index] <<= 1;
+        SubKey1[Index] |= Top_Bit;
+    }
+    SubKey1[15] <<= 1;
+    if (MSB_L > 0) {
+        for(Index = 0; Index < 16; Index++)
+            SubKey1[Index] ^= Const_Rb[Index];
+    } /* End of if */
+
+    /*
+     * Step 3.  if MSB(K1) is equal to 0
+     *           then    K2 := K1 << 1;
+     *           else    K2 := (K1 << 1) XOR const_Rb;
+     */
+    MSB_K1 = SubKey1[0] & 0x80;
+    for(Index = 0; Index < 15; Index++) {
+        Top_Bit = (SubKey1[Index + 1] & 0x80)?1:0;
+        SubKey2[Index] = SubKey1[Index] << 1;
+        SubKey2[Index] |= Top_Bit;
+    }
+    SubKey2[15] = SubKey1[15] << 1;
+    if (MSB_K1 > 0) {
+        for(Index = 0; Index < 16; Index++)
+            SubKey2[Index] ^= Const_Rb[Index];
+    } /* End of if */
+} /* End of AES_CMAC_GenerateSubKey */
+
+
+/*
+========================================================================
+Routine Description:
+    AES-CMAC
+
+Arguments:
+    PlainText        Plain text
+    PlainTextLength  The length of plain text in bytes
+    Key              Cipher key, it may be 16, 24, or 32 bytes (128, 192, or 256 bits)
+    KeyLength        The length of cipher key in bytes
+    MACTextLength    The length of allocated memory spaces in bytes
+
+Return Value:
+    MACText       Message authentication code (128-bit string)
+    MACTextLength Return the length of Message authentication code in bytes
+
+Note:
+    Reference to RFC 4493
+========================================================================
+*/
+VOID AES_CMAC (
+    IN UINT8 PlainText[],
+    IN UINT PlainTextLength,
+    IN UINT8 Key[],
+    IN UINT KeyLength,
+    OUT UINT8 MACText[],
+    INOUT UINT *MACTextLength)
+{
+    UINT  PlainBlockStart;
+    UINT8 X[AES_BLOCK_SIZES], Y[AES_BLOCK_SIZES];
+    UINT8 SubKey1[16];
+    UINT8 SubKey2[16];
+    INT X_Length, Index;
+
+    if (*MACTextLength < AES_MAC_LENGTH) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC: MAC text length is less than %d bytes).\n",
+            AES_MAC_LENGTH));
+        return;
+    } /* End of if */
+    if (KeyLength != AES_KEY128_LENGTH) {
+       DBGPRINT(RT_DEBUG_ERROR, ("AES_CMAC: key length is %d bytes, it must be %d bytes(128 bits).\n",
+            KeyLength, AES_KEY128_LENGTH));
+        return;
+    } /* End of if */
+
+    /* Step 1.  (K1,K2) := Generate_Subkey(K); */
+    NdisZeroMemory(SubKey1, 16);
+    NdisZeroMemory(SubKey2, 16);
+    AES_CMAC_GenerateSubKey(Key, KeyLength, SubKey1, SubKey2);
+
+    /*
+     * 2. Main algorithm
+     *    - Plain text divide into serveral blocks (16 bytes/block)
+     *    - If plain text is not divided with no remainder by block, padding size = (block - remainder plain text)
+     *    - Execute AES_Encrypt procedure.
+     */
+    PlainBlockStart = 0;
+    NdisMoveMemory(X, Const_Zero, AES_BLOCK_SIZES);
+    while ((PlainTextLength - PlainBlockStart) > AES_BLOCK_SIZES)
+    {
+        for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                Y[Index] = PlainText[PlainBlockStart + Index]^X[Index];
+
+        X_Length = sizeof(X);
+        AES_Encrypt(Y, sizeof(Y) , Key, KeyLength, X, &X_Length);
+        PlainBlockStart += ((UINT) AES_BLOCK_SIZES);
+    } /* End of while */
+    if ((PlainTextLength - PlainBlockStart) == AES_BLOCK_SIZES) {
+        for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                Y[Index] = PlainText[PlainBlockStart + Index]^X[Index]^SubKey1[Index];
+    } else {
+        NdisZeroMemory(Y, AES_BLOCK_SIZES);
+        NdisMoveMemory(Y, &PlainText[PlainBlockStart], (PlainTextLength - PlainBlockStart));
+        Y[(PlainTextLength - PlainBlockStart)] = 0x80;
+        for (Index = 0; Index < AES_BLOCK_SIZES; Index++)
+                Y[Index] = Y[Index]^X[Index]^SubKey2[Index];
+    } /* End of if */
+    AES_Encrypt(Y, sizeof(Y) , Key, KeyLength, MACText, MACTextLength);
+} /* End of AES_CMAC */
diff --git a/drivers/staging/rt3090/common/crypt_biginteger.c b/drivers/staging/rt3090/common/crypt_biginteger.c
new file mode 100644 (file)
index 0000000..b346c5f
--- /dev/null
@@ -0,0 +1,1119 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       cmm_profile.c
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#include "crypt_biginteger.h"
+
+#ifdef __KERNEL__
+#define DEBUGPRINT(fmt, args...) printk(KERN_ERR fmt, ## args)
+#else
+#define DEBUGPRINT(fmt, args...) printf(fmt, ## args)
+#endif /* __KERNEL__ */
+
+#define UINT32_HBITS(value)    (((value) >> 0x10) & 0xffff)
+#define UINT32_LBITS(value)    ((value) & 0xffff)
+#define UINT32_GETBYTE(value, index)   (((value) >> ((index)*8)) & 0xff)
+#define UINT64_HBITS(value)    (((value) >> 0x20) & 0xffffffff)
+#define UINT64_LBITS(value)    ((value) & 0xffffffff)
+
+static UINT8 WPS_DH_P_VALUE[192] =
+{
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
+    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
+    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
+    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
+    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
+    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
+    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
+    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
+    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
+    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
+    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
+    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
+    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
+    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,
+    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,
+    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,
+    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,
+    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,
+    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,
+    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,
+    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,
+    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x23, 0x73, 0x27,
+    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
+};
+
+static UINT8 WPS_DH_R_VALUE[193] =
+{
+    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00,
+};
+
+static UINT8 WPS_DH_X_VALUE[184] =
+{
+    0x36, 0xf0, 0x25, 0x5d, 0xde, 0x97, 0x3d, 0xcb,
+    0x3b, 0x39, 0x9d, 0x74, 0x7f, 0x23, 0xe3, 0x2e,
+    0xd6, 0xfd, 0xb1, 0xf7, 0x75, 0x98, 0x33, 0x8b,
+    0xfd, 0xf4, 0x41, 0x59, 0xc4, 0xec, 0x64, 0xdd,
+    0xae, 0xb5, 0xf7, 0x86, 0x71, 0xcb, 0xfb, 0x22,
+    0x10, 0x6a, 0xe6, 0x4c, 0x32, 0xc5, 0xbc, 0xe4,
+    0xcf, 0xd4, 0xf5, 0x92, 0x0d, 0xa0, 0xeb, 0xc8,
+    0xb0, 0x1e, 0xca, 0x92, 0x92, 0xae, 0x3d, 0xba,
+    0x1b, 0x7a, 0x4a, 0x89, 0x9d, 0xa1, 0x81, 0x39,
+    0x0b, 0xb3, 0xbd, 0x16, 0x59, 0xc8, 0x12, 0x94,
+    0xf4, 0x00, 0xa3, 0x49, 0x0b, 0xf9, 0x48, 0x12,
+    0x11, 0xc7, 0x94, 0x04, 0xa5, 0x76, 0x60, 0x5a,
+    0x51, 0x60, 0xdb, 0xee, 0x83, 0xb4, 0xe0, 0x19,
+    0xb6, 0xd7, 0x99, 0xae, 0x13, 0x1b, 0xa4, 0xc2,
+    0x3d, 0xff, 0x83, 0x47, 0x5e, 0x9c, 0x40, 0xfa,
+    0x67, 0x25, 0xb7, 0xc9, 0xe3, 0xaa, 0x2c, 0x65,
+    0x96, 0xe9, 0xc0, 0x57, 0x02, 0xdb, 0x30, 0xa0,
+    0x7c, 0x9a, 0xa2, 0xdc, 0x23, 0x5c, 0x52, 0x69,
+    0xe3, 0x9d, 0x0c, 0xa9, 0xdf, 0x7a, 0xad, 0x44,
+    0x61, 0x2a, 0xd6, 0xf8, 0x8f, 0x69, 0x69, 0x92,
+    0x98, 0xf3, 0xca, 0xb1, 0xb5, 0x43, 0x67, 0xfb,
+    0x0e, 0x8b, 0x93, 0xf7, 0x35, 0xdc, 0x8c, 0xd8,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01,
+};
+
+static UINT8 WPS_DH_RRModP_VALUE[192] =
+{
+       0xe3, 0xb3, 0x3c, 0x72, 0x59, 0x54, 0x1c, 0x01,
+       0xee, 0x9c, 0x9a, 0x21, 0x6c, 0xc1, 0xeb, 0xd2,
+       0xae, 0x59, 0x41, 0x04, 0x79, 0x29, 0xa1, 0xc7,
+       0xe9, 0xc3, 0xfa, 0x02, 0xcc, 0x24, 0x56, 0xef,
+       0x10, 0x26, 0x30, 0xfa, 0x9a, 0x36, 0xa5, 0x1f,
+       0x57, 0xb5, 0x93, 0x48, 0x67, 0x98, 0x44, 0x60,
+       0x0b, 0xe4, 0x96, 0x47, 0xa8, 0x7c, 0x7b, 0x37,
+       0xf8, 0x05, 0x65, 0x64, 0x96, 0x9b, 0x7f, 0x02,
+       0xdc, 0x54, 0x1a, 0x4e, 0xd4, 0x05, 0x3f, 0x54,
+       0xd6, 0x2a, 0x0e, 0xea, 0xb2, 0x70, 0x52, 0x1b,
+       0x22, 0xc2, 0x96, 0xe9, 0xd4, 0x6f, 0xec, 0x23,
+       0x8e, 0x1a, 0xbd, 0x78, 0x02, 0x23, 0xb7, 0x6b,
+       0xb8, 0xfe, 0x61, 0x21, 0x19, 0x6b, 0x7e, 0x88,
+       0x1c, 0x72, 0x9c, 0x7e, 0x04, 0xb9, 0xf7, 0x96,
+       0x07, 0xcd, 0x0a, 0x62, 0x8e, 0x43, 0x41, 0x30,
+       0x04, 0xa5, 0x41, 0xff, 0x93, 0xae, 0x1c, 0xeb,
+       0xb0, 0x04, 0xa7, 0x50, 0xdb, 0x10, 0x2d, 0x39,
+       0xb9, 0x05, 0x2b, 0xb4, 0x7a, 0x58, 0xf1, 0x70,
+       0x7e, 0x8c, 0xd2, 0xac, 0x98, 0xb5, 0xfb, 0x62,
+       0x8f, 0x23, 0x31, 0xb1, 0x3b, 0x01, 0xe0, 0x18,
+       0xf4, 0x66, 0xee, 0x5f, 0xbc, 0xd4, 0x9d, 0x68,
+       0xd0, 0xab, 0x92, 0xe1, 0x83, 0x97, 0xf2, 0x45,
+       0x8e, 0x0e, 0x3e, 0x21, 0x67, 0x47, 0x8c, 0x73,
+       0xf1, 0x15, 0xd2, 0x7d, 0x32, 0xc6, 0x95, 0xe0,
+};
+
+static UINT8 Value_0[1] = {0x00};
+static UINT8 Value_1[1] = {0x01};
+static PBIG_INTEGER pBI_U = NULL, pBI_S = NULL, pBI_O = NULL;
+static UINT Bits_Of_R = 0;
+
+
+VOID BigInteger_Print (
+    IN PBIG_INTEGER pBI)
+{
+    int i = 0, j = 0;
+
+    if ((pBI == NULL) || (pBI->pIntegerArray == NULL))
+        return;
+
+    if (strlen(pBI->Name) != 0)
+        DEBUGPRINT("Name=%s\n", pBI->Name);
+    DEBUGPRINT("AllocSize=%d, ArrayLength=%d, IntegerLength=%d, Signed=%d\n", pBI->AllocSize, pBI->ArrayLength, pBI->IntegerLength, pBI->Signed);
+    for (i = (pBI->ArrayLength - 1), j = 0;i >=0;i--,j++) {
+        DEBUGPRINT("%08x, ", pBI->pIntegerArray[i]);
+        if ((j%8) == 7)
+            DEBUGPRINT("\n");
+    } /* End od for */
+    DEBUGPRINT("\n\n");
+} /* End of BigInteger_Print */
+
+
+VOID BigInteger_Init (
+    INOUT PBIG_INTEGER *pBI)
+{
+    if (*pBI != NULL)
+        BigInteger_Free(pBI);
+
+    if ((*pBI = (PBIG_INTEGER) kmalloc(sizeof(BIG_INTEGER), GFP_ATOMIC)) == NULL) {
+        DEBUGPRINT("BigInteger_Init: allocate %d bytes memory failure.\n", (sizeof(BIG_INTEGER)));
+        return;
+    } /* End of if */
+
+    NdisZeroMemory(*pBI, sizeof(BIG_INTEGER));
+    (*pBI)->pIntegerArray = NULL;
+    (*pBI)->Signed = 1;
+} /* End of BigInteger_Init */
+
+
+VOID BigInteger_Free_AllocSize (
+    IN PBIG_INTEGER *pBI)
+{
+    if ((*pBI != NULL) && ((*pBI)->pIntegerArray != NULL)) {
+        kfree((*pBI)->pIntegerArray);
+        NdisZeroMemory(*pBI, sizeof(BIG_INTEGER));
+        (*pBI)->pIntegerArray = NULL;
+        (*pBI)->Signed = 1;
+    } /* End of if */
+} /* End of BigInteger_Free_AllocSize */
+
+
+VOID BigInteger_Free (
+    IN PBIG_INTEGER *pBI)
+{
+    if (*pBI != NULL) {
+        BigInteger_Free_AllocSize(pBI);
+        kfree(*pBI);
+    } /* End of if */
+
+    *pBI = NULL;
+} /* End of BigInteger_Free */
+
+
+VOID BigInteger_AllocSize (
+    IN PBIG_INTEGER *pBI,
+    IN UINT Length)
+{
+    UINT ArrayLength = 0;
+
+    if (Length == 0)
+        return;
+
+    if (*pBI == NULL)
+        BigInteger_Init(pBI);
+
+    /* Caculate array size */
+    ArrayLength = Length >> 0x2;
+    if ((Length & 0x3) != 0)
+        ArrayLength++;
+
+    if (((*pBI)->pIntegerArray != NULL) && ((*pBI)->AllocSize < (sizeof(UINT32)*ArrayLength)))
+        BigInteger_Free_AllocSize(pBI);
+
+    if ((*pBI)->pIntegerArray == NULL) {
+        if (((*pBI)->pIntegerArray = (UINT32 *) kmalloc(sizeof(UINT32)*ArrayLength, GFP_ATOMIC)) == NULL) {
+            DEBUGPRINT("BigInteger_AllocSize: allocate %d bytes memory failure.\n", (sizeof(UINT32)*ArrayLength));
+            return;
+        } /* End of if */
+        (*pBI)->AllocSize = sizeof(UINT32)*ArrayLength;
+    } /* End of if */
+
+    NdisZeroMemory((*pBI)->pIntegerArray, (*pBI)->AllocSize);
+    (*pBI)->ArrayLength = ArrayLength;
+    (*pBI)->IntegerLength = Length;
+} /* End of BigInteger_AllocSize */
+
+
+VOID BigInteger_ClearHighBits (
+    IN PBIG_INTEGER pBI)
+{
+    INT BIArrayIndex, ShiftIndex = 0;
+    UINT8 value;
+
+    if ((pBI == NULL) || (pBI->pIntegerArray == NULL))
+        return;
+
+    BIArrayIndex = pBI->ArrayLength - 1;
+    while ((BIArrayIndex >= 0) && (pBI->pIntegerArray[BIArrayIndex] == 0))
+       BIArrayIndex--;
+
+    if (BIArrayIndex >= 0) {
+        value = 0;
+        ShiftIndex = 4;
+        while (value == 0) {
+            ShiftIndex--;
+            value = UINT32_GETBYTE(pBI->pIntegerArray[BIArrayIndex], ShiftIndex);
+       } /* End of while */
+    } /* End of if */
+
+    if ((BIArrayIndex == -1) && (ShiftIndex == -1)) {
+        pBI->IntegerLength = 1;
+        pBI->ArrayLength = 1;
+        pBI->Signed = 1;
+    } else {
+        pBI->IntegerLength = (BIArrayIndex*4) + ShiftIndex + 1;
+        pBI->ArrayLength = BIArrayIndex + 1;
+    } /* End of if */
+} /* End of BigInteger_ClearHighBits */
+
+
+VOID BigInteger_BI2Bin (
+    IN PBIG_INTEGER pBI,
+    OUT UINT8 *pValue,
+    OUT UINT *Length)
+{
+    INT  ValueIndex, BIArrayIndex, ShiftIndex;
+    UINT32  Number;
+
+    if (pBI == NULL) {
+        DEBUGPRINT("BigInteger_BI2Bin: pBI is NUll\n");
+        *Length = 0;
+        return;
+    } /* End of if */
+
+    if (*Length < (sizeof(UINT8) * pBI->IntegerLength)) {
+        DEBUGPRINT("BigInteger_BI2Bin: length(%d) is not enough.\n", *Length);
+        *Length = 0;
+        return;
+    } /* End of if */
+
+    if (pBI->pIntegerArray == NULL) {
+        *Length = 0;
+        return;
+    } /* End of if */
+
+    BigInteger_ClearHighBits(pBI);
+    if ((ShiftIndex = pBI->IntegerLength & 0x3) == 0)
+       ShiftIndex = 4;
+    BIArrayIndex = pBI->ArrayLength - 1;
+    ValueIndex = 0;
+
+    Number = pBI->pIntegerArray[BIArrayIndex];
+    while (ValueIndex < pBI->IntegerLength)
+    {
+        pValue[ValueIndex++] = (UINT8) UINT32_GETBYTE(Number, ShiftIndex - 1);
+        if ((--ShiftIndex) == 0) {
+            ShiftIndex = 4;
+            BIArrayIndex--;
+            Number = pBI->pIntegerArray[BIArrayIndex];
+        } /* End of if */
+    } /* End of while */
+    *Length = pBI->IntegerLength;
+} /* End of BigInteger_BI2Bin */
+
+
+VOID BigInteger_Bin2BI (
+    IN UINT8 *pValue,
+    IN UINT Length,
+    OUT PBIG_INTEGER *pBI)
+{
+    INT  ValueIndex, BIArrayIndex, ShiftIndex;
+    UINT32  Number;
+
+    BigInteger_AllocSize(pBI, Length);
+
+    if ((*pBI)->pIntegerArray != NULL) {
+        Number = 0;
+        if ((ShiftIndex = Length & 0x3) == 0)
+            ShiftIndex = 4;
+        BIArrayIndex = (*pBI)->ArrayLength - 1;
+        ValueIndex = 0;
+        while (ValueIndex < Length)
+        {
+            Number = (Number << 8) | (UINT8) pValue[ValueIndex++];
+            if ((--ShiftIndex) == 0) {
+                (*pBI)->pIntegerArray[BIArrayIndex] = Number;
+                ShiftIndex = 4;
+                BIArrayIndex--;
+                Number = 0;
+            } /* End of if */
+        } /* End of while */
+    } /* End of if */
+} /* End of BigInteger_Bin2BI */
+
+
+/* Calculate the bits of BigInteger, the highest bit is 1 */
+VOID BigInteger_BitsOfBI (
+    IN PBIG_INTEGER pBI,
+    OUT UINT *Bits_Of_P)
+{
+    UINT32 Number, Index;
+
+    Number = pBI->pIntegerArray[pBI->ArrayLength - 1];
+    Index = 0;
+    while ((!(Number & 0x80000000)) && (Index < 32)) {
+        Number <<= 1;
+        Index++;
+    } /* End of while */
+    *Bits_Of_P = (pBI->ArrayLength*sizeof(UINT32)) - Index;
+} /* End of BigInteger_BitsOfBN */
+
+
+INT BigInteger_GetBitValue (
+    IN PBIG_INTEGER pBI,
+    IN UINT Index)
+{
+    UINT Array = 0;
+    UINT Shift = 0;
+
+    if (Index > 0) {
+        Array = (Index - 1) >> 0x5;
+        Shift = (Index - 1) & 0x1F;
+    }
+    if (Array > pBI->ArrayLength)
+        return 0;
+
+    return ((pBI->pIntegerArray[Array] >> Shift) & 0x1);
+} /* End of BigInteger_GetBitValue */
+
+
+UINT8 BigInteger_GetByteValue (
+    IN PBIG_INTEGER pBI,
+    IN UINT Index)
+{
+    UINT Array = 0;
+    UINT Shift = 0;
+
+    if (Index > 0) {
+        Array = (Index - 1) >> 0x2;
+        Shift = (Index - 1) & 0x3;
+    }
+    if ((Array > pBI->ArrayLength) || (Index > pBI->IntegerLength))
+        return 0;
+
+
+    return (UINT8) UINT32_GETBYTE(pBI->pIntegerArray[Array], Shift - 1);
+} /* End of BigInteger_GetByteValue */
+
+
+VOID BigInteger_Copy (
+    IN PBIG_INTEGER pBI_Copied,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    BigInteger_AllocSize(pBI_Result, pBI_Copied->IntegerLength);
+    NdisCopyMemory((*pBI_Result)->pIntegerArray, pBI_Copied->pIntegerArray, (sizeof(UINT32)*(*pBI_Result)->ArrayLength));
+    (*pBI_Result)->ArrayLength = pBI_Copied->ArrayLength;
+    (*pBI_Result)->IntegerLength = pBI_Copied->IntegerLength;
+    (*pBI_Result)->Signed = pBI_Copied->Signed;
+} /* End of BigInteger_Copy */
+
+
+INT BigInteger_UnsignedCompare (
+    IN PBIG_INTEGER pFirstOperand,
+    IN PBIG_INTEGER pSecondOperand)
+{
+    INT BIArrayIndex;
+
+    if (pFirstOperand->IntegerLength > pSecondOperand->IntegerLength)
+        return 1;
+
+    if (pFirstOperand->IntegerLength < pSecondOperand->IntegerLength)
+        return -1;
+
+    if (pFirstOperand->IntegerLength == pSecondOperand->IntegerLength) {
+        for(BIArrayIndex = (pFirstOperand->ArrayLength - 1);BIArrayIndex >= 0 ; BIArrayIndex--)
+        {
+            if (pFirstOperand->pIntegerArray[BIArrayIndex] > pSecondOperand->pIntegerArray[BIArrayIndex])
+                return 1;
+            else if (pFirstOperand->pIntegerArray[BIArrayIndex] < pSecondOperand->pIntegerArray[BIArrayIndex])
+                return -1;
+        } /* End of for */
+    } /* End of if */
+
+    return 0;
+} /* End of BigInteger_Compare */
+
+
+VOID BigInteger_Add (
+    IN PBIG_INTEGER pFirstOperand,
+    IN PBIG_INTEGER pSecondOperand,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    INT CompareResult;
+    UINT32 BIArrayIndex;
+    UINT64 Sum, Carry;
+    PBIG_INTEGER pTempBI = NULL;
+
+    if  ((pFirstOperand == NULL) || (pFirstOperand->pIntegerArray == NULL)
+      || (pSecondOperand == NULL) || (pSecondOperand->pIntegerArray == NULL)) {
+        DEBUGPRINT("BigInteger_Add: first or second operand is NULL.\n");
+        return;
+    } /* End of if */
+
+    if (*pBI_Result == NULL)
+        BigInteger_Init(pBI_Result);
+
+    CompareResult = BigInteger_UnsignedCompare(pFirstOperand, pSecondOperand);
+    if ((CompareResult == 0) & ((pFirstOperand->Signed * pSecondOperand->Signed) < 0)) {
+        BigInteger_AllocSize(pBI_Result, 1);
+        return ;
+    } /* End of if */
+
+    /*
+     *  Singed table
+     *  A + B || A > B || A < B
+     *  ------------------------
+     *  +   + ||   +   ||   +
+     *  +   - ||   +   ||   -
+     *  -   + ||   -   ||   +
+     *  -   - ||   -   ||   -
+     */
+    if ((pFirstOperand->Signed * pSecondOperand->Signed) > 0) {
+        if (pFirstOperand->IntegerLength > pSecondOperand->IntegerLength) {
+                BigInteger_AllocSize(pBI_Result, pFirstOperand->IntegerLength + 1);
+        } else {
+                BigInteger_AllocSize(pBI_Result, pSecondOperand->IntegerLength + 1);
+        } /* End of if */
+
+        Carry = 0;
+        for (BIArrayIndex=0; BIArrayIndex < (*pBI_Result)->ArrayLength; BIArrayIndex++)
+        {
+
+            Sum = 0;
+            if (BIArrayIndex < pFirstOperand->ArrayLength)
+                Sum += (UINT64) pFirstOperand->pIntegerArray[BIArrayIndex];
+
+            if (BIArrayIndex < pSecondOperand->ArrayLength)
+                Sum += (UINT64) pSecondOperand->pIntegerArray[BIArrayIndex];
+
+            Sum += Carry;
+            Carry = Sum  >> 32;
+            (*pBI_Result)->pIntegerArray[BIArrayIndex] = (UINT32) (Sum & 0xffffffffUL);
+        } /* End of for */
+        (*pBI_Result)->Signed = pFirstOperand->Signed;
+        BigInteger_ClearHighBits(*pBI_Result);
+    } else {
+        if  ((pFirstOperand->Signed == 1) & (pSecondOperand->Signed == -1)) {
+            BigInteger_Copy(pSecondOperand, &pTempBI);
+            pTempBI->Signed = 1;
+            BigInteger_Sub(pFirstOperand, pTempBI, pBI_Result);
+        } else if ((pFirstOperand->Signed == -1) & (pSecondOperand->Signed == 1)) {
+            BigInteger_Copy(pFirstOperand, &pTempBI);
+            pTempBI->Signed = 1;
+            BigInteger_Sub(pSecondOperand, pTempBI, pBI_Result);
+        } /* End of if */
+    } /* End of if */
+
+    BigInteger_Free(&pTempBI);
+} /* End of BigInteger_Add */
+
+
+VOID BigInteger_Sub (
+    IN PBIG_INTEGER pFirstOperand,
+    IN PBIG_INTEGER pSecondOperand,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    INT CompareResult;
+    UINT32 BIArrayIndex, Carry;
+    PBIG_INTEGER pTempBI = NULL, pTempBI2 = NULL;
+
+    if  ((pFirstOperand == NULL) || (pFirstOperand->pIntegerArray == NULL)
+      || (pSecondOperand == NULL) || (pSecondOperand->pIntegerArray == NULL)) {
+        DEBUGPRINT("BigInteger_Sub: first or second operand is NULL.\n");
+        return;
+    } /* End of if */
+
+    if (*pBI_Result == NULL)
+        BigInteger_Init(pBI_Result);
+
+    CompareResult = BigInteger_UnsignedCompare(pFirstOperand, pSecondOperand);
+    if ((CompareResult == 0) & ((pFirstOperand->Signed * pSecondOperand->Signed) > 0)) {
+        BigInteger_AllocSize(pBI_Result, 1);
+        return ;
+    } /* End of if */
+
+    BigInteger_Init(&pTempBI);
+    BigInteger_Init(&pTempBI2);
+
+    /*
+     *  Singed table
+     *  A - B || A > B || A < B
+     *  ------------------------
+     *  +   + ||   +   ||   -
+     *  +   - ||   +   ||   +
+     *  -   + ||   -   ||   -
+     *  -   - ||   -   ||   +
+     */
+    if ((pFirstOperand->Signed * pSecondOperand->Signed) > 0) {
+        if (CompareResult == 1) {
+            BigInteger_Copy(pFirstOperand, &pTempBI);
+            BigInteger_Copy(pSecondOperand, &pTempBI2);
+        } else if (CompareResult == -1) {
+            BigInteger_Copy(pSecondOperand, &pTempBI);
+            BigInteger_Copy(pFirstOperand, &pTempBI2);
+        } /* End of if */
+
+        BigInteger_Copy(pTempBI, pBI_Result);
+        Carry = 0;
+        for (BIArrayIndex=0; BIArrayIndex < (*pBI_Result)->ArrayLength; BIArrayIndex++)
+        {
+            if (BIArrayIndex < pTempBI2->ArrayLength) {
+                if ((*pBI_Result)->pIntegerArray[BIArrayIndex] >= (pTempBI2->pIntegerArray[BIArrayIndex] - Carry)) {
+                    (*pBI_Result)->pIntegerArray[BIArrayIndex] = (*pBI_Result)->pIntegerArray[BIArrayIndex] - pTempBI2->pIntegerArray[BIArrayIndex] - Carry;
+                    Carry = 0;
+                } else {
+                    (*pBI_Result)->pIntegerArray[BIArrayIndex] = 0xffffffffUL - pTempBI2->pIntegerArray[BIArrayIndex] - Carry + (*pBI_Result)->pIntegerArray[BIArrayIndex] + 1;
+                    Carry = 1;
+                } /* End of if */
+            } else {
+                if ((*pBI_Result)->pIntegerArray[BIArrayIndex] >= Carry) {
+                    (*pBI_Result)->pIntegerArray[BIArrayIndex] -= Carry;
+                    Carry = 0;
+                } else {
+                    (*pBI_Result)->pIntegerArray[BIArrayIndex] = 0xffffffffUL - Carry;
+                    Carry = 1;
+                } /* End of if */
+            } /* End of if */
+        } /* End of for */
+
+        if  (((pFirstOperand->Signed == 1) & (pSecondOperand->Signed == 1) & (CompareResult == -1))
+          || ((pFirstOperand->Signed == -1) & (pSecondOperand->Signed == -1) & (CompareResult == 1)))
+            (*pBI_Result)->Signed = -1;
+
+        BigInteger_ClearHighBits(*pBI_Result);
+    } else {
+        if  ((pFirstOperand->Signed == 1) & (pSecondOperand->Signed == -1)) {
+            BigInteger_Copy(pSecondOperand, &pTempBI);
+            pTempBI->Signed = 1;
+            BigInteger_Add(pFirstOperand, pTempBI, pBI_Result);
+        } else if ((pFirstOperand->Signed == -1) & (pSecondOperand->Signed == 1)) {
+            BigInteger_Copy(pFirstOperand, &pTempBI);
+            pTempBI->Signed = 1;
+            BigInteger_Add(pTempBI, pSecondOperand, pBI_Result);
+            (*pBI_Result)->Signed = -1;
+        } /* End of if */
+    } /* End of if */
+
+    BigInteger_Free(&pTempBI);
+    BigInteger_Free(&pTempBI2);
+} /* End of BigInteger_Sub */
+
+
+VOID BigInteger_Mul (
+    IN PBIG_INTEGER pFirstOperand,
+    IN PBIG_INTEGER pSecondOperand,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+
+    UINT32 BIFirstIndex, BISecondIndex;
+    UINT64 FirstValue, SecondValue, Sum, Carry;
+
+    if  ((pFirstOperand == NULL) || (pFirstOperand->pIntegerArray == NULL)
+      || (pSecondOperand == NULL) || (pSecondOperand->pIntegerArray == NULL)) {
+        DEBUGPRINT("BigInteger_Mul: first or second operand is NULL.\n");
+        return;
+    } /* End of if */
+
+    /* The first or second operand is zero */
+    if  (((pFirstOperand->IntegerLength  == 1) && (pFirstOperand->pIntegerArray[0]  == 0))
+       ||((pSecondOperand->IntegerLength == 1) && (pSecondOperand->pIntegerArray[0] == 0))) {
+        BigInteger_AllocSize(pBI_Result, 1);
+        goto output;
+    } /* End of if */
+
+    /* The first or second operand is one */
+    if  ((pFirstOperand->IntegerLength  == 1) && (pFirstOperand->pIntegerArray[0]  == 1)) {
+        BigInteger_Copy(pSecondOperand, pBI_Result);
+        goto output;
+    } /* End of if */
+    if  ((pSecondOperand->IntegerLength  == 1) && (pSecondOperand->pIntegerArray[0]  == 1)) {
+        BigInteger_Copy(pFirstOperand, pBI_Result);
+        goto output;
+    } /* End of if */
+
+    BigInteger_AllocSize(pBI_Result, pFirstOperand->IntegerLength + pSecondOperand->IntegerLength);
+
+    for (BIFirstIndex=0; BIFirstIndex < pFirstOperand->ArrayLength; BIFirstIndex++)
+    {
+        Carry = 0;
+        FirstValue = (UINT64) pFirstOperand->pIntegerArray[BIFirstIndex];
+        if (FirstValue == 0) {
+            continue;
+        } else {
+            for (BISecondIndex=0; BISecondIndex < pSecondOperand->ArrayLength; BISecondIndex++)
+            {
+                SecondValue = ((UINT64) pSecondOperand->pIntegerArray[BISecondIndex])*FirstValue;
+                Sum = (UINT64) ((*pBI_Result)->pIntegerArray[BIFirstIndex + BISecondIndex] + SecondValue + Carry);
+                Carry = Sum >> 32;
+                (*pBI_Result)->pIntegerArray[BIFirstIndex + BISecondIndex] = (UINT32) (Sum & 0xffffffffUL);
+            } /* End of for */
+            while (Carry != 0) {
+                Sum = (UINT64) (*pBI_Result)->pIntegerArray[BIFirstIndex + BISecondIndex];
+                Sum += Carry;
+
+                Carry = Sum >> 32;
+                (*pBI_Result)->pIntegerArray[BIFirstIndex + BISecondIndex] = (UINT32) (Sum & 0xffffffffUL);
+                BISecondIndex++;
+            } /* End of while */
+        } /* End of if */
+    } /* End of for */
+
+output:
+    (*pBI_Result)->Signed = pFirstOperand->Signed * pSecondOperand->Signed;
+    BigInteger_ClearHighBits(*pBI_Result);
+} /* End of BigInteger_Mul */
+
+
+VOID BigInteger_Square (
+    IN PBIG_INTEGER pBI,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    INT BIFirstIndex, BISecondIndex;
+       UINT32 HBITS_Value, LBITS_Value, Temp1_Value, Temp2_Value, Carry32;
+       UINT32 *Point_Of_S, *Point_Of_Result, *Point_Of_BI;
+    UINT64 Result64_1, Result64_2, Carry64, TempValue64;
+
+    if ((pBI == NULL) || (pBI->pIntegerArray == NULL)) {
+        DEBUGPRINT("\tBigInteger_Square: the operand is NULL.\n");
+        return;
+    } /* End of if */
+
+    /* The operand is zero */
+    if  ((pBI->IntegerLength  == 1) && (pBI->pIntegerArray[0]  ==  0)) {
+        BigInteger_AllocSize(pBI_Result, 1);
+        goto output;
+    } /* End of if */
+
+    BigInteger_AllocSize(pBI_Result, (pBI->IntegerLength*2) + 20);
+    BigInteger_AllocSize(&pBI_S, (pBI->IntegerLength*2) + 20);
+    BigInteger_AllocSize(&pBI_O, (pBI->IntegerLength*2) + 20);
+
+    /*
+     * Input: pBI = {a_0, a_1, a_2, a_3, ..., a_n}
+     * Step1. calculate a_0^2, a_1^2, a_2^2, a_3^2 ... a_n^2
+     */
+       Point_Of_S = pBI_S->pIntegerArray;
+    for (BIFirstIndex=0; BIFirstIndex < pBI->ArrayLength; BIFirstIndex++)
+    {
+       HBITS_Value = UINT32_HBITS(pBI->pIntegerArray[BIFirstIndex]);
+               LBITS_Value = UINT32_LBITS(pBI->pIntegerArray[BIFirstIndex]);
+               Temp1_Value = HBITS_Value*LBITS_Value;
+               Temp2_Value = (Temp1_Value & 0x7fff) << 0x11;
+               Point_Of_S[0] = (LBITS_Value*LBITS_Value) + Temp2_Value;
+               Point_Of_S[1] = (HBITS_Value*HBITS_Value) + ((Temp1_Value >> 0xf) & 0x1ffff);
+               if (Point_Of_S[0] < Temp2_Value)
+                       Point_Of_S[1] += 1;
+
+               Point_Of_S += 2;
+    } /* End of for */
+
+    /*
+     * Step2. calculate a_0*{a_1, a_2, a_3, a_4, ..., a_n}
+     */
+    Point_Of_BI = pBI->pIntegerArray;
+    Point_Of_Result = (*pBI_Result)->pIntegerArray;
+    Point_Of_Result[0] = 0;
+    TempValue64 = (UINT64) Point_Of_BI[0];
+    Point_Of_Result++;
+    Carry64 = 0;
+    for (BIFirstIndex=1; BIFirstIndex < pBI->ArrayLength; BIFirstIndex++)
+    {
+        Result64_1 =  (UINT64) Point_Of_BI[BIFirstIndex]*TempValue64;
+        Result64_1 += Carry64;
+        Carry64 = (Result64_1 >> 32);
+        Point_Of_Result[0] = (UINT32) (Result64_1 & 0xffffffffUL);
+        Point_Of_Result++;
+    } /* End of for */
+    if (Carry64 > 0)
+        Point_Of_Result[0] = (UINT32) (Carry64 & 0xffffffffUL);
+
+    /*
+     * Step3. calculate
+     *           a_1*{a_2, a_3, a_4, ..., a_n}
+     *           a_2*{a_3, a_4, a_5, ..., a_n}
+     *           a_3*{a_4, a_5, a_6, ..., a_n}
+     *           a_4*{a_5, a_6, a_7, ..., a_n}
+     *           ...
+     *           a_n-1*{a_n}
+     */
+    Point_Of_BI = pBI->pIntegerArray;
+    for (BIFirstIndex=1; BIFirstIndex < (pBI->ArrayLength - 1); BIFirstIndex++)
+    {
+        Point_Of_Result = (*pBI_Result)->pIntegerArray;
+        Point_Of_Result += (BIFirstIndex*2) + 1;
+        TempValue64 = (UINT64) Point_Of_BI[BIFirstIndex];
+        Carry64 = 0;
+        for (BISecondIndex=(BIFirstIndex + 1); BISecondIndex < pBI->ArrayLength; BISecondIndex++)
+        {
+            Result64_1 = ((UINT64) Point_Of_Result[0]) + Carry64;
+            Result64_2 = (UINT64) Point_Of_BI[BISecondIndex]*TempValue64;
+            Carry64 = (Result64_1 >> 32);
+            Result64_1 = (Result64_1 & 0xffffffffUL);
+            Result64_1 = Result64_1 + Result64_2;
+            Carry64 += (Result64_1 >> 32);
+            Point_Of_Result[0] = (UINT32) (Result64_1 & 0xffffffffUL);
+            Point_Of_Result++;
+        } /* End of for */
+        if (Carry64 > 0)
+            Point_Of_Result[0] += (UINT32) (Carry64 & 0xffffffffUL);
+    } /* End of for */
+
+    BigInteger_ClearHighBits(*pBI_Result);
+    BigInteger_Copy(*pBI_Result, &pBI_O);
+
+    Carry32 = 0;
+       for (BIFirstIndex=0; BIFirstIndex < pBI_O->ArrayLength; BIFirstIndex++) {
+        pBI_O->pIntegerArray[BIFirstIndex] = (pBI_O->pIntegerArray[BIFirstIndex] << 1) | Carry32;
+        if (pBI_O->pIntegerArray[BIFirstIndex] < (*pBI_Result)->pIntegerArray[BIFirstIndex])
+            Carry32 = 1;
+        else
+            Carry32 = 0;
+    } /* End of for */
+    pBI_O->pIntegerArray[BIFirstIndex] = Carry32;
+    pBI_O->IntegerLength++;
+    pBI_O->ArrayLength++;
+    BigInteger_ClearHighBits(pBI_O);
+
+    BigInteger_Add(pBI_O, pBI_S, pBI_Result);
+output:
+    (*pBI_Result)->Signed = 1;
+    BigInteger_ClearHighBits(*pBI_Result);
+} /* End of BigInteger_Square */
+
+
+VOID BigInteger_Div (
+    IN PBIG_INTEGER pFirstOperand,
+    IN PBIG_INTEGER pSecondOperand,
+    OUT PBIG_INTEGER *pBI_Result,
+    OUT PBIG_INTEGER *pBI_Remainder)
+{
+    INT CompareResult;
+    INT Index, MulIndex, ComputeSize;
+    UINT32 MulStart;
+    UINT AllocLength, ArrayIndex, ShiftIndex;
+    PBIG_INTEGER pTempBI = NULL, pTempBI2 = NULL, pMulBI = NULL;
+    UINT8 SecondHighByte;
+
+    if  ((pFirstOperand == NULL) || (pFirstOperand->pIntegerArray == NULL)
+      || (pSecondOperand == NULL) || (pSecondOperand->pIntegerArray == NULL)) {
+        DEBUGPRINT("BigInteger_Div: first or second operand is NULL.\n");
+        return;
+    } /* End of if */
+
+    /* The second operand is zero */
+    if ((pSecondOperand->IntegerLength == 1) && (pSecondOperand->pIntegerArray[0] == 0)) {
+        DEBUGPRINT("BigInteger_Div: second operand is zero.\n");
+        return;
+    } /* End of if */
+
+    if (*pBI_Result == NULL)
+        BigInteger_Init(pBI_Result);
+    if (*pBI_Remainder == NULL)
+        BigInteger_Init(pBI_Remainder);
+
+    /* The second operand is one */
+    if  ((pSecondOperand->IntegerLength  == 1) && (pSecondOperand->pIntegerArray[0]  == 1)) {
+        BigInteger_Copy(pFirstOperand, pBI_Result);
+        BigInteger_Bin2BI(Value_0, 1, pBI_Remainder);
+        goto output;
+    } /* End of if */
+
+    CompareResult = BigInteger_UnsignedCompare(pFirstOperand, pSecondOperand);
+    if (CompareResult == 0) {
+        BigInteger_Bin2BI(Value_1, 1, pBI_Result);
+        BigInteger_Bin2BI(Value_0, 1, pBI_Remainder);
+        goto output;
+    } else if (CompareResult == -1) {
+        BigInteger_Bin2BI(Value_0, 1, pBI_Result);
+        BigInteger_Copy(pFirstOperand, pBI_Remainder);
+        goto output;
+    } /* End of if */
+    BigInteger_AllocSize(pBI_Result, pFirstOperand->IntegerLength - pSecondOperand->IntegerLength + 1);
+    BigInteger_AllocSize(pBI_Remainder, pSecondOperand->IntegerLength);
+
+    AllocLength = (UINT) (pFirstOperand->IntegerLength << 1);
+    BigInteger_AllocSize(&pTempBI, AllocLength);
+    BigInteger_AllocSize(&pTempBI2, AllocLength);
+    BigInteger_AllocSize(&pMulBI, AllocLength);
+
+    BigInteger_Copy(pFirstOperand, pBI_Remainder);
+    SecondHighByte = BigInteger_GetByteValue(pSecondOperand, pSecondOperand->IntegerLength);
+    ComputeSize = (INT) pFirstOperand->IntegerLength - pSecondOperand->IntegerLength + 1;
+    for (Index = (INT) ComputeSize;Index >= 0;Index--) {
+        if (BigInteger_UnsignedCompare(*pBI_Remainder, pSecondOperand) == -1)
+            break;
+
+        if (((pSecondOperand->IntegerLength + Index) - (*pBI_Remainder)->IntegerLength) <= 1) {
+            BigInteger_AllocSize(&pMulBI, Index + 1);
+            ArrayIndex = 0;
+            if (Index > 0)
+                ArrayIndex = (UINT) (Index - 1) >> 2 ;
+            ShiftIndex = (Index & 0x03);
+            if (ShiftIndex == 0)
+                ShiftIndex = 4;
+            ShiftIndex--;
+            MulStart = 0;
+            MulStart = (BigInteger_GetByteValue((*pBI_Remainder), pFirstOperand->IntegerLength + Index - ComputeSize + 1) & 0xFF) << 8;
+            MulStart = MulStart | (BigInteger_GetByteValue((*pBI_Remainder), pFirstOperand->IntegerLength + Index - ComputeSize) & 0xFF);
+            if (MulStart < (UINT32) SecondHighByte)
+                continue;
+
+            MulStart = MulStart / (UINT32) SecondHighByte;
+
+            if (MulStart > 0xFF)
+                MulStart = 0x100;
+
+            for (MulIndex = (INT) MulStart;MulIndex <= 0x101;MulIndex++) { /* 0xFFFF / 0xFF = 0x101 */
+                if ((MulIndex > 0xFF) && (ShiftIndex == 3))
+                        pMulBI->pIntegerArray[ArrayIndex + 1] = 0x01;
+                pMulBI->pIntegerArray[ArrayIndex] = ((UINT) MulIndex << (8*ShiftIndex));
+                BigInteger_Mul(pSecondOperand, pMulBI , &pTempBI);
+                CompareResult = BigInteger_UnsignedCompare(*pBI_Remainder, pTempBI);
+                if (CompareResult < 1) {
+                    if (MulIndex > 1) {
+                        if (CompareResult != 0) {
+                            if ((MulIndex == 0x100) && (ShiftIndex == 3))
+                                   pMulBI->pIntegerArray[ArrayIndex + 1] = 0;
+                            pMulBI->pIntegerArray[ArrayIndex] = ((UINT) (MulIndex - 1) << (8*ShiftIndex));
+                        } /* End of if */
+
+                        BigInteger_Mul(pSecondOperand, pMulBI, &pTempBI);
+                        BigInteger_Sub(*pBI_Remainder, pTempBI, &pTempBI2);
+                        BigInteger_Copy(pTempBI2, pBI_Remainder);
+                        BigInteger_Add(*pBI_Result, pMulBI, &pTempBI2);
+                        BigInteger_Copy(pTempBI2, pBI_Result);
+                    } /* End of if */
+                    break;
+                } /* End of if */
+
+                if ((MulIndex >= 0x100) && (ShiftIndex == 3))
+                   pMulBI->pIntegerArray[ArrayIndex++] = 0;
+                pMulBI->pIntegerArray[ArrayIndex] = 0;
+            } /* End of for */
+        } /* End of if */
+    } /* End of for */
+
+    BigInteger_Free(&pTempBI);
+    BigInteger_Free(&pTempBI2);
+    BigInteger_Free(&pMulBI);
+output:
+    (*pBI_Result)->Signed = pFirstOperand->Signed * pSecondOperand->Signed;
+    (*pBI_Remainder)->Signed = pFirstOperand->Signed * pSecondOperand->Signed;
+    BigInteger_ClearHighBits(*pBI_Result);
+    BigInteger_ClearHighBits(*pBI_Remainder);
+} /* End of BigInteger_Div */
+
+
+VOID BigInteger_Montgomery_Reduction (
+    IN PBIG_INTEGER pBI_A,
+    IN PBIG_INTEGER pBI_P,
+     IN PBIG_INTEGER pBI_R,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    UINT32 *Point_P, *Point_Result;
+    UINT32 LoopCount;
+    UINT64 Result64_1, Result64_2, Carry64, TempValue64;
+    INT FirstLoop, SecondLoop;
+
+    BigInteger_AllocSize(pBI_Result, pBI_A->IntegerLength+ pBI_P->IntegerLength + 20);
+    BigInteger_Copy(pBI_A, pBI_Result);
+
+    Point_P = pBI_P->pIntegerArray;
+    Point_Result = (*pBI_Result)->pIntegerArray;
+
+    LoopCount = Bits_Of_R >> 0x5;
+    for (FirstLoop = 0;FirstLoop < LoopCount;FirstLoop++) {
+        Carry64 = 0;
+        TempValue64 = (UINT64) Point_Result[0];
+        for (SecondLoop = 0;SecondLoop < pBI_P->ArrayLength;SecondLoop++) {
+            Result64_1 = ((UINT64) Point_Result[SecondLoop]) + Carry64;
+            Result64_2 = (UINT64) Point_P[SecondLoop]*TempValue64;
+            Carry64 = (Result64_1 >> 32);
+            Result64_1 = (Result64_1 & 0xffffffffUL);
+            Result64_1 = Result64_1 + Result64_2;
+            Carry64 += (Result64_1 >> 32);
+            Point_Result[SecondLoop] = (UINT32) (Result64_1 & 0xffffffffUL);
+        } /* End of for */
+        while (Carry64 != 0) {
+          Result64_1 = ((UINT64) Point_Result[SecondLoop]) + Carry64;
+          Carry64 = Result64_1 >> 32;
+          Point_Result[SecondLoop] = (UINT32) (Result64_1 & 0xffffffffUL);
+          SecondLoop++;
+        } /* End of while */
+        Point_Result++;
+    } /* End of for */
+
+    for (FirstLoop = 0;FirstLoop <= LoopCount;FirstLoop++) {
+        (*pBI_Result)->pIntegerArray[FirstLoop] = (*pBI_Result)->pIntegerArray[FirstLoop + LoopCount];
+    } /* End of for */
+    if ((*pBI_Result)->pIntegerArray[LoopCount] != 0)
+        (*pBI_Result)->ArrayLength = LoopCount + 1;
+    else
+        (*pBI_Result)->ArrayLength = LoopCount;
+
+    (*pBI_Result)->IntegerLength = (*pBI_Result)->ArrayLength*4;
+    BigInteger_ClearHighBits(*pBI_Result);
+
+    if (BigInteger_UnsignedCompare(*pBI_Result, pBI_P) >= 0) {
+        BigInteger_Sub(*pBI_Result, pBI_P, &pBI_U);
+        BigInteger_Copy(pBI_U, pBI_Result);
+    } /* End of if */
+    BigInteger_ClearHighBits(*pBI_Result);
+} /* End of BigInteger_Montgomery_Reduction */
+
+
+VOID BigInteger_Montgomery_ExpMod (
+    IN PBIG_INTEGER pBI_G,
+    IN PBIG_INTEGER pBI_E,
+    IN PBIG_INTEGER pBI_P,
+    OUT PBIG_INTEGER *pBI_Result)
+{
+    UINT Bits_Of_P;
+    UINT32 Index, Index2, AllocLength;
+       UINT32 Sliding_Value , Sliding_HighValue, Sliding_LowValue;
+    PBIG_INTEGER pBI_Temp1 = NULL, pBI_Temp2 = NULL;
+    PBIG_INTEGER pBI_X = NULL, pBI_R = NULL, pBI_RR = NULL, pBI_1 = NULL;
+    BIG_INTEGER *pBI_A[SLIDING_WINDOW];
+    UINT8 *pRValue = NULL;
+
+    AllocLength = (pBI_G->IntegerLength + pBI_E->IntegerLength + pBI_P->IntegerLength + 300);
+    BigInteger_AllocSize(&pBI_Temp1, AllocLength);
+    BigInteger_AllocSize(&pBI_Temp2, AllocLength);
+
+    /* Calculate the bits of P and E, the highest bit is 1 */
+    BigInteger_BitsOfBI(pBI_P, &Bits_Of_P);
+
+    if ((pBI_E->IntegerLength == 1) && (pBI_E->pIntegerArray[0] == 1)) {
+        BigInteger_Div(pBI_G, pBI_P, &pBI_Temp1, pBI_Result);
+        goto memory_free;
+    } /* End of if */
+
+    if ((pBI_E->IntegerLength == 1) && (pBI_E->pIntegerArray[0] == 2)) {
+        BigInteger_Mul(pBI_G, pBI_G, &pBI_Temp1);
+        BigInteger_Div(pBI_Temp1, pBI_P, &pBI_Temp2, pBI_Result);
+        goto memory_free;
+    } /* End of if */
+
+    /*
+     * Main algorithm
+     */
+    BigInteger_Init(&pBI_R);
+    BigInteger_Init(&pBI_RR);
+    BigInteger_Bin2BI(Value_1, 1, &pBI_1);
+    BigInteger_AllocSize(&pBI_X, AllocLength);
+    BigInteger_AllocSize(&pBI_U, AllocLength); // for BigInteger_Montgomery_Reduction
+    BigInteger_AllocSize(&pBI_S, AllocLength); // for BigInteger_Square
+    BigInteger_AllocSize(&pBI_O, AllocLength); // for BigInteger_Square
+
+    for (Index = 0; Index < SLIDING_WINDOW; Index++) {
+        pBI_A[Index] = NULL;
+               BigInteger_AllocSize(&pBI_A[Index], 193);
+    } /* End of for */
+    BigInteger_Bin2BI(WPS_DH_P_VALUE, 192, &pBI_Temp1);
+    if (NdisCmpMemory(pBI_P->pIntegerArray, pBI_Temp1->pIntegerArray, pBI_P->IntegerLength) == 0) {
+        BigInteger_Bin2BI(WPS_DH_X_VALUE, 184, &pBI_X);
+        BigInteger_Bin2BI(WPS_DH_R_VALUE, 193, &pBI_R);
+        BigInteger_Bin2BI(WPS_DH_RRModP_VALUE, 192, &pBI_RR);
+        Bits_Of_R = 1537;
+    } else {
+        if ((Bits_Of_P % 8) == 0) {
+            AllocLength = pBI_P->IntegerLength + 1;
+        } else {
+            AllocLength = pBI_P->IntegerLength;
+        } /* End of if */
+        pRValue = (UINT8 *) kmalloc(sizeof(UINT8)*AllocLength, GFP_ATOMIC);
+       if (pRValue == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s():Alloc memory failed\n", __FUNCTION__));
+               goto memory_free;
+       }
+        NdisZeroMemory(pRValue, sizeof(UINT8)*AllocLength);
+        pRValue[0] = (UINT8) (1 << (Bits_Of_P & 0x7));
+        BigInteger_Bin2BI(pRValue, AllocLength , &pBI_R);
+
+        BigInteger_Mul(pBI_R, pBI_R, &pBI_Temp1);
+        BigInteger_Div(pBI_Temp1, pBI_P, &pBI_A[1], &pBI_RR);
+
+        /* X = 1*R (mod P) */
+        BigInteger_Div(pBI_R, pBI_P, &pBI_Temp2, &pBI_X);
+    } /* End of if */
+
+    /* A = G*R (mod P) => A = MonMod(G, R^2 mod P) */
+    BigInteger_Mul(pBI_G, pBI_RR, &pBI_Temp1);
+    BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P , pBI_R, &pBI_A[1]);
+    for (Index = 2; Index < SLIDING_WINDOW; Index++) {
+        BigInteger_Mul(pBI_A[Index - 1], pBI_A[1], &pBI_Temp1);
+           BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P, pBI_R, &pBI_A[Index]);
+    } /* End of for */
+
+    for (Index = pBI_E->IntegerLength ; Index > 0 ; Index--) {
+        for (Index2 = 0; Index2 < 4 ; Index2++) {
+            BigInteger_Square(pBI_X, &pBI_Temp1);
+                       BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P, pBI_R, &pBI_X);
+           } /* End of for */
+
+               Sliding_Value = BigInteger_GetByteValue(pBI_E, Index);
+               Sliding_HighValue = (Sliding_Value >> 4);
+               if (Sliding_HighValue != 0) {
+            BigInteger_Mul(pBI_A[Sliding_HighValue], pBI_X, &pBI_Temp1);
+                       BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P, pBI_R, &pBI_X);
+               } /* End of if */
+
+        for (Index2 = 0; Index2 < 4 ; Index2++) {
+            BigInteger_Square(pBI_X, &pBI_Temp1);
+                       BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P, pBI_R, &pBI_X);
+           } /* End of for */
+
+               Sliding_LowValue = Sliding_Value & 0x0f;
+               if (Sliding_LowValue != 0) {
+            BigInteger_Mul(pBI_A[Sliding_LowValue], pBI_X, &pBI_Temp1);
+                       BigInteger_Montgomery_Reduction(pBI_Temp1, pBI_P, pBI_R, &pBI_X);
+               } /* End of if */
+    } /* End of for */
+    BigInteger_Montgomery_Reduction(pBI_X, pBI_P , pBI_R, pBI_Result);
+
+    BigInteger_Free(&pBI_X);
+    BigInteger_Free(&pBI_R);
+    BigInteger_Free(&pBI_RR);
+    BigInteger_Free(&pBI_1);
+    BigInteger_Free(&pBI_U);
+    BigInteger_Free(&pBI_S);
+    BigInteger_Free(&pBI_O);
+    for(Index = 0; Index < SLIDING_WINDOW; Index++)
+                       BigInteger_Free(&pBI_A[Index]);
+    if (pRValue != NULL)
+        kfree(pRValue);
+
+memory_free:
+    BigInteger_Free(&pBI_Temp1);
+    BigInteger_Free(&pBI_Temp2);
+} /* End of BigInteger_Montgomery_ExpMod */
+
+/* End of crypt_biginteger.c */
diff --git a/drivers/staging/rt3090/common/crypt_dh.c b/drivers/staging/rt3090/common/crypt_dh.c
new file mode 100644 (file)
index 0000000..0f69f2a
--- /dev/null
@@ -0,0 +1,234 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       crypt_dh.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Eddy        2009/01/19      Create AES-128, AES-192, AES-256, AES-CBC
+*/
+
+#include "crypt_dh.h"
+#include "crypt_biginteger.h"
+
+/*
+========================================================================
+Routine Description:
+    Diffie-Hellman public key generation
+
+Arguments:
+    GValue           Array in UINT8
+    GValueLength     The length of G in bytes
+    PValue           Array in UINT8
+    PValueLength     The length of P in bytes
+    PrivateKey       Private key
+    PrivateKeyLength The length of Private key in bytes
+
+Return Value:
+    PublicKey       Public key
+    PublicKeyLength The length of public key in bytes
+
+Note:
+    Reference to RFC2631
+    PublicKey = G^PrivateKey (mod P)
+========================================================================
+*/
+void DH_PublicKey_Generate (
+    IN UINT8 GValue[],
+    IN UINT GValueLength,
+    IN UINT8 PValue[],
+    IN UINT PValueLength,
+    IN UINT8 PrivateKey[],
+    IN UINT PrivateKeyLength,
+    OUT UINT8 PublicKey[],
+    INOUT UINT *PublicKeyLength)
+{
+    PBIG_INTEGER pBI_G = NULL;
+    PBIG_INTEGER pBI_P = NULL;
+    PBIG_INTEGER pBI_PrivateKey = NULL;
+    PBIG_INTEGER pBI_PublicKey = NULL;
+
+    /*
+     * 1. Check the input parameters
+     *    - GValueLength, PValueLength and PrivateLength must be large than zero
+     *    - PublicKeyLength must be large or equal than PValueLength
+     *    - PValue must be odd
+     *
+     *    - PValue must be prime number (no implement)
+     *    - GValue must be greater than 0 but less than the PValue (no implement)
+     */
+    if (GValueLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_PublicKey_Generate: G length is (%d)\n", GValueLength));
+        return;
+    } /* End of if */
+    if (PValueLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_PublicKey_Generate: P length is (%d)\n", PValueLength));
+        return;
+    } /* End of if */
+    if (PrivateKeyLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_PublicKey_Generate: private key length is (%d)\n", PrivateKeyLength));
+        return;
+    } /* End of if */
+    if (*PublicKeyLength < PValueLength) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_PublicKey_Generate: public key length(%d) must be large or equal than P length(%d)\n",
+            *PublicKeyLength, PValueLength));
+        return;
+    } /* End of if */
+    if (!(PValue[PValueLength - 1] & 0x1)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_PublicKey_Generate: P value must be odd\n"));
+        return;
+    } /* End of if */
+
+    /*
+     * 2. Transfer parameters to BigInteger structure
+     */
+    BigInteger_Init(&pBI_G);
+    BigInteger_Init(&pBI_P);
+    BigInteger_Init(&pBI_PrivateKey);
+    BigInteger_Init(&pBI_PublicKey);
+    BigInteger_Bin2BI(GValue, GValueLength, &pBI_G);
+    BigInteger_Bin2BI(PValue, PValueLength, &pBI_P);
+    BigInteger_Bin2BI(PrivateKey, PrivateKeyLength, &pBI_PrivateKey);
+
+    /*
+     * 3. Calculate PublicKey = G^PrivateKey (mod P)
+     *    - BigInteger Operation
+     *    - Montgomery reduction
+     */
+    BigInteger_Montgomery_ExpMod(pBI_G, pBI_PrivateKey, pBI_P, &pBI_PublicKey);
+
+    /*
+     * 4. Transfer BigInteger structure to char array
+     */
+    BigInteger_BI2Bin(pBI_PublicKey, PublicKey, PublicKeyLength);
+
+    BigInteger_Free(&pBI_G);
+    BigInteger_Free(&pBI_P);
+    BigInteger_Free(&pBI_PrivateKey);
+    BigInteger_Free(&pBI_PublicKey);
+} /* End of DH_PublicKey_Generate */
+
+
+/*
+========================================================================
+Routine Description:
+    Diffie-Hellman secret key generation
+
+Arguments:
+    PublicKey        Public key
+    PublicKeyLength  The length of Public key in bytes
+    PValue           Array in UINT8
+    PValueLength     The length of P in bytes
+    PrivateKey       Private key
+    PrivateKeyLength The length of Private key in bytes
+
+Return Value:
+    SecretKey        Secret key
+    SecretKeyLength  The length of secret key in bytes
+
+Note:
+    Reference to RFC2631
+    SecretKey = PublicKey^PrivateKey (mod P)
+========================================================================
+*/
+void DH_SecretKey_Generate (
+    IN UINT8 PublicKey[],
+    IN UINT PublicKeyLength,
+    IN UINT8 PValue[],
+    IN UINT PValueLength,
+    IN UINT8 PrivateKey[],
+    IN UINT PrivateKeyLength,
+    OUT UINT8 SecretKey[],
+    INOUT UINT *SecretKeyLength)
+{
+    PBIG_INTEGER pBI_P = NULL;
+    PBIG_INTEGER pBI_SecretKey = NULL;
+    PBIG_INTEGER pBI_PrivateKey = NULL;
+    PBIG_INTEGER pBI_PublicKey = NULL;
+
+    /*
+     * 1. Check the input parameters
+     *    - PublicKeyLength, PValueLength and PrivateLength must be large than zero
+     *    - SecretKeyLength must be large or equal than PValueLength
+     *    - PValue must be odd
+     *
+     *    - PValue must be prime number (no implement)
+     */
+    if (PublicKeyLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_SecretKey_Generate: public key length is (%d)\n", PublicKeyLength));
+        return;
+    } /* End of if */
+    if (PValueLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_SecretKey_Generate: P length is (%d)\n", PValueLength));
+        return;
+    } /* End of if */
+    if (PrivateKeyLength == 0) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_SecretKey_Generate: private key length is (%d)\n", PrivateKeyLength));
+        return;
+    } /* End of if */
+    if (*SecretKeyLength < PValueLength) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_SecretKey_Generate: secret key length(%d) must be large or equal than P length(%d)\n",
+            *SecretKeyLength, PValueLength));
+        return;
+    } /* End of if */
+    if (!(PValue[PValueLength - 1] & 0x1)) {
+       DBGPRINT(RT_DEBUG_ERROR, ("DH_SecretKey_Generate: P value must be odd\n"));
+        return;
+    } /* End of if */
+
+    /*
+     * 2. Transfer parameters to BigInteger structure
+     */
+    BigInteger_Init(&pBI_P);
+    BigInteger_Init(&pBI_PrivateKey);
+    BigInteger_Init(&pBI_PublicKey);
+    BigInteger_Init(&pBI_SecretKey);
+
+    BigInteger_Bin2BI(PublicKey, PublicKeyLength, &pBI_PublicKey);
+    BigInteger_Bin2BI(PValue, PValueLength, &pBI_P);
+    BigInteger_Bin2BI(PrivateKey, PrivateKeyLength, &pBI_PrivateKey);
+
+    /*
+     * 3. Calculate SecretKey = PublicKey^PrivateKey (mod P)
+     *    - BigInteger Operation
+     *    - Montgomery reduction
+     */
+    BigInteger_Montgomery_ExpMod(pBI_PublicKey, pBI_PrivateKey, pBI_P, &pBI_SecretKey);
+
+    /*
+     * 4. Transfer BigInteger structure to char array
+     */
+    BigInteger_BI2Bin(pBI_SecretKey, SecretKey, SecretKeyLength);
+
+    BigInteger_Free(&pBI_P);
+    BigInteger_Free(&pBI_PrivateKey);
+    BigInteger_Free(&pBI_PublicKey);
+    BigInteger_Free(&pBI_SecretKey);
+} /* End of DH_SecretKey_Generate */
diff --git a/drivers/staging/rt3090/common/crypt_hmac.c b/drivers/staging/rt3090/common/crypt_hmac.c
new file mode 100644 (file)
index 0000000..e285408
--- /dev/null
@@ -0,0 +1,279 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************/
+
+#include "../crypt_hmac.h"
+
+
+#ifdef HMAC_SHA1_SUPPORT
+/*
+========================================================================
+Routine Description:
+    HMAC using SHA1 hash function
+
+Arguments:
+    key             Secret key
+    key_len         The length of the key in bytes
+    message         Message context
+    message_len     The length of message in bytes
+    macLen          Request the length of message authentication code
+
+Return Value:
+    mac             Message authentication code
+
+Note:
+    None
+========================================================================
+*/
+VOID HMAC_SHA1 (
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen)
+{
+    SHA1_CTX_STRUC sha_ctx1;
+    SHA1_CTX_STRUC sha_ctx2;
+    UINT8 K0[SHA1_BLOCK_SIZE];
+    UINT8 Digest[SHA1_DIGEST_SIZE];
+    UINT index;
+
+    NdisZeroMemory(&sha_ctx1, sizeof(SHA1_CTX_STRUC));
+    NdisZeroMemory(&sha_ctx2, sizeof(SHA1_CTX_STRUC));
+    /*
+     * If the length of K = B(Block size): K0 = K.
+     * If the length of K > B: hash K to obtain an L byte string,
+     * then append (B-L) zeros to create a B-byte string K0 (i.e., K0 = H(K) || 00...00).
+     * If the length of K < B: append zeros to the end of K to create a B-byte string K0
+     */
+    NdisZeroMemory(K0, SHA1_BLOCK_SIZE);
+    if (KeyLen <= SHA1_BLOCK_SIZE)
+        NdisMoveMemory(K0, Key, KeyLen);
+    else
+        RT_SHA1(Key, KeyLen, K0);
+    /* End of if */
+
+    /* Exclusive-Or K0 with ipad */
+    /* ipad: Inner pad; the byte x��36�� repeated B times. */
+    for (index = 0; index < SHA1_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36;
+        /* End of for */
+
+    SHA1_Init(&sha_ctx1);
+    /* H(K0^ipad) */
+    SHA1_Append(&sha_ctx1, K0, sizeof(K0));
+    /* H((K0^ipad)||text) */
+    SHA1_Append(&sha_ctx1, Message, MessageLen);
+    SHA1_End(&sha_ctx1, Digest);
+
+    /* Exclusive-Or K0 with opad and remove ipad */
+    /* opad: Outer pad; the byte x��5c�� repeated B times. */
+    for (index = 0; index < SHA1_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36^0x5c;
+        /* End of for */
+
+    SHA1_Init(&sha_ctx2);
+    /* H(K0^opad) */
+    SHA1_Append(&sha_ctx2, K0, sizeof(K0));
+    /* H( (K0^opad) || H((K0^ipad)||text) ) */
+    SHA1_Append(&sha_ctx2, Digest, SHA1_DIGEST_SIZE);
+    SHA1_End(&sha_ctx2, Digest);
+
+    if (MACLen > SHA1_DIGEST_SIZE)
+        NdisMoveMemory(MAC, Digest, SHA1_DIGEST_SIZE);
+    else
+        NdisMoveMemory(MAC, Digest, MACLen);
+} /* End of HMAC_SHA1 */
+#endif /* HMAC_SHA1_SUPPORT */
+
+
+#ifdef HMAC_SHA256_SUPPORT
+/*
+========================================================================
+Routine Description:
+    HMAC using SHA256 hash function
+
+Arguments:
+    key             Secret key
+    key_len         The length of the key in bytes
+    message         Message context
+    message_len     The length of message in bytes
+    macLen          Request the length of message authentication code
+
+Return Value:
+    mac             Message authentication code
+
+Note:
+    None
+========================================================================
+*/
+VOID HMAC_SHA256 (
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen)
+{
+    SHA256_CTX_STRUC sha_ctx1;
+    SHA256_CTX_STRUC sha_ctx2;
+    UINT8 K0[SHA256_BLOCK_SIZE];
+    UINT8 Digest[SHA256_DIGEST_SIZE];
+    UINT index;
+
+    NdisZeroMemory(&sha_ctx1, sizeof(SHA256_CTX_STRUC));
+    NdisZeroMemory(&sha_ctx2, sizeof(SHA256_CTX_STRUC));
+    /*
+     * If the length of K = B(Block size): K0 = K.
+     * If the length of K > B: hash K to obtain an L byte string,
+     * then append (B-L) zeros to create a B-byte string K0 (i.e., K0 = H(K) || 00...00).
+     * If the length of K < B: append zeros to the end of K to create a B-byte string K0
+     */
+    NdisZeroMemory(K0, SHA256_BLOCK_SIZE);
+    if (KeyLen <= SHA256_BLOCK_SIZE) {
+        NdisMoveMemory(K0, Key, KeyLen);
+    } else {
+        RT_SHA256(Key, KeyLen, K0);
+    }
+
+    /* Exclusive-Or K0 with ipad */
+    /* ipad: Inner pad; the byte x��36�� repeated B times. */
+    for (index = 0; index < SHA256_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36;
+        /* End of for */
+
+    SHA256_Init(&sha_ctx1);
+    /* H(K0^ipad) */
+    SHA256_Append(&sha_ctx1, K0, sizeof(K0));
+    /* H((K0^ipad)||text) */
+    SHA256_Append(&sha_ctx1, Message, MessageLen);
+    SHA256_End(&sha_ctx1, Digest);
+
+    /* Exclusive-Or K0 with opad and remove ipad */
+    /* opad: Outer pad; the byte x��5c�� repeated B times. */
+    for (index = 0; index < SHA256_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36^0x5c;
+        /* End of for */
+
+    SHA256_Init(&sha_ctx2);
+    /* H(K0^opad) */
+    SHA256_Append(&sha_ctx2, K0, sizeof(K0));
+    /* H( (K0^opad) || H((K0^ipad)||text) ) */
+    SHA256_Append(&sha_ctx2, Digest, SHA256_DIGEST_SIZE);
+    SHA256_End(&sha_ctx2, Digest);
+
+    if (MACLen > SHA256_DIGEST_SIZE)
+        NdisMoveMemory(MAC, Digest,SHA256_DIGEST_SIZE);
+    else
+        NdisMoveMemory(MAC, Digest, MACLen);
+
+} /* End of HMAC_SHA256 */
+#endif /* HMAC_SHA256_SUPPORT */
+
+
+#ifdef HMAC_MD5_SUPPORT
+/*
+========================================================================
+Routine Description:
+    HMAC using MD5 hash function
+
+Arguments:
+    key             Secret key
+    key_len         The length of the key in bytes
+    message         Message context
+    message_len     The length of message in bytes
+    macLen          Request the length of message authentication code
+
+Return Value:
+    mac             Message authentication code
+
+Note:
+    None
+========================================================================
+*/
+VOID HMAC_MD5(
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen)
+{
+    MD5_CTX_STRUC md5_ctx1;
+    MD5_CTX_STRUC md5_ctx2;
+    UINT8 K0[MD5_BLOCK_SIZE];
+    UINT8 Digest[MD5_DIGEST_SIZE];
+    UINT index;
+
+    NdisZeroMemory(&md5_ctx1, sizeof(MD5_CTX_STRUC));
+    NdisZeroMemory(&md5_ctx2, sizeof(MD5_CTX_STRUC));
+    /*
+     * If the length of K = B(Block size): K0 = K.
+     * If the length of K > B: hash K to obtain an L byte string,
+     * then append (B-L) zeros to create a B-byte string K0 (i.e., K0 = H(K) || 00...00).
+     * If the length of K < B: append zeros to the end of K to create a B-byte string K0
+     */
+    NdisZeroMemory(K0, MD5_BLOCK_SIZE);
+    if (KeyLen <= MD5_BLOCK_SIZE) {
+        NdisMoveMemory(K0, Key, KeyLen);
+    } else {
+        RT_MD5(Key, KeyLen, K0);
+    }
+
+    /* Exclusive-Or K0 with ipad */
+    /* ipad: Inner pad; the byte x��36�� repeated B times. */
+    for (index = 0; index < MD5_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36;
+        /* End of for */
+
+    MD5_Init(&md5_ctx1);
+    /* H(K0^ipad) */
+    MD5_Append(&md5_ctx1, K0, sizeof(K0));
+    /* H((K0^ipad)||text) */
+    MD5_Append(&md5_ctx1, Message, MessageLen);
+    MD5_End(&md5_ctx1, Digest);
+
+    /* Exclusive-Or K0 with opad and remove ipad */
+    /* opad: Outer pad; the byte x��5c�� repeated B times. */
+    for (index = 0; index < MD5_BLOCK_SIZE; index++)
+        K0[index] ^= 0x36^0x5c;
+        /* End of for */
+
+    MD5_Init(&md5_ctx2);
+    /* H(K0^opad) */
+    MD5_Append(&md5_ctx2, K0, sizeof(K0));
+    /* H( (K0^opad) || H((K0^ipad)||text) ) */
+    MD5_Append(&md5_ctx2, Digest, MD5_DIGEST_SIZE);
+    MD5_End(&md5_ctx2, Digest);
+
+    if (MACLen > MD5_DIGEST_SIZE)
+        NdisMoveMemory(MAC, Digest, MD5_DIGEST_SIZE);
+    else
+        NdisMoveMemory(MAC, Digest, MACLen);
+} /* End of HMAC_SHA256 */
+#endif /* HMAC_MD5_SUPPORT */
+
+/* End of crypt_hmac.c */
diff --git a/drivers/staging/rt3090/common/crypt_md5.c b/drivers/staging/rt3090/common/crypt_md5.c
new file mode 100644 (file)
index 0000000..b093265
--- /dev/null
@@ -0,0 +1,353 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************/
+
+#include "../crypt_md5.h"
+
+
+#ifdef MD5_SUPPORT
+/*
+ * F, G, H and I are basic MD5 functions.
+ */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+#define ROTL(x,n,w) ((x << n) | (x >> (w - n)))
+#define ROTL32(x,n) ROTL(x,n,32) /* 32 bits word */
+
+#define ROUND1(a, b, c, d, x, s, ac) {          \
+    (a) += F((b),(c),(d)) + (x) + (UINT32)(ac); \
+    (a)  = ROTL32((a),(s));                     \
+    (a) += (b);                                 \
+}
+#define ROUND2(a, b, c, d, x, s, ac) {          \
+    (a) += G((b),(c),(d)) + (x) + (UINT32)(ac); \
+    (a)  = ROTL32((a),(s));                     \
+    (a) += (b);                                 \
+}
+#define ROUND3(a, b, c, d, x, s, ac) {          \
+    (a) += H((b),(c),(d)) + (x) + (UINT32)(ac); \
+    (a)  = ROTL32((a),(s));                     \
+    (a) += (b);                                 \
+}
+#define ROUND4(a, b, c, d, x, s, ac) {          \
+    (a) += I((b),(c),(d)) + (x) + (UINT32)(ac); \
+    (a)  = ROTL32((a),(s));                     \
+    (a) += (b);                                 \
+}
+static const UINT32 MD5_DefaultHashValue[4] = {
+    0x67452301UL, 0xefcdab89UL, 0x98badcfeUL, 0x10325476UL
+};
+#endif /* MD5_SUPPORT */
+
+
+#ifdef MD5_SUPPORT
+/*
+========================================================================
+Routine Description:
+    Initial Md5_CTX_STRUC
+
+Arguments:
+    pMD5_CTX        Pointer to Md5_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID MD5_Init (
+    IN  MD5_CTX_STRUC *pMD5_CTX)
+{
+    NdisMoveMemory(pMD5_CTX->HashValue, MD5_DefaultHashValue,
+        sizeof(MD5_DefaultHashValue));
+    NdisZeroMemory(pMD5_CTX->Block, MD5_BLOCK_SIZE);
+    pMD5_CTX->BlockLen   = 0;
+    pMD5_CTX->MessageLen = 0;
+} /* End of MD5_Init */
+
+
+/*
+========================================================================
+Routine Description:
+    MD5 computation for one block (512 bits)
+
+Arguments:
+    pMD5_CTX        Pointer to Md5_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    T[i] := floor(abs(sin(i + 1)) * (2 pow 32)), i is number of round
+========================================================================
+*/
+VOID MD5_Hash (
+    IN  MD5_CTX_STRUC *pMD5_CTX)
+{
+    UINT32 X_i;
+    UINT32 X[16];
+    UINT32 a,b,c,d;
+
+    /* Prepare the message schedule, {X_i} */
+    NdisMoveMemory(X, pMD5_CTX->Block, MD5_BLOCK_SIZE);
+    for (X_i = 0; X_i < 16; X_i++)
+        X[X_i] = cpu2le32(X[X_i]); /* Endian Swap */
+        /* End of for */
+
+    /* MD5 hash computation */
+    /* Initialize the working variables */
+    a = pMD5_CTX->HashValue[0];
+    b = pMD5_CTX->HashValue[1];
+    c = pMD5_CTX->HashValue[2];
+    d = pMD5_CTX->HashValue[3];
+
+    /*
+     *  Round 1
+     *  Let [abcd k s i] denote the operation
+     *  a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s)
+     */
+    ROUND1(a, b, c, d, X[ 0],  7, 0xd76aa478); /* 1 */
+    ROUND1(d, a, b, c, X[ 1], 12, 0xe8c7b756); /* 2 */
+    ROUND1(c, d, a, b, X[ 2], 17, 0x242070db); /* 3 */
+    ROUND1(b, c, d, a, X[ 3], 22, 0xc1bdceee); /* 4 */
+    ROUND1(a, b, c, d, X[ 4],  7, 0xf57c0faf); /* 5 */
+    ROUND1(d, a, b, c, X[ 5], 12, 0x4787c62a); /* 6 */
+    ROUND1(c, d, a, b, X[ 6], 17, 0xa8304613); /* 7 */
+    ROUND1(b, c, d, a, X[ 7], 22, 0xfd469501); /* 8 */
+    ROUND1(a, b, c, d, X[ 8],  7, 0x698098d8); /* 9 */
+    ROUND1(d, a, b, c, X[ 9], 12, 0x8b44f7af); /* 10 */
+    ROUND1(c, d, a, b, X[10], 17, 0xffff5bb1); /* 11 */
+    ROUND1(b, c, d, a, X[11], 22, 0x895cd7be); /* 12 */
+    ROUND1(a, b, c, d, X[12],  7, 0x6b901122); /* 13 */
+    ROUND1(d, a, b, c, X[13], 12, 0xfd987193); /* 14 */
+    ROUND1(c, d, a, b, X[14], 17, 0xa679438e); /* 15 */
+    ROUND1(b, c, d, a, X[15], 22, 0x49b40821); /* 16 */
+
+    /*
+     *  Round 2
+     *  Let [abcd k s i] denote the operation
+     *  a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s)
+     */
+    ROUND2(a, b, c, d, X[ 1],  5, 0xf61e2562); /* 17 */
+    ROUND2(d, a, b, c, X[ 6],  9, 0xc040b340); /* 18 */
+    ROUND2(c, d, a, b, X[11], 14, 0x265e5a51); /* 19 */
+    ROUND2(b, c, d, a, X[ 0], 20, 0xe9b6c7aa); /* 20 */
+    ROUND2(a, b, c, d, X[ 5],  5, 0xd62f105d); /* 21 */
+    ROUND2(d, a, b, c, X[10],  9,  0x2441453); /* 22 */
+    ROUND2(c, d, a, b, X[15], 14, 0xd8a1e681); /* 23 */
+    ROUND2(b, c, d, a, X[ 4], 20, 0xe7d3fbc8); /* 24 */
+    ROUND2(a, b, c, d, X[ 9],  5, 0x21e1cde6); /* 25 */
+    ROUND2(d, a, b, c, X[14],  9, 0xc33707d6); /* 26 */
+    ROUND2(c, d, a, b, X[ 3], 14, 0xf4d50d87); /* 27 */
+    ROUND2(b, c, d, a, X[ 8], 20, 0x455a14ed); /* 28 */
+    ROUND2(a, b, c, d, X[13],  5, 0xa9e3e905); /* 29 */
+    ROUND2(d, a, b, c, X[ 2],  9, 0xfcefa3f8); /* 30 */
+    ROUND2(c, d, a, b, X[ 7], 14, 0x676f02d9); /* 31 */
+    ROUND2(b, c, d, a, X[12], 20, 0x8d2a4c8a); /* 32 */
+
+    /*
+     *  Round 3
+     *  Let [abcd k s t] denote the operation
+     *  a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s)
+     */
+    ROUND3(a, b, c, d, X[ 5],  4, 0xfffa3942); /* 33 */
+    ROUND3(d, a, b, c, X[ 8], 11, 0x8771f681); /* 34 */
+    ROUND3(c, d, a, b, X[11], 16, 0x6d9d6122); /* 35 */
+    ROUND3(b, c, d, a, X[14], 23, 0xfde5380c); /* 36 */
+    ROUND3(a, b, c, d, X[ 1],  4, 0xa4beea44); /* 37 */
+    ROUND3(d, a, b, c, X[ 4], 11, 0x4bdecfa9); /* 38 */
+    ROUND3(c, d, a, b, X[ 7], 16, 0xf6bb4b60); /* 39 */
+    ROUND3(b, c, d, a, X[10], 23, 0xbebfbc70); /* 40 */
+    ROUND3(a, b, c, d, X[13],  4, 0x289b7ec6); /* 41 */
+    ROUND3(d, a, b, c, X[ 0], 11, 0xeaa127fa); /* 42 */
+    ROUND3(c, d, a, b, X[ 3], 16, 0xd4ef3085); /* 43 */
+    ROUND3(b, c, d, a, X[ 6], 23,  0x4881d05); /* 44 */
+    ROUND3(a, b, c, d, X[ 9],  4, 0xd9d4d039); /* 45 */
+    ROUND3(d, a, b, c, X[12], 11, 0xe6db99e5); /* 46 */
+    ROUND3(c, d, a, b, X[15], 16, 0x1fa27cf8); /* 47 */
+    ROUND3(b, c, d, a, X[ 2], 23, 0xc4ac5665); /* 48 */
+
+    /*
+     *  Round 4
+     *  Let [abcd k s t] denote the operation
+     *  a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s)
+     */
+    ROUND4(a, b, c, d, X[ 0],  6, 0xf4292244); /* 49 */
+    ROUND4(d, a, b, c, X[ 7], 10, 0x432aff97); /* 50 */
+    ROUND4(c, d, a, b, X[14], 15, 0xab9423a7); /* 51 */
+    ROUND4(b, c, d, a, X[ 5], 21, 0xfc93a039); /* 52 */
+    ROUND4(a, b, c, d, X[12],  6, 0x655b59c3); /* 53 */
+    ROUND4(d, a, b, c, X[ 3], 10, 0x8f0ccc92); /* 54 */
+    ROUND4(c, d, a, b, X[10], 15, 0xffeff47d); /* 55 */
+    ROUND4(b, c, d, a, X[ 1], 21, 0x85845dd1); /* 56 */
+    ROUND4(a, b, c, d, X[ 8],  6, 0x6fa87e4f); /* 57 */
+    ROUND4(d, a, b, c, X[15], 10, 0xfe2ce6e0); /* 58 */
+    ROUND4(c, d, a, b, X[ 6], 15, 0xa3014314); /* 59 */
+    ROUND4(b, c, d, a, X[13], 21, 0x4e0811a1); /* 60 */
+    ROUND4(a, b, c, d, X[ 4],  6, 0xf7537e82); /* 61 */
+    ROUND4(d, a, b, c, X[11], 10, 0xbd3af235); /* 62 */
+    ROUND4(c, d, a, b, X[ 2], 15, 0x2ad7d2bb); /* 63 */
+    ROUND4(b, c, d, a, X[ 9], 21, 0xeb86d391); /* 64 */
+
+    /* Compute the i^th intermediate hash value H^(i) */
+    pMD5_CTX->HashValue[0] += a;
+    pMD5_CTX->HashValue[1] += b;
+    pMD5_CTX->HashValue[2] += c;
+    pMD5_CTX->HashValue[3] += d;
+
+    NdisZeroMemory(pMD5_CTX->Block, MD5_BLOCK_SIZE);
+    pMD5_CTX->BlockLen = 0;
+} /* End of MD5_Hash */
+
+
+/*
+========================================================================
+Routine Description:
+    The message is appended to block. If block size > 64 bytes, the MD5_Hash
+will be called.
+
+Arguments:
+    pMD5_CTX        Pointer to MD5_CTX_STRUC
+    message         Message context
+    messageLen      The length of message in bytes
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID MD5_Append (
+    IN  MD5_CTX_STRUC *pMD5_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen)
+{
+    UINT appendLen = 0;
+    UINT diffLen = 0;
+
+    while (appendLen != MessageLen) {
+        diffLen = MessageLen - appendLen;
+        if ((pMD5_CTX->BlockLen + diffLen) < MD5_BLOCK_SIZE) {
+            NdisMoveMemory(pMD5_CTX->Block + pMD5_CTX->BlockLen,
+                Message + appendLen, diffLen);
+            pMD5_CTX->BlockLen += diffLen;
+            appendLen += diffLen;
+        }
+        else
+        {
+            NdisMoveMemory(pMD5_CTX->Block + pMD5_CTX->BlockLen,
+                Message + appendLen, MD5_BLOCK_SIZE - pMD5_CTX->BlockLen);
+            appendLen += (MD5_BLOCK_SIZE - pMD5_CTX->BlockLen);
+            pMD5_CTX->BlockLen = MD5_BLOCK_SIZE;
+            MD5_Hash(pMD5_CTX);
+        } /* End of if */
+    } /* End of while */
+    pMD5_CTX->MessageLen += MessageLen;
+} /* End of MD5_Append */
+
+
+/*
+========================================================================
+Routine Description:
+    1. Append bit 1 to end of the message
+    2. Append the length of message in rightmost 64 bits
+    3. Transform the Hash Value to digest message
+
+Arguments:
+    pMD5_CTX        Pointer to MD5_CTX_STRUC
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID MD5_End (
+    IN  MD5_CTX_STRUC *pMD5_CTX,
+    OUT UINT8 DigestMessage[])
+{
+    UINT index;
+    UINT64 message_length_bits;
+
+    /* append 1 bits to end of the message */
+    NdisFillMemory(pMD5_CTX->Block + pMD5_CTX->BlockLen, 1, 0x80);
+
+    /* 55 = 64 - 8 - 1: append 1 bit(1 byte) and message length (8 bytes) */
+    if (pMD5_CTX->BlockLen > 55)
+        MD5_Hash(pMD5_CTX);
+        /* End of if */
+
+    /* Append the length of message in rightmost 64 bits */
+    message_length_bits = pMD5_CTX->MessageLen*8;
+    message_length_bits = cpu2le64(message_length_bits);
+    NdisMoveMemory(&pMD5_CTX->Block[56], &message_length_bits, 8);
+    MD5_Hash(pMD5_CTX);
+
+    /* Return message digest, transform the UINT32 hash value to bytes */
+    for (index = 0; index < 4;index++)
+        pMD5_CTX->HashValue[index] = cpu2le32(pMD5_CTX->HashValue[index]);
+        /* End of for */
+    NdisMoveMemory(DigestMessage, pMD5_CTX->HashValue, MD5_DIGEST_SIZE);
+} /* End of MD5_End */
+
+
+/*
+========================================================================
+Routine Description:
+    MD5 algorithm
+
+Arguments:
+    message         Message context
+    messageLen      The length of message in bytes
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID RT_MD5 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[])
+{
+    MD5_CTX_STRUC md5_ctx;
+
+    NdisZeroMemory(&md5_ctx, sizeof(MD5_CTX_STRUC));
+    MD5_Init(&md5_ctx);
+    MD5_Append(&md5_ctx, Message, MessageLen);
+    MD5_End(&md5_ctx, DigestMessage);
+} /* End of RT_MD5 */
+
+#endif /* MD5_SUPPORT */
+
+/* End of crypt_md5.c */
diff --git a/drivers/staging/rt3090/common/crypt_sha2.c b/drivers/staging/rt3090/common/crypt_sha2.c
new file mode 100644 (file)
index 0000000..c7490d0
--- /dev/null
@@ -0,0 +1,536 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************/
+
+#include "../crypt_sha2.h"
+
+
+/* Basic operations */
+#define SHR(x,n) (x >> n) /* SHR(x)^n, right shift n bits , x is w-bit word, 0 <= n <= w */
+#define ROTR(x,n,w) ((x >> n) | (x << (w - n))) /* ROTR(x)^n, circular right shift n bits , x is w-bit word, 0 <= n <= w */
+#define ROTL(x,n,w) ((x << n) | (x >> (w - n))) /* ROTL(x)^n, circular left shift n bits , x is w-bit word, 0 <= n <= w */
+#define ROTR32(x,n) ROTR(x,n,32) /* 32 bits word */
+#define ROTL32(x,n) ROTL(x,n,32) /* 32 bits word */
+
+/* Basic functions */
+#define Ch(x,y,z) ((x & y) ^ ((~x) & z))
+#define Maj(x,y,z) ((x & y) ^ (x & z) ^ (y & z))
+#define Parity(x,y,z) (x ^ y ^ z)
+
+#ifdef SHA1_SUPPORT
+/* SHA1 constants */
+#define SHA1_MASK 0x0000000f
+static const UINT32 SHA1_K[4] = {
+    0x5a827999UL, 0x6ed9eba1UL, 0x8f1bbcdcUL, 0xca62c1d6UL
+};
+static const UINT32 SHA1_DefaultHashValue[5] = {
+    0x67452301UL, 0xefcdab89UL, 0x98badcfeUL, 0x10325476UL, 0xc3d2e1f0UL
+};
+#endif /* SHA1_SUPPORT */
+
+
+#ifdef SHA256_SUPPORT
+/* SHA256 functions */
+#define Zsigma_256_0(x) (ROTR32(x,2) ^ ROTR32(x,13) ^ ROTR32(x,22))
+#define Zsigma_256_1(x) (ROTR32(x,6) ^ ROTR32(x,11) ^ ROTR32(x,25))
+#define Sigma_256_0(x)  (ROTR32(x,7) ^ ROTR32(x,18) ^ SHR(x,3))
+#define Sigma_256_1(x)  (ROTR32(x,17) ^ ROTR32(x,19) ^ SHR(x,10))
+/* SHA256 constants */
+static const UINT32 SHA256_K[64] = {
+    0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL,
+    0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL,
+    0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL,
+    0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL,
+    0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
+    0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL,
+    0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL,
+    0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL,
+    0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL,
+    0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
+    0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL,
+    0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL,
+    0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL,
+    0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL,
+    0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
+    0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
+};
+static const UINT32 SHA256_DefaultHashValue[8] = {
+    0x6a09e667UL, 0xbb67ae85UL, 0x3c6ef372UL, 0xa54ff53aUL,
+    0x510e527fUL, 0x9b05688cUL, 0x1f83d9abUL, 0x5be0cd19UL
+};
+#endif /* SHA256_SUPPORT */
+
+
+#ifdef SHA1_SUPPORT
+/*
+========================================================================
+Routine Description:
+    Initial SHA1_CTX_STRUC
+
+Arguments:
+    pSHA_CTX        Pointer to SHA1_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA1_Init (
+    IN  SHA1_CTX_STRUC *pSHA_CTX)
+{
+    NdisMoveMemory(pSHA_CTX->HashValue, SHA1_DefaultHashValue,
+        sizeof(SHA1_DefaultHashValue));
+    NdisZeroMemory(pSHA_CTX->Block, SHA1_BLOCK_SIZE);
+    pSHA_CTX->MessageLen = 0;
+    pSHA_CTX->BlockLen   = 0;
+} /* End of SHA1_Init */
+
+
+/*
+========================================================================
+Routine Description:
+    SHA1 computation for one block (512 bits)
+
+Arguments:
+    pSHA_CTX        Pointer to SHA1_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA1_Hash (
+    IN  SHA1_CTX_STRUC *pSHA_CTX)
+{
+    UINT32 W_i,t,s;
+    UINT32 W[16];
+    UINT32 a,b,c,d,e,T,f_t = 0;
+
+    /* Prepare the message schedule, {W_i}, 0 < t < 15 */
+    NdisMoveMemory(W, pSHA_CTX->Block, SHA1_BLOCK_SIZE);
+    for (W_i = 0; W_i < 16; W_i++)
+        W[W_i] = cpu2be32(W[W_i]); /* Endian Swap */
+        /* End of for */
+
+    /* SHA256 hash computation */
+    /* Initialize the working variables */
+    a = pSHA_CTX->HashValue[0];
+    b = pSHA_CTX->HashValue[1];
+    c = pSHA_CTX->HashValue[2];
+    d = pSHA_CTX->HashValue[3];
+    e = pSHA_CTX->HashValue[4];
+
+    /* 80 rounds */
+    for (t = 0;t < 80;t++) {
+        s = t & SHA1_MASK;
+        if (t > 15) { /* Prepare the message schedule, {W_i}, 16 < t < 79 */
+            W[s] = (W[(s+13) & SHA1_MASK]) ^ (W[(s+8) & SHA1_MASK]) ^ (W[(s+2) & SHA1_MASK]) ^ W[s];
+            W[s] = ROTL32(W[s],1);
+        } /* End of if */
+        switch (t / 20) {
+            case 0:
+                 f_t = Ch(b,c,d);
+                 break;
+            case 1:
+                 f_t = Parity(b,c,d);
+                 break;
+            case 2:
+                 f_t = Maj(b,c,d);
+                 break;
+            case 3:
+                 f_t = Parity(b,c,d);
+                 break;
+        } /* End of switch */
+        T = ROTL32(a,5) + f_t + e + SHA1_K[t / 20] + W[s];
+        e = d;
+        d = c;
+        c = ROTL32(b,30);
+        b = a;
+        a = T;
+     } /* End of for */
+
+     /* Compute the i^th intermediate hash value H^(i) */
+     pSHA_CTX->HashValue[0] += a;
+     pSHA_CTX->HashValue[1] += b;
+     pSHA_CTX->HashValue[2] += c;
+     pSHA_CTX->HashValue[3] += d;
+     pSHA_CTX->HashValue[4] += e;
+
+    NdisZeroMemory(pSHA_CTX->Block, SHA1_BLOCK_SIZE);
+    pSHA_CTX->BlockLen = 0;
+} /* End of SHA1_Hash */
+
+
+/*
+========================================================================
+Routine Description:
+    The message is appended to block. If block size > 64 bytes, the SHA1_Hash
+will be called.
+
+Arguments:
+    pSHA_CTX        Pointer to SHA1_CTX_STRUC
+    message         Message context
+    messageLen      The length of message in bytes
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA1_Append (
+    IN  SHA1_CTX_STRUC *pSHA_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen)
+{
+    UINT appendLen = 0;
+    UINT diffLen   = 0;
+
+    while (appendLen != MessageLen) {
+        diffLen = MessageLen - appendLen;
+        if ((pSHA_CTX->BlockLen + diffLen) <  SHA1_BLOCK_SIZE) {
+            NdisMoveMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen,
+                Message + appendLen, diffLen);
+            pSHA_CTX->BlockLen += diffLen;
+            appendLen += diffLen;
+        }
+        else
+        {
+            NdisMoveMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen,
+                Message + appendLen, SHA1_BLOCK_SIZE - pSHA_CTX->BlockLen);
+            appendLen += (SHA1_BLOCK_SIZE - pSHA_CTX->BlockLen);
+            pSHA_CTX->BlockLen = SHA1_BLOCK_SIZE;
+            SHA1_Hash(pSHA_CTX);
+        } /* End of if */
+    } /* End of while */
+    pSHA_CTX->MessageLen += MessageLen;
+} /* End of SHA1_Append */
+
+
+/*
+========================================================================
+Routine Description:
+    1. Append bit 1 to end of the message
+    2. Append the length of message in rightmost 64 bits
+    3. Transform the Hash Value to digest message
+
+Arguments:
+    pSHA_CTX        Pointer to SHA1_CTX_STRUC
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA1_End (
+    IN  SHA1_CTX_STRUC *pSHA_CTX,
+    OUT UINT8 DigestMessage[])
+{
+    UINT index;
+    UINT64 message_length_bits;
+
+    /* Append bit 1 to end of the message */
+    NdisFillMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen, 1, 0x80);
+
+    /* 55 = 64 - 8 - 1: append 1 bit(1 byte) and message length (8 bytes) */
+    if (pSHA_CTX->BlockLen > 55)
+        SHA1_Hash(pSHA_CTX);
+        /* End of if */
+
+    /* Append the length of message in rightmost 64 bits */
+    message_length_bits = pSHA_CTX->MessageLen*8;
+    message_length_bits = cpu2be64(message_length_bits);
+    NdisMoveMemory(&pSHA_CTX->Block[56], &message_length_bits, 8);
+    SHA1_Hash(pSHA_CTX);
+
+    /* Return message digest, transform the UINT32 hash value to bytes */
+    for (index = 0; index < 5;index++)
+        pSHA_CTX->HashValue[index] = cpu2be32(pSHA_CTX->HashValue[index]);
+        /* End of for */
+    NdisMoveMemory(DigestMessage, pSHA_CTX->HashValue, SHA1_DIGEST_SIZE);
+} /* End of SHA1_End */
+
+
+/*
+========================================================================
+Routine Description:
+    SHA1 algorithm
+
+Arguments:
+    message         Message context
+    messageLen      The length of message in bytes
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID RT_SHA1 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[])
+{
+
+    SHA1_CTX_STRUC sha_ctx;
+
+    NdisZeroMemory(&sha_ctx, sizeof(SHA1_CTX_STRUC));
+    SHA1_Init(&sha_ctx);
+    SHA1_Append(&sha_ctx, Message, MessageLen);
+    SHA1_End(&sha_ctx, DigestMessage);
+} /* End of RT_SHA1 */
+#endif /* SHA1_SUPPORT */
+
+
+#ifdef SHA256_SUPPORT
+/*
+========================================================================
+Routine Description:
+    Initial SHA256_CTX_STRUC
+
+Arguments:
+    pSHA_CTX    Pointer to SHA256_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA256_Init (
+    IN  SHA256_CTX_STRUC *pSHA_CTX)
+{
+    NdisMoveMemory(pSHA_CTX->HashValue, SHA256_DefaultHashValue,
+        sizeof(SHA256_DefaultHashValue));
+    NdisZeroMemory(pSHA_CTX->Block, SHA256_BLOCK_SIZE);
+    pSHA_CTX->MessageLen = 0;
+    pSHA_CTX->BlockLen   = 0;
+} /* End of SHA256_Init */
+
+
+/*
+========================================================================
+Routine Description:
+    SHA256 computation for one block (512 bits)
+
+Arguments:
+    pSHA_CTX    Pointer to SHA256_CTX_STRUC
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA256_Hash (
+    IN  SHA256_CTX_STRUC *pSHA_CTX)
+{
+    UINT32 W_i,t;
+    UINT32 W[64];
+    UINT32 a,b,c,d,e,f,g,h,T1,T2;
+
+    /* Prepare the message schedule, {W_i}, 0 < t < 15 */
+    NdisMoveMemory(W, pSHA_CTX->Block, SHA256_BLOCK_SIZE);
+    for (W_i = 0; W_i < 16; W_i++)
+        W[W_i] = cpu2be32(W[W_i]); /* Endian Swap */
+        /* End of for */
+
+    /* SHA256 hash computation */
+    /* Initialize the working variables */
+    a = pSHA_CTX->HashValue[0];
+    b = pSHA_CTX->HashValue[1];
+    c = pSHA_CTX->HashValue[2];
+    d = pSHA_CTX->HashValue[3];
+    e = pSHA_CTX->HashValue[4];
+    f = pSHA_CTX->HashValue[5];
+    g = pSHA_CTX->HashValue[6];
+    h = pSHA_CTX->HashValue[7];
+
+    /* 64 rounds */
+    for (t = 0;t < 64;t++) {
+        if (t > 15) /* Prepare the message schedule, {W_i}, 16 < t < 63 */
+            W[t] = Sigma_256_1(W[t-2]) + W[t-7] + Sigma_256_0(W[t-15]) + W[t-16];
+            /* End of if */
+        T1 = h + Zsigma_256_1(e) + Ch(e,f,g) + SHA256_K[t] + W[t];
+        T2 = Zsigma_256_0(a) + Maj(a,b,c);
+        h = g;
+        g = f;
+        f = e;
+        e = d + T1;
+        d = c;
+        c = b;
+        b = a;
+        a = T1 + T2;
+     } /* End of for */
+
+     /* Compute the i^th intermediate hash value H^(i) */
+     pSHA_CTX->HashValue[0] += a;
+     pSHA_CTX->HashValue[1] += b;
+     pSHA_CTX->HashValue[2] += c;
+     pSHA_CTX->HashValue[3] += d;
+     pSHA_CTX->HashValue[4] += e;
+     pSHA_CTX->HashValue[5] += f;
+     pSHA_CTX->HashValue[6] += g;
+     pSHA_CTX->HashValue[7] += h;
+
+    NdisZeroMemory(pSHA_CTX->Block, SHA256_BLOCK_SIZE);
+    pSHA_CTX->BlockLen = 0;
+} /* End of SHA256_Hash */
+
+
+/*
+========================================================================
+Routine Description:
+    The message is appended to block. If block size > 64 bytes, the SHA256_Hash
+will be called.
+
+Arguments:
+    pSHA_CTX    Pointer to SHA256_CTX_STRUC
+    message     Message context
+    messageLen  The length of message in bytes
+
+Return Value:
+    None
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA256_Append (
+    IN  SHA256_CTX_STRUC *pSHA_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen)
+{
+    UINT appendLen = 0;
+    UINT diffLen   = 0;
+
+    while (appendLen != MessageLen) {
+        diffLen = MessageLen - appendLen;
+        if ((pSHA_CTX->BlockLen + diffLen) <  SHA256_BLOCK_SIZE) {
+            NdisMoveMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen,
+                Message + appendLen, diffLen);
+            pSHA_CTX->BlockLen += diffLen;
+            appendLen += diffLen;
+        }
+        else
+        {
+            NdisMoveMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen,
+                Message + appendLen, SHA256_BLOCK_SIZE - pSHA_CTX->BlockLen);
+            appendLen += (SHA256_BLOCK_SIZE - pSHA_CTX->BlockLen);
+            pSHA_CTX->BlockLen = SHA256_BLOCK_SIZE;
+            SHA256_Hash(pSHA_CTX);
+        } /* End of if */
+    } /* End of while */
+    pSHA_CTX->MessageLen += MessageLen;
+} /* End of SHA256_Append */
+
+
+/*
+========================================================================
+Routine Description:
+    1. Append bit 1 to end of the message
+    2. Append the length of message in rightmost 64 bits
+    3. Transform the Hash Value to digest message
+
+Arguments:
+    pSHA_CTX        Pointer to SHA256_CTX_STRUC
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID SHA256_End (
+    IN  SHA256_CTX_STRUC *pSHA_CTX,
+    OUT UINT8 DigestMessage[])
+{
+    UINT index;
+    UINT64 message_length_bits;
+
+    /* Append bit 1 to end of the message */
+    NdisFillMemory(pSHA_CTX->Block + pSHA_CTX->BlockLen, 1, 0x80);
+
+    /* 55 = 64 - 8 - 1: append 1 bit(1 byte) and message length (8 bytes) */
+    if (pSHA_CTX->BlockLen > 55)
+        SHA256_Hash(pSHA_CTX);
+        /* End of if */
+
+    /* Append the length of message in rightmost 64 bits */
+    message_length_bits = pSHA_CTX->MessageLen*8;
+    message_length_bits = cpu2be64(message_length_bits);
+    NdisMoveMemory(&pSHA_CTX->Block[56], &message_length_bits, 8);
+    SHA256_Hash(pSHA_CTX);
+
+    /* Return message digest, transform the UINT32 hash value to bytes */
+    for (index = 0; index < 8;index++)
+        pSHA_CTX->HashValue[index] = cpu2be32(pSHA_CTX->HashValue[index]);
+        /* End of for */
+    NdisMoveMemory(DigestMessage, pSHA_CTX->HashValue, SHA256_DIGEST_SIZE);
+} /* End of SHA256_End */
+
+
+/*
+========================================================================
+Routine Description:
+    SHA256 algorithm
+
+Arguments:
+    message         Message context
+    messageLen      The length of message in bytes
+
+Return Value:
+    digestMessage   Digest message
+
+Note:
+    None
+========================================================================
+*/
+VOID RT_SHA256 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[])
+{
+    SHA256_CTX_STRUC sha_ctx;
+
+    NdisZeroMemory(&sha_ctx, sizeof(SHA256_CTX_STRUC));
+    SHA256_Init(&sha_ctx);
+    SHA256_Append(&sha_ctx, Message, MessageLen);
+    SHA256_End(&sha_ctx, DigestMessage);
+} /* End of RT_SHA256 */
+#endif /* SHA256_SUPPORT */
+
+/* End of crypt_sha2.c */
diff --git a/drivers/staging/rt3090/common/dfs.c b/drivers/staging/rt3090/common/dfs.c
new file mode 100644 (file)
index 0000000..c15704a
--- /dev/null
@@ -0,0 +1,481 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ap_dfs.c
+
+    Abstract:
+    Support DFS function.
+
+    Revision History:
+    Who       When            What
+    --------  ----------      ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+typedef struct _RADAR_DURATION_TABLE
+{
+       ULONG RDDurRegion;
+       ULONG RadarSignalDuration;
+       ULONG Tolerance;
+} RADAR_DURATION_TABLE, *PRADAR_DURATION_TABLE;
+
+
+
+UCHAR RdIdleTimeTable[MAX_RD_REGION][4] =
+{
+       {9, 250, 250, 250},             // CE
+#ifdef DFS_FCC_BW40_FIX
+       {1, 250, 250, 250},             // FCC
+#else
+       {4, 250, 250, 250},             // FCC
+#endif
+       {4, 250, 250, 250},             // JAP
+       {15, 250, 250, 250},    // JAP_W53
+       {4, 250, 250, 250}              // JAP_W56
+};
+
+#ifdef TONE_RADAR_DETECT_SUPPORT
+static void ToneRadarProgram(PRTMP_ADAPTER pAd);
+static void ToneRadarEnable(PRTMP_ADAPTER pAd);
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+#ifdef DFS_SUPPORT
+/*
+       ========================================================================
+
+       Routine Description:
+               Bbp Radar detection routine
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+
+       ========================================================================
+*/
+VOID BbpRadarDetectionStart(
+       IN PRTMP_ADAPTER pAd)
+{
+       UINT8 RadarPeriod;
+
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 114, 0x02);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 121, 0x20);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 122, 0x00);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 123, 0x08/*0x80*/);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 124, 0x28);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, 125, 0xff);
+
+#ifdef MERGE_ARCH_TEAM
+       if ((pAd->CommonCfg.RadarDetect.RDDurRegion == JAP) || (pAd->CommonCfg.RadarDetect.RDDurRegion == JAP_W53) || (pAd->CommonCfg.RadarDetect.RDDurRegion == JAP_W56))
+       {
+               pAd->CommonCfg.RadarDetect.RDDurRegion = JAP;
+               pAd->CommonCfg.RadarDetect.RDDurRegion = JapRadarType(pAd);
+               if (pAd->CommonCfg.RadarDetect.RDDurRegion == JAP_W56)
+               {
+                       pAd->CommonCfg.RadarDetect.DfsSessionTime = 13;
+               }
+               else if (pAd->CommonCfg.RadarDetect.RDDurRegion == JAP_W53)
+               {
+                       pAd->CommonCfg.RadarDetect.DfsSessionTime = 15;
+               }
+#ifdef CARRIER_DETECTION_SUPPORT
+               pAd->CommonCfg.CarrierDetect.Enable = 1;
+#endif // CARRIER_DETECTION_SUPPORT //
+       }
+#endif // MERGE_ARCH_TEAM //
+
+       RadarPeriod = ((UINT)RdIdleTimeTable[pAd->CommonCfg.RadarDetect.RDDurRegion][0] + (UINT)pAd->CommonCfg.RadarDetect.DfsSessionTime) < 250 ?
+                       (RdIdleTimeTable[pAd->CommonCfg.RadarDetect.RDDurRegion][0] + pAd->CommonCfg.RadarDetect.DfsSessionTime) : 250;
+
+#ifdef MERGE_ARCH_TEAM
+
+
+#else // Original RT28xx source code.
+       RTMP_IO_WRITE8(pAd, 0x7020, 0x1d);
+       RTMP_IO_WRITE8(pAd, 0x7021, 0x40);
+#endif // MERGE_ARCH_TEAM //
+
+       RadarDetectionStart(pAd, 0, RadarPeriod);
+       return;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Bbp Radar detection routine
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+
+       ========================================================================
+*/
+VOID BbpRadarDetectionStop(
+       IN PRTMP_ADAPTER pAd)
+{
+       RTMP_IO_WRITE8(pAd, 0x7020, 0x1d);
+       RTMP_IO_WRITE8(pAd, 0x7021, 0x60);
+
+       RadarDetectionStop(pAd);
+       return;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Radar detection routine
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+
+       ========================================================================
+*/
+VOID RadarDetectionStart(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN CTSProtect,
+       IN UINT8 CTSPeriod)
+{
+       UINT8 DfsActiveTime = (pAd->CommonCfg.RadarDetect.DfsSessionTime & 0x1f);
+       UINT8 CtsProtect = (CTSProtect == 1) ? 0x02 : 0x01; // CTS protect.
+
+       if (CTSProtect != 0)
+       {
+               switch(pAd->CommonCfg.RadarDetect.RDDurRegion)
+               {
+               case FCC:
+               case JAP_W56:
+                       CtsProtect = 0x03;
+                       break;
+
+               case JAP:
+                       {
+                               UCHAR RDDurRegion;
+                               RDDurRegion = JapRadarType(pAd);
+                               if (RDDurRegion == JAP_W56)
+                                       CtsProtect = 0x03;
+                               else
+                                       CtsProtect = 0x02;
+                               break;
+                       }
+
+               case CE:
+               case JAP_W53:
+               default:
+                       CtsProtect = 0x02;
+                       break;
+               }
+       }
+       else
+               CtsProtect = 0x01;
+
+
+       // send start-RD with CTS protection command to MCU
+       // highbyte [7]         reserve
+       // highbyte [6:5]       0x: stop Carrier/Radar detection
+       // highbyte [10]:       Start Carrier/Radar detection without CTS protection, 11: Start Carrier/Radar detection with CTS protection
+       // highbyte [4:0]       Radar/carrier detection duration. In 1ms.
+
+       // lowbyte [7:0]        Radar/carrier detection period, in 1ms.
+       AsicSendCommandToMcu(pAd, 0x60, 0xff, CTSPeriod, DfsActiveTime | (CtsProtect << 5));
+       //AsicSendCommandToMcu(pAd, 0x63, 0xff, 10, 0);
+
+       return;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Radar detection routine
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+               TRUE    Found radar signal
+               FALSE   Not found radar signal
+
+       ========================================================================
+*/
+VOID RadarDetectionStop(
+       IN PRTMP_ADAPTER        pAd)
+{
+       DBGPRINT(RT_DEBUG_TRACE,("RadarDetectionStop.\n"));
+       AsicSendCommandToMcu(pAd, 0x60, 0xff, 0x00, 0x00);      // send start-RD with CTS protection command to MCU
+
+       return;
+}
+#endif // DFS_SUPPORT //
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Radar channel check routine
+
+       Arguments:
+               pAd     Pointer to our adapter
+
+       Return Value:
+               TRUE    need to do radar detect
+               FALSE   need not to do radar detect
+
+       ========================================================================
+*/
+BOOLEAN RadarChannelCheck(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ch)
+{
+       INT             i;
+       BOOLEAN result = FALSE;
+
+       for (i=0; i<pAd->ChannelListNum; i++)
+       {
+               if (Ch == pAd->ChannelList[i].Channel)
+               {
+                       result = pAd->ChannelList[i].DfsReq;
+                       break;
+               }
+       }
+
+       return result;
+}
+
+#ifdef DFS_SUPPORT
+
+ULONG JapRadarType(
+       IN PRTMP_ADAPTER pAd)
+{
+       ULONG           i;
+       const UCHAR     Channel[15]={52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140};
+
+       if (pAd->CommonCfg.RadarDetect.RDDurRegion != JAP)
+       {
+               return pAd->CommonCfg.RadarDetect.RDDurRegion;
+       }
+
+       for (i=0; i<15; i++)
+       {
+               if (pAd->CommonCfg.Channel == Channel[i])
+               {
+                       break;
+               }
+       }
+
+       if (i < 4)
+               return JAP_W53;
+       else if (i < 15)
+               return JAP_W56;
+       else
+               return JAP; // W52
+
+}
+
+ULONG RTMPBbpReadRadarDuration(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT8 byteValue = 0;
+       ULONG result;
+
+       BBP_IO_READ8_BY_REG_ID(pAd, BBP_R115, &byteValue);
+
+       result = 0;
+       switch (byteValue)
+       {
+       case 1: // radar signal detected by pulse mode.
+       case 2: // radar signal detected by width mode.
+               result = RTMPReadRadarDuration(pAd);
+               break;
+
+       case 0: // No radar signal.
+       default:
+
+               result = 0;
+               break;
+       }
+
+       return result;
+}
+
+ULONG RTMPReadRadarDuration(
+       IN PRTMP_ADAPTER        pAd)
+{
+       ULONG result = 0;
+
+#ifdef DFS_SUPPORT
+       UINT8 duration1 = 0, duration2 = 0, duration3 = 0;
+
+
+       BBP_IO_READ8_BY_REG_ID(pAd, BBP_R116, &duration1);
+       BBP_IO_READ8_BY_REG_ID(pAd, BBP_R117, &duration2);
+       BBP_IO_READ8_BY_REG_ID(pAd, BBP_R118, &duration3);
+       result = (duration1 << 16) + (duration2 << 8) + duration3;
+#endif // DFS_SUPPORT //
+
+       return result;
+
+}
+
+VOID RTMPCleanRadarDuration(
+       IN PRTMP_ADAPTER        pAd)
+{
+       return;
+}
+
+/*
+    ========================================================================
+    Routine Description:
+        Radar wave detection. The API should be invoke each second.
+
+    Arguments:
+        pAd         - Adapter pointer
+
+    Return Value:
+        None
+
+    ========================================================================
+*/
+VOID ApRadarDetectPeriodic(
+       IN PRTMP_ADAPTER pAd)
+{
+       INT     i;
+
+       pAd->CommonCfg.RadarDetect.InServiceMonitorCount++;
+
+       for (i=0; i<pAd->ChannelListNum; i++)
+       {
+
+               if (pAd->ChannelList[i].RemainingTimeForUse > 0)
+               {
+                       pAd->ChannelList[i].RemainingTimeForUse --;
+                       if ((pAd->Mlme.PeriodicRound%5) == 0)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("RadarDetectPeriodic - ch=%d, RemainingTimeForUse=%d\n", pAd->ChannelList[i].Channel, pAd->ChannelList[i].RemainingTimeForUse));
+                       }
+               }
+       }
+
+       //radar detect
+       if ((pAd->CommonCfg.Channel > 14)
+               && (pAd->CommonCfg.bIEEE80211H == 1)
+               && RadarChannelCheck(pAd, pAd->CommonCfg.Channel))
+       {
+               RadarDetectPeriodic(pAd);
+       }
+
+       return;
+}
+
+// Periodic Radar detection, switch channel will occur in RTMPHandleTBTTInterrupt()
+// Before switch channel, driver needs doing channel switch announcement.
+VOID RadarDetectPeriodic(
+       IN PRTMP_ADAPTER        pAd)
+{
+
+       // need to check channel availability, after switch channel
+       if (pAd->CommonCfg.RadarDetect.RDMode != RD_SILENCE_MODE)
+                       return;
+
+
+
+       // channel availability check time is 60sec, use 65 for assurance
+       if (pAd->CommonCfg.RadarDetect.RDCount++ > pAd->CommonCfg.RadarDetect.ChMovingTime)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Not found radar signal, start send beacon and radar detection in service monitor\n\n"));
+               BbpRadarDetectionStop(pAd);
+
+
+               AsicEnableBssSync(pAd);
+               pAd->CommonCfg.RadarDetect.RDMode = RD_NORMAL_MODE;
+
+
+
+               return;
+       }
+
+       return;
+}
+#endif // DFS_SUPPORT //
+
+#ifdef DFS_SUPPORT
+/*
+    ==========================================================================
+    Description:
+               change channel moving time for DFS testing.
+
+       Arguments:
+           pAdapter                    Pointer to our adapter
+           wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+               1.) iwpriv ra0 set ChMovTime=[value]
+    ==========================================================================
+*/
+INT Set_ChMovingTime_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       UINT8 Value;
+
+       Value = (UINT8) simple_strtol(arg, 0, 10);
+
+       pAd->CommonCfg.RadarDetect.ChMovingTime = Value;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s:: %d\n", __FUNCTION__,
+               pAd->CommonCfg.RadarDetect.ChMovingTime));
+
+       return TRUE;
+}
+
+INT Set_LongPulseRadarTh_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       UINT8 Value;
+
+       Value = (UINT8) simple_strtol(arg, 0, 10) > 10 ? 10 : simple_strtol(arg, 0, 10);
+
+       pAd->CommonCfg.RadarDetect.LongPulseRadarTh = Value;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s:: %d\n", __FUNCTION__,
+               pAd->CommonCfg.RadarDetect.LongPulseRadarTh));
+
+       return TRUE;
+}
+#endif // DFS_SUPPORT //
diff --git a/drivers/staging/rt3090/common/ee_efuse.c b/drivers/staging/rt3090/common/ee_efuse.c
new file mode 100644 (file)
index 0000000..c51e305
--- /dev/null
@@ -0,0 +1,1548 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       ee_efuse.c
+
+       Abstract:
+       Miniport generic portion header file
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+#define EFUSE_USAGE_MAP_START  0x2d0
+#define EFUSE_USAGE_MAP_END            0x2fc
+#define EFUSE_USAGE_MAP_SIZE   45
+
+
+
+#define EFUSE_EEPROM_DEFULT_FILE       "RT30xxEEPROM.bin"
+#define MAX_EEPROM_BIN_FILE_SIZE       1024
+
+
+
+#define EFUSE_TAG                              0x2fe
+
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EFUSE_CTRL_STRUC {
+       struct  {
+               UINT32            SEL_EFUSE:1;
+               UINT32            EFSROM_KICK:1;
+               UINT32            RESERVED:4;
+               UINT32            EFSROM_AIN:10;
+               UINT32            EFSROM_LDO_ON_TIME:2;
+               UINT32            EFSROM_LDO_OFF_TIME:6;
+               UINT32            EFSROM_MODE:2;
+               UINT32            EFSROM_AOUT:6;
+       }       field;
+       UINT32                  word;
+}      EFUSE_CTRL_STRUC, *PEFUSE_CTRL_STRUC;
+#else
+typedef        union   _EFUSE_CTRL_STRUC {
+       struct  {
+               UINT32            EFSROM_AOUT:6;
+               UINT32            EFSROM_MODE:2;
+               UINT32            EFSROM_LDO_OFF_TIME:6;
+               UINT32            EFSROM_LDO_ON_TIME:2;
+               UINT32            EFSROM_AIN:10;
+               UINT32            RESERVED:4;
+               UINT32            EFSROM_KICK:1;
+               UINT32            SEL_EFUSE:1;
+       }       field;
+       UINT32                  word;
+}      EFUSE_CTRL_STRUC, *PEFUSE_CTRL_STRUC;
+#endif // RT_BIG_ENDIAN //
+
+static UCHAR eFuseReadRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData);
+
+static VOID eFuseReadPhysical(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUSHORT lpInBuffer,
+       IN      ULONG nInBufferSize,
+       OUT     PUSHORT lpOutBuffer,
+       IN      ULONG nOutBufferSize);
+
+static VOID eFusePhysicalWriteRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData);
+
+static NTSTATUS eFuseWriteRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       IN      USHORT* pData);
+
+static VOID eFuseWritePhysical(
+       IN      PRTMP_ADAPTER   pAd,
+       PUSHORT lpInBuffer,
+       ULONG nInBufferSize,
+       PUCHAR lpOutBuffer,
+       ULONG nOutBufferSize);
+
+
+static NTSTATUS eFuseWriteRegistersFromBin(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       IN      USHORT* pData);
+
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+UCHAR eFuseReadRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData)
+{
+       EFUSE_CTRL_STRUC                eFuseCtrlStruc;
+       int     i;
+       USHORT  efuseDataOffset;
+       UINT32  data;
+
+       RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+       //Step0. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+       //Use the eeprom logical address and covert to address to block number
+       eFuseCtrlStruc.field.EFSROM_AIN = Offset & 0xfff0;
+
+       //Step1. Write EFSROM_MODE (0x580, bit7:bit6) to 0.
+       eFuseCtrlStruc.field.EFSROM_MODE = 0;
+
+       //Step2. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical read procedure.
+       eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+       NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+       RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+       //Step3. Polling EFSROM_KICK(0x580, bit30) until it become 0 again.
+       i = 0;
+       while(i < 500)
+       {
+               //rtmp.HwMemoryReadDword(EFUSE_CTRL, (DWORD *) &eFuseCtrlStruc, 4);
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+               if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+               {
+                       break;
+               }
+               RTMPusecDelay(2);
+               i++;
+       }
+
+       //if EFSROM_AOUT is not found in physical address, write 0xffff
+       if (eFuseCtrlStruc.field.EFSROM_AOUT == 0x3f)
+       {
+               for(i=0; i<Length/2; i++)
+                       *(pData+2*i) = 0xffff;
+       }
+       else
+       {
+               //Step4. Read 16-byte of data from EFUSE_DATA0-3 (0x590-0x59C)
+               efuseDataOffset =  EFUSE_DATA3 - (Offset & 0xC);
+               //data hold 4 bytes data.
+               //In RTMP_IO_READ32 will automatically execute 32-bytes swapping
+               RTMP_IO_READ32(pAd, efuseDataOffset, &data);
+               //Decide the upper 2 bytes or the bottom 2 bytes.
+               // Little-endian                S       |       S       Big-endian
+               // addr 3       2       1       0       |       0       1       2       3
+               // Ori-V        D       C       B       A       |       A       B       C       D
+               //After swapping
+               //              D       C       B       A       |       D       C       B       A
+               //Return 2-bytes
+               //The return byte statrs from S. Therefore, the little-endian will return BA, the Big-endian will return DC.
+               //For returning the bottom 2 bytes, the Big-endian should shift right 2-bytes.
+#ifdef RT_BIG_ENDIAN
+               data = data << (8*((Offset & 0x3)^0x2));
+#else
+               data = data >> (8*(Offset & 0x3));
+#endif // RT_BIG_ENDIAN //
+
+               NdisMoveMemory(pData, &data, Length);
+       }
+
+       return (UCHAR) eFuseCtrlStruc.field.EFSROM_AOUT;
+
+}
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+VOID eFusePhysicalReadRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData)
+{
+       EFUSE_CTRL_STRUC                eFuseCtrlStruc;
+       int     i;
+       USHORT  efuseDataOffset;
+       UINT32  data;
+
+       RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+       //Step0. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+       eFuseCtrlStruc.field.EFSROM_AIN = Offset & 0xfff0;
+
+       //Step1. Write EFSROM_MODE (0x580, bit7:bit6) to 1.
+       //Read in physical view
+       eFuseCtrlStruc.field.EFSROM_MODE = 1;
+
+       //Step2. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical read procedure.
+       eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+       NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+       RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+       //Step3. Polling EFSROM_KICK(0x580, bit30) until it become 0 again.
+       i = 0;
+       while(i < 500)
+       {
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+               if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+                       break;
+               RTMPusecDelay(2);
+               i++;
+       }
+
+       //Step4. Read 16-byte of data from EFUSE_DATA0-3 (0x59C-0x590)
+       //Because the size of each EFUSE_DATA is 4 Bytes, the size of address of each is 2 bits.
+       //The previous 2 bits is the EFUSE_DATA number, the last 2 bits is used to decide which bytes
+       //Decide which EFUSE_DATA to read
+       //590:F E D C
+       //594:B A 9 8
+       //598:7 6 5 4
+       //59C:3 2 1 0
+       efuseDataOffset =  EFUSE_DATA3 - (Offset & 0xC)  ;
+
+       RTMP_IO_READ32(pAd, efuseDataOffset, &data);
+
+#ifdef RT_BIG_ENDIAN
+               data = data << (8*((Offset & 0x3)^0x2));
+#else
+       data = data >> (8*(Offset & 0x3));
+#endif // RT_BIG_ENDIAN //
+
+       NdisMoveMemory(pData, &data, Length);
+
+}
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+static VOID eFuseReadPhysical(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUSHORT lpInBuffer,
+       IN      ULONG nInBufferSize,
+       OUT     PUSHORT lpOutBuffer,
+       IN      ULONG nOutBufferSize
+)
+{
+       USHORT* pInBuf = (USHORT*)lpInBuffer;
+       USHORT* pOutBuf = (USHORT*)lpOutBuffer;
+
+       USHORT Offset = pInBuf[0];                                      //addr
+       USHORT Length = pInBuf[1];                                      //length
+       int             i;
+
+       for(i=0; i<Length; i+=2)
+       {
+               eFusePhysicalReadRegisters(pAd,Offset+i, 2, &pOutBuf[i/2]);
+       }
+}
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+NTSTATUS eFuseRead(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Offset,
+       OUT     PUCHAR                  pData,
+       IN      USHORT                  Length)
+{
+       USHORT* pOutBuf = (USHORT*)pData;
+       NTSTATUS Status = STATUS_SUCCESS;
+       UCHAR   EFSROM_AOUT;
+       int     i;
+
+       for(i=0; i<Length; i+=2)
+       {
+               EFSROM_AOUT = eFuseReadRegisters(pAd, Offset+i, 2, &pOutBuf[i/2]);
+       }
+       return Status;
+}
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+static VOID eFusePhysicalWriteRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData)
+{
+       EFUSE_CTRL_STRUC                eFuseCtrlStruc;
+       int     i;
+       USHORT  efuseDataOffset;
+       UINT32  data, eFuseDataBuffer[4];
+
+       //Step0. Write 16-byte of data to EFUSE_DATA0-3 (0x590-0x59C), where EFUSE_DATA0 is the LSB DW, EFUSE_DATA3 is the MSB DW.
+
+       /////////////////////////////////////////////////////////////////
+       //read current values of 16-byte block
+       RTMP_IO_READ32(pAd, EFUSE_CTRL,  &eFuseCtrlStruc.word);
+
+       //Step0. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+       eFuseCtrlStruc.field.EFSROM_AIN = Offset & 0xfff0;
+
+       //Step1. Write EFSROM_MODE (0x580, bit7:bit6) to 1.
+       eFuseCtrlStruc.field.EFSROM_MODE = 1;
+
+       //Step2. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical read procedure.
+       eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+       NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+       RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+       //Step3. Polling EFSROM_KICK(0x580, bit30) until it become 0 again.
+       i = 0;
+       while(i < 500)
+       {
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+               if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+                       break;
+               RTMPusecDelay(2);
+               i++;
+       }
+
+       //Step4. Read 16-byte of data from EFUSE_DATA0-3 (0x59C-0x590)
+       efuseDataOffset =  EFUSE_DATA3;
+       for(i=0; i< 4; i++)
+       {
+               RTMP_IO_READ32(pAd, efuseDataOffset, (PUINT32) &eFuseDataBuffer[i]);
+               efuseDataOffset -=  4;
+       }
+
+       //Update the value, the offset is multiple of 2, length is 2
+       efuseDataOffset = (Offset & 0xc) >> 2;
+       data = pData[0] & 0xffff;
+       //The offset should be 0x***10 or 0x***00
+       if((Offset % 4) != 0)
+       {
+               eFuseDataBuffer[efuseDataOffset] = (eFuseDataBuffer[efuseDataOffset] & 0xffff) | (data << 16);
+       }
+       else
+       {
+               eFuseDataBuffer[efuseDataOffset] = (eFuseDataBuffer[efuseDataOffset] & 0xffff0000) | data;
+       }
+
+       efuseDataOffset =  EFUSE_DATA3;
+       for(i=0; i< 4; i++)
+       {
+               RTMP_IO_WRITE32(pAd, efuseDataOffset, eFuseDataBuffer[i]);
+               efuseDataOffset -= 4;
+       }
+       /////////////////////////////////////////////////////////////////
+
+       //Step1. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+
+       RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+       eFuseCtrlStruc.field.EFSROM_AIN = Offset & 0xfff0;
+
+       //Step2. Write EFSROM_MODE (0x580, bit7:bit6) to 3.
+       eFuseCtrlStruc.field.EFSROM_MODE = 3;
+
+       //Step3. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical write procedure.
+       eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+       NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+       RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+       //Step4. Polling EFSROM_KICK(0x580, bit30) until it become 0 again. It��s done.
+       i = 0;
+
+       while(i < 500)
+       {
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+               if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+                       break;
+
+               RTMPusecDelay(2);
+               i++;
+       }
+}
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+static NTSTATUS eFuseWriteRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       IN      USHORT* pData)
+{
+       USHORT  i,Loop=0;
+       USHORT  eFuseData;
+       USHORT  LogicalAddress, BlkNum = 0xffff;
+       UCHAR   EFSROM_AOUT;
+
+       USHORT addr,tmpaddr, InBuf[3], tmpOffset;
+       USHORT buffer[8];
+       BOOLEAN         bWriteSuccess = TRUE;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters Offset=%x, pData=%x\n", Offset, *pData));
+
+       //Step 0. find the entry in the mapping table
+       //The address of EEPROM is 2-bytes alignment.
+       //The last bit is used for alignment, so it must be 0.
+       tmpOffset = Offset & 0xfffe;
+       EFSROM_AOUT = eFuseReadRegisters(pAd, tmpOffset, 2, &eFuseData);
+
+       if( EFSROM_AOUT == 0x3f)
+       {       //find available logical address pointer
+               //the logical address does not exist, find an empty one
+               //from the first address of block 45=16*45=0x2d0 to the last address of block 47
+               //==>48*16-3(reserved)=2FC
+               for (i=EFUSE_USAGE_MAP_START; i<=EFUSE_USAGE_MAP_END; i+=2)
+               {
+                       //Retrive the logical block nubmer form each logical address pointer
+                       //It will access two logical address pointer each time.
+                       eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+                       if( (LogicalAddress & 0xff) == 0)
+                       {//Not used logical address pointer
+                               BlkNum = i-EFUSE_USAGE_MAP_START;
+                               break;
+                       }
+                       else if(( (LogicalAddress >> 8) & 0xff) == 0)
+                       {//Not used logical address pointer
+                               if (i != EFUSE_USAGE_MAP_END)
+                               {
+                                       BlkNum = i-EFUSE_USAGE_MAP_START+1;
+                               }
+                               break;
+                       }
+               }
+       }
+       else
+       {
+               BlkNum = EFSROM_AOUT;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters BlkNum = %d \n", BlkNum));
+
+       if(BlkNum == 0xffff)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters: out of free E-fuse space!!!\n"));
+               return FALSE;
+       }
+
+       //Step 1. Save data of this block       which is pointed by the avaible logical address pointer
+       // read and save the original block data
+       for(i =0; i<8; i++)
+       {
+               addr = BlkNum * 0x10 ;
+
+               InBuf[0] = addr+2*i;
+               InBuf[1] = 2;
+               InBuf[2] = 0x0;
+
+               eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+
+               buffer[i] = InBuf[2];
+       }
+
+       //Step 2. Update the data in buffer, and write the data to Efuse
+       buffer[ (Offset >> 1) % 8] = pData[0];
+
+       do
+       {       Loop++;
+               //Step 3. Write the data to Efuse
+               if(!bWriteSuccess)
+               {
+                       for(i =0; i<8; i++)
+                       {
+                               addr = BlkNum * 0x10 ;
+
+                               InBuf[0] = addr+2*i;
+                               InBuf[1] = 2;
+                               InBuf[2] = buffer[i];
+
+                               eFuseWritePhysical(pAd, &InBuf[0], 6, NULL, 2);
+                       }
+               }
+               else
+               {
+                               addr = BlkNum * 0x10 ;
+
+                               InBuf[0] = addr+(Offset % 16);
+                               InBuf[1] = 2;
+                               InBuf[2] = pData[0];
+
+                               eFuseWritePhysical(pAd, &InBuf[0], 6, NULL, 2);
+               }
+
+               //Step 4. Write mapping table
+               addr = EFUSE_USAGE_MAP_START+BlkNum;
+
+               tmpaddr = addr;
+
+               if(addr % 2 != 0)
+                       addr = addr -1;
+               InBuf[0] = addr;
+               InBuf[1] = 2;
+
+               //convert the address from 10 to 8 bit ( bit7, 6 = parity and bit5 ~ 0 = bit9~4), and write to logical map entry
+               tmpOffset = Offset;
+               tmpOffset >>= 4;
+               tmpOffset |= ((~((tmpOffset & 0x01) ^ ( tmpOffset >> 1 & 0x01) ^  (tmpOffset >> 2 & 0x01) ^  (tmpOffset >> 3 & 0x01))) << 6) & 0x40;
+               tmpOffset |= ((~( (tmpOffset >> 2 & 0x01) ^ (tmpOffset >> 3 & 0x01) ^ (tmpOffset >> 4 & 0x01) ^ ( tmpOffset >> 5 & 0x01))) << 7) & 0x80;
+
+               // write the logical address
+               if(tmpaddr%2 != 0)
+                       InBuf[2] = tmpOffset<<8;
+               else
+                       InBuf[2] = tmpOffset;
+
+               eFuseWritePhysical(pAd,&InBuf[0], 6, NULL, 0);
+
+               //Step 5. Compare data if not the same, invalidate the mapping entry, then re-write the data until E-fuse is exhausted
+               bWriteSuccess = TRUE;
+               for(i =0; i<8; i++)
+               {
+                       addr = BlkNum * 0x10 ;
+
+                       InBuf[0] = addr+2*i;
+                       InBuf[1] = 2;
+                       InBuf[2] = 0x0;
+
+                       eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+
+                       if(buffer[i] != InBuf[2])
+                       {
+                               bWriteSuccess = FALSE;
+                               break;
+                       }
+               }
+
+               //Step 6. invlidate mapping entry and find a free mapping entry if not succeed
+               if (!bWriteSuccess)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Not bWriteSuccess BlkNum = %d\n", BlkNum));
+
+                       // the offset of current mapping entry
+                       addr = EFUSE_USAGE_MAP_START+BlkNum;
+
+                       //find a new mapping entry
+                       BlkNum = 0xffff;
+                       for (i=EFUSE_USAGE_MAP_START; i<=EFUSE_USAGE_MAP_END; i+=2)
+                       {
+                               eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+                               if( (LogicalAddress & 0xff) == 0)
+                               {
+                                       BlkNum = i-EFUSE_USAGE_MAP_START;
+                                       break;
+                               }
+                               else if(( (LogicalAddress >> 8) & 0xff) == 0)
+                               {
+                                       if (i != EFUSE_USAGE_MAP_END)
+                                       {
+                                               BlkNum = i+1-EFUSE_USAGE_MAP_START;
+                                       }
+                                       break;
+                               }
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("Not bWriteSuccess new BlkNum = %d\n", BlkNum));
+                       if(BlkNum == 0xffff)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters: out of free E-fuse space!!!\n"));
+                               return FALSE;
+                       }
+
+                       //invalidate the original mapping entry if new entry is not found
+                       tmpaddr = addr;
+
+                       if(addr % 2 != 0)
+                               addr = addr -1;
+                       InBuf[0] = addr;
+                       InBuf[1] = 2;
+
+                       eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+
+                       // write the logical address
+                       if(tmpaddr%2 != 0)
+                       {
+                               // Invalidate the high byte
+                               for (i=8; i<15; i++)
+                               {
+                                       if( ( (InBuf[2] >> i) & 0x01) == 0)
+                                       {
+                                               InBuf[2] |= (0x1 <<i);
+                                               break;
+                                       }
+                               }
+                       }
+                       else
+                       {
+                               // invalidate the low byte
+                               for (i=0; i<8; i++)
+                               {
+                                       if( ( (InBuf[2] >> i) & 0x01) == 0)
+                                       {
+                                               InBuf[2] |= (0x1 <<i);
+                                               break;
+                                       }
+                               }
+                       }
+                       eFuseWritePhysical(pAd, &InBuf[0], 6, NULL, 0);
+               }
+       }
+       while (!bWriteSuccess&&Loop<2);
+       if(!bWriteSuccess)
+               DBGPRINT(RT_DEBUG_ERROR,("Efsue Write Failed!!\n"));
+       return TRUE;
+}
+
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+static VOID eFuseWritePhysical(
+       IN      PRTMP_ADAPTER   pAd,
+       PUSHORT lpInBuffer,
+       ULONG nInBufferSize,
+       PUCHAR lpOutBuffer,
+       ULONG nOutBufferSize
+)
+{
+       USHORT* pInBuf = (USHORT*)lpInBuffer;
+       int             i;
+       //USHORT* pOutBuf = (USHORT*)ioBuffer;
+       USHORT Offset = pInBuf[0];                                      // addr
+       USHORT Length = pInBuf[1];                                      // length
+       USHORT* pValueX = &pInBuf[2];                           // value ...
+
+       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWritePhysical Offset=0x%x, length=%d\n", Offset, Length));
+
+       {
+               // Little-endian                S       |       S       Big-endian
+               // addr 3       2       1       0       |       0       1       2       3
+               // Ori-V        D       C       B       A       |       A       B       C       D
+               // After swapping
+               //              D       C       B       A       |       D       C       B       A
+               // Both the little and big-endian use the same sequence to write  data.
+               // Therefore, we only need swap data when read the data.
+               for (i=0; i<Length; i+=2)
+               {
+                       eFusePhysicalWriteRegisters(pAd, Offset+i, 2, &pValueX[i/2]);
+               }
+       }
+}
+
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+NTSTATUS eFuseWrite(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Offset,
+       IN      PUCHAR                  pData,
+       IN      USHORT                  length)
+{
+       int i;
+       USHORT* pValueX = (PUSHORT) pData;                              //value ...
+
+       // The input value=3070 will be stored as following
+       // Little-endian                S       |       S       Big-endian
+       // addr                 1       0       |       0       1
+       // Ori-V                        30      70      |       30      70
+       // After swapping
+       //                              30      70      |       70      30
+       // Casting
+       //                              3070    |       7030 (x)
+       // The swapping should be removed for big-endian
+       for(i=0; i<length; i+=2)
+       {
+               eFuseWriteRegisters(pAd, Offset+i, 2, &pValueX[i/2]);
+       }
+
+       return TRUE;
+}
+
+
+
+
+/*
+========================================================================
+
+       Routine Description:
+
+       Arguments:
+
+       Return Value:
+
+       Note:
+
+========================================================================
+*/
+INT set_eFuseGetFreeBlockCount_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       USHORT i;
+       USHORT  LogicalAddress;
+       USHORT efusefreenum=0;
+       if(!pAd->bUseEfuse)
+               return FALSE;
+       for (i = EFUSE_USAGE_MAP_START; i <= EFUSE_USAGE_MAP_END; i+=2)
+       {
+               eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+               if( (LogicalAddress & 0xff) == 0)
+               {
+                       efusefreenum= (UCHAR) (EFUSE_USAGE_MAP_END-i+1);
+                       break;
+               }
+               else if(( (LogicalAddress >> 8) & 0xff) == 0)
+               {
+                       efusefreenum = (UCHAR) (EFUSE_USAGE_MAP_END-i);
+                       break;
+               }
+
+               if(i == EFUSE_USAGE_MAP_END)
+                       efusefreenum = 0;
+       }
+       printk("efuseFreeNumber is %d\n",efusefreenum);
+       return TRUE;
+}
+
+
+INT set_eFusedump_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+USHORT InBuf[3];
+       INT i=0;
+       if(!pAd->bUseEfuse)
+               return FALSE;
+       for(i =0; i<EFUSE_USAGE_MAP_END/2; i++)
+       {
+               InBuf[0] = 2*i;
+               InBuf[1] = 2;
+               InBuf[2] = 0x0;
+
+               eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+               if(i%4==0)
+               printk("\nBlock %x:",i/8);
+               printk("%04x ",InBuf[2]);
+       }
+       return TRUE;
+}
+
+
+INT    set_eFuseLoadFromBin_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       PSTRING                                 src;
+       RTMP_OS_FD                              srcf;
+       RTMP_OS_FS_INFO                 osfsInfo;
+       INT                                             retval, memSize;
+       PSTRING                                 buffer, memPtr;
+       INT                                             i = 0,j=0,k=1;
+       USHORT                                  *PDATA;
+       USHORT                                  DATA;
+
+       memSize = 128 + MAX_EEPROM_BIN_FILE_SIZE + sizeof(USHORT) * 8;
+       memPtr = kmalloc(memSize, MEM_ALLOC_FLAG);
+       if (memPtr == NULL)
+               return FALSE;
+
+       NdisZeroMemory(memPtr, memSize);
+       src = memPtr; // kmalloc(128, MEM_ALLOC_FLAG);
+       buffer = src + 128;             // kmalloc(MAX_EEPROM_BIN_FILE_SIZE, MEM_ALLOC_FLAG);
+       PDATA = (USHORT*)(buffer + MAX_EEPROM_BIN_FILE_SIZE);   // kmalloc(sizeof(USHORT)*8,MEM_ALLOC_FLAG);
+
+       if(strlen(arg)>0)
+               NdisMoveMemory(src, arg, strlen(arg));
+       else
+               NdisMoveMemory(src, EFUSE_EEPROM_DEFULT_FILE, strlen(EFUSE_EEPROM_DEFULT_FILE));
+       DBGPRINT(RT_DEBUG_TRACE, ("FileName=%s\n",src));
+
+       RtmpOSFSInfoChange(&osfsInfo, TRUE);
+
+       srcf = RtmpOSFileOpen(src, O_RDONLY, 0);
+       if (IS_FILE_OPEN_ERR(srcf))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("--> Error opening file %s\n", src));
+               retval = FALSE;
+               goto recoverFS;
+       }
+       else
+       {
+               // The object must have a read method
+               while(RtmpOSFileRead(srcf, &buffer[i], 1)==1)
+               {
+               i++;
+                       if(i>MAX_EEPROM_BIN_FILE_SIZE)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("--> Error reading file %s, file size too large[>%d]\n", src, MAX_EEPROM_BIN_FILE_SIZE));
+                               retval = FALSE;
+                               goto closeFile;
+                       }
+               }
+
+               retval = RtmpOSFileClose(srcf);
+               if (retval)
+                       DBGPRINT(RT_DEBUG_TRACE, ("--> Error closing file %s\n", src));
+       }
+
+
+       RtmpOSFSInfoChange(&osfsInfo, FALSE);
+
+       for(j=0;j<i;j++)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%02X ",buffer[j]&0xff));
+               if((j+1)%2==0)
+                       PDATA[j/2%8]=((buffer[j]<<8)&0xff00)|(buffer[j-1]&0xff);
+               if(j%16==0)
+               {
+                       k=buffer[j];
+               }
+               else
+               {
+                       k&=buffer[j];
+                       if((j+1)%16==0)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, (" result=%02X,blk=%02x\n",k,j/16));
+                               if(k!=0xff)
+                                       eFuseWriteRegistersFromBin(pAd,(USHORT)j-15, 16, PDATA);
+                               else
+                               {
+                                       if(eFuseReadRegisters(pAd,j, 2,(PUSHORT)&DATA)!=0x3f)
+                                               eFuseWriteRegistersFromBin(pAd,(USHORT)j-15, 16, PDATA);
+                               }
+                               /*
+                               for(l=0;l<8;l++)
+                                       printk("%04x ",PDATA[l]);
+                               printk("\n");
+                               */
+                               NdisZeroMemory(PDATA,16);
+                       }
+               }
+       }
+
+       return TRUE;
+
+closeFile:
+       if (srcf)
+               RtmpOSFileClose(srcf);
+
+recoverFS:
+       RtmpOSFSInfoChange(&osfsInfo, FALSE);
+
+
+       if (memPtr)
+               kfree(memPtr);
+
+       return retval;
+}
+
+
+static NTSTATUS eFuseWriteRegistersFromBin(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       IN      USHORT* pData)
+{
+       USHORT  i;
+       USHORT  eFuseData;
+       USHORT  LogicalAddress, BlkNum = 0xffff;
+       UCHAR   EFSROM_AOUT,Loop=0;
+       EFUSE_CTRL_STRUC                eFuseCtrlStruc;
+       USHORT  efuseDataOffset;
+       UINT32  data,tempbuffer;
+       USHORT addr,tmpaddr, InBuf[3], tmpOffset;
+       UINT32 buffer[4];
+       BOOLEAN         bWriteSuccess = TRUE;
+       BOOLEAN         bNotWrite=TRUE;
+       BOOLEAN         bAllocateNewBlk=TRUE;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegistersFromBin Offset=%x, pData=%04x:%04x:%04x:%04x\n", Offset, *pData,*(pData+1),*(pData+2),*(pData+3)));
+
+       do
+       {
+       //Step 0. find the entry in the mapping table
+       //The address of EEPROM is 2-bytes alignment.
+       //The last bit is used for alignment, so it must be 0.
+       Loop++;
+       tmpOffset = Offset & 0xfffe;
+       EFSROM_AOUT = eFuseReadRegisters(pAd, tmpOffset, 2, &eFuseData);
+
+       if( EFSROM_AOUT == 0x3f)
+       {       //find available logical address pointer
+               //the logical address does not exist, find an empty one
+               //from the first address of block 45=16*45=0x2d0 to the last address of block 47
+               //==>48*16-3(reserved)=2FC
+               bAllocateNewBlk=TRUE;
+               for (i=EFUSE_USAGE_MAP_START; i<=EFUSE_USAGE_MAP_END; i+=2)
+               {
+                       //Retrive the logical block nubmer form each logical address pointer
+                       //It will access two logical address pointer each time.
+                       eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+                       if( (LogicalAddress & 0xff) == 0)
+                       {//Not used logical address pointer
+                               BlkNum = i-EFUSE_USAGE_MAP_START;
+                               break;
+                       }
+                       else if(( (LogicalAddress >> 8) & 0xff) == 0)
+                       {//Not used logical address pointer
+                               if (i != EFUSE_USAGE_MAP_END)
+                               {
+                                       BlkNum = i-EFUSE_USAGE_MAP_START+1;
+                               }
+                               break;
+                       }
+               }
+       }
+       else
+       {
+               bAllocateNewBlk=FALSE;
+               BlkNum = EFSROM_AOUT;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters BlkNum = %d \n", BlkNum));
+
+       if(BlkNum == 0xffff)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegisters: out of free E-fuse space!!!\n"));
+               return FALSE;
+       }
+       //Step 1.1.0
+       //If the block is not existing in mapping table, create one
+       //and write down the 16-bytes data to the new block
+       if(bAllocateNewBlk)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Allocate New Blk\n"));
+               efuseDataOffset =  EFUSE_DATA3;
+               for(i=0; i< 4; i++)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Allocate New Blk, Data%d=%04x%04x\n",3-i,pData[2*i+1],pData[2*i]));
+                       tempbuffer=((pData[2*i+1]<<16)&0xffff0000)|pData[2*i];
+
+
+                       RTMP_IO_WRITE32(pAd, efuseDataOffset,tempbuffer);
+                       efuseDataOffset -= 4;
+
+               }
+               /////////////////////////////////////////////////////////////////
+
+               //Step1.1.1. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+               eFuseCtrlStruc.field.EFSROM_AIN = BlkNum* 0x10 ;
+
+               //Step1.1.2. Write EFSROM_MODE (0x580, bit7:bit6) to 3.
+               eFuseCtrlStruc.field.EFSROM_MODE = 3;
+
+               //Step1.1.3. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical write procedure.
+               eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+               NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+
+               RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+               //Step1.1.4. Polling EFSROM_KICK(0x580, bit30) until it become 0 again. It��s done.
+               i = 0;
+               while(i < 100)
+               {
+                       RTMP_IO_READ32(pAd, EFUSE_CTRL, (PUINT32) &eFuseCtrlStruc);
+
+                       if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+                               break;
+
+                       RTMPusecDelay(2);
+                       i++;
+               }
+
+       }
+       else
+       {       //Step1.2.
+               //If the same logical number is existing, check if the writting data and the data
+               //saving in this block are the same.
+               /////////////////////////////////////////////////////////////////
+               //read current values of 16-byte block
+               RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrlStruc.word);
+
+               //Step1.2.0. Write 10-bit of address to EFSROM_AIN (0x580, bit25:bit16). The address must be 16-byte alignment.
+               eFuseCtrlStruc.field.EFSROM_AIN = Offset & 0xfff0;
+
+               //Step1.2.1. Write EFSROM_MODE (0x580, bit7:bit6) to 1.
+               eFuseCtrlStruc.field.EFSROM_MODE = 0;
+
+               //Step1.2.2. Write EFSROM_KICK (0x580, bit30) to 1 to kick-off physical read procedure.
+               eFuseCtrlStruc.field.EFSROM_KICK = 1;
+
+               NdisMoveMemory(&data, &eFuseCtrlStruc, 4);
+               RTMP_IO_WRITE32(pAd, EFUSE_CTRL, data);
+
+               //Step1.2.3. Polling EFSROM_KICK(0x580, bit30) until it become 0 again.
+               i = 0;
+               while(i < 500)
+               {
+                       RTMP_IO_READ32(pAd, EFUSE_CTRL, (PUINT32) &eFuseCtrlStruc);
+
+                       if(eFuseCtrlStruc.field.EFSROM_KICK == 0)
+                               break;
+                       RTMPusecDelay(2);
+                       i++;
+               }
+
+               //Step1.2.4. Read 16-byte of data from EFUSE_DATA0-3 (0x59C-0x590)
+               efuseDataOffset =  EFUSE_DATA3;
+               for(i=0; i< 4; i++)
+               {
+                       RTMP_IO_READ32(pAd, efuseDataOffset, (PUINT32) &buffer[i]);
+                       efuseDataOffset -=  4;
+               }
+               //Step1.2.5. Check if the data of efuse and the writing data are the same.
+               for(i =0; i<4; i++)
+               {
+                       tempbuffer=((pData[2*i+1]<<16)&0xffff0000)|pData[2*i];
+                       DBGPRINT(RT_DEBUG_TRACE, ("buffer[%d]=%x,pData[%d]=%x,pData[%d]=%x,tempbuffer=%x\n",i,buffer[i],2*i,pData[2*i],2*i+1,pData[2*i+1],tempbuffer));
+
+                       if(((buffer[i]&0xffff0000)==(pData[2*i+1]<<16))&&((buffer[i]&0xffff)==pData[2*i]))
+                               bNotWrite&=TRUE;
+                       else
+                       {
+                               bNotWrite&=FALSE;
+                               break;
+                       }
+               }
+               if(!bNotWrite)
+               {
+               printk("The data is not the same\n");
+
+                       for(i =0; i<8; i++)
+                       {
+                               addr = BlkNum * 0x10 ;
+
+                               InBuf[0] = addr+2*i;
+                               InBuf[1] = 2;
+                               InBuf[2] = pData[i];
+
+                               eFuseWritePhysical(pAd, &InBuf[0], 6, NULL, 2);
+                       }
+
+               }
+               else
+                       return TRUE;
+            }
+
+
+
+               //Step 2. Write mapping table
+               addr = EFUSE_USAGE_MAP_START+BlkNum;
+
+               tmpaddr = addr;
+
+               if(addr % 2 != 0)
+                       addr = addr -1;
+               InBuf[0] = addr;
+               InBuf[1] = 2;
+
+               //convert the address from 10 to 8 bit ( bit7, 6 = parity and bit5 ~ 0 = bit9~4), and write to logical map entry
+               tmpOffset = Offset;
+               tmpOffset >>= 4;
+               tmpOffset |= ((~((tmpOffset & 0x01) ^ ( tmpOffset >> 1 & 0x01) ^  (tmpOffset >> 2 & 0x01) ^  (tmpOffset >> 3 & 0x01))) << 6) & 0x40;
+               tmpOffset |= ((~( (tmpOffset >> 2 & 0x01) ^ (tmpOffset >> 3 & 0x01) ^ (tmpOffset >> 4 & 0x01) ^ ( tmpOffset >> 5 & 0x01))) << 7) & 0x80;
+
+               // write the logical address
+               if(tmpaddr%2 != 0)
+                       InBuf[2] = tmpOffset<<8;
+               else
+                       InBuf[2] = tmpOffset;
+
+               eFuseWritePhysical(pAd,&InBuf[0], 6, NULL, 0);
+
+               //Step 3. Compare data if not the same, invalidate the mapping entry, then re-write the data until E-fuse is exhausted
+               bWriteSuccess = TRUE;
+               for(i =0; i<8; i++)
+               {
+                       addr = BlkNum * 0x10 ;
+
+                       InBuf[0] = addr+2*i;
+                       InBuf[1] = 2;
+                       InBuf[2] = 0x0;
+
+                       eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+                       DBGPRINT(RT_DEBUG_TRACE, ("addr=%x, buffer[i]=%x,InBuf[2]=%x\n",InBuf[0],pData[i],InBuf[2]));
+                       if(pData[i] != InBuf[2])
+                       {
+                               bWriteSuccess = FALSE;
+                               break;
+                       }
+               }
+
+               //Step 4. invlidate mapping entry and find a free mapping entry if not succeed
+
+               if (!bWriteSuccess&&Loop<2)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegistersFromBin::Not bWriteSuccess BlkNum = %d\n", BlkNum));
+
+                       // the offset of current mapping entry
+                       addr = EFUSE_USAGE_MAP_START+BlkNum;
+
+                       //find a new mapping entry
+                       BlkNum = 0xffff;
+                       for (i=EFUSE_USAGE_MAP_START; i<=EFUSE_USAGE_MAP_END; i+=2)
+                       {
+                               eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+                               if( (LogicalAddress & 0xff) == 0)
+                               {
+                                       BlkNum = i-EFUSE_USAGE_MAP_START;
+                                       break;
+                               }
+                               else if(( (LogicalAddress >> 8) & 0xff) == 0)
+                               {
+                                       if (i != EFUSE_USAGE_MAP_END)
+                                       {
+                                               BlkNum = i+1-EFUSE_USAGE_MAP_START;
+                                       }
+                                       break;
+                               }
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegistersFromBin::Not bWriteSuccess new BlkNum = %d\n", BlkNum));
+                       if(BlkNum == 0xffff)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("eFuseWriteRegistersFromBin: out of free E-fuse space!!!\n"));
+                               return FALSE;
+                       }
+
+                       //invalidate the original mapping entry if new entry is not found
+                       tmpaddr = addr;
+
+                       if(addr % 2 != 0)
+                               addr = addr -1;
+                       InBuf[0] = addr;
+                       InBuf[1] = 2;
+
+                       eFuseReadPhysical(pAd, &InBuf[0], 4, &InBuf[2], 2);
+
+                       // write the logical address
+                       if(tmpaddr%2 != 0)
+                       {
+                               // Invalidate the high byte
+                               for (i=8; i<15; i++)
+                               {
+                                       if( ( (InBuf[2] >> i) & 0x01) == 0)
+                                       {
+                                               InBuf[2] |= (0x1 <<i);
+                                               break;
+                                       }
+                               }
+                       }
+                       else
+                       {
+                               // invalidate the low byte
+                               for (i=0; i<8; i++)
+                               {
+                                       if( ( (InBuf[2] >> i) & 0x01) == 0)
+                                       {
+                                               InBuf[2] |= (0x1 <<i);
+                                               break;
+                                       }
+                               }
+                       }
+                       eFuseWritePhysical(pAd, &InBuf[0], 6, NULL, 0);
+               }
+
+       }
+       while(!bWriteSuccess&&Loop<2);
+
+       return TRUE;
+}
+
+
+int rtmp_ee_efuse_read16(
+       IN RTMP_ADAPTER *pAd,
+       IN USHORT Offset,
+       OUT USHORT *pValue)
+{
+       if(pAd->bFroceEEPROMBuffer || pAd->bEEPROMFile)
+       {
+           DBGPRINT(RT_DEBUG_TRACE,  ("Read from EEPROM Buffer\n"));
+           NdisMoveMemory(pValue, &(pAd->EEPROMImage[Offset]), 2);
+       }
+       else
+           eFuseReadRegisters(pAd, Offset, 2, pValue);
+       return (*pValue);
+}
+
+
+int rtmp_ee_efuse_write16(
+       IN RTMP_ADAPTER *pAd,
+       IN USHORT Offset,
+       IN USHORT data)
+{
+    if(pAd->bFroceEEPROMBuffer||pAd->bEEPROMFile)
+    {
+        DBGPRINT(RT_DEBUG_TRACE,  ("Write to EEPROM Buffer\n"));
+        NdisMoveMemory(&(pAd->EEPROMImage[Offset]), &data, 2);
+    }
+    else
+        eFuseWriteRegisters(pAd, Offset, 2, &data);
+       return 0;
+}
+
+
+int RtmpEfuseSupportCheck(
+       IN RTMP_ADAPTER *pAd)
+{
+       USHORT value;
+
+       if (IS_RT30xx(pAd))
+       {
+               eFusePhysicalReadRegisters(pAd, EFUSE_TAG, 2, &value);
+               pAd->EFuseTag = (value & 0xff);
+       }
+       return 0;
+}
+
+INT set_eFuseBufferModeWriteBack_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT Enable;
+
+
+       if(strlen(arg)>0)
+       {
+               Enable= simple_strtol(arg, 0, 16);
+       }
+       else
+               return FALSE;
+       if(Enable==1)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("set_eFuseBufferMode_Proc:: Call WRITEEEPROMBUF"));
+               eFuseWriteEeeppromBuf(pAd);
+       }
+       else
+               return FALSE;
+       return TRUE;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Load EEPROM from bin file for eFuse mode
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               NDIS_STATUS_SUCCESS         firmware image load ok
+               NDIS_STATUS_FAILURE         image not found
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+INT eFuseLoadEEPROM(
+       IN PRTMP_ADAPTER pAd)
+{
+       PSTRING                                 src = NULL;
+       INT                                             retval;
+       RTMP_OS_FD                              srcf;
+       RTMP_OS_FS_INFO                 osFSInfo;
+
+
+       src=EFUSE_BUFFER_PATH;
+       DBGPRINT(RT_DEBUG_TRACE, ("FileName=%s\n",src));
+
+
+       RtmpOSFSInfoChange(&osFSInfo, TRUE);
+
+       if (src && *src)
+       {
+               srcf = RtmpOSFileOpen(src, O_RDONLY, 0);
+               if (IS_FILE_OPEN_ERR(srcf))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("--> Error %ld opening %s\n", -PTR_ERR(srcf),src));
+                       return FALSE;
+               }
+               else
+               {
+
+                               memset(pAd->EEPROMImage, 0x00, MAX_EEPROM_BIN_FILE_SIZE);
+
+
+                       retval =RtmpOSFileRead(srcf, (PSTRING)pAd->EEPROMImage, MAX_EEPROM_BIN_FILE_SIZE);
+                       if (retval > 0)
+                                                       {
+                               RTMPSetProfileParameters(pAd, (PSTRING)pAd->EEPROMImage);
+                               retval = NDIS_STATUS_SUCCESS;
+                       }
+                       else
+                               DBGPRINT(RT_DEBUG_ERROR, ("Read file \"%s\" failed(errCode=%d)!\n", src, retval));
+
+               }
+
+
+       }
+       else
+               {
+                                       DBGPRINT(RT_DEBUG_ERROR, ("--> Error src  or srcf is null\n"));
+                                       return FALSE;
+
+               }
+
+       retval=RtmpOSFileClose(srcf);
+
+       if (retval)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("--> Error %d closing %s\n", -retval, src));
+       }
+
+
+       RtmpOSFSInfoChange(&osFSInfo, FALSE);
+
+       return TRUE;
+}
+
+INT eFuseWriteEeeppromBuf(
+       IN PRTMP_ADAPTER pAd)
+{
+
+       PSTRING                                 src = NULL;
+       INT                                             retval;
+       RTMP_OS_FD                              srcf;
+       RTMP_OS_FS_INFO                 osFSInfo;
+
+
+       src=EFUSE_BUFFER_PATH;
+       DBGPRINT(RT_DEBUG_TRACE, ("FileName=%s\n",src));
+
+       RtmpOSFSInfoChange(&osFSInfo, TRUE);
+
+
+
+       if (src && *src)
+       {
+               srcf = RtmpOSFileOpen(src, O_WRONLY|O_CREAT, 0);
+
+               if (IS_FILE_OPEN_ERR(srcf))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("--> Error %ld opening %s\n", -PTR_ERR(srcf),src));
+                       return FALSE;
+               }
+               else
+               {
+/*
+                       // The object must have a read method
+                       if (srcf->f_op && srcf->f_op->write)
+                       {
+                               // The object must have a read method
+                        srcf->f_op->write(srcf, pAd->EEPROMImage, 1024, &srcf->f_pos);
+
+                       }
+                       else
+                       {
+                                               DBGPRINT(RT_DEBUG_ERROR, ("--> Error!! System doest not support read function\n"));
+                                               return FALSE;
+                       }
+*/
+
+                       RtmpOSFileWrite(srcf, (PSTRING)pAd->EEPROMImage,MAX_EEPROM_BIN_FILE_SIZE);
+
+               }
+
+
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("--> Error src  or srcf is null\n"));
+               return FALSE;
+
+       }
+
+       retval=RtmpOSFileClose(srcf);
+
+       if (retval)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("--> Error %d closing %s\n", -retval, src));
+       }
+
+       RtmpOSFSInfoChange(&osFSInfo, FALSE);
+       return TRUE;
+}
+
+
+VOID eFuseGetFreeBlockCount(IN PRTMP_ADAPTER pAd,
+       PUINT EfuseFreeBlock)
+{
+       USHORT i;
+       USHORT  LogicalAddress;
+       if(!pAd->bUseEfuse)
+               {
+               DBGPRINT(RT_DEBUG_TRACE,("eFuseGetFreeBlockCount Only supports efuse Mode\n"));
+               return ;
+               }
+       for (i = EFUSE_USAGE_MAP_START; i <= EFUSE_USAGE_MAP_END; i+=2)
+       {
+               eFusePhysicalReadRegisters(pAd, i, 2, &LogicalAddress);
+               if( (LogicalAddress & 0xff) == 0)
+               {
+                       *EfuseFreeBlock= (UCHAR) (EFUSE_USAGE_MAP_END-i+1);
+                       break;
+               }
+               else if(( (LogicalAddress >> 8) & 0xff) == 0)
+               {
+                       *EfuseFreeBlock = (UCHAR) (EFUSE_USAGE_MAP_END-i);
+                       break;
+               }
+
+               if(i == EFUSE_USAGE_MAP_END)
+                       *EfuseFreeBlock = 0;
+       }
+       DBGPRINT(RT_DEBUG_TRACE,("eFuseGetFreeBlockCount is 0x%x\n",*EfuseFreeBlock));
+}
+
+INT eFuse_init(
+       IN PRTMP_ADAPTER pAd)
+{
+       UINT    EfuseFreeBlock=0;
+       DBGPRINT(RT_DEBUG_ERROR, ("NVM is Efuse and its size =%x[%x-%x] \n",EFUSE_USAGE_MAP_SIZE,EFUSE_USAGE_MAP_START,EFUSE_USAGE_MAP_END));
+       eFuseGetFreeBlockCount(pAd, &EfuseFreeBlock);
+       //If the used block of efuse is less than 5. We assume the default value
+       // of this efuse is empty and change to the buffer mode in odrder to
+       //bring up interfaces successfully.
+       if(EfuseFreeBlock > (EFUSE_USAGE_MAP_END-5))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("NVM is Efuse and the information is too less to bring up interface. Force to use EEPROM Buffer Mode\n"));
+               pAd->bFroceEEPROMBuffer = TRUE;
+               eFuseLoadEEPROM(pAd);
+       }
+       else
+               pAd->bFroceEEPROMBuffer = FALSE;
+       DBGPRINT(RT_DEBUG_TRACE, ("NVM is Efuse and force to use EEPROM Buffer Mode=%x\n",pAd->bFroceEEPROMBuffer));
+
+       return 0;
+}
diff --git a/drivers/staging/rt3090/common/ee_prom.c b/drivers/staging/rt3090/common/ee_prom.c
new file mode 100644 (file)
index 0000000..051cfde
--- /dev/null
@@ -0,0 +1,308 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       ee_prom.c
+
+       Abstract:
+       Miniport generic portion header file
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+// IRQL = PASSIVE_LEVEL
+static inline VOID RaiseClock(
+    IN PRTMP_ADAPTER   pAd,
+    IN  UINT32 *x)
+{
+       *x = *x | EESK;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, *x);
+       RTMPusecDelay(1);                               // Max frequency = 1MHz in Spec. definition
+}
+
+// IRQL = PASSIVE_LEVEL
+static inline VOID LowerClock(
+    IN PRTMP_ADAPTER   pAd,
+    IN  UINT32 *x)
+{
+       *x = *x & ~EESK;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, *x);
+       RTMPusecDelay(1);
+}
+
+// IRQL = PASSIVE_LEVEL
+static inline USHORT ShiftInBits(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32          x,i;
+       USHORT      data=0;
+
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+
+       x &= ~( EEDO | EEDI);
+
+       for(i=0; i<16; i++)
+       {
+               data = data << 1;
+               RaiseClock(pAd, &x);
+
+               RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+               LowerClock(pAd, &x); //prevent read failed
+
+               x &= ~(EEDI);
+               if(x & EEDO)
+                   data |= 1;
+       }
+
+       return data;
+}
+
+
+// IRQL = PASSIVE_LEVEL
+static inline VOID ShiftOutBits(
+       IN PRTMP_ADAPTER        pAd,
+       IN USHORT                       data,
+       IN USHORT                       count)
+{
+       UINT32       x,mask;
+
+       mask = 0x01 << (count - 1);
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+
+       x &= ~(EEDO | EEDI);
+
+       do
+       {
+           x &= ~EEDI;
+           if(data & mask)             x |= EEDI;
+
+           RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+           RaiseClock(pAd, &x);
+           LowerClock(pAd, &x);
+
+           mask = mask >> 1;
+       } while(mask);
+
+       x &= ~EEDI;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+}
+
+
+// IRQL = PASSIVE_LEVEL
+static inline VOID EEpromCleanup(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32 x;
+
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+
+       x &= ~(EECS | EEDI);
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+       RaiseClock(pAd, &x);
+       LowerClock(pAd, &x);
+}
+
+
+static inline VOID EWEN(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32  x;
+
+       // reset bits and set EECS
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+       x &= ~(EEDI | EEDO | EESK);
+       x |= EECS;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+       // kick a pulse
+       RaiseClock(pAd, &x);
+       LowerClock(pAd, &x);
+
+       // output the read_opcode and six pulse in that order
+       ShiftOutBits(pAd, EEPROM_EWEN_OPCODE, 5);
+       ShiftOutBits(pAd, 0, 6);
+
+       EEpromCleanup(pAd);
+}
+
+
+static inline VOID EWDS(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UINT32  x;
+
+       // reset bits and set EECS
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+       x &= ~(EEDI | EEDO | EESK);
+       x |= EECS;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+       // kick a pulse
+       RaiseClock(pAd, &x);
+       LowerClock(pAd, &x);
+
+       // output the read_opcode and six pulse in that order
+       ShiftOutBits(pAd, EEPROM_EWDS_OPCODE, 5);
+       ShiftOutBits(pAd, 0, 6);
+
+       EEpromCleanup(pAd);
+}
+
+
+// IRQL = PASSIVE_LEVEL
+int rtmp_ee_prom_read16(
+       IN PRTMP_ADAPTER        pAd,
+       IN USHORT                       Offset,
+       OUT USHORT                      *pValue)
+{
+       UINT32          x;
+       USHORT          data;
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+       if (pAd->NicConfig2.field.AntDiversity)
+       {
+               pAd->EepromAccess = TRUE;
+       }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+       Offset /= 2;
+       // reset bits and set EECS
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+       x &= ~(EEDI | EEDO | EESK);
+       x |= EECS;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+       // patch can not access e-Fuse issue
+       if (!(IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)))
+       {
+               // kick a pulse
+               RaiseClock(pAd, &x);
+               LowerClock(pAd, &x);
+       }
+
+       // output the read_opcode and register number in that order
+       ShiftOutBits(pAd, EEPROM_READ_OPCODE, 3);
+       ShiftOutBits(pAd, Offset, pAd->EEPROMAddressNum);
+
+       // Now read the data (16 bits) in from the selected EEPROM word
+       data = ShiftInBits(pAd);
+
+       EEpromCleanup(pAd);
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+       // Antenna and EEPROM access are both using EESK pin,
+       // Therefor we should avoid accessing EESK at the same time
+       // Then restore antenna after EEPROM access
+       if ((pAd->NicConfig2.field.AntDiversity)/* || (pAd->RfIcType == RFIC_3020)*/)
+       {
+               pAd->EepromAccess = FALSE;
+               AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+       }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+       *pValue = data;
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+int rtmp_ee_prom_write16(
+    IN  PRTMP_ADAPTER  pAd,
+    IN  USHORT Offset,
+    IN  USHORT Data)
+{
+       UINT32 x;
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+       if (pAd->NicConfig2.field.AntDiversity)
+       {
+               pAd->EepromAccess = TRUE;
+       }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+       Offset /= 2;
+
+       EWEN(pAd);
+
+       // reset bits and set EECS
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+       x &= ~(EEDI | EEDO | EESK);
+       x |= EECS;
+       RTMP_IO_WRITE32(pAd, E2PROM_CSR, x);
+
+       // patch can not access e-Fuse issue
+       if (!(IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)))
+       {
+               // kick a pulse
+               RaiseClock(pAd, &x);
+               LowerClock(pAd, &x);
+       }
+
+       // output the read_opcode ,register number and data in that order
+       ShiftOutBits(pAd, EEPROM_WRITE_OPCODE, 3);
+       ShiftOutBits(pAd, Offset, pAd->EEPROMAddressNum);
+       ShiftOutBits(pAd, Data, 16);            // 16-bit access
+
+       // read DO status
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &x);
+
+       EEpromCleanup(pAd);
+
+       RTMPusecDelay(10000);   //delay for twp(MAX)=10ms
+
+       EWDS(pAd);
+
+       EEpromCleanup(pAd);
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+       // Antenna and EEPROM access are both using EESK pin,
+       // Therefor we should avoid accessing EESK at the same time
+       // Then restore antenna after EEPROM access
+       if ((pAd->NicConfig2.field.AntDiversity) /*|| (pAd->RfIcType == RFIC_3020)*/)
+       {
+               pAd->EepromAccess = FALSE;
+               AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+       }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+       return NDIS_STATUS_SUCCESS;
+
+}
diff --git a/drivers/staging/rt3090/common/eeprom.c b/drivers/staging/rt3090/common/eeprom.c
new file mode 100644 (file)
index 0000000..2e83749
--- /dev/null
@@ -0,0 +1,98 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       eeprom.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Name            Date                    Modification logs
+*/
+
+#include "../rt_config.h"
+
+
+INT RtmpChipOpsEepromHook(
+       IN RTMP_ADAPTER *pAd,
+       IN INT                  infType)
+{
+       RTMP_CHIP_OP    *pChipOps = &pAd->chipOps;
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+       UINT32                  eFuseCtrl, MacCsr0;
+       int index;
+
+       index = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, MAC_CSR0, &MacCsr0);
+               pAd->MACVersion = MacCsr0;
+
+               if ((pAd->MACVersion != 0x00) && (pAd->MACVersion != 0xFFFFFFFF))
+                       break;
+
+               RTMPusecDelay(10);
+       } while (index++ < 100);
+
+       pAd->bUseEfuse=FALSE;
+       RTMP_IO_READ32(pAd, EFUSE_CTRL, &eFuseCtrl);
+       pAd->bUseEfuse = ( (eFuseCtrl & 0x80000000) == 0x80000000) ? 1 : 0;
+       if(pAd->bUseEfuse)
+       {
+               pChipOps->eeinit = eFuse_init;
+               pChipOps->eeread = rtmp_ee_efuse_read16;
+               pChipOps->eewrite = rtmp_ee_efuse_write16;
+               return 0 ;
+       }
+       else
+       {
+               pAd->bFroceEEPROMBuffer = FALSE;
+               DBGPRINT(RT_DEBUG_TRACE, ("NVM is EEPROM\n"));
+       }
+#endif // RTMP_EFUSE_SUPPORT //
+#endif // RT30xx //
+
+       switch(infType)
+       {
+#ifdef RTMP_PCI_SUPPORT
+               case RTMP_DEV_INF_PCI:
+                       pChipOps->eeinit = NULL;
+                       pChipOps->eeread = rtmp_ee_prom_read16;
+                       pChipOps->eewrite = rtmp_ee_prom_write16;
+                       break;
+#endif // RTMP_PCI_SUPPORT //
+
+
+               default:
+                       DBGPRINT(RT_DEBUG_ERROR, ("RtmpChipOpsEepromHook() failed!\n"));
+                       break;
+       }
+
+       return 0;
+}
diff --git a/drivers/staging/rt3090/common/igmp_snoop.c b/drivers/staging/rt3090/common/igmp_snoop.c
new file mode 100644 (file)
index 0000000..680658f
--- /dev/null
@@ -0,0 +1,1365 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+
+#ifdef IGMP_SNOOP_SUPPORT
+
+#include "../rt_config.h"
+#include "../ipv6.h"
+#include "../igmp_snoop.h"
+
+
+static inline void initFreeEntryList(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList)
+{
+       int i;
+
+       for (i = 0; i < FREE_MEMBER_POOL_SIZE; i++)
+               insertTailList(pList, (PLIST_ENTRY)&(pMulticastFilterTable->freeMemberPool[i]));
+
+       return;
+}
+
+static inline PMEMBER_ENTRY AllocaGrpMemberEntry(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable)
+{
+       PMEMBER_ENTRY pMemberEntry;
+
+       RTMP_SEM_LOCK(&pMulticastFilterTable->FreeMemberPoolTabLock);
+
+       pMemberEntry = (PMEMBER_ENTRY)removeHeadList(&pMulticastFilterTable->freeEntryList);
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->FreeMemberPoolTabLock);
+
+       return (PMEMBER_ENTRY)pMemberEntry;
+}
+
+static inline VOID FreeGrpMemberEntry(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PMEMBER_ENTRY pEntry)
+{
+       RTMP_SEM_LOCK(&pMulticastFilterTable->FreeMemberPoolTabLock);
+
+       insertTailList(&pMulticastFilterTable->freeEntryList, (PLIST_ENTRY)pEntry);
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->FreeMemberPoolTabLock);
+}
+
+static VOID IGMPTableDisplay(
+       IN PRTMP_ADAPTER pAd);
+
+static BOOLEAN isIgmpMacAddr(
+       IN PUCHAR pMacAddr);
+
+static VOID InsertIgmpMember(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList,
+       IN PUCHAR pMemberAddr);
+
+static VOID DeleteIgmpMember(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList,
+       IN PUCHAR pMemberAddr);
+
+static VOID DeleteIgmpMemberList(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList);
+
+
+/*
+    ==========================================================================
+    Description:
+        This routine init the entire IGMP table.
+    ==========================================================================
+ */
+VOID MulticastFilterTableInit(
+       IN PMULTICAST_FILTER_TABLE *ppMulticastFilterTable)
+{
+       // Initialize MAC table and allocate spin lock
+       *ppMulticastFilterTable = kmalloc(sizeof(MULTICAST_FILTER_TABLE), MEM_ALLOC_FLAG);
+       if (*ppMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s unable to alloc memory for Multicase filter table, size=%d\n",
+                       __FUNCTION__, sizeof(MULTICAST_FILTER_TABLE)));
+               return;
+       }
+
+       NdisZeroMemory(*ppMulticastFilterTable, sizeof(MULTICAST_FILTER_TABLE));
+       NdisAllocateSpinLock(&((*ppMulticastFilterTable)->MulticastFilterTabLock));
+
+       NdisAllocateSpinLock(&((*ppMulticastFilterTable)->FreeMemberPoolTabLock));
+       initList(&((*ppMulticastFilterTable)->freeEntryList));
+       initFreeEntryList(*ppMulticastFilterTable, &((*ppMulticastFilterTable)->freeEntryList));
+       return;
+}
+
+/*
+    ==========================================================================
+    Description:
+        This routine reset the entire IGMP table.
+    ==========================================================================
+ */
+VOID MultiCastFilterTableReset(
+       IN PMULTICAST_FILTER_TABLE *ppMulticastFilterTable)
+{
+       if(*ppMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Multicase filter table is not ready.\n", __FUNCTION__));
+               return;
+       }
+
+       NdisFreeSpinLock(&((*ppMulticastFilterTable)->FreeMemberPoolTabLock));
+       NdisFreeSpinLock(&((*ppMulticastFilterTable)->MulticastFilterTabLock));
+       kfree(*ppMulticastFilterTable);
+       *ppMulticastFilterTable = NULL;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Display all entrys in IGMP table
+    ==========================================================================
+ */
+static VOID IGMPTableDisplay(
+       IN PRTMP_ADAPTER pAd)
+{
+       int i;
+       MULTICAST_FILTER_TABLE_ENTRY *pEntry = NULL;
+       PMULTICAST_FILTER_TABLE pMulticastFilterTable = pAd->pMulticastFilterTable;
+
+       if (pMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_OFF, ("%s Multicase filter table is not ready.\n", __FUNCTION__));
+               return;
+       }
+
+       // if FULL, return
+       if (pMulticastFilterTable->Size == 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Table empty.\n"));
+               return;
+       }
+
+       // allocate one MAC entry
+       RTMP_SEM_LOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       for (i = 0; i< MAX_LEN_OF_MULTICAST_FILTER_TABLE; i++)
+       {
+               // pick up the first available vacancy
+               if (pMulticastFilterTable->Content[i].Valid == TRUE)
+               {
+                       PMEMBER_ENTRY pMemberEntry = NULL;
+                       pEntry = &pMulticastFilterTable->Content[i];
+
+                       DBGPRINT(RT_DEBUG_OFF, ("IF(%s) entry #%d, type=%s, GrpId=(%02x:%02x:%02x:%02x:%02x:%02x) memberCnt=%d\n",
+                               RTMP_OS_NETDEV_GET_DEVNAME(pEntry->net_dev), i, (pEntry->type==0 ? "static":"dynamic"),
+                               PRINT_MAC(pEntry->Addr), IgmpMemberCnt(&pEntry->MemberList)));
+
+                       pMemberEntry = (PMEMBER_ENTRY)pEntry->MemberList.pHead;
+                       while (pMemberEntry)
+                       {
+                               DBGPRINT(RT_DEBUG_OFF, ("member mac=(%02x:%02x:%02x:%02x:%02x:%02x)\n",
+                                                                               PRINT_MAC(pMemberEntry->Addr)));
+
+                               pMemberEntry = pMemberEntry->pNext;
+                       }
+               }
+       }
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       return;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Add and new entry into MAC table
+    ==========================================================================
+ */
+BOOLEAN MulticastFilterTableInsertEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pGrpId,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV dev,
+       IN MulticastFilterEntryType type)
+{
+       UCHAR HashIdx;
+       int i;
+       MULTICAST_FILTER_TABLE_ENTRY *pEntry = NULL, *pCurrEntry, *pPrevEntry;
+       PMEMBER_ENTRY pMemberEntry;
+       PMULTICAST_FILTER_TABLE pMulticastFilterTable = pAd->pMulticastFilterTable;
+
+       if (pMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Multicase filter table is not ready.\n", __FUNCTION__));
+               return FALSE;
+       }
+
+       // if FULL, return
+       if (pMulticastFilterTable->Size >= MAX_LEN_OF_MULTICAST_FILTER_TABLE)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Multicase filter table full. max-entries = %d\n",
+                       __FUNCTION__, MAX_LEN_OF_MULTICAST_FILTER_TABLE));
+               return FALSE;
+       }
+
+       // check the rule is in table already or not.
+       if ((pEntry = MulticastFilterTableLookup(pMulticastFilterTable, pGrpId, dev)))
+       {
+               // doesn't indicate member mac address.
+               if(pMemberAddr == NULL)
+               {
+                       return FALSE;
+               }
+
+               pMemberEntry = (PMEMBER_ENTRY)pEntry->MemberList.pHead;
+
+               while (pMemberEntry)
+               {
+                       if (MAC_ADDR_EQUAL(pMemberAddr, pMemberEntry->Addr))
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("%s: already in Members list.\n", __FUNCTION__));
+                               return FALSE;
+                       }
+
+                       pMemberEntry = pMemberEntry->pNext;
+               }
+       }
+
+       RTMP_SEM_LOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+       do
+       {
+               ULONG Now;
+               // the multicast entry already exist but doesn't include the member yet.
+               if (pEntry != NULL && pMemberAddr != NULL)
+               {
+                       InsertIgmpMember(pMulticastFilterTable, &pEntry->MemberList, pMemberAddr);
+                       break;
+               }
+
+               // allocate one MAC entry
+               for (i = 0; i < MAX_LEN_OF_MULTICAST_FILTER_TABLE; i++)
+               {
+                       // pick up the first available vacancy
+                       pEntry = &pMulticastFilterTable->Content[i];
+                       NdisGetSystemUpTime(&Now);
+                       if ((pEntry->Valid == TRUE) && (pEntry->type == MCAT_FILTER_DYNAMIC)
+                               && ((Now - pEntry->lastTime) > IGMPMAC_TB_ENTRY_AGEOUT_TIME))
+                       {
+                               PMULTICAST_FILTER_TABLE_ENTRY pHashEntry;
+
+                               HashIdx = MULTICAST_ADDR_HASH_INDEX(pEntry->Addr);
+                               pHashEntry = pMulticastFilterTable->Hash[HashIdx];
+
+                               if ((pEntry->net_dev == pHashEntry->net_dev)
+                                       && MAC_ADDR_EQUAL(pEntry->Addr, pHashEntry->Addr))
+                               {
+                                       pMulticastFilterTable->Hash[HashIdx] = pHashEntry->pNext;
+                                       pMulticastFilterTable->Size --;
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 1 - Total= %d\n", pMulticastFilterTable->Size));
+                               } else
+                               {
+                                       while (pHashEntry->pNext)
+                                       {
+                                               pPrevEntry = pHashEntry;
+                                               pHashEntry = pHashEntry->pNext;
+                                               if ((pEntry->net_dev == pHashEntry->net_dev)
+                                                       && MAC_ADDR_EQUAL(pEntry->Addr, pHashEntry->Addr))
+                                               {
+                                                       pPrevEntry->pNext = pHashEntry->pNext;
+                                                       pMulticastFilterTable->Size --;
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 2 - Total= %d\n", pMulticastFilterTable->Size));
+                                                       break;
+                                               }
+                                       }
+                               }
+                               pEntry->Valid = FALSE;
+                               DeleteIgmpMemberList(pMulticastFilterTable, &pEntry->MemberList);
+                       }
+
+                       if (pEntry->Valid == FALSE)
+                       {
+                               NdisZeroMemory(pEntry, sizeof(MULTICAST_FILTER_TABLE_ENTRY));
+                               pEntry->Valid = TRUE;
+
+                               COPY_MAC_ADDR(pEntry->Addr, pGrpId);
+                               pEntry->net_dev = dev;
+                               NdisGetSystemUpTime(&Now);
+                               pEntry->lastTime = Now;
+                               pEntry->type = type;
+                               initList(&pEntry->MemberList);
+                               if (pMemberAddr != NULL)
+                                       InsertIgmpMember(pMulticastFilterTable, &pEntry->MemberList, pMemberAddr);
+
+                               pMulticastFilterTable->Size ++;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("MulticastFilterTableInsertEntry -IF(%s) allocate entry #%d, Total= %d\n", RTMP_OS_NETDEV_GET_DEVNAME(dev), i, pMulticastFilterTable->Size));
+                               break;
+                       }
+               }
+
+               // add this MAC entry into HASH table
+               if (pEntry)
+               {
+                       HashIdx = MULTICAST_ADDR_HASH_INDEX(pGrpId);
+                       if (pMulticastFilterTable->Hash[HashIdx] == NULL)
+                       {
+                               pMulticastFilterTable->Hash[HashIdx] = pEntry;
+                       } else
+                       {
+                               pCurrEntry = pMulticastFilterTable->Hash[HashIdx];
+                               while (pCurrEntry->pNext != NULL)
+                                       pCurrEntry = pCurrEntry->pNext;
+                               pCurrEntry->pNext = pEntry;
+                       }
+               }
+       }while(FALSE);
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Delete a specified client from MAC table
+    ==========================================================================
+ */
+BOOLEAN MulticastFilterTableDeleteEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pGrpId,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV dev)
+{
+       USHORT HashIdx;
+       MULTICAST_FILTER_TABLE_ENTRY *pEntry, *pPrevEntry;
+       PMULTICAST_FILTER_TABLE pMulticastFilterTable = pAd->pMulticastFilterTable;
+       USHORT Aid = MCAST_WCID;
+       SST     Sst = SST_ASSOC;
+       UCHAR PsMode = PWR_ACTIVE, Rate;
+
+       if (pMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Multicase filter table is not ready.\n", __FUNCTION__));
+               return FALSE;
+       }
+
+       RTMP_SEM_LOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       do
+       {
+               HashIdx = MULTICAST_ADDR_HASH_INDEX(pGrpId);
+               pPrevEntry = pEntry = pMulticastFilterTable->Hash[HashIdx];
+
+               while (pEntry && pEntry->Valid)
+               {
+                       if ((pEntry->net_dev ==  dev)
+                               && MAC_ADDR_EQUAL(pEntry->Addr, pGrpId))
+                               break;
+                       else
+                       {
+                               pPrevEntry = pEntry;
+                               pEntry = pEntry->pNext;
+                       }
+               }
+
+               // check the rule is in table already or not.
+               if (pEntry && (pMemberAddr != NULL))
+               {
+                       if(APSsPsInquiry(pAd, pMemberAddr, &Sst, &Aid, &PsMode, &Rate))
+                               DeleteIgmpMember(pMulticastFilterTable, &pEntry->MemberList, pMemberAddr);
+                       if (IgmpMemberCnt(&pEntry->MemberList) > 0)
+                               break;
+               }
+
+               if (pEntry)
+               {
+                       if (pEntry == pMulticastFilterTable->Hash[HashIdx])
+                       {
+                               pMulticastFilterTable->Hash[HashIdx] = pEntry->pNext;
+                               DeleteIgmpMemberList(pMulticastFilterTable, &pEntry->MemberList);
+                               NdisZeroMemory(pEntry, sizeof(MULTICAST_FILTER_TABLE_ENTRY));
+                               pMulticastFilterTable->Size --;
+                               DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 1 - Total= %d\n", pMulticastFilterTable->Size));
+                       }
+                       else
+                       {
+                               pPrevEntry->pNext = pEntry->pNext;
+                               DeleteIgmpMemberList(pMulticastFilterTable, &pEntry->MemberList);
+                               NdisZeroMemory(pEntry, sizeof(MULTICAST_FILTER_TABLE_ENTRY));
+                               pMulticastFilterTable->Size --;
+                               DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 2 - Total= %d\n", pMulticastFilterTable->Size));
+                       }
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: the Group doesn't exist.\n", __FUNCTION__));
+               }
+       } while(FALSE);
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Look up the MAC address in the IGMP table. Return NULL if not found.
+    Return:
+        pEntry - pointer to the MAC entry; NULL is not found
+    ==========================================================================
+*/
+PMULTICAST_FILTER_TABLE_ENTRY MulticastFilterTableLookup(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PUCHAR pAddr,
+       IN PNET_DEV dev)
+{
+       ULONG HashIdx, Now;
+       PMULTICAST_FILTER_TABLE_ENTRY pEntry = NULL, pPrev = NULL;
+
+       if (pMulticastFilterTable == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Multicase filter table is not ready.\n", __FUNCTION__));
+               return NULL;
+       }
+
+       RTMP_SEM_LOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       HashIdx = MULTICAST_ADDR_HASH_INDEX(pAddr);
+       pEntry = pPrev = pMulticastFilterTable->Hash[HashIdx];
+
+       while (pEntry && pEntry->Valid)
+       {
+               if ((pEntry->net_dev ==  dev)
+                       && MAC_ADDR_EQUAL(pEntry->Addr, pAddr))
+               {
+                       NdisGetSystemUpTime(&Now);
+                       pEntry->lastTime = Now;
+                       break;
+               }
+               else
+               {
+                       NdisGetSystemUpTime(&Now);
+                       if ((pEntry->Valid == TRUE) && (pEntry->type == MCAT_FILTER_DYNAMIC)
+                               && RTMP_TIME_AFTER(Now, pEntry->lastTime+IGMPMAC_TB_ENTRY_AGEOUT_TIME))
+                       {
+                               // Remove the aged entry
+                               if (pEntry == pMulticastFilterTable->Hash[HashIdx])
+                               {
+                                       pMulticastFilterTable->Hash[HashIdx] = pEntry->pNext;
+                                       pPrev = pMulticastFilterTable->Hash[HashIdx];
+                                       DeleteIgmpMemberList(pMulticastFilterTable, &pEntry->MemberList);
+                                       NdisZeroMemory(pEntry, sizeof(MULTICAST_FILTER_TABLE_ENTRY));
+                                       pMulticastFilterTable->Size --;
+                                       pEntry = pPrev;
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 2 - Total= %d\n", pMulticastFilterTable->Size));
+                               }
+                               else
+                               {
+                                       pPrev->pNext = pEntry->pNext;
+                                       DeleteIgmpMemberList(pMulticastFilterTable, &pEntry->MemberList);
+                                       NdisZeroMemory(pEntry, sizeof(MULTICAST_FILTER_TABLE_ENTRY));
+                                       pMulticastFilterTable->Size --;
+                                       pEntry = (pPrev == NULL ? NULL: pPrev->pNext);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MCastFilterTableDeleteEntry 2 - Total= %d\n", pMulticastFilterTable->Size));
+                               }
+                       }
+                       else
+                       {
+                               pPrev = pEntry;
+                               pEntry = pEntry->pNext;
+                       }
+               }
+       }
+
+       RTMP_SEM_UNLOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+
+       return pEntry;
+}
+
+VOID IGMPSnooping(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pSrcMacAddr,
+       IN PUCHAR pIpHeader,
+       IN PNET_DEV pDev)
+{
+       INT i;
+       INT IpHeaderLen;
+       UCHAR GroupType;
+       UINT16 numOfGroup;
+       UCHAR IgmpVerType;
+       PUCHAR pIgmpHeader;
+       PUCHAR pGroup;
+       UCHAR AuxDataLen;
+       UINT16 numOfSources;
+       PUCHAR pGroupIpAddr;
+       UCHAR GroupMacAddr[6];
+       PUCHAR pGroupMacAddr = (PUCHAR)&GroupMacAddr;
+
+       if(isIgmpPkt(pDstMacAddr, pIpHeader))
+       {
+               IpHeaderLen = (*(pIpHeader + 2) & 0x0f) * 4;
+               pIgmpHeader = pIpHeader + 2 + IpHeaderLen;
+               IgmpVerType = (UCHAR)(*(pIgmpHeader));
+
+               DBGPRINT(RT_DEBUG_TRACE, ("IGMP type=%0x\n", IgmpVerType));
+
+               switch(IgmpVerType)
+               {
+               case IGMP_V1_MEMBERSHIP_REPORT: // IGMP version 1 membership report.
+               case IGMP_V2_MEMBERSHIP_REPORT: // IGMP version 2 membership report.
+                       pGroupIpAddr = (PUCHAR)(pIgmpHeader + 4);
+                               ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IP);
+                       DBGPRINT(RT_DEBUG_TRACE, ("IGMP Group=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                               GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+                       MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                       break;
+
+               case IGMP_LEAVE_GROUP: // IGMP version 1 and version 2 leave group.
+                       pGroupIpAddr = (PUCHAR)(pIgmpHeader + 4);
+                               ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IP);
+                       DBGPRINT(RT_DEBUG_TRACE, ("IGMP Group=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                               GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+                       MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                       break;
+
+               case IGMP_V3_MEMBERSHIP_REPORT: // IGMP version 3 membership report.
+                       numOfGroup = ntohs(*((UINT16 *)(pIgmpHeader + 6)));
+                       pGroup = (PUCHAR)(pIgmpHeader + 8);
+                       for (i=0; i < numOfGroup; i++)
+                       {
+                               GroupType = (UCHAR)(*pGroup);
+                               AuxDataLen = (UCHAR)(*(pGroup + 1));
+                               numOfSources = ntohs(*((UINT16 *)(pGroup + 2)));
+                               pGroupIpAddr = (PUCHAR)(pGroup + 4);
+                               DBGPRINT(RT_DEBUG_TRACE, ("IGMPv3 Type=%d, ADL=%d, numOfSource=%d\n", GroupType, AuxDataLen, numOfSources));
+                                       ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IP);
+                               DBGPRINT(RT_DEBUG_TRACE, ("IGMP Group=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                       GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+
+                               do
+                               {
+                                       if((GroupType == MODE_IS_EXCLUDE) || (GroupType == CHANGE_TO_EXCLUDE_MODE) || (GroupType == ALLOW_NEW_SOURCES))
+                                       {
+                                               MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                                               break;
+                                       }
+
+                                       if((GroupType == MODE_IS_INCLUDE) || (GroupType == BLOCK_OLD_SOURCES))
+                                       {
+                                               MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                                               break;
+                                       }
+
+                                       if((GroupType == CHANGE_TO_INCLUDE_MODE))
+                                       {
+                                               if(numOfSources == 0)
+                                                       MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                                               else
+                                                       MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                                               break;
+                                       }
+                               } while(FALSE);
+                               pGroup += (8 + (numOfSources * 4) + AuxDataLen);
+                       }
+                       break;
+
+               default:
+                       DBGPRINT(RT_DEBUG_TRACE, ("unknow IGMP Type=%d\n", IgmpVerType));
+                       break;
+               }
+       }
+
+       return;
+}
+
+
+static BOOLEAN isIgmpMacAddr(
+       IN PUCHAR pMacAddr)
+{
+       if((pMacAddr[0] == 0x01)
+               && (pMacAddr[1] == 0x00)
+               && (pMacAddr[2] == 0x5e))
+               return TRUE;
+       return FALSE;
+}
+
+BOOLEAN isIgmpPkt(
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pIpHeader)
+{
+       UINT16 IpProtocol = ntohs(*((UINT16 *)(pIpHeader)));
+       UCHAR IgmpProtocol;
+
+       if(!isIgmpMacAddr(pDstMacAddr))
+               return FALSE;
+
+       if(IpProtocol == ETH_P_IP)
+       {
+               IgmpProtocol = (UCHAR)*(pIpHeader + 11);
+               if(IgmpProtocol == IGMP_PROTOCOL_DESCRIPTOR)
+                               return TRUE;
+       }
+
+       return FALSE;
+}
+
+static VOID InsertIgmpMember(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList,
+       IN PUCHAR pMemberAddr)
+{
+       PMEMBER_ENTRY pMemberEntry;
+
+       if(pList == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: membert list doesn't exist.\n", __FUNCTION__));
+               return;
+       }
+
+       if (pMemberAddr == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: invalid member.\n", __FUNCTION__));
+               return;
+       }
+
+       if((pMemberEntry = (PMEMBER_ENTRY)AllocaGrpMemberEntry(pMulticastFilterTable)) != NULL)
+       {
+               NdisZeroMemory(pMemberEntry, sizeof(MEMBER_ENTRY));
+               COPY_MAC_ADDR(pMemberEntry->Addr, pMemberAddr);
+               insertTailList(pList, (PLIST_ENTRY)pMemberEntry);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("%s Member Mac=%02x:%02x:%02x:%02x:%02x:%02x\n", __FUNCTION__,
+                       pMemberEntry->Addr[0], pMemberEntry->Addr[1], pMemberEntry->Addr[2],
+                       pMemberEntry->Addr[3], pMemberEntry->Addr[4], pMemberEntry->Addr[5]));
+       }
+       return;
+}
+
+static VOID DeleteIgmpMember(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList,
+       IN PUCHAR pMemberAddr)
+{
+       PMEMBER_ENTRY pCurEntry;
+
+       if((pList == NULL) || (pList->pHead == NULL))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: membert list doesn't exist.\n", __FUNCTION__));
+               return;
+       }
+
+       if (pMemberAddr == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: invalid member.\n", __FUNCTION__));
+               return;
+       }
+
+       pCurEntry = (PMEMBER_ENTRY)pList->pHead;
+       while (pCurEntry)
+       {
+               if(MAC_ADDR_EQUAL(pMemberAddr, pCurEntry->Addr))
+               {
+                       delEntryList(pList, (PLIST_ENTRY)pCurEntry);
+                       FreeGrpMemberEntry(pMulticastFilterTable, pCurEntry);
+                       break;
+               }
+               pCurEntry = pCurEntry->pNext;
+       }
+
+       return;
+}
+
+static VOID DeleteIgmpMemberList(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PLIST_HEADER pList)
+{
+       PMEMBER_ENTRY pCurEntry, pPrvEntry;
+
+       if((pList == NULL) || (pList->pHead == NULL))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: membert list doesn't exist.\n", __FUNCTION__));
+               return;
+       }
+
+       pPrvEntry = pCurEntry = (PMEMBER_ENTRY)pList->pHead;
+       while (pCurEntry)
+       {
+               delEntryList(pList, (PLIST_ENTRY)pCurEntry);
+               pPrvEntry = pCurEntry;
+               pCurEntry = pCurEntry->pNext;
+               FreeGrpMemberEntry(pMulticastFilterTable, pPrvEntry);
+       }
+
+       initList(pList);
+       return;
+}
+
+
+UCHAR IgmpMemberCnt(
+       IN PLIST_HEADER pList)
+{
+       if(pList == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: membert list doesn't exist.\n", __FUNCTION__));
+               return 0;
+       }
+
+       return getListSize(pList);
+}
+
+VOID IgmpGroupDelMembers(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV pDev)
+{
+       INT i;
+       MULTICAST_FILTER_TABLE_ENTRY *pEntry = NULL;
+       PMULTICAST_FILTER_TABLE pMulticastFilterTable = pAd->pMulticastFilterTable;
+
+       for (i = 0; i < MAX_LEN_OF_MULTICAST_FILTER_TABLE; i++)
+       {
+               // pick up the first available vacancy
+               pEntry = &pMulticastFilterTable->Content[i];
+               if (pEntry->Valid == TRUE)
+               {
+                       if(pMemberAddr != NULL)
+                       {
+                               RTMP_SEM_LOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+                               DeleteIgmpMember(pMulticastFilterTable, &pEntry->MemberList, pMemberAddr);
+                               RTMP_SEM_UNLOCK(&pMulticastFilterTable->MulticastFilterTabLock);
+                       }
+
+                       if((pEntry->type == MCAT_FILTER_DYNAMIC)
+                               && (IgmpMemberCnt(&pEntry->MemberList) == 0))
+                               MulticastFilterTableDeleteEntry(pAd, pEntry->Addr, pMemberAddr, pDev);
+               }
+       }
+}
+
+INT Set_IgmpSn_Enable_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       UINT Enable;
+       POS_COOKIE pObj;
+       UCHAR ifIndex;
+       PNET_DEV pDev;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+       ifIndex = pObj->ioctl_if;
+
+       pDev = (ifIndex == MAIN_MBSSID) ? (pAd->net_dev) : (pAd->ApCfg.MBSSID[ifIndex].MSSIDDev);
+       Enable = (UINT) simple_strtol(arg, 0, 10);
+
+       pAd->ApCfg.MBSSID[ifIndex].IgmpSnoopEnable = (BOOLEAN)(Enable == 0 ? 0 : 1);
+       DBGPRINT(RT_DEBUG_TRACE, ("%s::(%s) %s\n", __FUNCTION__, RTMP_OS_NETDEV_GET_DEVNAME(pDev), Enable == TRUE ? "Enable IGMP Snooping":"Disable IGMP Snooping"));
+
+       return TRUE;
+}
+
+INT Set_IgmpSn_AddEntry_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       INT i;
+       BOOLEAN bGroupId = 1;
+       PSTRING value;
+       PSTRING thisChar;
+       UCHAR IpAddr[4];
+       UCHAR Addr[ETH_LENGTH_OF_ADDRESS];
+       UCHAR GroupId[ETH_LENGTH_OF_ADDRESS];
+       PUCHAR *pAddr = (PUCHAR *)&Addr;
+       PNET_DEV pDev;
+       POS_COOKIE pObj;
+       UCHAR ifIndex;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+       ifIndex = pObj->ioctl_if;
+
+       pDev = (ifIndex == MAIN_MBSSID) ? (pAd->net_dev) : (pAd->ApCfg.MBSSID[ifIndex].MSSIDDev);
+
+       while ((thisChar = strsep((char **)&arg, "-")) != NULL)
+       {
+               // refuse the Member if it's not a MAC address.
+               if((bGroupId == 0) && (strlen(thisChar) != 17))
+                       continue;
+
+               if(strlen(thisChar) == 17)  //Mac address acceptable format 01:02:03:04:05:06 length 17
+               {
+                       for (i=0, value = rstrtok(thisChar,":"); value; value = rstrtok(NULL,":"))
+                       {
+                               if((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))) )
+                                       return FALSE;  //Invalid
+
+                               AtoH(value, &Addr[i++], 1);
+                       }
+
+                       if(i != 6)
+                               return FALSE;  //Invalid
+               }
+               else
+               {
+                       for (i=0, value = rstrtok(thisChar,"."); value; value = rstrtok(NULL,"."))
+                       {
+                               if((strlen(value) > 0) && (strlen(value) <= 3))
+                               {
+                                       int ii;
+                                       for(ii=0; ii<strlen(value); ii++)
+                                               if (!isxdigit(*(value + ii)))
+                                                       return FALSE;
+                               }
+                               else
+                                       return FALSE;  //Invalid
+
+                               IpAddr[i] = (UCHAR)simple_strtol(value, NULL, 10);
+                               i++;
+                       }
+
+                       if(i != 4)
+                               return FALSE;  //Invalid
+
+                       ConvertMulticastIP2MAC(IpAddr, (PUCHAR *)&pAddr, ETH_P_IP);
+               }
+
+               if(bGroupId == 1)
+                       COPY_MAC_ADDR(GroupId, Addr);
+
+               // Group-Id must be a MCAST address.
+               if((bGroupId == 1) && IS_MULTICAST_MAC_ADDR(Addr))
+                       MulticastFilterTableInsertEntry(pAd, GroupId, NULL, pDev, MCAT_FILTER_STATIC);
+               // Group-Member must be a UCAST address.
+               else if ((bGroupId == 0) && !IS_MULTICAST_MAC_ADDR(Addr))
+                       MulticastFilterTableInsertEntry(pAd, GroupId, Addr, pDev, MCAT_FILTER_STATIC);
+               else
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("%s (%2X:%2X:%2X:%2X:%2X:%2X) is not a acceptable address.\n",
+                               __FUNCTION__, Addr[0], Addr[1], Addr[2], Addr[3], Addr[4], Addr[5]));
+                       return FALSE;
+               }
+
+               bGroupId = 0;
+               DBGPRINT(RT_DEBUG_TRACE, ("%s (%2X:%2X:%2X:%2X:%2X:%2X)\n",
+                       __FUNCTION__, Addr[0], Addr[1], Addr[2], Addr[3], Addr[4], Addr[5]));
+
+       }
+
+       return TRUE;
+}
+
+INT Set_IgmpSn_DelEntry_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       INT i, memberCnt = 0;
+       BOOLEAN bGroupId = 1;
+       PSTRING value;
+       PSTRING thisChar;
+       UCHAR IpAddr[4];
+       UCHAR Addr[ETH_LENGTH_OF_ADDRESS];
+       UCHAR GroupId[ETH_LENGTH_OF_ADDRESS];
+       PUCHAR *pAddr = (PUCHAR *)&Addr;
+       PNET_DEV pDev;
+       POS_COOKIE pObj;
+       UCHAR ifIndex;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+       ifIndex = pObj->ioctl_if;
+
+       pDev = (ifIndex == MAIN_MBSSID) ? (pAd->net_dev) : (pAd->ApCfg.MBSSID[ifIndex].MSSIDDev);
+
+       while ((thisChar = strsep((char **)&arg, "-")) != NULL)
+       {
+               // refuse the Member if it's not a MAC address.
+               if((bGroupId == 0) && (strlen(thisChar) != 17))
+                       continue;
+
+               if(strlen(thisChar) == 17)  //Mac address acceptable format 01:02:03:04:05:06 length 17
+               {
+                       for (i=0, value = rstrtok(thisChar,":"); value; value = rstrtok(NULL,":"))
+                       {
+                               if((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))) )
+                                       return FALSE;  //Invalid
+
+                               AtoH(value, &Addr[i++], 1);
+                       }
+
+                       if(i != 6)
+                               return FALSE;  //Invalid
+               }
+               else
+               {
+                       for (i=0, value = rstrtok(thisChar,"."); value; value = rstrtok(NULL,"."))
+                       {
+                               if((strlen(value) > 0) && (strlen(value) <= 3))
+                               {
+                                       int ii;
+                                       for(ii=0; ii<strlen(value); ii++)
+                                               if (!isxdigit(*(value + ii)))
+                                                       return FALSE;
+                               }
+                               else
+                                       return FALSE;  //Invalid
+
+                               IpAddr[i] = (UCHAR)simple_strtol(value, NULL, 10);
+                               i++;
+                       }
+
+                       if(i != 4)
+                               return FALSE;  //Invalid
+
+                       ConvertMulticastIP2MAC(IpAddr, (PUCHAR *)&pAddr, ETH_P_IP);
+               }
+
+               if(bGroupId == 1)
+                       COPY_MAC_ADDR(GroupId, Addr);
+               else
+                       memberCnt++;
+
+               if (memberCnt > 0 )
+                       MulticastFilterTableDeleteEntry(pAd, (PUCHAR)GroupId, Addr, pDev);
+
+               bGroupId = 0;
+       }
+
+       if(memberCnt == 0)
+               MulticastFilterTableDeleteEntry(pAd, (PUCHAR)GroupId, NULL, pDev);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s (%2X:%2X:%2X:%2X:%2X:%2X)\n",
+               __FUNCTION__, Addr[0], Addr[1], Addr[2], Addr[3], Addr[4], Addr[5]));
+
+       return TRUE;
+}
+
+INT Set_IgmpSn_TabDisplay_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg)
+{
+       IGMPTableDisplay(pAd);
+       return TRUE;
+}
+
+void rtmp_read_igmp_snoop_from_file(
+       IN  PRTMP_ADAPTER pAd,
+       PSTRING tmpbuf,
+       PSTRING buffer)
+{
+       PSTRING         macptr;
+       INT                     i=0;
+
+       //IgmpSnEnable
+       if(RTMPGetKeyParameter("IgmpSnEnable", tmpbuf, 128, buffer, TRUE))
+       {
+               for (i = 0, macptr = rstrtok(tmpbuf,";"); (macptr && i < pAd->ApCfg.BssidNum); macptr = rstrtok(NULL,";"), i++)
+               {
+                       if ((strncmp(macptr, "0", 1) == 0))
+                               pAd->ApCfg.MBSSID[i].IgmpSnoopEnable = FALSE;
+                       else if ((strncmp(macptr, "1", 1) == 0))
+                               pAd->ApCfg.MBSSID[i].IgmpSnoopEnable = TRUE;
+               else
+                               pAd->ApCfg.MBSSID[i].IgmpSnoopEnable = FALSE;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MBSSID[%d].Enable=%d\n", i, pAd->ApCfg.MBSSID[i].IgmpSnoopEnable));
+           }
+       }
+}
+
+NDIS_STATUS IgmpPktInfoQuery(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pSrcBufVA,
+       IN PNDIS_PACKET pPacket,
+       IN UCHAR apidx,
+       OUT BOOLEAN *pInIgmpGroup,
+       OUT PMULTICAST_FILTER_TABLE_ENTRY *ppGroupEntry)
+{
+       if(IS_MULTICAST_MAC_ADDR(pSrcBufVA))
+       {
+               BOOLEAN IgmpMldPkt = FALSE;
+               PUCHAR pIpHeader = pSrcBufVA + 12;
+
+               if(ntohs(*((UINT16 *)(pIpHeader))) == ETH_P_IPV6)
+                       IgmpMldPkt = isMldPkt(pSrcBufVA, pIpHeader, NULL, NULL);
+               else
+                       IgmpMldPkt = isIgmpPkt(pSrcBufVA, pIpHeader);
+
+               if (IgmpMldPkt)
+               {
+                       *ppGroupEntry = NULL;
+               }
+               else if ((*ppGroupEntry = MulticastFilterTableLookup(pAd->pMulticastFilterTable, pSrcBufVA,
+                                                                       pAd->ApCfg.MBSSID[apidx].MSSIDDev)) == NULL)
+               {
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                       return NDIS_STATUS_FAILURE;
+               }
+               *pInIgmpGroup = TRUE;
+       }
+       else if (IS_BROADCAST_MAC_ADDR(pSrcBufVA))
+       {
+               PUCHAR pDstIpAddr = pSrcBufVA + 30; // point to Destination of Ip address of IP header.
+               UCHAR GroupMacAddr[6];
+               PUCHAR pGroupMacAddr = (PUCHAR)&GroupMacAddr;
+
+               ConvertMulticastIP2MAC(pDstIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IP);
+               if ((*ppGroupEntry = MulticastFilterTableLookup(pAd->pMulticastFilterTable, pGroupMacAddr,
+                                                               pAd->ApCfg.MBSSID[apidx].MSSIDDev)) != NULL)
+               {
+                       *pInIgmpGroup = TRUE;
+               }
+       }
+       return NDIS_STATUS_SUCCESS;
+}
+
+NDIS_STATUS IgmpPktClone(
+       IN PRTMP_ADAPTER pAd,
+       IN PNDIS_PACKET pPacket,
+       IN UCHAR QueIdx,
+       IN PMULTICAST_FILTER_TABLE_ENTRY pGroupEntry)
+{
+       PNDIS_PACKET pSkbClone = NULL;
+       PMEMBER_ENTRY pMemberEntry = (PMEMBER_ENTRY)pGroupEntry->MemberList.pHead;
+       MAC_TABLE_ENTRY *pMacEntry = NULL;
+       USHORT Aid;
+       SST     Sst = SST_ASSOC;
+       UCHAR PsMode = PWR_ACTIVE;
+       UCHAR Rate;
+       unsigned long IrqFlags;
+
+       // check all members of the IGMP group.
+       while(pMemberEntry != NULL)
+       {
+               pMacEntry = APSsPsInquiry(pAd, pMemberEntry->Addr, &Sst, &Aid, &PsMode, &Rate);
+
+               if (pMacEntry && (Sst == SST_ASSOC) && (PsMode != PWR_SAVE))
+               {
+               pSkbClone = skb_clone(RTPKT_TO_OSPKT(pPacket), MEM_ALLOC_FLAG);
+               if(pSkbClone)
+               {
+                               RTMP_SET_PACKET_WCID(pSkbClone, (UCHAR)Aid);
+                               // Pkt type must set to PKTSRC_NDIS.
+                               // It cause of the deason that APHardTransmit()
+                               // doesn't handle PKTSRC_DRIVER pkt type in version 1.3.0.0.
+                               RTMP_SET_PACKET_SOURCE(pSkbClone, PKTSRC_NDIS);
+                       }
+                       else
+                       {
+                               pMemberEntry = pMemberEntry->pNext;
+                               continue;
+                       }
+
+                       // insert the pkt to TxSwQueue.
+                       if (pAd->TxSwQueue[QueIdx].Number >= MAX_PACKETS_IN_QUEUE)
+                       {
+#ifdef BLOCK_NET_IF
+                               StopNetIfQueue(pAd, QueIdx, pSkbClone);
+#endif // BLOCK_NET_IF //
+                               RELEASE_NDIS_PACKET(pAd, pSkbClone, NDIS_STATUS_FAILURE);
+                               return NDIS_STATUS_FAILURE;
+                       }
+                       else
+                       {
+                               RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+                               InsertTailQueueAc(pAd, pMacEntry, &pAd->TxSwQueue[QueIdx], PACKET_TO_QUEUE_ENTRY(pSkbClone));
+                               RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+                       }
+               }
+               pMemberEntry = pMemberEntry->pNext;
+       }
+       return NDIS_STATUS_SUCCESS;
+}
+
+static inline BOOLEAN isMldMacAddr(
+       IN PUCHAR pMacAddr)
+{
+       return ((pMacAddr[0] == 0x33) && (pMacAddr[1] == 0x33)) ? TRUE : FALSE;
+}
+
+static inline BOOLEAN IsSupportedMldMsg(
+       IN UINT8 MsgType)
+{
+       BOOLEAN result = FALSE;
+       switch(MsgType)
+       {
+               case MLD_V1_LISTENER_REPORT:
+               case MLD_V1_LISTENER_DONE:
+               case MLD_V2_LISTERNER_REPORT:
+                       result = TRUE;
+                       break;
+               default:
+                       result = FALSE;
+                       break;
+       }
+
+       return result;
+}
+
+BOOLEAN isMldPkt(
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pIpHeader,
+       OUT UINT8 *pProtoType,
+       OUT PUCHAR *pMldHeader)
+{
+       BOOLEAN result = FALSE;
+       UINT16 IpProtocol = ntohs(*((UINT16 *)(pIpHeader)));
+
+       if(!isMldMacAddr(pDstMacAddr))
+               return FALSE;
+
+       if(IpProtocol != ETH_P_IPV6)
+               return FALSE;
+
+       // skip protocol (2 Bytes).
+       pIpHeader += 2;
+       do
+       {
+               PRT_IPV6_HDR pIpv6Hdr = (PRT_IPV6_HDR)(pIpHeader);
+               UINT8 nextProtocol = pIpv6Hdr->nextHdr;
+               UINT32 offset = IPV6_HDR_LEN;
+
+               while(nextProtocol != IPV6_NEXT_HEADER_ICMPV6)
+               {
+                       if(IPv6ExtHdrHandle((RT_IPV6_EXT_HDR *)(pIpHeader + offset), &nextProtocol, &offset) == FALSE)
+                               break;
+               }
+
+               if(nextProtocol == IPV6_NEXT_HEADER_ICMPV6)
+               {
+                       PRT_ICMPV6_HDR pICMPv6Hdr = (PRT_ICMPV6_HDR)(pIpHeader + offset);
+                       if (IsSupportedMldMsg(pICMPv6Hdr->type) == TRUE)
+                       {
+                               if (pProtoType != NULL)
+                                       *pProtoType = pICMPv6Hdr->type;
+                               if (pMldHeader != NULL)
+                                       *pMldHeader = (PUCHAR)pICMPv6Hdr;
+                               result = TRUE;
+                       }
+               }
+       }while(FALSE);
+
+       return result;
+}
+
+/*  MLD v1 messages have the following format:
+       0                   1                   2                   3
+       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |     Type      |     Code      |          Checksum             |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |     Maximum Response Delay    |          Reserved             |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                                                               |
+       +                                                               +
+       |                                                               |
+       +                       Multicast Address                       +
+       |                                                               |
+       +                                                               +
+       |                                                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+/*     Version 3 Membership Report Message
+       0                   1                   2                   3
+       0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |  Type = 143   |    Reserved   |           Checksum            |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |           Reserved            |  Number of Group Records (M)  |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                                                               |
+       .                                                               .
+       .               Multicast Address Record [1]                    .
+       .                                                               .
+       |                                                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                                                               |
+       .                                                               .
+       .               Multicast Address Record [2]                    .
+       .                                                               .
+       |                                                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                               .                               |
+       .                               .                               .
+       |                               .                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |                                                               |
+       .                                                               .
+       .               Multicast Address Record [M]                    .
+       .                                                               .
+       |                                                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+
+
+       where each Group Record has the following internal format:
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+       |  Record Type  |  Aux Data Len |     Number of Sources (N)     |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    *                       Multicast Address                       *
+    |                                                               |
+    *                                                               *
+    |                                                               |
+       +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    *                       Source Address [1]                      *
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    +-                                                             -+
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    *                       Source Address [2]                      *
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    +-                                                             -+
+    .                               .                               .
+    .                               .                               .
+    .                               .                               .
+    +-                                                             -+
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    *                       Source Address [N]                      *
+    |                                                               |
+    *                                                               *
+    |                                                               |
+    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+    |                                                               |
+    .                                                               .
+    .                         Auxiliary Data                        .
+    .                                                               .
+    |                                                               |
+    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
+*/
+
+VOID MLDSnooping(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pSrcMacAddr,
+       IN PUCHAR pIpHeader,
+       IN PNET_DEV pDev)
+{
+       INT i;
+       UCHAR GroupType;
+       UINT16 numOfGroup;
+       PUCHAR pGroup;
+       UCHAR AuxDataLen;
+       UINT16 numOfSources;
+       PUCHAR pGroupIpAddr;
+       UCHAR GroupMacAddr[6];
+       PUCHAR pGroupMacAddr = (PUCHAR)&GroupMacAddr;
+
+       UINT8 MldType;
+       PUCHAR pMldHeader;
+
+       if(isMldPkt(pDstMacAddr, pIpHeader, &MldType, &pMldHeader) == TRUE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("MLD type=%0x\n", MldType));
+
+               switch(MldType)
+               {
+                       case MLD_V1_LISTENER_REPORT:
+                               // skip Type(1 Byte), code(1 Byte), checksum(2 Bytes), Maximum Rsp Delay(2 Bytes), Reserve(2 Bytes).
+                               pGroupIpAddr = (PUCHAR)(pMldHeader + 8);
+                               ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IPV6);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Group Id=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                               GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+                               MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                               break;
+
+                       case MLD_V1_LISTENER_DONE:
+                               // skip Type(1 Byte), code(1 Byte), checksum(2 Bytes), Maximum Rsp Delay(2 Bytes), Reserve(2 Bytes).
+                               pGroupIpAddr = (PUCHAR)(pMldHeader + 8);
+                               ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IPV6);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Group Id=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                               GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+                               MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                               break;
+
+                       case MLD_V2_LISTERNER_REPORT: // IGMP version 3 membership report.
+                               numOfGroup = ntohs(*((UINT16 *)(pMldHeader + 6)));
+                               pGroup = (PUCHAR)(pMldHeader + 8);
+                               for (i=0; i < numOfGroup; i++)
+                               {
+                                       GroupType = (UCHAR)(*pGroup);
+                                       AuxDataLen = (UCHAR)(*(pGroup + 1));
+                                       numOfSources = ntohs(*((UINT16 *)(pGroup + 2)));
+                                       pGroupIpAddr = (PUCHAR)(pGroup + 4);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MLDv2 Type=%d, ADL=%d, numOfSource=%d\n", GroupType, AuxDataLen, numOfSources));
+                                       ConvertMulticastIP2MAC(pGroupIpAddr, (PUCHAR *)&pGroupMacAddr, ETH_P_IPV6);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MLD Group=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                       GroupMacAddr[0], GroupMacAddr[1], GroupMacAddr[2], GroupMacAddr[3], GroupMacAddr[4], GroupMacAddr[5]));
+
+                                       do
+                                       {
+                                               if((GroupType == MODE_IS_EXCLUDE) || (GroupType == CHANGE_TO_EXCLUDE_MODE) || (GroupType == ALLOW_NEW_SOURCES))
+                                               {
+                                                       MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                                                       break;
+                                               }
+
+                                               if((GroupType == MODE_IS_INCLUDE) || (GroupType == BLOCK_OLD_SOURCES))
+                                               {
+                                                       MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                                                       break;
+                                               }
+
+                                               if((GroupType == CHANGE_TO_INCLUDE_MODE))
+                                               {
+                                                       if(numOfSources == 0)
+                                                               MulticastFilterTableDeleteEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev);
+                                                       else
+                                                               MulticastFilterTableInsertEntry(pAd, GroupMacAddr, pSrcMacAddr, pDev, MCAT_FILTER_DYNAMIC);
+                                                       break;
+                                               }
+                                       } while(FALSE);
+                                       // skip 4 Bytes (Record Type, Aux Data Len, Number of Sources) + a IPv6 address.
+                                       pGroup += (4 + IPV6_ADDR_LEN + (numOfSources * 16) + AuxDataLen);
+                               }
+                               break;
+
+                       default:
+                               DBGPRINT(RT_DEBUG_TRACE, ("unknow MLD Type=%d\n", MldType));
+                               break;
+               }
+       }
+
+       return;
+}
+
+
+#endif // IGMP_SNOOP_SUPPORT //
diff --git a/drivers/staging/rt3090/common/mlme.c b/drivers/staging/rt3090/common/mlme.c
new file mode 100644 (file)
index 0000000..1613c04
--- /dev/null
@@ -0,0 +1,6550 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       mlme.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John Chang      2004-08-25              Modify from RT2500 code base
+       John Chang      2004-09-06              modified for RT2600
+*/
+
+#include "../rt_config.h"
+#include <stdarg.h>
+
+UCHAR  CISCO_OUI[] = {0x00, 0x40, 0x96};
+
+UCHAR  WPA_OUI[] = {0x00, 0x50, 0xf2, 0x01};
+UCHAR  RSN_OUI[] = {0x00, 0x0f, 0xac};
+UCHAR  WAPI_OUI[] = {0x00, 0x14, 0x72};
+UCHAR   WME_INFO_ELEM[]  = {0x00, 0x50, 0xf2, 0x02, 0x00, 0x01};
+UCHAR   WME_PARM_ELEM[] = {0x00, 0x50, 0xf2, 0x02, 0x01, 0x01};
+UCHAR  Ccx2QosInfo[] = {0x00, 0x40, 0x96, 0x04};
+UCHAR   RALINK_OUI[]  = {0x00, 0x0c, 0x43};
+UCHAR   BROADCOM_OUI[]  = {0x00, 0x90, 0x4c};
+UCHAR   WPS_OUI[] = {0x00, 0x50, 0xf2, 0x04};
+#ifdef CONFIG_STA_SUPPORT
+#ifdef DOT11_N_SUPPORT
+UCHAR  PRE_N_HT_OUI[]  = {0x00, 0x90, 0x4c};
+#endif // DOT11_N_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+UCHAR RateSwitchTable[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x11, 0x00,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 35, 45,
+    0x03, 0x00,  3, 20, 45,
+    0x04, 0x21,  0, 30, 50,
+    0x05, 0x21,  1, 20, 50,
+    0x06, 0x21,  2, 20, 50,
+    0x07, 0x21,  3, 15, 50,
+    0x08, 0x21,  4, 15, 30,
+    0x09, 0x21,  5, 10, 25,
+    0x0a, 0x21,  6,  8, 25,
+    0x0b, 0x21,  7,  8, 25,
+    0x0c, 0x20, 12,  15, 30,
+    0x0d, 0x20, 13,  8, 20,
+    0x0e, 0x20, 14,  8, 20,
+    0x0f, 0x20, 15,  8, 25,
+    0x10, 0x22, 15,  8, 25,
+    0x11, 0x00,  0,  0,  0,
+    0x12, 0x00,  0,  0,  0,
+    0x13, 0x00,  0,  0,  0,
+    0x14, 0x00,  0,  0,  0,
+    0x15, 0x00,  0,  0,  0,
+    0x16, 0x00,  0,  0,  0,
+    0x17, 0x00,  0,  0,  0,
+    0x18, 0x00,  0,  0,  0,
+    0x19, 0x00,  0,  0,  0,
+    0x1a, 0x00,  0,  0,  0,
+    0x1b, 0x00,  0,  0,  0,
+    0x1c, 0x00,  0,  0,  0,
+    0x1d, 0x00,  0,  0,  0,
+    0x1e, 0x00,  0,  0,  0,
+    0x1f, 0x00,  0,  0,  0,
+};
+
+UCHAR RateSwitchTable11B[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x04, 0x03,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 35, 45,
+    0x03, 0x00,  3, 20, 45,
+};
+
+UCHAR RateSwitchTable11BG[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0a, 0x00,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 35, 45,
+    0x03, 0x00,  3, 20, 45,
+    0x04, 0x10,  2, 20, 35,
+    0x05, 0x10,  3, 16, 35,
+    0x06, 0x10,  4, 10, 25,
+    0x07, 0x10,  5, 16, 25,
+    0x08, 0x10,  6, 10, 25,
+    0x09, 0x10,  7, 10, 13,
+};
+
+UCHAR RateSwitchTable11G[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x08, 0x00,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x10,  0, 20, 101,
+    0x01, 0x10,  1, 20, 35,
+    0x02, 0x10,  2, 20, 35,
+    0x03, 0x10,  3, 16, 35,
+    0x04, 0x10,  4, 10, 25,
+    0x05, 0x10,  5, 16, 25,
+    0x06, 0x10,  6, 10, 25,
+    0x07, 0x10,  7, 10, 13,
+};
+
+#ifdef DOT11_N_SUPPORT
+UCHAR RateSwitchTable11N1S[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0c, 0x0a,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 25, 45,
+    0x03, 0x21,  0, 20, 35,
+    0x04, 0x21,  1, 20, 35,
+    0x05, 0x21,  2, 20, 35,
+    0x06, 0x21,  3, 15, 35,
+    0x07, 0x21,  4, 15, 30,
+    0x08, 0x21,  5, 10, 25,
+    0x09, 0x21,  6,  8, 14,
+    0x0a, 0x21,  7,  8, 14,
+    0x0b, 0x23,  7,  8, 14,
+};
+
+UCHAR RateSwitchTable11N2S[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0e, 0x0c,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 25, 45,
+    0x03, 0x21,  0, 20, 35,
+    0x04, 0x21,  1, 20, 35,
+    0x05, 0x21,  2, 20, 35,
+    0x06, 0x21,  3, 15, 35,
+    0x07, 0x21,  4, 15, 30,
+    0x08, 0x20, 11, 15, 30,
+    0x09, 0x20, 12, 15, 30,
+    0x0a, 0x20, 13,  8, 20,
+    0x0b, 0x20, 14,  8, 20,
+    0x0c, 0x20, 15,  8, 25,
+    0x0d, 0x22, 15,  8, 15,
+};
+
+UCHAR RateSwitchTable11N3S[] = {
+// Item No.    Mode    Curr-MCS        TrainUp TrainDown       // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0b, 0x00,  0,  0,  0,    // 0x0a, 0x00,  0,  0,  0,      // Initial used item after association
+    0x00, 0x21,  0, 30, 101,
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 15, 50,
+    0x04, 0x21,  4, 15, 30,
+    0x05, 0x20, 11, 15, 30,    // Required by System-Alan @ 20080812
+    0x06, 0x20, 12, 15, 30,    // 0x05, 0x20, 12, 15, 30,
+    0x07, 0x20, 13,  8, 20,    // 0x06, 0x20, 13,  8, 20,
+    0x08, 0x20, 14,  8, 20,    // 0x07, 0x20, 14,  8, 20,
+    0x09, 0x20, 15,  8, 25,    // 0x08, 0x20, 15,  8, 25,
+    0x0a, 0x22, 15,  8, 25,    // 0x09, 0x22, 15,  8, 25,
+};
+
+UCHAR RateSwitchTable11N2SForABand[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0b, 0x09,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x21,  0, 30, 101,
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 15, 50,
+    0x04, 0x21,  4, 15, 30,
+    0x05, 0x21,  5, 15, 30,
+    0x06, 0x20, 12,  15, 30,
+    0x07, 0x20, 13,  8, 20,
+    0x08, 0x20, 14,  8, 20,
+    0x09, 0x20, 15,  8, 25,
+    0x0a, 0x22, 15,  8, 25,
+};
+
+UCHAR RateSwitchTable11N3SForABand[] = { // 3*3
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0b, 0x09,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x21,  0, 30, 101,
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 15, 50,
+    0x04, 0x21,  4, 15, 30,
+    0x05, 0x21,  5, 15, 30,
+    0x06, 0x20, 12,  15, 30,
+    0x07, 0x20, 13,  8, 20,
+    0x08, 0x20, 14,  8, 20,
+    0x09, 0x20, 15,  8, 25,
+    0x0a, 0x22, 15,  8, 25,
+};
+
+UCHAR RateSwitchTable11BGN1S[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0c, 0x0a,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 25, 45,
+    0x03, 0x21,  0, 20, 35,
+    0x04, 0x21,  1, 20, 35,
+    0x05, 0x21,  2, 20, 35,
+    0x06, 0x21,  3, 15, 35,
+    0x07, 0x21,  4, 15, 30,
+    0x08, 0x21,  5, 10, 25,
+    0x09, 0x21,  6,  8, 14,
+    0x0a, 0x21,  7,  8, 14,
+    0x0b, 0x23,  7,  8, 14,
+};
+
+UCHAR RateSwitchTable11BGN2S[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0e, 0x0c,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x00,  0, 40, 101,
+    0x01, 0x00,  1, 40, 50,
+    0x02, 0x00,  2, 25, 45,
+    0x03, 0x21,  0, 20, 35,
+    0x04, 0x21,  1, 20, 35,
+    0x05, 0x21,  2, 20, 35,
+    0x06, 0x21,  3, 15, 35,
+    0x07, 0x21,  4, 15, 30,
+    0x08, 0x20, 11, 15, 30,
+    0x09, 0x20, 12, 15, 30,
+    0x0a, 0x20, 13,  8, 20,
+    0x0b, 0x20, 14,  8, 20,
+    0x0c, 0x20, 15,  8, 25,
+    0x0d, 0x22, 15,  8, 15,
+};
+
+UCHAR RateSwitchTable11BGN3S[] = { // 3*3
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0a, 0x00,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x21,  0, 30,101,    //50
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 20, 50,
+    0x04, 0x21,  4, 15, 50,
+    0x05, 0x20, 20, 15, 30,
+    0x06, 0x20, 21,  8, 20,
+    0x07, 0x20, 22,  8, 20,
+    0x08, 0x20, 23,  8, 25,
+    0x09, 0x22, 23,  8, 25,
+};
+
+UCHAR RateSwitchTable11BGN2SForABand[] = {
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0b, 0x09,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x21,  0, 30,101,    //50
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 15, 50,
+    0x04, 0x21,  4, 15, 30,
+    0x05, 0x21,  5, 15, 30,
+    0x06, 0x20, 12, 15, 30,
+    0x07, 0x20, 13,  8, 20,
+    0x08, 0x20, 14,  8, 20,
+    0x09, 0x20, 15,  8, 25,
+    0x0a, 0x22, 15,  8, 25,
+};
+
+UCHAR RateSwitchTable11BGN3SForABand[] = { // 3*3
+// Item No.   Mode   Curr-MCS   TrainUp   TrainDown            // Mode- Bit0: STBC, Bit1: Short GI, Bit4,5: Mode(0:CCK, 1:OFDM, 2:HT Mix, 3:HT GF)
+    0x0c, 0x09,  0,  0,  0,                                            // Initial used item after association
+    0x00, 0x21,  0, 30,101,    //50
+    0x01, 0x21,  1, 20, 50,
+    0x02, 0x21,  2, 20, 50,
+    0x03, 0x21,  3, 15, 50,
+    0x04, 0x21,  4, 15, 30,
+    0x05, 0x21,  5, 15, 30,
+    0x06, 0x21, 12, 15, 30,
+    0x07, 0x20, 20, 15, 30,
+    0x08, 0x20, 21,  8, 20,
+    0x09, 0x20, 22,  8, 20,
+    0x0a, 0x20, 23,  8, 25,
+    0x0b, 0x22, 23,  8, 25,
+};
+#endif // DOT11_N_SUPPORT //
+
+
+extern UCHAR    OfdmRateToRxwiMCS[];
+// since RT61 has better RX sensibility, we have to limit TX ACK rate not to exceed our normal data TX rate.
+// otherwise the WLAN peer may not be able to receive the ACK thus downgrade its data TX rate
+ULONG BasicRateMask[12]                                = {0xfffff001 /* 1-Mbps */, 0xfffff003 /* 2 Mbps */, 0xfffff007 /* 5.5 */, 0xfffff00f /* 11 */,
+                                                                         0xfffff01f /* 6 */     , 0xfffff03f /* 9 */     , 0xfffff07f /* 12 */ , 0xfffff0ff /* 18 */,
+                                                                         0xfffff1ff /* 24 */    , 0xfffff3ff /* 36 */    , 0xfffff7ff /* 48 */ , 0xffffffff /* 54 */};
+
+UCHAR BROADCAST_ADDR[MAC_ADDR_LEN] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
+UCHAR ZERO_MAC_ADDR[MAC_ADDR_LEN]  = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+
+// e.g. RssiSafeLevelForTxRate[RATE_36]" means if the current RSSI is greater than
+//             this value, then it's quaranteed capable of operating in 36 mbps TX rate in
+//             clean environment.
+//                                                               TxRate: 1   2   5.5   11       6        9    12       18       24   36   48   54       72  100
+CHAR RssiSafeLevelForTxRate[] ={  -92, -91, -90, -87, -88, -86, -85, -83, -81, -78, -72, -71, -40, -40 };
+
+UCHAR  RateIdToMbps[]   = { 1, 2, 5, 11, 6, 9, 12, 18, 24, 36, 48, 54, 72, 100};
+USHORT RateIdTo500Kbps[] = { 2, 4, 11, 22, 12, 18, 24, 36, 48, 72, 96, 108, 144, 200};
+
+UCHAR  SsidIe   = IE_SSID;
+UCHAR  SupRateIe = IE_SUPP_RATES;
+UCHAR  ExtRateIe = IE_EXT_SUPP_RATES;
+#ifdef DOT11_N_SUPPORT
+UCHAR  HtCapIe = IE_HT_CAP;
+UCHAR  AddHtInfoIe = IE_ADD_HT;
+UCHAR  NewExtChanIe = IE_SECONDARY_CH_OFFSET;
+#ifdef DOT11N_DRAFT3
+UCHAR  ExtHtCapIe = IE_EXT_CAPABILITY;
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+UCHAR  ErpIe    = IE_ERP;
+UCHAR  DsIe     = IE_DS_PARM;
+UCHAR  TimIe    = IE_TIM;
+UCHAR  WpaIe    = IE_WPA;
+UCHAR  Wpa2Ie   = IE_WPA2;
+UCHAR  IbssIe   = IE_IBSS_PARM;
+UCHAR  Ccx2Ie   = IE_CCX_V2;
+UCHAR  WapiIe   = IE_WAPI;
+
+extern UCHAR   WPA_OUI[];
+
+UCHAR  SES_OUI[] = {0x00, 0x90, 0x4c};
+
+UCHAR  ZeroSsid[32] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+       0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
+
+
+/*
+       ==========================================================================
+       Description:
+               initialize the MLME task and its data structure (queue, spinlock,
+               timer, state machines).
+
+       IRQL = PASSIVE_LEVEL
+
+       Return:
+               always return NDIS_STATUS_SUCCESS
+
+       ==========================================================================
+*/
+NDIS_STATUS MlmeInit(
+       IN PRTMP_ADAPTER pAd)
+{
+       NDIS_STATUS Status = NDIS_STATUS_SUCCESS;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> MLME Initialize\n"));
+
+       do
+       {
+               Status = MlmeQueueInit(&pAd->Mlme.Queue);
+               if(Status != NDIS_STATUS_SUCCESS)
+                       break;
+
+               pAd->Mlme.bRunning = FALSE;
+               NdisAllocateSpinLock(&pAd->Mlme.TaskLock);
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       BssTableInit(&pAd->ScanTab);
+
+                       // init STA state machines
+                       AssocStateMachineInit(pAd, &pAd->Mlme.AssocMachine, pAd->Mlme.AssocFunc);
+                       AuthStateMachineInit(pAd, &pAd->Mlme.AuthMachine, pAd->Mlme.AuthFunc);
+                       AuthRspStateMachineInit(pAd, &pAd->Mlme.AuthRspMachine, pAd->Mlme.AuthRspFunc);
+                       SyncStateMachineInit(pAd, &pAd->Mlme.SyncMachine, pAd->Mlme.SyncFunc);
+
+#ifdef QOS_DLS_SUPPORT
+                       DlsStateMachineInit(pAd, &pAd->Mlme.DlsMachine, pAd->Mlme.DlsFunc);
+#endif // QOS_DLS_SUPPORT //
+
+
+
+                       // Since we are using switch/case to implement it, the init is different from the above
+                       // state machine init
+                       MlmeCntlInit(pAd, &pAd->Mlme.CntlMachine, NULL);
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+
+               WpaStateMachineInit(pAd, &pAd->Mlme.WpaMachine, pAd->Mlme.WpaFunc);
+
+
+               ActionStateMachineInit(pAd, &pAd->Mlme.ActMachine, pAd->Mlme.ActFunc);
+
+               // Init mlme periodic timer
+               RTMPInitTimer(pAd, &pAd->Mlme.PeriodicTimer, GET_TIMER_FUNCTION(MlmePeriodicExec), pAd, TRUE);
+
+               // Set mlme periodic timer
+               RTMPSetTimer(&pAd->Mlme.PeriodicTimer, MLME_TASK_EXEC_INTV);
+
+               // software-based RX Antenna diversity
+               RTMPInitTimer(pAd, &pAd->Mlme.RxAntEvalTimer, GET_TIMER_FUNCTION(AsicRxAntEvalTimeout), pAd, FALSE);
+
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+#ifdef RTMP_PCI_SUPPORT
+                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+                       {
+                           // only PCIe cards need these two timers
+                               RTMPInitTimer(pAd, &pAd->Mlme.PsPollTimer, GET_TIMER_FUNCTION(PsPollWakeExec), pAd, FALSE);
+                               RTMPInitTimer(pAd, &pAd->Mlme.RadioOnOffTimer, GET_TIMER_FUNCTION(RadioOnExec), pAd, FALSE);
+                       }
+#endif // RTMP_PCI_SUPPORT //
+
+                       RTMPInitTimer(pAd, &pAd->Mlme.LinkDownTimer, GET_TIMER_FUNCTION(LinkDownExec), pAd, FALSE);
+
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+       } while (FALSE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- MLME Initialize\n"));
+
+       return Status;
+}
+
+/*
+       ==========================================================================
+       Description:
+               main loop of the MLME
+       Pre:
+               Mlme has to be initialized, and there are something inside the queue
+       Note:
+               This function is invoked from MPSetInformation and MPReceive;
+               This task guarantee only one MlmeHandler will run.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeHandler(
+       IN PRTMP_ADAPTER pAd)
+{
+       MLME_QUEUE_ELEM            *Elem = NULL;
+#ifdef APCLI_SUPPORT
+       SHORT apcliIfIndex;
+#endif // APCLI_SUPPORT //
+
+       // Only accept MLME and Frame from peer side, no other (control/data) frame should
+       // get into this state machine
+
+       NdisAcquireSpinLock(&pAd->Mlme.TaskLock);
+       if(pAd->Mlme.bRunning)
+       {
+               NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+               return;
+       }
+       else
+       {
+               pAd->Mlme.bRunning = TRUE;
+       }
+       NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+
+       while (!MlmeQueueEmpty(&pAd->Mlme.Queue))
+       {
+               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_MLME_RESET_IN_PROGRESS) ||
+                       RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS) ||
+                       RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Device Halted or Removed or MlmeRest, exit MlmeHandler! (queue num = %ld)\n", pAd->Mlme.Queue.Num));
+                       break;
+               }
+
+#ifdef RALINK_ATE
+               if(ATE_ON(pAd))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("The driver is in ATE mode now in MlmeHandler\n"));
+                       break;
+               }
+#endif // RALINK_ATE //
+
+               //From message type, determine which state machine I should drive
+               if (MlmeDequeue(&pAd->Mlme.Queue, &Elem))
+               {
+
+                       // if dequeue success
+                       switch (Elem->Machine)
+                       {
+                               // STA state machines
+#ifdef CONFIG_STA_SUPPORT
+                               case ASSOC_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.AssocMachine, Elem);
+                                       break;
+                               case AUTH_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.AuthMachine, Elem);
+                                       break;
+                               case AUTH_RSP_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.AuthRspMachine, Elem);
+                                       break;
+                               case SYNC_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.SyncMachine, Elem);
+                                       break;
+                               case MLME_CNTL_STATE_MACHINE:
+                                       MlmeCntlMachinePerformAction(pAd, &pAd->Mlme.CntlMachine, Elem);
+                                       break;
+                               case WPA_PSK_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.WpaPskMachine, Elem);
+                                       break;
+
+#ifdef QOS_DLS_SUPPORT
+                               case DLS_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.DlsMachine, Elem);
+                                       break;
+#endif // QOS_DLS_SUPPORT //
+
+#endif // CONFIG_STA_SUPPORT //
+
+                               case ACTION_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.ActMachine, Elem);
+                                       break;
+
+                               case WPA_STATE_MACHINE:
+                                       StateMachinePerformAction(pAd, &pAd->Mlme.WpaMachine, Elem);
+                                       break;
+
+
+                               default:
+                                       DBGPRINT(RT_DEBUG_TRACE, ("ERROR: Illegal machine %ld in MlmeHandler()\n", Elem->Machine));
+                                       break;
+                       } // end of switch
+
+                       // free MLME element
+                       Elem->Occupied = FALSE;
+                       Elem->MsgLen = 0;
+
+               }
+               else {
+                       DBGPRINT_ERR(("MlmeHandler: MlmeQueue empty\n"));
+               }
+       }
+
+       NdisAcquireSpinLock(&pAd->Mlme.TaskLock);
+       pAd->Mlme.bRunning = FALSE;
+       NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Destructor of MLME (Destroy queue, state machine, spin lock and timer)
+       Parameters:
+               Adapter - NIC Adapter pointer
+       Post:
+               The MLME task will no longer work properly
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeHalt(
+       IN PRTMP_ADAPTER pAd)
+{
+       BOOLEAN           Cancelled;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> MlmeHalt\n"));
+
+       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST))
+       {
+               // disable BEACON generation and other BEACON related hardware timers
+               AsicDisableSync(pAd);
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+#ifdef QOS_DLS_SUPPORT
+               UCHAR           i;
+#endif // QOS_DLS_SUPPORT //
+               // Cancel pending timers
+               RTMPCancelTimer(&pAd->MlmeAux.AssocTimer,               &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer,             &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer,    &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,                &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer,              &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.ScanTimer,                &Cancelled);
+
+
+#ifdef RTMP_MAC_PCI
+           if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)
+                       &&(pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+           {
+                   RTMPCancelTimer(&pAd->Mlme.PsPollTimer,             &Cancelled);
+                   RTMPCancelTimer(&pAd->Mlme.RadioOnOffTimer,         &Cancelled);
+               }
+#endif // RTMP_MAC_PCI //
+
+#ifdef QOS_DLS_SUPPORT
+               for (i=0; i<MAX_NUM_OF_DLS_ENTRY; i++)
+               {
+                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &Cancelled);
+               }
+#endif // QOS_DLS_SUPPORT //
+               RTMPCancelTimer(&pAd->Mlme.LinkDownTimer,               &Cancelled);
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       RTMPCancelTimer(&pAd->Mlme.PeriodicTimer,               &Cancelled);
+       RTMPCancelTimer(&pAd->Mlme.RxAntEvalTimer,              &Cancelled);
+
+
+
+       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST))
+       {
+               RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+
+               // Set LED
+               RTMPSetLED(pAd, LED_HALT);
+               RTMPSetSignalLED(pAd, -100);    // Force signal strength Led to be turned off, firmware is not done it.
+
+               if (pChipOps->AsicHaltAction)
+                       pChipOps->AsicHaltAction(pAd);
+       }
+
+       RTMPusecDelay(5000);    //  5 msec to gurantee Ant Diversity timer canceled
+
+       MlmeQueueDestroy(&pAd->Mlme.Queue);
+       NdisFreeSpinLock(&pAd->Mlme.TaskLock);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== MlmeHalt\n"));
+}
+
+VOID MlmeResetRalinkCounters(
+       IN  PRTMP_ADAPTER   pAd)
+{
+       pAd->RalinkCounters.LastOneSecRxOkDataCnt = pAd->RalinkCounters.OneSecRxOkDataCnt;
+       // clear all OneSecxxx counters.
+       pAd->RalinkCounters.OneSecBeaconSentCnt = 0;
+       pAd->RalinkCounters.OneSecFalseCCACnt = 0;
+       pAd->RalinkCounters.OneSecRxFcsErrCnt = 0;
+       pAd->RalinkCounters.OneSecRxOkCnt = 0;
+       pAd->RalinkCounters.OneSecTxFailCount = 0;
+       pAd->RalinkCounters.OneSecTxNoRetryOkCount = 0;
+       pAd->RalinkCounters.OneSecTxRetryOkCount = 0;
+       pAd->RalinkCounters.OneSecRxOkDataCnt = 0;
+       pAd->RalinkCounters.OneSecReceivedByteCount = 0;
+       pAd->RalinkCounters.OneSecTransmittedByteCount = 0;
+
+       // TODO: for debug only. to be removed
+       pAd->RalinkCounters.OneSecOsTxCount[QID_AC_BE] = 0;
+       pAd->RalinkCounters.OneSecOsTxCount[QID_AC_BK] = 0;
+       pAd->RalinkCounters.OneSecOsTxCount[QID_AC_VI] = 0;
+       pAd->RalinkCounters.OneSecOsTxCount[QID_AC_VO] = 0;
+       pAd->RalinkCounters.OneSecDmaDoneCount[QID_AC_BE] = 0;
+       pAd->RalinkCounters.OneSecDmaDoneCount[QID_AC_BK] = 0;
+       pAd->RalinkCounters.OneSecDmaDoneCount[QID_AC_VI] = 0;
+       pAd->RalinkCounters.OneSecDmaDoneCount[QID_AC_VO] = 0;
+       pAd->RalinkCounters.OneSecTxDoneCount = 0;
+       pAd->RalinkCounters.OneSecRxCount = 0;
+       pAd->RalinkCounters.OneSecTxAggregationCount = 0;
+       pAd->RalinkCounters.OneSecRxAggregationCount = 0;
+
+       return;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               This routine is executed periodically to -
+               1. Decide if it's a right time to turn on PwrMgmt bit of all
+                  outgoiing frames
+               2. Calculate ChannelQuality based on statistics of the last
+                  period, so that TX rate won't toggling very frequently between a
+                  successful TX and a failed TX.
+               3. If the calculated ChannelQuality indicated current connection not
+                  healthy, then a ROAMing attempt is tried here.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+#define ADHOC_BEACON_LOST_TIME         (8*OS_HZ)  // 8 sec
+VOID MlmePeriodicExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       ULONG                   TxTotalCnt;
+       PRTMP_ADAPTER   pAd = (RTMP_ADAPTER *)FunctionContext;
+       SHORT   realavgrssi;
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef RTMP_MAC_PCI
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+           // If Hardware controlled Radio enabled, we have to check GPIO pin2 every 2 second.
+               // Move code to here, because following code will return when radio is off
+               if ((pAd->Mlme.PeriodicRound % (MLME_TASK_EXEC_MULTIPLE * 2) == 0) && (pAd->StaCfg.bHardwareRadio == TRUE) &&
+                       (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)) &&
+                       (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))
+                       /*&&(pAd->bPCIclkOff == FALSE)*/)
+               {
+                       UINT32                          data = 0;
+
+                       // Read GPIO pin2 as Hardware controlled radio state
+#ifndef RT3090
+                       RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &data);
+#endif // RT3090 //
+//KH(PCIE PS):Added based on Jane<--
+#ifdef RT3090
+// Read GPIO pin2 as Hardware controlled radio state
+// We need to Read GPIO if HW said so no mater what advance power saving
+if ((pAd->OpMode == OPMODE_STA) && (IDLE_ON(pAd))
+       && (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF))
+       && (pAd->StaCfg.PSControl.field.EnablePSinIdle == TRUE))
+       {
+       // Want to make sure device goes to L0 state before reading register.
+       RTMPPCIeLinkCtrlValueRestore(pAd, 0);
+       RTMP_IO_FORCE_READ32(pAd, GPIO_CTRL_CFG, &data);
+       RTMPPCIeLinkCtrlSetting(pAd, 3);
+       }
+else
+       RTMP_IO_FORCE_READ32(pAd, GPIO_CTRL_CFG, &data);
+#endif // RT3090 //
+//KH(PCIE PS):Added based on Jane-->
+
+                       if (data & 0x04)
+                       {
+                               pAd->StaCfg.bHwRadio = TRUE;
+                       }
+                       else
+                       {
+                               pAd->StaCfg.bHwRadio = FALSE;
+                       }
+                       if (pAd->StaCfg.bRadio != (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio))
+                       {
+                               pAd->StaCfg.bRadio = (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio);
+                               if (pAd->StaCfg.bRadio == TRUE)
+                               {
+                                       MlmeRadioOn(pAd);
+                                       // Update extra information
+                                       pAd->ExtraInfo = EXTRA_INFO_CLEAR;
+                               }
+                               else
+                               {
+                                       MlmeRadioOff(pAd);
+                                       // Update extra information
+                                       pAd->ExtraInfo = HW_RADIO_OFF;
+                               }
+                       }
+               }
+       }
+#endif // RTMP_MAC_PCI //
+#endif // CONFIG_STA_SUPPORT //
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if ((RTMP_TEST_FLAG(pAd, (fRTMP_ADAPTER_HALT_IN_PROGRESS |
+                                                               fRTMP_ADAPTER_RADIO_OFF |
+                                                               fRTMP_ADAPTER_RADIO_MEASUREMENT |
+                                                               fRTMP_ADAPTER_RESET_IN_PROGRESS))))
+               return;
+
+       RTMP_MLME_PRE_SANITY_CHECK(pAd);
+
+#ifdef RALINK_ATE
+       /* Do not show RSSI until "Normal 1 second Mlme PeriodicExec". */
+       if (ATE_ON(pAd))
+       {
+               if (pAd->Mlme.PeriodicRound % MLME_TASK_EXEC_MULTIPLE != (MLME_TASK_EXEC_MULTIPLE - 1))
+       {
+                       pAd->Mlme.PeriodicRound ++;
+                       return;
+               }
+       }
+#endif // RALINK_ATE //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Do nothing if monitor mode is on
+               if (MONITOR_ON(pAd))
+                       return;
+
+               if (pAd->Mlme.PeriodicRound & 0x1)
+               {
+                       // This is the fix for wifi 11n extension channel overlapping test case.  for 2860D
+                       if (((pAd->MACVersion & 0xffff) == 0x0101) &&
+                               (STA_TGN_WIFI_ON(pAd)) &&
+                               (pAd->CommonCfg.IOTestParm.bToggle == FALSE))
+
+                               {
+                                       RTMP_IO_WRITE32(pAd, TXOP_CTRL_CFG, 0x24Bf);
+                                       pAd->CommonCfg.IOTestParm.bToggle = TRUE;
+                               }
+                               else if ((STA_TGN_WIFI_ON(pAd)) &&
+                                               ((pAd->MACVersion & 0xffff) == 0x0101))
+                               {
+                                       RTMP_IO_WRITE32(pAd, TXOP_CTRL_CFG, 0x243f);
+                                       pAd->CommonCfg.IOTestParm.bToggle = FALSE;
+                               }
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       pAd->bUpdateBcnCntDone = FALSE;
+
+//     RECBATimerTimeout(SystemSpecific1,FunctionContext,SystemSpecific2,SystemSpecific3);
+       pAd->Mlme.PeriodicRound ++;
+
+
+       // execute every 500ms
+       if ((pAd->Mlme.PeriodicRound % 5 == 0) && RTMPAutoRateSwitchCheck(pAd)/*(OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED))*/)
+       {
+#ifdef CONFIG_STA_SUPPORT
+               // perform dynamic tx rate switching based on past TX history
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if ((OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED)
+                                       )
+                               && (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE)))
+                               MlmeDynamicTxRateSwitching(pAd);
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       // Normal 1 second Mlme PeriodicExec.
+       if (pAd->Mlme.PeriodicRound %MLME_TASK_EXEC_MULTIPLE == 0)
+       {
+                pAd->Mlme.OneSecPeriodicRound ++;
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       {
+                       /* request from Baron : move this routine from later to here */
+                       /* for showing Rx error count in ATE RXFRAME */
+            NICUpdateRawCounters(pAd);
+                       if (pAd->ate.bRxFER == 1)
+                       {
+                               pAd->ate.RxTotalCnt += pAd->ate.RxCntPerSec;
+                           ate_print(KERN_EMERG "MlmePeriodicExec: Rx packet cnt = %d/%d\n", pAd->ate.RxCntPerSec, pAd->ate.RxTotalCnt);
+                               pAd->ate.RxCntPerSec = 0;
+
+                               if (pAd->ate.RxAntennaSel == 0)
+                                       ate_print(KERN_EMERG "MlmePeriodicExec: Rx AvgRssi0=%d, AvgRssi1=%d, AvgRssi2=%d\n\n",
+                                               pAd->ate.AvgRssi0, pAd->ate.AvgRssi1, pAd->ate.AvgRssi2);
+                               else
+                                       ate_print(KERN_EMERG "MlmePeriodicExec: Rx AvgRssi=%d\n\n", pAd->ate.AvgRssi0);
+                       }
+                       MlmeResetRalinkCounters(pAd);
+
+
+
+                       return;
+       }
+#endif // RALINK_ATE //
+
+
+
+               //ORIBATimerTimeout(pAd);
+
+               // Media status changed, report to NDIS
+               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_MEDIA_STATE_CHANGE))
+               {
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_MEDIA_STATE_CHANGE);
+                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+                       {
+                               pAd->IndicateMediaState = NdisMediaStateConnected;
+                               RTMP_IndicateMediaState(pAd);
+                       }
+                       else
+                       {
+                               pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                               RTMP_IndicateMediaState(pAd);
+                       }
+               }
+
+               NdisGetSystemUpTime(&pAd->Mlme.Now32);
+
+               // add the most up-to-date h/w raw counters into software variable, so that
+               // the dynamic tuning mechanism below are based on most up-to-date information
+               NICUpdateRawCounters(pAd);
+
+
+#ifdef DOT11_N_SUPPORT
+               // Need statistics after read counter. So put after NICUpdateRawCounters
+               ORIBATimerTimeout(pAd);
+#endif // DOT11_N_SUPPORT //
+
+               // if MGMT RING is full more than twice within 1 second, we consider there's
+               // a hardware problem stucking the TX path. In this case, try a hardware reset
+               // to recover the system
+       //      if (pAd->RalinkCounters.MgmtRingFullCount >= 2)
+       //              RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_HARDWARE_ERROR);
+       //      else
+       //              pAd->RalinkCounters.MgmtRingFullCount = 0;
+
+               // The time period for checking antenna is according to traffic
+#ifdef ANT_DIVERSITY_SUPPORT
+               if ((pAd->NicConfig2.field.AntDiversity) &&
+                       (pAd->CommonCfg.bRxAntDiversity == ANT_DIVERSITY_ENABLE) &&
+                       (!pAd->EepromAccess))
+                       AsicAntennaSelect(pAd, pAd->MlmeAux.Channel);
+               else if(pAd->CommonCfg.bRxAntDiversity == ANT_FIX_ANT1 || pAd->CommonCfg.bRxAntDiversity == ANT_FIX_ANT2)
+               {
+#ifdef CONFIG_STA_SUPPORT
+                       realavgrssi = (pAd->RxAnt.Pair1AvgRssi[pAd->RxAnt.Pair1PrimaryRxAnt] >> 3);
+#endif // CONFIG_STA_SUPPORT //
+                       DBGPRINT(RT_DEBUG_TRACE,("Ant-realrssi0(%d), Lastrssi0(%d), EvaluateStableCnt=%d\n", realavgrssi, pAd->RxAnt.Pair1LastAvgRssi, pAd->RxAnt.EvaluateStableCnt));
+               }
+               else
+#endif // ANT_DIVERSITY_SUPPORT //
+               {
+                       if (pAd->Mlme.bEnableAutoAntennaCheck)
+                       {
+                               TxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount +
+                                                                pAd->RalinkCounters.OneSecTxRetryOkCount +
+                                                                pAd->RalinkCounters.OneSecTxFailCount;
+
+                               // dynamic adjust antenna evaluation period according to the traffic
+                               if (TxTotalCnt > 50)
+                               {
+                                       if (pAd->Mlme.OneSecPeriodicRound % 10 == 0)
+                                       {
+                                               AsicEvaluateRxAnt(pAd);
+                                       }
+                               }
+                               else
+                               {
+                                       if (pAd->Mlme.OneSecPeriodicRound % 3 == 0)
+                                       {
+                                               AsicEvaluateRxAnt(pAd);
+                                       }
+                               }
+                       }
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       STAMlmePeriodicExec(pAd);
+#endif // CONFIG_STA_SUPPORT //
+
+               MlmeResetRalinkCounters(pAd);
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+#ifdef RTMP_MAC_PCI
+                       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST) && (pAd->bPCIclkOff == FALSE))
+#endif // RTMP_MAC_PCI //
+                       {
+                       // When Adhoc beacon is enabled and RTS/CTS is enabled, there is a chance that hardware MAC FSM will run into a deadlock
+                       // and sending CTS-to-self over and over.
+                       // Software Patch Solution:
+                       // 1. Polling debug state register 0x10F4 every one second.
+                       // 2. If in 0x10F4 the ((bit29==1) && (bit7==1)) OR ((bit29==1) && (bit5==1)), it means the deadlock has occurred.
+                       // 3. If the deadlock occurred, reset MAC/BBP by setting 0x1004 to 0x0001 for a while then setting it back to 0x000C again.
+
+                       UINT32  MacReg = 0;
+
+                       RTMP_IO_READ32(pAd, 0x10F4, &MacReg);
+                       if (((MacReg & 0x20000000) && (MacReg & 0x80)) || ((MacReg & 0x20000000) && (MacReg & 0x20)))
+                       {
+                               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x1);
+                               RTMPusecDelay(1);
+                               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0xC);
+
+                               DBGPRINT(RT_DEBUG_WARN,("Warning, MAC specific condition occurs \n"));
+                       }
+               }
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+               RTMP_MLME_HANDLER(pAd);
+       }
+
+
+       pAd->bUpdateBcnCntDone = FALSE;
+}
+
+
+/*
+       ==========================================================================
+       Validate SSID for connection try and rescan purpose
+       Valid SSID will have visible chars only.
+       The valid length is from 0 to 32.
+       IRQL = DISPATCH_LEVEL
+       ==========================================================================
+ */
+BOOLEAN MlmeValidateSSID(
+       IN PUCHAR       pSsid,
+       IN UCHAR        SsidLen)
+{
+       int     index;
+
+       if (SsidLen > MAX_LEN_OF_SSID)
+               return (FALSE);
+
+       // Check each character value
+       for (index = 0; index < SsidLen; index++)
+       {
+               if (pSsid[index] < 0x20)
+                       return (FALSE);
+       }
+
+       // All checked
+       return (TRUE);
+}
+
+VOID MlmeSelectTxRateTable(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PUCHAR                               *ppTable,
+       IN PUCHAR                               pTableSize,
+       IN PUCHAR                               pInitTxRateIdx)
+{
+       do
+       {
+               // decide the rate table for tuning
+               if (pAd->CommonCfg.TxRateTableSize > 0)
+               {
+                       *ppTable = RateSwitchTable;
+                       *pTableSize = RateSwitchTable[0];
+                       *pInitTxRateIdx = RateSwitchTable[1];
+
+                       break;
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               if ((pAd->OpMode == OPMODE_STA) && ADHOC_ON(pAd))
+               {
+#ifdef DOT11_N_SUPPORT
+                       if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED) &&
+                               (pEntry->HTCapability.MCSSet[0] == 0xff) &&
+                               ((pEntry->HTCapability.MCSSet[1] == 0x00) || (pAd->Antenna.field.TxPath == 1)))
+                       {// 11N 1S Adhoc
+                               *ppTable = RateSwitchTable11N1S;
+                               *pTableSize = RateSwitchTable11N1S[0];
+                               *pInitTxRateIdx = RateSwitchTable11N1S[1];
+
+                       }
+                       else if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED) &&
+                                       (pEntry->HTCapability.MCSSet[0] == 0xff) &&
+                                       (pEntry->HTCapability.MCSSet[1] == 0xff) &&
+                                       (pAd->Antenna.field.TxPath == 2))
+                       {// 11N 2S Adhoc
+                               if (pAd->LatchRfRegs.Channel <= 14)
+                               {
+                                       *ppTable = RateSwitchTable11N2S;
+                                       *pTableSize = RateSwitchTable11N2S[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N2S[1];
+                               }
+                               else
+                               {
+                                       *ppTable = RateSwitchTable11N2SForABand;
+                                       *pTableSize = RateSwitchTable11N2SForABand[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N2SForABand[1];
+                               }
+
+                       }
+                       else
+#endif // DOT11_N_SUPPORT //
+                               if ((pEntry->RateLen == 4)
+#ifdef DOT11_N_SUPPORT
+                                       && (pEntry->HTCapability.MCSSet[0] == 0) && (pEntry->HTCapability.MCSSet[1] == 0)
+#endif // DOT11_N_SUPPORT //
+                                       )
+                       {
+                               *ppTable = RateSwitchTable11B;
+                               *pTableSize = RateSwitchTable11B[0];
+                               *pInitTxRateIdx = RateSwitchTable11B[1];
+
+                       }
+                       else if (pAd->LatchRfRegs.Channel <= 14)
+                       {
+                               *ppTable = RateSwitchTable11BG;
+                               *pTableSize = RateSwitchTable11BG[0];
+                               *pInitTxRateIdx = RateSwitchTable11BG[1];
+
+                       }
+                       else
+                       {
+                               *ppTable = RateSwitchTable11G;
+                               *pTableSize = RateSwitchTable11G[0];
+                               *pInitTxRateIdx = RateSwitchTable11G[1];
+
+                       }
+                       break;
+               }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+               //if ((pAd->StaActive.SupRateLen + pAd->StaActive.ExtRateLen == 12) && (pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0xff) &&
+               //      ((pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0x00) || (pAd->Antenna.field.TxPath == 1)))
+               if (((pEntry->RateLen == 12) || (pAd->OpMode == OPMODE_STA)) && (pEntry->HTCapability.MCSSet[0] == 0xff) &&
+                       ((pEntry->HTCapability.MCSSet[1] == 0x00) || (pAd->CommonCfg.TxStream == 1)))
+               {// 11BGN 1S AP
+                       *ppTable = RateSwitchTable11BGN1S;
+                       *pTableSize = RateSwitchTable11BGN1S[0];
+                       *pInitTxRateIdx = RateSwitchTable11BGN1S[1];
+
+                       break;
+               }
+
+               //else if ((pAd->StaActive.SupRateLen + pAd->StaActive.ExtRateLen == 12) && (pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0xff) &&
+               //      (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0xff) && (pAd->Antenna.field.TxPath == 2))
+               if (((pEntry->RateLen == 12) || (pAd->OpMode == OPMODE_STA)) && (pEntry->HTCapability.MCSSet[0] == 0xff) &&
+                       (pEntry->HTCapability.MCSSet[1] == 0xff) && (pAd->CommonCfg.TxStream == 2))
+               {// 11BGN 2S AP
+                       if (pAd->LatchRfRegs.Channel <= 14)
+                       {
+                               *ppTable = RateSwitchTable11BGN2S;
+                               *pTableSize = RateSwitchTable11BGN2S[0];
+                               *pInitTxRateIdx = RateSwitchTable11BGN2S[1];
+
+                       }
+                       else
+                       {
+                               *ppTable = RateSwitchTable11BGN2SForABand;
+                               *pTableSize = RateSwitchTable11BGN2SForABand[0];
+                               *pInitTxRateIdx = RateSwitchTable11BGN2SForABand[1];
+
+                       }
+                       break;
+               }
+
+               //else if ((pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0xff) && ((pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0x00) || (pAd->Antenna.field.TxPath == 1)))
+               if ((pEntry->HTCapability.MCSSet[0] == 0xff) && ((pEntry->HTCapability.MCSSet[1] == 0x00) || (pAd->CommonCfg.TxStream == 1)))
+               {// 11N 1S AP
+                       *ppTable = RateSwitchTable11N1S;
+                       *pTableSize = RateSwitchTable11N1S[0];
+                       *pInitTxRateIdx = RateSwitchTable11N1S[1];
+
+                       break;
+               }
+
+               //else if ((pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0xff) && (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0xff) && (pAd->Antenna.field.TxPath == 2))
+               if ((pEntry->HTCapability.MCSSet[0] == 0xff) && (pEntry->HTCapability.MCSSet[1] == 0xff) && (pAd->CommonCfg.TxStream == 2))
+               {// 11N 2S AP
+                       if (pAd->LatchRfRegs.Channel <= 14)
+                       {
+                       *ppTable = RateSwitchTable11N2S;
+                       *pTableSize = RateSwitchTable11N2S[0];
+                       *pInitTxRateIdx = RateSwitchTable11N2S[1];
+                       }
+                       else
+                       {
+                               *ppTable = RateSwitchTable11N2SForABand;
+                               *pTableSize = RateSwitchTable11N2SForABand[0];
+                               *pInitTxRateIdx = RateSwitchTable11N2SForABand[1];
+                       }
+
+                       break;
+               }
+#endif // DOT11_N_SUPPORT //
+               //else if ((pAd->StaActive.SupRateLen == 4) && (pAd->StaActive.ExtRateLen == 0) && (pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0) && (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0))
+               if ((pEntry->RateLen == 4 || pAd->CommonCfg.PhyMode==PHY_11B)
+#ifdef DOT11_N_SUPPORT
+               //Iverson mark for Adhoc b mode,sta will use rate 54  Mbps when connect with sta b/g/n mode
+               /* && (pEntry->HTCapability.MCSSet[0] == 0) && (pEntry->HTCapability.MCSSet[1] == 0)*/
+#endif // DOT11_N_SUPPORT //
+                       )
+               {// B only AP
+                       *ppTable = RateSwitchTable11B;
+                       *pTableSize = RateSwitchTable11B[0];
+                       *pInitTxRateIdx = RateSwitchTable11B[1];
+
+                       break;
+               }
+
+               //else if ((pAd->StaActive.SupRateLen + pAd->StaActive.ExtRateLen > 8) && (pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0) && (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0))
+               if ((pEntry->RateLen > 8)
+#ifdef DOT11_N_SUPPORT
+                       && (pEntry->HTCapability.MCSSet[0] == 0) && (pEntry->HTCapability.MCSSet[1] == 0)
+#endif // DOT11_N_SUPPORT //
+                       )
+               {// B/G  mixed AP
+                       *ppTable = RateSwitchTable11BG;
+                       *pTableSize = RateSwitchTable11BG[0];
+                       *pInitTxRateIdx = RateSwitchTable11BG[1];
+
+                       break;
+               }
+
+               //else if ((pAd->StaActive.SupRateLen + pAd->StaActive.ExtRateLen == 8) && (pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0) && (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0))
+               if ((pEntry->RateLen == 8)
+#ifdef DOT11_N_SUPPORT
+                       && (pEntry->HTCapability.MCSSet[0] == 0) && (pEntry->HTCapability.MCSSet[1] == 0)
+#endif // DOT11_N_SUPPORT //
+                       )
+               {// G only AP
+                       *ppTable = RateSwitchTable11G;
+                       *pTableSize = RateSwitchTable11G[0];
+                       *pInitTxRateIdx = RateSwitchTable11G[1];
+
+                       break;
+               }
+#ifdef DOT11_N_SUPPORT
+#endif // DOT11_N_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+#ifdef DOT11_N_SUPPORT
+                       //else if ((pAd->StaActive.SupportedPhyInfo.MCSSet[0] == 0) && (pAd->StaActive.SupportedPhyInfo.MCSSet[1] == 0))
+                       if ((pEntry->HTCapability.MCSSet[0] == 0) && (pEntry->HTCapability.MCSSet[1] == 0))
+#endif // DOT11_N_SUPPORT //
+                       {       // Legacy mode
+                               if (pAd->CommonCfg.MaxTxRate <= RATE_11)
+                               {
+                                       *ppTable = RateSwitchTable11B;
+                                       *pTableSize = RateSwitchTable11B[0];
+                                       *pInitTxRateIdx = RateSwitchTable11B[1];
+                               }
+                               else if ((pAd->CommonCfg.MaxTxRate > RATE_11) && (pAd->CommonCfg.MinTxRate > RATE_11))
+                               {
+                                       *ppTable = RateSwitchTable11G;
+                                       *pTableSize = RateSwitchTable11G[0];
+                                       *pInitTxRateIdx = RateSwitchTable11G[1];
+
+                               }
+                               else
+                               {
+                                       *ppTable = RateSwitchTable11BG;
+                                       *pTableSize = RateSwitchTable11BG[0];
+                                       *pInitTxRateIdx = RateSwitchTable11BG[1];
+                               }
+                               break;
+                       }
+#ifdef DOT11_N_SUPPORT
+                       if (pAd->LatchRfRegs.Channel <= 14)
+                       {
+                               if (pAd->CommonCfg.TxStream == 1)
+                               {
+                                       *ppTable = RateSwitchTable11N1S;
+                                       *pTableSize = RateSwitchTable11N1S[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N1S[1];
+                                       DBGPRINT_RAW(RT_DEBUG_ERROR,("DRS: unkown mode,default use 11N 1S AP \n"));
+                               }
+                               else
+                               {
+                                       *ppTable = RateSwitchTable11N2S;
+                                       *pTableSize = RateSwitchTable11N2S[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N2S[1];
+                                       DBGPRINT_RAW(RT_DEBUG_ERROR,("DRS: unkown mode,default use 11N 2S AP \n"));
+                               }
+                       }
+                       else
+                       {
+                               if (pAd->CommonCfg.TxStream == 1)
+                               {
+                                       *ppTable = RateSwitchTable11N1S;
+                                       *pTableSize = RateSwitchTable11N1S[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N1S[1];
+                                       DBGPRINT_RAW(RT_DEBUG_ERROR,("DRS: unkown mode,default use 11N 1S AP \n"));
+                               }
+                               else
+                               {
+                                       *ppTable = RateSwitchTable11N2SForABand;
+                                       *pTableSize = RateSwitchTable11N2SForABand[0];
+                                       *pInitTxRateIdx = RateSwitchTable11N2SForABand[1];
+                                       DBGPRINT_RAW(RT_DEBUG_ERROR,("DRS: unkown mode,default use 11N 2S AP \n"));
+                               }
+                       }
+#endif // DOT11_N_SUPPORT //
+                       DBGPRINT_RAW(RT_DEBUG_ERROR,("DRS: unkown mode (SupRateLen=%d, ExtRateLen=%d, MCSSet[0]=0x%x, MCSSet[1]=0x%x)\n",
+                               pAd->StaActive.SupRateLen, pAd->StaActive.ExtRateLen, pAd->StaActive.SupportedPhyInfo.MCSSet[0], pAd->StaActive.SupportedPhyInfo.MCSSet[1]));
+               }
+#endif // CONFIG_STA_SUPPORT //
+       } while(FALSE);
+}
+
+
+#ifdef CONFIG_STA_SUPPORT
+VOID STAMlmePeriodicExec(
+       PRTMP_ADAPTER pAd)
+{
+       ULONG                       TxTotalCnt;
+       int     i;
+
+
+
+
+       /*
+               We return here in ATE mode, because the statistics
+               that ATE need are not collected via this routine.
+       */
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       return;
+#endif // RALINK_ATE //
+
+#ifdef RALINK_ATE
+       // It is supposed that we will never reach here in ATE mode.
+       ASSERT(!(ATE_ON(pAd)));
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+#ifdef PCIE_PS_SUPPORT
+// don't perform idle-power-save mechanism within 3 min after driver initialization.
+// This can make rebooter test more robust
+if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+       {
+       if ((pAd->OpMode == OPMODE_STA) && (IDLE_ON(pAd))
+               && (pAd->Mlme.SyncMachine.CurrState == SYNC_IDLE)
+               && (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)
+               && (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF)))
+               {
+               if (IS_RT3090(pAd)|| IS_RT3572(pAd) || IS_RT3390(pAd))
+                       {
+                       if (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+                               {
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::%d\n",__FUNCTION__,__LINE__));
+
+                               RT28xxPciAsicRadioOff(pAd, GUI_IDLE_POWER_SAVE, 0);
+                               }
+                       else
+                               {
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::%d\n",__FUNCTION__,__LINE__));
+                               AsicSendCommandToMcu(pAd, 0x30, PowerSafeCID, 0xff, 0x2);
+                               // Wait command success
+                               AsicCheckCommanOk(pAd, PowerSafeCID);
+                               RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+                               DBGPRINT(RT_DEBUG_TRACE, ("PSM - rt30xx Issue Sleep command)\n"));
+                               }
+                       }
+               else if (pAd->Mlme.OneSecPeriodicRound > 180)
+                       {
+                       if (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+                               {
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::%d\n",__FUNCTION__,__LINE__));
+                               RT28xxPciAsicRadioOff(pAd, GUI_IDLE_POWER_SAVE, 0);
+                               }
+                       else
+                               {
+                               DBGPRINT(RT_DEBUG_TRACE, ("%s::%d\n",__FUNCTION__,__LINE__));
+                               AsicSendCommandToMcu(pAd, 0x30, PowerSafeCID, 0xff, 0x02);
+                               // Wait command success
+                               AsicCheckCommanOk(pAd, PowerSafeCID);
+                               RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+                               DBGPRINT(RT_DEBUG_TRACE, ("PSM -  rt28xx Issue Sleep command)\n"));
+                               }
+                       }
+               }
+       else
+               {
+               DBGPRINT(RT_DEBUG_TRACE,("STAMlmePeriodicExec MMCHK - CommonCfg.Ssid[%d]=%c%c%c%c... MlmeAux.Ssid[%d]=%c%c%c%c...\n",
+                       pAd->CommonCfg.SsidLen, pAd->CommonCfg.Ssid[0], pAd->CommonCfg.Ssid[1], pAd->CommonCfg.Ssid[2], pAd->CommonCfg.Ssid[3],
+                       pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid[0], pAd->MlmeAux.Ssid[1], pAd->MlmeAux.Ssid[2], pAd->MlmeAux.Ssid[3]));
+               }
+       }
+#endif // PCIE_PS_SUPPORT //
+
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+    if (pAd->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_DISABLE)
+#endif // WPA_SUPPLICANT_SUPPORT //
+    {
+       // WPA MIC error should block association attempt for 60 seconds
+               if (pAd->StaCfg.bBlockAssoc &&
+                       RTMP_TIME_AFTER(pAd->Mlme.Now32, pAd->StaCfg.LastMicErrorTime + (60*OS_HZ)))
+               pAd->StaCfg.bBlockAssoc = FALSE;
+    }
+
+    if ((pAd->PreMediaState != pAd->IndicateMediaState) && (pAd->CommonCfg.bWirelessEvent))
+       {
+               if (pAd->IndicateMediaState == NdisMediaStateConnected)
+               {
+                       RTMPSendWirelessEvent(pAd, IW_STA_LINKUP_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+               }
+               pAd->PreMediaState = pAd->IndicateMediaState;
+       }
+
+
+
+
+       if (pAd->CommonCfg.PSPXlink && ADHOC_ON(pAd))
+       {
+       }
+       else
+       {
+       AsicStaBbpTuning(pAd);
+       }
+
+       TxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount +
+                                        pAd->RalinkCounters.OneSecTxRetryOkCount +
+                                        pAd->RalinkCounters.OneSecTxFailCount;
+
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+       {
+               // update channel quality for Roaming and UI LinkQuality display
+               MlmeCalculateChannelQuality(pAd, NULL, pAd->Mlme.Now32);
+       }
+
+       // must be AFTER MlmeDynamicTxRateSwitching() because it needs to know if
+       // Radio is currently in noisy environment
+       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+       AsicAdjustTxPower(pAd);
+
+       if (INFRA_ON(pAd))
+       {
+#ifdef QOS_DLS_SUPPORT
+               // Check DLS time out, then tear down those session
+               RTMPCheckDLSTimeOut(pAd);
+#endif // QOS_DLS_SUPPORT //
+
+               // Is PSM bit consistent with user power management policy?
+               // This is the only place that will set PSM bit ON.
+               if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+               MlmeCheckPsmChange(pAd, pAd->Mlme.Now32);
+
+               pAd->RalinkCounters.LastOneSecTotalTxCount = TxTotalCnt;
+
+               if ((RTMP_TIME_AFTER(pAd->Mlme.Now32, pAd->StaCfg.LastBeaconRxTime + (1*OS_HZ))) &&
+                       (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS)) &&
+                       (((TxTotalCnt + pAd->RalinkCounters.OneSecRxOkCnt) < 600)))
+               {
+                       RTMPSetAGCInitValue(pAd, BW_20);
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - No BEACON. restore R66 to the low bound(%d) \n", (0x2E + GET_LNA_GAIN(pAd))));
+               }
+
+        //if ((pAd->RalinkCounters.OneSecTxNoRetryOkCount == 0) &&
+        //    (pAd->RalinkCounters.OneSecTxRetryOkCount == 0))
+        {
+               if (pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable)
+               {
+                   // When APSD is enabled, the period changes as 20 sec
+                       if ((pAd->Mlme.OneSecPeriodicRound % 20) == 8)
+                               RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE);
+               }
+               else
+               {
+                   // Send out a NULL frame every 10 sec to inform AP that STA is still alive (Avoid being age out)
+                       if ((pAd->Mlme.OneSecPeriodicRound % 10) == 8)
+                {
+                    if (pAd->CommonCfg.bWmmCapable)
+                                       RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE);
+                    else
+                                               RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, FALSE);
+                }
+               }
+        }
+
+               if (CQI_IS_DEAD(pAd->Mlme.ChannelQuality))
+                       {
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - No BEACON. Dead CQI. Auto Recovery attempt #%ld\n", pAd->RalinkCounters.BadCQIAutoRecoveryCount));
+
+                       // Lost AP, send disconnect & link down event
+                       LinkDown(pAd, FALSE);
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+               //send disassociate event to wpa_supplicant
+               if (pAd->StaCfg.WpaSupplicantUP) {
+                       RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0);
+               }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+               RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+                       // RTMPPatchMacBbpBug(pAd);
+                       MlmeAutoReconnectLastSSID(pAd);
+               }
+               else if (CQI_IS_BAD(pAd->Mlme.ChannelQuality))
+               {
+                       pAd->RalinkCounters.BadCQIAutoRecoveryCount ++;
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - Bad CQI. Auto Recovery attempt #%ld\n", pAd->RalinkCounters.BadCQIAutoRecoveryCount));
+                       MlmeAutoReconnectLastSSID(pAd);
+               }
+
+               if (pAd->StaCfg.bAutoRoaming)
+               {
+                       BOOLEAN rv = FALSE;
+                       CHAR    dBmToRoam = pAd->StaCfg.dBmToRoam;
+                       CHAR    MaxRssi = RTMPMaxRssi(pAd,
+                                                                                 pAd->StaCfg.RssiSample.LastRssi0,
+                                                                                 pAd->StaCfg.RssiSample.LastRssi1,
+                                                                                 pAd->StaCfg.RssiSample.LastRssi2);
+
+                       // Scanning, ignore Roaming
+                       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS) &&
+                               (pAd->Mlme.SyncMachine.CurrState == SYNC_IDLE) &&
+                               (MaxRssi <= dBmToRoam))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("Rssi=%d, dBmToRoam=%d\n", MaxRssi, (CHAR)dBmToRoam));
+
+
+                               // Add auto seamless roaming
+                               if (rv == FALSE)
+                                       rv = MlmeCheckForFastRoaming(pAd);
+
+                               if (rv == FALSE)
+                               {
+                                       if ((pAd->StaCfg.LastScanTime + 10 * OS_HZ) < pAd->Mlme.Now32)
+                                       {
+                                               DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - Roaming, No eligable entry, try new scan!\n"));
+                                               pAd->StaCfg.ScanCnt = 2;
+                                               pAd->StaCfg.LastScanTime = pAd->Mlme.Now32;
+                                               MlmeAutoScan(pAd);
+                                       }
+                               }
+                       }
+               }
+       }
+       else if (ADHOC_ON(pAd))
+       {
+
+               // If all peers leave, and this STA becomes the last one in this IBSS, then change MediaState
+               // to DISCONNECTED. But still holding this IBSS (i.e. sending BEACON) so that other STAs can
+               // join later.
+               if (RTMP_TIME_AFTER(pAd->Mlme.Now32, pAd->StaCfg.LastBeaconRxTime + ADHOC_BEACON_LOST_TIME) &&
+                       OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+               {
+                       MLME_START_REQ_STRUCT     StartReq;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - excessive BEACON lost, last STA in this IBSS, MediaState=Disconnected\n"));
+                       LinkDown(pAd, FALSE);
+
+                       StartParmFill(pAd, &StartReq, (CHAR *)pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+                       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_START_REQ, sizeof(MLME_START_REQ_STRUCT), &StartReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_START;
+               }
+
+               for (i = 1; i < MAX_LEN_OF_MAC_TABLE; i++)
+               {
+                       MAC_TABLE_ENTRY *pEntry = &pAd->MacTab.Content[i];
+
+                       if (pEntry->ValidAsCLI == FALSE)
+                               continue;
+
+                       if (RTMP_TIME_AFTER(pAd->Mlme.Now32, pEntry->LastBeaconRxTime + ADHOC_BEACON_LOST_TIME))
+                               MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr);
+               }
+       }
+       else // no INFRA nor ADHOC connection
+       {
+
+               if (pAd->StaCfg.bScanReqIsFromWebUI &&
+                       RTMP_TIME_BEFORE(pAd->Mlme.Now32, pAd->StaCfg.LastScanTime + (30 * OS_HZ)))
+                       goto SKIP_AUTO_SCAN_CONN;
+        else
+            pAd->StaCfg.bScanReqIsFromWebUI = FALSE;
+
+               if ((pAd->StaCfg.bAutoReconnect == TRUE)
+                       && RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_START_UP)
+                       && (MlmeValidateSSID(pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen) == TRUE))
+               {
+                       if ((pAd->ScanTab.BssNr==0) && (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE))
+                       {
+                               MLME_SCAN_REQ_STRUCT       ScanReq;
+
+                               if (RTMP_TIME_AFTER(pAd->Mlme.Now32, pAd->StaCfg.LastScanTime + (10 * OS_HZ)))
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("STAMlmePeriodicExec():CNTL - ScanTab.BssNr==0, start a new ACTIVE scan SSID[%s]\n", pAd->MlmeAux.AutoReconnectSsid));
+                                       ScanParmFill(pAd, &ScanReq, (PSTRING) pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen, BSS_ANY, SCAN_ACTIVE);
+                                       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_SCAN_REQ, sizeof(MLME_SCAN_REQ_STRUCT), &ScanReq);
+                                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_LIST_SCAN;
+                                       // Reset Missed scan number
+                                       pAd->StaCfg.LastScanTime = pAd->Mlme.Now32;
+                               }
+                               else if (pAd->StaCfg.BssType == BSS_ADHOC)      // Quit the forever scan when in a very clean room
+                                       MlmeAutoReconnectLastSSID(pAd);
+                       }
+                       else if (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)
+                       {
+                               if ((pAd->Mlme.OneSecPeriodicRound % 7) == 0)
+                                       {
+                                               MlmeAutoScan(pAd);
+                                               pAd->StaCfg.LastScanTime = pAd->Mlme.Now32;
+                                       }
+                               else
+                               {
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+                                       if (pAd->CommonCfg.CarrierDetect.Enable == TRUE)
+                                       {
+                                               if ((pAd->Mlme.OneSecPeriodicRound % 5) == 1)
+                                                       MlmeAutoReconnectLastSSID(pAd);
+                                       }
+                                       else
+#endif // CARRIER_DETECTION_SUPPORT //
+                                               MlmeAutoReconnectLastSSID(pAd);
+                               }
+                       }
+               }
+       }
+
+SKIP_AUTO_SCAN_CONN:
+
+#ifdef DOT11_N_SUPPORT
+    if ((pAd->MacTab.Content[BSSID_WCID].TXBAbitmap !=0) && (pAd->MacTab.fAnyBASession == FALSE))
+       {
+               pAd->MacTab.fAnyBASession = TRUE;
+               AsicUpdateProtect(pAd, HT_FORCERTSCTS,  ALLN_SETPROTECT, FALSE, FALSE);
+       }
+       else if ((pAd->MacTab.Content[BSSID_WCID].TXBAbitmap ==0) && (pAd->MacTab.fAnyBASession == TRUE))
+       {
+               pAd->MacTab.fAnyBASession = FALSE;
+               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode,  ALLN_SETPROTECT, FALSE, FALSE);
+       }
+#endif // DOT11_N_SUPPORT //
+
+
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SCAN_2040))
+               TriEventCounterMaintenance(pAd);
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+       return;
+}
+
+// Link down report
+VOID LinkDownExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       if (pAd != NULL)
+       {
+               MLME_DISASSOC_REQ_STRUCT   DisassocReq;
+
+               if ((pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED) &&
+                       (INFRA_ON(pAd)))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("LinkDownExec(): disassociate with current AP...\n"));
+                       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+                       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ,
+                                               sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+
+                       pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                       RTMP_IndicateMediaState(pAd);
+                   pAd->ExtraInfo = GENERAL_LINK_DOWN;
+               }
+       }
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID MlmeAutoScan(
+       IN PRTMP_ADAPTER pAd)
+{
+       // check CntlMachine.CurrState to avoid collision with NDIS SetOID request
+       if (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - Driver auto scan\n"));
+               MlmeEnqueue(pAd,
+                                       MLME_CNTL_STATE_MACHINE,
+                                       OID_802_11_BSSID_LIST_SCAN,
+                                       pAd->MlmeAux.AutoReconnectSsidLen,
+                                       pAd->MlmeAux.AutoReconnectSsid);
+               RTMP_MLME_HANDLER(pAd);
+       }
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID MlmeAutoReconnectLastSSID(
+       IN PRTMP_ADAPTER pAd)
+{
+       if (pAd->StaCfg.bAutoConnectByBssid)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Driver auto reconnect to last OID_802_11_BSSID setting - %02X:%02X:%02X:%02X:%02X:%02X\n",
+                                                                       pAd->MlmeAux.Bssid[0],
+                                                                       pAd->MlmeAux.Bssid[1],
+                                                                       pAd->MlmeAux.Bssid[2],
+                                                                       pAd->MlmeAux.Bssid[3],
+                                                                       pAd->MlmeAux.Bssid[4],
+                                                                       pAd->MlmeAux.Bssid[5]));
+
+               pAd->MlmeAux.Channel = pAd->CommonCfg.Channel;
+               MlmeEnqueue(pAd,
+                        MLME_CNTL_STATE_MACHINE,
+                        OID_802_11_BSSID,
+                        MAC_ADDR_LEN,
+                        pAd->MlmeAux.Bssid);
+
+               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+
+               RTMP_MLME_HANDLER(pAd);
+       }
+       // check CntlMachine.CurrState to avoid collision with NDIS SetOID request
+       else if ((pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE) &&
+               (MlmeValidateSSID(pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen) == TRUE))
+       {
+               NDIS_802_11_SSID OidSsid;
+               OidSsid.SsidLength = pAd->MlmeAux.AutoReconnectSsidLen;
+               NdisMoveMemory(OidSsid.Ssid, pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Driver auto reconnect to last OID_802_11_SSID setting - %s, len - %d\n", pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen));
+               MlmeEnqueue(pAd,
+                                       MLME_CNTL_STATE_MACHINE,
+                                       OID_802_11_SSID,
+                                       sizeof(NDIS_802_11_SSID),
+                                       &OidSsid);
+               RTMP_MLME_HANDLER(pAd);
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               This routine checks if there're other APs out there capable for
+               roaming. Caller should call this routine only when Link up in INFRA mode
+               and channel quality is below CQI_GOOD_THRESHOLD.
+
+       IRQL = DISPATCH_LEVEL
+
+       Output:
+       ==========================================================================
+ */
+VOID MlmeCheckForRoaming(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG        Now32)
+{
+       USHORT     i;
+       BSS_TABLE  *pRoamTab = &pAd->MlmeAux.RoamTab;
+       BSS_ENTRY  *pBss;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> MlmeCheckForRoaming\n"));
+       // put all roaming candidates into RoamTab, and sort in RSSI order
+       BssTableInit(pRoamTab);
+       for (i = 0; i < pAd->ScanTab.BssNr; i++)
+       {
+               pBss = &pAd->ScanTab.BssEntry[i];
+
+               if ((pBss->LastBeaconRxTime + pAd->StaCfg.BeaconLostTime) < Now32)
+                       continue;        // AP disappear
+               if (pBss->Rssi <= RSSI_THRESHOLD_FOR_ROAMING)
+                       continue;        // RSSI too weak. forget it.
+               if (MAC_ADDR_EQUAL(pBss->Bssid, pAd->CommonCfg.Bssid))
+                       continue;        // skip current AP
+               if (pBss->Rssi < (pAd->StaCfg.RssiSample.LastRssi0 + RSSI_DELTA))
+                       continue;        // only AP with stronger RSSI is eligible for roaming
+
+               // AP passing all above rules is put into roaming candidate table
+               NdisMoveMemory(&pRoamTab->BssEntry[pRoamTab->BssNr], pBss, sizeof(BSS_ENTRY));
+               pRoamTab->BssNr += 1;
+       }
+
+       if (pRoamTab->BssNr > 0)
+       {
+               // check CntlMachine.CurrState to avoid collision with NDIS SetOID request
+               if (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)
+               {
+                       pAd->RalinkCounters.PoorCQIRoamingCount ++;
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - Roaming attempt #%ld\n", pAd->RalinkCounters.PoorCQIRoamingCount));
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_MLME_ROAMING_REQ, 0, NULL);
+                       RTMP_MLME_HANDLER(pAd);
+               }
+       }
+       DBGPRINT(RT_DEBUG_TRACE, ("<== MlmeCheckForRoaming(# of candidate= %d)\n",pRoamTab->BssNr));
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine checks if there're other APs out there capable for
+               roaming. Caller should call this routine only when link up in INFRA mode
+               and channel quality is below CQI_GOOD_THRESHOLD.
+
+       IRQL = DISPATCH_LEVEL
+
+       Output:
+       ==========================================================================
+ */
+BOOLEAN MlmeCheckForFastRoaming(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       USHORT          i;
+       BSS_TABLE       *pRoamTab = &pAd->MlmeAux.RoamTab;
+       BSS_ENTRY       *pBss;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> MlmeCheckForFastRoaming\n"));
+       // put all roaming candidates into RoamTab, and sort in RSSI order
+       BssTableInit(pRoamTab);
+       for (i = 0; i < pAd->ScanTab.BssNr; i++)
+       {
+               pBss = &pAd->ScanTab.BssEntry[i];
+
+        if ((pBss->Rssi <= -50) && (pBss->Channel == pAd->CommonCfg.Channel))
+                       continue;        // RSSI too weak. forget it.
+               if (MAC_ADDR_EQUAL(pBss->Bssid, pAd->CommonCfg.Bssid))
+                       continue;        // skip current AP
+               if (!SSID_EQUAL(pBss->Ssid, pBss->SsidLen, pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen))
+                       continue;        // skip different SSID
+        if (pBss->Rssi < (RTMPMaxRssi(pAd, pAd->StaCfg.RssiSample.LastRssi0, pAd->StaCfg.RssiSample.LastRssi1, pAd->StaCfg.RssiSample.LastRssi2) + RSSI_DELTA))
+                       continue;        // skip AP without better RSSI
+
+        DBGPRINT(RT_DEBUG_TRACE, ("LastRssi0 = %d, pBss->Rssi = %d\n", RTMPMaxRssi(pAd, pAd->StaCfg.RssiSample.LastRssi0, pAd->StaCfg.RssiSample.LastRssi1, pAd->StaCfg.RssiSample.LastRssi2), pBss->Rssi));
+               // AP passing all above rules is put into roaming candidate table
+               NdisMoveMemory(&pRoamTab->BssEntry[pRoamTab->BssNr], pBss, sizeof(BSS_ENTRY));
+               pRoamTab->BssNr += 1;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<== MlmeCheckForFastRoaming (BssNr=%d)\n", pRoamTab->BssNr));
+       if (pRoamTab->BssNr > 0)
+       {
+               // check CntlMachine.CurrState to avoid collision with NDIS SetOID request
+               if (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)
+               {
+                       pAd->RalinkCounters.PoorCQIRoamingCount ++;
+                       DBGPRINT(RT_DEBUG_TRACE, ("MMCHK - Roaming attempt #%ld\n", pAd->RalinkCounters.PoorCQIRoamingCount));
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_MLME_ROAMING_REQ, 0, NULL);
+                       RTMP_MLME_HANDLER(pAd);
+                       return TRUE;
+               }
+       }
+
+       return FALSE;
+}
+
+VOID MlmeSetTxRate(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PRTMP_TX_RATE_SWITCH pTxRate)
+{
+       UCHAR   MaxMode = MODE_OFDM;
+
+#ifdef DOT11_N_SUPPORT
+       MaxMode = MODE_HTGREENFIELD;
+
+       if (pTxRate->STBC && (pAd->StaCfg.MaxHTPhyMode.field.STBC) && (pAd->Antenna.field.TxPath == 2))
+               pAd->StaCfg.HTPhyMode.field.STBC = STBC_USE;
+       else
+#endif // DOT11_N_SUPPORT //
+               pAd->StaCfg.HTPhyMode.field.STBC = STBC_NONE;
+
+       if (pTxRate->CurrMCS < MCS_AUTO)
+               pAd->StaCfg.HTPhyMode.field.MCS = pTxRate->CurrMCS;
+
+       if (pAd->StaCfg.HTPhyMode.field.MCS > 7)
+               pAd->StaCfg.HTPhyMode.field.STBC = STBC_NONE;
+
+       if (ADHOC_ON(pAd))
+       {
+               // If peer adhoc is b-only mode, we can't send 11g rate.
+               pAd->StaCfg.HTPhyMode.field.ShortGI = GI_800;
+               pEntry->HTPhyMode.field.STBC    = STBC_NONE;
+
+               //
+               // For Adhoc MODE_CCK, driver will use AdhocBOnlyJoined flag to roll back to B only if necessary
+               //
+               pEntry->HTPhyMode.field.MODE    = pTxRate->Mode;
+               pEntry->HTPhyMode.field.ShortGI = pAd->StaCfg.HTPhyMode.field.ShortGI;
+               pEntry->HTPhyMode.field.MCS             = pAd->StaCfg.HTPhyMode.field.MCS;
+
+               // Patch speed error in status page
+               pAd->StaCfg.HTPhyMode.field.MODE = pEntry->HTPhyMode.field.MODE;
+       }
+       else
+    {
+               if (pTxRate->Mode <= MaxMode)
+               pAd->StaCfg.HTPhyMode.field.MODE = pTxRate->Mode;
+
+#ifdef DOT11_N_SUPPORT
+        if (pTxRate->ShortGI && (pAd->StaCfg.MaxHTPhyMode.field.ShortGI))
+                       pAd->StaCfg.HTPhyMode.field.ShortGI = GI_400;
+               else
+#endif // DOT11_N_SUPPORT //
+                       pAd->StaCfg.HTPhyMode.field.ShortGI = GI_800;
+
+#ifdef DOT11_N_SUPPORT
+               // Reexam each bandwidth's SGI support.
+               if (pAd->StaCfg.HTPhyMode.field.ShortGI == GI_400)
+               {
+                       if ((pEntry->HTPhyMode.field.BW == BW_20) && (!CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE)))
+                               pAd->StaCfg.HTPhyMode.field.ShortGI = GI_800;
+                       if ((pEntry->HTPhyMode.field.BW == BW_40) && (!CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE)))
+                               pAd->StaCfg.HTPhyMode.field.ShortGI = GI_800;
+               }
+
+        // Turn RTS/CTS rate to 6Mbps.
+               if ((pEntry->HTPhyMode.field.MCS == 0) && (pAd->StaCfg.HTPhyMode.field.MCS != 0))
+               {
+                       pEntry->HTPhyMode.field.MCS             = pAd->StaCfg.HTPhyMode.field.MCS;
+                       if (pAd->MacTab.fAnyBASession)
+                       {
+                               AsicUpdateProtect(pAd, HT_FORCERTSCTS, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+                       }
+                       else
+                       {
+                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+                       }
+               }
+               else if ((pEntry->HTPhyMode.field.MCS == 8) && (pAd->StaCfg.HTPhyMode.field.MCS != 8))
+               {
+                       pEntry->HTPhyMode.field.MCS             = pAd->StaCfg.HTPhyMode.field.MCS;
+                       if (pAd->MacTab.fAnyBASession)
+                       {
+                               AsicUpdateProtect(pAd, HT_FORCERTSCTS, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+                       }
+                       else
+                       {
+                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+                       }
+               }
+               else if ((pEntry->HTPhyMode.field.MCS != 0) && (pAd->StaCfg.HTPhyMode.field.MCS == 0))
+               {
+                       AsicUpdateProtect(pAd, HT_RTSCTS_6M, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+
+               }
+               else if ((pEntry->HTPhyMode.field.MCS != 8) && (pAd->StaCfg.HTPhyMode.field.MCS == 8))
+               {
+                       AsicUpdateProtect(pAd, HT_RTSCTS_6M, ALLN_SETPROTECT, TRUE, (BOOLEAN)pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent);
+               }
+#endif // DOT11_N_SUPPORT //
+
+               pEntry->HTPhyMode.field.STBC    = pAd->StaCfg.HTPhyMode.field.STBC;
+               pEntry->HTPhyMode.field.ShortGI = pAd->StaCfg.HTPhyMode.field.ShortGI;
+               pEntry->HTPhyMode.field.MCS             = pAd->StaCfg.HTPhyMode.field.MCS;
+               pEntry->HTPhyMode.field.MODE    = pAd->StaCfg.HTPhyMode.field.MODE;
+#ifdef DOT11_N_SUPPORT
+        if ((pAd->StaCfg.MaxHTPhyMode.field.MODE == MODE_HTGREENFIELD) &&
+            pAd->WIFItestbed.bGreenField)
+            pEntry->HTPhyMode.field.MODE = MODE_HTGREENFIELD;
+#endif // DOT11_N_SUPPORT //
+    }
+
+    pAd->LastTxRate = (USHORT)(pEntry->HTPhyMode.word);
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine calculates the acumulated TxPER of eaxh TxRate. And
+               according to the calculation result, change CommonCfg.TxRate which
+               is the stable TX Rate we expect the Radio situation could sustained.
+
+               CommonCfg.TxRate will change dynamically within {RATE_1/RATE_6, MaxTxRate}
+       Output:
+               CommonCfg.TxRate -
+
+       IRQL = DISPATCH_LEVEL
+
+       NOTE:
+               call this routine every second
+       ==========================================================================
+ */
+VOID MlmeDynamicTxRateSwitching(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR                                   UpRateIdx = 0, DownRateIdx = 0, CurrRateIdx;
+       ULONG                                   i, AccuTxTotalCnt = 0, TxTotalCnt;
+       ULONG                                   TxErrorRatio = 0;
+       BOOLEAN                                 bTxRateChanged = FALSE, bUpgradeQuality = FALSE;
+       PRTMP_TX_RATE_SWITCH    pCurrTxRate, pNextTxRate = NULL;
+       PUCHAR                                  pTable;
+       UCHAR                                   TableSize = 0;
+       UCHAR                                   InitTxRateIdx = 0, TrainUp, TrainDown;
+       CHAR                                    Rssi, RssiOffset = 0;
+       TX_STA_CNT1_STRUC               StaTx1;
+       TX_STA_CNT0_STRUC               TxStaCnt0;
+       ULONG                                   TxRetransmit = 0, TxSuccess = 0, TxFailCount = 0;
+       MAC_TABLE_ENTRY                 *pEntry;
+       RSSI_SAMPLE                             *pRssi = &pAd->StaCfg.RssiSample;
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       {
+               return;
+       }
+#endif // RALINK_ATE //
+
+       //
+       // walk through MAC table, see if need to change AP's TX rate toward each entry
+       //
+       for (i = 1; i < MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               pEntry = &pAd->MacTab.Content[i];
+
+       // check if this entry need to switch rate automatically
+               if (RTMPCheckEntryEnableAutoRateSwitch(pAd, pEntry) == FALSE)
+                       continue;
+
+               if ((pAd->MacTab.Size == 1) || (pEntry->ValidAsDls))
+               {
+                       Rssi = RTMPMaxRssi(pAd,
+                                                          pRssi->AvgRssi0,
+                                                          pRssi->AvgRssi1,
+                                                          pRssi->AvgRssi2);
+
+                       // Update statistic counter
+                       RTMP_IO_READ32(pAd, TX_STA_CNT0, &TxStaCnt0.word);
+                       RTMP_IO_READ32(pAd, TX_STA_CNT1, &StaTx1.word);
+                       pAd->bUpdateBcnCntDone = TRUE;
+                       TxRetransmit = StaTx1.field.TxRetransmit;
+                       TxSuccess = StaTx1.field.TxSuccess;
+                       TxFailCount = TxStaCnt0.field.TxFailCount;
+                       TxTotalCnt = TxRetransmit + TxSuccess + TxFailCount;
+
+                       pAd->RalinkCounters.OneSecTxRetryOkCount += StaTx1.field.TxRetransmit;
+                       pAd->RalinkCounters.OneSecTxNoRetryOkCount += StaTx1.field.TxSuccess;
+                       pAd->RalinkCounters.OneSecTxFailCount += TxStaCnt0.field.TxFailCount;
+                       pAd->WlanCounters.TransmittedFragmentCount.u.LowPart += StaTx1.field.TxSuccess;
+                       pAd->WlanCounters.RetryCount.u.LowPart += StaTx1.field.TxRetransmit;
+                       pAd->WlanCounters.FailedCount.u.LowPart += TxStaCnt0.field.TxFailCount;
+
+                       // if no traffic in the past 1-sec period, don't change TX rate,
+                       // but clear all bad history. because the bad history may affect the next
+                       // Chariot throughput test
+                       AccuTxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount +
+                                                pAd->RalinkCounters.OneSecTxRetryOkCount +
+                                                pAd->RalinkCounters.OneSecTxFailCount;
+
+                       if (TxTotalCnt)
+                               TxErrorRatio = ((TxRetransmit + TxFailCount) * 100) / TxTotalCnt;
+               }
+               else
+               {
+                       if (INFRA_ON(pAd) && (i == 1))
+                               Rssi = RTMPMaxRssi(pAd,
+                                                                  pRssi->AvgRssi0,
+                                                                  pRssi->AvgRssi1,
+                                                                  pRssi->AvgRssi2);
+                       else
+                               Rssi = RTMPMaxRssi(pAd,
+                                                                  pEntry->RssiSample.AvgRssi0,
+                                                                  pEntry->RssiSample.AvgRssi1,
+                                                                  pEntry->RssiSample.AvgRssi2);
+
+                       TxTotalCnt = pEntry->OneSecTxNoRetryOkCount +
+                                pEntry->OneSecTxRetryOkCount +
+                                pEntry->OneSecTxFailCount;
+
+                       if (TxTotalCnt)
+                               TxErrorRatio = ((pEntry->OneSecTxRetryOkCount + pEntry->OneSecTxFailCount) * 100) / TxTotalCnt;
+               }
+
+               if (TxTotalCnt)
+               {
+                       /*
+                               Three AdHoc connections can not work normally if one AdHoc connection is disappeared from a heavy traffic environment generated by ping tool
+                               We force to set LongRtyLimit and ShortRtyLimit to 0 to stop retransmitting packet, after a while, resoring original settings
+                       */
+                       if (TxErrorRatio == 100)
+                       {
+                               TX_RTY_CFG_STRUC        TxRtyCfg,TxRtyCfgtmp;
+                               ULONG   Index;
+                               ULONG   MACValue;
+
+                               RTMP_IO_READ32(pAd, TX_RTY_CFG, &TxRtyCfg.word);
+                               TxRtyCfgtmp.word = TxRtyCfg.word;
+                               TxRtyCfg.field.LongRtyLimit = 0x0;
+                               TxRtyCfg.field.ShortRtyLimit = 0x0;
+                               RTMP_IO_WRITE32(pAd, TX_RTY_CFG, TxRtyCfg.word);
+
+                               RTMPusecDelay(1);
+
+                               Index = 0;
+                               MACValue = 0;
+                               do
+                               {
+                                       RTMP_IO_READ32(pAd, TXRXQ_PCNT, &MACValue);
+                                       if ((MACValue & 0xffffff) == 0)
+                                               break;
+                                       Index++;
+                                       RTMPusecDelay(1000);
+                               }while((Index < 330)&&(!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS)));
+
+                               RTMP_IO_READ32(pAd, TX_RTY_CFG, &TxRtyCfg.word);
+                               TxRtyCfg.field.LongRtyLimit = TxRtyCfgtmp.field.LongRtyLimit;
+                               TxRtyCfg.field.ShortRtyLimit = TxRtyCfgtmp.field.ShortRtyLimit;
+                               RTMP_IO_WRITE32(pAd, TX_RTY_CFG, TxRtyCfg.word);
+                       }
+               }
+
+               CurrRateIdx = pEntry->CurrTxRateIndex;
+
+               MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &InitTxRateIdx);
+
+               if (CurrRateIdx >= TableSize)
+               {
+                       CurrRateIdx = TableSize - 1;
+               }
+
+               // When switch from Fixed rate -> auto rate, the REAL TX rate might be different from pAd->CommonCfg.TxRateIndex.
+               // So need to sync here.
+               pCurrTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(CurrRateIdx+1)*5];
+               if ((pEntry->HTPhyMode.field.MCS != pCurrTxRate->CurrMCS)
+                       //&& (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
+                       )
+               {
+
+                       // Need to sync Real Tx rate and our record.
+                       // Then return for next DRS.
+                       pCurrTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(InitTxRateIdx+1)*5];
+                       pEntry->CurrTxRateIndex = InitTxRateIdx;
+                       MlmeSetTxRate(pAd, pEntry, pCurrTxRate);
+
+                       // reset all OneSecTx counters
+                       RESET_ONE_SEC_TX_CNT(pEntry);
+                       continue;
+               }
+
+               // decide the next upgrade rate and downgrade rate, if any
+               if ((CurrRateIdx > 0) && (CurrRateIdx < (TableSize - 1)))
+               {
+                       UpRateIdx = CurrRateIdx + 1;
+                       DownRateIdx = CurrRateIdx -1;
+               }
+               else if (CurrRateIdx == 0)
+               {
+                       UpRateIdx = CurrRateIdx + 1;
+                       DownRateIdx = CurrRateIdx;
+               }
+               else if (CurrRateIdx == (TableSize - 1))
+               {
+                       UpRateIdx = CurrRateIdx;
+                       DownRateIdx = CurrRateIdx - 1;
+               }
+
+               pCurrTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(CurrRateIdx+1)*5];
+
+#ifdef DOT11_N_SUPPORT
+               if ((Rssi > -65) && (pCurrTxRate->Mode >= MODE_HTMIX))
+               {
+                       TrainUp         = (pCurrTxRate->TrainUp + (pCurrTxRate->TrainUp >> 1));
+                       TrainDown       = (pCurrTxRate->TrainDown + (pCurrTxRate->TrainDown >> 1));
+               }
+               else
+#endif // DOT11_N_SUPPORT //
+               {
+                       TrainUp         = pCurrTxRate->TrainUp;
+                       TrainDown       = pCurrTxRate->TrainDown;
+               }
+
+               //pAd->DrsCounters.LastTimeTxRateChangeAction = pAd->DrsCounters.LastSecTxRateChangeAction;
+
+               //
+               // Keep the last time TxRateChangeAction status.
+               //
+               pEntry->LastTimeTxRateChangeAction = pEntry->LastSecTxRateChangeAction;
+
+
+
+               //
+               // CASE 1. when TX samples are fewer than 15, then decide TX rate solely on RSSI
+               //         (criteria copied from RT2500 for Netopia case)
+               //
+               if (TxTotalCnt <= 15)
+               {
+                       CHAR    idx = 0;
+                       UCHAR   TxRateIdx;
+                       UCHAR   MCS0 = 0, MCS1 = 0, MCS2 = 0, MCS3 = 0, MCS4 = 0,  MCS5 =0, MCS6 = 0, MCS7 = 0;
+               UCHAR   MCS12 = 0, MCS13 = 0, MCS14 = 0, MCS15 = 0;
+                       UCHAR   MCS20 = 0, MCS21 = 0, MCS22 = 0, MCS23 = 0; // 3*3
+
+                       // check the existence and index of each needed MCS
+                       while (idx < pTable[0])
+                       {
+                               pCurrTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(idx+1)*5];
+
+                               if (pCurrTxRate->CurrMCS == MCS_0)
+                               {
+                                       MCS0 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_1)
+                               {
+                                       MCS1 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_2)
+                               {
+                                       MCS2 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_3)
+                               {
+                                       MCS3 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_4)
+                               {
+                                       MCS4 = idx;
+                               }
+                   else if (pCurrTxRate->CurrMCS == MCS_5)
+                   {
+                       MCS5 = idx;
+                   }
+                   else if (pCurrTxRate->CurrMCS == MCS_6)
+                   {
+                       MCS6 = idx;
+                   }
+                               //else if (pCurrTxRate->CurrMCS == MCS_7)
+                               else if ((pCurrTxRate->CurrMCS == MCS_7) && (pCurrTxRate->ShortGI == GI_800))   // prevent the highest MCS using short GI when 1T and low throughput
+                               {
+                                       MCS7 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_12)
+                               {
+                                       MCS12 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_13)
+                               {
+                                       MCS13 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_14)
+                               {
+                                       MCS14 = idx;
+                               }
+                               //else if ((pCurrTxRate->CurrMCS == MCS_15)/* && (pCurrTxRate->ShortGI == GI_800)*/)    //we hope to use ShortGI as initial rate
+                               else if ((pCurrTxRate->CurrMCS == MCS_15) && (pCurrTxRate->ShortGI == GI_800))  //we hope to use ShortGI as initial rate, however Atheros's chip has bugs when short GI
+                               {
+                                       MCS15 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_20) // 3*3
+                               {
+                                       MCS20 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_21)
+                               {
+                                       MCS21 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_22)
+                               {
+                                       MCS22 = idx;
+                               }
+                               else if (pCurrTxRate->CurrMCS == MCS_23)
+                               {
+                                       MCS23 = idx;
+                               }
+                               idx ++;
+                       }
+
+                       if (pAd->LatchRfRegs.Channel <= 14)
+                       {
+                               if (pAd->NicConfig2.field.ExternalLNAForG)
+                               {
+                                       RssiOffset = 2;
+                               }
+                               else
+                               {
+                                       RssiOffset = 5;
+                               }
+                       }
+                       else
+                       {
+                               if (pAd->NicConfig2.field.ExternalLNAForA)
+                               {
+                                       RssiOffset = 5;
+                               }
+                               else
+                               {
+                                       RssiOffset = 8;
+                               }
+                       }
+#ifdef DOT11_N_SUPPORT
+                       /*if (MCS15)*/
+                       if ((pTable == RateSwitchTable11BGN3S) ||
+                               (pTable == RateSwitchTable11N3S) ||
+                               (pTable == RateSwitchTable))
+                       {// N mode with 3 stream // 3*3
+                               if (MCS23 && (Rssi >= -70))
+                                       TxRateIdx = MCS23;
+                               else if (MCS22 && (Rssi >= -72))
+                                       TxRateIdx = MCS22;
+                   else if (MCS21 && (Rssi >= -76))
+                                       TxRateIdx = MCS21;
+                               else if (MCS20 && (Rssi >= -78))
+                                       TxRateIdx = MCS20;
+                       else if (MCS4 && (Rssi >= -82))
+                               TxRateIdx = MCS4;
+                       else if (MCS3 && (Rssi >= -84))
+                               TxRateIdx = MCS3;
+                       else if (MCS2 && (Rssi >= -86))
+                               TxRateIdx = MCS2;
+                       else if (MCS1 && (Rssi >= -88))
+                               TxRateIdx = MCS1;
+                       else
+                               TxRateIdx = MCS0;
+               }
+//             else if ((pTable == RateSwitchTable11BGN2S) || (pTable == RateSwitchTable11BGN2SForABand) ||(pTable == RateSwitchTable11N2S) ||(pTable == RateSwitchTable11N2SForABand) || (pTable == RateSwitchTable))
+               else if ((pTable == RateSwitchTable11BGN2S) || (pTable == RateSwitchTable11BGN2SForABand) ||(pTable == RateSwitchTable11N2S) ||(pTable == RateSwitchTable11N2SForABand)) // 3*3
+                       {// N mode with 2 stream
+                               if (MCS15 && (Rssi >= (-70+RssiOffset)))
+                                       TxRateIdx = MCS15;
+                               else if (MCS14 && (Rssi >= (-72+RssiOffset)))
+                                       TxRateIdx = MCS14;
+                               else if (MCS13 && (Rssi >= (-76+RssiOffset)))
+                                       TxRateIdx = MCS13;
+                               else if (MCS12 && (Rssi >= (-78+RssiOffset)))
+                                       TxRateIdx = MCS12;
+                               else if (MCS4 && (Rssi >= (-82+RssiOffset)))
+                                       TxRateIdx = MCS4;
+                               else if (MCS3 && (Rssi >= (-84+RssiOffset)))
+                                       TxRateIdx = MCS3;
+                               else if (MCS2 && (Rssi >= (-86+RssiOffset)))
+                                       TxRateIdx = MCS2;
+                               else if (MCS1 && (Rssi >= (-88+RssiOffset)))
+                                       TxRateIdx = MCS1;
+                               else
+                                       TxRateIdx = MCS0;
+                       }
+                       else if ((pTable == RateSwitchTable11BGN1S) || (pTable == RateSwitchTable11N1S))
+                       {// N mode with 1 stream
+                               if (MCS7 && (Rssi > (-72+RssiOffset)))
+                                       TxRateIdx = MCS7;
+                               else if (MCS6 && (Rssi > (-74+RssiOffset)))
+                                       TxRateIdx = MCS6;
+                               else if (MCS5 && (Rssi > (-77+RssiOffset)))
+                                       TxRateIdx = MCS5;
+                               else if (MCS4 && (Rssi > (-79+RssiOffset)))
+                                       TxRateIdx = MCS4;
+                               else if (MCS3 && (Rssi > (-81+RssiOffset)))
+                                       TxRateIdx = MCS3;
+                               else if (MCS2 && (Rssi > (-83+RssiOffset)))
+                                       TxRateIdx = MCS2;
+                               else if (MCS1 && (Rssi > (-86+RssiOffset)))
+                                       TxRateIdx = MCS1;
+                               else
+                                       TxRateIdx = MCS0;
+                       }
+                       else
+#endif // DOT11_N_SUPPORT //
+                       {// Legacy mode
+                               if (MCS7 && (Rssi > -70))
+                                       TxRateIdx = MCS7;
+                               else if (MCS6 && (Rssi > -74))
+                                       TxRateIdx = MCS6;
+                               else if (MCS5 && (Rssi > -78))
+                                       TxRateIdx = MCS5;
+                               else if (MCS4 && (Rssi > -82))
+                                       TxRateIdx = MCS4;
+                               else if (MCS4 == 0)     // for B-only mode
+                                       TxRateIdx = MCS3;
+                               else if (MCS3 && (Rssi > -85))
+                                       TxRateIdx = MCS3;
+                               else if (MCS2 && (Rssi > -87))
+                                       TxRateIdx = MCS2;
+                               else if (MCS1 && (Rssi > -90))
+                                       TxRateIdx = MCS1;
+                               else
+                                       TxRateIdx = MCS0;
+                       }
+
+       //              if (TxRateIdx != pAd->CommonCfg.TxRateIndex)
+                       {
+                               pEntry->CurrTxRateIndex = TxRateIdx;
+                               pNextTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(pEntry->CurrTxRateIndex+1)*5];
+                               MlmeSetTxRate(pAd, pEntry, pNextTxRate);
+                       }
+
+                       NdisZeroMemory(pEntry->TxQuality, sizeof(USHORT) * MAX_STEP_OF_TX_RATE_SWITCH);
+                       NdisZeroMemory(pEntry->PER, sizeof(UCHAR) * MAX_STEP_OF_TX_RATE_SWITCH);
+                       pEntry->fLastSecAccordingRSSI = TRUE;
+                       // reset all OneSecTx counters
+                       RESET_ONE_SEC_TX_CNT(pEntry);
+
+                       continue;
+               }
+
+               if (pEntry->fLastSecAccordingRSSI == TRUE)
+               {
+                       pEntry->fLastSecAccordingRSSI = FALSE;
+                       pEntry->LastSecTxRateChangeAction = 0;
+                       // reset all OneSecTx counters
+                       RESET_ONE_SEC_TX_CNT(pEntry);
+
+                       continue;
+               }
+
+               do
+               {
+                       BOOLEAN bTrainUpDown = FALSE;
+
+                       pEntry->CurrTxRateStableTime ++;
+
+                       // downgrade TX quality if PER >= Rate-Down threshold
+                       if (TxErrorRatio >= TrainDown)
+                       {
+                               bTrainUpDown = TRUE;
+                               pEntry->TxQuality[CurrRateIdx] = DRS_TX_QUALITY_WORST_BOUND;
+                       }
+                       // upgrade TX quality if PER <= Rate-Up threshold
+                       else if (TxErrorRatio <= TrainUp)
+                       {
+                               bTrainUpDown = TRUE;
+                               bUpgradeQuality = TRUE;
+                               if (pEntry->TxQuality[CurrRateIdx])
+                                       pEntry->TxQuality[CurrRateIdx] --;  // quality very good in CurrRate
+
+                               if (pEntry->TxRateUpPenalty)
+                                       pEntry->TxRateUpPenalty --;
+                               else if (pEntry->TxQuality[UpRateIdx])
+                                       pEntry->TxQuality[UpRateIdx] --;    // may improve next UP rate's quality
+                       }
+
+                       pEntry->PER[CurrRateIdx] = (UCHAR)TxErrorRatio;
+
+                       if (bTrainUpDown)
+                       {
+                               // perform DRS - consider TxRate Down first, then rate up.
+                               if ((CurrRateIdx != DownRateIdx) && (pEntry->TxQuality[CurrRateIdx] >= DRS_TX_QUALITY_WORST_BOUND))
+                               {
+                                       pEntry->CurrTxRateIndex = DownRateIdx;
+                               }
+                               else if ((CurrRateIdx != UpRateIdx) && (pEntry->TxQuality[UpRateIdx] <= 0))
+                               {
+                                       pEntry->CurrTxRateIndex = UpRateIdx;
+                               }
+                       }
+               } while (FALSE);
+
+               // if rate-up happen, clear all bad history of all TX rates
+               if (pEntry->CurrTxRateIndex > CurrRateIdx)
+               {
+                       pEntry->CurrTxRateStableTime = 0;
+                       pEntry->TxRateUpPenalty = 0;
+                       pEntry->LastSecTxRateChangeAction = 1; // rate UP
+                       NdisZeroMemory(pEntry->TxQuality, sizeof(USHORT) * MAX_STEP_OF_TX_RATE_SWITCH);
+                       NdisZeroMemory(pEntry->PER, sizeof(UCHAR) * MAX_STEP_OF_TX_RATE_SWITCH);
+
+                       //
+                       // For TxRate fast train up
+                       //
+                       if (!pAd->StaCfg.StaQuickResponeForRateUpTimerRunning)
+                       {
+                               RTMPSetTimer(&pAd->StaCfg.StaQuickResponeForRateUpTimer, 100);
+
+                               pAd->StaCfg.StaQuickResponeForRateUpTimerRunning = TRUE;
+                       }
+                       bTxRateChanged = TRUE;
+               }
+               // if rate-down happen, only clear DownRate's bad history
+               else if (pEntry->CurrTxRateIndex < CurrRateIdx)
+               {
+                       pEntry->CurrTxRateStableTime = 0;
+                       pEntry->TxRateUpPenalty = 0;           // no penalty
+                       pEntry->LastSecTxRateChangeAction = 2; // rate DOWN
+                       pEntry->TxQuality[pEntry->CurrTxRateIndex] = 0;
+                       pEntry->PER[pEntry->CurrTxRateIndex] = 0;
+
+                       //
+                       // For TxRate fast train down
+                       //
+                       if (!pAd->StaCfg.StaQuickResponeForRateUpTimerRunning)
+                       {
+                               RTMPSetTimer(&pAd->StaCfg.StaQuickResponeForRateUpTimer, 100);
+
+                               pAd->StaCfg.StaQuickResponeForRateUpTimerRunning = TRUE;
+                       }
+                       bTxRateChanged = TRUE;
+               }
+               else
+               {
+                       pEntry->LastSecTxRateChangeAction = 0; // rate no change
+                       bTxRateChanged = FALSE;
+               }
+
+               pEntry->LastTxOkCount = TxSuccess;
+
+               {
+                       UCHAR tmpTxRate;
+
+                       // to fix tcp ack issue
+                       if (!bTxRateChanged && (pAd->RalinkCounters.OneSecReceivedByteCount > (pAd->RalinkCounters.OneSecTransmittedByteCount * 5)))
+                       {
+                               tmpTxRate = DownRateIdx;
+                               DBGPRINT_RAW(RT_DEBUG_TRACE,("DRS: Rx(%d) is 5 times larger than Tx(%d), use low rate (curr=%d, tmp=%d)\n",
+                                       pAd->RalinkCounters.OneSecReceivedByteCount, pAd->RalinkCounters.OneSecTransmittedByteCount, pEntry->CurrTxRateIndex, tmpTxRate));
+                       }
+                       else
+                       {
+                               tmpTxRate = pEntry->CurrTxRateIndex;
+                       }
+
+                       pNextTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(tmpTxRate+1)*5];
+                       if (bTxRateChanged && pNextTxRate)
+                       {
+                               MlmeSetTxRate(pAd, pEntry, pNextTxRate);
+                       }
+               }
+               // reset all OneSecTx counters
+               RESET_ONE_SEC_TX_CNT(pEntry);
+       }
+}
+
+/*
+       ========================================================================
+       Routine Description:
+               Station side, Auto TxRate faster train up timer call back function.
+
+       Arguments:
+               SystemSpecific1                 - Not used.
+               FunctionContext                 - Pointer to our Adapter context.
+               SystemSpecific2                 - Not used.
+               SystemSpecific3                 - Not used.
+
+       Return Value:
+               None
+
+       ========================================================================
+*/
+VOID StaQuickResponeForRateUpExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       PRTMP_ADAPTER                   pAd = (PRTMP_ADAPTER)FunctionContext;
+       UCHAR                                   UpRateIdx = 0, DownRateIdx = 0, CurrRateIdx = 0;
+       ULONG                                   TxTotalCnt;
+       ULONG                                   TxErrorRatio = 0;
+       BOOLEAN                                 bTxRateChanged; //, bUpgradeQuality = FALSE;
+       PRTMP_TX_RATE_SWITCH    pCurrTxRate, pNextTxRate = NULL;
+       PUCHAR                                  pTable;
+       UCHAR                                   TableSize = 0;
+       UCHAR                                   InitTxRateIdx = 0, TrainUp, TrainDown;
+       TX_STA_CNT1_STRUC               StaTx1;
+       TX_STA_CNT0_STRUC               TxStaCnt0;
+       CHAR                                    Rssi, ratio;
+       ULONG                                   TxRetransmit = 0, TxSuccess = 0, TxFailCount = 0;
+       MAC_TABLE_ENTRY                 *pEntry;
+       ULONG                                   i;
+
+       pAd->StaCfg.StaQuickResponeForRateUpTimerRunning = FALSE;
+
+    //
+    // walk through MAC table, see if need to change AP's TX rate toward each entry
+    //
+       for (i = 1; i < MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               pEntry = &pAd->MacTab.Content[i];
+
+               // check if this entry need to switch rate automatically
+               if (RTMPCheckEntryEnableAutoRateSwitch(pAd, pEntry) == FALSE)
+                       continue;
+
+               if (INFRA_ON(pAd) && (i == 1))
+                       Rssi = RTMPMaxRssi(pAd,
+                                                          pAd->StaCfg.RssiSample.AvgRssi0,
+                                                          pAd->StaCfg.RssiSample.AvgRssi1,
+                                                          pAd->StaCfg.RssiSample.AvgRssi2);
+               else
+                       Rssi = RTMPMaxRssi(pAd,
+                                                          pEntry->RssiSample.AvgRssi0,
+                                                          pEntry->RssiSample.AvgRssi1,
+                                                          pEntry->RssiSample.AvgRssi2);
+
+       CurrRateIdx = pAd->CommonCfg.TxRateIndex;
+
+                       MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &InitTxRateIdx);
+
+       // decide the next upgrade rate and downgrade rate, if any
+       if ((CurrRateIdx > 0) && (CurrRateIdx < (TableSize - 1)))
+       {
+               UpRateIdx = CurrRateIdx + 1;
+               DownRateIdx = CurrRateIdx -1;
+       }
+       else if (CurrRateIdx == 0)
+       {
+               UpRateIdx = CurrRateIdx + 1;
+               DownRateIdx = CurrRateIdx;
+       }
+       else if (CurrRateIdx == (TableSize - 1))
+       {
+               UpRateIdx = CurrRateIdx;
+               DownRateIdx = CurrRateIdx - 1;
+       }
+
+       pCurrTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(CurrRateIdx+1)*5];
+
+#ifdef DOT11_N_SUPPORT
+       if ((Rssi > -65) && (pCurrTxRate->Mode >= MODE_HTMIX))
+       {
+               TrainUp         = (pCurrTxRate->TrainUp + (pCurrTxRate->TrainUp >> 1));
+               TrainDown       = (pCurrTxRate->TrainDown + (pCurrTxRate->TrainDown >> 1));
+       }
+       else
+#endif // DOT11_N_SUPPORT //
+       {
+               TrainUp         = pCurrTxRate->TrainUp;
+               TrainDown       = pCurrTxRate->TrainDown;
+       }
+
+               if (pAd->MacTab.Size == 1)
+               {
+       // Update statistic counter
+       RTMP_IO_READ32(pAd, TX_STA_CNT0, &TxStaCnt0.word);
+       RTMP_IO_READ32(pAd, TX_STA_CNT1, &StaTx1.word);
+
+       TxRetransmit = StaTx1.field.TxRetransmit;
+       TxSuccess = StaTx1.field.TxSuccess;
+       TxFailCount = TxStaCnt0.field.TxFailCount;
+       TxTotalCnt = TxRetransmit + TxSuccess + TxFailCount;
+
+       pAd->RalinkCounters.OneSecTxRetryOkCount += StaTx1.field.TxRetransmit;
+       pAd->RalinkCounters.OneSecTxNoRetryOkCount += StaTx1.field.TxSuccess;
+       pAd->RalinkCounters.OneSecTxFailCount += TxStaCnt0.field.TxFailCount;
+                       pAd->WlanCounters.TransmittedFragmentCount.u.LowPart += StaTx1.field.TxSuccess;
+                       pAd->WlanCounters.RetryCount.u.LowPart += StaTx1.field.TxRetransmit;
+                       pAd->WlanCounters.FailedCount.u.LowPart += TxStaCnt0.field.TxFailCount;
+
+       if (TxTotalCnt)
+               TxErrorRatio = ((TxRetransmit + TxFailCount) * 100) / TxTotalCnt;
+               }
+               else
+               {
+                       TxTotalCnt = pEntry->OneSecTxNoRetryOkCount +
+                                pEntry->OneSecTxRetryOkCount +
+                                pEntry->OneSecTxFailCount;
+
+                       if (TxTotalCnt)
+                               TxErrorRatio = ((pEntry->OneSecTxRetryOkCount + pEntry->OneSecTxFailCount) * 100) / TxTotalCnt;
+               }
+
+
+       //
+       // CASE 1. when TX samples are fewer than 15, then decide TX rate solely on RSSI
+       //         (criteria copied from RT2500 for Netopia case)
+       //
+       if (TxTotalCnt <= 12)
+       {
+               NdisZeroMemory(pAd->DrsCounters.TxQuality, sizeof(USHORT) * MAX_STEP_OF_TX_RATE_SWITCH);
+               NdisZeroMemory(pAd->DrsCounters.PER, sizeof(UCHAR) * MAX_STEP_OF_TX_RATE_SWITCH);
+
+               if ((pAd->DrsCounters.LastSecTxRateChangeAction == 1) && (CurrRateIdx != DownRateIdx))
+               {
+                       pAd->CommonCfg.TxRateIndex = DownRateIdx;
+                       pAd->DrsCounters.TxQuality[CurrRateIdx] = DRS_TX_QUALITY_WORST_BOUND;
+               }
+               else if ((pAd->DrsCounters.LastSecTxRateChangeAction == 2) && (CurrRateIdx != UpRateIdx))
+               {
+                       pAd->CommonCfg.TxRateIndex = UpRateIdx;
+               }
+
+               DBGPRINT_RAW(RT_DEBUG_TRACE,("QuickDRS: TxTotalCnt <= 15, train back to original rate \n"));
+               return;
+       }
+
+       do
+       {
+               ULONG OneSecTxNoRetryOKRationCount;
+
+               if (pAd->DrsCounters.LastTimeTxRateChangeAction == 0)
+                       ratio = 5;
+               else
+                       ratio = 4;
+
+               // downgrade TX quality if PER >= Rate-Down threshold
+               if (TxErrorRatio >= TrainDown)
+               {
+                       pAd->DrsCounters.TxQuality[CurrRateIdx] = DRS_TX_QUALITY_WORST_BOUND;
+               }
+
+               pAd->DrsCounters.PER[CurrRateIdx] = (UCHAR)TxErrorRatio;
+
+               OneSecTxNoRetryOKRationCount = (TxSuccess * ratio);
+
+               // perform DRS - consider TxRate Down first, then rate up.
+               if ((pAd->DrsCounters.LastSecTxRateChangeAction == 1) && (CurrRateIdx != DownRateIdx))
+               {
+                       if ((pAd->DrsCounters.LastTxOkCount + 2) >= OneSecTxNoRetryOKRationCount)
+               {
+                       pAd->CommonCfg.TxRateIndex = DownRateIdx;
+                               pAd->DrsCounters.TxQuality[CurrRateIdx] = DRS_TX_QUALITY_WORST_BOUND;
+
+                       }
+
+               }
+               else if ((pAd->DrsCounters.LastSecTxRateChangeAction == 2) && (CurrRateIdx != UpRateIdx))
+               {
+                       if ((TxErrorRatio >= 50) || (TxErrorRatio >= TrainDown))
+                       {
+
+                       }
+                       else if ((pAd->DrsCounters.LastTxOkCount + 2) >= OneSecTxNoRetryOKRationCount)
+                       {
+                               pAd->CommonCfg.TxRateIndex = UpRateIdx;
+                       }
+               }
+       }while (FALSE);
+
+       // if rate-up happen, clear all bad history of all TX rates
+       if (pAd->CommonCfg.TxRateIndex > CurrRateIdx)
+       {
+               pAd->DrsCounters.TxRateUpPenalty = 0;
+               NdisZeroMemory(pAd->DrsCounters.TxQuality, sizeof(USHORT) * MAX_STEP_OF_TX_RATE_SWITCH);
+               NdisZeroMemory(pAd->DrsCounters.PER, sizeof(UCHAR) * MAX_STEP_OF_TX_RATE_SWITCH);
+                       bTxRateChanged = TRUE;
+       }
+       // if rate-down happen, only clear DownRate's bad history
+       else if (pAd->CommonCfg.TxRateIndex < CurrRateIdx)
+       {
+               DBGPRINT_RAW(RT_DEBUG_TRACE,("QuickDRS: --TX rate from %d to %d \n", CurrRateIdx, pAd->CommonCfg.TxRateIndex));
+
+               pAd->DrsCounters.TxRateUpPenalty = 0;           // no penalty
+               pAd->DrsCounters.TxQuality[pAd->CommonCfg.TxRateIndex] = 0;
+               pAd->DrsCounters.PER[pAd->CommonCfg.TxRateIndex] = 0;
+                       bTxRateChanged = TRUE;
+       }
+       else
+       {
+               bTxRateChanged = FALSE;
+       }
+
+       pNextTxRate = (PRTMP_TX_RATE_SWITCH) &pTable[(pAd->CommonCfg.TxRateIndex+1)*5];
+       if (bTxRateChanged && pNextTxRate)
+       {
+                       MlmeSetTxRate(pAd, pEntry, pNextTxRate);
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               This routine is executed periodically inside MlmePeriodicExec() after
+               association with an AP.
+               It checks if StaCfg.Psm is consistent with user policy (recorded in
+               StaCfg.WindowsPowerMode). If not, enforce user policy. However,
+               there're some conditions to consider:
+               1. we don't support power-saving in ADHOC mode, so Psm=PWR_ACTIVE all
+                  the time when Mibss==TRUE
+               2. When link up in INFRA mode, Psm should not be switch to PWR_SAVE
+                  if outgoing traffic available in TxRing or MgmtRing.
+       Output:
+               1. change pAd->StaCfg.Psm to PWR_SAVE or leave it untouched
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeCheckPsmChange(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG        Now32)
+{
+       ULONG   PowerMode;
+
+       // condition -
+       // 1. Psm maybe ON only happen in INFRASTRUCTURE mode
+       // 2. user wants either MAX_PSP or FAST_PSP
+       // 3. but current psm is not in PWR_SAVE
+       // 4. CNTL state machine is not doing SCANning
+       // 5. no TX SUCCESS event for the past 1-sec period
+       PowerMode = pAd->StaCfg.WindowsPowerMode;
+
+       if (INFRA_ON(pAd) &&
+               (PowerMode != Ndis802_11PowerModeCAM) &&
+               (pAd->StaCfg.Psm == PWR_ACTIVE) &&
+//             (! RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+               (pAd->Mlme.CntlMachine.CurrState == CNTL_IDLE)&&
+               RTMP_TEST_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP)
+                /*&&
+               (pAd->RalinkCounters.OneSecTxNoRetryOkCount == 0) &&
+               (pAd->RalinkCounters.OneSecTxRetryOkCount == 0)*/)
+       {
+               NdisGetSystemUpTime(&pAd->Mlme.LastSendNULLpsmTime);
+               pAd->RalinkCounters.RxCountSinceLastNULL = 0;
+               RTMP_SET_PSM_BIT(pAd, PWR_SAVE);
+               if (!(pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable))
+               {
+                       RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, FALSE);
+               }
+               else
+               {
+                       RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE);
+               }
+       }
+}
+
+// IRQL = PASSIVE_LEVEL
+// IRQL = DISPATCH_LEVEL
+VOID MlmeSetPsmBit(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT psm)
+{
+       AUTO_RSP_CFG_STRUC csr4;
+
+       pAd->StaCfg.Psm = psm;
+       RTMP_IO_READ32(pAd, AUTO_RSP_CFG, &csr4.word);
+       csr4.field.AckCtsPsmBit = (psm == PWR_SAVE)? 1:0;
+       RTMP_IO_WRITE32(pAd, AUTO_RSP_CFG, csr4.word);
+       DBGPRINT(RT_DEBUG_TRACE, ("MlmeSetPsmBit = %d\n", psm));
+}
+#endif // CONFIG_STA_SUPPORT //
+
+/*
+       ==========================================================================
+       Description:
+               This routine calculates TxPER, RxPER of the past N-sec period. And
+               according to the calculation result, ChannelQuality is calculated here
+               to decide if current AP is still doing the job.
+
+               If ChannelQuality is not good, a ROAMing attempt may be tried later.
+       Output:
+               StaCfg.ChannelQuality - 0..100
+
+       IRQL = DISPATCH_LEVEL
+
+       NOTE: This routine decide channle quality based on RX CRC error ratio.
+               Caller should make sure a function call to NICUpdateRawCounters(pAd)
+               is performed right before this routine, so that this routine can decide
+               channel quality based on the most up-to-date information
+       ==========================================================================
+ */
+VOID MlmeCalculateChannelQuality(
+       IN PRTMP_ADAPTER pAd,
+       IN PMAC_TABLE_ENTRY pMacEntry,
+       IN ULONG Now32)
+{
+       ULONG TxOkCnt, TxCnt, TxPER, TxPRR;
+       ULONG RxCnt, RxPER;
+       UCHAR NorRssi;
+       CHAR  MaxRssi;
+       RSSI_SAMPLE *pRssiSample = NULL;
+       UINT32 OneSecTxNoRetryOkCount = 0;
+       UINT32 OneSecTxRetryOkCount = 0;
+       UINT32 OneSecTxFailCount = 0;
+       UINT32 OneSecRxOkCnt = 0;
+       UINT32 OneSecRxFcsErrCnt = 0;
+       ULONG ChannelQuality = 0;  // 0..100, Channel Quality Indication for Roaming
+#ifdef CONFIG_STA_SUPPORT
+       ULONG BeaconLostTime = pAd->StaCfg.BeaconLostTime;
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+       // longer beacon lost time when carrier detection enabled
+       if (pAd->CommonCfg.CarrierDetect.Enable == TRUE)
+       {
+               BeaconLostTime = pAd->StaCfg.BeaconLostTime + (pAd->StaCfg.BeaconLostTime/2);
+       }
+#endif // CARRIER_DETECTION_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+       {
+               pRssiSample = &pAd->StaCfg.RssiSample;
+               OneSecTxNoRetryOkCount = pAd->RalinkCounters.OneSecTxNoRetryOkCount;
+               OneSecTxRetryOkCount = pAd->RalinkCounters.OneSecTxRetryOkCount;
+               OneSecTxFailCount = pAd->RalinkCounters.OneSecTxFailCount;
+               OneSecRxOkCnt = pAd->RalinkCounters.OneSecRxOkCnt;
+               OneSecRxFcsErrCnt = pAd->RalinkCounters.OneSecRxFcsErrCnt;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       MaxRssi = RTMPMaxRssi(pAd, pRssiSample->LastRssi0,
+                                                               pRssiSample->LastRssi1,
+                                                               pRssiSample->LastRssi2);
+
+       //
+       // calculate TX packet error ratio and TX retry ratio - if too few TX samples, skip TX related statistics
+       //
+       TxOkCnt = OneSecTxNoRetryOkCount + OneSecTxRetryOkCount;
+       TxCnt = TxOkCnt + OneSecTxFailCount;
+       if (TxCnt < 5)
+       {
+               TxPER = 0;
+               TxPRR = 0;
+       }
+       else
+       {
+               TxPER = (OneSecTxFailCount * 100) / TxCnt;
+               TxPRR = ((TxCnt - OneSecTxNoRetryOkCount) * 100) / TxCnt;
+       }
+
+       //
+       // calculate RX PER - don't take RxPER into consideration if too few sample
+       //
+       RxCnt = OneSecRxOkCnt + OneSecRxFcsErrCnt;
+       if (RxCnt < 5)
+               RxPER = 0;
+       else
+               RxPER = (OneSecRxFcsErrCnt * 100) / RxCnt;
+
+       //
+       // decide ChannelQuality based on: 1)last BEACON received time, 2)last RSSI, 3)TxPER, and 4)RxPER
+       //
+#ifdef CONFIG_STA_SUPPORT
+       if ((pAd->OpMode == OPMODE_STA) &&
+               INFRA_ON(pAd) &&
+               (OneSecTxNoRetryOkCount < 2) && // no heavy traffic
+               ((pAd->StaCfg.LastBeaconRxTime + BeaconLostTime) < Now32))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("BEACON lost > %ld msec with TxOkCnt=%ld -> CQI=0\n", BeaconLostTime, TxOkCnt));
+               ChannelQuality = 0;
+       }
+       else
+#endif // CONFIG_STA_SUPPORT //
+       {
+               // Normalize Rssi
+               if (MaxRssi > -40)
+                       NorRssi = 100;
+               else if (MaxRssi < -90)
+                       NorRssi = 0;
+               else
+                       NorRssi = (MaxRssi + 90) * 2;
+
+               // ChannelQuality = W1*RSSI + W2*TxPRR + W3*RxPER        (RSSI 0..100), (TxPER 100..0), (RxPER 100..0)
+               ChannelQuality = (RSSI_WEIGHTING * NorRssi +
+                                                                  TX_WEIGHTING * (100 - TxPRR) +
+                                                                  RX_WEIGHTING* (100 - RxPER)) / 100;
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+               pAd->Mlme.ChannelQuality = (ChannelQuality > 100) ? 100 : ChannelQuality;
+#endif // CONFIG_STA_SUPPORT //
+
+
+}
+
+
+// IRQL = DISPATCH_LEVEL
+VOID MlmeSetTxPreamble(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT TxPreamble)
+{
+       AUTO_RSP_CFG_STRUC csr4;
+
+       //
+       // Always use Long preamble before verifiation short preamble functionality works well.
+       // Todo: remove the following line if short preamble functionality works
+       //
+       //TxPreamble = Rt802_11PreambleLong;
+
+       RTMP_IO_READ32(pAd, AUTO_RSP_CFG, &csr4.word);
+       if (TxPreamble == Rt802_11PreambleLong)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("MlmeSetTxPreamble (= LONG PREAMBLE)\n"));
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+               csr4.field.AutoResponderPreamble = 0;
+       }
+       else
+       {
+               // NOTE: 1Mbps should always use long preamble
+               DBGPRINT(RT_DEBUG_TRACE, ("MlmeSetTxPreamble (= SHORT PREAMBLE)\n"));
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+               csr4.field.AutoResponderPreamble = 1;
+       }
+
+       RTMP_IO_WRITE32(pAd, AUTO_RSP_CFG, csr4.word);
+}
+
+/*
+    ==========================================================================
+    Description:
+        Update basic rate bitmap
+    ==========================================================================
+ */
+
+VOID UpdateBasicRateBitmap(
+    IN  PRTMP_ADAPTER   pAdapter)
+{
+    INT  i, j;
+                  /* 1  2  5.5, 11,  6,  9, 12, 18, 24, 36, 48,  54 */
+    UCHAR rate[] = { 2, 4,  11, 22, 12, 18, 24, 36, 48, 72, 96, 108 };
+    UCHAR *sup_p = pAdapter->CommonCfg.SupRate;
+    UCHAR *ext_p = pAdapter->CommonCfg.ExtRate;
+    ULONG bitmap = pAdapter->CommonCfg.BasicRateBitmap;
+
+
+    /* if A mode, always use fix BasicRateBitMap */
+    //if (pAdapter->CommonCfg.Channel == PHY_11A)
+       if (pAdapter->CommonCfg.Channel > 14)
+        pAdapter->CommonCfg.BasicRateBitmap = 0x150; /* 6, 12, 24M */
+    /* End of if */
+
+    if (pAdapter->CommonCfg.BasicRateBitmap > 4095)
+    {
+        /* (2 ^ MAX_LEN_OF_SUPPORTED_RATES) -1 */
+        return;
+    } /* End of if */
+
+    for(i=0; i<MAX_LEN_OF_SUPPORTED_RATES; i++)
+    {
+        sup_p[i] &= 0x7f;
+        ext_p[i] &= 0x7f;
+    } /* End of for */
+
+    for(i=0; i<MAX_LEN_OF_SUPPORTED_RATES; i++)
+    {
+        if (bitmap & (1 << i))
+        {
+            for(j=0; j<MAX_LEN_OF_SUPPORTED_RATES; j++)
+            {
+                if (sup_p[j] == rate[i])
+                    sup_p[j] |= 0x80;
+                /* End of if */
+            } /* End of for */
+
+            for(j=0; j<MAX_LEN_OF_SUPPORTED_RATES; j++)
+            {
+                if (ext_p[j] == rate[i])
+                    ext_p[j] |= 0x80;
+                /* End of if */
+            } /* End of for */
+        } /* End of if */
+    } /* End of for */
+} /* End of UpdateBasicRateBitmap */
+
+// IRQL = PASSIVE_LEVEL
+// IRQL = DISPATCH_LEVEL
+// bLinkUp is to identify the inital link speed.
+// TRUE indicates the rate update at linkup, we should not try to set the rate at 54Mbps.
+VOID MlmeUpdateTxRates(
+       IN PRTMP_ADAPTER                pAd,
+       IN      BOOLEAN                         bLinkUp,
+       IN      UCHAR                           apidx)
+{
+       int i, num;
+       UCHAR Rate = RATE_6, MaxDesire = RATE_1, MaxSupport = RATE_1;
+       UCHAR MinSupport = RATE_54;
+       ULONG BasicRateBitmap = 0;
+       UCHAR CurrBasicRate = RATE_1;
+       UCHAR *pSupRate, SupRateLen, *pExtRate, ExtRateLen;
+       PHTTRANSMIT_SETTING             pHtPhy = NULL;
+       PHTTRANSMIT_SETTING             pMaxHtPhy = NULL;
+       PHTTRANSMIT_SETTING             pMinHtPhy = NULL;
+       BOOLEAN                                 *auto_rate_cur_p;
+       UCHAR                                   HtMcs = MCS_AUTO;
+
+       // find max desired rate
+       UpdateBasicRateBitmap(pAd);
+
+       num = 0;
+       auto_rate_cur_p = NULL;
+       for (i=0; i<MAX_LEN_OF_SUPPORTED_RATES; i++)
+       {
+               switch (pAd->CommonCfg.DesireRate[i] & 0x7f)
+               {
+                       case 2:  Rate = RATE_1;   num++;   break;
+                       case 4:  Rate = RATE_2;   num++;   break;
+                       case 11: Rate = RATE_5_5; num++;   break;
+                       case 22: Rate = RATE_11;  num++;   break;
+                       case 12: Rate = RATE_6;   num++;   break;
+                       case 18: Rate = RATE_9;   num++;   break;
+                       case 24: Rate = RATE_12;  num++;   break;
+                       case 36: Rate = RATE_18;  num++;   break;
+                       case 48: Rate = RATE_24;  num++;   break;
+                       case 72: Rate = RATE_36;  num++;   break;
+                       case 96: Rate = RATE_48;  num++;   break;
+                       case 108: Rate = RATE_54; num++;   break;
+                       //default: Rate = RATE_1;   break;
+               }
+               if (MaxDesire < Rate)  MaxDesire = Rate;
+       }
+
+//===========================================================================
+//===========================================================================
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pHtPhy          = &pAd->StaCfg.HTPhyMode;
+               pMaxHtPhy       = &pAd->StaCfg.MaxHTPhyMode;
+               pMinHtPhy       = &pAd->StaCfg.MinHTPhyMode;
+
+               auto_rate_cur_p = &pAd->StaCfg.bAutoTxRateSwitch;
+               HtMcs           = pAd->StaCfg.DesiredTransmitSetting.field.MCS;
+
+               if ((pAd->StaCfg.BssType == BSS_ADHOC) &&
+                       (pAd->CommonCfg.PhyMode == PHY_11B) &&
+               (MaxDesire > RATE_11))
+               {
+                       MaxDesire = RATE_11;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       pAd->CommonCfg.MaxDesiredRate = MaxDesire;
+       pMinHtPhy->word = 0;
+       pMaxHtPhy->word = 0;
+       pHtPhy->word = 0;
+
+       // Auto rate switching is enabled only if more than one DESIRED RATES are
+       // specified; otherwise disabled
+       if (num <= 1)
+       {
+               //OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED);
+               //pAd->CommonCfg.bAutoTxRateSwitch      = FALSE;
+               *auto_rate_cur_p = FALSE;
+       }
+       else
+       {
+               //OPSTATUS_SET_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED);
+               //pAd->CommonCfg.bAutoTxRateSwitch      = TRUE;
+               *auto_rate_cur_p = TRUE;
+       }
+
+       if (HtMcs != MCS_AUTO)
+       {
+               //OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED);
+               //pAd->CommonCfg.bAutoTxRateSwitch      = FALSE;
+               *auto_rate_cur_p = FALSE;
+       }
+       else
+       {
+               //OPSTATUS_SET_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED);
+               //pAd->CommonCfg.bAutoTxRateSwitch      = TRUE;
+               *auto_rate_cur_p = TRUE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       if ((ADHOC_ON(pAd) || INFRA_ON(pAd)) && (pAd->OpMode == OPMODE_STA))
+       {
+               pSupRate = &pAd->StaActive.SupRate[0];
+               pExtRate = &pAd->StaActive.ExtRate[0];
+               SupRateLen = pAd->StaActive.SupRateLen;
+               ExtRateLen = pAd->StaActive.ExtRateLen;
+       }
+       else
+#endif // CONFIG_STA_SUPPORT //
+       {
+               pSupRate = &pAd->CommonCfg.SupRate[0];
+               pExtRate = &pAd->CommonCfg.ExtRate[0];
+               SupRateLen = pAd->CommonCfg.SupRateLen;
+               ExtRateLen = pAd->CommonCfg.ExtRateLen;
+       }
+
+       // find max supported rate
+       for (i=0; i<SupRateLen; i++)
+       {
+               switch (pSupRate[i] & 0x7f)
+               {
+                       case 2:   Rate = RATE_1;        if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0001;       break;
+                       case 4:   Rate = RATE_2;        if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0002;       break;
+                       case 11:  Rate = RATE_5_5;      if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0004;       break;
+                       case 22:  Rate = RATE_11;       if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0008;       break;
+                       case 12:  Rate = RATE_6;        /*if (pSupRate[i] & 0x80)*/  BasicRateBitmap |= 0x0010;  break;
+                       case 18:  Rate = RATE_9;        if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0020;       break;
+                       case 24:  Rate = RATE_12;       /*if (pSupRate[i] & 0x80)*/  BasicRateBitmap |= 0x0040;  break;
+                       case 36:  Rate = RATE_18;       if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0080;       break;
+                       case 48:  Rate = RATE_24;       /*if (pSupRate[i] & 0x80)*/  BasicRateBitmap |= 0x0100;  break;
+                       case 72:  Rate = RATE_36;       if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0200;       break;
+                       case 96:  Rate = RATE_48;       if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0400;       break;
+                       case 108: Rate = RATE_54;       if (pSupRate[i] & 0x80) BasicRateBitmap |= 0x0800;       break;
+                       default:  Rate = RATE_1;        break;
+               }
+               if (MaxSupport < Rate)  MaxSupport = Rate;
+
+               if (MinSupport > Rate) MinSupport = Rate;
+       }
+
+       for (i=0; i<ExtRateLen; i++)
+       {
+               switch (pExtRate[i] & 0x7f)
+               {
+                       case 2:   Rate = RATE_1;        if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0001;       break;
+                       case 4:   Rate = RATE_2;        if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0002;       break;
+                       case 11:  Rate = RATE_5_5;      if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0004;       break;
+                       case 22:  Rate = RATE_11;       if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0008;       break;
+                       case 12:  Rate = RATE_6;        /*if (pExtRate[i] & 0x80)*/  BasicRateBitmap |= 0x0010;  break;
+                       case 18:  Rate = RATE_9;        if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0020;       break;
+                       case 24:  Rate = RATE_12;       /*if (pExtRate[i] & 0x80)*/  BasicRateBitmap |= 0x0040;  break;
+                       case 36:  Rate = RATE_18;       if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0080;       break;
+                       case 48:  Rate = RATE_24;       /*if (pExtRate[i] & 0x80)*/  BasicRateBitmap |= 0x0100;  break;
+                       case 72:  Rate = RATE_36;       if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0200;       break;
+                       case 96:  Rate = RATE_48;       if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0400;       break;
+                       case 108: Rate = RATE_54;       if (pExtRate[i] & 0x80) BasicRateBitmap |= 0x0800;       break;
+                       default:  Rate = RATE_1;        break;
+               }
+               if (MaxSupport < Rate)  MaxSupport = Rate;
+
+               if (MinSupport > Rate) MinSupport = Rate;
+       }
+
+       RTMP_IO_WRITE32(pAd, LEGACY_BASIC_RATE, BasicRateBitmap);
+
+       // bug fix
+       // pAd->CommonCfg.BasicRateBitmap = BasicRateBitmap;
+
+       // calculate the exptected ACK rate for each TX rate. This info is used to caculate
+       // the DURATION field of outgoing uniicast DATA/MGMT frame
+       for (i=0; i<MAX_LEN_OF_SUPPORTED_RATES; i++)
+       {
+               if (BasicRateBitmap & (0x01 << i))
+                       CurrBasicRate = (UCHAR)i;
+               pAd->CommonCfg.ExpectedACKRate[i] = CurrBasicRate;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("MlmeUpdateTxRates[MaxSupport = %d] = MaxDesire %d Mbps\n", RateIdToMbps[MaxSupport], RateIdToMbps[MaxDesire]));
+       // max tx rate = min {max desire rate, max supported rate}
+       if (MaxSupport < MaxDesire)
+               pAd->CommonCfg.MaxTxRate = MaxSupport;
+       else
+               pAd->CommonCfg.MaxTxRate = MaxDesire;
+
+       pAd->CommonCfg.MinTxRate = MinSupport;
+       // 2003-07-31 john - 2500 doesn't have good sensitivity at high OFDM rates. to increase the success
+       // ratio of initial DHCP packet exchange, TX rate starts from a lower rate depending
+       // on average RSSI
+       //       1. RSSI >= -70db, start at 54 Mbps (short distance)
+       //       2. -70 > RSSI >= -75, start at 24 Mbps (mid distance)
+       //       3. -75 > RSSI, start at 11 Mbps (long distance)
+       //if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED)/* &&
+       //      OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED)*/)
+       if (*auto_rate_cur_p)
+       {
+               short dbm = 0;
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       dbm = pAd->StaCfg.RssiSample.AvgRssi0 - pAd->BbpRssiToDbmDelta;
+#endif // CONFIG_STA_SUPPORT //
+               if (bLinkUp == TRUE)
+                       pAd->CommonCfg.TxRate = RATE_24;
+               else
+                       pAd->CommonCfg.TxRate = pAd->CommonCfg.MaxTxRate;
+
+               if (dbm < -75)
+                       pAd->CommonCfg.TxRate = RATE_11;
+               else if (dbm < -70)
+                       pAd->CommonCfg.TxRate = RATE_24;
+
+               // should never exceed MaxTxRate (consider 11B-only mode)
+               if (pAd->CommonCfg.TxRate > pAd->CommonCfg.MaxTxRate)
+                       pAd->CommonCfg.TxRate = pAd->CommonCfg.MaxTxRate;
+
+               pAd->CommonCfg.TxRateIndex = 0;
+       }
+       else
+       {
+               pAd->CommonCfg.TxRate = pAd->CommonCfg.MaxTxRate;
+               pHtPhy->field.MCS       = (pAd->CommonCfg.MaxTxRate > 3) ? (pAd->CommonCfg.MaxTxRate - 4) : pAd->CommonCfg.MaxTxRate;
+               pHtPhy->field.MODE      = (pAd->CommonCfg.MaxTxRate > 3) ? MODE_OFDM : MODE_CCK;
+
+               pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.STBC    = pHtPhy->field.STBC;
+               pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.ShortGI = pHtPhy->field.ShortGI;
+               pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MCS             = pHtPhy->field.MCS;
+               pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE    = pHtPhy->field.MODE;
+       }
+
+       if (pAd->CommonCfg.TxRate <= RATE_11)
+       {
+               pMaxHtPhy->field.MODE = MODE_CCK;
+               pMaxHtPhy->field.MCS = pAd->CommonCfg.TxRate;
+               pMinHtPhy->field.MCS = pAd->CommonCfg.MinTxRate;
+       }
+       else
+       {
+               pMaxHtPhy->field.MODE = MODE_OFDM;
+               pMaxHtPhy->field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.TxRate];
+               if (pAd->CommonCfg.MinTxRate >= RATE_6 && (pAd->CommonCfg.MinTxRate <= RATE_54))
+                       {pMinHtPhy->field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MinTxRate];}
+               else
+                       {pMinHtPhy->field.MCS = pAd->CommonCfg.MinTxRate;}
+       }
+
+       pHtPhy->word = (pMaxHtPhy->word);
+       if (bLinkUp && (pAd->OpMode == OPMODE_STA))
+       {
+                       pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word = pHtPhy->word;
+                       pAd->MacTab.Content[BSSID_WCID].MaxHTPhyMode.word = pMaxHtPhy->word;
+                       pAd->MacTab.Content[BSSID_WCID].MinHTPhyMode.word = pMinHtPhy->word;
+       }
+       else
+       {
+               switch (pAd->CommonCfg.PhyMode)
+               {
+                       case PHY_11BG_MIXED:
+                       case PHY_11B:
+#ifdef DOT11_N_SUPPORT
+                       case PHY_11BGN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                               pAd->CommonCfg.MlmeRate = RATE_1;
+                               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_CCK;
+                               pAd->CommonCfg.MlmeTransmit.field.MCS = RATE_1;
+
+//#ifdef       WIFI_TEST
+                               pAd->CommonCfg.RtsRate = RATE_11;
+//#else
+//                             pAd->CommonCfg.RtsRate = RATE_1;
+//#endif
+                               break;
+                       case PHY_11G:
+                       case PHY_11A:
+#ifdef DOT11_N_SUPPORT
+                       case PHY_11AGN_MIXED:
+                       case PHY_11GN_MIXED:
+                       case PHY_11N_2_4G:
+                       case PHY_11AN_MIXED:
+                       case PHY_11N_5G:
+#endif // DOT11_N_SUPPORT //
+                               pAd->CommonCfg.MlmeRate = RATE_6;
+                               pAd->CommonCfg.RtsRate = RATE_6;
+                               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+                               pAd->CommonCfg.MlmeTransmit.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+                               break;
+                       case PHY_11ABG_MIXED:
+#ifdef DOT11_N_SUPPORT
+                       case PHY_11ABGN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                               if (pAd->CommonCfg.Channel <= 14)
+                               {
+                                       pAd->CommonCfg.MlmeRate = RATE_1;
+                                       pAd->CommonCfg.RtsRate = RATE_1;
+                                       pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_CCK;
+                                       pAd->CommonCfg.MlmeTransmit.field.MCS = RATE_1;
+                               }
+                               else
+                               {
+                                       pAd->CommonCfg.MlmeRate = RATE_6;
+                                       pAd->CommonCfg.RtsRate = RATE_6;
+                                       pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+                                       pAd->CommonCfg.MlmeTransmit.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+                               }
+                               break;
+                       default: // error
+                               pAd->CommonCfg.MlmeRate = RATE_6;
+                               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+                               pAd->CommonCfg.MlmeTransmit.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+                               pAd->CommonCfg.RtsRate = RATE_1;
+                               break;
+               }
+               //
+               // Keep Basic Mlme Rate.
+               //
+               pAd->MacTab.Content[MCAST_WCID].HTPhyMode.word = pAd->CommonCfg.MlmeTransmit.word;
+               if (pAd->CommonCfg.MlmeTransmit.field.MODE == MODE_OFDM)
+                       pAd->MacTab.Content[MCAST_WCID].HTPhyMode.field.MCS = OfdmRateToRxwiMCS[RATE_24];
+               else
+                       pAd->MacTab.Content[MCAST_WCID].HTPhyMode.field.MCS = RATE_1;
+               pAd->CommonCfg.BasicMlmeRate = pAd->CommonCfg.MlmeRate;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, (" MlmeUpdateTxRates (MaxDesire=%d, MaxSupport=%d, MaxTxRate=%d, MinRate=%d, Rate Switching =%d)\n",
+                        RateIdToMbps[MaxDesire], RateIdToMbps[MaxSupport], RateIdToMbps[pAd->CommonCfg.MaxTxRate], RateIdToMbps[pAd->CommonCfg.MinTxRate],
+                        /*OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED)*/*auto_rate_cur_p));
+       DBGPRINT(RT_DEBUG_TRACE, (" MlmeUpdateTxRates (TxRate=%d, RtsRate=%d, BasicRateBitmap=0x%04lx)\n",
+                        RateIdToMbps[pAd->CommonCfg.TxRate], RateIdToMbps[pAd->CommonCfg.RtsRate], BasicRateBitmap));
+       DBGPRINT(RT_DEBUG_TRACE, ("MlmeUpdateTxRates (MlmeTransmit=0x%x, MinHTPhyMode=%x, MaxHTPhyMode=0x%x, HTPhyMode=0x%x)\n",
+                        pAd->CommonCfg.MlmeTransmit.word, pAd->MacTab.Content[BSSID_WCID].MinHTPhyMode.word ,pAd->MacTab.Content[BSSID_WCID].MaxHTPhyMode.word ,pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word ));
+}
+
+#ifdef DOT11_N_SUPPORT
+/*
+       ==========================================================================
+       Description:
+               This function update HT Rate setting.
+               Input Wcid value is valid for 2 case :
+               1. it's used for Station in infra mode that copy AP rate to Mactable.
+               2. OR Station   in adhoc mode to copy peer's HT rate to Mactable.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeUpdateHtTxRates(
+       IN PRTMP_ADAPTER                pAd,
+       IN      UCHAR                           apidx)
+{
+       UCHAR   StbcMcs; //j, StbcMcs, bitmask;
+       CHAR    i; // 3*3
+       RT_HT_CAPABILITY        *pRtHtCap = NULL;
+       RT_HT_PHY_INFO          *pActiveHtPhy = NULL;
+       ULONG           BasicMCS;
+       UCHAR j, bitmask;
+       PRT_HT_PHY_INFO                 pDesireHtPhy = NULL;
+       PHTTRANSMIT_SETTING             pHtPhy = NULL;
+       PHTTRANSMIT_SETTING             pMaxHtPhy = NULL;
+       PHTTRANSMIT_SETTING             pMinHtPhy = NULL;
+       BOOLEAN                                 *auto_rate_cur_p;
+
+       DBGPRINT(RT_DEBUG_TRACE,("MlmeUpdateHtTxRates===> \n"));
+
+       auto_rate_cur_p = NULL;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               pDesireHtPhy    = &pAd->StaCfg.DesiredHtPhyInfo;
+               pActiveHtPhy    = &pAd->StaCfg.DesiredHtPhyInfo;
+               pHtPhy          = &pAd->StaCfg.HTPhyMode;
+               pMaxHtPhy       = &pAd->StaCfg.MaxHTPhyMode;
+               pMinHtPhy       = &pAd->StaCfg.MinHTPhyMode;
+
+               auto_rate_cur_p = &pAd->StaCfg.bAutoTxRateSwitch;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+       if ((ADHOC_ON(pAd) || INFRA_ON(pAd)) && (pAd->OpMode == OPMODE_STA))
+       {
+               if (pAd->StaActive.SupportedPhyInfo.bHtEnable == FALSE)
+                       return;
+
+               pRtHtCap = &pAd->StaActive.SupportedHtPhy;
+               pActiveHtPhy = &pAd->StaActive.SupportedPhyInfo;
+               StbcMcs = (UCHAR)pAd->MlmeAux.AddHtInfo.AddHtInfo3.StbcMcs;
+               BasicMCS =pAd->MlmeAux.AddHtInfo.MCSSet[0]+(pAd->MlmeAux.AddHtInfo.MCSSet[1]<<8)+(StbcMcs<<16);
+               if ((pAd->CommonCfg.DesiredHtPhy.TxSTBC) && (pRtHtCap->RxSTBC) && (pAd->Antenna.field.TxPath == 2))
+                       pMaxHtPhy->field.STBC = STBC_USE;
+               else
+                       pMaxHtPhy->field.STBC = STBC_NONE;
+       }
+       else
+#endif // CONFIG_STA_SUPPORT //
+       {
+               if (pDesireHtPhy->bHtEnable == FALSE)
+                       return;
+
+               pRtHtCap = &pAd->CommonCfg.DesiredHtPhy;
+               StbcMcs = (UCHAR)pAd->CommonCfg.AddHTInfo.AddHtInfo3.StbcMcs;
+               BasicMCS = pAd->CommonCfg.AddHTInfo.MCSSet[0]+(pAd->CommonCfg.AddHTInfo.MCSSet[1]<<8)+(StbcMcs<<16);
+               if ((pAd->CommonCfg.DesiredHtPhy.TxSTBC) && (pRtHtCap->RxSTBC) && (pAd->Antenna.field.TxPath == 2))
+                       pMaxHtPhy->field.STBC = STBC_USE;
+               else
+                       pMaxHtPhy->field.STBC = STBC_NONE;
+       }
+
+       // Decide MAX ht rate.
+       if ((pRtHtCap->GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
+               pMaxHtPhy->field.MODE = MODE_HTGREENFIELD;
+       else
+               pMaxHtPhy->field.MODE = MODE_HTMIX;
+
+    if ((pAd->CommonCfg.DesiredHtPhy.ChannelWidth) && (pRtHtCap->ChannelWidth))
+               pMaxHtPhy->field.BW = BW_40;
+       else
+               pMaxHtPhy->field.BW = BW_20;
+
+    if (pMaxHtPhy->field.BW == BW_20)
+               pMaxHtPhy->field.ShortGI = (pAd->CommonCfg.DesiredHtPhy.ShortGIfor20 & pRtHtCap->ShortGIfor20);
+       else
+               pMaxHtPhy->field.ShortGI = (pAd->CommonCfg.DesiredHtPhy.ShortGIfor40 & pRtHtCap->ShortGIfor40);
+
+       if (pDesireHtPhy->MCSSet[4] != 0)
+       {
+               pMaxHtPhy->field.MCS = 32;
+       }
+
+       for (i=23; i>=0; i--) // 3*3
+       {
+               j = i/8;
+               bitmask = (1<<(i-(j*8)));
+
+               if ((pActiveHtPhy->MCSSet[j] & bitmask) && (pDesireHtPhy->MCSSet[j] & bitmask))
+               {
+                       pMaxHtPhy->field.MCS = i;
+                       break;
+               }
+
+               if (i==0)
+                       break;
+       }
+
+       // Copy MIN ht rate.  rt2860???
+       pMinHtPhy->field.BW = BW_20;
+       pMinHtPhy->field.MCS = 0;
+       pMinHtPhy->field.STBC = 0;
+       pMinHtPhy->field.ShortGI = 0;
+       //If STA assigns fixed rate. update to fixed here.
+#ifdef CONFIG_STA_SUPPORT
+       if ( (pAd->OpMode == OPMODE_STA) && (pDesireHtPhy->MCSSet[0] != 0xff))
+       {
+               if (pDesireHtPhy->MCSSet[4] != 0)
+               {
+                       pMaxHtPhy->field.MCS = 32;
+                       pMinHtPhy->field.MCS = 32;
+                       DBGPRINT(RT_DEBUG_TRACE,("MlmeUpdateHtTxRates<=== Use Fixed MCS = %d\n",pMinHtPhy->field.MCS));
+               }
+
+               for (i=23; (CHAR)i >= 0; i--) // 3*3
+               {
+                       j = i/8;
+                       bitmask = (1<<(i-(j*8)));
+                       if ( (pDesireHtPhy->MCSSet[j] & bitmask) && (pActiveHtPhy->MCSSet[j] & bitmask))
+                       {
+                               pMaxHtPhy->field.MCS = i;
+                               pMinHtPhy->field.MCS = i;
+                               break;
+                       }
+                       if (i==0)
+                               break;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+       // Decide ht rate
+       pHtPhy->field.STBC = pMaxHtPhy->field.STBC;
+       pHtPhy->field.BW = pMaxHtPhy->field.BW;
+       pHtPhy->field.MODE = pMaxHtPhy->field.MODE;
+       pHtPhy->field.MCS = pMaxHtPhy->field.MCS;
+       pHtPhy->field.ShortGI = pMaxHtPhy->field.ShortGI;
+
+       // use default now. rt2860
+       if (pDesireHtPhy->MCSSet[0] != 0xff)
+               *auto_rate_cur_p = FALSE;
+       else
+               *auto_rate_cur_p = TRUE;
+
+       DBGPRINT(RT_DEBUG_TRACE, (" MlmeUpdateHtTxRates<---.AMsduSize = %d  \n", pAd->CommonCfg.DesiredHtPhy.AmsduSize ));
+       DBGPRINT(RT_DEBUG_TRACE,("TX: MCS[0] = %x (choose %d), BW = %d, ShortGI = %d, MODE = %d,  \n", pActiveHtPhy->MCSSet[0],pHtPhy->field.MCS,
+               pHtPhy->field.BW, pHtPhy->field.ShortGI, pHtPhy->field.MODE));
+       DBGPRINT(RT_DEBUG_TRACE,("MlmeUpdateHtTxRates<=== \n"));
+}
+
+
+VOID BATableInit(
+       IN PRTMP_ADAPTER pAd,
+    IN BA_TABLE *Tab)
+{
+       int i;
+
+       Tab->numAsOriginator = 0;
+       Tab->numAsRecipient = 0;
+       Tab->numDoneOriginator = 0;
+       NdisAllocateSpinLock(&pAd->BATabLock);
+       for (i = 0; i < MAX_LEN_OF_BA_REC_TABLE; i++)
+       {
+               Tab->BARecEntry[i].REC_BA_Status = Recipient_NONE;
+               NdisAllocateSpinLock(&(Tab->BARecEntry[i].RxReRingLock));
+       }
+       for (i = 0; i < MAX_LEN_OF_BA_ORI_TABLE; i++)
+       {
+               Tab->BAOriEntry[i].ORI_BA_Status = Originator_NONE;
+       }
+}
+#endif // DOT11_N_SUPPORT //
+
+// IRQL = DISPATCH_LEVEL
+VOID MlmeRadioOff(
+       IN PRTMP_ADAPTER pAd)
+{
+       RTMP_MLME_RADIO_OFF(pAd);
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID MlmeRadioOn(
+       IN PRTMP_ADAPTER pAd)
+{
+       RTMP_MLME_RADIO_ON(pAd);
+}
+
+// ===========================================================================================
+// bss_table.c
+// ===========================================================================================
+
+
+/*! \brief initialize BSS table
+ *     \param p_tab pointer to the table
+ *     \return none
+ *     \pre
+ *     \post
+
+ IRQL = PASSIVE_LEVEL
+ IRQL = DISPATCH_LEVEL
+
+ */
+VOID BssTableInit(
+       IN BSS_TABLE *Tab)
+{
+       int i;
+
+       Tab->BssNr = 0;
+    Tab->BssOverlapNr = 0;
+       for (i = 0; i < MAX_LEN_OF_BSS_TABLE; i++)
+       {
+               NdisZeroMemory(&Tab->BssEntry[i], sizeof(BSS_ENTRY));
+               Tab->BssEntry[i].Rssi = -127;   // initial the rssi as a minimum value
+       }
+}
+
+
+/*! \brief search the BSS table by SSID
+ *     \param p_tab pointer to the bss table
+ *     \param ssid SSID string
+ *     \return index of the table, BSS_NOT_FOUND if not in the table
+ *     \pre
+ *     \post
+ *     \note search by sequential search
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+ULONG BssTableSearch(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR        pBssid,
+       IN UCHAR         Channel)
+{
+       UCHAR i;
+
+       for (i = 0; i < Tab->BssNr; i++)
+       {
+               //
+               // Some AP that support A/B/G mode that may used the same BSSID on 11A and 11B/G.
+               // We should distinguish this case.
+               //
+               if ((((Tab->BssEntry[i].Channel <= 14) && (Channel <= 14)) ||
+                        ((Tab->BssEntry[i].Channel > 14) && (Channel > 14))) &&
+                       MAC_ADDR_EQUAL(Tab->BssEntry[i].Bssid, pBssid))
+               {
+                       return i;
+               }
+       }
+       return (ULONG)BSS_NOT_FOUND;
+}
+
+ULONG BssSsidTableSearch(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR        pBssid,
+       IN PUCHAR        pSsid,
+       IN UCHAR         SsidLen,
+       IN UCHAR         Channel)
+{
+       UCHAR i;
+
+       for (i = 0; i < Tab->BssNr; i++)
+       {
+               //
+               // Some AP that support A/B/G mode that may used the same BSSID on 11A and 11B/G.
+               // We should distinguish this case.
+               //
+               if ((((Tab->BssEntry[i].Channel <= 14) && (Channel <= 14)) ||
+                        ((Tab->BssEntry[i].Channel > 14) && (Channel > 14))) &&
+                       MAC_ADDR_EQUAL(Tab->BssEntry[i].Bssid, pBssid) &&
+                       SSID_EQUAL(pSsid, SsidLen, Tab->BssEntry[i].Ssid, Tab->BssEntry[i].SsidLen))
+               {
+                       return i;
+               }
+       }
+       return (ULONG)BSS_NOT_FOUND;
+}
+
+ULONG BssTableSearchWithSSID(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR        Bssid,
+       IN PUCHAR        pSsid,
+       IN UCHAR         SsidLen,
+       IN UCHAR         Channel)
+{
+       UCHAR i;
+
+       for (i = 0; i < Tab->BssNr; i++)
+       {
+               if ((((Tab->BssEntry[i].Channel <= 14) && (Channel <= 14)) ||
+                       ((Tab->BssEntry[i].Channel > 14) && (Channel > 14))) &&
+                       MAC_ADDR_EQUAL(&(Tab->BssEntry[i].Bssid), Bssid) &&
+                       (SSID_EQUAL(pSsid, SsidLen, Tab->BssEntry[i].Ssid, Tab->BssEntry[i].SsidLen) ||
+                       (NdisEqualMemory(pSsid, ZeroSsid, SsidLen)) ||
+                       (NdisEqualMemory(Tab->BssEntry[i].Ssid, ZeroSsid, Tab->BssEntry[i].SsidLen))))
+               {
+                       return i;
+               }
+       }
+       return (ULONG)BSS_NOT_FOUND;
+}
+
+
+ULONG BssSsidTableSearchBySSID(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR        pSsid,
+       IN UCHAR         SsidLen)
+{
+       UCHAR i;
+
+       for (i = 0; i < Tab->BssNr; i++)
+       {
+               if (SSID_EQUAL(pSsid, SsidLen, Tab->BssEntry[i].Ssid, Tab->BssEntry[i].SsidLen))
+               {
+                       return i;
+               }
+       }
+       return (ULONG)BSS_NOT_FOUND;
+}
+
+
+// IRQL = DISPATCH_LEVEL
+VOID BssTableDeleteEntry(
+       IN OUT  BSS_TABLE *Tab,
+       IN              PUCHAR    pBssid,
+       IN              UCHAR     Channel)
+{
+       UCHAR i, j;
+
+       for (i = 0; i < Tab->BssNr; i++)
+       {
+               if ((Tab->BssEntry[i].Channel == Channel) &&
+                       (MAC_ADDR_EQUAL(Tab->BssEntry[i].Bssid, pBssid)))
+               {
+                       for (j = i; j < Tab->BssNr - 1; j++)
+                       {
+                               NdisMoveMemory(&(Tab->BssEntry[j]), &(Tab->BssEntry[j + 1]), sizeof(BSS_ENTRY));
+                       }
+                       NdisZeroMemory(&(Tab->BssEntry[Tab->BssNr - 1]), sizeof(BSS_ENTRY));
+                       Tab->BssNr -= 1;
+                       return;
+               }
+       }
+}
+
+#ifdef DOT11_N_SUPPORT
+/*
+       ========================================================================
+       Routine Description:
+               Delete the Originator Entry in BAtable. Or decrease numAs Originator by 1 if needed.
+
+       Arguments:
+       // IRQL = DISPATCH_LEVEL
+       ========================================================================
+*/
+VOID BATableDeleteORIEntry(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              BA_ORI_ENTRY    *pBAORIEntry)
+{
+
+       if (pBAORIEntry->ORI_BA_Status != Originator_NONE)
+       {
+               NdisAcquireSpinLock(&pAd->BATabLock);
+               if (pBAORIEntry->ORI_BA_Status == Originator_Done)
+               {
+                       pAd->BATable.numAsOriginator -= 1;
+                       DBGPRINT(RT_DEBUG_TRACE, ("BATableDeleteORIEntry numAsOriginator= %ld\n", pAd->BATable.numAsRecipient));
+                       // Erase Bitmap flag.
+               }
+               pAd->MacTab.Content[pBAORIEntry->Wcid].TXBAbitmap &= (~(1<<(pBAORIEntry->TID) ));       // If STA mode,  erase flag here
+               pAd->MacTab.Content[pBAORIEntry->Wcid].BAOriWcidArray[pBAORIEntry->TID] = 0;    // If STA mode,  erase flag here
+               pBAORIEntry->ORI_BA_Status = Originator_NONE;
+               pBAORIEntry->Token = 1;
+               // Not clear Sequence here.
+               NdisReleaseSpinLock(&pAd->BATabLock);
+       }
+}
+#endif // DOT11_N_SUPPORT //
+
+/*! \brief
+ *     \param
+ *     \return
+ *     \pre
+ *     \post
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+VOID BssEntrySet(
+       IN PRTMP_ADAPTER        pAd,
+       OUT BSS_ENTRY *pBss,
+       IN PUCHAR pBssid,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR BssType,
+       IN USHORT BeaconPeriod,
+       IN PCF_PARM pCfParm,
+       IN USHORT AtimWin,
+       IN USHORT CapabilityInfo,
+       IN UCHAR SupRate[],
+       IN UCHAR SupRateLen,
+       IN UCHAR ExtRate[],
+       IN UCHAR ExtRateLen,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN ADD_HT_INFO_IE *pAddHtInfo,  // AP might use this additional ht info IE
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        AddHtInfoLen,
+       IN UCHAR                        NewExtChanOffset,
+       IN UCHAR Channel,
+       IN CHAR Rssi,
+       IN LARGE_INTEGER TimeStamp,
+       IN UCHAR CkipFlag,
+       IN PEDCA_PARM pEdcaParm,
+       IN PQOS_CAPABILITY_PARM pQosCapability,
+       IN PQBSS_LOAD_PARM pQbssLoad,
+       IN USHORT LengthVIE,
+       IN PNDIS_802_11_VARIABLE_IEs pVIE)
+{
+       COPY_MAC_ADDR(pBss->Bssid, pBssid);
+       // Default Hidden SSID to be TRUE, it will be turned to FALSE after coping SSID
+       pBss->Hidden = 1;
+       if (SsidLen > 0)
+       {
+               // For hidden SSID AP, it might send beacon with SSID len equal to 0
+               // Or send beacon /probe response with SSID len matching real SSID length,
+               // but SSID is all zero. such as "00-00-00-00" with length 4.
+               // We have to prevent this case overwrite correct table
+               if (NdisEqualMemory(Ssid, ZeroSsid, SsidLen) == 0)
+               {
+                   NdisZeroMemory(pBss->Ssid, MAX_LEN_OF_SSID);
+                       NdisMoveMemory(pBss->Ssid, Ssid, SsidLen);
+                       pBss->SsidLen = SsidLen;
+                       pBss->Hidden = 0;
+               }
+       }
+       else
+               pBss->SsidLen = 0;
+       pBss->BssType = BssType;
+       pBss->BeaconPeriod = BeaconPeriod;
+       if (BssType == BSS_INFRA)
+       {
+               if (pCfParm->bValid)
+               {
+                       pBss->CfpCount = pCfParm->CfpCount;
+                       pBss->CfpPeriod = pCfParm->CfpPeriod;
+                       pBss->CfpMaxDuration = pCfParm->CfpMaxDuration;
+                       pBss->CfpDurRemaining = pCfParm->CfpDurRemaining;
+               }
+       }
+       else
+       {
+               pBss->AtimWin = AtimWin;
+       }
+
+       pBss->CapabilityInfo = CapabilityInfo;
+       // The privacy bit indicate security is ON, it maight be WEP, TKIP or AES
+       // Combine with AuthMode, they will decide the connection methods.
+       pBss->Privacy = CAP_IS_PRIVACY_ON(pBss->CapabilityInfo);
+       ASSERT(SupRateLen <= MAX_LEN_OF_SUPPORTED_RATES);
+       if (SupRateLen <= MAX_LEN_OF_SUPPORTED_RATES)
+               NdisMoveMemory(pBss->SupRate, SupRate, SupRateLen);
+       else
+               NdisMoveMemory(pBss->SupRate, SupRate, MAX_LEN_OF_SUPPORTED_RATES);
+       pBss->SupRateLen = SupRateLen;
+       ASSERT(ExtRateLen <= MAX_LEN_OF_SUPPORTED_RATES);
+       NdisMoveMemory(pBss->ExtRate, ExtRate, ExtRateLen);
+       pBss->NewExtChanOffset = NewExtChanOffset;
+       pBss->ExtRateLen = ExtRateLen;
+       pBss->Channel = Channel;
+       pBss->CentralChannel = Channel;
+       pBss->Rssi = Rssi;
+       // Update CkipFlag. if not exists, the value is 0x0
+       pBss->CkipFlag = CkipFlag;
+
+       // New for microsoft Fixed IEs
+       NdisMoveMemory(pBss->FixIEs.Timestamp, &TimeStamp, 8);
+       pBss->FixIEs.BeaconInterval = BeaconPeriod;
+       pBss->FixIEs.Capabilities = CapabilityInfo;
+
+       // New for microsoft Variable IEs
+       if (LengthVIE != 0)
+       {
+               pBss->VarIELen = LengthVIE;
+               NdisMoveMemory(pBss->VarIEs, pVIE, pBss->VarIELen);
+       }
+       else
+       {
+               pBss->VarIELen = 0;
+       }
+
+       pBss->AddHtInfoLen = 0;
+       pBss->HtCapabilityLen = 0;
+#ifdef DOT11_N_SUPPORT
+       if (HtCapabilityLen> 0)
+       {
+               pBss->HtCapabilityLen = HtCapabilityLen;
+               NdisMoveMemory(&pBss->HtCapability, pHtCapability, HtCapabilityLen);
+               if (AddHtInfoLen > 0)
+               {
+                       pBss->AddHtInfoLen = AddHtInfoLen;
+                       NdisMoveMemory(&pBss->AddHtInfo, pAddHtInfo, AddHtInfoLen);
+
+                               if ((pAddHtInfo->ControlChan > 2)&& (pAddHtInfo->AddHtInfo.ExtChanOffset == EXTCHA_BELOW) && (pHtCapability->HtCapInfo.ChannelWidth == BW_40))
+                               {
+                                       pBss->CentralChannel = pAddHtInfo->ControlChan - 2;
+                               }
+                               else if ((pAddHtInfo->AddHtInfo.ExtChanOffset == EXTCHA_ABOVE) && (pHtCapability->HtCapInfo.ChannelWidth == BW_40))
+                               {
+                                               pBss->CentralChannel = pAddHtInfo->ControlChan + 2;
+                               }
+               }
+       }
+#endif // DOT11_N_SUPPORT //
+
+       BssCipherParse(pBss);
+
+       // new for QOS
+       if (pEdcaParm)
+               NdisMoveMemory(&pBss->EdcaParm, pEdcaParm, sizeof(EDCA_PARM));
+       else
+               pBss->EdcaParm.bValid = FALSE;
+       if (pQosCapability)
+               NdisMoveMemory(&pBss->QosCapability, pQosCapability, sizeof(QOS_CAPABILITY_PARM));
+       else
+               pBss->QosCapability.bValid = FALSE;
+       if (pQbssLoad)
+               NdisMoveMemory(&pBss->QbssLoad, pQbssLoad, sizeof(QBSS_LOAD_PARM));
+       else
+               pBss->QbssLoad.bValid = FALSE;
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               PEID_STRUCT     pEid;
+               USHORT          Length = 0;
+
+
+               NdisZeroMemory(&pBss->WpaIE.IE[0], MAX_CUSTOM_LEN);
+               NdisZeroMemory(&pBss->RsnIE.IE[0], MAX_CUSTOM_LEN);
+#ifdef EXT_BUILD_CHANNEL_LIST
+               NdisZeroMemory(&pBss->CountryString[0], 3);
+               pBss->bHasCountryIE = FALSE;
+#endif // EXT_BUILD_CHANNEL_LIST //
+               pEid = (PEID_STRUCT) pVIE;
+               while ((Length + 2 + (USHORT)pEid->Len) <= LengthVIE)
+               {
+                       switch(pEid->Eid)
+                       {
+                               case IE_WPA:
+                                       if (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
+                                       {
+                                               if ((pEid->Len + 2) > MAX_CUSTOM_LEN)
+                                               {
+                                                       pBss->WpaIE.IELen = 0;
+                                                       break;
+                                               }
+                                               pBss->WpaIE.IELen = pEid->Len + 2;
+                                               NdisMoveMemory(pBss->WpaIE.IE, pEid, pBss->WpaIE.IELen);
+                                       }
+                                       break;
+                case IE_RSN:
+                    if (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
+                                       {
+                                               if ((pEid->Len + 2) > MAX_CUSTOM_LEN)
+                        {
+                                                       pBss->RsnIE.IELen = 0;
+                                                       break;
+                                       }
+                                               pBss->RsnIE.IELen = pEid->Len + 2;
+                                               NdisMoveMemory(pBss->RsnIE.IE, pEid, pBss->RsnIE.IELen);
+                       }
+                               break;
+#ifdef EXT_BUILD_CHANNEL_LIST
+                               case IE_COUNTRY:
+                                       NdisMoveMemory(&pBss->CountryString[0], pEid->Octet, 3);
+                                       pBss->bHasCountryIE = TRUE;
+                                       break;
+#endif // EXT_BUILD_CHANNEL_LIST //
+            }
+                       Length = Length + 2 + (USHORT)pEid->Len;  // Eid[1] + Len[1]+ content[Len]
+                       pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+}
+
+/*!
+ *     \brief insert an entry into the bss table
+ *     \param p_tab The BSS table
+ *     \param Bssid BSSID
+ *     \param ssid SSID
+ *     \param ssid_len Length of SSID
+ *     \param bss_type
+ *     \param beacon_period
+ *     \param timestamp
+ *     \param p_cf
+ *     \param atim_win
+ *     \param cap
+ *     \param rates
+ *     \param rates_len
+ *     \param channel_idx
+ *     \return none
+ *     \pre
+ *     \post
+ *     \note If SSID is identical, the old entry will be replaced by the new one
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+ULONG BssTableSetEntry(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT BSS_TABLE *Tab,
+       IN PUCHAR pBssid,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR BssType,
+       IN USHORT BeaconPeriod,
+       IN CF_PARM *CfParm,
+       IN USHORT AtimWin,
+       IN USHORT CapabilityInfo,
+       IN UCHAR SupRate[],
+       IN UCHAR SupRateLen,
+       IN UCHAR ExtRate[],
+       IN UCHAR ExtRateLen,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN ADD_HT_INFO_IE *pAddHtInfo,  // AP might use this additional ht info IE
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        AddHtInfoLen,
+       IN UCHAR                        NewExtChanOffset,
+       IN UCHAR ChannelNo,
+       IN CHAR Rssi,
+       IN LARGE_INTEGER TimeStamp,
+       IN UCHAR CkipFlag,
+       IN PEDCA_PARM pEdcaParm,
+       IN PQOS_CAPABILITY_PARM pQosCapability,
+       IN PQBSS_LOAD_PARM pQbssLoad,
+       IN USHORT LengthVIE,
+       IN PNDIS_802_11_VARIABLE_IEs pVIE)
+{
+       ULONG   Idx;
+
+       Idx = BssTableSearchWithSSID(Tab, pBssid,  (UCHAR *)Ssid, SsidLen, ChannelNo);
+       if (Idx == BSS_NOT_FOUND)
+       {
+               if (Tab->BssNr >= MAX_LEN_OF_BSS_TABLE)
+           {
+                       //
+                       // It may happen when BSS Table was full.
+                       // The desired AP will not be added into BSS Table
+                       // In this case, if we found the desired AP then overwrite BSS Table.
+                       //
+                       if(!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+                       {
+                               if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, pBssid) ||
+                                       SSID_EQUAL(pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen, Ssid, SsidLen))
+                               {
+                                       Idx = Tab->BssOverlapNr;
+                                       BssEntrySet(pAd, &Tab->BssEntry[Idx], pBssid, Ssid, SsidLen, BssType, BeaconPeriod, CfParm, AtimWin,
+                                               CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,pHtCapability, pAddHtInfo,HtCapabilityLen, AddHtInfoLen,
+                                               NewExtChanOffset, ChannelNo, Rssi, TimeStamp, CkipFlag, pEdcaParm, pQosCapability, pQbssLoad, LengthVIE, pVIE);
+                    Tab->BssOverlapNr = (Tab->BssOverlapNr++) % MAX_LEN_OF_BSS_TABLE;
+                               }
+                               return Idx;
+                       }
+                       else
+                       {
+                       return BSS_NOT_FOUND;
+                       }
+               }
+               Idx = Tab->BssNr;
+               BssEntrySet(pAd, &Tab->BssEntry[Idx], pBssid, Ssid, SsidLen, BssType, BeaconPeriod, CfParm, AtimWin,
+                                       CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,pHtCapability, pAddHtInfo,HtCapabilityLen, AddHtInfoLen,
+                                       NewExtChanOffset, ChannelNo, Rssi, TimeStamp, CkipFlag, pEdcaParm, pQosCapability, pQbssLoad, LengthVIE, pVIE);
+               Tab->BssNr++;
+       }
+       else
+       {
+               /* avoid  Hidden SSID form beacon to overwirite correct SSID from probe response */
+               if ((SSID_EQUAL(Ssid, SsidLen, Tab->BssEntry[Idx].Ssid, Tab->BssEntry[Idx].SsidLen)) ||
+                       (NdisEqualMemory(Tab->BssEntry[Idx].Ssid, ZeroSsid, Tab->BssEntry[Idx].SsidLen)))
+               {
+                       BssEntrySet(pAd, &Tab->BssEntry[Idx], pBssid, Ssid, SsidLen, BssType, BeaconPeriod,CfParm, AtimWin,
+                                               CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,pHtCapability, pAddHtInfo,HtCapabilityLen, AddHtInfoLen,
+                                               NewExtChanOffset, ChannelNo, Rssi, TimeStamp, CkipFlag, pEdcaParm, pQosCapability, pQbssLoad, LengthVIE, pVIE);
+               }
+       }
+
+       return Idx;
+}
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+VOID  TriEventInit(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       UCHAR           i;
+
+       for (i = 0;i < MAX_TRIGGER_EVENT;i++)
+               pAd->CommonCfg.TriggerEventTab.EventA[i].bValid = FALSE;
+
+       pAd->CommonCfg.TriggerEventTab.EventANo = 0;
+       pAd->CommonCfg.TriggerEventTab.EventBCountDown = 0;
+}
+
+ULONG TriEventTableSetEntry(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT TRIGGER_EVENT_TAB *Tab,
+       IN PUCHAR pBssid,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        RegClass,
+       IN UCHAR ChannelNo)
+{
+       // Event A
+       if (HtCapabilityLen == 0)
+       {
+               if (Tab->EventANo < MAX_TRIGGER_EVENT)
+               {
+                       RTMPMoveMemory(Tab->EventA[Tab->EventANo].BSSID, pBssid, 6);
+                       Tab->EventA[Tab->EventANo].bValid = TRUE;
+                       Tab->EventA[Tab->EventANo].Channel = ChannelNo;
+                       Tab->EventA[Tab->EventANo].CDCounter = pAd->CommonCfg.Dot11BssWidthChanTranDelay;
+                       if (RegClass != 0)
+                       {
+                               // Beacon has Regulatory class IE. So use beacon's
+                               Tab->EventA[Tab->EventANo].RegClass = RegClass;
+                       }
+                       else
+                       {
+                               // Use Station's Regulatory class instead.
+                               if (pAd->StaActive.SupportedHtPhy.bHtEnable == TRUE)
+                               {
+                                       if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel)
+                                       {
+                                               Tab->EventA[Tab->EventANo].RegClass = 32;
+                                       }
+                                       else if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel)
+                                               Tab->EventA[Tab->EventANo].RegClass = 33;
+                               }
+                               else
+                                       Tab->EventA[Tab->EventANo].RegClass = ??;
+
+                       }
+
+                       Tab->EventANo ++;
+               }
+       }
+       else if (pHtCapability->HtCapInfo.Intolerant40)
+       {
+               Tab->EventBCountDown = pAd->CommonCfg.Dot11BssWidthChanTranDelay;
+       }
+
+}
+
+/*
+       ========================================================================
+       Routine Description:
+               Trigger Event table Maintainence called once every second.
+
+       Arguments:
+       // IRQL = DISPATCH_LEVEL
+       ========================================================================
+*/
+VOID TriEventCounterMaintenance(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       UCHAR           i;
+       BOOLEAN                 bNotify = FALSE;
+       for (i = 0;i < MAX_TRIGGER_EVENT;i++)
+       {
+               if (pAd->CommonCfg.TriggerEventTab.EventA[i].bValid && (pAd->CommonCfg.TriggerEventTab.EventA[i].CDCounter > 0))
+               {
+                       pAd->CommonCfg.TriggerEventTab.EventA[i].CDCounter--;
+                       if (pAd->CommonCfg.TriggerEventTab.EventA[i].CDCounter == 0)
+                       {
+                               pAd->CommonCfg.TriggerEventTab.EventA[i].bValid = FALSE;
+                               pAd->CommonCfg.TriggerEventTab.EventANo --;
+                               // Need to send 20/40 Coexistence Notify frame if has status change.
+                               bNotify = TRUE;
+                       }
+               }
+       }
+       if (pAd->CommonCfg.TriggerEventTab.EventBCountDown > 0)
+       {
+               pAd->CommonCfg.TriggerEventTab.EventBCountDown--;
+               if (pAd->CommonCfg.TriggerEventTab.EventBCountDown == 0)
+                       bNotify = TRUE;
+       }
+
+       if (bNotify == TRUE)
+               Update2040CoexistFrameAndNotify(pAd, BSSID_WCID, TRUE);
+}
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+// IRQL = DISPATCH_LEVEL
+VOID BssTableSsidSort(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT BSS_TABLE *OutTab,
+       IN      CHAR Ssid[],
+       IN      UCHAR SsidLen)
+{
+       INT i;
+       BssTableInit(OutTab);
+
+       for (i = 0; i < pAd->ScanTab.BssNr; i++)
+       {
+               BSS_ENTRY *pInBss = &pAd->ScanTab.BssEntry[i];
+               BOOLEAN bIsHiddenApIncluded = FALSE;
+
+               if (((pAd->CommonCfg.bIEEE80211H == 1) &&
+            (pAd->MlmeAux.Channel > 14) &&
+             RadarChannelCheck(pAd, pInBss->Channel))
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+             || (pAd->CommonCfg.CarrierDetect.Enable == TRUE)
+#endif // CARRIER_DETECTION_SUPPORT //
+            )
+{
+                       if (pInBss->Hidden)
+                               bIsHiddenApIncluded = TRUE;
+}
+
+               if ((pInBss->BssType == pAd->StaCfg.BssType) &&
+                       (SSID_EQUAL(Ssid, SsidLen, pInBss->Ssid, pInBss->SsidLen) || bIsHiddenApIncluded))
+               {
+                       BSS_ENTRY *pOutBss = &OutTab->BssEntry[OutTab->BssNr];
+
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+                       // If no Country IE exists no Connection will be established when IEEE80211dClientMode is strict.
+                       if ((pAd->StaCfg.IEEE80211dClientMode == Rt802_11_D_Strict) &&
+                               (pInBss->bHasCountryIE == FALSE))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("StaCfg.IEEE80211dClientMode == Rt802_11_D_Strict, but this AP doesn't have country IE.\n"));
+                               continue;
+                       }
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+#ifdef DOT11_N_SUPPORT
+                       // 2.4G/5G N only mode
+                       if ((pInBss->HtCapabilityLen == 0) &&
+                               ((pAd->CommonCfg.PhyMode == PHY_11N_2_4G) || (pAd->CommonCfg.PhyMode == PHY_11N_5G)))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("STA is in N-only Mode, this AP don't have Ht capability in Beacon.\n"));
+                               continue;
+                       }
+#endif // DOT11_N_SUPPORT //
+
+                       // New for WPA2
+                       // Check the Authmode first
+                       if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                       {
+                               // Check AuthMode and AuthModeAux for matching, in case AP support dual-mode
+                               if ((pAd->StaCfg.AuthMode != pInBss->AuthMode) && (pAd->StaCfg.AuthMode != pInBss->AuthModeAux))
+                                       // None matched
+                                       continue;
+
+                               // Check cipher suite, AP must have more secured cipher than station setting
+                               if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+                               {
+                                       // If it's not mixed mode, we should only let BSS pass with the same encryption
+                                       if (pInBss->WPA.bMixMode == FALSE)
+                                               if (pAd->StaCfg.WepStatus != pInBss->WPA.GroupCipher)
+                                                       continue;
+
+                                       // check group cipher
+                                       if ((pAd->StaCfg.WepStatus < pInBss->WPA.GroupCipher) &&
+                                               (pInBss->WPA.GroupCipher != Ndis802_11GroupWEP40Enabled) &&
+                                               (pInBss->WPA.GroupCipher != Ndis802_11GroupWEP104Enabled))
+                                               continue;
+
+                                       // check pairwise cipher, skip if none matched
+                                       // If profile set to AES, let it pass without question.
+                                       // If profile set to TKIP, we must find one mateched
+                                       if ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA.PairCipher) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA.PairCipherAux))
+                                               continue;
+                               }
+                               else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+                               {
+                                       // If it's not mixed mode, we should only let BSS pass with the same encryption
+                                       if (pInBss->WPA2.bMixMode == FALSE)
+                                               if (pAd->StaCfg.WepStatus != pInBss->WPA2.GroupCipher)
+                                                       continue;
+
+                                       // check group cipher
+                                       if ((pAd->StaCfg.WepStatus < pInBss->WPA.GroupCipher) &&
+                                               (pInBss->WPA2.GroupCipher != Ndis802_11GroupWEP40Enabled) &&
+                                               (pInBss->WPA2.GroupCipher != Ndis802_11GroupWEP104Enabled))
+                                               continue;
+
+                                       // check pairwise cipher, skip if none matched
+                                       // If profile set to AES, let it pass without question.
+                                       // If profile set to TKIP, we must find one mateched
+                                       if ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA2.PairCipher) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA2.PairCipherAux))
+                                               continue;
+                               }
+                       }
+                       // Bss Type matched, SSID matched.
+                       // We will check wepstatus for qualification Bss
+                       else if (pAd->StaCfg.WepStatus != pInBss->WepStatus)
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("StaCfg.WepStatus=%d, while pInBss->WepStatus=%d\n", pAd->StaCfg.WepStatus, pInBss->WepStatus));
+                               //
+                               // For the SESv2 case, we will not qualify WepStatus.
+                               //
+                               if (!pInBss->bSES)
+                                       continue;
+                       }
+
+                       // Since the AP is using hidden SSID, and we are trying to connect to ANY
+                       // It definitely will fail. So, skip it.
+                       // CCX also require not even try to connect it!!
+                       if (SsidLen == 0)
+                               continue;
+
+#ifdef DOT11_N_SUPPORT
+                       // If both station and AP use 40MHz, still need to check if the 40MHZ band's legality in my country region
+                       // If this 40MHz wideband is not allowed in my country list, use bandwidth 20MHZ instead,
+                       if ((pInBss->CentralChannel != pInBss->Channel) &&
+                               (pAd->CommonCfg.RegTransmitSetting.field.BW == BW_40))
+                       {
+                               if (RTMPCheckChannel(pAd, pInBss->CentralChannel, pInBss->Channel) == FALSE)
+                               {
+                                       pAd->CommonCfg.RegTransmitSetting.field.BW = BW_20;
+                                       SetCommonHT(pAd);
+                                       pAd->CommonCfg.RegTransmitSetting.field.BW = BW_40;
+                               }
+                               else
+                               {
+                                       if (pAd->CommonCfg.DesiredHtPhy.ChannelWidth == BAND_WIDTH_20)
+                                       {
+                                               SetCommonHT(pAd);
+                                       }
+                               }
+                       }
+#endif // DOT11_N_SUPPORT //
+
+                       // copy matching BSS from InTab to OutTab
+                       NdisMoveMemory(pOutBss, pInBss, sizeof(BSS_ENTRY));
+
+                       OutTab->BssNr++;
+               }
+               else if ((pInBss->BssType == pAd->StaCfg.BssType) && (SsidLen == 0))
+               {
+                       BSS_ENTRY *pOutBss = &OutTab->BssEntry[OutTab->BssNr];
+
+
+#ifdef DOT11_N_SUPPORT
+                       // 2.4G/5G N only mode
+                       if ((pInBss->HtCapabilityLen == 0) &&
+                               ((pAd->CommonCfg.PhyMode == PHY_11N_2_4G) || (pAd->CommonCfg.PhyMode == PHY_11N_5G)))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("STA is in N-only Mode, this AP don't have Ht capability in Beacon.\n"));
+                               continue;
+                       }
+#endif // DOT11_N_SUPPORT //
+
+                       // New for WPA2
+                       // Check the Authmode first
+                       if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                       {
+                               // Check AuthMode and AuthModeAux for matching, in case AP support dual-mode
+                               if ((pAd->StaCfg.AuthMode != pInBss->AuthMode) && (pAd->StaCfg.AuthMode != pInBss->AuthModeAux))
+                                       // None matched
+                                       continue;
+
+                               // Check cipher suite, AP must have more secured cipher than station setting
+                               if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+                               {
+                                       // If it's not mixed mode, we should only let BSS pass with the same encryption
+                                       if (pInBss->WPA.bMixMode == FALSE)
+                                               if (pAd->StaCfg.WepStatus != pInBss->WPA.GroupCipher)
+                                                       continue;
+
+                                       // check group cipher
+                                       if (pAd->StaCfg.WepStatus < pInBss->WPA.GroupCipher)
+                                               continue;
+
+                                       // check pairwise cipher, skip if none matched
+                                       // If profile set to AES, let it pass without question.
+                                       // If profile set to TKIP, we must find one mateched
+                                       if ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA.PairCipher) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA.PairCipherAux))
+                                               continue;
+                               }
+                               else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+                               {
+                                       // If it's not mixed mode, we should only let BSS pass with the same encryption
+                                       if (pInBss->WPA2.bMixMode == FALSE)
+                                               if (pAd->StaCfg.WepStatus != pInBss->WPA2.GroupCipher)
+                                                       continue;
+
+                                       // check group cipher
+                                       if (pAd->StaCfg.WepStatus < pInBss->WPA2.GroupCipher)
+                                               continue;
+
+                                       // check pairwise cipher, skip if none matched
+                                       // If profile set to AES, let it pass without question.
+                                       // If profile set to TKIP, we must find one mateched
+                                       if ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA2.PairCipher) &&
+                                               (pAd->StaCfg.WepStatus != pInBss->WPA2.PairCipherAux))
+                                               continue;
+                               }
+                       }
+                       // Bss Type matched, SSID matched.
+                       // We will check wepstatus for qualification Bss
+                       else if (pAd->StaCfg.WepStatus != pInBss->WepStatus)
+                                       continue;
+
+#ifdef DOT11_N_SUPPORT
+                       // If both station and AP use 40MHz, still need to check if the 40MHZ band's legality in my country region
+                       // If this 40MHz wideband is not allowed in my country list, use bandwidth 20MHZ instead,
+                       if ((pInBss->CentralChannel != pInBss->Channel) &&
+                               (pAd->CommonCfg.RegTransmitSetting.field.BW == BW_40))
+                       {
+                               if (RTMPCheckChannel(pAd, pInBss->CentralChannel, pInBss->Channel) == FALSE)
+                               {
+                                       pAd->CommonCfg.RegTransmitSetting.field.BW = BW_20;
+                                       SetCommonHT(pAd);
+                                       pAd->CommonCfg.RegTransmitSetting.field.BW = BW_40;
+                               }
+                       }
+#endif // DOT11_N_SUPPORT //
+
+                       // copy matching BSS from InTab to OutTab
+                       NdisMoveMemory(pOutBss, pInBss, sizeof(BSS_ENTRY));
+
+                       OutTab->BssNr++;
+               }
+
+               if (OutTab->BssNr >= MAX_LEN_OF_BSS_TABLE)
+                       break;
+       }
+
+       BssTableSortByRssi(OutTab);
+}
+
+
+// IRQL = DISPATCH_LEVEL
+VOID BssTableSortByRssi(
+       IN OUT BSS_TABLE *OutTab)
+{
+       INT       i, j;
+       BSS_ENTRY TmpBss;
+
+       for (i = 0; i < OutTab->BssNr - 1; i++)
+       {
+               for (j = i+1; j < OutTab->BssNr; j++)
+               {
+                       if (OutTab->BssEntry[j].Rssi > OutTab->BssEntry[i].Rssi)
+                       {
+                               NdisMoveMemory(&TmpBss, &OutTab->BssEntry[j], sizeof(BSS_ENTRY));
+                               NdisMoveMemory(&OutTab->BssEntry[j], &OutTab->BssEntry[i], sizeof(BSS_ENTRY));
+                               NdisMoveMemory(&OutTab->BssEntry[i], &TmpBss, sizeof(BSS_ENTRY));
+                       }
+               }
+       }
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+VOID BssCipherParse(
+       IN OUT  PBSS_ENTRY      pBss)
+{
+       PEID_STRUCT              pEid;
+       PUCHAR                          pTmp;
+       PRSN_IE_HEADER_STRUCT                   pRsnHeader;
+       PCIPHER_SUITE_STRUCT                    pCipher;
+       PAKM_SUITE_STRUCT                               pAKM;
+       USHORT                                                  Count;
+       INT                                                             Length;
+       NDIS_802_11_ENCRYPTION_STATUS   TmpCipher;
+
+       //
+       // WepStatus will be reset later, if AP announce TKIP or AES on the beacon frame.
+       //
+       if (pBss->Privacy)
+       {
+               pBss->WepStatus         = Ndis802_11WEPEnabled;
+       }
+       else
+       {
+               pBss->WepStatus         = Ndis802_11WEPDisabled;
+       }
+       // Set default to disable & open authentication before parsing variable IE
+       pBss->AuthMode          = Ndis802_11AuthModeOpen;
+       pBss->AuthModeAux       = Ndis802_11AuthModeOpen;
+
+       // Init WPA setting
+       pBss->WPA.PairCipher    = Ndis802_11WEPDisabled;
+       pBss->WPA.PairCipherAux = Ndis802_11WEPDisabled;
+       pBss->WPA.GroupCipher   = Ndis802_11WEPDisabled;
+       pBss->WPA.RsnCapability = 0;
+       pBss->WPA.bMixMode              = FALSE;
+
+       // Init WPA2 setting
+       pBss->WPA2.PairCipher    = Ndis802_11WEPDisabled;
+       pBss->WPA2.PairCipherAux = Ndis802_11WEPDisabled;
+       pBss->WPA2.GroupCipher   = Ndis802_11WEPDisabled;
+       pBss->WPA2.RsnCapability = 0;
+       pBss->WPA2.bMixMode      = FALSE;
+
+
+       Length = (INT) pBss->VarIELen;
+
+       while (Length > 0)
+       {
+               // Parse cipher suite base on WPA1 & WPA2, they should be parsed differently
+               pTmp = ((PUCHAR) pBss->VarIEs) + pBss->VarIELen - Length;
+               pEid = (PEID_STRUCT) pTmp;
+               switch (pEid->Eid)
+               {
+                       case IE_WPA:
+                               if (NdisEqualMemory(pEid->Octet, SES_OUI, 3) && (pEid->Len == 7))
+                               {
+                                       pBss->bSES = TRUE;
+                                       break;
+                               }
+                               else if (NdisEqualMemory(pEid->Octet, WPA_OUI, 4) != 1)
+                               {
+                                       // if unsupported vendor specific IE
+                                       break;
+                               }
+                               // Skip OUI, version, and multicast suite
+                               // This part should be improved in the future when AP supported multiple cipher suite.
+                               // For now, it's OK since almost all APs have fixed cipher suite supported.
+                               // pTmp = (PUCHAR) pEid->Octet;
+                               pTmp   += 11;
+
+                               // Cipher Suite Selectors from Spec P802.11i/D3.2 P26.
+                               //      Value      Meaning
+                               //      0                       None
+                               //      1                       WEP-40
+                               //      2                       Tkip
+                               //      3                       WRAP
+                               //      4                       AES
+                               //      5                       WEP-104
+                               // Parse group cipher
+                               switch (*pTmp)
+                               {
+                                       case 1:
+                                               pBss->WPA.GroupCipher = Ndis802_11GroupWEP40Enabled;
+                                               break;
+                                       case 5:
+                                               pBss->WPA.GroupCipher = Ndis802_11GroupWEP104Enabled;
+                                               break;
+                                       case 2:
+                                               pBss->WPA.GroupCipher = Ndis802_11Encryption2Enabled;
+                                               break;
+                                       case 4:
+                                               pBss->WPA.GroupCipher = Ndis802_11Encryption3Enabled;
+                                               break;
+                                       default:
+                                               break;
+                               }
+                               // number of unicast suite
+                               pTmp   += 1;
+
+                               // skip all unicast cipher suites
+                               //Count = *(PUSHORT) pTmp;
+                               Count = (pTmp[1]<<8) + pTmp[0];
+                               pTmp   += sizeof(USHORT);
+
+                               // Parsing all unicast cipher suite
+                               while (Count > 0)
+                               {
+                                       // Skip OUI
+                                       pTmp += 3;
+                                       TmpCipher = Ndis802_11WEPDisabled;
+                                       switch (*pTmp)
+                                       {
+                                               case 1:
+                                               case 5: // Although WEP is not allowed in WPA related auth mode, we parse it anyway
+                                                       TmpCipher = Ndis802_11Encryption1Enabled;
+                                                       break;
+                                               case 2:
+                                                       TmpCipher = Ndis802_11Encryption2Enabled;
+                                                       break;
+                                               case 4:
+                                                       TmpCipher = Ndis802_11Encryption3Enabled;
+                                                       break;
+                                               default:
+                                                       break;
+                                       }
+                                       if (TmpCipher > pBss->WPA.PairCipher)
+                                       {
+                                               // Move the lower cipher suite to PairCipherAux
+                                               pBss->WPA.PairCipherAux = pBss->WPA.PairCipher;
+                                               pBss->WPA.PairCipher    = TmpCipher;
+                                       }
+                                       else
+                                       {
+                                               pBss->WPA.PairCipherAux = TmpCipher;
+                                       }
+                                       pTmp++;
+                                       Count--;
+                               }
+
+                               // 4. get AKM suite counts
+                               //Count = *(PUSHORT) pTmp;
+                               Count = (pTmp[1]<<8) + pTmp[0];
+                               pTmp   += sizeof(USHORT);
+                               pTmp   += 3;
+
+                               switch (*pTmp)
+                               {
+                                       case 1:
+                                               // Set AP support WPA-enterprise mode
+                                               if (pBss->AuthMode == Ndis802_11AuthModeOpen)
+                                                       pBss->AuthMode = Ndis802_11AuthModeWPA;
+                                               else
+                                                       pBss->AuthModeAux = Ndis802_11AuthModeWPA;
+                                               break;
+                                       case 2:
+                                               // Set AP support WPA-PSK mode
+                                               if (pBss->AuthMode == Ndis802_11AuthModeOpen)
+                                                       pBss->AuthMode = Ndis802_11AuthModeWPAPSK;
+                                               else
+                                                       pBss->AuthModeAux = Ndis802_11AuthModeWPAPSK;
+                                               break;
+                                       default:
+                                               break;
+                               }
+                               pTmp   += 1;
+
+                               // Fixed for WPA-None
+                               if (pBss->BssType == BSS_ADHOC)
+                               {
+                                       pBss->AuthMode    = Ndis802_11AuthModeWPANone;
+                                       pBss->AuthModeAux = Ndis802_11AuthModeWPANone;
+                                       pBss->WepStatus   = pBss->WPA.GroupCipher;
+                                       // Patched bugs for old driver
+                                       if (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled)
+                                               pBss->WPA.PairCipherAux = pBss->WPA.GroupCipher;
+                               }
+                               else
+                                       pBss->WepStatus   = pBss->WPA.PairCipher;
+
+                               // Check the Pair & Group, if different, turn on mixed mode flag
+                               if (pBss->WPA.GroupCipher != pBss->WPA.PairCipher)
+                                       pBss->WPA.bMixMode = TRUE;
+
+                               break;
+
+                       case IE_RSN:
+                               pRsnHeader = (PRSN_IE_HEADER_STRUCT) pTmp;
+
+                               // 0. Version must be 1
+                               if (le2cpu16(pRsnHeader->Version) != 1)
+                                       break;
+                               pTmp   += sizeof(RSN_IE_HEADER_STRUCT);
+
+                               // 1. Check group cipher
+                               pCipher = (PCIPHER_SUITE_STRUCT) pTmp;
+                               if (!RTMPEqualMemory(pTmp, RSN_OUI, 3))
+                                       break;
+
+                               // Parse group cipher
+                               switch (pCipher->Type)
+                               {
+                                       case 1:
+                                               pBss->WPA2.GroupCipher = Ndis802_11GroupWEP40Enabled;
+                                               break;
+                                       case 5:
+                                               pBss->WPA2.GroupCipher = Ndis802_11GroupWEP104Enabled;
+                                               break;
+                                       case 2:
+                                               pBss->WPA2.GroupCipher = Ndis802_11Encryption2Enabled;
+                                               break;
+                                       case 4:
+                                               pBss->WPA2.GroupCipher = Ndis802_11Encryption3Enabled;
+                                               break;
+                                       default:
+                                               break;
+                               }
+                               // set to correct offset for next parsing
+                               pTmp   += sizeof(CIPHER_SUITE_STRUCT);
+
+                               // 2. Get pairwise cipher counts
+                               //Count = *(PUSHORT) pTmp;
+                               Count = (pTmp[1]<<8) + pTmp[0];
+                               pTmp   += sizeof(USHORT);
+
+                               // 3. Get pairwise cipher
+                               // Parsing all unicast cipher suite
+                               while (Count > 0)
+                               {
+                                       // Skip OUI
+                                       pCipher = (PCIPHER_SUITE_STRUCT) pTmp;
+                                       TmpCipher = Ndis802_11WEPDisabled;
+                                       switch (pCipher->Type)
+                                       {
+                                               case 1:
+                                               case 5: // Although WEP is not allowed in WPA related auth mode, we parse it anyway
+                                                       TmpCipher = Ndis802_11Encryption1Enabled;
+                                                       break;
+                                               case 2:
+                                                       TmpCipher = Ndis802_11Encryption2Enabled;
+                                                       break;
+                                               case 4:
+                                                       TmpCipher = Ndis802_11Encryption3Enabled;
+                                                       break;
+                                               default:
+                                                       break;
+                                       }
+                                       if (TmpCipher > pBss->WPA2.PairCipher)
+                                       {
+                                               // Move the lower cipher suite to PairCipherAux
+                                               pBss->WPA2.PairCipherAux = pBss->WPA2.PairCipher;
+                                               pBss->WPA2.PairCipher    = TmpCipher;
+                                       }
+                                       else
+                                       {
+                                               pBss->WPA2.PairCipherAux = TmpCipher;
+                                       }
+                                       pTmp += sizeof(CIPHER_SUITE_STRUCT);
+                                       Count--;
+                               }
+
+                               // 4. get AKM suite counts
+                               //Count = *(PUSHORT) pTmp;
+                               Count = (pTmp[1]<<8) + pTmp[0];
+                               pTmp   += sizeof(USHORT);
+
+                               // 5. Get AKM ciphers
+                               // Parsing all AKM ciphers
+                               while (Count > 0)
+                               {
+                                       pAKM = (PAKM_SUITE_STRUCT) pTmp;
+                                       if (!RTMPEqualMemory(pTmp, RSN_OUI, 3))
+                                               break;
+
+                                       switch (pAKM->Type)
+                                       {
+                                               case 1:
+                                                       // Set AP support WPA-enterprise mode
+                                                       if (pBss->AuthMode == Ndis802_11AuthModeOpen)
+                                                               pBss->AuthMode = Ndis802_11AuthModeWPA2;
+                                                       else
+                                                               pBss->AuthModeAux = Ndis802_11AuthModeWPA2;
+                                                       break;
+                                               case 2:
+                                                       // Set AP support WPA-PSK mode
+                                                       if (pBss->AuthMode == Ndis802_11AuthModeOpen)
+                                                               pBss->AuthMode = Ndis802_11AuthModeWPA2PSK;
+                                                       else
+                                                               pBss->AuthModeAux = Ndis802_11AuthModeWPA2PSK;
+                                                       break;
+                                               default:
+                                                       if (pBss->AuthMode == Ndis802_11AuthModeOpen)
+                                                               pBss->AuthMode = Ndis802_11AuthModeMax;
+                                                       else
+                                                               pBss->AuthModeAux = Ndis802_11AuthModeMax;
+                                                       break;
+                                       }
+                                       pTmp   += (Count * sizeof(AKM_SUITE_STRUCT));
+                                       Count--;
+                               }
+
+                               // Fixed for WPA-None
+                               if (pBss->BssType == BSS_ADHOC)
+                               {
+                                       pBss->AuthMode = Ndis802_11AuthModeWPANone;
+                                       pBss->AuthModeAux = Ndis802_11AuthModeWPANone;
+                                       pBss->WPA.PairCipherAux = pBss->WPA2.PairCipherAux;
+                                       pBss->WPA.GroupCipher   = pBss->WPA2.GroupCipher;
+                                       pBss->WepStatus                 = pBss->WPA.GroupCipher;
+                                       // Patched bugs for old driver
+                                       if (pBss->WPA.PairCipherAux == Ndis802_11WEPDisabled)
+                                               pBss->WPA.PairCipherAux = pBss->WPA.GroupCipher;
+                               }
+                               pBss->WepStatus   = pBss->WPA2.PairCipher;
+
+                               // 6. Get RSN capability
+                               //pBss->WPA2.RsnCapability = *(PUSHORT) pTmp;
+                               pBss->WPA2.RsnCapability = (pTmp[1]<<8) + pTmp[0];
+                               pTmp += sizeof(USHORT);
+
+                               // Check the Pair & Group, if different, turn on mixed mode flag
+                               if (pBss->WPA2.GroupCipher != pBss->WPA2.PairCipher)
+                                       pBss->WPA2.bMixMode = TRUE;
+
+                               break;
+                       default:
+                               break;
+               }
+               Length -= (pEid->Len + 2);
+       }
+}
+
+// ===========================================================================================
+// mac_table.c
+// ===========================================================================================
+
+/*! \brief generates a random mac address value for IBSS BSSID
+ *     \param Addr the bssid location
+ *     \return none
+ *     \pre
+ *     \post
+ */
+VOID MacAddrRandomBssid(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pAddr)
+{
+       INT i;
+
+       for (i = 0; i < MAC_ADDR_LEN; i++)
+       {
+               pAddr[i] = RandomByte(pAd);
+       }
+
+       pAddr[0] = (pAddr[0] & 0xfe) | 0x02;  // the first 2 bits must be 01xxxxxxxx
+}
+
+/*! \brief init the management mac frame header
+ *     \param p_hdr mac header
+ *     \param subtype subtype of the frame
+ *     \param p_ds destination address, don't care if it is a broadcast address
+ *     \return none
+ *     \pre the station has the following information in the pAd->StaCfg
+ *      - bssid
+ *      - station address
+ *     \post
+ *     \note this function initializes the following field
+
+ IRQL = PASSIVE_LEVEL
+ IRQL = DISPATCH_LEVEL
+
+ */
+VOID MgtMacHeaderInit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN OUT PHEADER_802_11 pHdr80211,
+       IN UCHAR SubType,
+       IN UCHAR ToDs,
+       IN PUCHAR pDA,
+       IN PUCHAR pBssid)
+{
+       NdisZeroMemory(pHdr80211, sizeof(HEADER_802_11));
+
+       pHdr80211->FC.Type = BTYPE_MGMT;
+       pHdr80211->FC.SubType = SubType;
+//     if (SubType == SUBTYPE_ACK)     // sample, no use, it will conflict with ACTION frame sub type
+//             pHdr80211->FC.Type = BTYPE_CNTL;
+       pHdr80211->FC.ToDs = ToDs;
+       COPY_MAC_ADDR(pHdr80211->Addr1, pDA);
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               COPY_MAC_ADDR(pHdr80211->Addr2, pAd->CurrentAddress);
+#endif // CONFIG_STA_SUPPORT //
+       COPY_MAC_ADDR(pHdr80211->Addr3, pBssid);
+}
+
+// ===========================================================================================
+// mem_mgmt.c
+// ===========================================================================================
+
+/*!***************************************************************************
+ * This routine build an outgoing frame, and fill all information specified
+ * in argument list to the frame body. The actual frame size is the summation
+ * of all arguments.
+ * input params:
+ *             Buffer - pointer to a pre-allocated memory segment
+ *             args - a list of <int arg_size, arg> pairs.
+ *             NOTE NOTE NOTE!!!! the last argument must be NULL, otherwise this
+ *                                                function will FAIL!!!
+ * return:
+ *             Size of the buffer
+ * usage:
+ *             MakeOutgoingFrame(Buffer, output_length, 2, &fc, 2, &dur, 6, p_addr1, 6,p_addr2, END_OF_ARGS);
+
+ IRQL = PASSIVE_LEVEL
+ IRQL = DISPATCH_LEVEL
+
+ ****************************************************************************/
+ULONG MakeOutgoingFrame(
+       OUT UCHAR *Buffer,
+       OUT ULONG *FrameLen, ...)
+{
+       UCHAR   *p;
+       int     leng;
+       ULONG   TotLeng;
+       va_list Args;
+
+       // calculates the total length
+       TotLeng = 0;
+       va_start(Args, FrameLen);
+       do
+       {
+               leng = va_arg(Args, int);
+               if (leng == END_OF_ARGS)
+               {
+                       break;
+               }
+               p = va_arg(Args, PVOID);
+               NdisMoveMemory(&Buffer[TotLeng], p, leng);
+               TotLeng = TotLeng + leng;
+       } while(TRUE);
+
+       va_end(Args); /* clean up */
+       *FrameLen = TotLeng;
+       return TotLeng;
+}
+
+// ===========================================================================================
+// mlme_queue.c
+// ===========================================================================================
+
+/*! \brief     Initialize The MLME Queue, used by MLME Functions
+ *     \param  *Queue     The MLME Queue
+ *     \return Always     Return NDIS_STATE_SUCCESS in this implementation
+ *     \pre
+ *     \post
+ *     \note   Because this is done only once (at the init stage), no need to be locked
+
+ IRQL = PASSIVE_LEVEL
+
+ */
+NDIS_STATUS MlmeQueueInit(
+       IN MLME_QUEUE *Queue)
+{
+       INT i;
+
+       NdisAllocateSpinLock(&Queue->Lock);
+
+       Queue->Num      = 0;
+       Queue->Head = 0;
+       Queue->Tail = 0;
+
+       for (i = 0; i < MAX_LEN_OF_MLME_QUEUE; i++)
+       {
+               Queue->Entry[i].Occupied = FALSE;
+               Queue->Entry[i].MsgLen = 0;
+               NdisZeroMemory(Queue->Entry[i].Msg, MGMT_DMA_BUFFER_SIZE);
+       }
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+/*! \brief      Enqueue a message for other threads, if they want to send messages to MLME thread
+ *     \param  *Queue    The MLME Queue
+ *     \param   Machine  The State Machine Id
+ *     \param   MsgType  The Message Type
+ *     \param   MsgLen   The Message length
+ *     \param  *Msg      The message pointer
+ *     \return  TRUE if enqueue is successful, FALSE if the queue is full
+ *     \pre
+ *     \post
+ *     \note    The message has to be initialized
+
+ IRQL = PASSIVE_LEVEL
+ IRQL = DISPATCH_LEVEL
+
+ */
+BOOLEAN MlmeEnqueue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN ULONG Machine,
+       IN ULONG MsgType,
+       IN ULONG MsgLen,
+       IN VOID *Msg)
+{
+       INT Tail;
+       MLME_QUEUE      *Queue = (MLME_QUEUE *)&pAd->Mlme.Queue;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return FALSE;
+
+       // First check the size, it MUST not exceed the mlme queue size
+       if (MsgLen > MGMT_DMA_BUFFER_SIZE)
+       {
+               DBGPRINT_ERR(("MlmeEnqueue: msg too large, size = %ld \n", MsgLen));
+               return FALSE;
+       }
+
+       if (MlmeQueueFull(Queue))
+       {
+               return FALSE;
+       }
+
+       NdisAcquireSpinLock(&(Queue->Lock));
+       Tail = Queue->Tail;
+       Queue->Tail++;
+       Queue->Num++;
+       if (Queue->Tail == MAX_LEN_OF_MLME_QUEUE)
+       {
+               Queue->Tail = 0;
+       }
+
+       Queue->Entry[Tail].Wcid = RESERVED_WCID;
+       Queue->Entry[Tail].Occupied = TRUE;
+       Queue->Entry[Tail].Machine = Machine;
+       Queue->Entry[Tail].MsgType = MsgType;
+       Queue->Entry[Tail].MsgLen  = MsgLen;
+
+       if (Msg != NULL)
+       {
+               NdisMoveMemory(Queue->Entry[Tail].Msg, Msg, MsgLen);
+       }
+
+       NdisReleaseSpinLock(&(Queue->Lock));
+       return TRUE;
+}
+
+/*! \brief      This function is used when Recv gets a MLME message
+ *     \param  *Queue                   The MLME Queue
+ *     \param   TimeStampHigh   The upper 32 bit of timestamp
+ *     \param   TimeStampLow    The lower 32 bit of timestamp
+ *     \param   Rssi                    The receiving RSSI strength
+ *     \param   MsgLen                  The length of the message
+ *     \param  *Msg                     The message pointer
+ *     \return  TRUE if everything ok, FALSE otherwise (like Queue Full)
+ *     \pre
+ *     \post
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+BOOLEAN MlmeEnqueueForRecv(
+       IN      PRTMP_ADAPTER   pAd,
+       IN ULONG Wcid,
+       IN ULONG TimeStampHigh,
+       IN ULONG TimeStampLow,
+       IN UCHAR Rssi0,
+       IN UCHAR Rssi1,
+       IN UCHAR Rssi2,
+       IN ULONG MsgLen,
+       IN VOID *Msg,
+       IN UCHAR Signal)
+{
+       INT              Tail, Machine;
+       PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
+       INT              MsgType;
+       MLME_QUEUE      *Queue = (MLME_QUEUE *)&pAd->Mlme.Queue;
+
+#ifdef RALINK_ATE
+       /* Nothing to do in ATE mode */
+       if(ATE_ON(pAd))
+               return FALSE;
+#endif // RALINK_ATE //
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+       {
+               DBGPRINT_ERR(("MlmeEnqueueForRecv: fRTMP_ADAPTER_HALT_IN_PROGRESS\n"));
+               return FALSE;
+       }
+
+       // First check the size, it MUST not exceed the mlme queue size
+       if (MsgLen > MGMT_DMA_BUFFER_SIZE)
+       {
+               DBGPRINT_ERR(("MlmeEnqueueForRecv: frame too large, size = %ld \n", MsgLen));
+               return FALSE;
+       }
+
+       if (MlmeQueueFull(Queue))
+       {
+               return FALSE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (!MsgTypeSubst(pAd, pFrame, &Machine, &MsgType))
+               {
+                       DBGPRINT_ERR(("MlmeEnqueueForRecv: un-recongnized mgmt->subtype=%d\n",pFrame->Hdr.FC.SubType));
+                       return FALSE;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // OK, we got all the informations, it is time to put things into queue
+       NdisAcquireSpinLock(&(Queue->Lock));
+       Tail = Queue->Tail;
+       Queue->Tail++;
+       Queue->Num++;
+       if (Queue->Tail == MAX_LEN_OF_MLME_QUEUE)
+       {
+               Queue->Tail = 0;
+       }
+       Queue->Entry[Tail].Occupied = TRUE;
+       Queue->Entry[Tail].Machine = Machine;
+       Queue->Entry[Tail].MsgType = MsgType;
+       Queue->Entry[Tail].MsgLen  = MsgLen;
+       Queue->Entry[Tail].TimeStamp.u.LowPart = TimeStampLow;
+       Queue->Entry[Tail].TimeStamp.u.HighPart = TimeStampHigh;
+       Queue->Entry[Tail].Rssi0 = Rssi0;
+       Queue->Entry[Tail].Rssi1 = Rssi1;
+       Queue->Entry[Tail].Rssi2 = Rssi2;
+       Queue->Entry[Tail].Signal = Signal;
+       Queue->Entry[Tail].Wcid = (UCHAR)Wcid;
+
+       Queue->Entry[Tail].Channel = pAd->LatchRfRegs.Channel;
+
+       if (Msg != NULL)
+       {
+               NdisMoveMemory(Queue->Entry[Tail].Msg, Msg, MsgLen);
+       }
+
+       NdisReleaseSpinLock(&(Queue->Lock));
+
+       RTMP_MLME_HANDLER(pAd);
+
+       return TRUE;
+}
+
+
+/*! \brief      Dequeue a message from the MLME Queue
+ *     \param  *Queue    The MLME Queue
+ *     \param  *Elem     The message dequeued from MLME Queue
+ *     \return  TRUE if the Elem contains something, FALSE otherwise
+ *     \pre
+ *     \post
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+BOOLEAN MlmeDequeue(
+       IN MLME_QUEUE *Queue,
+       OUT MLME_QUEUE_ELEM **Elem)
+{
+       NdisAcquireSpinLock(&(Queue->Lock));
+       *Elem = &(Queue->Entry[Queue->Head]);
+       Queue->Num--;
+       Queue->Head++;
+       if (Queue->Head == MAX_LEN_OF_MLME_QUEUE)
+       {
+               Queue->Head = 0;
+       }
+       NdisReleaseSpinLock(&(Queue->Lock));
+       return TRUE;
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID   MlmeRestartStateMachine(
+       IN      PRTMP_ADAPTER   pAd)
+{
+#ifdef RTMP_MAC_PCI
+       MLME_QUEUE_ELEM         *Elem = NULL;
+#endif // RTMP_MAC_PCI //
+#ifdef CONFIG_STA_SUPPORT
+       BOOLEAN                         Cancelled;
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("MlmeRestartStateMachine \n"));
+
+#ifdef RTMP_MAC_PCI
+       NdisAcquireSpinLock(&pAd->Mlme.TaskLock);
+       if(pAd->Mlme.bRunning)
+       {
+               NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+               return;
+       }
+       else
+       {
+               pAd->Mlme.bRunning = TRUE;
+       }
+       NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+
+       // Remove all Mlme queues elements
+       while (!MlmeQueueEmpty(&pAd->Mlme.Queue))
+       {
+               //From message type, determine which state machine I should drive
+               if (MlmeDequeue(&pAd->Mlme.Queue, &Elem))
+               {
+                       // free MLME element
+                       Elem->Occupied = FALSE;
+                       Elem->MsgLen = 0;
+
+               }
+               else {
+                       DBGPRINT_ERR(("MlmeRestartStateMachine: MlmeQueue empty\n"));
+               }
+       }
+#endif // RTMP_MAC_PCI //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+#ifdef QOS_DLS_SUPPORT
+               UCHAR i;
+#endif // QOS_DLS_SUPPORT //
+               // Cancel all timer events
+               // Be careful to cancel new added timer
+               RTMPCancelTimer(&pAd->MlmeAux.AssocTimer,         &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer,   &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer,  &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.AuthTimer,           &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer,         &Cancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.ScanTimer,           &Cancelled);
+
+#ifdef QOS_DLS_SUPPORT
+               for (i=0; i<MAX_NUM_OF_DLS_ENTRY; i++)
+               {
+                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &Cancelled);
+               }
+#endif // QOS_DLS_SUPPORT //
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Change back to original channel in case of doing scan
+       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+
+       // Resume MSDU which is turned off durning scan
+       RTMPResumeMsduTransmission(pAd);
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Set all state machines back IDLE
+               pAd->Mlme.CntlMachine.CurrState    = CNTL_IDLE;
+               pAd->Mlme.AssocMachine.CurrState   = ASSOC_IDLE;
+               pAd->Mlme.AuthMachine.CurrState    = AUTH_REQ_IDLE;
+               pAd->Mlme.AuthRspMachine.CurrState = AUTH_RSP_IDLE;
+               pAd->Mlme.SyncMachine.CurrState    = SYNC_IDLE;
+               pAd->Mlme.ActMachine.CurrState    = ACT_IDLE;
+#ifdef QOS_DLS_SUPPORT
+               pAd->Mlme.DlsMachine.CurrState    = DLS_IDLE;
+#endif // QOS_DLS_SUPPORT //
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RTMP_MAC_PCI
+       // Remove running state
+       NdisAcquireSpinLock(&pAd->Mlme.TaskLock);
+       pAd->Mlme.bRunning = FALSE;
+       NdisReleaseSpinLock(&pAd->Mlme.TaskLock);
+#endif // RTMP_MAC_PCI //
+}
+
+/*! \brief     test if the MLME Queue is empty
+ *     \param  *Queue    The MLME Queue
+ *     \return TRUE if the Queue is empty, FALSE otherwise
+ *     \pre
+ *     \post
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+BOOLEAN MlmeQueueEmpty(
+       IN MLME_QUEUE *Queue)
+{
+       BOOLEAN Ans;
+
+       NdisAcquireSpinLock(&(Queue->Lock));
+       Ans = (Queue->Num == 0);
+       NdisReleaseSpinLock(&(Queue->Lock));
+
+       return Ans;
+}
+
+/*! \brief      test if the MLME Queue is full
+ *     \param   *Queue          The MLME Queue
+ *     \return  TRUE if the Queue is empty, FALSE otherwise
+ *     \pre
+ *     \post
+
+ IRQL = PASSIVE_LEVEL
+ IRQL = DISPATCH_LEVEL
+
+ */
+BOOLEAN MlmeQueueFull(
+       IN MLME_QUEUE *Queue)
+{
+       BOOLEAN Ans;
+
+       NdisAcquireSpinLock(&(Queue->Lock));
+       Ans = (Queue->Num == MAX_LEN_OF_MLME_QUEUE || Queue->Entry[Queue->Tail].Occupied);
+       NdisReleaseSpinLock(&(Queue->Lock));
+
+       return Ans;
+}
+
+/*! \brief      The destructor of MLME Queue
+ *     \param
+ *     \return
+ *     \pre
+ *     \post
+ *     \note   Clear Mlme Queue, Set Queue->Num to Zero.
+
+ IRQL = PASSIVE_LEVEL
+
+ */
+VOID MlmeQueueDestroy(
+       IN MLME_QUEUE *pQueue)
+{
+       NdisAcquireSpinLock(&(pQueue->Lock));
+       pQueue->Num  = 0;
+       pQueue->Head = 0;
+       pQueue->Tail = 0;
+       NdisReleaseSpinLock(&(pQueue->Lock));
+       NdisFreeSpinLock(&(pQueue->Lock));
+}
+
+
+/*! \brief      To substitute the message type if the message is coming from external
+ *     \param  pFrame             The frame received
+ *     \param  *Machine           The state machine
+ *     \param  *MsgType           the message type for the state machine
+ *     \return TRUE if the substitution is successful, FALSE otherwise
+ *     \pre
+ *     \post
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+#ifdef CONFIG_STA_SUPPORT
+BOOLEAN MsgTypeSubst(
+       IN PRTMP_ADAPTER  pAd,
+       IN PFRAME_802_11 pFrame,
+       OUT INT *Machine,
+       OUT INT *MsgType)
+{
+       USHORT  Seq, Alg;
+       UCHAR   EAPType;
+       PUCHAR  pData;
+
+       // Pointer to start of data frames including SNAP header
+       pData = (PUCHAR) pFrame + LENGTH_802_11;
+
+       // The only data type will pass to this function is EAPOL frame
+       if (pFrame->Hdr.FC.Type == BTYPE_DATA)
+       {
+               {
+               *Machine = WPA_STATE_MACHINE;
+                       EAPType = *((UCHAR*)pFrame + LENGTH_802_11 + LENGTH_802_1_H + 1);
+               return (WpaMsgTypeSubst(EAPType, (INT *) MsgType));
+               }
+       }
+
+       switch (pFrame->Hdr.FC.SubType)
+       {
+               case SUBTYPE_ASSOC_REQ:
+                       *Machine = ASSOC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_ASSOC_REQ;
+                       break;
+               case SUBTYPE_ASSOC_RSP:
+                       *Machine = ASSOC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_ASSOC_RSP;
+                       break;
+               case SUBTYPE_REASSOC_REQ:
+                       *Machine = ASSOC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_REASSOC_REQ;
+                       break;
+               case SUBTYPE_REASSOC_RSP:
+                       *Machine = ASSOC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_REASSOC_RSP;
+                       break;
+               case SUBTYPE_PROBE_REQ:
+                       *Machine = SYNC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_PROBE_REQ;
+                       break;
+               case SUBTYPE_PROBE_RSP:
+                       *Machine = SYNC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_PROBE_RSP;
+                       break;
+               case SUBTYPE_BEACON:
+                       *Machine = SYNC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_BEACON;
+                       break;
+               case SUBTYPE_ATIM:
+                       *Machine = SYNC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_ATIM;
+                       break;
+               case SUBTYPE_DISASSOC:
+                       *Machine = ASSOC_STATE_MACHINE;
+                       *MsgType = MT2_PEER_DISASSOC_REQ;
+                       break;
+               case SUBTYPE_AUTH:
+                       // get the sequence number from payload 24 Mac Header + 2 bytes algorithm
+                       NdisMoveMemory(&Seq, &pFrame->Octet[2], sizeof(USHORT));
+                       NdisMoveMemory(&Alg, &pFrame->Octet[0], sizeof(USHORT));
+                       if (Seq == 1 || Seq == 3)
+                       {
+                               *Machine = AUTH_RSP_STATE_MACHINE;
+                               *MsgType = MT2_PEER_AUTH_ODD;
+                       }
+                       else if (Seq == 2 || Seq == 4)
+                       {
+                               if (Alg == AUTH_MODE_OPEN || Alg == AUTH_MODE_KEY)
+                               {
+                                       *Machine = AUTH_STATE_MACHINE;
+                                       *MsgType = MT2_PEER_AUTH_EVEN;
+                               }
+                       }
+                       else
+                       {
+                               return FALSE;
+                       }
+                       break;
+               case SUBTYPE_DEAUTH:
+                       *Machine = AUTH_RSP_STATE_MACHINE;
+                       *MsgType = MT2_PEER_DEAUTH;
+                       break;
+               case SUBTYPE_ACTION:
+                       *Machine = ACTION_STATE_MACHINE;
+                       //  Sometimes Sta will return with category bytes with MSB = 1, if they receive catogory out of their support
+                       if ((pFrame->Octet[0]&0x7F) > MAX_PEER_CATE_MSG)
+                       {
+                               *MsgType = MT2_ACT_INVALID;
+                       }
+                       else
+                       {
+                               *MsgType = (pFrame->Octet[0]&0x7F);
+                       }
+                       break;
+               default:
+                       return FALSE;
+                       break;
+       }
+
+       return TRUE;
+}
+#endif // CONFIG_STA_SUPPORT //
+
+// ===========================================================================================
+// state_machine.c
+// ===========================================================================================
+
+/*! \brief Initialize the state machine.
+ *     \param *S                       pointer to the state machine
+ *     \param  Trans           State machine transition function
+ *     \param  StNr            number of states
+ *     \param  MsgNr           number of messages
+ *     \param  DefFunc         default function, when there is invalid state/message combination
+ *     \param  InitState       initial state of the state machine
+ *     \param  Base            StateMachine base, internal use only
+ *     \pre p_sm should be a legal pointer
+ *     \post
+
+ IRQL = PASSIVE_LEVEL
+
+ */
+VOID StateMachineInit(
+       IN STATE_MACHINE *S,
+       IN STATE_MACHINE_FUNC Trans[],
+       IN ULONG StNr,
+       IN ULONG MsgNr,
+       IN STATE_MACHINE_FUNC DefFunc,
+       IN ULONG InitState,
+       IN ULONG Base)
+{
+       ULONG i, j;
+
+       // set number of states and messages
+       S->NrState = StNr;
+       S->NrMsg   = MsgNr;
+       S->Base    = Base;
+
+       S->TransFunc  = Trans;
+
+       // init all state transition to default function
+       for (i = 0; i < StNr; i++)
+       {
+               for (j = 0; j < MsgNr; j++)
+               {
+                       S->TransFunc[i * MsgNr + j] = DefFunc;
+               }
+       }
+
+       // set the starting state
+       S->CurrState = InitState;
+}
+
+/*! \brief This function fills in the function pointer into the cell in the state machine
+ *     \param *S       pointer to the state machine
+ *     \param St       state
+ *     \param Msg      incoming message
+ *     \param f        the function to be executed when (state, message) combination occurs at the state machine
+ *     \pre *S should be a legal pointer to the state machine, st, msg, should be all within the range, Base should be set in the initial state
+ *     \post
+
+ IRQL = PASSIVE_LEVEL
+
+ */
+VOID StateMachineSetAction(
+       IN STATE_MACHINE *S,
+       IN ULONG St,
+       IN ULONG Msg,
+       IN STATE_MACHINE_FUNC Func)
+{
+       ULONG MsgIdx;
+
+       MsgIdx = Msg - S->Base;
+
+       if (St < S->NrState && MsgIdx < S->NrMsg)
+       {
+               // boundary checking before setting the action
+               S->TransFunc[St * S->NrMsg + MsgIdx] = Func;
+       }
+}
+
+/*! \brief      This function does the state transition
+ *     \param   *Adapter the NIC adapter pointer
+ *     \param   *S       the state machine
+ *     \param   *Elem    the message to be executed
+ *     \return   None
+
+ IRQL = DISPATCH_LEVEL
+
+ */
+VOID StateMachinePerformAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN STATE_MACHINE *S,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       (*(S->TransFunc[S->CurrState * S->NrMsg + Elem->MsgType - S->Base]))(pAd, Elem);
+}
+
+/*
+       ==========================================================================
+       Description:
+               The drop function, when machine executes this, the message is simply
+               ignored. This function does nothing, the message is freed in
+               StateMachinePerformAction()
+       ==========================================================================
+ */
+VOID Drop(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+}
+
+// ===========================================================================================
+// lfsr.c
+// ===========================================================================================
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+ */
+VOID LfsrInit(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG Seed)
+{
+       if (Seed == 0)
+               pAd->Mlme.ShiftReg = 1;
+       else
+               pAd->Mlme.ShiftReg = Seed;
+}
+
+/*
+       ==========================================================================
+       Description:
+       ==========================================================================
+ */
+UCHAR RandomByte(
+       IN PRTMP_ADAPTER pAd)
+{
+       ULONG i;
+       UCHAR R, Result;
+
+       R = 0;
+
+       if (pAd->Mlme.ShiftReg == 0)
+       NdisGetSystemUpTime((ULONG *)&pAd->Mlme.ShiftReg);
+
+       for (i = 0; i < 8; i++)
+       {
+               if (pAd->Mlme.ShiftReg & 0x00000001)
+               {
+                       pAd->Mlme.ShiftReg = ((pAd->Mlme.ShiftReg ^ LFSR_MASK) >> 1) | 0x80000000;
+                       Result = 1;
+               }
+               else
+               {
+                       pAd->Mlme.ShiftReg = pAd->Mlme.ShiftReg >> 1;
+                       Result = 0;
+               }
+               R = (R << 1) | Result;
+       }
+
+       return R;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Verify the support rate for different PHY type
+
+       Arguments:
+               pAd                             Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+VOID   RTMPCheckRates(
+       IN              PRTMP_ADAPTER   pAd,
+       IN OUT  UCHAR                   SupRate[],
+       IN OUT  UCHAR                   *SupRateLen)
+{
+       UCHAR   RateIdx, i, j;
+       UCHAR   NewRate[12], NewRateLen;
+
+       NewRateLen = 0;
+
+       if (pAd->CommonCfg.PhyMode == PHY_11B)
+               RateIdx = 4;
+       else
+               RateIdx = 12;
+
+       // Check for support rates exclude basic rate bit
+       for (i = 0; i < *SupRateLen; i++)
+               for (j = 0; j < RateIdx; j++)
+                       if ((SupRate[i] & 0x7f) == RateIdTo500Kbps[j])
+                               NewRate[NewRateLen++] = SupRate[i];
+
+       *SupRateLen = NewRateLen;
+       NdisMoveMemory(SupRate, NewRate, NewRateLen);
+}
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef DOT11_N_SUPPORT
+BOOLEAN RTMPCheckChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                CentralChannel,
+       IN UCHAR                Channel)
+{
+       UCHAR           k;
+       UCHAR           UpperChannel = 0, LowerChannel = 0;
+       UCHAR           NoEffectChannelinList = 0;
+
+       // Find upper and lower channel according to 40MHz current operation.
+       if (CentralChannel < Channel)
+       {
+               UpperChannel = Channel;
+               if (CentralChannel > 2)
+                       LowerChannel = CentralChannel - 2;
+               else
+                       return FALSE;
+       }
+       else if (CentralChannel > Channel)
+       {
+               UpperChannel = CentralChannel + 2;
+               LowerChannel = Channel;
+       }
+
+       for (k = 0;k < pAd->ChannelListNum;k++)
+       {
+               if (pAd->ChannelList[k].Channel == UpperChannel)
+               {
+                       NoEffectChannelinList ++;
+               }
+               if (pAd->ChannelList[k].Channel == LowerChannel)
+               {
+                       NoEffectChannelinList ++;
+               }
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("Total Channel in Channel List = [%d]\n", NoEffectChannelinList));
+       if (NoEffectChannelinList == 2)
+               return TRUE;
+       else
+               return FALSE;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Verify the support rate for HT phy type
+
+       Arguments:
+               pAd                             Pointer to our adapter
+
+       Return Value:
+               FALSE if pAd->CommonCfg.SupportedHtPhy doesn't accept the pHtCapability.  (AP Mode)
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+BOOLEAN                RTMPCheckHt(
+       IN      PRTMP_ADAPTER                   pAd,
+       IN      UCHAR                                   Wcid,
+       IN      HT_CAPABILITY_IE                *pHtCapability,
+       IN      ADD_HT_INFO_IE                  *pAddHtInfo)
+{
+       if (Wcid >= MAX_LEN_OF_MAC_TABLE)
+               return FALSE;
+
+       // If use AMSDU, set flag.
+       if (pAd->CommonCfg.DesiredHtPhy.AmsduEnable)
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_AMSDU_INUSED);
+       // Save Peer Capability
+       if (pHtCapability->HtCapInfo.ShortGIfor20)
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_SGI20_CAPABLE);
+       if (pHtCapability->HtCapInfo.ShortGIfor40)
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_SGI40_CAPABLE);
+       if (pHtCapability->HtCapInfo.TxSTBC)
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_TxSTBC_CAPABLE);
+       if (pHtCapability->HtCapInfo.RxSTBC)
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_RxSTBC_CAPABLE);
+       if (pAd->CommonCfg.bRdg && pHtCapability->ExtHtCapInfo.RDGSupport)
+       {
+               CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[Wcid], fCLIENT_STATUS_RDG_CAPABLE);
+       }
+
+       if (Wcid < MAX_LEN_OF_MAC_TABLE)
+       {
+               pAd->MacTab.Content[Wcid].MpduDensity = pHtCapability->HtCapParm.MpduDensity;
+       }
+
+       // Will check ChannelWidth for MCSSet[4] below
+       pAd->MlmeAux.HtCapability.MCSSet[4] = 0x1;
+    switch (pAd->CommonCfg.RxStream)
+       {
+               case 1:
+                       pAd->MlmeAux.HtCapability.MCSSet[0] = 0xff;
+                       pAd->MlmeAux.HtCapability.MCSSet[1] = 0x00;
+            pAd->MlmeAux.HtCapability.MCSSet[2] = 0x00;
+            pAd->MlmeAux.HtCapability.MCSSet[3] = 0x00;
+                       break;
+               case 2:
+                       pAd->MlmeAux.HtCapability.MCSSet[0] = 0xff;
+                       pAd->MlmeAux.HtCapability.MCSSet[1] = 0xff;
+            pAd->MlmeAux.HtCapability.MCSSet[2] = 0x00;
+            pAd->MlmeAux.HtCapability.MCSSet[3] = 0x00;
+                       break;
+               case 3:
+                       pAd->MlmeAux.HtCapability.MCSSet[0] = 0xff;
+                       pAd->MlmeAux.HtCapability.MCSSet[1] = 0xff;
+            pAd->MlmeAux.HtCapability.MCSSet[2] = 0xff;
+            pAd->MlmeAux.HtCapability.MCSSet[3] = 0x00;
+                       break;
+       }
+
+       pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth = pAddHtInfo->AddHtInfo.RecomWidth & pAd->CommonCfg.DesiredHtPhy.ChannelWidth;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("RTMPCheckHt:: HtCapInfo.ChannelWidth=%d, RecomWidth=%d, DesiredHtPhy.ChannelWidth=%d, BW40MAvailForA/G=%d/%d, PhyMode=%d \n",
+               pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth, pAddHtInfo->AddHtInfo.RecomWidth, pAd->CommonCfg.DesiredHtPhy.ChannelWidth,
+               pAd->NicConfig2.field.BW40MAvailForA, pAd->NicConfig2.field.BW40MAvailForG, pAd->CommonCfg.PhyMode));
+
+       pAd->MlmeAux.HtCapability.HtCapInfo.GF =  pHtCapability->HtCapInfo.GF &pAd->CommonCfg.DesiredHtPhy.GF;
+
+       // Send Assoc Req with my HT capability.
+       pAd->MlmeAux.HtCapability.HtCapInfo.AMsduSize =  pAd->CommonCfg.DesiredHtPhy.AmsduSize;
+       pAd->MlmeAux.HtCapability.HtCapInfo.MimoPs =  pAd->CommonCfg.DesiredHtPhy.MimoPs;
+       pAd->MlmeAux.HtCapability.HtCapInfo.ShortGIfor20 =  (pAd->CommonCfg.DesiredHtPhy.ShortGIfor20) & (pHtCapability->HtCapInfo.ShortGIfor20);
+       pAd->MlmeAux.HtCapability.HtCapInfo.ShortGIfor40 =  (pAd->CommonCfg.DesiredHtPhy.ShortGIfor40) & (pHtCapability->HtCapInfo.ShortGIfor40);
+       pAd->MlmeAux.HtCapability.HtCapInfo.TxSTBC =  (pAd->CommonCfg.DesiredHtPhy.TxSTBC)&(pHtCapability->HtCapInfo.RxSTBC);
+       pAd->MlmeAux.HtCapability.HtCapInfo.RxSTBC =  (pAd->CommonCfg.DesiredHtPhy.RxSTBC)&(pHtCapability->HtCapInfo.TxSTBC);
+       pAd->MlmeAux.HtCapability.HtCapParm.MaxRAmpduFactor = pAd->CommonCfg.DesiredHtPhy.MaxRAmpduFactor;
+    pAd->MlmeAux.HtCapability.HtCapParm.MpduDensity = pAd->CommonCfg.HtCapability.HtCapParm.MpduDensity;
+       pAd->MlmeAux.HtCapability.ExtHtCapInfo.PlusHTC = pHtCapability->ExtHtCapInfo.PlusHTC;
+       pAd->MacTab.Content[Wcid].HTCapability.ExtHtCapInfo.PlusHTC = pHtCapability->ExtHtCapInfo.PlusHTC;
+       if (pAd->CommonCfg.bRdg)
+       {
+               pAd->MlmeAux.HtCapability.ExtHtCapInfo.RDGSupport = pHtCapability->ExtHtCapInfo.RDGSupport;
+        pAd->MlmeAux.HtCapability.ExtHtCapInfo.PlusHTC = 1;
+       }
+
+    if (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_20)
+        pAd->MlmeAux.HtCapability.MCSSet[4] = 0x0;  // BW20 can't transmit MCS32
+
+       COPY_AP_HTSETTINGS_FROM_BEACON(pAd, pHtCapability);
+       return TRUE;
+}
+#endif // DOT11_N_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Verify the support rate for different PHY type
+
+       Arguments:
+               pAd                             Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+VOID RTMPUpdateMlmeRate(
+       IN PRTMP_ADAPTER        pAd)
+{
+       UCHAR   MinimumRate;
+       UCHAR   ProperMlmeRate; //= RATE_54;
+       UCHAR   i, j, RateIdx = 12; //1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54
+       BOOLEAN bMatch = FALSE;
+
+       switch (pAd->CommonCfg.PhyMode)
+       {
+               case PHY_11B:
+                       ProperMlmeRate = RATE_11;
+                       MinimumRate = RATE_1;
+                       break;
+               case PHY_11BG_MIXED:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11ABGN_MIXED:
+               case PHY_11BGN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                       if ((pAd->MlmeAux.SupRateLen == 4) &&
+                               (pAd->MlmeAux.ExtRateLen == 0))
+                               // B only AP
+                               ProperMlmeRate = RATE_11;
+                       else
+                               ProperMlmeRate = RATE_24;
+
+                       if (pAd->MlmeAux.Channel <= 14)
+                       MinimumRate = RATE_1;
+                       else
+                               MinimumRate = RATE_6;
+                       break;
+               case PHY_11A:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11N_2_4G:      // rt2860 need to check mlmerate for 802.11n
+               case PHY_11GN_MIXED:
+               case PHY_11AGN_MIXED:
+               case PHY_11AN_MIXED:
+               case PHY_11N_5G:
+#endif // DOT11_N_SUPPORT //
+                       ProperMlmeRate = RATE_24;
+                       MinimumRate = RATE_6;
+                       break;
+               case PHY_11ABG_MIXED:
+                       ProperMlmeRate = RATE_24;
+                       if (pAd->MlmeAux.Channel <= 14)
+                          MinimumRate = RATE_1;
+                       else
+                               MinimumRate = RATE_6;
+                       break;
+               default: // error
+                       ProperMlmeRate = RATE_1;
+                       MinimumRate = RATE_1;
+                       break;
+       }
+
+       for (i = 0; i < pAd->MlmeAux.SupRateLen; i++)
+       {
+               for (j = 0; j < RateIdx; j++)
+               {
+                       if ((pAd->MlmeAux.SupRate[i] & 0x7f) == RateIdTo500Kbps[j])
+                       {
+                               if (j == ProperMlmeRate)
+                               {
+                                       bMatch = TRUE;
+                                       break;
+                               }
+                       }
+               }
+
+               if (bMatch)
+                       break;
+       }
+
+       if (bMatch == FALSE)
+       {
+       for (i = 0; i < pAd->MlmeAux.ExtRateLen; i++)
+       {
+               for (j = 0; j < RateIdx; j++)
+               {
+                       if ((pAd->MlmeAux.ExtRate[i] & 0x7f) == RateIdTo500Kbps[j])
+                       {
+                                       if (j == ProperMlmeRate)
+                                       {
+                                               bMatch = TRUE;
+                                               break;
+                                       }
+                       }
+               }
+
+                       if (bMatch)
+                       break;
+       }
+       }
+
+       if (bMatch == FALSE)
+       {
+               ProperMlmeRate = MinimumRate;
+       }
+
+       pAd->CommonCfg.MlmeRate = MinimumRate;
+       pAd->CommonCfg.RtsRate = ProperMlmeRate;
+       if (pAd->CommonCfg.MlmeRate >= RATE_6)
+       {
+               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+               pAd->CommonCfg.MlmeTransmit.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MODE = MODE_OFDM;
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+       }
+       else
+       {
+               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_CCK;
+               pAd->CommonCfg.MlmeTransmit.field.MCS = pAd->CommonCfg.MlmeRate;
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MODE = MODE_CCK;
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MCS = pAd->CommonCfg.MlmeRate;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPUpdateMlmeRate ==>   MlmeTransmit = 0x%x  \n" , pAd->CommonCfg.MlmeTransmit.word));
+}
+
+CHAR RTMPMaxRssi(
+       IN PRTMP_ADAPTER        pAd,
+       IN CHAR                         Rssi0,
+       IN CHAR                         Rssi1,
+       IN CHAR                         Rssi2)
+{
+       CHAR    larger = -127;
+
+       if ((pAd->Antenna.field.RxPath == 1) && (Rssi0 != 0))
+       {
+               larger = Rssi0;
+       }
+
+       if ((pAd->Antenna.field.RxPath >= 2) && (Rssi1 != 0))
+       {
+               larger = max(Rssi0, Rssi1);
+       }
+
+       if ((pAd->Antenna.field.RxPath == 3) && (Rssi2 != 0))
+       {
+               larger = max(larger, Rssi2);
+       }
+
+       if (larger == -127)
+               larger = 0;
+
+       return larger;
+}
+
+
+/*
+    ========================================================================
+    Routine Description:
+        Periodic evaluate antenna link status
+
+    Arguments:
+        pAd         - Adapter pointer
+
+    Return Value:
+        None
+
+    ========================================================================
+*/
+VOID AsicEvaluateRxAnt(
+       IN PRTMP_ADAPTER        pAd)
+{
+#ifdef CONFIG_STA_SUPPORT
+       UCHAR   BBPR3 = 0;
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS |
+                                                       fRTMP_ADAPTER_HALT_IN_PROGRESS  |
+                                                       fRTMP_ADAPTER_RADIO_OFF                 |
+                                                       fRTMP_ADAPTER_NIC_NOT_EXIST             |
+                                                       fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS) ||
+                                                       OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE)
+#ifdef RT3090
+                                                       || (pAd->bPCIclkOff == TRUE)
+#endif // RT3090 //
+#ifdef ANT_DIVERSITY_SUPPORT
+                                                       || (pAd->EepromAccess)
+#endif // ANT_DIVERSITY_SUPPORT //
+                                                       )
+               return;
+
+#ifdef ANT_DIVERSITY_SUPPORT
+       if ((pAd->NicConfig2.field.AntDiversity) && (pAd->CommonCfg.bRxAntDiversity == ANT_DIVERSITY_ENABLE))
+       {
+               // two antenna selection mechanism- one is antenna diversity, the other is failed antenna remove
+               // one is antenna diversity:there is only one antenna can rx and tx
+               // the other is failed antenna remove:two physical antenna can rx and tx
+                       DBGPRINT(RT_DEBUG_TRACE,("AntDiv - before evaluate Pair1-Ant (%d,%d)\n",
+                               pAd->RxAnt.Pair1PrimaryRxAnt, pAd->RxAnt.Pair1SecondaryRxAnt));
+
+                       AsicSetRxAnt(pAd, pAd->RxAnt.Pair1SecondaryRxAnt);
+
+                       pAd->RxAnt.EvaluatePeriod = 1; // 1:Means switch to SecondaryRxAnt, 0:Means switch to Pair1PrimaryRxAnt
+                       pAd->RxAnt.FirstPktArrivedWhenEvaluate = FALSE;
+                       pAd->RxAnt.RcvPktNumWhenEvaluate = 0;
+
+                       // a one-shot timer to end the evalution
+                       // dynamic adjust antenna evaluation period according to the traffic
+                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+                               RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 100);
+                       else
+                               RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 300);
+               }
+               else
+#endif // ANT_DIVERSITY_SUPPORT //
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+
+                       if (pAd->StaCfg.Psm == PWR_SAVE)
+                               return;
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPR3);
+                       BBPR3 &= (~0x18);
+                       if(pAd->Antenna.field.RxPath == 3)
+                       {
+                               BBPR3 |= (0x10);
+                       }
+                       else if(pAd->Antenna.field.RxPath == 2)
+                       {
+                               BBPR3 |= (0x8);
+                       }
+                       else if(pAd->Antenna.field.RxPath == 1)
+                       {
+                               BBPR3 |= (0x0);
+                       }
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPR3);
+#ifdef RTMP_MAC_PCI
+                       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       pAd->StaCfg.BBPR3 = BBPR3;
+#endif // RTMP_MAC_PCI //
+                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED)
+                       )
+                       {
+                               ULONG   TxTotalCnt = pAd->RalinkCounters.OneSecTxNoRetryOkCount +
+                                                                       pAd->RalinkCounters.OneSecTxRetryOkCount +
+                                                                       pAd->RalinkCounters.OneSecTxFailCount;
+
+                               // dynamic adjust antenna evaluation period according to the traffic
+                               if (TxTotalCnt > 50)
+                               {
+                                       RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 20);
+                                       pAd->Mlme.bLowThroughput = FALSE;
+                               }
+                               else
+                               {
+                                       RTMPSetTimer(&pAd->Mlme.RxAntEvalTimer, 300);
+                                       pAd->Mlme.bLowThroughput = TRUE;
+                               }
+                       }
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+}
+
+/*
+    ========================================================================
+    Routine Description:
+        After evaluation, check antenna link status
+
+    Arguments:
+        pAd         - Adapter pointer
+
+    Return Value:
+        None
+
+    ========================================================================
+*/
+VOID AsicRxAntEvalTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER    *pAd = (RTMP_ADAPTER *)FunctionContext;
+       BOOLEAN                 bSwapAnt = FALSE;
+#ifdef CONFIG_STA_SUPPORT
+       UCHAR                   BBPR3 = 0;
+       CHAR                    larger = -127, rssi0, rssi1, rssi2;
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS |
+                                                       fRTMP_ADAPTER_HALT_IN_PROGRESS  |
+                                                       fRTMP_ADAPTER_RADIO_OFF                 |
+                                                       fRTMP_ADAPTER_NIC_NOT_EXIST) ||
+                                                       OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE)
+#ifdef RT3090
+                                                       || (pAd->bPCIclkOff == TRUE)
+#endif // RT3090 //
+#ifdef ANT_DIVERSITY_SUPPORT
+                                                       || (pAd->EepromAccess)
+#endif // ANT_DIVERSITY_SUPPORT //
+                                                       )
+               return;
+
+#ifdef ANT_DIVERSITY_SUPPORT
+       if ((pAd->NicConfig2.field.AntDiversity) && (pAd->CommonCfg.bRxAntDiversity == ANT_DIVERSITY_ENABLE))
+       {
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+                       if ((pAd->RxAnt.RcvPktNumWhenEvaluate != 0) && (pAd->RxAnt.Pair1AvgRssi[pAd->RxAnt.Pair1SecondaryRxAnt] >= pAd->RxAnt.Pair1AvgRssi[pAd->RxAnt.Pair1PrimaryRxAnt]))
+                               bSwapAnt = TRUE;
+#endif // CONFIG_STA_SUPPORT //
+               if (bSwapAnt == TRUE)
+                       {
+                               UCHAR                   temp;
+
+                               //
+                               // select PrimaryRxAntPair
+                               //    Role change, Used Pair1SecondaryRxAnt as PrimaryRxAntPair.
+                               //    Since Pair1SecondaryRxAnt Quality good than Pair1PrimaryRxAnt
+                               //
+                               temp = pAd->RxAnt.Pair1PrimaryRxAnt;
+                               pAd->RxAnt.Pair1PrimaryRxAnt = pAd->RxAnt.Pair1SecondaryRxAnt;
+                               pAd->RxAnt.Pair1SecondaryRxAnt = temp;
+
+#ifdef CONFIG_STA_SUPPORT
+                               pAd->RxAnt.Pair1LastAvgRssi = (pAd->RxAnt.Pair1AvgRssi[pAd->RxAnt.Pair1SecondaryRxAnt] >> 3);
+#endif // CONFIG_STA_SUPPORT //
+//                             pAd->RxAnt.EvaluateStableCnt = 0;
+                       }
+                       else
+                       {
+                               // if the evaluated antenna is not better than original, switch back to original antenna
+                               AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+                               pAd->RxAnt.EvaluateStableCnt ++;
+                       }
+
+                       pAd->RxAnt.EvaluatePeriod = 0; // 1:Means switch to SecondaryRxAnt, 0:Means switch to Pair1PrimaryRxAnt
+
+#ifdef CONFIG_STA_SUPPORT
+                       DBGPRINT(RT_DEBUG_TRACE,("AsicRxAntEvalAction::After Eval(fix in #%d), <%d, %d>, RcvPktNumWhenEvaluate=%ld\n",
+                                       pAd->RxAnt.Pair1PrimaryRxAnt, (pAd->RxAnt.Pair1AvgRssi[0] >> 3), (pAd->RxAnt.Pair1AvgRssi[1] >> 3), pAd->RxAnt.RcvPktNumWhenEvaluate));
+#endif // CONFIG_STA_SUPPORT //
+               }
+               else
+#endif // ANT_DIVERSITY_SUPPORT //
+       {
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       if (pAd->StaCfg.Psm == PWR_SAVE)
+                               return;
+
+
+                       // if the traffic is low, use average rssi as the criteria
+                       if (pAd->Mlme.bLowThroughput == TRUE)
+                       {
+                               rssi0 = pAd->StaCfg.RssiSample.LastRssi0;
+                               rssi1 = pAd->StaCfg.RssiSample.LastRssi1;
+                               rssi2 = pAd->StaCfg.RssiSample.LastRssi2;
+                       }
+                       else
+                       {
+                               rssi0 = pAd->StaCfg.RssiSample.AvgRssi0;
+                               rssi1 = pAd->StaCfg.RssiSample.AvgRssi1;
+                               rssi2 = pAd->StaCfg.RssiSample.AvgRssi2;
+                       }
+
+                       if(pAd->Antenna.field.RxPath == 3)
+                       {
+                               larger = max(rssi0, rssi1);
+
+                               if (larger > (rssi2 + 20))
+                                       pAd->Mlme.RealRxPath = 2;
+                               else
+                                       pAd->Mlme.RealRxPath = 3;
+                       }
+                       else if(pAd->Antenna.field.RxPath == 2)
+                       {
+                               if (rssi0 > (rssi1 + 20))
+                                       pAd->Mlme.RealRxPath = 1;
+                               else
+                                       pAd->Mlme.RealRxPath = 2;
+                       }
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPR3);
+                       BBPR3 &= (~0x18);
+                       if(pAd->Mlme.RealRxPath == 3)
+                       {
+                               BBPR3 |= (0x10);
+                       }
+                       else if(pAd->Mlme.RealRxPath == 2)
+                       {
+                               BBPR3 |= (0x8);
+                       }
+                       else if(pAd->Mlme.RealRxPath == 1)
+                       {
+                               BBPR3 |= (0x0);
+                       }
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPR3);
+#ifdef RTMP_MAC_PCI
+                       pAd->StaCfg.BBPR3 = BBPR3;
+#endif // RTMP_MAC_PCI //
+               }
+#endif // CONFIG_STA_SUPPORT //
+       }
+}
+
+
+VOID APSDPeriodicExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+               return;
+
+       pAd->CommonCfg.TriggerTimerCount++;
+
+// Driver should not send trigger frame, it should be send by application layer
+/*
+       if (pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable
+               && (pAd->CommonCfg.bNeedSendTriggerFrame ||
+               (((pAd->CommonCfg.TriggerTimerCount%20) == 19) && (!pAd->CommonCfg.bAPSDAC_BE || !pAd->CommonCfg.bAPSDAC_BK || !pAd->CommonCfg.bAPSDAC_VI || !pAd->CommonCfg.bAPSDAC_VO))))
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("Sending trigger frame and enter service period when support APSD\n"));
+               RTMPSendNullFrame(pAd, pAd->CommonCfg.TxRate, TRUE);
+               pAd->CommonCfg.bNeedSendTriggerFrame = FALSE;
+               pAd->CommonCfg.TriggerTimerCount = 0;
+               pAd->CommonCfg.bInServicePeriod = TRUE;
+       }*/
+}
+
+/*
+    ========================================================================
+    Routine Description:
+        Set/reset MAC registers according to bPiggyBack parameter
+
+    Arguments:
+        pAd         - Adapter pointer
+        bPiggyBack  - Enable / Disable Piggy-Back
+
+    Return Value:
+        None
+
+    ========================================================================
+*/
+VOID RTMPSetPiggyBack(
+    IN PRTMP_ADAPTER    pAd,
+    IN BOOLEAN          bPiggyBack)
+{
+       TX_LINK_CFG_STRUC  TxLinkCfg;
+
+       RTMP_IO_READ32(pAd, TX_LINK_CFG, &TxLinkCfg.word);
+
+       TxLinkCfg.field.TxCFAckEn = bPiggyBack;
+       RTMP_IO_WRITE32(pAd, TX_LINK_CFG, TxLinkCfg.word);
+}
+
+/*
+    ========================================================================
+    Routine Description:
+        check if this entry need to switch rate automatically
+
+    Arguments:
+        pAd
+        pEntry
+
+    Return Value:
+        TURE
+        FALSE
+
+    ========================================================================
+*/
+BOOLEAN RTMPCheckEntryEnableAutoRateSwitch(
+       IN PRTMP_ADAPTER    pAd,
+       IN PMAC_TABLE_ENTRY     pEntry)
+{
+       BOOLEAN         result = TRUE;
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // only associated STA counts
+               if (pEntry && (pEntry->ValidAsCLI) && (pEntry->Sst == SST_ASSOC))
+               {
+               result = pAd->StaCfg.bAutoTxRateSwitch;
+       }
+               else
+                       result = FALSE;
+
+#ifdef QOS_DLS_SUPPORT
+               if (pEntry && (pEntry->ValidAsDls))
+                       result = pAd->StaCfg.bAutoTxRateSwitch;
+#endif // QOS_DLS_SUPPORT //
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+       return result;
+}
+
+
+BOOLEAN RTMPAutoRateSwitchCheck(
+       IN PRTMP_ADAPTER    pAd)
+{
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (pAd->StaCfg.bAutoTxRateSwitch)
+                       return TRUE;
+       }
+#endif // CONFIG_STA_SUPPORT //
+       return FALSE;
+}
+
+
+/*
+    ========================================================================
+    Routine Description:
+        check if this entry need to fix tx legacy rate
+
+    Arguments:
+        pAd
+        pEntry
+
+    Return Value:
+        TURE
+        FALSE
+
+    ========================================================================
+*/
+UCHAR RTMPStaFixedTxMode(
+       IN PRTMP_ADAPTER    pAd,
+       IN PMAC_TABLE_ENTRY     pEntry)
+{
+       UCHAR   tx_mode = FIXED_TXMODE_HT;
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               tx_mode = (UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       return tx_mode;
+}
+
+/*
+    ========================================================================
+    Routine Description:
+        Overwrite HT Tx Mode by Fixed Legency Tx Mode, if specified.
+
+    Arguments:
+        pAd
+        pEntry
+
+    Return Value:
+        TURE
+        FALSE
+
+    ========================================================================
+*/
+VOID RTMPUpdateLegacyTxSetting(
+               UCHAR                           fixed_tx_mode,
+               PMAC_TABLE_ENTRY        pEntry)
+{
+       HTTRANSMIT_SETTING TransmitSetting;
+
+       if (fixed_tx_mode == FIXED_TXMODE_HT)
+               return;
+
+       TransmitSetting.word = 0;
+
+       TransmitSetting.field.MODE = pEntry->HTPhyMode.field.MODE;
+       TransmitSetting.field.MCS = pEntry->HTPhyMode.field.MCS;
+
+       if (fixed_tx_mode == FIXED_TXMODE_CCK)
+       {
+               TransmitSetting.field.MODE = MODE_CCK;
+               // CCK mode allow MCS 0~3
+               if (TransmitSetting.field.MCS > MCS_3)
+                       TransmitSetting.field.MCS = MCS_3;
+       }
+       else
+       {
+               TransmitSetting.field.MODE = MODE_OFDM;
+               // OFDM mode allow MCS 0~7
+               if (TransmitSetting.field.MCS > MCS_7)
+                       TransmitSetting.field.MCS = MCS_7;
+       }
+
+       if (pEntry->HTPhyMode.field.MODE >= TransmitSetting.field.MODE)
+       {
+               pEntry->HTPhyMode.word = TransmitSetting.word;
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMPUpdateLegacyTxSetting : wcid-%d, MODE=%s, MCS=%d \n",
+                               pEntry->Aid, GetPhyMode(pEntry->HTPhyMode.field.MODE), pEntry->HTPhyMode.field.MCS));
+       }
+}
+
+#ifdef CONFIG_STA_SUPPORT
+/*
+       ==========================================================================
+       Description:
+               dynamic tune BBP R66 to find a balance between sensibility and
+               noise isolation
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AsicStaBbpTuning(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR   OrigR66Value = 0, R66;//, R66UpperBound = 0x30, R66LowerBound = 0x30;
+       CHAR    Rssi;
+
+       // 2860C did not support Fase CCA, therefore can't tune
+       if (pAd->MACVersion == 0x28600100)
+               return;
+
+       //
+       // work as a STA
+       //
+       if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)  // no R66 tuning when SCANNING
+               return;
+
+       if ((pAd->OpMode == OPMODE_STA)
+               && (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED)
+                       )
+               && !(OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+#ifdef RTMP_MAC_PCI
+               && (pAd->bPCIclkOff == FALSE)
+#endif // RTMP_MAC_PCI //
+               )
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R66, &OrigR66Value);
+               R66 = OrigR66Value;
+
+               if (pAd->Antenna.field.RxPath > 1)
+                       Rssi = (pAd->StaCfg.RssiSample.AvgRssi0 + pAd->StaCfg.RssiSample.AvgRssi1) >> 1;
+               else
+                       Rssi = pAd->StaCfg.RssiSample.AvgRssi0;
+
+               if (pAd->LatchRfRegs.Channel <= 14)
+               {       //BG band
+#ifdef RT30xx
+                       // RT3070 is a no LNA solution, it should have different control regarding to AGC gain control
+                       // Otherwise, it will have some throughput side effect when low RSSI
+
+                       if (IS_RT3070(pAd)||IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd))
+                       {
+                               if (Rssi > RSSI_FOR_MID_LOW_SENSIBILITY)
+                               {
+                                       R66 = 0x1C + 2*GET_LNA_GAIN(pAd) + 0x20;
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                               else
+                               {
+                                       R66 = 0x1C + 2*GET_LNA_GAIN(pAd);
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                       }
+                       else
+#endif // RT30xx //
+                       {
+                               if (Rssi > RSSI_FOR_MID_LOW_SENSIBILITY)
+                               {
+                                       R66 = (0x2E + GET_LNA_GAIN(pAd)) + 0x10;
+                                       if (OrigR66Value != R66)
+                                       {
+                                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                               else
+                               {
+                                       R66 = 0x2E + GET_LNA_GAIN(pAd);
+                                       if (OrigR66Value != R66)
+                                       {
+                                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                       }
+               }
+               else
+               {       //A band
+                       if (pAd->CommonCfg.BBPCurrentBW == BW_20)
+                       {
+                               if (Rssi > RSSI_FOR_MID_LOW_SENSIBILITY)
+                               {
+                                       R66 = 0x32 + (GET_LNA_GAIN(pAd)*5)/3 + 0x10;
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                               else
+                               {
+                                       R66 = 0x32 + (GET_LNA_GAIN(pAd)*5)/3;
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                       }
+                       else
+                       {
+                               if (Rssi > RSSI_FOR_MID_LOW_SENSIBILITY)
+                               {
+                                       R66 = 0x3A + (GET_LNA_GAIN(pAd)*5)/3 + 0x10;
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                               else
+                               {
+                                       R66 = 0x3A + (GET_LNA_GAIN(pAd)*5)/3;
+                                       if (OrigR66Value != R66)
+                                       {
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                                       }
+                               }
+                       }
+               }
+
+
+       }
+}
+#endif // CONFIG_STA_SUPPORT //
+
+VOID RTMPSetAGCInitValue(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        BandWidth)
+{
+       UCHAR   R66 = 0x30;
+
+       if (pAd->LatchRfRegs.Channel <= 14)
+       {       // BG band
+#ifdef RT30xx
+               /* Gary was verified Amazon AP and find that RT307x has BBP_R66 invalid default value */
+
+               if (IS_RT3070(pAd)||IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd))
+               {
+                       R66 = 0x1C + 2*GET_LNA_GAIN(pAd);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+               }
+               else
+#endif // RT30xx //
+               {
+                       R66 = 0x2E + GET_LNA_GAIN(pAd);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+               }
+       }
+       else
+       {       //A band
+               {
+                       if (BandWidth == BW_20)
+                       {
+                               R66 = (UCHAR)(0x32 + (GET_LNA_GAIN(pAd)*5)/3);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                       }
+#ifdef DOT11_N_SUPPORT
+                       else
+                       {
+                               R66 = (UCHAR)(0x3A + (GET_LNA_GAIN(pAd)*5)/3);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+                       }
+#endif // DOT11_N_SUPPORT //
+               }
+       }
+
+}
diff --git a/drivers/staging/rt3090/common/mlme_ex.c b/drivers/staging/rt3090/common/mlme_ex.c
new file mode 100644 (file)
index 0000000..d7fb7f5
--- /dev/null
@@ -0,0 +1,215 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       mlme_ex.c
+
+       Abstract:
+       Miniport generic portion header file
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+       Fonchi          2007-06-25              Extend original mlme APIs to support multi-entries
+*/
+
+#include "../rt_config.h"
+#include "../mlme_ex_def.h"
+//#include <stdarg.h>
+
+
+// ===========================================================================================
+// state_machine
+// ===========================================================================================
+
+/*! \brief Initialize the state machine.
+ *  \param *S           pointer to the state machine
+ *  \param  Trans       State machine transition function
+ *  \param  StNr        number of states
+ *  \param  MsgNr       number of messages
+ *  \param  DefFunc     default function, when there is invalid state/message combination
+ *  \param  InitState   initial state of the state machine
+ *  \param  Base        StateMachine base, internal use only
+ *  \pre p_sm should be a legal pointer
+ *  \post
+ */
+VOID StateMachineInitEx(
+       IN STATE_MACHINE_EX *S,
+       IN STATE_MACHINE_FUNC_EX Trans[],
+       IN ULONG StNr,
+       IN ULONG MsgNr,
+       IN STATE_MACHINE_FUNC_EX DefFunc,
+       IN ULONG InitState,
+       IN ULONG Base)
+{
+       ULONG i, j;
+
+       // set number of states and messages
+       S->NrState = StNr;
+       S->NrMsg   = MsgNr;
+       S->Base    = Base;
+
+       S->TransFunc  = Trans;
+
+       // init all state transition to default function
+       for (i = 0; i < StNr; i++)
+       {
+               for (j = 0; j < MsgNr; j++)
+               {
+                       S->TransFunc[i * MsgNr + j] = DefFunc;
+               }
+       }
+
+       // set the starting state
+       S->CurrState = InitState;
+
+       return;
+}
+
+/*! \brief This function fills in the function pointer into the cell in the state machine
+ *  \param *S   pointer to the state machine
+ *  \param St   state
+ *  \param Msg  incoming message
+ *  \param f    the function to be executed when (state, message) combination occurs at the state machine
+ *  \pre *S should be a legal pointer to the state machine, st, msg, should be all within the range, Base should be set in the initial state
+ *  \post
+ */
+VOID StateMachineSetActionEx(
+       IN STATE_MACHINE_EX *S,
+       IN ULONG St,
+       IN ULONG Msg,
+       IN STATE_MACHINE_FUNC_EX Func)
+{
+       ULONG MsgIdx;
+
+       MsgIdx = Msg - S->Base;
+
+       if (St < S->NrState && MsgIdx < S->NrMsg)
+       {
+               // boundary checking before setting the action
+               S->TransFunc[St * S->NrMsg + MsgIdx] = Func;
+       }
+
+       return;
+}
+
+/*! \brief   This function does the state transition
+ *  \param   *Adapter the NIC adapter pointer
+ *  \param   *S       the state machine
+ *  \param   *Elem    the message to be executed
+ *  \return   None
+ */
+VOID StateMachinePerformActionEx(
+       IN PRTMP_ADAPTER        pAd,
+       IN STATE_MACHINE_EX *S,
+       IN MLME_QUEUE_ELEM *Elem,
+       USHORT Idx,
+       PULONG pCurrState)
+{
+       if (S->TransFunc[(*pCurrState) * S->NrMsg + Elem->MsgType - S->Base])
+               (*(S->TransFunc[(*pCurrState) * S->NrMsg + Elem->MsgType - S->Base]))(pAd, Elem, pCurrState, Idx);
+
+       return;
+}
+
+/*! \brief   Enqueue a message for other threads, if they want to send messages to MLME thread
+ *  \param  *Queue    The MLME Queue
+ *  \param   Machine  The State Machine Id
+ *  \param   MsgType  The Message Type
+ *  \param   MsgLen   The Message length
+ *  \param  *Msg      The message pointer
+ *  \return  TRUE if enqueue is successful, FALSE if the queue is full
+ *  \pre
+ *  \post
+ *  \note    The message has to be initialized
+ */
+BOOLEAN MlmeEnqueueEx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN ULONG Machine,
+       IN ULONG MsgType,
+       IN ULONG MsgLen,
+       IN VOID *Msg,
+       IN USHORT Idx)
+{
+       INT Tail;
+       MLME_QUEUE *Queue = (MLME_QUEUE *)&pAd->Mlme.Queue;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))
+               return FALSE;
+
+
+       // First check the size, it MUST not exceed the mlme queue size
+       if (MsgLen > MAX_LEN_OF_MLME_BUFFER)
+       {
+               DBGPRINT_ERR(("MlmeEnqueueEx: msg too large, size = %ld \n", MsgLen));
+               return FALSE;
+       }
+
+       if (MlmeQueueFull(Queue))
+       {
+
+               return FALSE;
+       }
+
+       RTMP_SEM_LOCK(&Queue->Lock);
+       Tail = Queue->Tail;
+       Queue->Tail++;
+       Queue->Num++;
+       if (Queue->Tail == MAX_LEN_OF_MLME_QUEUE)
+       {
+               Queue->Tail = 0;
+       }
+       Queue->Entry[Tail].Occupied = TRUE;
+       Queue->Entry[Tail].Machine = Machine;
+       Queue->Entry[Tail].MsgType = MsgType;
+       Queue->Entry[Tail].MsgLen = MsgLen;
+       Queue->Entry[Tail].Idx = Idx;
+       if (Msg != NULL)
+               NdisMoveMemory(Queue->Entry[Tail].Msg, Msg, MsgLen);
+
+       RTMP_SEM_UNLOCK(&Queue->Lock);
+
+       return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        The drop function, when machine executes this, the message is simply
+        ignored. This function does nothing, the message is freed in
+        StateMachinePerformAction()
+    ==========================================================================
+ */
+VOID DropEx(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem,
+       PULONG pCurrState,
+       USHORT Idx)
+{
+       return;
+}
diff --git a/drivers/staging/rt3090/common/netif_block.c b/drivers/staging/rt3090/common/netif_block.c
new file mode 100644 (file)
index 0000000..2172957
--- /dev/null
@@ -0,0 +1,147 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+#ifdef BLOCK_NET_IF
+
+#include "../rt_config.h"
+#include "../netif_block.h"
+
+
+static NETIF_ENTRY freeNetIfEntryPool[FREE_NETIF_POOL_SIZE];
+static LIST_HEADER freeNetIfEntryList;
+
+void initblockQueueTab(
+       IN PRTMP_ADAPTER pAd)
+{
+       int i;
+
+       initList(&freeNetIfEntryList);
+       for (i = 0; i < FREE_NETIF_POOL_SIZE; i++)
+               insertTailList(&freeNetIfEntryList, (PLIST_ENTRY)&freeNetIfEntryPool[i]);
+
+       for (i=0; i < NUM_OF_TX_RING; i++)
+               initList(&pAd->blockQueueTab[i].NetIfList);
+
+       return;
+}
+
+BOOLEAN blockNetIf(
+       IN PBLOCK_QUEUE_ENTRY pBlockQueueEntry,
+       IN PNET_DEV pNetDev)
+{
+       PNETIF_ENTRY pNetIfEntry = NULL;
+
+       if ((pNetIfEntry = (PNETIF_ENTRY)removeHeadList(&freeNetIfEntryList)) != NULL)
+       {
+               RTMP_OS_NETDEV_STOP_QUEUE(pNetDev);
+               pNetIfEntry->pNetDev = pNetDev;
+               insertTailList(&pBlockQueueEntry->NetIfList, (PLIST_ENTRY)pNetIfEntry);
+
+               pBlockQueueEntry->SwTxQueueBlockFlag = TRUE;
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMP_OS_NETDEV_STOP_QUEUE(%s)\n", RTMP_OS_NETDEV_GET_DEVNAME(pNetDev)));
+       }
+       else
+               return FALSE;
+
+       return TRUE;
+}
+
+VOID releaseNetIf(
+       IN PBLOCK_QUEUE_ENTRY pBlockQueueEntry)
+{
+       PNETIF_ENTRY pNetIfEntry = NULL;
+       PLIST_HEADER pNetIfList = &pBlockQueueEntry->NetIfList;
+
+       while((pNetIfEntry = (PNETIF_ENTRY)removeHeadList(pNetIfList)) !=  NULL)
+       {
+               PNET_DEV pNetDev = pNetIfEntry->pNetDev;
+               RTMP_OS_NETDEV_WAKE_QUEUE(pNetDev);
+               insertTailList(&freeNetIfEntryList, (PLIST_ENTRY)pNetIfEntry);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("RTMP_OS_NETDEV_WAKE_QUEUE(%s)\n", RTMP_OS_NETDEV_GET_DEVNAME(pNetDev)));
+       }
+       pBlockQueueEntry->SwTxQueueBlockFlag = FALSE;
+       return;
+}
+
+
+VOID StopNetIfQueue(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR QueIdx,
+       IN PNDIS_PACKET pPacket)
+{
+       PNET_DEV NetDev = NULL;
+       UCHAR IfIdx = 0;
+       BOOLEAN valid = FALSE;
+
+#ifdef APCLI_SUPPORT
+       if (RTMP_GET_PACKET_NET_DEVICE(pPacket) >= MIN_NET_DEVICE_FOR_APCLI)
+       {
+               IfIdx = (RTMP_GET_PACKET_NET_DEVICE(pPacket) - MIN_NET_DEVICE_FOR_APCLI) % MAX_APCLI_NUM;
+               NetDev = pAd->ApCfg.ApCliTab[IfIdx].dev;
+       }
+       else
+#endif // APCLI_SUPPORT //
+#ifdef WDS_SUPPORT
+       if (RTMP_GET_PACKET_NET_DEVICE(pPacket) >= MIN_NET_DEVICE_FOR_WDS)
+       {
+               IfIdx = (RTMP_GET_PACKET_NET_DEVICE(pPacket) - MIN_NET_DEVICE_FOR_WDS) % MAX_WDS_ENTRY;
+               NetDev = pAd->WdsTab.WdsEntry[IfIdx].dev;
+       }
+       else
+#endif // WDS_SUPPORT //
+       {
+#ifdef MBSS_SUPPORT
+               if (pAd->OpMode == OPMODE_AP)
+               {
+                       IfIdx = (RTMP_GET_PACKET_NET_DEVICE(pPacket) - MIN_NET_DEVICE_FOR_MBSSID) % MAX_MBSSID_NUM;
+                       NetDev = pAd->ApCfg.MBSSID[IfIdx].MSSIDDev;
+               }
+               else
+               {
+                       IfIdx = MAIN_MBSSID;
+                       NetDev = pAd->net_dev;
+               }
+#else
+               IfIdx = MAIN_MBSSID;
+               NetDev = pAd->net_dev;
+#endif
+       }
+
+       // WMM support 4 software queues.
+       // One software queue full doesn't mean device have no capbility to transmit packet.
+       // So disable block Net-If queue function while WMM enable.
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               valid = (pAd->CommonCfg.bWmmCapable == TRUE) ? FALSE : TRUE;
+#endif // CONFIG_STA_SUPPORT //
+
+       if (valid)
+               blockNetIf(&pAd->blockQueueTab[QueIdx], NetDev);
+       return;
+}
+
+#endif // BLOCK_NET_IF //
diff --git a/drivers/staging/rt3090/common/rt_channel.c b/drivers/staging/rt3090/common/rt_channel.c
new file mode 100644 (file)
index 0000000..da2391e
--- /dev/null
@@ -0,0 +1,1287 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+*/
+
+#include "../rt_config.h"
+
+
+CH_FREQ_MAP CH_HZ_ID_MAP[]=
+               {
+                       {1, 2412},
+                       {2, 2417},
+                       {3, 2422},
+                       {4, 2427},
+                       {5, 2432},
+                       {6, 2437},
+                       {7, 2442},
+                       {8, 2447},
+                       {9, 2452},
+                       {10, 2457},
+                       {11, 2462},
+                       {12, 2467},
+                       {13, 2472},
+                       {14, 2484},
+
+                       /*  UNII */
+                       {36, 5180},
+                       {40, 5200},
+                       {44, 5220},
+                       {48, 5240},
+                       {52, 5260},
+                       {56, 5280},
+                       {60, 5300},
+                       {64, 5320},
+                       {149, 5745},
+                       {153, 5765},
+                       {157, 5785},
+                       {161, 5805},
+                       {165, 5825},
+                       {167, 5835},
+                       {169, 5845},
+                       {171, 5855},
+                       {173, 5865},
+
+                       /* HiperLAN2 */
+                       {100, 5500},
+                       {104, 5520},
+                       {108, 5540},
+                       {112, 5560},
+                       {116, 5580},
+                       {120, 5600},
+                       {124, 5620},
+                       {128, 5640},
+                       {132, 5660},
+                       {136, 5680},
+                       {140, 5700},
+
+                       /* Japan MMAC */
+                       {34, 5170},
+                       {38, 5190},
+                       {42, 5210},
+                       {46, 5230},
+
+                       /*  Japan */
+                       {184, 4920},
+                       {188, 4940},
+                       {192, 4960},
+                       {196, 4980},
+
+                       {208, 5040},    /* Japan, means J08 */
+                       {212, 5060},    /* Japan, means J12 */
+                       {216, 5080},    /* Japan, means J16 */
+};
+
+INT    CH_HZ_ID_MAP_NUM = (sizeof(CH_HZ_ID_MAP)/sizeof(CH_FREQ_MAP));
+
+CH_REGION ChRegion[] =
+{
+               {       // Antigua and Berbuda
+                       "AG",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Argentina
+                       "AR",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 4,  30, BOTH, FALSE},    // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Aruba
+                       "AW",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Australia
+                       "AU",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 5,  30, BOTH, FALSE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Austria
+                       "AT",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, IDOR, TRUE},             // 5G, ch 36~48
+                               { 52,  4,  23, IDOR, TRUE},             // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, TRUE},             // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Bahamas
+                       "BS",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 5,  30, BOTH, FALSE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Barbados
+                       "BB",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Bermuda
+                       "BM",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Brazil
+                       "BR",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 24, BOTH, FALSE},    // 5G, ch 100~140
+                               { 149, 5,  30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Belgium
+                       "BE",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  18, IDOR, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  18, IDOR, FALSE},    // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Bulgaria
+                       "BG",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, IDOR, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, IDOR, TRUE},     // 5G, ch 52~64
+                               { 100, 11, 30, ODOR, TRUE},     // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Canada
+                       "CA",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 5,  30, BOTH, FALSE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Cayman IsLands
+                       "KY",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Chile
+                       "CL",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  20, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  20, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 5,  20, BOTH, FALSE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // China
+                       "CN",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 149, 4,  27, BOTH, FALSE},    // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Colombia
+                       "CO",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  17, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, FALSE},    // 5G, ch 100~140
+                               { 149, 5,  30, BOTH, FALSE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Costa Rica
+                       "CR",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  17, BOTH, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, BOTH, FALSE},    // 5G, ch 52~64
+                               { 149, 4,  30, BOTH, FALSE},    // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Cyprus
+                       "CY",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, IDOR, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  24, IDOR, TRUE},             // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, TRUE},             // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Czech_Republic
+                       "CZ",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, IDOR, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, IDOR, TRUE},             // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Denmark
+                       "DK",
+                       CE,
+                       {
+                               { 1,   13, 20, BOTH, FALSE},    // 2.4 G, ch 1~13
+                               { 36,  4,  23, IDOR, FALSE},    // 5G, ch 36~48
+                               { 52,  4,  23, IDOR, TRUE},             // 5G, ch 52~64
+                               { 100, 11, 30, BOTH, TRUE},             // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Dominican Republic
+                       "DO",
+                       CE,
+                       {
+                               { 1,   0,  20, BOTH, FALSE},    // 2.4 G, ch 0
+                               { 149, 4,  20, BOTH, FALSE},    // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Equador
+                       "EC",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 100, 11,  27, BOTH, FALSE},   // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // El Salvador
+                       "SV",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   30, BOTH, TRUE},    // 5G, ch 52~64
+                               { 149, 4,   36, BOTH, TRUE},    // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Finland
+                       "FI",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // France
+                       "FR",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Germany
+                       "DE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Greece
+                       "GR",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, ODOR, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Guam
+                       "GU",
+                       CE,
+                       {
+                               { 1,   11,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 36,  4,   17, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   24, BOTH, FALSE},   // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, FALSE},   // 5G, ch 100~140
+                               { 149,  5,  30, BOTH, FALSE},   // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Guatemala
+                       "GT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   17, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   24, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  30, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Haiti
+                       "HT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,  4,   17, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,  4,   24, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  30, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Honduras
+                       "HN",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 149,  4,  27, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Hong Kong
+                       "HK",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  30, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Hungary
+                       "HU",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Iceland
+                       "IS",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // India
+                       "IN",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 149,  4,  24, IDOR, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Indonesia
+                       "ID",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 149,  4,  27, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Ireland
+                       "IE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, ODOR, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Israel
+                       "IL",
+                       CE,
+                       {
+                               { 1,    3,  20, IDOR, FALSE},   // 2.4 G, ch 1~3
+                               { 4,    6,  20, BOTH, FALSE},   // 2.4 G, ch 4~9
+                               { 10,   4,  20, IDOR, FALSE},   // 2.4 G, ch 10~13
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Italy
+                       "IT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, ODOR, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Japan
+                       "JP",
+                       JAP,
+                       {
+                               { 1,   14,  20, BOTH, FALSE},   // 2.4 G, ch 1~14
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Jordan
+                       "JO",
+                       CE,
+                       {
+                               { 1,   13,  20, IDOR, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 149,  4,  23, IDOR, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Latvia
+                       "LV",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Liechtenstein
+                       "LI",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Lithuania
+                       "LT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Luxemburg
+                       "LU",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Malaysia
+                       "MY",
+                       CE,
+                       {
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  5,  20, BOTH, FALSE},   // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Malta
+                       "MT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Marocco
+                       "MA",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  24, IDOR, FALSE},   // 5G, ch 36~48
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Mexico
+                       "MX",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  24, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  5,  30, IDOR, FALSE},   // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Netherlands
+                       "NL",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  24, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // New Zealand
+                       "NZ",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  24, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  24, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  30, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Norway
+                       "NO",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  24, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  24, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Peru
+                       "PE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 149,  4,  27, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Portugal
+                       "PT",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Poland
+                       "PL",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Romania
+                       "RO",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Russia
+                       "RU",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 149,  4,  20, IDOR, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Saudi Arabia
+                       "SA",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  23, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Serbia_and_Montenegro
+                       "CS",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Singapore
+                       "SG",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, BOTH, FALSE},   // 5G, ch 52~64
+                               { 149,  4,  20, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Slovakia
+                       "SK",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Slovenia
+                       "SI",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // South Africa
+                       "ZA",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, FALSE},   // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 149,  4,  30, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // South Korea
+                       "KR",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  20, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  20, BOTH, FALSE},   // 5G, ch 52~64
+                               { 100,  8,  20, BOTH, FALSE},   // 5G, ch 100~128
+                               { 149,  4,  20, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Spain
+                       "ES",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  17, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Sweden
+                       "SE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Switzerland
+                       "CH",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~13
+                               { 36,   4,  23, IDOR, TRUE},    // 5G, ch 36~48
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Taiwan
+                       "TW",
+                       CE,
+                       {
+                               { 1,   11,  30, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 52,   4,  23, IDOR, FALSE},   // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Turkey
+                       "TR",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 36,   4,  23, BOTH, FALSE},   // 5G, ch 36~48
+                               { 52,   4,  23, BOTH, FALSE},   // 5G, ch 52~64
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // UK
+                       "GB",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 36,   4,  23, IDOR, FALSE},   // 5G, ch 52~64
+                               { 52,   4,  23, IDOR, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Ukraine
+                       "UA",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // United_Arab_Emirates
+                       "AE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // United_States
+                       "US",
+                       CE,
+                       {
+                               { 1,   11,  30, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 36,   4,  17, IDOR, FALSE},   // 5G, ch 52~64
+                               { 52,   4,  24, BOTH, TRUE},    // 5G, ch 52~64
+                               { 100, 11,  30, BOTH, TRUE},    // 5G, ch 100~140
+                               { 149,  5,  30, BOTH, FALSE},   // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Venezuela
+                       "VE",
+                       CE,
+                       {
+                               { 1,   13,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 149,  4,  27, BOTH, FALSE},   // 5G, ch 149~161
+                               { 0},                                                   // end
+                       }
+               },
+
+               {       // Default
+                       "",
+                       CE,
+                       {
+                               { 1,   11,  20, BOTH, FALSE},   // 2.4 G, ch 1~11
+                               { 36,   4,  20, BOTH, FALSE},   // 5G, ch 52~64
+                               { 52,   4,  20, BOTH, FALSE},   // 5G, ch 52~64
+                               { 100, 11,  20, BOTH, FALSE},   // 5G, ch 100~140
+                               { 149,  5,  20, BOTH, FALSE},   // 5G, ch 149~165
+                               { 0},                                                   // end
+                       }
+               },
+};
+
+
+static PCH_REGION GetChRegion(
+       IN PUCHAR CntryCode)
+{
+       INT loop = 0;
+       PCH_REGION pChRegion = NULL;
+
+       while (strcmp((PSTRING) ChRegion[loop].CountReg, "") != 0)
+       {
+               if (strncmp((PSTRING) ChRegion[loop].CountReg, (PSTRING) CntryCode, 2) == 0)
+               {
+                       pChRegion = &ChRegion[loop];
+                       break;
+               }
+               loop++;
+       }
+
+       if (pChRegion == NULL)
+               pChRegion = &ChRegion[loop];
+       return pChRegion;
+}
+
+static VOID ChBandCheck(
+       IN UCHAR PhyMode,
+       OUT PUCHAR pChType)
+{
+       switch(PhyMode)
+       {
+               case PHY_11A:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11AN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                       *pChType = BAND_5G;
+                       break;
+               case PHY_11ABG_MIXED:
+#ifdef DOT11_N_SUPPORT
+               case PHY_11AGN_MIXED:
+               case PHY_11ABGN_MIXED:
+#endif // DOT11_N_SUPPORT //
+                       *pChType = BAND_BOTH;
+                       break;
+
+               default:
+                       *pChType = BAND_24G;
+                       break;
+       }
+}
+
+static UCHAR FillChList(
+       IN PRTMP_ADAPTER pAd,
+       IN PCH_DESP pChDesp,
+       IN UCHAR Offset,
+       IN UCHAR increment)
+{
+       INT i, j, l;
+       UCHAR channel;
+
+       j = Offset;
+       for (i = 0; i < pChDesp->NumOfCh; i++)
+       {
+               channel = pChDesp->FirstChannel + i * increment;
+               for (l=0; l<MAX_NUM_OF_CHANNELS; l++)
+               {
+                       if (channel == pAd->TxPower[l].Channel)
+                       {
+                               pAd->ChannelList[j].Power = pAd->TxPower[l].Power;
+                               pAd->ChannelList[j].Power2 = pAd->TxPower[l].Power2;
+                               break;
+                       }
+               }
+               if (l == MAX_NUM_OF_CHANNELS)
+                       continue;
+
+               pAd->ChannelList[j].Channel = pChDesp->FirstChannel + i * increment;
+               pAd->ChannelList[j].MaxTxPwr = pChDesp->MaxTxPwr;
+               pAd->ChannelList[j].DfsReq = pChDesp->DfsReq;
+               j++;
+       }
+       pAd->ChannelListNum = j;
+
+       return j;
+}
+
+
+static inline VOID CreateChList(
+       IN PRTMP_ADAPTER pAd,
+       IN PCH_REGION pChRegion,
+       IN UCHAR Geography)
+{
+       INT i;
+       UCHAR offset = 0;
+       PCH_DESP pChDesp;
+       UCHAR ChType;
+       UCHAR increment;
+
+       if (pChRegion == NULL)
+               return;
+
+       ChBandCheck(pAd->CommonCfg.PhyMode, &ChType);
+
+       for (i=0; i<10; i++)
+       {
+               pChDesp = &pChRegion->ChDesp[i];
+               if (pChDesp->FirstChannel == 0)
+                       break;
+
+               if (ChType == BAND_5G)
+               {
+                       if (pChDesp->FirstChannel <= 14)
+                               continue;
+               }
+               else if (ChType == BAND_24G)
+               {
+                       if (pChDesp->FirstChannel > 14)
+                               continue;
+               }
+
+               if ((pChDesp->Geography == BOTH)
+                       || (pChDesp->Geography == Geography))
+        {
+                       if (pChDesp->FirstChannel > 14)
+                increment = 4;
+            else
+                increment = 1;
+                       offset = FillChList(pAd, pChDesp, offset, increment);
+        }
+       }
+}
+
+
+VOID BuildChannelListEx(
+       IN PRTMP_ADAPTER pAd)
+{
+       PCH_REGION pChReg;
+
+       pChReg = GetChRegion(pAd->CommonCfg.CountryCode);
+       CreateChList(pAd, pChReg, pAd->CommonCfg.Geography);
+}
+
+
+VOID BuildBeaconChList(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pBuf,
+       OUT     PULONG pBufLen)
+{
+       INT i;
+       ULONG TmpLen;
+       PCH_REGION pChRegion;
+       PCH_DESP pChDesp;
+       UCHAR ChType;
+
+       pChRegion = GetChRegion(pAd->CommonCfg.CountryCode);
+
+       if (pChRegion == NULL)
+               return;
+
+       ChBandCheck(pAd->CommonCfg.PhyMode, &ChType);
+       *pBufLen = 0;
+
+       for (i=0; i<10; i++)
+       {
+               pChDesp = &pChRegion->ChDesp[i];
+               if (pChDesp->FirstChannel == 0)
+                       break;
+
+               if (ChType == BAND_5G)
+               {
+                       if (pChDesp->FirstChannel <= 14)
+                               continue;
+               }
+               else if (ChType == BAND_24G)
+               {
+                       if (pChDesp->FirstChannel > 14)
+                               continue;
+               }
+
+               if ((pChDesp->Geography == BOTH)
+                       || (pChDesp->Geography == pAd->CommonCfg.Geography))
+               {
+                       MakeOutgoingFrame(pBuf + *pBufLen,              &TmpLen,
+                                                               1,                      &pChDesp->FirstChannel,
+                                                               1,                      &pChDesp->NumOfCh,
+                                                               1,                      &pChDesp->MaxTxPwr,
+                                                               END_OF_ARGS);
+                       *pBufLen += TmpLen;
+               }
+       }
+}
+
+
+#ifdef DOT11_N_SUPPORT
+static BOOLEAN IsValidChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR channel)
+
+{
+       INT i;
+
+       for (i = 0; i < pAd->ChannelListNum; i++)
+       {
+               if (pAd->ChannelList[i].Channel == channel)
+                       break;
+       }
+
+       if (i == pAd->ChannelListNum)
+               return FALSE;
+       else
+               return TRUE;
+}
+
+
+static UCHAR GetExtCh(
+       IN UCHAR Channel,
+       IN UCHAR Direction)
+{
+       CHAR ExtCh;
+
+       if (Direction == EXTCHA_ABOVE)
+               ExtCh = Channel + 4;
+       else
+               ExtCh = (Channel - 4) > 0 ? (Channel - 4) : 0;
+
+       return ExtCh;
+}
+
+
+VOID N_ChannelCheck(
+       IN PRTMP_ADAPTER pAd)
+{
+       //UCHAR ChannelNum = pAd->ChannelListNum;
+       UCHAR Channel = pAd->CommonCfg.Channel;
+
+       if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED) && (pAd->CommonCfg.RegTransmitSetting.field.BW  == BW_40))
+       {
+               if (Channel > 14)
+               {
+                       if ((Channel == 36) || (Channel == 44) || (Channel == 52) || (Channel == 60) || (Channel == 100) || (Channel == 108) ||
+                           (Channel == 116) || (Channel == 124) || (Channel == 132) || (Channel == 149) || (Channel == 157))
+                       {
+                               pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = EXTCHA_ABOVE;
+                       }
+                       else if ((Channel == 40) || (Channel == 48) || (Channel == 56) || (Channel == 64) || (Channel == 104) || (Channel == 112) ||
+                                       (Channel == 120) || (Channel == 128) || (Channel == 136) || (Channel == 153) || (Channel == 161))
+                       {
+                               pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = EXTCHA_BELOW;
+                       }
+                       else
+                       {
+                               pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_20;
+                       }
+               }
+               else
+               {
+                       do
+                       {
+                               UCHAR ExtCh;
+                               UCHAR Dir = pAd->CommonCfg.RegTransmitSetting.field.EXTCHA;
+                               ExtCh = GetExtCh(Channel, Dir);
+                               if (IsValidChannel(pAd, ExtCh))
+                                       break;
+
+                               Dir = (Dir == EXTCHA_ABOVE) ? EXTCHA_BELOW : EXTCHA_ABOVE;
+                               ExtCh = GetExtCh(Channel, Dir);
+                               if (IsValidChannel(pAd, ExtCh))
+                               {
+                                       pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = Dir;
+                                       break;
+                               }
+                               pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_20;
+                       } while(FALSE);
+
+                       if (Channel == 14)
+                       {
+                               pAd->CommonCfg.RegTransmitSetting.field.BW  = BW_20;
+                               //pAd->CommonCfg.RegTransmitSetting.field.EXTCHA = EXTCHA_NONE; // We didn't set the ExtCh as NONE due to it'll set in RTMPSetHT()
+                       }
+               }
+       }
+
+
+}
+
+
+VOID N_SetCenCh(
+       IN PRTMP_ADAPTER pAd)
+{
+       if (pAd->CommonCfg.RegTransmitSetting.field.BW == BW_40)
+       {
+               if (pAd->CommonCfg.RegTransmitSetting.field.EXTCHA == EXTCHA_ABOVE)
+               {
+                       pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel + 2;
+               }
+               else
+               {
+                       if (pAd->CommonCfg.Channel == 14)
+                               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel - 1;
+                       else
+                               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel - 2;
+               }
+       }
+       else
+       {
+               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel;
+       }
+}
+#endif // DOT11_N_SUPPORT //
+
+
+UINT8 GetCuntryMaxTxPwr(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT8 channel)
+{
+       int i;
+       for (i = 0; i < pAd->ChannelListNum; i++)
+       {
+               if (pAd->ChannelList[i].Channel == channel)
+                       break;
+       }
+
+       if (i == pAd->ChannelListNum)
+               return 0xff;
+       else
+               return pAd->ChannelList[i].MaxTxPwr;
+}
diff --git a/drivers/staging/rt3090/common/rt_rf.c b/drivers/staging/rt3090/common/rt_rf.c
new file mode 100644 (file)
index 0000000..9d638f7
--- /dev/null
@@ -0,0 +1,201 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt_rf.c
+
+       Abstract:
+       Ralink Wireless driver RF related functions
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+#ifdef RTMP_RF_RW_SUPPORT
+/*
+       ========================================================================
+
+       Routine Description: Write RT30xx RF register through MAC
+
+       Arguments:
+
+       Return Value:
+
+       IRQL =
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS RT30xxWriteRFRegister(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   regID,
+       IN      UCHAR                   value)
+{
+       RF_CSR_CFG_STRUC        rfcsr;
+       UINT                            i = 0;
+
+       do
+       {
+               RTMP_IO_READ32(pAd, RF_CSR_CFG, &rfcsr.word);
+
+               if (!rfcsr.field.RF_CSR_KICK)
+                       break;
+               i++;
+       }
+       while ((i < RETRY_LIMIT) && (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)));
+
+       if ((i == RETRY_LIMIT) || (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)))
+       {
+               DBGPRINT_RAW(RT_DEBUG_ERROR, ("Retry count exhausted or device removed!!!\n"));
+               return STATUS_UNSUCCESSFUL;
+       }
+
+       rfcsr.field.RF_CSR_WR = 1;
+       rfcsr.field.RF_CSR_KICK = 1;
+       rfcsr.field.TESTCSR_RFACC_REGNUM = regID;
+       rfcsr.field.RF_CSR_DATA = value;
+
+       RTMP_IO_WRITE32(pAd, RF_CSR_CFG, rfcsr.word);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description: Read RT30xx RF register through MAC
+
+       Arguments:
+
+       Return Value:
+
+       IRQL =
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS RT30xxReadRFRegister(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   regID,
+       IN      PUCHAR                  pValue)
+{
+       RF_CSR_CFG_STRUC        rfcsr;
+       UINT                            i=0, k=0;
+
+       for (i=0; i<MAX_BUSY_COUNT; i++)
+       {
+               RTMP_IO_READ32(pAd, RF_CSR_CFG, &rfcsr.word);
+
+               if (rfcsr.field.RF_CSR_KICK == BUSY)
+               {
+                       continue;
+               }
+               rfcsr.word = 0;
+               rfcsr.field.RF_CSR_WR = 0;
+               rfcsr.field.RF_CSR_KICK = 1;
+               rfcsr.field.TESTCSR_RFACC_REGNUM = regID;
+               RTMP_IO_WRITE32(pAd, RF_CSR_CFG, rfcsr.word);
+               for (k=0; k<MAX_BUSY_COUNT; k++)
+               {
+                       RTMP_IO_READ32(pAd, RF_CSR_CFG, &rfcsr.word);
+
+                       if (rfcsr.field.RF_CSR_KICK == IDLE)
+                               break;
+               }
+               if ((rfcsr.field.RF_CSR_KICK == IDLE) &&
+                       (rfcsr.field.TESTCSR_RFACC_REGNUM == regID))
+               {
+                       *pValue = (UCHAR)rfcsr.field.RF_CSR_DATA;
+                       break;
+               }
+       }
+       if (rfcsr.field.RF_CSR_KICK == BUSY)
+       {
+               DBGPRINT_ERR(("RF read R%d=0x%x fail, i[%d], k[%d]\n", regID, rfcsr.word,i,k));
+               return STATUS_UNSUCCESSFUL;
+       }
+
+       return STATUS_SUCCESS;
+}
+
+
+VOID NICInitRFRegisters(
+       IN RTMP_ADAPTER *pAd)
+{
+       if (pAd->chipOps.AsicRfInit)
+               pAd->chipOps.AsicRfInit(pAd);
+}
+
+
+VOID RtmpChipOpsRFHook(
+       IN RTMP_ADAPTER *pAd)
+{
+       RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+
+       pChipOps->pRFRegTable = NULL;
+       pChipOps->AsicRfInit = NULL;
+       pChipOps->AsicRfTurnOn = NULL;
+       pChipOps->AsicRfTurnOff = NULL;
+       pChipOps->AsicReverseRfFromSleepMode = NULL;
+       pChipOps->AsicHaltAction = NULL;
+#ifdef RT33xx
+if (IS_RT3390(pAd) && (pAd->infType == RTMP_DEV_INF_PCI))
+               {
+                       pChipOps->pRFRegTable = RFRegTableOverRT3390;
+                       pChipOps->AsicHaltAction = RT33xxHaltAction;
+                       pChipOps->AsicRfTurnOff = RT33xxLoadRFSleepModeSetup;
+                       pChipOps->AsicRfInit = NICInitRT3390RFRegisters;
+                       pChipOps->AsicReverseRfFromSleepMode = RT33xxReverseRFSleepModeSetup;
+               }
+#else // RT33xx //
+       /* We depends on RfICType and MACVersion to assign the corresponding operation callbacks. */
+
+#ifdef RT30xx
+       if (IS_RT30xx(pAd))
+       {
+               pChipOps->pRFRegTable = RT30xx_RFRegTable;
+               pChipOps->AsicHaltAction = RT30xxHaltAction;
+#ifdef RT3090
+               if (IS_RT3090(pAd) && (pAd->infType == RTMP_DEV_INF_PCI))
+               {
+                       pChipOps->AsicRfTurnOff = RT30xxLoadRFSleepModeSetup;
+                       pChipOps->AsicRfInit = NICInitRT3090RFRegisters;
+                       pChipOps->AsicReverseRfFromSleepMode = RT30xxReverseRFSleepModeSetup;
+               }
+#endif // RT3090 //
+       }
+#endif // RT30xx //
+#endif // RT33xx //
+}
+
+#endif // RTMP_RF_RW_SUPPORT //
diff --git a/drivers/staging/rt3090/common/rtmp_init.c b/drivers/staging/rt3090/common/rtmp_init.c
new file mode 100644 (file)
index 0000000..48b95b7
--- /dev/null
@@ -0,0 +1,3882 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_init.c
+
+       Abstract:
+       Miniport generic portion header file
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+UCHAR    BIT8[] = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80};
+char*   CipherName[] = {"none","wep64","wep128","TKIP","AES","CKIP64","CKIP128"};
+
+//
+// BBP register initialization set
+//
+REG_PAIR   BBPRegTable[] = {
+       {BBP_R65,               0x2C},          // fix rssi issue
+       {BBP_R66,               0x38},  // Also set this default value to pAd->BbpTuning.R66CurrentValue at initial
+       {BBP_R69,               0x12},
+       {BBP_R70,               0xa},   // BBP_R70 will change to 0x8 in ApStartUp and LinkUp for rt2860C, otherwise value is 0xa
+       {BBP_R73,               0x10},
+       {BBP_R81,               0x37},
+       {BBP_R82,               0x62},
+       {BBP_R83,               0x6A},
+       {BBP_R84,               0x99},  // 0x19 is for rt2860E and after. This is for extension channel overlapping IOT. 0x99 is for rt2860D and before
+       {BBP_R86,               0x00},  // middle range issue, Rory @2008-01-28
+       {BBP_R91,               0x04},  // middle range issue, Rory @2008-01-28
+       {BBP_R92,               0x00},  // middle range issue, Rory @2008-01-28
+       {BBP_R103,              0x00},  // near range high-power issue, requested from Gary @2008-0528
+       {BBP_R105,              0x05},  // 0x05 is for rt2860E to turn on FEQ control. It is safe for rt2860D and before, because Bit 7:2 are reserved in rt2860D and before.
+       {BBP_R106,              0x35},  // for ShortGI throughput
+};
+#define        NUM_BBP_REG_PARMS       (sizeof(BBPRegTable) / sizeof(REG_PAIR))
+
+
+//
+// ASIC register initialization sets
+//
+
+RTMP_REG_PAIR  MACRegTable[] = {
+#if defined(HW_BEACON_OFFSET) && (HW_BEACON_OFFSET == 0x200)
+       {BCN_OFFSET0,                   0xf8f0e8e0}, /* 0x3800(e0), 0x3A00(e8), 0x3C00(f0), 0x3E00(f8), 512B for each beacon */
+       {BCN_OFFSET1,                   0x6f77d0c8}, /* 0x3200(c8), 0x3400(d0), 0x1DC0(77), 0x1BC0(6f), 512B for each beacon */
+#elif defined(HW_BEACON_OFFSET) && (HW_BEACON_OFFSET == 0x100)
+       {BCN_OFFSET0,                   0xece8e4e0}, /* 0x3800, 0x3A00, 0x3C00, 0x3E00, 512B for each beacon */
+       {BCN_OFFSET1,                   0xfcf8f4f0}, /* 0x3800, 0x3A00, 0x3C00, 0x3E00, 512B for each beacon */
+#else
+    #error You must re-calculate new value for BCN_OFFSET0 & BCN_OFFSET1 in MACRegTable[]!!!
+#endif // HW_BEACON_OFFSET //
+
+       {LEGACY_BASIC_RATE,             0x0000013f}, //  Basic rate set bitmap
+       {HT_BASIC_RATE,         0x00008003}, // Basic HT rate set , 20M, MCS=3, MM. Format is the same as in TXWI.
+       {MAC_SYS_CTRL,          0x00}, // 0x1004, , default Disable RX
+       {RX_FILTR_CFG,          0x17f97}, //0x1400  , RX filter control,
+       {BKOFF_SLOT_CFG,        0x209}, // default set short slot time, CC_DELAY_TIME should be 2
+       //{TX_SW_CFG0,          0x40a06}, // Gary,2006-08-23
+       {TX_SW_CFG0,            0x0},           // Gary,2008-05-21 for CWC test
+       {TX_SW_CFG1,            0x80606}, // Gary,2006-08-23
+       {TX_LINK_CFG,           0x1020},                // Gary,2006-08-23
+       //{TX_TIMEOUT_CFG,      0x00182090},    // CCK has some problem. So increase timieout value. 2006-10-09// MArvek RT
+       {TX_TIMEOUT_CFG,        0x000a2090},    // CCK has some problem. So increase timieout value. 2006-10-09// MArvek RT , Modify for 2860E ,2007-08-01
+       {MAX_LEN_CFG,           MAX_AGGREGATION_SIZE | 0x00001000},     // 0x3018, MAX frame length. Max PSDU = 16kbytes.
+       {LED_CFG,               0x7f031e46}, // Gary, 2006-08-23
+
+//#ifdef CONFIG_AP_SUPPORT
+//     {WMM_AIFSN_CFG,         0x00001173},
+//     {WMM_CWMIN_CFG,         0x00002344},
+//     {WMM_CWMAX_CFG,         0x000034a6},
+//     {WMM_TXOP0_CFG,         0x00100020},
+//     {WMM_TXOP1_CFG,         0x002F0038},
+//#endif // CONFIG_AP_SUPPORT //
+
+//#ifdef CONFIG_STA_SUPPORT
+//     {WMM_AIFSN_CFG,         0x00002273},
+//     {WMM_CWMIN_CFG,         0x00002344},
+//     {WMM_CWMAX_CFG,         0x000034aa},
+//#endif // CONFIG_STA_SUPPORT //
+#ifdef INF_AMAZON_SE
+       {PBF_MAX_PCNT,                  0x1F3F6F6F},    //iverson modify for usb issue, 2008/09/19
+                                                                                       // 6F + 6F < total page count FE
+                                                                                       // so that RX doesn't occupy TX's buffer space when WMM congestion.
+#else
+       {PBF_MAX_PCNT,                  0x1F3FBF9F},    //0x1F3f7f9f},          //Jan, 2006/04/20
+#endif // INF_AMAZON_SE //
+       //{TX_RTY_CFG,                  0x6bb80408},    // Jan, 2006/11/16
+// WMM_ACM_SUPPORT
+//     {TX_RTY_CFG,                    0x6bb80101},    // sample
+       {TX_RTY_CFG,                    0x47d01f0f},    // Jan, 2006/11/16, Set TxWI->ACK =0 in Probe Rsp Modify for 2860E ,2007-08-03
+
+       {AUTO_RSP_CFG,                  0x00000013},    // Initial Auto_Responder, because QA will turn off Auto-Responder
+       {CCK_PROT_CFG,                  0x05740003 /*0x01740003*/},     // Initial Auto_Responder, because QA will turn off Auto-Responder. And RTS threshold is enabled.
+       {OFDM_PROT_CFG,                 0x05740003 /*0x01740003*/},     // Initial Auto_Responder, because QA will turn off Auto-Responder. And RTS threshold is enabled.
+       {GF20_PROT_CFG,                 0x01744004},    // set 19:18 --> Short NAV for MIMO PS
+       {GF40_PROT_CFG,                 0x03F44084},
+       {MM20_PROT_CFG,                 0x01744004},
+#ifdef RTMP_MAC_PCI
+       {MM40_PROT_CFG,                 0x03F54084},
+#endif // RTMP_MAC_PCI //
+       {TXOP_CTRL_CFG,                 0x0000583f, /*0x0000243f*/ /*0x000024bf*/},     //Extension channel backoff.
+       {TX_RTS_CFG,                    0x00092b20},
+//#ifdef WIFI_TEST
+       {EXP_ACK_TIME,                  0x002400ca},    // default value
+//#else
+//     {EXP_ACK_TIME,                  0x005400ca},    // suggested by Gray @ 20070323 for 11n intel-sta throughput
+//#endif // end - WIFI_TEST //
+//#ifdef CONFIG_AP_SUPPORT
+//     {TBTT_SYNC_CFG,                 0x00422000},    // TBTT_ADJUST(7:0) == 0
+//     {TBTT_SYNC_CFG,                 0x00012000},    // TBTT_ADJUST(7:0) == 0
+//#endif // CONFIG_AP_SUPPORT //
+       {TXOP_HLDR_ET,                  0x00000002},
+
+       /* Jerry comments 2008/01/16: we use SIFS = 10us in CCK defaultly, but it seems that 10us
+               is too small for INTEL 2200bg card, so in MBSS mode, the delta time between beacon0
+               and beacon1 is SIFS (10us), so if INTEL 2200bg card connects to BSS0, the ping
+               will always lost. So we change the SIFS of CCK from 10us to 16us. */
+       {XIFS_TIME_CFG,                 0x33a41010},
+       {PWR_PIN_CFG,                   0x00000003},    // patch for 2880-E
+};
+
+
+#ifdef CONFIG_STA_SUPPORT
+RTMP_REG_PAIR  STAMACRegTable[] =      {
+       {WMM_AIFSN_CFG,         0x00002273},
+       {WMM_CWMIN_CFG, 0x00002344},
+       {WMM_CWMAX_CFG, 0x000034aa},
+};
+#endif // CONFIG_STA_SUPPORT //
+
+#define        NUM_MAC_REG_PARMS               (sizeof(MACRegTable) / sizeof(RTMP_REG_PAIR))
+#ifdef CONFIG_STA_SUPPORT
+#define        NUM_STA_MAC_REG_PARMS   (sizeof(STAMACRegTable) / sizeof(RTMP_REG_PAIR))
+#endif // CONFIG_STA_SUPPORT //
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Allocate RTMP_ADAPTER data block and do some initialization
+
+       Arguments:
+               Adapter         Pointer to our adapter
+
+       Return Value:
+               NDIS_STATUS_SUCCESS
+               NDIS_STATUS_FAILURE
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS    RTMPAllocAdapterBlock(
+       IN  PVOID       handle,
+       OUT     PRTMP_ADAPTER   *ppAdapter)
+{
+       PRTMP_ADAPTER   pAd;
+       NDIS_STATUS             Status;
+       INT                     index;
+       UCHAR                   *pBeaconBuf = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> RTMPAllocAdapterBlock\n"));
+
+       *ppAdapter = NULL;
+
+       do
+       {
+               // Allocate RTMP_ADAPTER memory block
+               pBeaconBuf = kmalloc(MAX_BEACON_SIZE, MEM_ALLOC_FLAG);
+               if (pBeaconBuf == NULL)
+               {
+                       Status = NDIS_STATUS_FAILURE;
+                       DBGPRINT_ERR(("Failed to allocate memory - BeaconBuf!\n"));
+                       break;
+               }
+               NdisZeroMemory(pBeaconBuf, MAX_BEACON_SIZE);
+
+               Status = AdapterBlockAllocateMemory(handle, (PVOID *)&pAd);
+               if (Status != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT_ERR(("Failed to allocate memory - ADAPTER\n"));
+                       break;
+               }
+               pAd->BeaconBuf = pBeaconBuf;
+               DBGPRINT(RT_DEBUG_OFF, ("\n\n=== pAd = %p, size = %d ===\n\n", pAd, (UINT32)sizeof(RTMP_ADAPTER)));
+
+
+               // Init spin locks
+               NdisAllocateSpinLock(&pAd->MgmtRingLock);
+#ifdef RTMP_MAC_PCI
+               NdisAllocateSpinLock(&pAd->RxRingLock);
+#ifdef RT3090
+#ifdef CONFIG_STA_SUPPORT
+       NdisAllocateSpinLock(&pAd->McuCmdLock);
+#endif // CONFIG_STA_SUPPORT //
+#endif // RT3090 //
+#endif // RTMP_MAC_PCI //
+
+               for (index =0 ; index < NUM_OF_TX_RING; index++)
+               {
+                       NdisAllocateSpinLock(&pAd->TxSwQueueLock[index]);
+                       NdisAllocateSpinLock(&pAd->DeQueueLock[index]);
+                       pAd->DeQueueRunning[index] = FALSE;
+               }
+
+               NdisAllocateSpinLock(&pAd->irq_lock);
+
+
+       } while (FALSE);
+
+       if ((Status != NDIS_STATUS_SUCCESS) && (pBeaconBuf))
+               kfree(pBeaconBuf);
+
+       *ppAdapter = pAd;
+
+       DBGPRINT_S(Status, ("<-- RTMPAllocAdapterBlock, Status=%x\n", Status));
+       return Status;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Read initial Tx power per MCS and BW from EEPROM
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPReadTxPwrPerRate(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       ULONG           data, Adata, Gdata;
+       USHORT          i, value, value2;
+       INT                     Apwrdelta, Gpwrdelta;
+       UCHAR           t1,t2,t3,t4;
+       BOOLEAN         bApwrdeltaMinus = TRUE, bGpwrdeltaMinus = TRUE;
+
+       //
+       // Get power delta for 20MHz and 40MHz.
+       //
+       DBGPRINT(RT_DEBUG_TRACE, ("Txpower per Rate\n"));
+       RT28xx_EEPROM_READ16(pAd, EEPROM_TXPOWER_DELTA, value2);
+       Apwrdelta = 0;
+       Gpwrdelta = 0;
+
+       if ((value2 & 0xff) != 0xff)
+       {
+               if ((value2 & 0x80))
+                       Gpwrdelta = (value2&0xf);
+
+               if ((value2 & 0x40))
+                       bGpwrdeltaMinus = FALSE;
+               else
+                       bGpwrdeltaMinus = TRUE;
+       }
+       if ((value2 & 0xff00) != 0xff00)
+       {
+               if ((value2 & 0x8000))
+                       Apwrdelta = ((value2&0xf00)>>8);
+
+               if ((value2 & 0x4000))
+                       bApwrdeltaMinus = FALSE;
+               else
+                       bApwrdeltaMinus = TRUE;
+       }
+       DBGPRINT(RT_DEBUG_TRACE, ("Gpwrdelta = %x, Apwrdelta = %x .\n", Gpwrdelta, Apwrdelta));
+
+       //
+       // Get Txpower per MCS for 20MHz in 2.4G.
+       //
+       for (i=0; i<5; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_TXPOWER_BYRATE_20MHZ_2_4G + i*4, value);
+               data = value;
+               if (bApwrdeltaMinus == FALSE)
+               {
+                       t1 = (value&0xf)+(Apwrdelta);
+                       if (t1 > 0xf)
+                               t1 = 0xf;
+                       t2 = ((value&0xf0)>>4)+(Apwrdelta);
+                       if (t2 > 0xf)
+                               t2 = 0xf;
+                       t3 = ((value&0xf00)>>8)+(Apwrdelta);
+                       if (t3 > 0xf)
+                               t3 = 0xf;
+                       t4 = ((value&0xf000)>>12)+(Apwrdelta);
+                       if (t4 > 0xf)
+                               t4 = 0xf;
+               }
+               else
+               {
+                       if ((value&0xf) > Apwrdelta)
+                               t1 = (value&0xf)-(Apwrdelta);
+                       else
+                               t1 = 0;
+                       if (((value&0xf0)>>4) > Apwrdelta)
+                               t2 = ((value&0xf0)>>4)-(Apwrdelta);
+                       else
+                               t2 = 0;
+                       if (((value&0xf00)>>8) > Apwrdelta)
+                               t3 = ((value&0xf00)>>8)-(Apwrdelta);
+                       else
+                               t3 = 0;
+                       if (((value&0xf000)>>12) > Apwrdelta)
+                               t4 = ((value&0xf000)>>12)-(Apwrdelta);
+                       else
+                               t4 = 0;
+               }
+               Adata = t1 + (t2<<4) + (t3<<8) + (t4<<12);
+               if (bGpwrdeltaMinus == FALSE)
+               {
+                       t1 = (value&0xf)+(Gpwrdelta);
+                       if (t1 > 0xf)
+                               t1 = 0xf;
+                       t2 = ((value&0xf0)>>4)+(Gpwrdelta);
+                       if (t2 > 0xf)
+                               t2 = 0xf;
+                       t3 = ((value&0xf00)>>8)+(Gpwrdelta);
+                       if (t3 > 0xf)
+                               t3 = 0xf;
+                       t4 = ((value&0xf000)>>12)+(Gpwrdelta);
+                       if (t4 > 0xf)
+                               t4 = 0xf;
+               }
+               else
+               {
+                       if ((value&0xf) > Gpwrdelta)
+                               t1 = (value&0xf)-(Gpwrdelta);
+                       else
+                               t1 = 0;
+                       if (((value&0xf0)>>4) > Gpwrdelta)
+                               t2 = ((value&0xf0)>>4)-(Gpwrdelta);
+                       else
+                               t2 = 0;
+                       if (((value&0xf00)>>8) > Gpwrdelta)
+                               t3 = ((value&0xf00)>>8)-(Gpwrdelta);
+                       else
+                               t3 = 0;
+                       if (((value&0xf000)>>12) > Gpwrdelta)
+                               t4 = ((value&0xf000)>>12)-(Gpwrdelta);
+                       else
+                               t4 = 0;
+               }
+               Gdata = t1 + (t2<<4) + (t3<<8) + (t4<<12);
+
+               RT28xx_EEPROM_READ16(pAd, EEPROM_TXPOWER_BYRATE_20MHZ_2_4G + i*4 + 2, value);
+               if (bApwrdeltaMinus == FALSE)
+               {
+                       t1 = (value&0xf)+(Apwrdelta);
+                       if (t1 > 0xf)
+                               t1 = 0xf;
+                       t2 = ((value&0xf0)>>4)+(Apwrdelta);
+                       if (t2 > 0xf)
+                               t2 = 0xf;
+                       t3 = ((value&0xf00)>>8)+(Apwrdelta);
+                       if (t3 > 0xf)
+                               t3 = 0xf;
+                       t4 = ((value&0xf000)>>12)+(Apwrdelta);
+                       if (t4 > 0xf)
+                               t4 = 0xf;
+               }
+               else
+               {
+                       if ((value&0xf) > Apwrdelta)
+                               t1 = (value&0xf)-(Apwrdelta);
+                       else
+                               t1 = 0;
+                       if (((value&0xf0)>>4) > Apwrdelta)
+                               t2 = ((value&0xf0)>>4)-(Apwrdelta);
+                       else
+                               t2 = 0;
+                       if (((value&0xf00)>>8) > Apwrdelta)
+                               t3 = ((value&0xf00)>>8)-(Apwrdelta);
+                       else
+                               t3 = 0;
+                       if (((value&0xf000)>>12) > Apwrdelta)
+                               t4 = ((value&0xf000)>>12)-(Apwrdelta);
+                       else
+                               t4 = 0;
+               }
+               Adata |= ((t1<<16) + (t2<<20) + (t3<<24) + (t4<<28));
+               if (bGpwrdeltaMinus == FALSE)
+               {
+                       t1 = (value&0xf)+(Gpwrdelta);
+                       if (t1 > 0xf)
+                               t1 = 0xf;
+                       t2 = ((value&0xf0)>>4)+(Gpwrdelta);
+                       if (t2 > 0xf)
+                               t2 = 0xf;
+                       t3 = ((value&0xf00)>>8)+(Gpwrdelta);
+                       if (t3 > 0xf)
+                               t3 = 0xf;
+                       t4 = ((value&0xf000)>>12)+(Gpwrdelta);
+                       if (t4 > 0xf)
+                               t4 = 0xf;
+               }
+               else
+               {
+                       if ((value&0xf) > Gpwrdelta)
+                               t1 = (value&0xf)-(Gpwrdelta);
+                       else
+                               t1 = 0;
+                       if (((value&0xf0)>>4) > Gpwrdelta)
+                               t2 = ((value&0xf0)>>4)-(Gpwrdelta);
+                       else
+                               t2 = 0;
+                       if (((value&0xf00)>>8) > Gpwrdelta)
+                               t3 = ((value&0xf00)>>8)-(Gpwrdelta);
+                       else
+                               t3 = 0;
+                       if (((value&0xf000)>>12) > Gpwrdelta)
+                               t4 = ((value&0xf000)>>12)-(Gpwrdelta);
+                       else
+                               t4 = 0;
+               }
+               Gdata |= ((t1<<16) + (t2<<20) + (t3<<24) + (t4<<28));
+               data |= (value<<16);
+
+               /* For 20M/40M Power Delta issue */
+               pAd->Tx20MPwrCfgABand[i] = data;
+               pAd->Tx20MPwrCfgGBand[i] = data;
+               pAd->Tx40MPwrCfgABand[i] = Adata;
+               pAd->Tx40MPwrCfgGBand[i] = Gdata;
+
+               if (data != 0xffffffff)
+                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, data);
+               DBGPRINT_RAW(RT_DEBUG_TRACE, ("20MHz BW, 2.4G band-%lx,  Adata = %lx,  Gdata = %lx \n", data, Adata, Gdata));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Read initial channel power parameters from EEPROM
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPReadChannelPwr(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       UCHAR                           i, choffset;
+       EEPROM_TX_PWR_STRUC         Power;
+       EEPROM_TX_PWR_STRUC         Power2;
+
+       // Read Tx power value for all channels
+       // Value from 1 - 0x7f. Default value is 24.
+       // Power value : 2.4G 0x00 (0) ~ 0x1F (31)
+       //             : 5.5G 0xF9 (-7) ~ 0x0F (15)
+
+       // 0. 11b/g, ch1 - ch 14
+       for (i = 0; i < 7; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_G_TX_PWR_OFFSET + i * 2, Power.word);
+               RT28xx_EEPROM_READ16(pAd, EEPROM_G_TX2_PWR_OFFSET + i * 2, Power2.word);
+               pAd->TxPower[i * 2].Channel = i * 2 + 1;
+               pAd->TxPower[i * 2 + 1].Channel = i * 2 + 2;
+
+               if ((Power.field.Byte0 > 31) || (Power.field.Byte0 < 0))
+                       pAd->TxPower[i * 2].Power = DEFAULT_RF_TX_POWER;
+               else
+                       pAd->TxPower[i * 2].Power = Power.field.Byte0;
+
+               if ((Power.field.Byte1 > 31) || (Power.field.Byte1 < 0))
+                       pAd->TxPower[i * 2 + 1].Power = DEFAULT_RF_TX_POWER;
+               else
+                       pAd->TxPower[i * 2 + 1].Power = Power.field.Byte1;
+
+               if ((Power2.field.Byte0 > 31) || (Power2.field.Byte0 < 0))
+                       pAd->TxPower[i * 2].Power2 = DEFAULT_RF_TX_POWER;
+               else
+                       pAd->TxPower[i * 2].Power2 = Power2.field.Byte0;
+
+               if ((Power2.field.Byte1 > 31) || (Power2.field.Byte1 < 0))
+                       pAd->TxPower[i * 2 + 1].Power2 = DEFAULT_RF_TX_POWER;
+               else
+                       pAd->TxPower[i * 2 + 1].Power2 = Power2.field.Byte1;
+       }
+
+       // 1. U-NII lower/middle band: 36, 38, 40; 44, 46, 48; 52, 54, 56; 60, 62, 64 (including central frequency in BW 40MHz)
+       // 1.1 Fill up channel
+       choffset = 14;
+       for (i = 0; i < 4; i++)
+       {
+               pAd->TxPower[3 * i + choffset + 0].Channel      = 36 + i * 8 + 0;
+               pAd->TxPower[3 * i + choffset + 0].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 0].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 1].Channel      = 36 + i * 8 + 2;
+               pAd->TxPower[3 * i + choffset + 1].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 1].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 2].Channel      = 36 + i * 8 + 4;
+               pAd->TxPower[3 * i + choffset + 2].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 2].Power2       = DEFAULT_RF_TX_POWER;
+       }
+
+       // 1.2 Fill up power
+       for (i = 0; i < 6; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX_PWR_OFFSET + i * 2, Power.word);
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX2_PWR_OFFSET + i * 2, Power2.word);
+
+               if ((Power.field.Byte0 < 16) && (Power.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power = Power.field.Byte0;
+
+               if ((Power.field.Byte1 < 16) && (Power.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power = Power.field.Byte1;
+
+               if ((Power2.field.Byte0 < 16) && (Power2.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power2 = Power2.field.Byte0;
+
+               if ((Power2.field.Byte1 < 16) && (Power2.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power2 = Power2.field.Byte1;
+       }
+
+       // 2. HipperLAN 2 100, 102 ,104; 108, 110, 112; 116, 118, 120; 124, 126, 128; 132, 134, 136; 140 (including central frequency in BW 40MHz)
+       // 2.1 Fill up channel
+       choffset = 14 + 12;
+       for (i = 0; i < 5; i++)
+       {
+               pAd->TxPower[3 * i + choffset + 0].Channel      = 100 + i * 8 + 0;
+               pAd->TxPower[3 * i + choffset + 0].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 0].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 1].Channel      = 100 + i * 8 + 2;
+               pAd->TxPower[3 * i + choffset + 1].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 1].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 2].Channel      = 100 + i * 8 + 4;
+               pAd->TxPower[3 * i + choffset + 2].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 2].Power2       = DEFAULT_RF_TX_POWER;
+       }
+       pAd->TxPower[3 * 5 + choffset + 0].Channel              = 140;
+       pAd->TxPower[3 * 5 + choffset + 0].Power                = DEFAULT_RF_TX_POWER;
+       pAd->TxPower[3 * 5 + choffset + 0].Power2               = DEFAULT_RF_TX_POWER;
+
+       // 2.2 Fill up power
+       for (i = 0; i < 8; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX_PWR_OFFSET + (choffset - 14) + i * 2, Power.word);
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX2_PWR_OFFSET + (choffset - 14) + i * 2, Power2.word);
+
+               if ((Power.field.Byte0 < 16) && (Power.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power = Power.field.Byte0;
+
+               if ((Power.field.Byte1 < 16) && (Power.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power = Power.field.Byte1;
+
+               if ((Power2.field.Byte0 < 16) && (Power2.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power2 = Power2.field.Byte0;
+
+               if ((Power2.field.Byte1 < 16) && (Power2.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power2 = Power2.field.Byte1;
+       }
+
+       // 3. U-NII upper band: 149, 151, 153; 157, 159, 161; 165, 167, 169; 171, 173 (including central frequency in BW 40MHz)
+       // 3.1 Fill up channel
+       choffset = 14 + 12 + 16;
+       /*for (i = 0; i < 2; i++)*/
+       for (i = 0; i < 3; i++)
+       {
+               pAd->TxPower[3 * i + choffset + 0].Channel      = 149 + i * 8 + 0;
+               pAd->TxPower[3 * i + choffset + 0].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 0].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 1].Channel      = 149 + i * 8 + 2;
+               pAd->TxPower[3 * i + choffset + 1].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 1].Power2       = DEFAULT_RF_TX_POWER;
+
+               pAd->TxPower[3 * i + choffset + 2].Channel      = 149 + i * 8 + 4;
+               pAd->TxPower[3 * i + choffset + 2].Power        = DEFAULT_RF_TX_POWER;
+               pAd->TxPower[3 * i + choffset + 2].Power2       = DEFAULT_RF_TX_POWER;
+       }
+       pAd->TxPower[3 * 3 + choffset + 0].Channel              = 171;
+       pAd->TxPower[3 * 3 + choffset + 0].Power                = DEFAULT_RF_TX_POWER;
+       pAd->TxPower[3 * 3 + choffset + 0].Power2               = DEFAULT_RF_TX_POWER;
+
+       pAd->TxPower[3 * 3 + choffset + 1].Channel              = 173;
+       pAd->TxPower[3 * 3 + choffset + 1].Power                = DEFAULT_RF_TX_POWER;
+       pAd->TxPower[3 * 3 + choffset + 1].Power2               = DEFAULT_RF_TX_POWER;
+
+       // 3.2 Fill up power
+       /*for (i = 0; i < 4; i++)*/
+       for (i = 0; i < 6; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX_PWR_OFFSET + (choffset - 14) + i * 2, Power.word);
+               RT28xx_EEPROM_READ16(pAd, EEPROM_A_TX2_PWR_OFFSET + (choffset - 14) + i * 2, Power2.word);
+
+               if ((Power.field.Byte0 < 16) && (Power.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power = Power.field.Byte0;
+
+               if ((Power.field.Byte1 < 16) && (Power.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power = Power.field.Byte1;
+
+               if ((Power2.field.Byte0 < 16) && (Power2.field.Byte0 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 0].Power2 = Power2.field.Byte0;
+
+               if ((Power2.field.Byte1 < 16) && (Power2.field.Byte1 >= -7))
+                       pAd->TxPower[i * 2 + choffset + 1].Power2 = Power2.field.Byte1;
+       }
+
+       // 4. Print and Debug
+       /*choffset = 14 + 12 + 16 + 7;*/
+       choffset = 14 + 12 + 16 + 11;
+
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Read the following from the registry
+               1. All the parameters
+               2. NetworkAddres
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+               WrapperConfigurationContext     For use by NdisOpenConfiguration
+
+       Return Value:
+               NDIS_STATUS_SUCCESS
+               NDIS_STATUS_FAILURE
+               NDIS_STATUS_RESOURCES
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS    NICReadRegParameters(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      NDIS_HANDLE                     WrapperConfigurationContext
+       )
+{
+       NDIS_STATUS                                             Status = NDIS_STATUS_SUCCESS;
+       DBGPRINT_S(Status, ("<-- NICReadRegParameters, Status=%x\n", Status));
+       return Status;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Read initial parameters from EEPROM
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   NICReadEEPROMParameters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  mac_addr)
+{
+       UINT32                  data = 0;
+       USHORT                  i, value, value2;
+       UCHAR                   TmpPhy;
+       EEPROM_TX_PWR_STRUC         Power;
+       EEPROM_VERSION_STRUC    Version;
+       EEPROM_ANTENNA_STRUC    Antenna;
+       EEPROM_NIC_CONFIG2_STRUC    NicConfig2;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> NICReadEEPROMParameters\n"));
+
+       if (pAd->chipOps.eeinit)
+               pAd->chipOps.eeinit(pAd);
+#ifdef RTMP_EFUSE_SUPPORT
+#ifdef RT30xx
+       if(!pAd->bFroceEEPROMBuffer && pAd->bEEPROMFile)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("--> NICReadEEPROMParameters::(Efuse)Load  to EEPROM Buffer Mode\n"));
+               eFuseLoadEEPROM(pAd);
+       }
+#endif // RT30xx //
+#endif // RTMP_EFUSE_SUPPORT //
+
+       // Init EEPROM Address Number, before access EEPROM; if 93c46, EEPROMAddressNum=6, else if 93c66, EEPROMAddressNum=8
+       RTMP_IO_READ32(pAd, E2PROM_CSR, &data);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> E2PROM_CSR = 0x%x\n", data));
+
+       if((data & 0x30) == 0)
+               pAd->EEPROMAddressNum = 6;              // 93C46
+       else if((data & 0x30) == 0x10)
+               pAd->EEPROMAddressNum = 8;     // 93C66
+       else
+               pAd->EEPROMAddressNum = 8;     // 93C86
+       DBGPRINT(RT_DEBUG_TRACE, ("--> EEPROMAddressNum = %d\n", pAd->EEPROMAddressNum ));
+
+       // RT2860 MAC no longer auto load MAC address from E2PROM. Driver has to intialize
+       // MAC address registers according to E2PROM setting
+       if (mac_addr == NULL ||
+               strlen((PSTRING) mac_addr) != 17 ||
+               mac_addr[2] != ':'  || mac_addr[5] != ':'  || mac_addr[8] != ':' ||
+               mac_addr[11] != ':' || mac_addr[14] != ':')
+       {
+               USHORT  Addr01,Addr23,Addr45 ;
+
+               RT28xx_EEPROM_READ16(pAd, 0x04, Addr01);
+               RT28xx_EEPROM_READ16(pAd, 0x06, Addr23);
+               RT28xx_EEPROM_READ16(pAd, 0x08, Addr45);
+
+               pAd->PermanentAddress[0] = (UCHAR)(Addr01 & 0xff);
+               pAd->PermanentAddress[1] = (UCHAR)(Addr01 >> 8);
+               pAd->PermanentAddress[2] = (UCHAR)(Addr23 & 0xff);
+               pAd->PermanentAddress[3] = (UCHAR)(Addr23 >> 8);
+               pAd->PermanentAddress[4] = (UCHAR)(Addr45 & 0xff);
+               pAd->PermanentAddress[5] = (UCHAR)(Addr45 >> 8);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Initialize MAC Address from E2PROM \n"));
+       }
+       else
+       {
+               INT             j;
+               PSTRING macptr;
+
+               macptr = (PSTRING) mac_addr;
+
+               for (j=0; j<MAC_ADDR_LEN; j++)
+               {
+                       AtoH(macptr, &pAd->PermanentAddress[j], 1);
+                       macptr=macptr+3;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Initialize MAC Address from module parameter \n"));
+       }
+
+
+       {
+               //more conveninet to test mbssid, so ap's bssid &0xf1
+               if (pAd->PermanentAddress[0] == 0xff)
+                       pAd->PermanentAddress[0] = RandomByte(pAd)&0xf8;
+
+               //if (pAd->PermanentAddress[5] == 0xff)
+               //      pAd->PermanentAddress[5] = RandomByte(pAd)&0xf8;
+
+               DBGPRINT_RAW(RT_DEBUG_TRACE,("E2PROM MAC: =%02x:%02x:%02x:%02x:%02x:%02x\n",
+                       pAd->PermanentAddress[0], pAd->PermanentAddress[1],
+                       pAd->PermanentAddress[2], pAd->PermanentAddress[3],
+                       pAd->PermanentAddress[4], pAd->PermanentAddress[5]));
+               if (pAd->bLocalAdminMAC == FALSE)
+               {
+                       MAC_DW0_STRUC csr2;
+                       MAC_DW1_STRUC csr3;
+                       COPY_MAC_ADDR(pAd->CurrentAddress, pAd->PermanentAddress);
+                       csr2.field.Byte0 = pAd->CurrentAddress[0];
+                       csr2.field.Byte1 = pAd->CurrentAddress[1];
+                       csr2.field.Byte2 = pAd->CurrentAddress[2];
+                       csr2.field.Byte3 = pAd->CurrentAddress[3];
+                       RTMP_IO_WRITE32(pAd, MAC_ADDR_DW0, csr2.word);
+                       csr3.word = 0;
+                       csr3.field.Byte4 = pAd->CurrentAddress[4];
+                       csr3.field.Byte5 = pAd->CurrentAddress[5];
+                       csr3.field.U2MeMask = 0xff;
+                       RTMP_IO_WRITE32(pAd, MAC_ADDR_DW1, csr3.word);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE,("E2PROM MAC: =%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                       PRINT_MAC(pAd->PermanentAddress)));
+               }
+       }
+
+       // if not return early. cause fail at emulation.
+       // Init the channel number for TX channel power
+       RTMPReadChannelPwr(pAd);
+
+       // if E2PROM version mismatch with driver's expectation, then skip
+       // all subsequent E2RPOM retieval and set a system error bit to notify GUI
+       RT28xx_EEPROM_READ16(pAd, EEPROM_VERSION_OFFSET, Version.word);
+       pAd->EepromVersion = Version.field.Version + Version.field.FaeReleaseNumber * 256;
+       DBGPRINT(RT_DEBUG_TRACE, ("E2PROM: Version = %d, FAE release #%d\n", Version.field.Version, Version.field.FaeReleaseNumber));
+
+       if (Version.field.Version > VALID_EEPROM_VERSION)
+       {
+               DBGPRINT_ERR(("E2PROM: WRONG VERSION 0x%x, should be %d\n",Version.field.Version, VALID_EEPROM_VERSION));
+               /*pAd->SystemErrorBitmap |= 0x00000001;
+
+               // hard-code default value when no proper E2PROM installed
+               pAd->bAutoTxAgcA = FALSE;
+               pAd->bAutoTxAgcG = FALSE;
+
+               // Default the channel power
+               for (i = 0; i < MAX_NUM_OF_CHANNELS; i++)
+                       pAd->TxPower[i].Power = DEFAULT_RF_TX_POWER;
+
+               // Default the channel power
+               for (i = 0; i < MAX_NUM_OF_11JCHANNELS; i++)
+                       pAd->TxPower11J[i].Power = DEFAULT_RF_TX_POWER;
+
+               for(i = 0; i < NUM_EEPROM_BBP_PARMS; i++)
+                       pAd->EEPROMDefaultValue[i] = 0xffff;
+               return;  */
+       }
+
+       // Read BBP default value from EEPROM and store to array(EEPROMDefaultValue) in pAd
+       RT28xx_EEPROM_READ16(pAd, EEPROM_NIC1_OFFSET, value);
+       pAd->EEPROMDefaultValue[0] = value;
+
+       RT28xx_EEPROM_READ16(pAd, EEPROM_NIC2_OFFSET, value);
+       pAd->EEPROMDefaultValue[1] = value;
+
+       RT28xx_EEPROM_READ16(pAd, 0x38, value); // Country Region
+       pAd->EEPROMDefaultValue[2] = value;
+
+       for(i = 0; i < 8; i++)
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_BBP_BASE_OFFSET + i*2, value);
+               pAd->EEPROMDefaultValue[i+3] = value;
+       }
+
+       // We have to parse NIC configuration 0 at here.
+       // If TSSI did not have preloaded value, it should reset the TxAutoAgc to false
+       // Therefore, we have to read TxAutoAgc control beforehand.
+       // Read Tx AGC control bit
+       Antenna.word = pAd->EEPROMDefaultValue[0];
+       if (Antenna.word == 0xFFFF)
+       {
+#ifdef RT30xx
+               if(IS_RT3090(pAd)|| IS_RT3390(pAd))
+               {
+                       Antenna.word = 0;
+                       Antenna.field.RfIcType = RFIC_3020;
+                       Antenna.field.TxPath = 1;
+                       Antenna.field.RxPath = 1;
+               }
+               else
+#endif // RT30xx //
+               {
+
+                       Antenna.word = 0;
+                       Antenna.field.RfIcType = RFIC_2820;
+                       Antenna.field.TxPath = 1;
+                       Antenna.field.RxPath = 2;
+                       DBGPRINT(RT_DEBUG_WARN, ("E2PROM error, hard code as 0x%04x\n", Antenna.word));
+               }
+       }
+
+       // Choose the desired Tx&Rx stream.
+       if ((pAd->CommonCfg.TxStream == 0) || (pAd->CommonCfg.TxStream > Antenna.field.TxPath))
+               pAd->CommonCfg.TxStream = Antenna.field.TxPath;
+
+       if ((pAd->CommonCfg.RxStream == 0) || (pAd->CommonCfg.RxStream > Antenna.field.RxPath))
+       {
+               pAd->CommonCfg.RxStream = Antenna.field.RxPath;
+
+               if ((pAd->MACVersion < RALINK_2883_VERSION) &&
+                       (pAd->CommonCfg.RxStream > 2))
+               {
+                       // only 2 Rx streams for RT2860 series
+                       pAd->CommonCfg.RxStream = 2;
+               }
+       }
+
+       // 3*3
+       // read value from EEPROM and set them to CSR174 ~ 177 in chain0 ~ chain2
+       // yet implement
+       for(i=0; i<3; i++)
+       {
+       }
+
+       NicConfig2.word = pAd->EEPROMDefaultValue[1];
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if ((NicConfig2.word & 0x00ff) == 0xff)
+               {
+                       NicConfig2.word &= 0xff00;
+               }
+
+               if ((NicConfig2.word >> 8) == 0xff)
+               {
+                       NicConfig2.word &= 0x00ff;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       if (NicConfig2.field.DynamicTxAgcControl == 1)
+               pAd->bAutoTxAgcA = pAd->bAutoTxAgcG = TRUE;
+       else
+               pAd->bAutoTxAgcA = pAd->bAutoTxAgcG = FALSE;
+
+       DBGPRINT_RAW(RT_DEBUG_TRACE, ("NICReadEEPROMParameters: RxPath = %d, TxPath = %d\n", Antenna.field.RxPath, Antenna.field.TxPath));
+
+       // Save the antenna for future use
+       pAd->Antenna.word = Antenna.word;
+
+       // Set the RfICType here, then we can initialize RFIC related operation callbacks
+       pAd->Mlme.RealRxPath = (UCHAR) Antenna.field.RxPath;
+       pAd->RfIcType = (UCHAR) Antenna.field.RfIcType;
+
+#ifdef RTMP_RF_RW_SUPPORT
+       RtmpChipOpsRFHook(pAd);
+#endif // RTMP_RF_RW_SUPPORT //
+
+       //
+       // Reset PhyMode if we don't support 802.11a
+       // Only RFIC_2850 & RFIC_2750 support 802.11a
+       //
+       if ((Antenna.field.RfIcType != RFIC_2850)
+               && (Antenna.field.RfIcType != RFIC_2750)
+               && (Antenna.field.RfIcType != RFIC_3052))
+       {
+               if ((pAd->CommonCfg.PhyMode == PHY_11ABG_MIXED) ||
+                       (pAd->CommonCfg.PhyMode == PHY_11A))
+                       pAd->CommonCfg.PhyMode = PHY_11BG_MIXED;
+#ifdef DOT11_N_SUPPORT
+               else if ((pAd->CommonCfg.PhyMode == PHY_11ABGN_MIXED)   ||
+                                (pAd->CommonCfg.PhyMode == PHY_11AN_MIXED)     ||
+                                (pAd->CommonCfg.PhyMode == PHY_11AGN_MIXED)    ||
+                                (pAd->CommonCfg.PhyMode == PHY_11N_5G))
+                       pAd->CommonCfg.PhyMode = PHY_11BGN_MIXED;
+#endif // DOT11_N_SUPPORT //
+       }
+
+       // Read TSSI reference and TSSI boundary for temperature compensation. This is ugly
+       // 0. 11b/g
+       {
+               /* these are tempature reference value (0x00 ~ 0xFE)
+                  ex: 0x00 0x15 0x25 0x45 0x88 0xA0 0xB5 0xD0 0xF0
+                  TssiPlusBoundaryG [4] [3] [2] [1] [0] (smaller) +
+                  TssiMinusBoundaryG[0] [1] [2] [3] [4] (larger) */
+               RT28xx_EEPROM_READ16(pAd, 0x6E, Power.word);
+               pAd->TssiMinusBoundaryG[4] = Power.field.Byte0;
+               pAd->TssiMinusBoundaryG[3] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0x70, Power.word);
+               pAd->TssiMinusBoundaryG[2] = Power.field.Byte0;
+               pAd->TssiMinusBoundaryG[1] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0x72, Power.word);
+               pAd->TssiRefG   = Power.field.Byte0; /* reference value [0] */
+               pAd->TssiPlusBoundaryG[1] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0x74, Power.word);
+               pAd->TssiPlusBoundaryG[2] = Power.field.Byte0;
+               pAd->TssiPlusBoundaryG[3] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0x76, Power.word);
+               pAd->TssiPlusBoundaryG[4] = Power.field.Byte0;
+               pAd->TxAgcStepG = Power.field.Byte1;
+               pAd->TxAgcCompensateG = 0;
+               pAd->TssiMinusBoundaryG[0] = pAd->TssiRefG;
+               pAd->TssiPlusBoundaryG[0]  = pAd->TssiRefG;
+
+               // Disable TxAgc if the based value is not right
+               if (pAd->TssiRefG == 0xff)
+                       pAd->bAutoTxAgcG = FALSE;
+
+               DBGPRINT(RT_DEBUG_TRACE,("E2PROM: G Tssi[-4 .. +4] = %d %d %d %d - %d -%d %d %d %d, step=%d, tuning=%d\n",
+                       pAd->TssiMinusBoundaryG[4], pAd->TssiMinusBoundaryG[3], pAd->TssiMinusBoundaryG[2], pAd->TssiMinusBoundaryG[1],
+                       pAd->TssiRefG,
+                       pAd->TssiPlusBoundaryG[1], pAd->TssiPlusBoundaryG[2], pAd->TssiPlusBoundaryG[3], pAd->TssiPlusBoundaryG[4],
+                       pAd->TxAgcStepG, pAd->bAutoTxAgcG));
+       }
+       // 1. 11a
+       {
+               RT28xx_EEPROM_READ16(pAd, 0xD4, Power.word);
+               pAd->TssiMinusBoundaryA[4] = Power.field.Byte0;
+               pAd->TssiMinusBoundaryA[3] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0xD6, Power.word);
+               pAd->TssiMinusBoundaryA[2] = Power.field.Byte0;
+               pAd->TssiMinusBoundaryA[1] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0xD8, Power.word);
+               pAd->TssiRefA   = Power.field.Byte0;
+               pAd->TssiPlusBoundaryA[1] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0xDA, Power.word);
+               pAd->TssiPlusBoundaryA[2] = Power.field.Byte0;
+               pAd->TssiPlusBoundaryA[3] = Power.field.Byte1;
+               RT28xx_EEPROM_READ16(pAd, 0xDC, Power.word);
+               pAd->TssiPlusBoundaryA[4] = Power.field.Byte0;
+               pAd->TxAgcStepA = Power.field.Byte1;
+               pAd->TxAgcCompensateA = 0;
+               pAd->TssiMinusBoundaryA[0] = pAd->TssiRefA;
+               pAd->TssiPlusBoundaryA[0]  = pAd->TssiRefA;
+
+               // Disable TxAgc if the based value is not right
+               if (pAd->TssiRefA == 0xff)
+                       pAd->bAutoTxAgcA = FALSE;
+
+               DBGPRINT(RT_DEBUG_TRACE,("E2PROM: A Tssi[-4 .. +4] = %d %d %d %d - %d -%d %d %d %d, step=%d, tuning=%d\n",
+                       pAd->TssiMinusBoundaryA[4], pAd->TssiMinusBoundaryA[3], pAd->TssiMinusBoundaryA[2], pAd->TssiMinusBoundaryA[1],
+                       pAd->TssiRefA,
+                       pAd->TssiPlusBoundaryA[1], pAd->TssiPlusBoundaryA[2], pAd->TssiPlusBoundaryA[3], pAd->TssiPlusBoundaryA[4],
+                       pAd->TxAgcStepA, pAd->bAutoTxAgcA));
+       }
+       pAd->BbpRssiToDbmDelta = 0x0;
+
+       // Read frequency offset setting for RF
+       RT28xx_EEPROM_READ16(pAd, EEPROM_FREQ_OFFSET, value);
+       if ((value & 0x00FF) != 0x00FF)
+               pAd->RfFreqOffset = (ULONG) (value & 0x00FF);
+       else
+               pAd->RfFreqOffset = 0;
+       DBGPRINT(RT_DEBUG_TRACE, ("E2PROM: RF FreqOffset=0x%lx \n", pAd->RfFreqOffset));
+
+       //CountryRegion byte offset (38h)
+       value = pAd->EEPROMDefaultValue[2] >> 8;                // 2.4G band
+       value2 = pAd->EEPROMDefaultValue[2] & 0x00FF;   // 5G band
+
+       if ((value <= REGION_MAXIMUM_BG_BAND) && (value2 <= REGION_MAXIMUM_A_BAND))
+       {
+               pAd->CommonCfg.CountryRegion = ((UCHAR) value) | 0x80;
+               pAd->CommonCfg.CountryRegionForABand = ((UCHAR) value2) | 0x80;
+               TmpPhy = pAd->CommonCfg.PhyMode;
+               pAd->CommonCfg.PhyMode = 0xff;
+               RTMPSetPhyMode(pAd, TmpPhy);
+#ifdef DOT11_N_SUPPORT
+               SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+       }
+
+       //
+       // Get RSSI Offset on EEPROM 0x9Ah & 0x9Ch.
+       // The valid value are (-10 ~ 10)
+       //
+       RT28xx_EEPROM_READ16(pAd, EEPROM_RSSI_BG_OFFSET, value);
+       pAd->BGRssiOffset0 = value & 0x00ff;
+       pAd->BGRssiOffset1 = (value >> 8);
+       RT28xx_EEPROM_READ16(pAd, EEPROM_RSSI_BG_OFFSET+2, value);
+       pAd->BGRssiOffset2 = value & 0x00ff;
+       pAd->ALNAGain1 = (value >> 8);
+       RT28xx_EEPROM_READ16(pAd, EEPROM_LNA_OFFSET, value);
+       pAd->BLNAGain = value & 0x00ff;
+       pAd->ALNAGain0 = (value >> 8);
+
+       // Validate 11b/g RSSI_0 offset.
+       if ((pAd->BGRssiOffset0 < -10) || (pAd->BGRssiOffset0 > 10))
+               pAd->BGRssiOffset0 = 0;
+
+       // Validate 11b/g RSSI_1 offset.
+       if ((pAd->BGRssiOffset1 < -10) || (pAd->BGRssiOffset1 > 10))
+               pAd->BGRssiOffset1 = 0;
+
+       // Validate 11b/g RSSI_2 offset.
+       if ((pAd->BGRssiOffset2 < -10) || (pAd->BGRssiOffset2 > 10))
+               pAd->BGRssiOffset2 = 0;
+
+       RT28xx_EEPROM_READ16(pAd, EEPROM_RSSI_A_OFFSET, value);
+       pAd->ARssiOffset0 = value & 0x00ff;
+       pAd->ARssiOffset1 = (value >> 8);
+       RT28xx_EEPROM_READ16(pAd, (EEPROM_RSSI_A_OFFSET+2), value);
+       pAd->ARssiOffset2 = value & 0x00ff;
+       pAd->ALNAGain2 = (value >> 8);
+
+       if (((UCHAR)pAd->ALNAGain1 == 0xFF) || (pAd->ALNAGain1 == 0x00))
+               pAd->ALNAGain1 = pAd->ALNAGain0;
+       if (((UCHAR)pAd->ALNAGain2 == 0xFF) || (pAd->ALNAGain2 == 0x00))
+               pAd->ALNAGain2 = pAd->ALNAGain0;
+
+       // Validate 11a RSSI_0 offset.
+       if ((pAd->ARssiOffset0 < -10) || (pAd->ARssiOffset0 > 10))
+               pAd->ARssiOffset0 = 0;
+
+       // Validate 11a RSSI_1 offset.
+       if ((pAd->ARssiOffset1 < -10) || (pAd->ARssiOffset1 > 10))
+               pAd->ARssiOffset1 = 0;
+
+       //Validate 11a RSSI_2 offset.
+       if ((pAd->ARssiOffset2 < -10) || (pAd->ARssiOffset2 > 10))
+               pAd->ARssiOffset2 = 0;
+
+#ifdef RT30xx
+       //
+       // Get TX mixer gain setting
+       // 0xff are invalid value
+       // Note: RT30xX default value is 0x00 and will program to RF_R17 only when this value is not zero.
+       //       RT359X default value is 0x02
+       //
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               RT28xx_EEPROM_READ16(pAd, EEPROM_TXMIXER_GAIN_2_4G, value);
+               pAd->TxMixerGain24G = 0;
+               value &= 0x00ff;
+               if (value != 0xff)
+               {
+                       value &= 0x07;
+                       pAd->TxMixerGain24G = (UCHAR)value;
+               }
+       }
+#endif // RT30xx //
+
+       //
+       // Get LED Setting.
+       //
+       RT28xx_EEPROM_READ16(pAd, 0x3a, value);
+       pAd->LedCntl.word = (value>>8);
+       RT28xx_EEPROM_READ16(pAd, EEPROM_LED1_OFFSET, value);
+       pAd->Led1 = value;
+       RT28xx_EEPROM_READ16(pAd, EEPROM_LED2_OFFSET, value);
+       pAd->Led2 = value;
+       RT28xx_EEPROM_READ16(pAd, EEPROM_LED3_OFFSET, value);
+       pAd->Led3 = value;
+
+       RTMPReadTxPwrPerRate(pAd);
+
+#ifdef SINGLE_SKU
+       RT28xx_EEPROM_READ16(pAd, EEPROM_DEFINE_MAX_TXPWR, pAd->CommonCfg.DefineMaxTxPwr);
+#endif // SINGLE_SKU //
+
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+       RtmpEfuseSupportCheck(pAd);
+#endif // RTMP_EFUSE_SUPPORT //
+#endif // RT30xx //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- NICReadEEPROMParameters\n"));
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Set default value from EEPROM
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   NICInitAsicFromEEPROM(
+       IN      PRTMP_ADAPTER   pAd)
+{
+#ifdef CONFIG_STA_SUPPORT
+       UINT32                                  data = 0;
+       UCHAR   BBPR1 = 0;
+#endif // CONFIG_STA_SUPPORT //
+       USHORT                                  i;
+//     EEPROM_ANTENNA_STRUC    Antenna;
+       EEPROM_NIC_CONFIG2_STRUC    NicConfig2;
+       UCHAR   BBPR3 = 0;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> NICInitAsicFromEEPROM\n"));
+       for(i = 3; i < NUM_EEPROM_BBP_PARMS; i++)
+       {
+               UCHAR BbpRegIdx, BbpValue;
+
+               if ((pAd->EEPROMDefaultValue[i] != 0xFFFF) && (pAd->EEPROMDefaultValue[i] != 0))
+               {
+                       BbpRegIdx = (UCHAR)(pAd->EEPROMDefaultValue[i] >> 8);
+                       BbpValue  = (UCHAR)(pAd->EEPROMDefaultValue[i] & 0xff);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BbpRegIdx, BbpValue);
+               }
+       }
+
+
+       NicConfig2.word = pAd->EEPROMDefaultValue[1];
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if ((NicConfig2.word & 0x00ff) == 0xff)
+               {
+                       NicConfig2.word &= 0xff00;
+               }
+
+               if ((NicConfig2.word >> 8) == 0xff)
+               {
+                       NicConfig2.word &= 0x00ff;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Save the antenna for future use
+       pAd->NicConfig2.word = NicConfig2.word;
+
+#ifdef RT30xx
+       // set default antenna as main
+       if (pAd->RfIcType == RFIC_3020)
+               AsicSetRxAnt(pAd, pAd->RxAnt.Pair1PrimaryRxAnt);
+#endif // RT30xx //
+
+       //
+       // Send LED Setting to MCU.
+       //
+       if (pAd->LedCntl.word == 0xFF)
+       {
+               pAd->LedCntl.word = 0x01;
+               pAd->Led1 = 0x5555;
+               pAd->Led2 = 0x2221;
+
+#ifdef RTMP_MAC_PCI
+               pAd->Led3 = 0xA9F8;
+#endif // RTMP_MAC_PCI //
+       }
+
+       AsicSendCommandToMcu(pAd, 0x52, 0xff, (UCHAR)pAd->Led1, (UCHAR)(pAd->Led1 >> 8));
+       AsicSendCommandToMcu(pAd, 0x53, 0xff, (UCHAR)pAd->Led2, (UCHAR)(pAd->Led2 >> 8));
+       AsicSendCommandToMcu(pAd, 0x54, 0xff, (UCHAR)pAd->Led3, (UCHAR)(pAd->Led3 >> 8));
+       AsicSendCommandToMcu(pAd, 0x51, 0xff, 0, pAd->LedCntl.field.Polarity);
+
+       pAd->LedIndicatorStrength = 0xFF;
+       RTMPSetSignalLED(pAd, -100);    // Force signal strength Led to be turned off, before link up
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Read Hardware controlled Radio state enable bit
+               if (NicConfig2.field.HardwareRadioControl == 1)
+               {
+                       pAd->StaCfg.bHardwareRadio = TRUE;
+
+                       // Read GPIO pin2 as Hardware controlled radio state
+                       RTMP_IO_READ32(pAd, GPIO_CTRL_CFG, &data);
+                       if ((data & 0x04) == 0)
+                       {
+                               pAd->StaCfg.bHwRadio = FALSE;
+                               pAd->StaCfg.bRadio = FALSE;
+//                             RTMP_IO_WRITE32(pAd, PWR_PIN_CFG, 0x00001818);
+                               RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+                       }
+               }
+               else
+                       pAd->StaCfg.bHardwareRadio = FALSE;
+
+               if (pAd->StaCfg.bRadio == FALSE)
+               {
+                       RTMPSetLED(pAd, LED_RADIO_OFF);
+               }
+               else
+               {
+                       RTMPSetLED(pAd, LED_RADIO_ON);
+#ifdef RTMP_MAC_PCI
+#ifdef RT3090
+                       AsicSendCommandToMcu(pAd, 0x30, PowerRadioOffCID, 0xff, 0x02);
+                       AsicCheckCommanOk(pAd, PowerRadioOffCID);
+#endif // RT3090 //
+#ifndef RT3090
+                       AsicSendCommandToMcu(pAd, 0x30, 0xff, 0xff, 0x02);
+#endif // RT3090 //
+                       AsicSendCommandToMcu(pAd, 0x31, PowerWakeCID, 0x00, 0x00);
+                       // 2-1. wait command ok.
+                       AsicCheckCommanOk(pAd, PowerWakeCID);
+#endif // RTMP_MAC_PCI //
+               }
+       }
+#ifdef RTMP_MAC_PCI
+#ifdef RT30xx
+               if (IS_RT3090(pAd)|| IS_RT3572(pAd) || IS_RT3390(pAd))
+               {
+                       RTMP_CHIP_OP *pChipOps = &pAd->chipOps;
+                       if (pChipOps->AsicReverseRfFromSleepMode)
+                               pChipOps->AsicReverseRfFromSleepMode(pAd);
+               }
+               // 3090 MCU Wakeup command needs more time to be stable.
+               // Before stable, don't issue other MCU command to prevent from firmware error.
+
+               if ((IS_RT3090(pAd)|| IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)
+                       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+                       && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("%s::%d,release Mcu Lock\n",__FUNCTION__,__LINE__));
+                       RTMP_SEM_LOCK(&pAd->McuCmdLock);
+                       pAd->brt30xxBanMcuCmd = FALSE;
+                       RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+               }
+#endif // RT30xx //
+#endif // RTMP_MAC_PCI //
+#endif // CONFIG_STA_SUPPORT //
+
+       // Turn off patching for cardbus controller
+       if (NicConfig2.field.CardbusAcceleration == 1)
+       {
+//             pAd->bTest1 = TRUE;
+       }
+
+       if (NicConfig2.field.DynamicTxAgcControl == 1)
+               pAd->bAutoTxAgcA = pAd->bAutoTxAgcG = TRUE;
+       else
+               pAd->bAutoTxAgcA = pAd->bAutoTxAgcG = FALSE;
+       //
+       // Since BBP has been progamed, to make sure BBP setting will be
+       // upate inside of AsicAntennaSelect, so reset to UNKNOWN_BAND!!
+       //
+       pAd->CommonCfg.BandState = UNKNOWN_BAND;
+
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BBPR3);
+       BBPR3 &= (~0x18);
+       if(pAd->Antenna.field.RxPath == 3)
+       {
+               BBPR3 |= (0x10);
+       }
+       else if(pAd->Antenna.field.RxPath == 2)
+       {
+               BBPR3 |= (0x8);
+       }
+       else if(pAd->Antenna.field.RxPath == 1)
+       {
+               BBPR3 |= (0x0);
+       }
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BBPR3);
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Handle the difference when 1T
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &BBPR1);
+               if(pAd->Antenna.field.TxPath == 1)
+               {
+               BBPR1 &= (~0x18);
+               }
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, BBPR1);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Use Hw Radio Control Pin=%d; if used Pin=%d;\n",
+                                       pAd->CommonCfg.bHardwareRadio, pAd->CommonCfg.bHardwareRadio));
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("TxPath = %d, RxPath = %d, RFIC=%d, Polar+LED mode=%x\n",
+                               pAd->Antenna.field.TxPath, pAd->Antenna.field.RxPath,
+                               pAd->RfIcType, pAd->LedCntl.word));
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- NICInitAsicFromEEPROM\n"));
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Initialize NIC hardware
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS    NICInitializeAdapter(
+       IN      PRTMP_ADAPTER   pAd,
+       IN   BOOLEAN    bHardReset)
+{
+       NDIS_STATUS     Status = NDIS_STATUS_SUCCESS;
+       WPDMA_GLO_CFG_STRUC     GloCfg;
+#ifdef RTMP_MAC_PCI
+       UINT32                  Value;
+       DELAY_INT_CFG_STRUC     IntCfg;
+#endif // RTMP_MAC_PCI //
+//     INT_MASK_CSR_STRUC              IntMask;
+       ULONG   i =0, j=0;
+       AC_TXOP_CSR0_STRUC      csr0;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> NICInitializeAdapter\n"));
+
+       // 3. Set DMA global configuration except TX_DMA_EN and RX_DMA_EN bits:
+retry:
+       i = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+               if ((GloCfg.field.TxDMABusy == 0)  && (GloCfg.field.RxDMABusy == 0))
+                       break;
+
+               RTMPusecDelay(1000);
+               i++;
+       }while ( i<100);
+       DBGPRINT(RT_DEBUG_TRACE, ("<== DMA offset 0x208 = 0x%x\n", GloCfg.word));
+       GloCfg.word &= 0xff0;
+       GloCfg.field.EnTXWriteBackDDONE =1;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+
+       // Record HW Beacon offset
+       pAd->BeaconOffset[0] = HW_BEACON_BASE0;
+       pAd->BeaconOffset[1] = HW_BEACON_BASE1;
+       pAd->BeaconOffset[2] = HW_BEACON_BASE2;
+       pAd->BeaconOffset[3] = HW_BEACON_BASE3;
+       pAd->BeaconOffset[4] = HW_BEACON_BASE4;
+       pAd->BeaconOffset[5] = HW_BEACON_BASE5;
+       pAd->BeaconOffset[6] = HW_BEACON_BASE6;
+       pAd->BeaconOffset[7] = HW_BEACON_BASE7;
+
+       //
+       // write all shared Ring's base address into ASIC
+       //
+
+       // asic simulation sequence put this ahead before loading firmware.
+       // pbf hardware reset
+#ifdef RTMP_MAC_PCI
+       RTMP_IO_WRITE32(pAd, WPDMA_RST_IDX, 0x1003f);   // 0x10000 for reset rx, 0x3f resets all 6 tx rings.
+       RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0xe1f);
+       RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0xe00);
+#endif // RTMP_MAC_PCI //
+
+       // Initialze ASIC for TX & Rx operation
+       if (NICInitializeAsic(pAd , bHardReset) != NDIS_STATUS_SUCCESS)
+       {
+               if (j++ == 0)
+               {
+                       NICLoadFirmware(pAd);
+                       goto retry;
+               }
+               return NDIS_STATUS_FAILURE;
+       }
+
+
+#ifdef RTMP_MAC_PCI
+       // Write AC_BK base address register
+       Value = RTMP_GetPhysicalAddressLow(pAd->TxRing[QID_AC_BK].Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR1, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR1 : 0x%x\n", Value));
+
+       // Write AC_BE base address register
+       Value = RTMP_GetPhysicalAddressLow(pAd->TxRing[QID_AC_BE].Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR0, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR0 : 0x%x\n", Value));
+
+       // Write AC_VI base address register
+       Value = RTMP_GetPhysicalAddressLow(pAd->TxRing[QID_AC_VI].Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR2, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR2 : 0x%x\n", Value));
+
+       // Write AC_VO base address register
+       Value = RTMP_GetPhysicalAddressLow(pAd->TxRing[QID_AC_VO].Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR3, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR3 : 0x%x\n", Value));
+
+       // Write HCCA base address register
+       /*
+       Value = RTMP_GetPhysicalAddressLow(pAd->TxRing[QID_HCCA].Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR4, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR4 : 0x%x\n", Value));
+       */
+
+       // Write MGMT_BASE_CSR register
+       Value = RTMP_GetPhysicalAddressLow(pAd->MgmtRing.Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, TX_BASE_PTR5, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> TX_BASE_PTR5 : 0x%x\n", Value));
+
+       // Write RX_BASE_CSR register
+       Value = RTMP_GetPhysicalAddressLow(pAd->RxRing.Cell[0].AllocPa);
+       RTMP_IO_WRITE32(pAd, RX_BASE_PTR, Value);
+       DBGPRINT(RT_DEBUG_TRACE, ("--> RX_BASE_PTR : 0x%x\n", Value));
+
+       // Init RX Ring index pointer
+       pAd->RxRing.RxSwReadIdx = 0;
+       pAd->RxRing.RxCpuIdx = RX_RING_SIZE-1;
+       RTMP_IO_WRITE32(pAd, RX_CRX_IDX, pAd->RxRing.RxCpuIdx);
+
+       // Init TX rings index pointer
+       {
+               for (i=0; i<NUM_OF_TX_RING; i++)
+               {
+                       pAd->TxRing[i].TxSwFreeIdx = 0;
+                       pAd->TxRing[i].TxCpuIdx = 0;
+                       RTMP_IO_WRITE32(pAd, (TX_CTX_IDX0 + i * 0x10) ,  pAd->TxRing[i].TxCpuIdx);
+               }
+       }
+
+       // init MGMT ring index pointer
+       pAd->MgmtRing.TxSwFreeIdx = 0;
+       pAd->MgmtRing.TxCpuIdx = 0;
+       RTMP_IO_WRITE32(pAd, TX_MGMTCTX_IDX,  pAd->MgmtRing.TxCpuIdx);
+
+       //
+       // set each Ring's SIZE  into ASIC. Descriptor Size is fixed by design.
+       //
+
+       // Write TX_RING_CSR0 register
+       Value = TX_RING_SIZE;
+       RTMP_IO_WRITE32(pAd, TX_MAX_CNT0, Value);
+       RTMP_IO_WRITE32(pAd, TX_MAX_CNT1, Value);
+       RTMP_IO_WRITE32(pAd, TX_MAX_CNT2, Value);
+       RTMP_IO_WRITE32(pAd, TX_MAX_CNT3, Value);
+       RTMP_IO_WRITE32(pAd, TX_MAX_CNT4, Value);
+       Value = MGMT_RING_SIZE;
+       RTMP_IO_WRITE32(pAd, TX_MGMTMAX_CNT, Value);
+
+       // Write RX_RING_CSR register
+       Value = RX_RING_SIZE;
+       RTMP_IO_WRITE32(pAd, RX_MAX_CNT, Value);
+#endif // RTMP_MAC_PCI //
+
+
+       // WMM parameter
+       csr0.word = 0;
+       RTMP_IO_WRITE32(pAd, WMM_TXOP0_CFG, csr0.word);
+       if (pAd->CommonCfg.PhyMode == PHY_11B)
+       {
+               csr0.field.Ac0Txop = 192;       // AC_VI: 192*32us ~= 6ms
+               csr0.field.Ac1Txop = 96;        // AC_VO: 96*32us  ~= 3ms
+       }
+       else
+       {
+               csr0.field.Ac0Txop = 96;        // AC_VI: 96*32us ~= 3ms
+               csr0.field.Ac1Txop = 48;        // AC_VO: 48*32us ~= 1.5ms
+       }
+       RTMP_IO_WRITE32(pAd, WMM_TXOP1_CFG, csr0.word);
+
+
+#ifdef RTMP_MAC_PCI
+       // 3. Set DMA global configuration except TX_DMA_EN and RX_DMA_EN bits:
+       i = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);
+               if ((GloCfg.field.TxDMABusy == 0)  && (GloCfg.field.RxDMABusy == 0))
+                       break;
+
+               RTMPusecDelay(1000);
+               i++;
+       }while ( i < 100);
+
+       GloCfg.word &= 0xff0;
+       GloCfg.field.EnTXWriteBackDDONE =1;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);
+
+       IntCfg.word = 0;
+       RTMP_IO_WRITE32(pAd, DELAY_INT_CFG, IntCfg.word);
+#endif // RTMP_MAC_PCI //
+
+
+       // reset action
+       // Load firmware
+       //  Status = NICLoadFirmware(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- NICInitializeAdapter\n"));
+       return Status;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Initialize ASIC
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS    NICInitializeAsic(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  BOOLEAN             bHardReset)
+{
+       ULONG                   Index = 0;
+       UCHAR                   R0 = 0xff;
+       UINT32                  MacCsr12 = 0, Counter = 0;
+#ifdef RT30xx
+       UCHAR                   bbpreg=0;
+       UCHAR                   RFValue=0;
+#endif // RT30xx //
+       USHORT                  KeyIdx;
+       INT                             i,apidx;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> NICInitializeAsic\n"));
+
+#ifdef RTMP_MAC_PCI
+       RTMP_IO_WRITE32(pAd, PWR_PIN_CFG, 0x3); // To fix driver disable/enable hang issue when radio off
+       if (bHardReset == TRUE)
+       {
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x3);
+       }
+       else
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x1);
+
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x0);
+       // Initialize MAC register to default value
+       for (Index = 0; Index < NUM_MAC_REG_PARMS; Index++)
+       {
+#ifdef RT30xx
+               if ((MACRegTable[Index].Register == TX_SW_CFG0) && ( IS_RT3090(pAd) ||  IS_RT3390(pAd)))
+               {
+                       MACRegTable[Index].Value = 0x00000400;
+               }
+#endif // RT30xx //
+               RTMP_IO_WRITE32(pAd, MACRegTable[Index].Register, MACRegTable[Index].Value);
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               for (Index = 0; Index < NUM_STA_MAC_REG_PARMS; Index++)
+               {
+                       RTMP_IO_WRITE32(pAd, STAMACRegTable[Index].Register, STAMACRegTable[Index].Value);
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+#endif // RTMP_MAC_PCI //
+
+
+#ifdef RT30xx
+       // Initialize RT3070 serial MAC registers which is different from RT2870 serial
+       if (IS_RT3090(pAd) || IS_RT3572(pAd)||IS_RT3390(pAd))
+       {
+               RTMP_IO_WRITE32(pAd, TX_SW_CFG1, 0);
+
+               // RT3071 version E has fixed this issue
+               if ((pAd->MACVersion & 0xffff) < 0x0211)
+               {
+                       if (pAd->NicConfig2.field.DACTestBit == 1)
+                       {
+                               RTMP_IO_WRITE32(pAd, TX_SW_CFG2, 0x2C); // To fix throughput drop drastically
+                       }
+                       else
+                       {
+                               RTMP_IO_WRITE32(pAd, TX_SW_CFG2, 0x0F); // To fix throughput drop drastically
+                       }
+               }
+               else
+               {
+                       RTMP_IO_WRITE32(pAd, TX_SW_CFG2, 0x0);
+               }
+       }
+       else if (IS_RT3070(pAd))
+       {
+               if (((pAd->MACVersion & 0xffff) < 0x0201))
+               {
+                       RTMP_IO_WRITE32(pAd, TX_SW_CFG1, 0);
+                       RTMP_IO_WRITE32(pAd, TX_SW_CFG2, 0x2C); // To fix throughput drop drastically
+               }
+               else
+               {
+                       RTMP_IO_WRITE32(pAd, TX_SW_CFG2, 0);
+               }
+       }
+#endif // RT30xx //
+
+       //
+       // Before program BBP, we need to wait BBP/RF get wake up.
+       //
+       Index = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, MAC_STATUS_CFG, &MacCsr12);
+
+               if ((MacCsr12 & 0x03) == 0)     // if BB.RF is stable
+                       break;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("Check MAC_STATUS_CFG  = Busy = %x\n", MacCsr12));
+               RTMPusecDelay(1000);
+       } while (Index++ < 100);
+
+       // The commands to firmware should be after these commands, these commands will init firmware
+       // PCI and USB are not the same because PCI driver needs to wait for PCI bus ready
+       RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, 0); // initialize BBP R/W access agent
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CSR, 0);
+#ifdef RT3090
+       //2008/11/28:KH add to fix the dead rf frequency offset bug<--
+       AsicSendCommandToMcu(pAd, 0x72, 0, 0, 0);
+       //2008/11/28:KH add to fix the dead rf frequency offset bug-->
+#endif // RT3090 //
+       RTMPusecDelay(1000);
+
+       // Read BBP register, make sure BBP is up and running before write new data
+       Index = 0;
+       do
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R0, &R0);
+               DBGPRINT(RT_DEBUG_TRACE, ("BBP version = %x\n", R0));
+       } while ((++Index < 20) && ((R0 == 0xff) || (R0 == 0x00)));
+       //ASSERT(Index < 20); //this will cause BSOD on Check-build driver
+
+       if ((R0 == 0xff) || (R0 == 0x00))
+               return NDIS_STATUS_FAILURE;
+
+       // Initialize BBP register to default value
+       for (Index = 0; Index < NUM_BBP_REG_PARMS; Index++)
+       {
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBPRegTable[Index].Register, BBPRegTable[Index].Value);
+       }
+
+#ifdef RTMP_MAC_PCI
+       // TODO: shiang, check MACVersion, currently, rbus-based chip use this.
+       if (pAd->MACVersion == 0x28720200)
+       {
+               //UCHAR value;
+               ULONG value2;
+
+               //disable MLD by Bruce 20080704
+               //BBP_IO_READ8_BY_REG_ID(pAd, BBP_R105, &value);
+               //BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R105, value | 4);
+
+               //Maximum PSDU length from 16K to 32K bytes
+               RTMP_IO_READ32(pAd, MAX_LEN_CFG, &value2);
+               value2 &= ~(0x3<<12);
+               value2 |= (0x2<<12);
+               RTMP_IO_WRITE32(pAd, MAX_LEN_CFG, value2);
+       }
+#endif // RTMP_MAC_PCI //
+
+       // for rt2860E and after, init BBP_R84 with 0x19. This is for extension channel overlapping IOT.
+       // RT3090 should not program BBP R84 to 0x19, otherwise TX will block.
+       //3070/71/72,3090,3090A( are included in RT30xx),3572,3390
+       if (((pAd->MACVersion & 0xffff) != 0x0101) && !(IS_RT30xx(pAd)|| IS_RT3572(pAd) || IS_RT3390(pAd)))
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R84, 0x19);
+
+#ifdef RT30xx
+// add by johnli, RF power sequence setup
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd))
+       {       //update for RT3070/71/72/90/91/92,3572,3390.
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R79, 0x13);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R80, 0x05);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R81, 0x33);
+       }
+
+       if (IS_RT3090(pAd)||IS_RT3390(pAd))     // RT309x, RT3071/72
+       {
+               // enable DC filter
+               if ((pAd->MACVersion & 0xffff) >= 0x0211)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R103, 0xc0);
+               }
+
+               // improve power consumption
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R138, &bbpreg);
+               if (pAd->Antenna.field.TxPath == 1)
+               {
+                       // turn off tx DAC_1
+                       bbpreg = (bbpreg | 0x20);
+               }
+
+               if (pAd->Antenna.field.RxPath == 1)
+               {
+                       // turn off tx ADC_1
+                       bbpreg &= (~0x2);
+               }
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R138, bbpreg);
+
+               // improve power consumption in RT3071 Ver.E
+               if ((pAd->MACVersion & 0xffff) >= 0x0211)
+               {
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R31, &bbpreg);
+                       bbpreg &= (~0x3);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R31, bbpreg);
+               }
+       }
+       else if (IS_RT3070(pAd))
+       {
+               if ((pAd->MACVersion & 0xffff) >= 0x0201)
+               {
+                       // enable DC filter
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R103, 0xc0);
+
+                       // improve power consumption in RT3070 Ver.F
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R31, &bbpreg);
+                       bbpreg &= (~0x3);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R31, bbpreg);
+               }
+
+               // TX_LO1_en, RF R17 register Bit 3 to 0
+               RT30xxReadRFRegister(pAd, RF_R17, &RFValue);
+               RFValue &= (~0x08);
+               // to fix rx long range issue
+               if (pAd->NicConfig2.field.ExternalLNAForG == 0)
+               {
+                       RFValue |= 0x20;
+               }
+               // set RF_R17_bit[2:0] equal to EEPROM setting at 0x48h
+               if (pAd->TxMixerGain24G >= 1)
+               {
+                       RFValue &= (~0x7);  // clean bit [2:0]
+                       RFValue |= pAd->TxMixerGain24G;
+               }
+               RT30xxWriteRFRegister(pAd, RF_R17, RFValue);
+       }
+// end johnli
+#endif // RT30xx //
+
+       if (pAd->MACVersion == 0x28600100)
+       {
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, 0x16);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, 0x12);
+       }
+
+       if (pAd->MACVersion >= RALINK_2880E_VERSION && pAd->MACVersion < RALINK_3070_VERSION) // 3*3
+       {
+               // enlarge MAX_LEN_CFG
+               UINT32 csr;
+               RTMP_IO_READ32(pAd, MAX_LEN_CFG, &csr);
+               csr &= 0xFFF;
+               csr |= 0x2000;
+               RTMP_IO_WRITE32(pAd, MAX_LEN_CFG, csr);
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       // Add radio off control
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (pAd->StaCfg.bRadio == FALSE)
+               {
+//                     RTMP_IO_WRITE32(pAd, PWR_PIN_CFG, 0x00001818);
+                       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set Radio Off\n"));
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Clear raw counters
+       RTMP_IO_READ32(pAd, RX_STA_CNT0, &Counter);
+       RTMP_IO_READ32(pAd, RX_STA_CNT1, &Counter);
+       RTMP_IO_READ32(pAd, RX_STA_CNT2, &Counter);
+       RTMP_IO_READ32(pAd, TX_STA_CNT0, &Counter);
+       RTMP_IO_READ32(pAd, TX_STA_CNT1, &Counter);
+       RTMP_IO_READ32(pAd, TX_STA_CNT2, &Counter);
+
+       // ASIC will keep garbage value after boot
+       // Clear all shared key table when initial
+       // This routine can be ignored in radio-ON/OFF operation.
+       if (bHardReset)
+       {
+               for (KeyIdx = 0; KeyIdx < 4; KeyIdx++)
+               {
+                       RTMP_IO_WRITE32(pAd, SHARED_KEY_MODE_BASE + 4*KeyIdx, 0);
+               }
+
+               // Clear all pairwise key table when initial
+               for (KeyIdx = 0; KeyIdx < 256; KeyIdx++)
+               {
+                       RTMP_IO_WRITE32(pAd, MAC_WCID_ATTRIBUTE_BASE + (KeyIdx * HW_WCID_ATTRI_SIZE), 1);
+               }
+       }
+
+       // assert HOST ready bit
+//  RTMP_IO_WRITE32(pAd, MAC_CSR1, 0x0); // 2004-09-14 asked by Mark
+//  RTMP_IO_WRITE32(pAd, MAC_CSR1, 0x4);
+
+       // It isn't necessary to clear this space when not hard reset.
+       if (bHardReset == TRUE)
+       {
+               // clear all on-chip BEACON frame space
+               for (apidx = 0; apidx < HW_BEACON_MAX_COUNT; apidx++)
+               {
+                       for (i = 0; i < HW_BEACON_OFFSET>>2; i+=4)
+                               RTMP_IO_WRITE32(pAd, pAd->BeaconOffset[apidx] + i, 0x00);
+               }
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // for rt2860E and after, init TXOP_CTRL_CFG with 0x583f. This is for extension channel overlapping IOT.
+               if ((pAd->MACVersion&0xffff) != 0x0101)
+                       RTMP_IO_WRITE32(pAd, TXOP_CTRL_CFG, 0x583f);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef RT30xx
+#ifdef NEW_FW
+       if (IS_RT3070(pAd) ||  IS_RT3572(pAd)||IS_RT3390(pAd)||IS_RT3090(pAd))
+       {
+               // send 0x36 mcu command after 0x72 for RT3xxx to fix Radio-Off current leakage issue
+               RTMPusecDelay(200);
+               if (pAd->buseEfuse)
+                       AsicSendCommandToMcu(pAd, 0x36, 0xff, 0xff, 0);
+               else
+                       AsicSendCommandToMcu(pAd, 0x36, 0xff, 0xff, 0x04);
+               RTMPusecDelay(10);
+       }
+#endif // NEW_FW //
+#endif // RT30xx //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- NICInitializeAsic\n"));
+       return NDIS_STATUS_SUCCESS;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Reset NIC Asics
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+               Reset NIC to initial state AS IS system boot up time.
+
+       ========================================================================
+*/
+VOID   NICIssueReset(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       UINT32  Value = 0;
+       DBGPRINT(RT_DEBUG_TRACE, ("--> NICIssueReset\n"));
+
+       // Abort Tx, prevent ASIC from writing to Host memory
+       //RTMP_IO_WRITE32(pAd, TX_CNTL_CSR, 0x001f0000);
+
+       // Disable Rx, register value supposed will remain after reset
+       RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+       Value &= (0xfffffff3);
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+       // Issue reset and clear from reset state
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x03); // 2004-09-17 change from 0x01
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x00);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- NICIssueReset\n"));
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Check ASIC registers and find any reason the system might hang
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+BOOLEAN        NICCheckForHang(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       return (FALSE);
+}
+
+VOID NICUpdateFifoStaCounters(
+       IN PRTMP_ADAPTER pAd)
+{
+       TX_STA_FIFO_STRUC       StaFifo;
+       MAC_TABLE_ENTRY         *pEntry;
+       UCHAR                           i = 0;
+       UCHAR                   pid = 0, wcid = 0;
+       CHAR                            reTry;
+       UCHAR                           succMCS;
+
+#ifdef RALINK_ATE
+       /* Nothing to do in ATE mode */
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+               do
+               {
+                       RTMP_IO_READ32(pAd, TX_STA_FIFO, &StaFifo.word);
+
+                       if (StaFifo.field.bValid == 0)
+                               break;
+
+                       wcid = (UCHAR)StaFifo.field.wcid;
+
+
+               /* ignore NoACK and MGMT frame use 0xFF as WCID */
+                       if ((StaFifo.field.TxAckRequired == 0) || (wcid >= MAX_LEN_OF_MAC_TABLE))
+                       {
+                               i++;
+                               continue;
+                       }
+
+                       /* PID store Tx MCS Rate */
+                       pid = (UCHAR)StaFifo.field.PidType;
+
+                       pEntry = &pAd->MacTab.Content[wcid];
+
+                       pEntry->DebugFIFOCount++;
+
+#ifdef DOT11_N_SUPPORT
+                       if (StaFifo.field.TxBF) // 3*3
+                               pEntry->TxBFCount++;
+#endif // DOT11_N_SUPPORT //
+
+#ifdef UAPSD_AP_SUPPORT
+                       UAPSD_SP_AUE_Handle(pAd, pEntry, StaFifo.field.TxSuccess);
+#endif // UAPSD_AP_SUPPORT //
+
+                       if (!StaFifo.field.TxSuccess)
+                       {
+                               pEntry->FIFOCount++;
+                               pEntry->OneSecTxFailCount++;
+
+                               if (pEntry->FIFOCount >= 1)
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("#"));
+#ifdef DOT11_N_SUPPORT
+                                       pEntry->NoBADataCountDown = 64;
+#endif // DOT11_N_SUPPORT //
+
+                                       if(pEntry->PsMode == PWR_ACTIVE)
+                                       {
+#ifdef DOT11_N_SUPPORT
+                                               int tid;
+                                               for (tid=0; tid<NUM_OF_TID; tid++)
+                                               {
+                                                       BAOriSessionTearDown(pAd, pEntry->Aid,  tid, FALSE, FALSE);
+                                               }
+#endif // DOT11_N_SUPPORT //
+
+                                               // Update the continuous transmission counter except PS mode
+                                               pEntry->ContinueTxFailCnt++;
+
+#ifdef WDS_SUPPORT
+                                               // fix WDS Jam issue
+                                               if((pEntry->ValidAsWDS == TRUE)
+                                                       && (pEntry->LockEntryTx == FALSE)
+                                                       && (pEntry->ContinueTxFailCnt >= pAd->ApCfg.EntryLifeCheck))
+                                               {
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("Entry %02x:%02x:%02x:%02x:%02x:%02x Blocked!! (Fail Cnt = %d)\n",
+                                                               pEntry->Addr[0],pEntry->Addr[1],pEntry->Addr[2],pEntry->Addr[3],
+                                                               pEntry->Addr[4],pEntry->Addr[5],pEntry->ContinueTxFailCnt ));
+
+                                                       pEntry->LockEntryTx = TRUE;
+                                               }
+#endif // WDS_SUPPORT //
+                                       }
+                                       else
+                                       {
+                                               // Clear the FIFOCount when sta in Power Save mode. Basically we assume
+                                               //     this tx error happened due to sta just go to sleep.
+                                               pEntry->FIFOCount = 0;
+                                               pEntry->ContinueTxFailCnt = 0;
+                                       }
+                                       //pEntry->FIFOCount = 0;
+                               }
+                               //pEntry->bSendBAR = TRUE;
+                       }
+                       else
+                       {
+#ifdef DOT11_N_SUPPORT
+                               if ((pEntry->PsMode != PWR_SAVE) && (pEntry->NoBADataCountDown > 0))
+                               {
+                                       pEntry->NoBADataCountDown--;
+                                       if (pEntry->NoBADataCountDown==0)
+                                       {
+                                               DBGPRINT(RT_DEBUG_TRACE, ("@\n"));
+                                       }
+                               }
+#endif // DOT11_N_SUPPORT //
+                               pEntry->FIFOCount = 0;
+                               pEntry->OneSecTxNoRetryOkCount++;
+                               // update NoDataIdleCount when sucessful send packet to STA.
+                               pEntry->NoDataIdleCount = 0;
+                               pEntry->ContinueTxFailCnt = 0;
+#ifdef WDS_SUPPORT
+                               pEntry->LockEntryTx = FALSE;
+#endif // WDS_SUPPORT //
+                       }
+
+                       succMCS = StaFifo.field.SuccessRate & 0x7F;
+
+                       reTry = pid - succMCS;
+
+                       if (StaFifo.field.TxSuccess)
+                       {
+                               pEntry->TXMCSExpected[pid]++;
+                               if (pid == succMCS)
+                               {
+                                       pEntry->TXMCSSuccessful[pid]++;
+                               }
+                               else
+                               {
+                                       pEntry->TXMCSAutoFallBack[pid][succMCS]++;
+                               }
+                       }
+                       else
+                       {
+                               pEntry->TXMCSFailed[pid]++;
+                       }
+
+                       if (reTry > 0)
+                       {
+                               if ((pid >= 12) && succMCS <=7)
+                               {
+                                       reTry -= 4;
+                               }
+                               pEntry->OneSecTxRetryOkCount += reTry;
+                       }
+
+                       i++;
+                       // ASIC store 16 stack
+               } while ( i < (TX_RING_SIZE<<1) );
+
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Read statistical counters from hardware registers and record them
+               in software variables for later on query
+
+       Arguments:
+               pAd                                     Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID NICUpdateRawCounters(
+       IN PRTMP_ADAPTER pAd)
+{
+       UINT32  OldValue;//, Value2;
+       //ULONG PageSum, OneSecTransmitCount;
+       //ULONG TxErrorRatio, Retry, Fail;
+       RX_STA_CNT0_STRUC        RxStaCnt0;
+       RX_STA_CNT1_STRUC   RxStaCnt1;
+       RX_STA_CNT2_STRUC   RxStaCnt2;
+       TX_STA_CNT0_STRUC        TxStaCnt0;
+       TX_STA_CNT1_STRUC        StaTx1;
+       TX_STA_CNT2_STRUC        StaTx2;
+       TX_AGG_CNT_STRUC        TxAggCnt;
+       TX_AGG_CNT0_STRUC       TxAggCnt0;
+       TX_AGG_CNT1_STRUC       TxAggCnt1;
+       TX_AGG_CNT2_STRUC       TxAggCnt2;
+       TX_AGG_CNT3_STRUC       TxAggCnt3;
+       TX_AGG_CNT4_STRUC       TxAggCnt4;
+       TX_AGG_CNT5_STRUC       TxAggCnt5;
+       TX_AGG_CNT6_STRUC       TxAggCnt6;
+       TX_AGG_CNT7_STRUC       TxAggCnt7;
+       COUNTER_RALINK          *pRalinkCounters;
+
+
+       pRalinkCounters = &pAd->RalinkCounters;
+
+       RTMP_IO_READ32(pAd, RX_STA_CNT0, &RxStaCnt0.word);
+       RTMP_IO_READ32(pAd, RX_STA_CNT2, &RxStaCnt2.word);
+
+       {
+               RTMP_IO_READ32(pAd, RX_STA_CNT1, &RxStaCnt1.word);
+           // Update RX PLCP error counter
+           pAd->PrivateInfo.PhyRxErrCnt += RxStaCnt1.field.PlcpErr;
+               // Update False CCA counter
+               pAd->RalinkCounters.OneSecFalseCCACnt += RxStaCnt1.field.FalseCca;
+       }
+
+       // Update FCS counters
+       OldValue= pAd->WlanCounters.FCSErrorCount.u.LowPart;
+       pAd->WlanCounters.FCSErrorCount.u.LowPart += (RxStaCnt0.field.CrcErr); // >> 7);
+       if (pAd->WlanCounters.FCSErrorCount.u.LowPart < OldValue)
+               pAd->WlanCounters.FCSErrorCount.u.HighPart++;
+
+       // Add FCS error count to private counters
+       pRalinkCounters->OneSecRxFcsErrCnt += RxStaCnt0.field.CrcErr;
+       OldValue = pRalinkCounters->RealFcsErrCount.u.LowPart;
+       pRalinkCounters->RealFcsErrCount.u.LowPart += RxStaCnt0.field.CrcErr;
+       if (pRalinkCounters->RealFcsErrCount.u.LowPart < OldValue)
+               pRalinkCounters->RealFcsErrCount.u.HighPart++;
+
+       // Update Duplicate Rcv check
+       pRalinkCounters->DuplicateRcv += RxStaCnt2.field.RxDupliCount;
+       pAd->WlanCounters.FrameDuplicateCount.u.LowPart += RxStaCnt2.field.RxDupliCount;
+       // Update RX Overflow counter
+       pAd->Counters8023.RxNoBuffer += (RxStaCnt2.field.RxFifoOverflowCount);
+
+       //pAd->RalinkCounters.RxCount = 0;
+
+
+       //if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED) ||
+       //      (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_TX_RATE_SWITCH_ENABLED) && (pAd->MacTab.Size != 1)))
+       if (!pAd->bUpdateBcnCntDone)
+       {
+       // Update BEACON sent count
+       RTMP_IO_READ32(pAd, TX_STA_CNT0, &TxStaCnt0.word);
+       RTMP_IO_READ32(pAd, TX_STA_CNT1, &StaTx1.word);
+       RTMP_IO_READ32(pAd, TX_STA_CNT2, &StaTx2.word);
+       pRalinkCounters->OneSecBeaconSentCnt += TxStaCnt0.field.TxBeaconCount;
+       pRalinkCounters->OneSecTxRetryOkCount += StaTx1.field.TxRetransmit;
+       pRalinkCounters->OneSecTxNoRetryOkCount += StaTx1.field.TxSuccess;
+       pRalinkCounters->OneSecTxFailCount += TxStaCnt0.field.TxFailCount;
+       pAd->WlanCounters.TransmittedFragmentCount.u.LowPart += StaTx1.field.TxSuccess;
+       pAd->WlanCounters.RetryCount.u.LowPart += StaTx1.field.TxRetransmit;
+       pAd->WlanCounters.FailedCount.u.LowPart += TxStaCnt0.field.TxFailCount;
+       }
+
+
+       //if (pAd->bStaFifoTest == TRUE)
+       {
+               RTMP_IO_READ32(pAd, TX_AGG_CNT, &TxAggCnt.word);
+       RTMP_IO_READ32(pAd, TX_AGG_CNT0, &TxAggCnt0.word);
+       RTMP_IO_READ32(pAd, TX_AGG_CNT1, &TxAggCnt1.word);
+       RTMP_IO_READ32(pAd, TX_AGG_CNT2, &TxAggCnt2.word);
+       RTMP_IO_READ32(pAd, TX_AGG_CNT3, &TxAggCnt3.word);
+               RTMP_IO_READ32(pAd, TX_AGG_CNT4, &TxAggCnt4.word);
+               RTMP_IO_READ32(pAd, TX_AGG_CNT5, &TxAggCnt5.word);
+               RTMP_IO_READ32(pAd, TX_AGG_CNT6, &TxAggCnt6.word);
+               RTMP_IO_READ32(pAd, TX_AGG_CNT7, &TxAggCnt7.word);
+               pRalinkCounters->TxAggCount += TxAggCnt.field.AggTxCount;
+               pRalinkCounters->TxNonAggCount += TxAggCnt.field.NonAggTxCount;
+               pRalinkCounters->TxAgg1MPDUCount += TxAggCnt0.field.AggSize1Count;
+               pRalinkCounters->TxAgg2MPDUCount += TxAggCnt0.field.AggSize2Count;
+
+               pRalinkCounters->TxAgg3MPDUCount += TxAggCnt1.field.AggSize3Count;
+               pRalinkCounters->TxAgg4MPDUCount += TxAggCnt1.field.AggSize4Count;
+               pRalinkCounters->TxAgg5MPDUCount += TxAggCnt2.field.AggSize5Count;
+               pRalinkCounters->TxAgg6MPDUCount += TxAggCnt2.field.AggSize6Count;
+
+               pRalinkCounters->TxAgg7MPDUCount += TxAggCnt3.field.AggSize7Count;
+               pRalinkCounters->TxAgg8MPDUCount += TxAggCnt3.field.AggSize8Count;
+               pRalinkCounters->TxAgg9MPDUCount += TxAggCnt4.field.AggSize9Count;
+               pRalinkCounters->TxAgg10MPDUCount += TxAggCnt4.field.AggSize10Count;
+
+               pRalinkCounters->TxAgg11MPDUCount += TxAggCnt5.field.AggSize11Count;
+               pRalinkCounters->TxAgg12MPDUCount += TxAggCnt5.field.AggSize12Count;
+               pRalinkCounters->TxAgg13MPDUCount += TxAggCnt6.field.AggSize13Count;
+               pRalinkCounters->TxAgg14MPDUCount += TxAggCnt6.field.AggSize14Count;
+
+               pRalinkCounters->TxAgg15MPDUCount += TxAggCnt7.field.AggSize15Count;
+               pRalinkCounters->TxAgg16MPDUCount += TxAggCnt7.field.AggSize16Count;
+
+               // Calculate the transmitted A-MPDU count
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += TxAggCnt0.field.AggSize1Count;
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt0.field.AggSize2Count / 2);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt1.field.AggSize3Count / 3);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt1.field.AggSize4Count / 4);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt2.field.AggSize5Count / 5);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt2.field.AggSize6Count / 6);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt3.field.AggSize7Count / 7);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt3.field.AggSize8Count / 8);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt4.field.AggSize9Count / 9);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt4.field.AggSize10Count / 10);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt5.field.AggSize11Count / 11);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt5.field.AggSize12Count / 12);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt6.field.AggSize13Count / 13);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt6.field.AggSize14Count / 14);
+
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt7.field.AggSize15Count / 15);
+               pRalinkCounters->TransmittedAMPDUCount.u.LowPart += (TxAggCnt7.field.AggSize16Count / 16);
+       }
+
+#ifdef DBG_DIAGNOSE
+       {
+               RtmpDiagStruct  *pDiag;
+               UCHAR                   ArrayCurIdx, i;
+
+               pDiag = &pAd->DiagStruct;
+               ArrayCurIdx = pDiag->ArrayCurIdx;
+
+               if (pDiag->inited == 0)
+               {
+                       NdisZeroMemory(pDiag, sizeof(struct _RtmpDiagStrcut_));
+                       pDiag->ArrayStartIdx = pDiag->ArrayCurIdx = 0;
+                       pDiag->inited = 1;
+               }
+               else
+               {
+                       // Tx
+                       pDiag->TxFailCnt[ArrayCurIdx] = TxStaCnt0.field.TxFailCount;
+                       pDiag->TxAggCnt[ArrayCurIdx] = TxAggCnt.field.AggTxCount;
+                       pDiag->TxNonAggCnt[ArrayCurIdx] = TxAggCnt.field.NonAggTxCount;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][0] = TxAggCnt0.field.AggSize1Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][1] = TxAggCnt0.field.AggSize2Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][2] = TxAggCnt1.field.AggSize3Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][3] = TxAggCnt1.field.AggSize4Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][4] = TxAggCnt2.field.AggSize5Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][5] = TxAggCnt2.field.AggSize6Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][6] = TxAggCnt3.field.AggSize7Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][7] = TxAggCnt3.field.AggSize8Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][8] = TxAggCnt4.field.AggSize9Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][9] = TxAggCnt4.field.AggSize10Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][10] = TxAggCnt5.field.AggSize11Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][11] = TxAggCnt5.field.AggSize12Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][12] = TxAggCnt6.field.AggSize13Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][13] = TxAggCnt6.field.AggSize14Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][14] = TxAggCnt7.field.AggSize15Count;
+                       pDiag->TxAMPDUCnt[ArrayCurIdx][15] = TxAggCnt7.field.AggSize16Count;
+
+                       pDiag->RxCrcErrCnt[ArrayCurIdx] = RxStaCnt0.field.CrcErr;
+
+                       INC_RING_INDEX(pDiag->ArrayCurIdx,  DIAGNOSE_TIME);
+                       ArrayCurIdx = pDiag->ArrayCurIdx;
+                       for (i =0; i < 9; i++)
+                       {
+                               pDiag->TxDescCnt[ArrayCurIdx][i]= 0;
+                               pDiag->TxSWQueCnt[ArrayCurIdx][i] =0;
+                               pDiag->TxMcsCnt[ArrayCurIdx][i] = 0;
+                               pDiag->RxMcsCnt[ArrayCurIdx][i] = 0;
+                       }
+                       pDiag->TxDataCnt[ArrayCurIdx] = 0;
+                       pDiag->TxFailCnt[ArrayCurIdx] = 0;
+                       pDiag->RxDataCnt[ArrayCurIdx] = 0;
+                       pDiag->RxCrcErrCnt[ArrayCurIdx]  = 0;
+//                     for (i = 9; i < 16; i++)
+                       for (i = 9; i < 24; i++) // 3*3
+                       {
+                               pDiag->TxDescCnt[ArrayCurIdx][i] = 0;
+                               pDiag->TxMcsCnt[ArrayCurIdx][i] = 0;
+                               pDiag->RxMcsCnt[ArrayCurIdx][i] = 0;
+}
+
+                       if (pDiag->ArrayCurIdx == pDiag->ArrayStartIdx)
+                               INC_RING_INDEX(pDiag->ArrayStartIdx,  DIAGNOSE_TIME);
+               }
+
+       }
+#endif // DBG_DIAGNOSE //
+
+
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Reset NIC from error
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+               Reset NIC from error state
+
+       ========================================================================
+*/
+VOID   NICResetFromError(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       // Reset BBP (according to alex, reset ASIC will force reset BBP
+       // Therefore, skip the reset BBP
+       // RTMP_IO_WRITE32(pAd, MAC_CSR1, 0x2);
+
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x1);
+       // Remove ASIC from reset state
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0x0);
+
+       NICInitializeAdapter(pAd, FALSE);
+       NICInitAsicFromEEPROM(pAd);
+
+       // Switch to current channel, since during reset process, the connection should remains on.
+       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+       AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+}
+
+
+NDIS_STATUS NICLoadFirmware(
+       IN PRTMP_ADAPTER pAd)
+{
+       NDIS_STATUS      status = NDIS_STATUS_SUCCESS;
+       if (pAd->chipOps.loadFirmware)
+               status = pAd->chipOps.loadFirmware(pAd);
+
+       return status;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               erase 8051 firmware image in MAC ASIC
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+VOID NICEraseFirmware(
+       IN PRTMP_ADAPTER pAd)
+{
+       if (pAd->chipOps.eraseFirmware)
+               pAd->chipOps.eraseFirmware(pAd);
+
+}/* End of NICEraseFirmware */
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Load Tx rate switching parameters
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               NDIS_STATUS_SUCCESS         firmware image load ok
+               NDIS_STATUS_FAILURE         image not found
+
+       IRQL = PASSIVE_LEVEL
+
+       Rate Table Format:
+               1. (B0: Valid Item number) (B1:Initial item from zero)
+               2. Item Number(Dec)      Mode(Hex)     Current MCS(Dec)    TrainUp(Dec)    TrainDown(Dec)
+
+       ========================================================================
+*/
+NDIS_STATUS NICLoadRateSwitchingParams(
+       IN PRTMP_ADAPTER pAd)
+{
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Compare two memory block
+
+       Arguments:
+               pSrc1           Pointer to first memory address
+               pSrc2           Pointer to second memory address
+
+       Return Value:
+               0:                      memory is equal
+               1:                      pSrc1 memory is larger
+               2:                      pSrc2 memory is larger
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+ULONG  RTMPCompareMemory(
+       IN      PVOID   pSrc1,
+       IN      PVOID   pSrc2,
+       IN      ULONG   Length)
+{
+       PUCHAR  pMem1;
+       PUCHAR  pMem2;
+       ULONG   Index = 0;
+
+       pMem1 = (PUCHAR) pSrc1;
+       pMem2 = (PUCHAR) pSrc2;
+
+       for (Index = 0; Index < Length; Index++)
+       {
+               if (pMem1[Index] > pMem2[Index])
+                       return (1);
+               else if (pMem1[Index] < pMem2[Index])
+                       return (2);
+       }
+
+       // Equal
+       return (0);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Zero out memory block
+
+       Arguments:
+               pSrc1           Pointer to memory address
+               Length          Size
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPZeroMemory(
+       IN      PVOID   pSrc,
+       IN      ULONG   Length)
+{
+       PUCHAR  pMem;
+       ULONG   Index = 0;
+
+       pMem = (PUCHAR) pSrc;
+
+       for (Index = 0; Index < Length; Index++)
+       {
+               pMem[Index] = 0x00;
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Copy data from memory block 1 to memory block 2
+
+       Arguments:
+               pDest           Pointer to destination memory address
+               pSrc            Pointer to source memory address
+               Length          Copy size
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPMoveMemory(
+       OUT     PVOID   pDest,
+       IN      PVOID   pSrc,
+       IN      ULONG   Length)
+{
+       PUCHAR  pMem1;
+       PUCHAR  pMem2;
+       UINT    Index;
+
+       ASSERT((Length==0) || (pDest && pSrc));
+
+       pMem1 = (PUCHAR) pDest;
+       pMem2 = (PUCHAR) pSrc;
+
+       for (Index = 0; Index < Length; Index++)
+       {
+               pMem1[Index] = pMem2[Index];
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Initialize port configuration structure
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   UserCfgInit(
+       IN      PRTMP_ADAPTER pAd)
+{
+//     EDCA_PARM DefaultEdcaParm;
+    UINT key_index, bss_index;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("--> UserCfgInit\n"));
+
+       //
+       //  part I. intialize common configuration
+       //
+
+       for(key_index=0; key_index<SHARE_KEY_NUM; key_index++)
+       {
+               for(bss_index = 0; bss_index < MAX_MBSSID_NUM; bss_index++)
+               {
+                       pAd->SharedKey[bss_index][key_index].KeyLen = 0;
+                       pAd->SharedKey[bss_index][key_index].CipherAlg = CIPHER_NONE;
+               }
+       }
+
+       pAd->EepromAccess = FALSE;
+
+       pAd->Antenna.word = 0;
+       pAd->CommonCfg.BBPCurrentBW = BW_20;
+
+       pAd->LedCntl.word = 0;
+#ifdef RTMP_MAC_PCI
+       pAd->LedIndicatorStrength = 0;
+       pAd->RLnkCtrlOffset = 0;
+       pAd->HostLnkCtrlOffset = 0;
+#ifdef CONFIG_STA_SUPPORT
+       pAd->StaCfg.PSControl.field.EnableNewPS=TRUE;
+       pAd->CheckDmaBusyCount = 0;
+#endif // CONFIG_STA_SUPPORT //
+#endif // RTMP_MAC_PCI //
+
+       pAd->bAutoTxAgcA = FALSE;                       // Default is OFF
+       pAd->bAutoTxAgcG = FALSE;                       // Default is OFF
+       pAd->RfIcType = RFIC_2820;
+
+       // Init timer for reset complete event
+       pAd->CommonCfg.CentralChannel = 1;
+       pAd->bForcePrintTX = FALSE;
+       pAd->bForcePrintRX = FALSE;
+       pAd->bStaFifoTest = FALSE;
+       pAd->bProtectionTest = FALSE;
+       /*
+       pAd->bHCCATest = FALSE;
+       pAd->bGenOneHCCA = FALSE;
+       */
+       pAd->CommonCfg.Dsifs = 10;      // in units of usec
+       pAd->CommonCfg.TxPower = 100; //mW
+       pAd->CommonCfg.TxPowerPercentage = 0xffffffff; // AUTO
+       pAd->CommonCfg.TxPowerDefault = 0xffffffff; // AUTO
+       pAd->CommonCfg.TxPreamble = Rt802_11PreambleAuto; // use Long preamble on TX by defaut
+       pAd->CommonCfg.bUseZeroToDisableFragment = FALSE;
+       pAd->CommonCfg.RtsThreshold = 2347;
+       pAd->CommonCfg.FragmentThreshold = 2346;
+       pAd->CommonCfg.UseBGProtection = 0;    // 0: AUTO
+       pAd->CommonCfg.bEnableTxBurst = TRUE; //0;
+       pAd->CommonCfg.PhyMode = 0xff;     // unknown
+       pAd->CommonCfg.BandState = UNKNOWN_BAND;
+       pAd->CommonCfg.RadarDetect.CSPeriod = 10;
+       pAd->CommonCfg.RadarDetect.CSCount = 0;
+       pAd->CommonCfg.RadarDetect.RDMode = RD_NORMAL_MODE;
+
+
+
+#ifdef TONE_RADAR_DETECT_SUPPORT
+#ifdef CARRIER_DETECTION_SUPPORT
+       pAd->CommonCfg.CarrierDetect.delta = CARRIER_DETECT_DELTA;
+       pAd->CommonCfg.CarrierDetect.div_flag = CARRIER_DETECT_DIV_FLAG;
+       pAd->CommonCfg.CarrierDetect.criteria = CARRIER_DETECT_CRITIRIA;
+#ifdef RT3090
+       if(IS_RT3090A(pAd))
+       pAd->CommonCfg.CarrierDetect.threshold = CARRIER_DETECT_THRESHOLD_3090A;
+       else
+#endif // RT3090 //
+       pAd->CommonCfg.CarrierDetect.threshold = CARRIER_DETECT_THRESHOLD;
+#endif // CARRIER_DETECTION_SUPPORT //
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+       pAd->CommonCfg.RadarDetect.ChMovingTime = 65;
+#ifdef MERGE_ARCH_TEAM
+       pAd->CommonCfg.RadarDetect.LongPulseRadarTh = 2;
+       pAd->CommonCfg.RadarDetect.AvgRssiReq = -75;
+#else // original rt28xx source code
+       pAd->CommonCfg.RadarDetect.LongPulseRadarTh = 3;
+#endif // MERGE_ARCH_TEAM //
+       pAd->CommonCfg.bAPSDCapable = FALSE;
+       pAd->CommonCfg.bNeedSendTriggerFrame = FALSE;
+       pAd->CommonCfg.TriggerTimerCount = 0;
+       pAd->CommonCfg.bAPSDForcePowerSave = FALSE;
+       pAd->CommonCfg.bCountryFlag = FALSE;
+       pAd->CommonCfg.TxStream = 0;
+       pAd->CommonCfg.RxStream = 0;
+
+       NdisZeroMemory(&pAd->BeaconTxWI, sizeof(pAd->BeaconTxWI));
+
+#ifdef DOT11_N_SUPPORT
+       NdisZeroMemory(&pAd->CommonCfg.HtCapability, sizeof(pAd->CommonCfg.HtCapability));
+       pAd->HTCEnable = FALSE;
+       pAd->bBroadComHT = FALSE;
+       pAd->CommonCfg.bRdg = FALSE;
+
+#ifdef DOT11N_DRAFT3
+       pAd->CommonCfg.Dot11OBssScanPassiveDwell = dot11OBSSScanPassiveDwell;   // Unit : TU. 5~1000
+       pAd->CommonCfg.Dot11OBssScanActiveDwell = dot11OBSSScanActiveDwell;     // Unit : TU. 10~1000
+       pAd->CommonCfg.Dot11BssWidthTriggerScanInt = dot11BSSWidthTriggerScanInterval;  // Unit : Second
+       pAd->CommonCfg.Dot11OBssScanPassiveTotalPerChannel = dot11OBSSScanPassiveTotalPerChannel;       // Unit : TU. 200~10000
+       pAd->CommonCfg.Dot11OBssScanActiveTotalPerChannel = dot11OBSSScanActiveTotalPerChannel; // Unit : TU. 20~10000
+       pAd->CommonCfg.Dot11BssWidthChanTranDelayFactor = dot11BSSWidthChannelTransactionDelayFactor;
+       pAd->CommonCfg.Dot11OBssScanActivityThre = dot11BSSScanActivityThreshold;       // Unit : percentage
+       pAd->CommonCfg.Dot11BssWidthChanTranDelay = (pAd->CommonCfg.Dot11BssWidthTriggerScanInt * pAd->CommonCfg.Dot11BssWidthChanTranDelayFactor);
+#endif  // DOT11N_DRAFT3 //
+
+       NdisZeroMemory(&pAd->CommonCfg.AddHTInfo, sizeof(pAd->CommonCfg.AddHTInfo));
+       pAd->CommonCfg.BACapability.field.MMPSmode = MMPS_ENABLE;
+       pAd->CommonCfg.BACapability.field.MpduDensity = 0;
+       pAd->CommonCfg.BACapability.field.Policy = IMMED_BA;
+       pAd->CommonCfg.BACapability.field.RxBAWinLimit = 64; //32;
+       pAd->CommonCfg.BACapability.field.TxBAWinLimit = 64; //32;
+       DBGPRINT(RT_DEBUG_TRACE, ("--> UserCfgInit. BACapability = 0x%x\n", pAd->CommonCfg.BACapability.word));
+
+       pAd->CommonCfg.BACapability.field.AutoBA = FALSE;
+       BATableInit(pAd, &pAd->BATable);
+
+       pAd->CommonCfg.bExtChannelSwitchAnnouncement = 1;
+       pAd->CommonCfg.bHTProtect = 1;
+       pAd->CommonCfg.bMIMOPSEnable = TRUE;
+       //2008/11/05:KH add to support Antenna power-saving of AP<--
+       pAd->CommonCfg.bGreenAPEnable=FALSE;
+       pAd->CommonCfg.bBlockAntDivforGreenAP=FALSE;
+       //2008/11/05:KH add to support Antenna power-saving of AP-->
+       pAd->CommonCfg.bBADecline = FALSE;
+       pAd->CommonCfg.bDisableReordering = FALSE;
+
+       if (pAd->MACVersion == 0x28720200)
+       {
+               pAd->CommonCfg.TxBASize = 13; //by Jerry recommend
+       }else{
+               pAd->CommonCfg.TxBASize = 7;
+       }
+
+       pAd->CommonCfg.REGBACapability.word = pAd->CommonCfg.BACapability.word;
+#endif // DOT11_N_SUPPORT //
+
+       //pAd->CommonCfg.HTPhyMode.field.BW = BW_20;
+       //pAd->CommonCfg.HTPhyMode.field.MCS = MCS_AUTO;
+       //pAd->CommonCfg.HTPhyMode.field.ShortGI = GI_800;
+       //pAd->CommonCfg.HTPhyMode.field.STBC = STBC_NONE;
+       pAd->CommonCfg.TxRate = RATE_6;
+
+       pAd->CommonCfg.MlmeTransmit.field.MCS = MCS_RATE_6;
+       pAd->CommonCfg.MlmeTransmit.field.BW = BW_20;
+       pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+
+       pAd->CommonCfg.BeaconPeriod = 100;     // in mSec
+
+
+       //
+       // part II. intialize STA specific configuration
+       //
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               RX_FILTER_SET_FLAG(pAd, fRX_FILTER_ACCEPT_DIRECT);
+               RX_FILTER_CLEAR_FLAG(pAd, fRX_FILTER_ACCEPT_MULTICAST);
+               RX_FILTER_SET_FLAG(pAd, fRX_FILTER_ACCEPT_BROADCAST);
+               RX_FILTER_SET_FLAG(pAd, fRX_FILTER_ACCEPT_ALL_MULTICAST);
+
+               pAd->StaCfg.Psm = PWR_ACTIVE;
+
+               pAd->StaCfg.OrigWepStatus = Ndis802_11EncryptionDisabled;
+               pAd->StaCfg.PairCipher = Ndis802_11EncryptionDisabled;
+               pAd->StaCfg.GroupCipher = Ndis802_11EncryptionDisabled;
+               pAd->StaCfg.bMixCipher = FALSE;
+               pAd->StaCfg.DefaultKeyId = 0;
+
+               // 802.1x port control
+               pAd->StaCfg.PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
+               pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+               pAd->StaCfg.LastMicErrorTime = 0;
+               pAd->StaCfg.MicErrCnt        = 0;
+               pAd->StaCfg.bBlockAssoc      = FALSE;
+               pAd->StaCfg.WpaState         = SS_NOTUSE;
+
+               pAd->CommonCfg.NdisRadioStateOff = FALSE;               // New to support microsoft disable radio with OID command
+
+               pAd->StaCfg.RssiTrigger = 0;
+               NdisZeroMemory(&pAd->StaCfg.RssiSample, sizeof(RSSI_SAMPLE));
+               pAd->StaCfg.RssiTriggerMode = RSSI_TRIGGERED_UPON_BELOW_THRESHOLD;
+               pAd->StaCfg.AtimWin = 0;
+               pAd->StaCfg.DefaultListenCount = 3;//default listen count;
+               pAd->StaCfg.BssType = BSS_INFRA;  // BSS_INFRA or BSS_ADHOC or BSS_MONITOR
+               pAd->StaCfg.bScanReqIsFromWebUI = FALSE;
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_WAKEUP_NOW);
+
+               pAd->StaCfg.bAutoTxRateSwitch = TRUE;
+               pAd->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+       }
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+       pAd->StaCfg.IEEE80211dClientMode = Rt802_11_D_None;
+#endif // EXT_BUILD_CHANNEL_LIST //
+#ifdef PCIE_PS_SUPPORT
+pAd->brt30xxBanMcuCmd = FALSE;
+pAd->b3090ESpecialChip = FALSE;
+//KH Debug:the following must be removed
+pAd->StaCfg.PSControl.field.rt30xxPowerMode=3;
+pAd->StaCfg.PSControl.field.rt30xxForceASPMTest=0;
+pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM=1;
+#endif // PCIE_PS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+       // global variables mXXXX used in MAC protocol state machines
+       OPSTATUS_SET_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM);
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_ADHOC_ON);
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_INFRA_ON);
+
+       // PHY specification
+       pAd->CommonCfg.PhyMode = PHY_11BG_MIXED;                // default PHY mode
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);  // CCK use LONG preamble
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // user desired power mode
+               pAd->StaCfg.WindowsPowerMode = Ndis802_11PowerModeCAM;
+               pAd->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeCAM;
+               pAd->StaCfg.bWindowsACCAMEnable = FALSE;
+
+               RTMPInitTimer(pAd, &pAd->StaCfg.StaQuickResponeForRateUpTimer, GET_TIMER_FUNCTION(StaQuickResponeForRateUpExec), pAd, FALSE);
+               pAd->StaCfg.StaQuickResponeForRateUpTimerRunning = FALSE;
+
+               // Patch for Ndtest
+               pAd->StaCfg.ScanCnt = 0;
+
+               pAd->StaCfg.bHwRadio  = TRUE; // Default Hardware Radio status is On
+               pAd->StaCfg.bSwRadio  = TRUE; // Default Software Radio status is On
+               pAd->StaCfg.bRadio    = TRUE; // bHwRadio && bSwRadio
+               pAd->StaCfg.bHardwareRadio = FALSE;             // Default is OFF
+               pAd->StaCfg.bShowHiddenSSID = FALSE;            // Default no show
+
+               // Nitro mode control
+               pAd->StaCfg.bAutoReconnect = TRUE;
+
+               // Save the init time as last scan time, the system should do scan after 2 seconds.
+               // This patch is for driver wake up from standby mode, system will do scan right away.
+               NdisGetSystemUpTime(&pAd->StaCfg.LastScanTime);
+               if (pAd->StaCfg.LastScanTime > 10 * OS_HZ)
+                       pAd->StaCfg.LastScanTime -= (10 * OS_HZ);
+
+               NdisZeroMemory(pAd->nickname, IW_ESSID_MAX_SIZE+1);
+#ifdef RTMP_MAC_PCI
+               sprintf((PSTRING) pAd->nickname, "RT2860STA");
+#endif // RTMP_MAC_PCI //
+               RTMPInitTimer(pAd, &pAd->StaCfg.WpaDisassocAndBlockAssocTimer, GET_TIMER_FUNCTION(WpaDisassocApAndBlockAssoc), pAd, FALSE);
+#ifdef WPA_SUPPLICANT_SUPPORT
+               pAd->StaCfg.IEEE8021X = FALSE;
+               pAd->StaCfg.IEEE8021x_required_keys = FALSE;
+               pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_DISABLE;
+               pAd->StaCfg.bRSN_IE_FromWpaSupplicant = FALSE;
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+               pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_ENABLE;
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+               NdisZeroMemory(pAd->StaCfg.ReplayCounter, 8);
+
+
+               pAd->StaCfg.bAutoConnectByBssid = FALSE;
+               pAd->StaCfg.BeaconLostTime = BEACON_LOST_TIME;
+               NdisZeroMemory(pAd->StaCfg.WpaPassPhrase, 64);
+               pAd->StaCfg.WpaPassPhraseLen = 0;
+               pAd->StaCfg.bAutoRoaming = FALSE;
+               pAd->StaCfg.bForceTxBurst = FALSE;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       // Default for extra information is not valid
+       pAd->ExtraInfo = EXTRA_INFO_CLEAR;
+
+       // Default Config change flag
+       pAd->bConfigChanged = FALSE;
+
+       //
+       // part III. AP configurations
+       //
+
+
+       //
+       // part IV. others
+       //
+       // dynamic BBP R66:sensibity tuning to overcome background noise
+       pAd->BbpTuning.bEnable                = TRUE;
+       pAd->BbpTuning.FalseCcaLowerThreshold = 100;
+       pAd->BbpTuning.FalseCcaUpperThreshold = 512;
+       pAd->BbpTuning.R66Delta               = 4;
+       pAd->Mlme.bEnableAutoAntennaCheck = TRUE;
+
+       //
+       // Also initial R66CurrentValue, RTUSBResumeMsduTransmission might use this value.
+       // if not initial this value, the default value will be 0.
+       //
+       pAd->BbpTuning.R66CurrentValue = 0x38;
+
+       pAd->Bbp94 = BBPR94_DEFAULT;
+       pAd->BbpForCCK = FALSE;
+
+       // Default is FALSE for test bit 1
+       //pAd->bTest1 = FALSE;
+
+       // initialize MAC table and allocate spin lock
+       NdisZeroMemory(&pAd->MacTab, sizeof(MAC_TABLE));
+       InitializeQueueHeader(&pAd->MacTab.McastPsQueue);
+       NdisAllocateSpinLock(&pAd->MacTabLock);
+
+       //RTMPInitTimer(pAd, &pAd->RECBATimer, RECBATimerTimeout, pAd, TRUE);
+       //RTMPSetTimer(&pAd->RECBATimer, REORDER_EXEC_INTV);
+
+#ifdef RALINK_ATE
+       NdisZeroMemory(&pAd->ate, sizeof(ATE_INFO));
+       pAd->ate.Mode = ATE_STOP;
+       pAd->ate.TxCount = 200;/* to exceed TX_RING_SIZE ... */
+       pAd->ate.TxDoneCount = 0;
+       pAd->ate.RFFreqOffset = 0;
+       pAd->ate.TxLength = 1024;
+       pAd->ate.TxWI.ShortGI = 0;// LONG GI : 800 ns
+       pAd->ate.TxWI.PHYMODE = MODE_CCK;
+       pAd->ate.TxWI.MCS = 3;
+       pAd->ate.TxWI.BW = BW_20;
+       pAd->ate.Channel = 1;
+       pAd->ate.QID = QID_AC_BE;
+       pAd->ate.Addr1[0] = 0x00;
+       pAd->ate.Addr1[1] = 0x11;
+       pAd->ate.Addr1[2] = 0x22;
+       pAd->ate.Addr1[3] = 0xAA;
+       pAd->ate.Addr1[4] = 0xBB;
+       pAd->ate.Addr1[5] = 0xCC;
+       NdisMoveMemory(pAd->ate.Addr2, pAd->ate.Addr1, ETH_LENGTH_OF_ADDRESS);
+       NdisMoveMemory(pAd->ate.Addr3, pAd->ate.Addr1, ETH_LENGTH_OF_ADDRESS);
+       pAd->ate.bRxFER = 0;
+       pAd->ate.bQATxStart = FALSE;
+       pAd->ate.bQARxStart = FALSE;
+
+#ifdef RTMP_MAC_PCI
+       pAd->ate.bFWLoading = FALSE;
+#endif // RTMP_MAC_PCI //
+
+
+#ifdef RALINK_28xx_QA
+       pAd->ate.TxStatus = 0;
+       pAd->ate.AtePid = THREAD_PID_INIT_VALUE;
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+
+       pAd->CommonCfg.bWiFiTest = FALSE;
+#ifdef RTMP_MAC_PCI
+    pAd->bPCIclkOff = FALSE;
+#endif // RTMP_MAC_PCI //
+
+#ifdef CONFIG_STA_SUPPORT
+RTMP_SET_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+#endif // CONFIG_STA_SUPPORT //
+#ifdef ANT_DIVERSITY_SUPPORT
+               if ( pAd->CommonCfg.bRxAntDiversity == ANT_FIX_ANT2)
+               {
+                       pAd->RxAnt.Pair1PrimaryRxAnt = 1;
+                       pAd->RxAnt.Pair1SecondaryRxAnt = 0;
+               }
+               else // Default
+               {
+                       pAd->RxAnt.Pair1PrimaryRxAnt = 0;
+                       pAd->RxAnt.Pair1SecondaryRxAnt = 1;
+               }
+               pAd->RxAnt.EvaluatePeriod = 0;
+               pAd->RxAnt.RcvPktNumWhenEvaluate = 0;
+#ifdef CONFIG_STA_SUPPORT
+               pAd->RxAnt.Pair1AvgRssi[0] = pAd->RxAnt.Pair1AvgRssi[1] = 0;
+#endif // CONFIG_STA_SUPPORT //
+#endif // AP_ANTENNA_DIVERSITY_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<-- UserCfgInit\n"));
+}
+
+// IRQL = PASSIVE_LEVEL
+UCHAR BtoH(STRING ch)
+{
+       if (ch >= '0' && ch <= '9') return (ch - '0');        // Handle numerals
+       if (ch >= 'A' && ch <= 'F') return (ch - 'A' + 0xA);  // Handle capitol hex digits
+       if (ch >= 'a' && ch <= 'f') return (ch - 'a' + 0xA);  // Handle small hex digits
+       return(255);
+}
+
+//
+//  FUNCTION: AtoH(char *, UCHAR *, int)
+//
+//  PURPOSE:  Converts ascii string to network order hex
+//
+//  PARAMETERS:
+//    src    - pointer to input ascii string
+//    dest   - pointer to output hex
+//    destlen - size of dest
+//
+//  COMMENTS:
+//
+//    2 ascii bytes make a hex byte so must put 1st ascii byte of pair
+//    into upper nibble and 2nd ascii byte of pair into lower nibble.
+//
+// IRQL = PASSIVE_LEVEL
+
+void AtoH(PSTRING src, PUCHAR dest, int destlen)
+{
+       PSTRING srcptr;
+       PUCHAR destTemp;
+
+       srcptr = src;
+       destTemp = (PUCHAR) dest;
+
+       while(destlen--)
+       {
+               *destTemp = BtoH(*srcptr++) << 4;    // Put 1st ascii byte in upper nibble.
+               *destTemp += BtoH(*srcptr++);      // Add 2nd ascii byte to above.
+               destTemp++;
+       }
+}
+
+
+//+++Mark by shiang, not use now, need to remove after confirm
+//---Mark by shiang, not use now, need to remove after confirm
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init timer objects
+
+       Arguments:
+               pAd                     Pointer to our adapter
+               pTimer                          Timer structure
+               pTimerFunc                      Function to execute when timer expired
+               Repeat                          Ture for period timer
+
+       Return Value:
+               None
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPInitTimer(
+       IN      PRTMP_ADAPTER                   pAd,
+       IN      PRALINK_TIMER_STRUCT    pTimer,
+       IN      PVOID                                   pTimerFunc,
+       IN      PVOID                                   pData,
+       IN      BOOLEAN                                 Repeat)
+{
+       //
+       // Set Valid to TRUE for later used.
+       // It will crash if we cancel a timer or set a timer
+       // that we haven't initialize before.
+       //
+       pTimer->Valid      = TRUE;
+
+       pTimer->PeriodicType = Repeat;
+       pTimer->State      = FALSE;
+       pTimer->cookie = (ULONG) pData;
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+       pTimer->pAd = pAd;
+#endif // RTMP_TIMER_TASK_SUPPORT //
+
+       RTMP_OS_Init_Timer(pAd, &pTimer->TimerObj,      pTimerFunc, (PVOID) pTimer);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init timer objects
+
+       Arguments:
+               pTimer                          Timer structure
+               Value                           Timer value in milliseconds
+
+       Return Value:
+               None
+
+       Note:
+               To use this routine, must call RTMPInitTimer before.
+
+       ========================================================================
+*/
+VOID   RTMPSetTimer(
+       IN      PRALINK_TIMER_STRUCT    pTimer,
+       IN      ULONG                                   Value)
+{
+       if (pTimer->Valid)
+       {
+               pTimer->TimerValue = Value;
+               pTimer->State      = FALSE;
+               if (pTimer->PeriodicType == TRUE)
+               {
+                       pTimer->Repeat = TRUE;
+                       RTMP_SetPeriodicTimer(&pTimer->TimerObj, Value);
+               }
+               else
+               {
+                       pTimer->Repeat = FALSE;
+                       RTMP_OS_Add_Timer(&pTimer->TimerObj, Value);
+               }
+       }
+       else
+       {
+               DBGPRINT_ERR(("RTMPSetTimer failed, Timer hasn't been initialize!\n"));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Init timer objects
+
+       Arguments:
+               pTimer                          Timer structure
+               Value                           Timer value in milliseconds
+
+       Return Value:
+               None
+
+       Note:
+               To use this routine, must call RTMPInitTimer before.
+
+       ========================================================================
+*/
+VOID   RTMPModTimer(
+       IN      PRALINK_TIMER_STRUCT    pTimer,
+       IN      ULONG                                   Value)
+{
+       BOOLEAN Cancel;
+
+       if (pTimer->Valid)
+       {
+               pTimer->TimerValue = Value;
+               pTimer->State      = FALSE;
+               if (pTimer->PeriodicType == TRUE)
+               {
+                       RTMPCancelTimer(pTimer, &Cancel);
+                       RTMPSetTimer(pTimer, Value);
+               }
+               else
+               {
+                       RTMP_OS_Mod_Timer(&pTimer->TimerObj, Value);
+               }
+       }
+       else
+       {
+               DBGPRINT_ERR(("RTMPModTimer failed, Timer hasn't been initialize!\n"));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Cancel timer objects
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               1.) To use this routine, must call RTMPInitTimer before.
+               2.) Reset NIC to initial state AS IS system boot up time.
+
+       ========================================================================
+*/
+VOID   RTMPCancelTimer(
+       IN      PRALINK_TIMER_STRUCT    pTimer,
+       OUT     BOOLEAN                                 *pCancelled)
+{
+       if (pTimer->Valid)
+       {
+               if (pTimer->State == FALSE)
+                       pTimer->Repeat = FALSE;
+
+               RTMP_OS_Del_Timer(&pTimer->TimerObj, pCancelled);
+
+               if (*pCancelled == TRUE)
+                       pTimer->State = TRUE;
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+               // We need to go-through the TimerQ to findout this timer handler and remove it if
+               //              it's still waiting for execution.
+               RtmpTimerQRemove(pTimer->pAd, pTimer);
+#endif // RTMP_TIMER_TASK_SUPPORT //
+       }
+       else
+       {
+               DBGPRINT_ERR(("RTMPCancelTimer failed, Timer hasn't been initialize!\n"));
+       }
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Set LED Status
+
+       Arguments:
+               pAd                                             Pointer to our adapter
+               Status                                  LED Status
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID RTMPSetLED(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Status)
+{
+       //ULONG                 data;
+       UCHAR                   HighByte = 0;
+       UCHAR                   LowByte;
+       BOOLEAN                 bIgnored = FALSE;
+
+#ifdef RALINK_ATE
+       /*
+               In ATE mode of RT2860 AP/STA, we have erased 8051 firmware.
+               So LED mode is not supported when ATE is running.
+       */
+       if (!IS_RT3572(pAd))
+       {
+               if (ATE_ON(pAd))
+                       return;
+       }
+#endif // RALINK_ATE //
+
+       LowByte = pAd->LedCntl.field.LedMode&0x7f;
+       switch (Status)
+       {
+               case LED_LINK_DOWN:
+                       HighByte = 0x20;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       pAd->LedIndicatorStrength = 0;
+                       break;
+               case LED_LINK_UP:
+                       if (pAd->CommonCfg.Channel > 14)
+                               HighByte = 0xa0;
+                       else
+                               HighByte = 0x60;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+               case LED_RADIO_ON:
+                       HighByte = 0x20;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+               case LED_HALT:
+                       LowByte = 0; // Driver sets MAC register and MAC controls LED
+               case LED_RADIO_OFF:
+                       HighByte = 0;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+               case LED_WPS:
+                       HighByte = 0x10;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+               case LED_ON_SITE_SURVEY:
+                       HighByte = 0x08;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+               case LED_POWER_UP:
+                       HighByte = 0x04;
+                       AsicSendCommandToMcu(pAd, 0x50, 0xff, LowByte, HighByte);
+                       break;
+#ifdef RALINK_ATE
+#endif // RALINK_ATE //
+               default:
+                       DBGPRINT(RT_DEBUG_WARN, ("RTMPSetLED::Unknown Status %d\n", Status));
+                       break;
+       }
+
+    //
+       // Keep LED status for LED SiteSurvey mode.
+       // After SiteSurvey, we will set the LED mode to previous status.
+       //
+       if ((Status != LED_ON_SITE_SURVEY) && (Status != LED_POWER_UP) && (bIgnored == FALSE))
+               pAd->LedStatus = Status;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSetLED::Mode=%d,HighByte=0x%02x,LowByte=0x%02x\n", pAd->LedCntl.field.LedMode, HighByte, LowByte));
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Set LED Signal Stregth
+
+       Arguments:
+               pAd                                             Pointer to our adapter
+               Dbm                                             Signal Stregth
+
+       Return Value:
+               None
+
+       IRQL = PASSIVE_LEVEL
+
+       Note:
+               Can be run on any IRQL level.
+
+               According to Microsoft Zero Config Wireless Signal Stregth definition as belows.
+               <= -90  No Signal
+               <= -81  Very Low
+               <= -71  Low
+               <= -67  Good
+               <= -57  Very Good
+                > -57  Excellent
+       ========================================================================
+*/
+VOID RTMPSetSignalLED(
+       IN PRTMP_ADAPTER        pAd,
+       IN NDIS_802_11_RSSI Dbm)
+{
+       UCHAR           nLed = 0;
+
+       if (pAd->LedCntl.field.LedMode == LED_MODE_SIGNAL_STREGTH)
+       {
+               if (Dbm <= -90)
+                       nLed = 0;
+               else if (Dbm <= -81)
+                       nLed = 1;
+               else if (Dbm <= -71)
+                       nLed = 3;
+               else if (Dbm <= -67)
+                       nLed = 7;
+               else if (Dbm <= -57)
+                       nLed = 15;
+               else
+                       nLed = 31;
+
+               //
+               // Update Signal Stregth to firmware if changed.
+               //
+               if (pAd->LedIndicatorStrength != nLed)
+               {
+                       AsicSendCommandToMcu(pAd, 0x51, 0xff, nLed, pAd->LedCntl.field.Polarity);
+                       pAd->LedIndicatorStrength = nLed;
+               }
+       }
+}
+
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Enable RX
+
+       Arguments:
+               pAd                                             Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL <= DISPATCH_LEVEL
+
+       Note:
+               Before Enable RX, make sure you have enabled Interrupt.
+       ========================================================================
+*/
+VOID RTMPEnableRxTx(
+       IN PRTMP_ADAPTER        pAd)
+{
+//     WPDMA_GLO_CFG_STRUC     GloCfg;
+//     ULONG   i = 0;
+       UINT32 rx_filter_flag;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==> RTMPEnableRxTx\n"));
+
+       // Enable Rx DMA.
+       RT28XXDMAEnable(pAd);
+
+       // enable RX of MAC block
+       if (pAd->OpMode == OPMODE_AP)
+       {
+               rx_filter_flag = APNORMAL;
+
+
+               RTMP_IO_WRITE32(pAd, RX_FILTR_CFG, rx_filter_flag);     // enable RX of DMA block
+       }
+       else
+       {
+               if (pAd->CommonCfg.PSPXlink)
+                       rx_filter_flag = PSPXLINK;
+               else
+                       rx_filter_flag = STANORMAL;     // Staion not drop control frame will fail WiFi Certification.
+               RTMP_IO_WRITE32(pAd, RX_FILTR_CFG, rx_filter_flag);
+       }
+
+       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, 0xc);
+       DBGPRINT(RT_DEBUG_TRACE, ("<== RTMPEnableRxTx\n"));
+}
+
+
+//+++Add by shiang, move from os/linux/rt_main_dev.c
+void CfgInitHook(PRTMP_ADAPTER pAd)
+{
+       pAd->bBroadComHT = TRUE;
+}
+
+
+int rt28xx_init(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING pDefaultMac,
+       IN PSTRING pHostName)
+{
+       UINT                                    index;
+       UCHAR                                   TmpPhy;
+       NDIS_STATUS                             Status;
+       UINT32                                  MacCsr0 = 0;
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef RTMP_MAC_PCI
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+       // If dirver doesn't wake up firmware here,
+       // NICLoadFirmware will hang forever when interface is up again.
+       // RT2860 PCI
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE) &&
+               OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+       {
+               AUTO_WAKEUP_STRUC AutoWakeupCfg;
+                       AsicForceWakeup(pAd, TRUE);
+               AutoWakeupCfg.word = 0;
+               RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+       }
+       }
+#endif // RTMP_MAC_PCI //
+#endif // CONFIG_STA_SUPPORT //
+
+
+       // reset Adapter flags
+       RTMP_CLEAR_FLAGS(pAd);
+
+       // Init BssTab & ChannelInfo tabbles for auto channel select.
+
+#ifdef DOT11_N_SUPPORT
+       // Allocate BA Reordering memory
+       ba_reordering_resource_init(pAd, MAX_REORDERING_MPDU_NUM);
+#endif // DOT11_N_SUPPORT //
+
+       // Make sure MAC gets ready.
+       index = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, MAC_CSR0, &MacCsr0);
+               pAd->MACVersion = MacCsr0;
+
+               if ((pAd->MACVersion != 0x00) && (pAd->MACVersion != 0xFFFFFFFF))
+                       break;
+
+               RTMPusecDelay(10);
+       } while (index++ < 100);
+       DBGPRINT(RT_DEBUG_TRACE, ("MAC_CSR0  [ Ver:Rev=0x%08x]\n", pAd->MACVersion));
+
+#ifdef RTMP_MAC_PCI
+#ifdef PCIE_PS_SUPPORT
+       /*Iverson patch PCIE L1 issue to make sure that driver can be read,write ,BBP and RF register  at pcie L.1 level */
+       if ((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd))&&OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+       {
+               RTMP_IO_READ32(pAd, AUX_CTRL, &MacCsr0);
+               MacCsr0 |= 0x402;
+               RTMP_IO_WRITE32(pAd, AUX_CTRL, MacCsr0);
+               DBGPRINT(RT_DEBUG_TRACE, ("AUX_CTRL = 0x%x\n", MacCsr0));
+       }
+#endif // PCIE_PS_SUPPORT //
+
+       // To fix driver disable/enable hang issue when radio off
+       RTMP_IO_WRITE32(pAd, PWR_PIN_CFG, 0x2);
+#endif // RTMP_MAC_PCI //
+
+       // Disable DMA
+       RT28XXDMADisable(pAd);
+
+
+       // Load 8051 firmware
+       Status = NICLoadFirmware(pAd);
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT_ERR(("NICLoadFirmware failed, Status[=0x%08x]\n", Status));
+               goto err1;
+       }
+
+       NICLoadRateSwitchingParams(pAd);
+
+       // Disable interrupts here which is as soon as possible
+       // This statement should never be true. We might consider to remove it later
+#ifdef RTMP_MAC_PCI
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_ACTIVE))
+       {
+               RTMP_ASIC_INTERRUPT_DISABLE(pAd);
+       }
+#endif // RTMP_MAC_PCI //
+
+       Status = RTMPAllocTxRxRingMemory(pAd);
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT_ERR(("RTMPAllocDMAMemory failed, Status[=0x%08x]\n", Status));
+               goto err1;
+       }
+
+       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE);
+
+       // initialize MLME
+       //
+
+       Status = RtmpMgmtTaskInit(pAd);
+       if (Status != NDIS_STATUS_SUCCESS)
+               goto err2;
+
+       Status = MlmeInit(pAd);
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT_ERR(("MlmeInit failed, Status[=0x%08x]\n", Status));
+               goto err2;
+       }
+
+       // Initialize pAd->StaCfg, pAd->ApCfg, pAd->CommonCfg to manufacture default
+       //
+       UserCfgInit(pAd);
+       Status = RtmpNetTaskInit(pAd);
+       if (Status != NDIS_STATUS_SUCCESS)
+               goto err3;
+
+//     COPY_MAC_ADDR(pAd->ApCfg.MBSSID[apidx].Bssid, netif->hwaddr);
+//     pAd->bForcePrintTX = TRUE;
+
+       CfgInitHook(pAd);
+
+
+#ifdef BLOCK_NET_IF
+       initblockQueueTab(pAd);
+#endif // BLOCK_NET_IF //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               NdisAllocateSpinLock(&pAd->MacTabLock);
+#endif // CONFIG_STA_SUPPORT //
+
+       MeasureReqTabInit(pAd);
+       TpcReqTabInit(pAd);
+
+       //
+       // Init the hardware, we need to init asic before read registry, otherwise mac register will be reset
+       //
+       Status = NICInitializeAdapter(pAd, TRUE);
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT_ERR(("NICInitializeAdapter failed, Status[=0x%08x]\n", Status));
+               if (Status != NDIS_STATUS_SUCCESS)
+               goto err3;
+       }
+
+       // Read parameters from Config File
+       Status = RTMPReadParametersHook(pAd);
+
+       DBGPRINT(RT_DEBUG_OFF, ("1. Phy Mode = %d\n", pAd->CommonCfg.PhyMode));
+       if (Status != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT_ERR(("NICReadRegParameters failed, Status[=0x%08x]\n",Status));
+               goto err4;
+       }
+
+
+
+#ifdef DOT11_N_SUPPORT
+       //Init Ba Capability parameters.
+//     RT28XX_BA_INIT(pAd);
+       pAd->CommonCfg.DesiredHtPhy.MpduDensity = (UCHAR)pAd->CommonCfg.BACapability.field.MpduDensity;
+       pAd->CommonCfg.DesiredHtPhy.AmsduEnable = (USHORT)pAd->CommonCfg.BACapability.field.AmsduEnable;
+       pAd->CommonCfg.DesiredHtPhy.AmsduSize = (USHORT)pAd->CommonCfg.BACapability.field.AmsduSize;
+       pAd->CommonCfg.DesiredHtPhy.MimoPs = (USHORT)pAd->CommonCfg.BACapability.field.MMPSmode;
+       // UPdata to HT IE
+       pAd->CommonCfg.HtCapability.HtCapInfo.MimoPs = (USHORT)pAd->CommonCfg.BACapability.field.MMPSmode;
+       pAd->CommonCfg.HtCapability.HtCapInfo.AMsduSize = (USHORT)pAd->CommonCfg.BACapability.field.AmsduSize;
+       pAd->CommonCfg.HtCapability.HtCapParm.MpduDensity = (UCHAR)pAd->CommonCfg.BACapability.field.MpduDensity;
+#endif // DOT11_N_SUPPORT //
+
+       // after reading Registry, we now know if in AP mode or STA mode
+
+       // Load 8051 firmware; crash when FW image not existent
+       // Status = NICLoadFirmware(pAd);
+       // if (Status != NDIS_STATUS_SUCCESS)
+       //    break;
+
+       DBGPRINT(RT_DEBUG_OFF, ("2. Phy Mode = %d\n", pAd->CommonCfg.PhyMode));
+
+       // We should read EEPROM for all cases.  rt2860b
+       NICReadEEPROMParameters(pAd, (PUCHAR)pDefaultMac);
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_OFF, ("3. Phy Mode = %d\n", pAd->CommonCfg.PhyMode));
+
+       NICInitAsicFromEEPROM(pAd); //rt2860b
+
+       // Set PHY to appropriate mode
+       TmpPhy = pAd->CommonCfg.PhyMode;
+       pAd->CommonCfg.PhyMode = 0xff;
+       RTMPSetPhyMode(pAd, TmpPhy);
+#ifdef DOT11_N_SUPPORT
+       SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+
+       // No valid channels.
+       if (pAd->ChannelListNum == 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Wrong configuration. No valid channel found. Check \"ContryCode\" and \"ChannelGeography\" setting.\n"));
+               goto err4;
+       }
+
+#ifdef DOT11_N_SUPPORT
+       DBGPRINT(RT_DEBUG_OFF, ("MCS Set = %02x %02x %02x %02x %02x\n", pAd->CommonCfg.HtCapability.MCSSet[0],
+           pAd->CommonCfg.HtCapability.MCSSet[1], pAd->CommonCfg.HtCapability.MCSSet[2],
+           pAd->CommonCfg.HtCapability.MCSSet[3], pAd->CommonCfg.HtCapability.MCSSet[4]));
+#endif // DOT11_N_SUPPORT //
+
+#ifdef RTMP_RF_RW_SUPPORT
+       //Init RT30xx RFRegisters after read RFIC type from EEPROM
+       NICInitRFRegisters(pAd);
+#endif // RTMP_RF_RW_SUPPORT //
+
+
+
+//             APInitialize(pAd);
+
+#ifdef IKANOS_VX_1X0
+       VR_IKANOS_FP_Init(pAd->ApCfg.BssidNum, pAd->PermanentAddress);
+#endif // IKANOS_VX_1X0 //
+
+               //
+       // Initialize RF register to default value
+       //
+       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+
+       // 8051 firmware require the signal during booting time.
+       //2008/11/28:KH marked the following codes to patch Frequency offset bug
+       //AsicSendCommandToMcu(pAd, 0x72, 0xFF, 0x00, 0x00);
+
+       if (pAd && (Status != NDIS_STATUS_SUCCESS))
+       {
+               //
+               // Undo everything if it failed
+               //
+               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+               {
+//                     NdisMDeregisterInterrupt(&pAd->Interrupt);
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE);
+               }
+//             RTMPFreeAdapter(pAd); // we will free it in disconnect()
+       }
+       else if (pAd)
+       {
+               // Microsoft HCT require driver send a disconnect event after driver initialization.
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+//             pAd->IndicateMediaState = NdisMediaStateDisconnected;
+               RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_MEDIA_STATE_CHANGE);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_DISCONNECT Event B!\n"));
+
+
+       }// end of else
+
+
+       // Set up the Mac address
+       RtmpOSNetDevAddrSet(pAd->net_dev, &pAd->CurrentAddress[0]);
+
+       // Various AP function init
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+               // send wireless event to wpa_supplicant for infroming interface up.
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_INTERFACE_UP, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+       DBGPRINT_S(Status, ("<==== rt28xx_init, Status=%x\n", Status));
+
+       return TRUE;
+
+
+err4:
+err3:
+       MlmeHalt(pAd);
+err2:
+       RTMPFreeTxRxRingMemory(pAd);
+err1:
+
+#ifdef DOT11_N_SUPPORT
+       os_free_mem(pAd, pAd->mpdu_blk_pool.mem); // free BA pool
+#endif // DOT11_N_SUPPORT //
+
+       // shall not set priv to NULL here because the priv didn't been free yet.
+       //net_dev->priv = 0;
+#ifdef INF_AMAZON_SE
+err0:
+#endif // INF_AMAZON_SE //
+#ifdef ST
+err0:
+#endif // ST //
+
+       DBGPRINT(RT_DEBUG_ERROR, ("!!! rt28xx Initialized fail !!!\n"));
+       return FALSE;
+}
+//---Add by shiang, move from os/linux/rt_main_dev.c
+
+
+static INT RtmpChipOpsRegister(
+       IN RTMP_ADAPTER *pAd,
+       IN INT                  infType)
+{
+       RTMP_CHIP_OP    *pChipOps = &pAd->chipOps;
+       int status;
+
+       memset(pChipOps, 0, sizeof(RTMP_CHIP_OP));
+
+       /* set eeprom related hook functions */
+       status = RtmpChipOpsEepromHook(pAd, infType);
+
+       /* set mcu related hook functions */
+       switch(infType)
+       {
+#ifdef RTMP_PCI_SUPPORT
+               case RTMP_DEV_INF_PCI:
+                       pChipOps->loadFirmware = RtmpAsicLoadFirmware;
+                       pChipOps->eraseFirmware = RtmpAsicEraseFirmware;
+                       pChipOps->sendCommandToMcu = RtmpAsicSendCommandToMcu;
+                       break;
+#endif // RTMP_PCI_SUPPORT //
+
+
+               default:
+                       break;
+       }
+
+       return status;
+}
+
+
+INT RtmpRaDevCtrlInit(
+       IN RTMP_ADAPTER *pAd,
+       IN RTMP_INF_TYPE infType)
+{
+       //VOID  *handle;
+
+       // Assign the interface type. We need use it when do register/EEPROM access.
+       pAd->infType = infType;
+
+
+#ifdef CONFIG_STA_SUPPORT
+       pAd->OpMode = OPMODE_STA;
+       DBGPRINT(RT_DEBUG_TRACE, ("STA Driver version-%s\n", STA_DRIVER_VERSION));
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+       RtmpChipOpsRegister(pAd, infType);
+
+#ifdef MULTIPLE_CARD_SUPPORT
+{
+       extern BOOLEAN RTMP_CardInfoRead(PRTMP_ADAPTER pAd);
+
+       // find its profile path
+       pAd->MC_RowID = -1; // use default profile path
+       RTMP_CardInfoRead(pAd);
+
+       if (pAd->MC_RowID == -1)
+#ifdef CONFIG_STA_SUPPORT
+               strcpy(pAd->MC_FileName, STA_PROFILE_PATH);
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("MC> ROW = %d, PATH = %s\n", pAd->MC_RowID, pAd->MC_FileName));
+}
+#endif // MULTIPLE_CARD_SUPPORT //
+
+       return 0;
+}
+
+
+BOOLEAN RtmpRaDevCtrlExit(IN RTMP_ADAPTER *pAd)
+{
+#ifdef MULTIPLE_CARD_SUPPORT
+extern UINT8  MC_CardUsed[MAX_NUM_OF_MULTIPLE_CARD];
+
+       if ((pAd->MC_RowID >= 0) && (pAd->MC_RowID <= MAX_NUM_OF_MULTIPLE_CARD))
+               MC_CardUsed[pAd->MC_RowID] = 0; // not clear MAC address
+#endif // MULTIPLE_CARD_SUPPORT //
+
+
+       RTMPFreeAdapter(pAd);
+
+       return TRUE;
+}
+
+
+// not yet support MBSS
+PNET_DEV get_netdev_from_bssid(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       PNET_DEV dev_p = NULL;
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               dev_p = pAd->net_dev;
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       ASSERT(dev_p);
+       return dev_p; /* return one of MBSS */
+}
diff --git a/drivers/staging/rt3090/common/rtmp_mcu.c b/drivers/staging/rt3090/common/rtmp_mcu.c
new file mode 100644 (file)
index 0000000..23f785a
--- /dev/null
@@ -0,0 +1,560 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_mcu.c
+
+       Abstract:
+       Miniport generic portion header file
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+#include "../firmware.h"
+
+//#define BIN_IN_FILE /* use *.bin firmware */
+
+
+// New 8k byte firmware size for RT3071/RT3072
+#define FIRMWAREIMAGE_MAX_LENGTH       0x2000
+#define FIRMWAREIMAGE_LENGTH                   (sizeof (FirmwareImage) / sizeof(UCHAR))
+#define FIRMWARE_MAJOR_VERSION         0
+
+#define FIRMWAREIMAGEV1_LENGTH         0x1000
+#define FIRMWAREIMAGEV2_LENGTH         0x1000
+
+#ifdef RTMP_MAC_PCI
+#define FIRMWARE_MINOR_VERSION         2
+#endif // RTMP_MAC_PCI //
+
+const unsigned short ccitt_16Table[] = {
+       0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7,
+       0x8108, 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF,
+       0x1231, 0x0210, 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6,
+       0x9339, 0x8318, 0xB37B, 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE,
+       0x2462, 0x3443, 0x0420, 0x1401, 0x64E6, 0x74C7, 0x44A4, 0x5485,
+       0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 0xF5CF, 0xC5AC, 0xD58D,
+       0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 0x5695, 0x46B4,
+       0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 0xC7BC,
+       0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823,
+       0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B,
+       0x5AF5, 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12,
+       0xDBFD, 0xCBDC, 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A,
+       0x6CA6, 0x7C87, 0x4CE4, 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41,
+       0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 0xAD2A, 0xBD0B, 0x8D68, 0x9D49,
+       0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 0x2E32, 0x1E51, 0x0E70,
+       0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 0x9F59, 0x8F78,
+       0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 0xE16F,
+       0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067,
+       0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E,
+       0x02B1, 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256,
+       0xB5EA, 0xA5CB, 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D,
+       0x34E2, 0x24C3, 0x14A0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405,
+       0xA7DB, 0xB7FA, 0x8799, 0x97B8, 0xE75F, 0xF77E, 0xC71D, 0xD73C,
+       0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 0x7676, 0x4615, 0x5634,
+       0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 0xB98A, 0xA9AB,
+       0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 0x28A3,
+       0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A,
+       0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92,
+       0xFD2E, 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9,
+       0x7C26, 0x6C07, 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1,
+       0xEF1F, 0xFF3E, 0xCF5D, 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8,
+       0x6E17, 0x7E36, 0x4E55, 0x5E74, 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0
+};
+#define ByteCRC16(v, crc) \
+       (unsigned short)((crc << 8) ^  ccitt_16Table[((crc >> 8) ^ (v)) & 255])
+
+unsigned char BitReverse(unsigned char x)
+{
+       int i;
+       unsigned char Temp=0;
+       for(i=0; ; i++)
+       {
+               if(x & 0x80)    Temp |= 0x80;
+               if(i==7)                break;
+               x       <<= 1;
+               Temp >>= 1;
+       }
+       return Temp;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               erase 8051 firmware image in MAC ASIC
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+INT RtmpAsicEraseFirmware(
+       IN PRTMP_ADAPTER pAd)
+{
+       ULONG i;
+
+       for(i=0; i<MAX_FIRMWARE_IMAGE_SIZE; i+=4)
+               RTMP_IO_WRITE32(pAd, FIRMWARE_IMAGE_BASE + i, 0);
+
+       return 0;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Load 8051 firmware file into MAC ASIC
+
+       Arguments:
+               Adapter                                         Pointer to our adapter
+
+       Return Value:
+               NDIS_STATUS_SUCCESS         firmware image load ok
+               NDIS_STATUS_FAILURE         image not found
+
+       IRQL = PASSIVE_LEVEL
+
+       ========================================================================
+*/
+NDIS_STATUS RtmpAsicLoadFirmware(
+       IN PRTMP_ADAPTER pAd)
+{
+#ifdef BIN_IN_FILE
+#define NICLF_DEFAULT_USE()    \
+       flg_default_firm_use = TRUE; \
+       DBGPRINT(RT_DEBUG_OFF, ("%s - Use default firmware!\n", __FUNCTION__));
+
+       NDIS_STATUS             Status = NDIS_STATUS_SUCCESS;
+       PUCHAR                  src;
+       RTMP_OS_FD              srcf;
+       INT                             retval, i;
+       PUCHAR                  pFirmwareImage;
+       INT                             FileLength = 0;
+       UINT32                  MacReg;
+       ULONG                   Index;
+       ULONG                   firm;
+       BOOLEAN                 flg_default_firm_use = FALSE;
+       RTMP_OS_FS_INFO osFSInfo;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> %s\n", __FUNCTION__));
+
+       /* init */
+       pFirmwareImage = NULL;
+       src = RTMP_FIRMWARE_FILE_NAME;
+
+       RtmpOSFSInfoChange(&osFSInfo, TRUE);
+
+       pAd->FirmwareVersion = (FIRMWARE_MAJOR_VERSION << 8) + \
+                                                  FIRMWARE_MINOR_VERSION;
+
+
+       /* allocate firmware buffer */
+       pFirmwareImage = kmalloc(MAX_FIRMWARE_IMAGE_SIZE, MEM_ALLOC_FLAG);
+       if (pFirmwareImage == NULL)
+       {
+               /* allocate fail, use default firmware array in firmware.h */
+               DBGPRINT(RT_DEBUG_ERROR, ("%s - Allocate memory fail!\n", __FUNCTION__));
+               NICLF_DEFAULT_USE();
+       }
+       else
+       {
+               /* allocate ok! zero the firmware buffer */
+               memset(pFirmwareImage, 0x00, MAX_FIRMWARE_IMAGE_SIZE);
+       } /* End of if */
+
+
+       /* if ok, read firmware file from *.bin file */
+       if (flg_default_firm_use == FALSE)
+       {
+               do
+               {
+                       /* open the bin file */
+                       srcf = RtmpOSFileOpen(src, O_RDONLY, 0);
+
+                       if (IS_FILE_OPEN_ERR(srcf))
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("%s - Error opening file %s\n", __FUNCTION__, src));
+                               NICLF_DEFAULT_USE();
+                               break;
+                       }
+
+
+                       /* read the firmware from the file *.bin */
+                       FileLength = RtmpOSFileRead(srcf, pFirmwareImage, MAX_FIRMWARE_IMAGE_SIZE);
+                       if (FileLength != MAX_FIRMWARE_IMAGE_SIZE)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("%s: error file length (=%d) in RT2860AP.BIN\n",
+                                          __FUNCTION__, FileLength));
+                               NICLF_DEFAULT_USE();
+                               break;
+                       }
+                       else
+                       {
+                               PUCHAR ptr = pFirmwareImage;
+                               USHORT crc = 0xffff;
+
+
+                               /* calculate firmware CRC */
+                               for(i=0; i<(MAX_FIRMWARE_IMAGE_SIZE-2); i++, ptr++)
+                                       crc = ByteCRC16(BitReverse(*ptr), crc);
+                               /* End of for */
+
+                               if ((pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-2] != \
+                                                               (UCHAR)BitReverse((UCHAR)(crc>>8))) ||
+                                       (pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-1] != \
+                                                               (UCHAR)BitReverse((UCHAR)crc)))
+                               {
+                                       /* CRC fail */
+                                       DBGPRINT(RT_DEBUG_ERROR, ("%s: CRC = 0x%02x 0x%02x "
+                                                  "error, should be 0x%02x 0x%02x\n",
+                                                  __FUNCTION__,
+                                                  pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-2],
+                                                  pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-1],
+                                                  (UCHAR)(crc>>8), (UCHAR)(crc)));
+                                       NICLF_DEFAULT_USE();
+                                       break;
+                               }
+                               else
+                               {
+                                       /* firmware is ok */
+                                       pAd->FirmwareVersion = \
+                                               (pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-4] << 8) +
+                                               pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-3];
+
+                                       /* check if firmware version of the file is too old */
+                                       if ((pAd->FirmwareVersion) < \
+                                                                                       ((FIRMWARE_MAJOR_VERSION << 8) +
+                                                                                        FIRMWARE_MINOR_VERSION))
+                                       {
+                                               DBGPRINT(RT_DEBUG_ERROR, ("%s: firmware version too old!\n", __FUNCTION__));
+                                               NICLF_DEFAULT_USE();
+                                               break;
+                                       } /* End of if */
+                               } /* End of if */
+
+                               DBGPRINT(RT_DEBUG_TRACE,
+                                                ("NICLoadFirmware: CRC ok, ver=%d.%d\n",
+                                                 pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-4],
+                                                 pFirmwareImage[MAX_FIRMWARE_IMAGE_SIZE-3]));
+                       } /* End of if (FileLength == MAX_FIRMWARE_IMAGE_SIZE) */
+                       break;
+               } while(TRUE);
+
+               /* close firmware file */
+               if (IS_FILE_OPEN_ERR(srcf))
+                       ;
+               else
+               {
+                       retval = RtmpOSFileClose(srcf);
+                       if (retval)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("--> Error %d closing %s\n", -retval, src));
+                       }
+               }
+       }
+
+
+       /* write firmware to ASIC */
+       if (flg_default_firm_use == TRUE)
+       {
+               /* use default fimeware, free allocated buffer */
+               if (pFirmwareImage != NULL)
+                       kfree(pFirmwareImage);
+               /* End of if */
+
+               /* use default *.bin array */
+               pFirmwareImage = FirmwareImage;
+               FileLength = sizeof(FirmwareImage);
+       } /* End of if */
+
+       /* enable Host program ram write selection */
+       RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0x10000);
+
+       for(i=0; i<FileLength; i+=4)
+       {
+               firm = pFirmwareImage[i] +
+                          (pFirmwareImage[i+3] << 24) +
+                          (pFirmwareImage[i+2] << 16) +
+                          (pFirmwareImage[i+1] << 8);
+
+               RTMP_IO_WRITE32(pAd, FIRMWARE_IMAGE_BASE + i, firm);
+       } /* End of for */
+
+       RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0x00000);
+       RTMP_IO_WRITE32(pAd, PBF_SYS_CTRL, 0x00001);
+
+       /* initialize BBP R/W access agent */
+       RTMP_IO_WRITE32(pAd, H2M_BBP_AGENT, 0);
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CSR, 0);
+
+       if (flg_default_firm_use == FALSE)
+       {
+               /* use file firmware, free allocated buffer */
+               if (pFirmwareImage != NULL)
+                       kfree(pFirmwareImage);
+               /* End of if */
+       } /* End of if */
+
+       RtmpOSFSInfoChange(&osFSInfo, FALSE);
+#else
+
+       NDIS_STATUS             Status = NDIS_STATUS_SUCCESS;
+       PUCHAR                  pFirmwareImage;
+       ULONG                   FileLength, Index;
+       //ULONG                 firm;
+       UINT32                  MacReg = 0;
+       UINT32                  Version = (pAd->MACVersion >> 16);
+
+       pFirmwareImage = FirmwareImage;
+       FileLength = sizeof(FirmwareImage);
+
+       // New 8k byte firmware size for RT3071/RT3072
+       //DBGPRINT(RT_DEBUG_TRACE, ("Usb Chip\n"));
+       if (FIRMWAREIMAGE_LENGTH == FIRMWAREIMAGE_MAX_LENGTH)
+       //The firmware image consists of two parts. One is the origianl and the other is the new.
+       //Use Second Part
+       {
+#ifdef RTMP_MAC_PCI
+               if ((Version == 0x2860) || IS_RT3090(pAd)||IS_RT3390(pAd))
+               {
+                       pFirmwareImage = FirmwareImage;
+                       FileLength = FIRMWAREIMAGE_LENGTH;
+               }
+#endif // RTMP_MAC_PCI //
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("KH: bin file should be 8KB.\n"));
+               Status = NDIS_STATUS_FAILURE;
+       }
+
+
+       RTMP_WRITE_FIRMWARE(pAd, pFirmwareImage, FileLength);
+
+#endif
+
+       /* check if MCU is ready */
+       Index = 0;
+       do
+       {
+               RTMP_IO_READ32(pAd, PBF_SYS_CTRL, &MacReg);
+
+               if (MacReg & 0x80)
+                       break;
+
+               RTMPusecDelay(1000);
+       } while (Index++ < 1000);
+
+    if (Index >= 1000)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("NICLoadFirmware: MCU is not ready\n\n\n"));
+               Status = NDIS_STATUS_FAILURE;
+       }
+
+    DBGPRINT(RT_DEBUG_TRACE, ("<=== %s (status=%d)\n", __FUNCTION__, Status));
+
+    return Status;
+}
+
+
+INT RtmpAsicSendCommandToMcu(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 Command,
+       IN UCHAR                 Token,
+       IN UCHAR                 Arg0,
+       IN UCHAR                 Arg1)
+{
+       HOST_CMD_CSR_STRUC      H2MCmd;
+       H2M_MAILBOX_STRUC       H2MMailbox;
+       ULONG                           i = 0;
+#ifdef RTMP_MAC_PCI
+#ifdef RALINK_ATE
+       static UINT32 j = 0;
+#endif // RALINK_ATE //
+#endif // RTMP_MAC_PCI //
+#ifdef PCIE_PS_SUPPORT
+#ifdef CONFIG_STA_SUPPORT
+       // 3090F power solution 3 has hw limitation that needs to ban all mcu command
+       // when firmware is in radio state.  For other chip doesn't have this limitation.
+       if (((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)) && IS_VERSION_AFTER_F(pAd)
+               && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+               && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE))
+       {
+               RTMP_SEM_LOCK(&pAd->McuCmdLock);
+               if ((pAd->brt30xxBanMcuCmd == TRUE)
+                       && (Command != WAKE_MCU_CMD) && (Command != RFOFF_MCU_CMD))
+               {
+                       RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+                       DBGPRINT(RT_DEBUG_TRACE, (" Ban Mcu Cmd %x in sleep mode\n",  Command));
+                       return FALSE;
+               }
+               else if ((Command == SLEEP_MCU_CMD)
+                       ||(Command == RFOFF_MCU_CMD))
+               {
+                       pAd->brt30xxBanMcuCmd = TRUE;
+               }
+               else if (Command != WAKE_MCU_CMD)
+               {
+                       pAd->brt30xxBanMcuCmd = FALSE;
+               }
+
+               RTMP_SEM_UNLOCK(&pAd->McuCmdLock);
+
+       }
+       if (((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)) && IS_VERSION_AFTER_F(pAd)
+               && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+               && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               && (Command == WAKE_MCU_CMD))
+       {
+
+               do
+               {
+                       RTMP_IO_FORCE_READ32(pAd, H2M_MAILBOX_CSR, &H2MMailbox.word);
+                       if (H2MMailbox.field.Owner == 0)
+                               break;
+
+                       RTMPusecDelay(2);
+                       DBGPRINT(RT_DEBUG_INFO, ("AsicSendCommanToMcu::Mail box is busy\n"));
+               } while(i++ < 100);
+
+               if (i >= 100)
+               {
+                       DBGPRINT_ERR(("H2M_MAILBOX still hold by MCU. command fail\n"));
+                       return FALSE;
+               }
+
+               H2MMailbox.field.Owner    = 1;     // pass ownership to MCU
+               H2MMailbox.field.CmdToken = Token;
+               H2MMailbox.field.HighByte = Arg1;
+               H2MMailbox.field.LowByte  = Arg0;
+               RTMP_IO_FORCE_WRITE32(pAd, H2M_MAILBOX_CSR, H2MMailbox.word);
+
+               H2MCmd.word                       = 0;
+               H2MCmd.field.HostCommand  = Command;
+               RTMP_IO_FORCE_WRITE32(pAd, HOST_CMD_CSR, H2MCmd.word);
+
+
+       }
+       else
+#endif // CONFIG_STA_SUPPORT //
+#endif // PCIE_PS_SUPPORT //
+       {
+       do
+       {
+               RTMP_IO_READ32(pAd, H2M_MAILBOX_CSR, &H2MMailbox.word);
+               if (H2MMailbox.field.Owner == 0)
+                       break;
+
+               RTMPusecDelay(2);
+       } while(i++ < 100);
+
+       if (i >= 100)
+       {
+#ifdef RTMP_MAC_PCI
+#ifdef RALINK_ATE
+               if (pAd->ate.bFWLoading == TRUE)
+               {
+                       /* reloading firmware when received iwpriv cmd "ATE=ATESTOP" */
+                       if (j > 0)
+                       {
+                               if (j % 64 != 0)
+                               {
+                                       ATEDBGPRINT(RT_DEBUG_ERROR, ("#"));
+                               }
+                               else
+                               {
+                                       ATEDBGPRINT(RT_DEBUG_ERROR, ("\n"));
+                               }
+                               ++j;
+                       }
+                       else if (j == 0)
+                       {
+                               ATEDBGPRINT(RT_DEBUG_ERROR, ("Loading firmware. Please wait for a moment...\n"));
+                               ++j;
+                       }
+               }
+               else
+#endif // RALINK_ATE //
+#endif // RTMP_MAC_PCI //
+               {
+               DBGPRINT_ERR(("H2M_MAILBOX still hold by MCU. command fail\n"));
+               }
+               return FALSE;
+       }
+
+#ifdef RTMP_MAC_PCI
+#ifdef RALINK_ATE
+       else if (pAd->ate.bFWLoading == TRUE)
+       {
+               /* reloading of firmware is completed */
+               pAd->ate.bFWLoading = FALSE;
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("\n"));
+               j = 0;
+       }
+#endif // RALINK_ATE //
+#endif // RTMP_MAC_PCI //
+
+       H2MMailbox.field.Owner    = 1;     // pass ownership to MCU
+       H2MMailbox.field.CmdToken = Token;
+       H2MMailbox.field.HighByte = Arg1;
+       H2MMailbox.field.LowByte  = Arg0;
+       RTMP_IO_WRITE32(pAd, H2M_MAILBOX_CSR, H2MMailbox.word);
+
+       H2MCmd.word                       = 0;
+       H2MCmd.field.HostCommand  = Command;
+       RTMP_IO_WRITE32(pAd, HOST_CMD_CSR, H2MCmd.word);
+
+       if (Command != 0x80)
+       {
+       }
+}
+#ifdef PCIE_PS_SUPPORT
+#ifdef CONFIG_STA_SUPPORT
+       // 3090 MCU Wakeup command needs more time to be stable.
+       // Before stable, don't issue other MCU command to prevent from firmware error.
+       if (((IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)) && IS_VERSION_AFTER_F(pAd)) && IS_VERSION_AFTER_F(pAd)
+               && (pAd->StaCfg.PSControl.field.rt30xxPowerMode == 3)
+               && (pAd->StaCfg.PSControl.field.EnableNewPS == TRUE)
+               && (Command == WAKE_MCU_CMD))
+       {
+               RTMPusecDelay(2000);
+               //Put this is after RF programming.
+               //NdisAcquireSpinLock(&pAd->McuCmdLock);
+               //pAd->brt30xxBanMcuCmd = FALSE;
+               //NdisReleaseSpinLock(&pAd->McuCmdLock);
+       }
+#endif // CONFIG_STA_SUPPORT //
+#endif // PCIE_PS_SUPPORT //
+
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/common/rtmp_timer.c b/drivers/staging/rt3090/common/rtmp_timer.c
new file mode 100644 (file)
index 0000000..5253e87
--- /dev/null
@@ -0,0 +1,327 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rtmp_timer.c
+
+    Abstract:
+    task for timer handling
+
+    Revision History:
+    Who         When            What
+    --------    ----------      ----------------------------------------------
+    Name          Date            Modification logs
+    Shiang Tu  08-28-2008   init version
+
+*/
+
+#include "../rt_config.h"
+
+
+BUILD_TIMER_FUNCTION(MlmePeriodicExec);
+//BUILD_TIMER_FUNCTION(MlmeRssiReportExec);
+BUILD_TIMER_FUNCTION(AsicRxAntEvalTimeout);
+BUILD_TIMER_FUNCTION(APSDPeriodicExec);
+BUILD_TIMER_FUNCTION(AsicRfTuningExec);
+
+
+#ifdef CONFIG_STA_SUPPORT
+BUILD_TIMER_FUNCTION(BeaconTimeout);
+BUILD_TIMER_FUNCTION(ScanTimeout);
+BUILD_TIMER_FUNCTION(AuthTimeout);
+BUILD_TIMER_FUNCTION(AssocTimeout);
+BUILD_TIMER_FUNCTION(ReassocTimeout);
+BUILD_TIMER_FUNCTION(DisassocTimeout);
+BUILD_TIMER_FUNCTION(LinkDownExec);
+BUILD_TIMER_FUNCTION(StaQuickResponeForRateUpExec);
+BUILD_TIMER_FUNCTION(WpaDisassocApAndBlockAssoc);
+#ifdef RTMP_MAC_PCI
+BUILD_TIMER_FUNCTION(PsPollWakeExec);
+BUILD_TIMER_FUNCTION(RadioOnExec);
+#endif // RTMP_MAC_PCI //
+#ifdef QOS_DLS_SUPPORT
+BUILD_TIMER_FUNCTION(DlsTimeoutAction);
+#endif // QOS_DLS_SUPPORT //
+
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+#if defined(AP_LED) || defined(STA_LED)
+extern void LedCtrlMain(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+BUILD_TIMER_FUNCTION(LedCtrlMain);
+#endif
+
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+static void RtmpTimerQHandle(RTMP_ADAPTER *pAd)
+{
+#ifndef KTHREAD_SUPPORT
+       int status;
+#endif
+       RALINK_TIMER_STRUCT     *pTimer;
+       RTMP_TIMER_TASK_ENTRY   *pEntry;
+       unsigned long   irqFlag;
+       RTMP_OS_TASK *pTask;
+
+
+       pTask = &pAd->timerTask;
+       while(!pTask->task_killed)
+       {
+               pTimer = NULL;
+
+#ifdef KTHREAD_SUPPORT
+               RTMP_WAIT_EVENT_INTERRUPTIBLE(pAd, pTask);
+#else
+               RTMP_SEM_EVENT_WAIT(&(pTask->taskSema), status);
+#endif
+
+               if (pAd->TimerQ.status == RTMP_TASK_STAT_STOPED)
+                       break;
+
+               // event happened.
+               while(pAd->TimerQ.pQHead)
+               {
+                       RTMP_INT_LOCK(&pAd->TimerQLock, irqFlag);
+                       pEntry = pAd->TimerQ.pQHead;
+                       if (pEntry)
+                       {
+                               pTimer = pEntry->pRaTimer;
+
+                               // update pQHead
+                               pAd->TimerQ.pQHead = pEntry->pNext;
+                               if (pEntry == pAd->TimerQ.pQTail)
+                                       pAd->TimerQ.pQTail = NULL;
+
+                               // return this queue entry to timerQFreeList.
+                               pEntry->pNext = pAd->TimerQ.pQPollFreeList;
+                               pAd->TimerQ.pQPollFreeList = pEntry;
+                       }
+                       RTMP_INT_UNLOCK(&pAd->TimerQLock, irqFlag);
+
+                       if (pTimer)
+                       {
+                               if ((pTimer->handle != NULL) && (!pAd->PM_FlgSuspend))
+                                       pTimer->handle(NULL, (PVOID) pTimer->cookie, NULL, pTimer);
+                               if ((pTimer->Repeat) && (pTimer->State == FALSE))
+                                       RTMP_OS_Add_Timer(&pTimer->TimerObj, pTimer->TimerValue);
+                       }
+               }
+
+#ifndef KTHREAD_SUPPORT
+               if (status != 0)
+               {
+                       pAd->TimerQ.status = RTMP_TASK_STAT_STOPED;
+                       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS);
+                       break;
+               }
+#endif
+       }
+}
+
+
+INT RtmpTimerQThread(
+       IN OUT PVOID Context)
+{
+       RTMP_OS_TASK    *pTask;
+       PRTMP_ADAPTER   pAd;
+
+
+       pTask = (RTMP_OS_TASK *)Context;
+       pAd = (PRTMP_ADAPTER)pTask->priv;
+
+       RtmpOSTaskCustomize(pTask);
+
+       RtmpTimerQHandle(pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE,( "<---%s\n",__FUNCTION__));
+#ifndef KTHREAD_SUPPORT
+       pTask->taskPID = THREAD_PID_INIT_VALUE;
+#endif
+       /* notify the exit routine that we're actually exiting now
+        *
+        * complete()/wait_for_completion() is similar to up()/down(),
+        * except that complete() is safe in the case where the structure
+        * is getting deleted in a parallel mode of execution (i.e. just
+        * after the down() -- that's necessary for the thread-shutdown
+        * case.
+        *
+        * complete_and_exit() goes even further than this -- it is safe in
+        * the case that the thread of the caller is going away (not just
+        * the structure) -- this is necessary for the module-remove case.
+        * This is important in preemption kernels, which transfer the flow
+        * of execution immediately upon a complete().
+        */
+       RtmpOSTaskNotifyToExit(pTask);
+
+       return 0;
+
+}
+
+
+RTMP_TIMER_TASK_ENTRY *RtmpTimerQInsert(
+       IN RTMP_ADAPTER *pAd,
+       IN RALINK_TIMER_STRUCT *pTimer)
+{
+       RTMP_TIMER_TASK_ENTRY *pQNode = NULL, *pQTail;
+       unsigned long irqFlags;
+       RTMP_OS_TASK    *pTask = &pAd->timerTask;
+
+       RTMP_INT_LOCK(&pAd->TimerQLock, irqFlags);
+       if (pAd->TimerQ.status & RTMP_TASK_CAN_DO_INSERT)
+       {
+               if(pAd->TimerQ.pQPollFreeList)
+               {
+                       pQNode = pAd->TimerQ.pQPollFreeList;
+                       pAd->TimerQ.pQPollFreeList = pQNode->pNext;
+
+                       pQNode->pRaTimer = pTimer;
+                       pQNode->pNext = NULL;
+
+                       pQTail = pAd->TimerQ.pQTail;
+                       if (pAd->TimerQ.pQTail != NULL)
+                               pQTail->pNext = pQNode;
+                       pAd->TimerQ.pQTail = pQNode;
+                       if (pAd->TimerQ.pQHead == NULL)
+                               pAd->TimerQ.pQHead = pQNode;
+               }
+       }
+       RTMP_INT_UNLOCK(&pAd->TimerQLock, irqFlags);
+
+       if (pQNode)
+       {
+#ifdef KTHREAD_SUPPORT
+               WAKE_UP(pTask);
+#else
+               RTMP_SEM_EVENT_UP(&pTask->taskSema);
+#endif
+       }
+
+       return pQNode;
+}
+
+
+BOOLEAN RtmpTimerQRemove(
+       IN RTMP_ADAPTER *pAd,
+       IN RALINK_TIMER_STRUCT *pTimer)
+{
+       RTMP_TIMER_TASK_ENTRY *pNode, *pPrev = NULL;
+       unsigned long irqFlags;
+
+       RTMP_INT_LOCK(&pAd->TimerQLock, irqFlags);
+       if (pAd->TimerQ.status >= RTMP_TASK_STAT_INITED)
+       {
+               pNode = pAd->TimerQ.pQHead;
+               while (pNode)
+               {
+                       if (pNode->pRaTimer == pTimer)
+                               break;
+                       pPrev = pNode;
+                       pNode = pNode->pNext;
+               }
+
+               // Now move it to freeList queue.
+               if (pNode)
+               {
+                       if (pNode == pAd->TimerQ.pQHead)
+                               pAd->TimerQ.pQHead = pNode->pNext;
+                       if (pNode == pAd->TimerQ.pQTail)
+                               pAd->TimerQ.pQTail = pPrev;
+                       if (pPrev != NULL)
+                               pPrev->pNext = pNode->pNext;
+
+                       // return this queue entry to timerQFreeList.
+                       pNode->pNext = pAd->TimerQ.pQPollFreeList;
+                       pAd->TimerQ.pQPollFreeList = pNode;
+               }
+       }
+       RTMP_INT_UNLOCK(&pAd->TimerQLock, irqFlags);
+
+       return TRUE;
+}
+
+
+void RtmpTimerQExit(RTMP_ADAPTER *pAd)
+{
+       RTMP_TIMER_TASK_ENTRY *pTimerQ;
+       unsigned long irqFlags;
+
+       RTMP_INT_LOCK(&pAd->TimerQLock, irqFlags);
+       while (pAd->TimerQ.pQHead)
+       {
+               pTimerQ = pAd->TimerQ.pQHead;
+               pAd->TimerQ.pQHead = pTimerQ->pNext;
+               // remove the timeQ
+       }
+       pAd->TimerQ.pQPollFreeList = NULL;
+       os_free_mem(pAd, pAd->TimerQ.pTimerQPoll);
+       pAd->TimerQ.pQTail = NULL;
+       pAd->TimerQ.pQHead = NULL;
+#ifndef KTHREAD_SUPPORT
+       pAd->TimerQ.status = RTMP_TASK_STAT_STOPED;
+#endif
+       RTMP_INT_UNLOCK(&pAd->TimerQLock, irqFlags);
+
+}
+
+
+void RtmpTimerQInit(RTMP_ADAPTER *pAd)
+{
+       int     i;
+       RTMP_TIMER_TASK_ENTRY *pQNode, *pEntry;
+       unsigned long irqFlags;
+
+       NdisAllocateSpinLock(&pAd->TimerQLock);
+
+       NdisZeroMemory(&pAd->TimerQ, sizeof(pAd->TimerQ));
+
+       os_alloc_mem(pAd, &pAd->TimerQ.pTimerQPoll, sizeof(RTMP_TIMER_TASK_ENTRY) * TIMER_QUEUE_SIZE_MAX);
+       if (pAd->TimerQ.pTimerQPoll)
+       {
+               pEntry = NULL;
+               pQNode = (RTMP_TIMER_TASK_ENTRY *)pAd->TimerQ.pTimerQPoll;
+               NdisZeroMemory(pAd->TimerQ.pTimerQPoll, sizeof(RTMP_TIMER_TASK_ENTRY) * TIMER_QUEUE_SIZE_MAX);
+
+               RTMP_INT_LOCK(&pAd->TimerQLock, irqFlags);
+               for (i = 0 ;i <TIMER_QUEUE_SIZE_MAX; i++)
+               {
+                       pQNode->pNext = pEntry;
+                       pEntry = pQNode;
+                       pQNode++;
+               }
+               pAd->TimerQ.pQPollFreeList = pEntry;
+               pAd->TimerQ.pQHead = NULL;
+               pAd->TimerQ.pQTail = NULL;
+               pAd->TimerQ.status = RTMP_TASK_STAT_INITED;
+               RTMP_INT_UNLOCK(&pAd->TimerQLock, irqFlags);
+       }
+}
+#endif // RTMP_TIMER_TASK_SUPPORT //
diff --git a/drivers/staging/rt3090/common/spectrum.c b/drivers/staging/rt3090/common/spectrum.c
new file mode 100644 (file)
index 0000000..12d2125
--- /dev/null
@@ -0,0 +1,2221 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       action.c
+
+    Abstract:
+    Handle association related requests either from WSTA or from local MLME
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+       Fonchi Wu    2008                  created for 802.11h
+ */
+
+#include "../rt_config.h"
+#include "../action.h"
+
+
+/* The regulatory information in the USA (US) */
+DOT11_REGULATORY_INFORMATION USARegulatoryInfo[] =
+{
+/*  "regulatory class"  "number of channels"  "Max Tx Pwr"  "channel list" */
+    {0,                        {0,                   0,           {0}}}, // Invlid entry
+    {1,                 {4,                   16,           {36, 40, 44, 48}}},
+    {2,                 {4,                   23,           {52, 56, 60, 64}}},
+    {3,                 {4,                   29,           {149, 153, 157, 161}}},
+    {4,                 {11,                  23,           {100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}}},
+    {5,                 {5,                   30,           {149, 153, 157, 161, 165}}},
+    {6,                 {10,                  14,           {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}}},
+    {7,                 {10,                  27,           {1, 2, 3, 4, 5, 6, 7, 8, 9, 10}}},
+    {8,                 {5,                   17,           {11, 13, 15, 17, 19}}},
+    {9,                 {5,                   30,           {11, 13, 15, 17, 19}}},
+    {10,                {2,                   20,           {21, 25}}},
+    {11,                {2,                   33,            {21, 25}}},
+    {12,                {11,                  30,            {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11}}}
+};
+#define USA_REGULATORY_INFO_SIZE (sizeof(USARegulatoryInfo) / sizeof(DOT11_REGULATORY_INFORMATION))
+
+
+/* The regulatory information in Europe */
+DOT11_REGULATORY_INFORMATION EuropeRegulatoryInfo[] =
+{
+/*  "regulatory class"  "number of channels"  "Max Tx Pwr"  "channel list" */
+    {0,                 {0,                   0,           {0}}}, // Invalid entry
+    {1,                 {4,                   20,           {36, 40, 44, 48}}},
+    {2,                 {4,                   20,           {52, 56, 60, 64}}},
+    {3,                 {11,                  30,           {100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140}}},
+    {4,                 {13,                  20,           {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}}}
+};
+#define EU_REGULATORY_INFO_SIZE (sizeof(EuropeRegulatoryInfo) / sizeof(DOT11_REGULATORY_INFORMATION))
+
+
+/* The regulatory information in Japan */
+DOT11_REGULATORY_INFORMATION JapanRegulatoryInfo[] =
+{
+/*  "regulatory class"  "number of channels"  "Max Tx Pwr"  "channel list" */
+    {0,                 {0,                   0,           {0}}}, // Invalid entry
+    {1,                 {4,                   22,           {34, 38, 42, 46}}},
+    {2,                 {3,                   24,           {8, 12, 16}}},
+    {3,                 {3,                   24,           {8, 12, 16}}},
+    {4,                 {3,                   24,           {8, 12, 16}}},
+    {5,                 {3,                   24,           {8, 12, 16}}},
+    {6,                 {3,                   22,           {8, 12, 16}}},
+    {7,                 {4,                   24,           {184, 188, 192, 196}}},
+    {8,                 {4,                   24,           {184, 188, 192, 196}}},
+    {9,                 {4,                   24,           {184, 188, 192, 196}}},
+    {10,                {4,                   24,           {184, 188, 192, 196}}},
+    {11,                {4,                   22,           {184, 188, 192, 196}}},
+    {12,                {4,                   24,           {7, 8, 9, 11}}},
+    {13,                {4,                   24,           {7, 8, 9, 11}}},
+    {14,                {4,                   24,           {7, 8, 9, 11}}},
+    {15,                {4,                   24,           {7, 8, 9, 11}}},
+    {16,                {6,                   24,           {183, 184, 185, 187, 188, 189}}},
+    {17,                {6,                   24,           {183, 184, 185, 187, 188, 189}}},
+    {18,                {6,                   24,           {183, 184, 185, 187, 188, 189}}},
+    {19,                {6,                   24,           {183, 184, 185, 187, 188, 189}}},
+    {20,                {6,                   17,           {183, 184, 185, 187, 188, 189}}},
+    {21,                {6,                   24,           {6, 7, 8, 9, 10, 11}}},
+    {22,                {6,                   24,           {6, 7, 8, 9, 10, 11}}},
+    {23,                {6,                   24,           {6, 7, 8, 9, 10, 11}}},
+    {24,                {6,                   24,           {6, 7, 8, 9, 10, 11}}},
+    {25,                {8,                   24,           {182, 183, 184, 185, 186, 187, 188, 189}}},
+    {26,                {8,                   24,           {182, 183, 184, 185, 186, 187, 188, 189}}},
+    {27,                {8,                   24,           {182, 183, 184, 185, 186, 187, 188, 189}}},
+    {28,                {8,                   24,           {182, 183, 184, 185, 186, 187, 188, 189}}},
+    {29,                {8,                   17,           {182, 183, 184, 185, 186, 187, 188, 189}}},
+    {30,                {13,                  23,           {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13}}},
+    {31,                {1,                   23,           {14}}},
+    {32,                {4,                   22,           {52, 56, 60, 64}}}
+};
+#define JP_REGULATORY_INFO_SIZE (sizeof(JapanRegulatoryInfo) / sizeof(DOT11_REGULATORY_INFORMATION))
+
+
+CHAR RTMP_GetTxPwr(
+       IN PRTMP_ADAPTER pAd,
+       IN HTTRANSMIT_SETTING HTTxMode)
+{
+typedef struct __TX_PWR_CFG
+{
+       UINT8 Mode;
+       UINT8 MCS;
+       UINT16 req;
+       UINT8 shift;
+       UINT32 BitMask;
+} TX_PWR_CFG;
+
+       UINT32 Value;
+       INT Idx;
+       UINT8 PhyMode;
+       CHAR CurTxPwr;
+       UINT8 TxPwrRef = 0;
+       CHAR DaltaPwr;
+       ULONG TxPwr[5];
+
+
+       TX_PWR_CFG TxPwrCfg[] = {
+               {MODE_CCK, 0, 0, 4, 0x000000f0},
+               {MODE_CCK, 1, 0, 0, 0x0000000f},
+               {MODE_CCK, 2, 0, 12, 0x0000f000},
+               {MODE_CCK, 3, 0, 8, 0x00000f00},
+
+               {MODE_OFDM, 0, 0, 20, 0x00f00000},
+               {MODE_OFDM, 1, 0, 16, 0x000f0000},
+               {MODE_OFDM, 2, 0, 28, 0xf0000000},
+               {MODE_OFDM, 3, 0, 24, 0x0f000000},
+               {MODE_OFDM, 4, 1, 4, 0x000000f0},
+               {MODE_OFDM, 5, 1, 0, 0x0000000f},
+               {MODE_OFDM, 6, 1, 12, 0x0000f000},
+               {MODE_OFDM, 7, 1, 8, 0x00000f00}
+#ifdef DOT11_N_SUPPORT
+               ,{MODE_HTMIX, 0, 1, 20, 0x00f00000},
+               {MODE_HTMIX, 1, 1, 16, 0x000f0000},
+               {MODE_HTMIX, 2, 1, 28, 0xf0000000},
+               {MODE_HTMIX, 3, 1, 24, 0x0f000000},
+               {MODE_HTMIX, 4, 2, 4, 0x000000f0},
+               {MODE_HTMIX, 5, 2, 0, 0x0000000f},
+               {MODE_HTMIX, 6, 2, 12, 0x0000f000},
+               {MODE_HTMIX, 7, 2, 8, 0x00000f00},
+               {MODE_HTMIX, 8, 2, 20, 0x00f00000},
+               {MODE_HTMIX, 9, 2, 16, 0x000f0000},
+               {MODE_HTMIX, 10, 2, 28, 0xf0000000},
+               {MODE_HTMIX, 11, 2, 24, 0x0f000000},
+               {MODE_HTMIX, 12, 3, 4, 0x000000f0},
+               {MODE_HTMIX, 13, 3, 0, 0x0000000f},
+               {MODE_HTMIX, 14, 3, 12, 0x0000f000},
+               {MODE_HTMIX, 15, 3, 8, 0x00000f00}
+#endif // DOT11_N_SUPPORT //
+       };
+#define MAX_TXPWR_TAB_SIZE (sizeof(TxPwrCfg) / sizeof(TX_PWR_CFG))
+
+#ifdef SINGLE_SKU
+       CurTxPwr = pAd->CommonCfg.DefineMaxTxPwr;
+#else
+       CurTxPwr = 19;
+#endif
+
+       /* check Tx Power setting from UI. */
+       if (pAd->CommonCfg.TxPowerPercentage > 90)
+               ;
+       else if (pAd->CommonCfg.TxPowerPercentage > 60)  /* reduce Pwr for 1 dB. */
+               CurTxPwr -= 1;
+       else if (pAd->CommonCfg.TxPowerPercentage > 30)  /* reduce Pwr for 3 dB. */
+               CurTxPwr -= 3;
+       else if (pAd->CommonCfg.TxPowerPercentage > 15)  /* reduce Pwr for 6 dB. */
+               CurTxPwr -= 6;
+       else if (pAd->CommonCfg.TxPowerPercentage > 9)   /* reduce Pwr for 9 dB. */
+               CurTxPwr -= 9;
+       else                                           /* reduce Pwr for 12 dB. */
+               CurTxPwr -= 12;
+
+       if (pAd->CommonCfg.BBPCurrentBW == BW_40)
+       {
+               if (pAd->CommonCfg.CentralChannel > 14)
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgGBand[4];
+               }
+       }
+       else
+       {
+               if (pAd->CommonCfg.Channel > 14)
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgGBand[4];
+               }
+       }
+
+
+       switch(HTTxMode.field.MODE)
+       {
+               case MODE_CCK:
+               case MODE_OFDM:
+                       Value = TxPwr[1];
+                       TxPwrRef = (Value & 0x00000f00) >> 8;
+
+                       break;
+
+#ifdef DOT11_N_SUPPORT
+               case MODE_HTMIX:
+               case MODE_HTGREENFIELD:
+                       if (pAd->CommonCfg.TxStream == 1)
+                       {
+                               Value = TxPwr[2];
+                               TxPwrRef = (Value & 0x00000f00) >> 8;
+                       }
+                       else if (pAd->CommonCfg.TxStream == 2)
+                       {
+                               Value = TxPwr[3];
+                               TxPwrRef = (Value & 0x00000f00) >> 8;
+                       }
+                       break;
+#endif // DOT11_N_SUPPORT //
+       }
+
+       PhyMode =
+#ifdef DOT11_N_SUPPORT
+                               (HTTxMode.field.MODE == MODE_HTGREENFIELD)
+                               ? MODE_HTMIX :
+#endif // DOT11_N_SUPPORT //
+                               HTTxMode.field.MODE;
+
+       for (Idx = 0; Idx < MAX_TXPWR_TAB_SIZE; Idx++)
+       {
+               if ((TxPwrCfg[Idx].Mode == PhyMode)
+                       && (TxPwrCfg[Idx].MCS == HTTxMode.field.MCS))
+               {
+                       Value = TxPwr[TxPwrCfg[Idx].req];
+                       DaltaPwr = TxPwrRef - (CHAR)((Value & TxPwrCfg[Idx].BitMask)
+                                                                                       >> TxPwrCfg[Idx].shift);
+                       CurTxPwr -= DaltaPwr;
+                       break;
+               }
+       }
+
+       return CurTxPwr;
+}
+
+
+VOID MeasureReqTabInit(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisAllocateSpinLock(&pAd->CommonCfg.MeasureReqTabLock);
+
+       pAd->CommonCfg.pMeasureReqTab = kmalloc(sizeof(MEASURE_REQ_TAB), GFP_ATOMIC);
+       if (pAd->CommonCfg.pMeasureReqTab)
+               NdisZeroMemory(pAd->CommonCfg.pMeasureReqTab, sizeof(MEASURE_REQ_TAB));
+       else
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Fail to alloc memory for pAd->CommonCfg.pMeasureReqTab.\n", __FUNCTION__));
+
+       return;
+}
+
+VOID MeasureReqTabExit(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisFreeSpinLock(&pAd->CommonCfg.MeasureReqTabLock);
+
+       if (pAd->CommonCfg.pMeasureReqTab)
+               kfree(pAd->CommonCfg.pMeasureReqTab);
+       pAd->CommonCfg.pMeasureReqTab = NULL;
+
+       return;
+}
+
+PMEASURE_REQ_ENTRY MeasureReqLookUp(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       UINT HashIdx;
+       PMEASURE_REQ_TAB pTab = pAd->CommonCfg.pMeasureReqTab;
+       PMEASURE_REQ_ENTRY pEntry = NULL;
+       PMEASURE_REQ_ENTRY pPrevEntry = NULL;
+
+       if (pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pMeasureReqTab doesn't exist.\n", __FUNCTION__));
+               return NULL;
+       }
+
+       RTMP_SEM_LOCK(&pAd->CommonCfg.MeasureReqTabLock);
+
+       HashIdx = MQ_DIALOGTOKEN_HASH_INDEX(DialogToken);
+       pEntry = pTab->Hash[HashIdx];
+
+       while (pEntry)
+       {
+               if (pEntry->DialogToken == DialogToken)
+                       break;
+               else
+               {
+                       pPrevEntry = pEntry;
+                       pEntry = pEntry->pNext;
+               }
+       }
+
+       RTMP_SEM_UNLOCK(&pAd->CommonCfg.MeasureReqTabLock);
+
+       return pEntry;
+}
+
+PMEASURE_REQ_ENTRY MeasureReqInsert(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       INT i;
+       ULONG HashIdx;
+       PMEASURE_REQ_TAB pTab = pAd->CommonCfg.pMeasureReqTab;
+       PMEASURE_REQ_ENTRY pEntry = NULL, pCurrEntry;
+       ULONG Now;
+
+       if(pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pMeasureReqTab doesn't exist.\n", __FUNCTION__));
+               return NULL;
+       }
+
+       pEntry = MeasureReqLookUp(pAd, DialogToken);
+       if (pEntry == NULL)
+       {
+               RTMP_SEM_LOCK(&pAd->CommonCfg.MeasureReqTabLock);
+               for (i = 0; i < MAX_MEASURE_REQ_TAB_SIZE; i++)
+               {
+                       NdisGetSystemUpTime(&Now);
+                       pEntry = &pTab->Content[i];
+
+                       if ((pEntry->Valid == TRUE)
+                               && RTMP_TIME_AFTER((unsigned long)Now, (unsigned long)(pEntry->lastTime + MQ_REQ_AGE_OUT)))
+                       {
+                               PMEASURE_REQ_ENTRY pPrevEntry = NULL;
+                               ULONG HashIdx = MQ_DIALOGTOKEN_HASH_INDEX(pEntry->DialogToken);
+                               PMEASURE_REQ_ENTRY pProbeEntry = pTab->Hash[HashIdx];
+
+                               // update Hash list
+                               do
+                               {
+                                       if (pProbeEntry == pEntry)
+                                       {
+                                               if (pPrevEntry == NULL)
+                                               {
+                                                       pTab->Hash[HashIdx] = pEntry->pNext;
+                                               }
+                                               else
+                                               {
+                                                       pPrevEntry->pNext = pEntry->pNext;
+                                               }
+                                               break;
+                                       }
+
+                                       pPrevEntry = pProbeEntry;
+                                       pProbeEntry = pProbeEntry->pNext;
+                               } while (pProbeEntry);
+
+                               NdisZeroMemory(pEntry, sizeof(MEASURE_REQ_ENTRY));
+                               pTab->Size--;
+
+                               break;
+                       }
+
+                       if (pEntry->Valid == FALSE)
+                               break;
+               }
+
+               if (i < MAX_MEASURE_REQ_TAB_SIZE)
+               {
+                       NdisGetSystemUpTime(&Now);
+                       pEntry->lastTime = Now;
+                       pEntry->Valid = TRUE;
+                       pEntry->DialogToken = DialogToken;
+                       pTab->Size++;
+               }
+               else
+               {
+                       pEntry = NULL;
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: pMeasureReqTab tab full.\n", __FUNCTION__));
+               }
+
+               // add this Neighbor entry into HASH table
+               if (pEntry)
+               {
+                       HashIdx = MQ_DIALOGTOKEN_HASH_INDEX(DialogToken);
+                       if (pTab->Hash[HashIdx] == NULL)
+                       {
+                               pTab->Hash[HashIdx] = pEntry;
+                       }
+                       else
+                       {
+                               pCurrEntry = pTab->Hash[HashIdx];
+                               while (pCurrEntry->pNext != NULL)
+                                       pCurrEntry = pCurrEntry->pNext;
+                               pCurrEntry->pNext = pEntry;
+                       }
+               }
+
+               RTMP_SEM_UNLOCK(&pAd->CommonCfg.MeasureReqTabLock);
+       }
+
+       return pEntry;
+}
+
+VOID MeasureReqDelete(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       PMEASURE_REQ_TAB pTab = pAd->CommonCfg.pMeasureReqTab;
+       PMEASURE_REQ_ENTRY pEntry = NULL;
+
+       if(pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pMeasureReqTab doesn't exist.\n", __FUNCTION__));
+               return;
+       }
+
+       // if empty, return
+       if (pTab->Size == 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("pMeasureReqTab empty.\n"));
+               return;
+       }
+
+       pEntry = MeasureReqLookUp(pAd, DialogToken);
+       if (pEntry != NULL)
+       {
+               PMEASURE_REQ_ENTRY pPrevEntry = NULL;
+               ULONG HashIdx = MQ_DIALOGTOKEN_HASH_INDEX(pEntry->DialogToken);
+               PMEASURE_REQ_ENTRY pProbeEntry = pTab->Hash[HashIdx];
+
+               RTMP_SEM_LOCK(&pAd->CommonCfg.MeasureReqTabLock);
+               // update Hash list
+               do
+               {
+                       if (pProbeEntry == pEntry)
+                       {
+                               if (pPrevEntry == NULL)
+                               {
+                                       pTab->Hash[HashIdx] = pEntry->pNext;
+                               }
+                               else
+                               {
+                                       pPrevEntry->pNext = pEntry->pNext;
+                               }
+                               break;
+                       }
+
+                       pPrevEntry = pProbeEntry;
+                       pProbeEntry = pProbeEntry->pNext;
+               } while (pProbeEntry);
+
+               NdisZeroMemory(pEntry, sizeof(MEASURE_REQ_ENTRY));
+               pTab->Size--;
+
+               RTMP_SEM_UNLOCK(&pAd->CommonCfg.MeasureReqTabLock);
+       }
+
+       return;
+}
+
+VOID TpcReqTabInit(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisAllocateSpinLock(&pAd->CommonCfg.TpcReqTabLock);
+
+       pAd->CommonCfg.pTpcReqTab = kmalloc(sizeof(TPC_REQ_TAB), GFP_ATOMIC);
+       if (pAd->CommonCfg.pTpcReqTab)
+               NdisZeroMemory(pAd->CommonCfg.pTpcReqTab, sizeof(TPC_REQ_TAB));
+       else
+               DBGPRINT(RT_DEBUG_ERROR, ("%s Fail to alloc memory for pAd->CommonCfg.pTpcReqTab.\n", __FUNCTION__));
+
+       return;
+}
+
+VOID TpcReqTabExit(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisFreeSpinLock(&pAd->CommonCfg.TpcReqTabLock);
+
+       if (pAd->CommonCfg.pTpcReqTab)
+               kfree(pAd->CommonCfg.pTpcReqTab);
+       pAd->CommonCfg.pTpcReqTab = NULL;
+
+       return;
+}
+
+static PTPC_REQ_ENTRY TpcReqLookUp(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       UINT HashIdx;
+       PTPC_REQ_TAB pTab = pAd->CommonCfg.pTpcReqTab;
+       PTPC_REQ_ENTRY pEntry = NULL;
+       PTPC_REQ_ENTRY pPrevEntry = NULL;
+
+       if (pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pTpcReqTab doesn't exist.\n", __FUNCTION__));
+               return NULL;
+       }
+
+       RTMP_SEM_LOCK(&pAd->CommonCfg.TpcReqTabLock);
+
+       HashIdx = TPC_DIALOGTOKEN_HASH_INDEX(DialogToken);
+       pEntry = pTab->Hash[HashIdx];
+
+       while (pEntry)
+       {
+               if (pEntry->DialogToken == DialogToken)
+                       break;
+               else
+               {
+                       pPrevEntry = pEntry;
+                       pEntry = pEntry->pNext;
+               }
+       }
+
+       RTMP_SEM_UNLOCK(&pAd->CommonCfg.TpcReqTabLock);
+
+       return pEntry;
+}
+
+
+static PTPC_REQ_ENTRY TpcReqInsert(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       INT i;
+       ULONG HashIdx;
+       PTPC_REQ_TAB pTab = pAd->CommonCfg.pTpcReqTab;
+       PTPC_REQ_ENTRY pEntry = NULL, pCurrEntry;
+       ULONG Now;
+
+       if(pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pTpcReqTab doesn't exist.\n", __FUNCTION__));
+               return NULL;
+       }
+
+       pEntry = TpcReqLookUp(pAd, DialogToken);
+       if (pEntry == NULL)
+       {
+               RTMP_SEM_LOCK(&pAd->CommonCfg.TpcReqTabLock);
+               for (i = 0; i < MAX_TPC_REQ_TAB_SIZE; i++)
+               {
+                       NdisGetSystemUpTime(&Now);
+                       pEntry = &pTab->Content[i];
+
+                       if ((pEntry->Valid == TRUE)
+                               && RTMP_TIME_AFTER((unsigned long)Now, (unsigned long)(pEntry->lastTime + TPC_REQ_AGE_OUT)))
+                       {
+                               PTPC_REQ_ENTRY pPrevEntry = NULL;
+                               ULONG HashIdx = TPC_DIALOGTOKEN_HASH_INDEX(pEntry->DialogToken);
+                               PTPC_REQ_ENTRY pProbeEntry = pTab->Hash[HashIdx];
+
+                               // update Hash list
+                               do
+                               {
+                                       if (pProbeEntry == pEntry)
+                                       {
+                                               if (pPrevEntry == NULL)
+                                               {
+                                                       pTab->Hash[HashIdx] = pEntry->pNext;
+                                               }
+                                               else
+                                               {
+                                                       pPrevEntry->pNext = pEntry->pNext;
+                                               }
+                                               break;
+                                       }
+
+                                       pPrevEntry = pProbeEntry;
+                                       pProbeEntry = pProbeEntry->pNext;
+                               } while (pProbeEntry);
+
+                               NdisZeroMemory(pEntry, sizeof(TPC_REQ_ENTRY));
+                               pTab->Size--;
+
+                               break;
+                       }
+
+                       if (pEntry->Valid == FALSE)
+                               break;
+               }
+
+               if (i < MAX_TPC_REQ_TAB_SIZE)
+               {
+                       NdisGetSystemUpTime(&Now);
+                       pEntry->lastTime = Now;
+                       pEntry->Valid = TRUE;
+                       pEntry->DialogToken = DialogToken;
+                       pTab->Size++;
+               }
+               else
+               {
+                       pEntry = NULL;
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: pTpcReqTab tab full.\n", __FUNCTION__));
+               }
+
+               // add this Neighbor entry into HASH table
+               if (pEntry)
+               {
+                       HashIdx = TPC_DIALOGTOKEN_HASH_INDEX(DialogToken);
+                       if (pTab->Hash[HashIdx] == NULL)
+                       {
+                               pTab->Hash[HashIdx] = pEntry;
+                       }
+                       else
+                       {
+                               pCurrEntry = pTab->Hash[HashIdx];
+                               while (pCurrEntry->pNext != NULL)
+                                       pCurrEntry = pCurrEntry->pNext;
+                               pCurrEntry->pNext = pEntry;
+                       }
+               }
+
+               RTMP_SEM_UNLOCK(&pAd->CommonCfg.TpcReqTabLock);
+       }
+
+       return pEntry;
+}
+
+static VOID TpcReqDelete(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken)
+{
+       PTPC_REQ_TAB pTab = pAd->CommonCfg.pTpcReqTab;
+       PTPC_REQ_ENTRY pEntry = NULL;
+
+       if(pTab == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: pTpcReqTab doesn't exist.\n", __FUNCTION__));
+               return;
+       }
+
+       // if empty, return
+       if (pTab->Size == 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("pTpcReqTab empty.\n"));
+               return;
+       }
+
+       pEntry = TpcReqLookUp(pAd, DialogToken);
+       if (pEntry != NULL)
+       {
+               PTPC_REQ_ENTRY pPrevEntry = NULL;
+               ULONG HashIdx = TPC_DIALOGTOKEN_HASH_INDEX(pEntry->DialogToken);
+               PTPC_REQ_ENTRY pProbeEntry = pTab->Hash[HashIdx];
+
+               RTMP_SEM_LOCK(&pAd->CommonCfg.TpcReqTabLock);
+               // update Hash list
+               do
+               {
+                       if (pProbeEntry == pEntry)
+                       {
+                               if (pPrevEntry == NULL)
+                               {
+                                       pTab->Hash[HashIdx] = pEntry->pNext;
+                               }
+                               else
+                               {
+                                       pPrevEntry->pNext = pEntry->pNext;
+                               }
+                               break;
+                       }
+
+                       pPrevEntry = pProbeEntry;
+                       pProbeEntry = pProbeEntry->pNext;
+               } while (pProbeEntry);
+
+               NdisZeroMemory(pEntry, sizeof(TPC_REQ_ENTRY));
+               pTab->Size--;
+
+               RTMP_SEM_UNLOCK(&pAd->CommonCfg.TpcReqTabLock);
+       }
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Get Current TimeS tamp.
+
+       Parametrs:
+
+       Return  : Current Time Stamp.
+       ==========================================================================
+ */
+static UINT64 GetCurrentTimeStamp(
+       IN PRTMP_ADAPTER pAd)
+{
+       // get current time stamp.
+       return 0;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Get Current Transmit Power.
+
+       Parametrs:
+
+       Return  : Current Time Stamp.
+       ==========================================================================
+ */
+static UINT8 GetCurTxPwr(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT8 Wcid)
+{
+       return 16; /* 16 dBm */
+}
+
+/*
+       ==========================================================================
+       Description:
+               Get Current Transmit Power.
+
+       Parametrs:
+
+       Return  : Current Time Stamp.
+       ==========================================================================
+ */
+VOID InsertChannelRepIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN PSTRING pCountry,
+       IN UINT8 RegulatoryClass)
+{
+       ULONG TempLen;
+       UINT8 Len;
+       UINT8 IEId = IE_AP_CHANNEL_REPORT;
+       PUCHAR pChListPtr = NULL;
+
+       Len = 1;
+       if (strncmp(pCountry, "US", 2) == 0)
+       {
+               if (RegulatoryClass >= USA_REGULATORY_INFO_SIZE)
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: USA Unknow Requlatory class (%d)\n",
+                                               __FUNCTION__, RegulatoryClass));
+                       return;
+               }
+
+               Len += USARegulatoryInfo[RegulatoryClass].ChannelSet.NumberOfChannels;
+               pChListPtr = USARegulatoryInfo[RegulatoryClass].ChannelSet.ChannelList;
+       }
+       else if (strncmp(pCountry, "JP", 2) == 0)
+       {
+               if (RegulatoryClass >= JP_REGULATORY_INFO_SIZE)
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: JP Unknow Requlatory class (%d)\n",
+                                               __FUNCTION__, RegulatoryClass));
+                       return;
+               }
+
+               Len += JapanRegulatoryInfo[RegulatoryClass].ChannelSet.NumberOfChannels;
+               pChListPtr = JapanRegulatoryInfo[RegulatoryClass].ChannelSet.ChannelList;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: Unknow Country (%s)\n",
+                                       __FUNCTION__, pCountry));
+               return;
+       }
+
+       MakeOutgoingFrame(pFrameBuf,    &TempLen,
+                                       1,                              &IEId,
+                                       1,                              &Len,
+                                       1,                              &RegulatoryClass,
+                                       Len -1,                 pChListPtr,
+                                       END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert Dialog Token into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. Dialog token.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID InsertDialogToken(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 DialogToken)
+{
+       ULONG TempLen;
+       MakeOutgoingFrame(pFrameBuf,    &TempLen,
+                                       1,                              &DialogToken,
+                                       END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert TPC Request IE into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+
+       Return  : None.
+       ==========================================================================
+ */
+ static VOID InsertTpcReqIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen)
+{
+       ULONG TempLen;
+       ULONG Len = 0;
+       UINT8 ElementID = IE_TPC_REQUEST;
+
+       MakeOutgoingFrame(pFrameBuf,                                    &TempLen,
+                                               1,                                                      &ElementID,
+                                               1,                                                      &Len,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert TPC Report IE into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. Transmit Power.
+               4. Link Margin.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID InsertTpcReportIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 TxPwr,
+       IN UINT8 LinkMargin)
+{
+       ULONG TempLen;
+       ULONG Len = sizeof(TPC_REPORT_INFO);
+       UINT8 ElementID = IE_TPC_REPORT;
+       TPC_REPORT_INFO TpcReportIE;
+
+       TpcReportIE.TxPwr = TxPwr;
+       TpcReportIE.LinkMargin = LinkMargin;
+
+       MakeOutgoingFrame(pFrameBuf,                                    &TempLen,
+                                               1,                                                      &ElementID,
+                                               1,                                                      &Len,
+                                               Len,                                            &TpcReportIE,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert Channel Switch Announcement IE into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. channel switch announcement mode.
+               4. new selected channel.
+               5. channel switch announcement count.
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID InsertChSwAnnIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 ChSwMode,
+       IN UINT8 NewChannel,
+       IN UINT8 ChSwCnt)
+{
+       ULONG TempLen;
+       ULONG Len = sizeof(CH_SW_ANN_INFO);
+       UINT8 ElementID = IE_CHANNEL_SWITCH_ANNOUNCEMENT;
+       CH_SW_ANN_INFO ChSwAnnIE;
+
+       ChSwAnnIE.ChSwMode = ChSwMode;
+       ChSwAnnIE.Channel = NewChannel;
+       ChSwAnnIE.ChSwCnt = ChSwCnt;
+
+       MakeOutgoingFrame(pFrameBuf,                            &TempLen,
+                                               1,                                              &ElementID,
+                                               1,                                              &Len,
+                                               Len,                                    &ChSwAnnIE,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert Measure Request IE into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. Measure Token.
+               4. Measure Request Mode.
+               5. Measure Request Type.
+               6. Measure Channel.
+               7. Measure Start time.
+               8. Measure Duration.
+
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID InsertMeasureReqIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 Len,
+       IN PMEASURE_REQ_INFO pMeasureReqIE)
+{
+       ULONG TempLen;
+       UINT8 ElementID = IE_MEASUREMENT_REQUEST;
+
+       MakeOutgoingFrame(pFrameBuf,                                    &TempLen,
+                                               1,                                                      &ElementID,
+                                               1,                                                      &Len,
+                                               sizeof(MEASURE_REQ_INFO),       pMeasureReqIE,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Insert Measure Report IE into frame.
+
+       Parametrs:
+               1. frame buffer pointer.
+               2. frame length.
+               3. Measure Token.
+               4. Measure Request Mode.
+               5. Measure Request Type.
+               6. Length of Report Infomation
+               7. Pointer of Report Infomation Buffer.
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID InsertMeasureReportIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN PMEASURE_REPORT_INFO pMeasureReportIE,
+       IN UINT8 ReportLnfoLen,
+       IN PUINT8 pReportInfo)
+{
+       ULONG TempLen;
+       ULONG Len;
+       UINT8 ElementID = IE_MEASUREMENT_REPORT;
+
+       Len = sizeof(MEASURE_REPORT_INFO) + ReportLnfoLen;
+
+       MakeOutgoingFrame(pFrameBuf,                                    &TempLen,
+                                               1,                                                      &ElementID,
+                                               1,                                                      &Len,
+                                               Len,                                            pMeasureReportIE,
+                                               END_OF_ARGS);
+
+       *pFrameLen = *pFrameLen + TempLen;
+
+       if ((ReportLnfoLen > 0) && (pReportInfo != NULL))
+       {
+               MakeOutgoingFrame(pFrameBuf + *pFrameLen,               &TempLen,
+                                                       ReportLnfoLen,                          pReportInfo,
+                                                       END_OF_ARGS);
+
+               *pFrameLen = *pFrameLen + TempLen;
+       }
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Measurement request action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID MakeMeasurementReqFrame(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pOutBuffer,
+       OUT PULONG pFrameLen,
+       IN UINT8 TotalLen,
+       IN UINT8 Category,
+       IN UINT8 Action,
+       IN UINT8 MeasureToken,
+       IN UINT8 MeasureReqMode,
+       IN UINT8 MeasureReqType,
+       IN UINT8 NumOfRepetitions)
+{
+       ULONG TempLen;
+       MEASURE_REQ_INFO MeasureReqIE;
+
+       InsertActField(pAd, (pOutBuffer + *pFrameLen), pFrameLen, Category, Action);
+
+       // fill Dialog Token
+       InsertDialogToken(pAd, (pOutBuffer + *pFrameLen), pFrameLen, MeasureToken);
+
+       /* fill Number of repetitions. */
+       if (Category == CATEGORY_RM)
+       {
+               MakeOutgoingFrame((pOutBuffer+*pFrameLen),      &TempLen,
+                                               2,                                                      &NumOfRepetitions,
+                                               END_OF_ARGS);
+
+               *pFrameLen += TempLen;
+       }
+
+       // prepare Measurement IE.
+       NdisZeroMemory(&MeasureReqIE, sizeof(MEASURE_REQ_INFO));
+       MeasureReqIE.Token = MeasureToken;
+       MeasureReqIE.ReqMode.word = MeasureReqMode;
+       MeasureReqIE.ReqType = MeasureReqType;
+       InsertMeasureReqIE(pAd, (pOutBuffer+*pFrameLen), pFrameLen,
+               TotalLen, &MeasureReqIE);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Measurement report action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueMeasurementRep(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 DialogToken,
+       IN UINT8 MeasureToken,
+       IN UINT8 MeasureReqMode,
+       IN UINT8 MeasureReqType,
+       IN UINT8 ReportInfoLen,
+       IN PUINT8 pReportInfo)
+{
+       PUCHAR pOutBuffer = NULL;
+       NDIS_STATUS NStatus;
+       ULONG FrameLen;
+       HEADER_802_11 ActHdr;
+       MEASURE_REPORT_INFO MeasureRepIE;
+
+       // build action frame header.
+       MgtMacHeaderInit(pAd, &ActHdr, SUBTYPE_ACTION, 0, pDA,
+                                               pAd->CurrentAddress);
+
+       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s() allocate memory failed \n", __FUNCTION__));
+               return;
+       }
+       NdisMoveMemory(pOutBuffer, (PCHAR)&ActHdr, sizeof(HEADER_802_11));
+       FrameLen = sizeof(HEADER_802_11);
+
+       InsertActField(pAd, (pOutBuffer + FrameLen), &FrameLen, CATEGORY_SPECTRUM, SPEC_MRP);
+
+       // fill Dialog Token
+       InsertDialogToken(pAd, (pOutBuffer + FrameLen), &FrameLen, DialogToken);
+
+       // prepare Measurement IE.
+       NdisZeroMemory(&MeasureRepIE, sizeof(MEASURE_REPORT_INFO));
+       MeasureRepIE.Token = MeasureToken;
+       MeasureRepIE.ReportMode = MeasureReqMode;
+       MeasureRepIE.ReportType = MeasureReqType;
+       InsertMeasureReportIE(pAd, (pOutBuffer + FrameLen), &FrameLen, &MeasureRepIE, ReportInfoLen, pReportInfo);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Prepare TPC Request action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueTPCReq(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UCHAR DialogToken)
+{
+       PUCHAR pOutBuffer = NULL;
+       NDIS_STATUS NStatus;
+       ULONG FrameLen;
+
+       HEADER_802_11 ActHdr;
+
+       // build action frame header.
+       MgtMacHeaderInit(pAd, &ActHdr, SUBTYPE_ACTION, 0, pDA,
+                                               pAd->CurrentAddress);
+
+       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s() allocate memory failed \n", __FUNCTION__));
+               return;
+       }
+       NdisMoveMemory(pOutBuffer, (PCHAR)&ActHdr, sizeof(HEADER_802_11));
+       FrameLen = sizeof(HEADER_802_11);
+
+       InsertActField(pAd, (pOutBuffer + FrameLen), &FrameLen, CATEGORY_SPECTRUM, SPEC_TPCRQ);
+
+       // fill Dialog Token
+       InsertDialogToken(pAd, (pOutBuffer + FrameLen), &FrameLen, DialogToken);
+
+       // Insert TPC Request IE.
+       InsertTpcReqIE(pAd, (pOutBuffer + FrameLen), &FrameLen);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Prepare TPC Report action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueTPCRep(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 DialogToken,
+       IN UINT8 TxPwr,
+       IN UINT8 LinkMargin)
+{
+       PUCHAR pOutBuffer = NULL;
+       NDIS_STATUS NStatus;
+       ULONG FrameLen;
+
+       HEADER_802_11 ActHdr;
+
+       // build action frame header.
+       MgtMacHeaderInit(pAd, &ActHdr, SUBTYPE_ACTION, 0, pDA,
+                                               pAd->CurrentAddress);
+
+       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s() allocate memory failed \n", __FUNCTION__));
+               return;
+       }
+       NdisMoveMemory(pOutBuffer, (PCHAR)&ActHdr, sizeof(HEADER_802_11));
+       FrameLen = sizeof(HEADER_802_11);
+
+       InsertActField(pAd, (pOutBuffer + FrameLen), &FrameLen, CATEGORY_SPECTRUM, SPEC_TPCRP);
+
+       // fill Dialog Token
+       InsertDialogToken(pAd, (pOutBuffer + FrameLen), &FrameLen, DialogToken);
+
+       // Insert TPC Request IE.
+       InsertTpcReportIE(pAd, (pOutBuffer + FrameLen), &FrameLen, TxPwr, LinkMargin);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Channel Switch Announcement action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+               2. Channel switch announcement mode.
+               2. a New selected channel.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueChSwAnn(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 ChSwMode,
+       IN UINT8 NewCh)
+{
+       PUCHAR pOutBuffer = NULL;
+       NDIS_STATUS NStatus;
+       ULONG FrameLen;
+
+       HEADER_802_11 ActHdr;
+
+       // build action frame header.
+       MgtMacHeaderInit(pAd, &ActHdr, SUBTYPE_ACTION, 0, pDA,
+                                               pAd->CurrentAddress);
+
+       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s() allocate memory failed \n", __FUNCTION__));
+               return;
+       }
+       NdisMoveMemory(pOutBuffer, (PCHAR)&ActHdr, sizeof(HEADER_802_11));
+       FrameLen = sizeof(HEADER_802_11);
+
+       InsertActField(pAd, (pOutBuffer + FrameLen), &FrameLen, CATEGORY_SPECTRUM, SPEC_CHANNEL_SWITCH);
+
+       InsertChSwAnnIE(pAd, (pOutBuffer + FrameLen), &FrameLen, ChSwMode, NewCh, 0);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       return;
+}
+
+static BOOLEAN DfsRequirementCheck(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT8 Channel)
+{
+       BOOLEAN Result = FALSE;
+       INT i;
+
+       do
+       {
+               // check DFS procedure is running.
+               // make sure DFS procedure won't start twice.
+               if (pAd->CommonCfg.RadarDetect.RDMode != RD_NORMAL_MODE)
+               {
+                       Result = FALSE;
+                       break;
+               }
+
+               // check the new channel carried from Channel Switch Announcemnet is valid.
+               for (i=0; i<pAd->ChannelListNum; i++)
+               {
+                       if ((Channel == pAd->ChannelList[i].Channel)
+                               &&(pAd->ChannelList[i].RemainingTimeForUse == 0))
+                       {
+                               // found radar signal in the channel. the channel can't use at least for 30 minutes.
+                               pAd->ChannelList[i].RemainingTimeForUse = 1800;//30 min = 1800 sec
+                               Result = TRUE;
+                               break;
+                       }
+               }
+       } while(FALSE);
+
+       return Result;
+}
+
+VOID NotifyChSwAnnToPeerAPs(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pRA,
+       IN PUCHAR pTA,
+       IN UINT8 ChSwMode,
+       IN UINT8 Channel)
+{
+#ifdef WDS_SUPPORT
+       if (!((pRA[0] & 0xff) == 0xff)) // is pRA a broadcase address.
+       {
+               INT i;
+               // info neighbor APs that Radar signal found throgh WDS link.
+               for (i = 0; i < MAX_WDS_ENTRY; i++)
+               {
+                       if (ValidWdsEntry(pAd, i))
+                       {
+                               PUCHAR pDA = pAd->WdsTab.WdsEntry[i].PeerWdsAddr;
+
+                               // DA equal to SA. have no necessary orignal AP which found Radar signal.
+                               if (MAC_ADDR_EQUAL(pTA, pDA))
+                                       continue;
+
+                               // send Channel Switch Action frame to info Neighbro APs.
+                               EnqueueChSwAnn(pAd, pDA, ChSwMode, Channel);
+                       }
+               }
+       }
+#endif // WDS_SUPPORT //
+}
+
+static VOID StartDFSProcedure(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR Channel,
+       IN UINT8 ChSwMode)
+{
+       // start DFS procedure
+       pAd->CommonCfg.Channel = Channel;
+#ifdef DOT11_N_SUPPORT
+       N_ChannelCheck(pAd);
+#endif // DOT11_N_SUPPORT //
+       pAd->CommonCfg.RadarDetect.RDMode = RD_SWITCHING_MODE;
+       pAd->CommonCfg.RadarDetect.CSCount = 0;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Channel Switch Announcement action frame sanity check.
+
+       Parametrs:
+               1. MLME message containing the received frame
+               2. message length.
+               3. Channel switch announcement infomation buffer.
+
+
+       Return  : None.
+       ==========================================================================
+ */
+
+/*
+  Channel Switch Announcement IE.
+  +----+-----+-----------+------------+-----------+
+  | ID | Len |Ch Sw Mode | New Ch Num | Ch Sw Cnt |
+  +----+-----+-----------+------------+-----------+
+    1    1        1           1            1
+*/
+static BOOLEAN PeerChSwAnnSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *pMsg,
+       IN ULONG MsgLen,
+       OUT PCH_SW_ANN_INFO pChSwAnnInfo)
+{
+       PFRAME_802_11 Fr = (PFRAME_802_11)pMsg;
+       PUCHAR pFramePtr = Fr->Octet;
+       BOOLEAN result = FALSE;
+       PEID_STRUCT eid_ptr;
+
+       // skip 802.11 header.
+       MsgLen -= sizeof(HEADER_802_11);
+
+       // skip category and action code.
+       pFramePtr += 2;
+       MsgLen -= 2;
+
+       if (pChSwAnnInfo == NULL)
+               return result;
+
+       eid_ptr = (PEID_STRUCT)pFramePtr;
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((PUCHAR)pFramePtr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_CHANNEL_SWITCH_ANNOUNCEMENT:
+                               NdisMoveMemory(&pChSwAnnInfo->ChSwMode, eid_ptr->Octet, 1);
+                               NdisMoveMemory(&pChSwAnnInfo->Channel, eid_ptr->Octet + 1, 1);
+                               NdisMoveMemory(&pChSwAnnInfo->ChSwCnt, eid_ptr->Octet + 2, 1);
+
+                               result = TRUE;
+                break;
+
+                       default:
+                               break;
+               }
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+       return result;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Measurement request action frame sanity check.
+
+       Parametrs:
+               1. MLME message containing the received frame
+               2. message length.
+               3. Measurement request infomation buffer.
+
+       Return  : None.
+       ==========================================================================
+ */
+static BOOLEAN PeerMeasureReqSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *pMsg,
+       IN ULONG MsgLen,
+       OUT PUINT8 pDialogToken,
+       OUT PMEASURE_REQ_INFO pMeasureReqInfo,
+       OUT PMEASURE_REQ pMeasureReq)
+{
+       PFRAME_802_11 Fr = (PFRAME_802_11)pMsg;
+       PUCHAR pFramePtr = Fr->Octet;
+       BOOLEAN result = FALSE;
+       PEID_STRUCT eid_ptr;
+       PUCHAR ptr;
+       UINT64 MeasureStartTime;
+       UINT16 MeasureDuration;
+
+       // skip 802.11 header.
+       MsgLen -= sizeof(HEADER_802_11);
+
+       // skip category and action code.
+       pFramePtr += 2;
+       MsgLen -= 2;
+
+       if (pMeasureReqInfo == NULL)
+               return result;
+
+       NdisMoveMemory(pDialogToken, pFramePtr, 1);
+       pFramePtr += 1;
+       MsgLen -= 1;
+
+       eid_ptr = (PEID_STRUCT)pFramePtr;
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((PUCHAR)pFramePtr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_MEASUREMENT_REQUEST:
+                               NdisMoveMemory(&pMeasureReqInfo->Token, eid_ptr->Octet, 1);
+                               NdisMoveMemory(&pMeasureReqInfo->ReqMode.word, eid_ptr->Octet + 1, 1);
+                               NdisMoveMemory(&pMeasureReqInfo->ReqType, eid_ptr->Octet + 2, 1);
+                               ptr = (PUCHAR)(eid_ptr->Octet + 3);
+                               NdisMoveMemory(&pMeasureReq->ChNum, ptr, 1);
+                               NdisMoveMemory(&MeasureStartTime, ptr + 1, 8);
+                               pMeasureReq->MeasureStartTime = SWAP64(MeasureStartTime);
+                               NdisMoveMemory(&MeasureDuration, ptr + 9, 2);
+                               pMeasureReq->MeasureDuration = SWAP16(MeasureDuration);
+
+                               result = TRUE;
+                               break;
+
+                       default:
+                               break;
+               }
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+       return result;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Measurement report action frame sanity check.
+
+       Parametrs:
+               1. MLME message containing the received frame
+               2. message length.
+               3. Measurement report infomation buffer.
+               4. basic report infomation buffer.
+
+       Return  : None.
+       ==========================================================================
+ */
+
+/*
+  Measurement Report IE.
+  +----+-----+-------+-------------+--------------+----------------+
+  | ID | Len | Token | Report Mode | Measure Type | Measure Report |
+  +----+-----+-------+-------------+--------------+----------------+
+    1     1      1          1             1            variable
+
+  Basic Report.
+  +--------+------------+----------+-----+
+  | Ch Num | Start Time | Duration | Map |
+  +--------+------------+----------+-----+
+      1          8           2        1
+
+  Map Field Bit Format.
+  +-----+---------------+---------------------+-------+------------+----------+
+  | Bss | OFDM Preamble | Unidentified signal | Radar | Unmeasured | Reserved |
+  +-----+---------------+---------------------+-------+------------+----------+
+     0          1                  2              3         4          5-7
+*/
+static BOOLEAN PeerMeasureReportSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *pMsg,
+       IN ULONG MsgLen,
+       OUT PUINT8 pDialogToken,
+       OUT PMEASURE_REPORT_INFO pMeasureReportInfo,
+       OUT PUINT8 pReportBuf)
+{
+       PFRAME_802_11 Fr = (PFRAME_802_11)pMsg;
+       PUCHAR pFramePtr = Fr->Octet;
+       BOOLEAN result = FALSE;
+       PEID_STRUCT eid_ptr;
+       PUCHAR ptr;
+
+       // skip 802.11 header.
+       MsgLen -= sizeof(HEADER_802_11);
+
+       // skip category and action code.
+       pFramePtr += 2;
+       MsgLen -= 2;
+
+       if (pMeasureReportInfo == NULL)
+               return result;
+
+       NdisMoveMemory(pDialogToken, pFramePtr, 1);
+       pFramePtr += 1;
+       MsgLen -= 1;
+
+       eid_ptr = (PEID_STRUCT)pFramePtr;
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((PUCHAR)pFramePtr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_MEASUREMENT_REPORT:
+                               NdisMoveMemory(&pMeasureReportInfo->Token, eid_ptr->Octet, 1);
+                               NdisMoveMemory(&pMeasureReportInfo->ReportMode, eid_ptr->Octet + 1, 1);
+                               NdisMoveMemory(&pMeasureReportInfo->ReportType, eid_ptr->Octet + 2, 1);
+                               if (pMeasureReportInfo->ReportType == RM_BASIC)
+                               {
+                                       PMEASURE_BASIC_REPORT pReport = (PMEASURE_BASIC_REPORT)pReportBuf;
+                                       ptr = (PUCHAR)(eid_ptr->Octet + 3);
+                                       NdisMoveMemory(&pReport->ChNum, ptr, 1);
+                                       NdisMoveMemory(&pReport->MeasureStartTime, ptr + 1, 8);
+                                       NdisMoveMemory(&pReport->MeasureDuration, ptr + 9, 2);
+                                       NdisMoveMemory(&pReport->Map, ptr + 11, 1);
+
+                               }
+                               else if (pMeasureReportInfo->ReportType == RM_CCA)
+                               {
+                                       PMEASURE_CCA_REPORT pReport = (PMEASURE_CCA_REPORT)pReportBuf;
+                                       ptr = (PUCHAR)(eid_ptr->Octet + 3);
+                                       NdisMoveMemory(&pReport->ChNum, ptr, 1);
+                                       NdisMoveMemory(&pReport->MeasureStartTime, ptr + 1, 8);
+                                       NdisMoveMemory(&pReport->MeasureDuration, ptr + 9, 2);
+                                       NdisMoveMemory(&pReport->CCA_Busy_Fraction, ptr + 11, 1);
+
+                               }
+                               else if (pMeasureReportInfo->ReportType == RM_RPI_HISTOGRAM)
+                               {
+                                       PMEASURE_RPI_REPORT pReport = (PMEASURE_RPI_REPORT)pReportBuf;
+                                       ptr = (PUCHAR)(eid_ptr->Octet + 3);
+                                       NdisMoveMemory(&pReport->ChNum, ptr, 1);
+                                       NdisMoveMemory(&pReport->MeasureStartTime, ptr + 1, 8);
+                                       NdisMoveMemory(&pReport->MeasureDuration, ptr + 9, 2);
+                                       NdisMoveMemory(&pReport->RPI_Density, ptr + 11, 8);
+                               }
+                               result = TRUE;
+                break;
+
+                       default:
+                               break;
+               }
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+       return result;
+}
+
+/*
+       ==========================================================================
+       Description:
+               TPC Request action frame sanity check.
+
+       Parametrs:
+               1. MLME message containing the received frame
+               2. message length.
+               3. Dialog Token.
+
+       Return  : None.
+       ==========================================================================
+ */
+static BOOLEAN PeerTpcReqSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *pMsg,
+       IN ULONG MsgLen,
+       OUT PUINT8 pDialogToken)
+{
+       PFRAME_802_11 Fr = (PFRAME_802_11)pMsg;
+       PUCHAR pFramePtr = Fr->Octet;
+       BOOLEAN result = FALSE;
+       PEID_STRUCT eid_ptr;
+
+       MsgLen -= sizeof(HEADER_802_11);
+
+       // skip category and action code.
+       pFramePtr += 2;
+       MsgLen -= 2;
+
+       if (pDialogToken == NULL)
+               return result;
+
+       NdisMoveMemory(pDialogToken, pFramePtr, 1);
+       pFramePtr += 1;
+       MsgLen -= 1;
+
+       eid_ptr = (PEID_STRUCT)pFramePtr;
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((PUCHAR)pFramePtr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_TPC_REQUEST:
+                               result = TRUE;
+                break;
+
+                       default:
+                               break;
+               }
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+       return result;
+}
+
+/*
+       ==========================================================================
+       Description:
+               TPC Report action frame sanity check.
+
+       Parametrs:
+               1. MLME message containing the received frame
+               2. message length.
+               3. Dialog Token.
+               4. TPC Report IE.
+
+       Return  : None.
+       ==========================================================================
+ */
+static BOOLEAN PeerTpcRepSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN VOID *pMsg,
+       IN ULONG MsgLen,
+       OUT PUINT8 pDialogToken,
+       OUT PTPC_REPORT_INFO pTpcRepInfo)
+{
+       PFRAME_802_11 Fr = (PFRAME_802_11)pMsg;
+       PUCHAR pFramePtr = Fr->Octet;
+       BOOLEAN result = FALSE;
+       PEID_STRUCT eid_ptr;
+
+       MsgLen -= sizeof(HEADER_802_11);
+
+       // skip category and action code.
+       pFramePtr += 2;
+       MsgLen -= 2;
+
+       if (pDialogToken == NULL)
+               return result;
+
+       NdisMoveMemory(pDialogToken, pFramePtr, 1);
+       pFramePtr += 1;
+       MsgLen -= 1;
+
+       eid_ptr = (PEID_STRUCT)pFramePtr;
+       while (((UCHAR*)eid_ptr + eid_ptr->Len + 1) < ((PUCHAR)pFramePtr + MsgLen))
+       {
+               switch(eid_ptr->Eid)
+               {
+                       case IE_TPC_REPORT:
+                               NdisMoveMemory(&pTpcRepInfo->TxPwr, eid_ptr->Octet, 1);
+                               NdisMoveMemory(&pTpcRepInfo->LinkMargin, eid_ptr->Octet + 1, 1);
+                               result = TRUE;
+                break;
+
+                       default:
+                               break;
+               }
+               eid_ptr = (PEID_STRUCT)((UCHAR*)eid_ptr + 2 + eid_ptr->Len);
+       }
+
+       return result;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Channel Switch Announcement action frame handler.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID PeerChSwAnnAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       CH_SW_ANN_INFO ChSwAnnInfo;
+       PFRAME_802_11 pFr = (PFRAME_802_11)Elem->Msg;
+#ifdef CONFIG_STA_SUPPORT
+       UCHAR index = 0, Channel = 0, NewChannel = 0;
+       ULONG Bssidx = 0;
+#endif // CONFIG_STA_SUPPORT //
+
+       NdisZeroMemory(&ChSwAnnInfo, sizeof(CH_SW_ANN_INFO));
+       if (! PeerChSwAnnSanity(pAd, Elem->Msg, Elem->MsgLen, &ChSwAnnInfo))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Invalid Channel Switch Action Frame.\n"));
+               return;
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+       {
+               Bssidx = BssTableSearch(&pAd->ScanTab, pFr->Hdr.Addr3, pAd->CommonCfg.Channel);
+               if (Bssidx == BSS_NOT_FOUND)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("PeerChSwAnnAction - Bssidx is not found\n"));
+                       return;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("\n****Bssidx is %d, Channel = %d\n", index, pAd->ScanTab.BssEntry[Bssidx].Channel));
+               hex_dump("SSID",pAd->ScanTab.BssEntry[Bssidx].Bssid ,6);
+
+               Channel = pAd->CommonCfg.Channel;
+               NewChannel = ChSwAnnInfo.Channel;
+
+               if ((pAd->CommonCfg.bIEEE80211H == 1) && (NewChannel != 0) && (Channel != NewChannel))
+               {
+                       // Switching to channel 1 can prevent from rescanning the current channel immediately (by auto reconnection).
+                       // In addition, clear the MLME queue and the scan table to discard the RX packets and previous scanning results.
+                       AsicSwitchChannel(pAd, 1, FALSE);
+                       AsicLockChannel(pAd, 1);
+                   LinkDown(pAd, FALSE);
+                       MlmeQueueInit(&pAd->Mlme.Queue);
+                       BssTableInit(&pAd->ScanTab);
+                   RTMPusecDelay(1000000);             // use delay to prevent STA do reassoc
+
+                       // channel sanity check
+                       for (index = 0 ; index < pAd->ChannelListNum; index++)
+                       {
+                               if (pAd->ChannelList[index].Channel == NewChannel)
+                               {
+                                       pAd->ScanTab.BssEntry[Bssidx].Channel = NewChannel;
+                                       pAd->CommonCfg.Channel = NewChannel;
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("&&&&&&&&&&&&&&&&PeerChSwAnnAction - STA receive channel switch announcement IE (New Channel =%d)\n", NewChannel));
+                                       break;
+                               }
+                       }
+
+                       if (index >= pAd->ChannelListNum)
+                       {
+                               DBGPRINT_ERR(("&&&&&&&&&&&&&&&&&&&&&&&&&&PeerChSwAnnAction(can not find New Channel=%d in ChannelList[%d]\n", pAd->CommonCfg.Channel, pAd->ChannelListNum));
+                       }
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       return;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Measurement Request action frame handler.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID PeerMeasureReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PFRAME_802_11 pFr = (PFRAME_802_11)Elem->Msg;
+       UINT8 DialogToken;
+       MEASURE_REQ_INFO MeasureReqInfo;
+       MEASURE_REQ     MeasureReq;
+       MEASURE_REPORT_MODE ReportMode;
+
+       if(PeerMeasureReqSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken, &MeasureReqInfo, &MeasureReq))
+       {
+               ReportMode.word = 0;
+               ReportMode.field.Incapable = 1;
+               EnqueueMeasurementRep(pAd, pFr->Hdr.Addr2, DialogToken, MeasureReqInfo.Token, ReportMode.word, MeasureReqInfo.ReqType, 0, NULL);
+       }
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Measurement Report action frame handler.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID PeerMeasureReportAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       MEASURE_REPORT_INFO MeasureReportInfo;
+       PFRAME_802_11 pFr = (PFRAME_802_11)Elem->Msg;
+       UINT8 DialogToken;
+       PUINT8 pMeasureReportInfo;
+
+//     if (pAd->CommonCfg.bIEEE80211H != TRUE)
+//             return;
+
+       if ((pMeasureReportInfo = kmalloc(sizeof(MEASURE_RPI_REPORT), GFP_ATOMIC)) == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s unable to alloc memory for measure report buffer (size=%d).\n", __FUNCTION__, sizeof(MEASURE_RPI_REPORT)));
+               return;
+       }
+
+       NdisZeroMemory(&MeasureReportInfo, sizeof(MEASURE_REPORT_INFO));
+       NdisZeroMemory(pMeasureReportInfo, sizeof(MEASURE_RPI_REPORT));
+       if (PeerMeasureReportSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken, &MeasureReportInfo, pMeasureReportInfo))
+       {
+               do {
+                       PMEASURE_REQ_ENTRY pEntry = NULL;
+
+                       // Not a autonomous measure report.
+                       // check the dialog token field. drop it if the dialog token doesn't match.
+                       if ((DialogToken != 0)
+                               && ((pEntry = MeasureReqLookUp(pAd, DialogToken)) == NULL))
+                               break;
+
+                       if (pEntry != NULL)
+                               MeasureReqDelete(pAd, pEntry->DialogToken);
+
+                       if (MeasureReportInfo.ReportType == RM_BASIC)
+                       {
+                               PMEASURE_BASIC_REPORT pBasicReport = (PMEASURE_BASIC_REPORT)pMeasureReportInfo;
+                               if ((pBasicReport->Map.field.Radar)
+                                       && (DfsRequirementCheck(pAd, pBasicReport->ChNum) == TRUE))
+                               {
+                                       NotifyChSwAnnToPeerAPs(pAd, pFr->Hdr.Addr1, pFr->Hdr.Addr2, 1, pBasicReport->ChNum);
+                                       StartDFSProcedure(pAd, pBasicReport->ChNum, 1);
+                               }
+                       }
+               } while (FALSE);
+       }
+       else
+               DBGPRINT(RT_DEBUG_TRACE, ("Invalid Measurement Report Frame.\n"));
+
+       kfree(pMeasureReportInfo);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               TPC Request action frame handler.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID PeerTpcReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PFRAME_802_11 pFr = (PFRAME_802_11)Elem->Msg;
+       PUCHAR pFramePtr = pFr->Octet;
+       UINT8 DialogToken;
+       UINT8 TxPwr = GetCurTxPwr(pAd, Elem->Wcid);
+       UINT8 LinkMargin = 0;
+       CHAR RealRssi;
+
+       // link margin: Ratio of the received signal power to the minimum desired by the station (STA). The
+       //                              STA may incorporate rate information and channel conditions, including interference, into its computation
+       //                              of link margin.
+
+       RealRssi = RTMPMaxRssi(pAd, ConvertToRssi(pAd, Elem->Rssi0, RSSI_0),
+                                                               ConvertToRssi(pAd, Elem->Rssi1, RSSI_1),
+                                                               ConvertToRssi(pAd, Elem->Rssi2, RSSI_2));
+
+       // skip Category and action code.
+       pFramePtr += 2;
+
+       // Dialog token.
+       NdisMoveMemory(&DialogToken, pFramePtr, 1);
+
+       LinkMargin = (RealRssi / MIN_RCV_PWR);
+       if (PeerTpcReqSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken))
+               EnqueueTPCRep(pAd, pFr->Hdr.Addr2, DialogToken, TxPwr, LinkMargin);
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               TPC Report action frame handler.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+static VOID PeerTpcRepAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UINT8 DialogToken;
+       TPC_REPORT_INFO TpcRepInfo;
+       PTPC_REQ_ENTRY pEntry = NULL;
+
+       NdisZeroMemory(&TpcRepInfo, sizeof(TPC_REPORT_INFO));
+       if (PeerTpcRepSanity(pAd, Elem->Msg, Elem->MsgLen, &DialogToken, &TpcRepInfo))
+       {
+               if ((pEntry = TpcReqLookUp(pAd, DialogToken)) != NULL)
+               {
+                       TpcReqDelete(pAd, pEntry->DialogToken);
+                       DBGPRINT(RT_DEBUG_TRACE, ("%s: DialogToken=%x, TxPwr=%d, LinkMargin=%d\n",
+                               __FUNCTION__, DialogToken, TpcRepInfo.TxPwr, TpcRepInfo.LinkMargin));
+               }
+       }
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Spectrun action frames Handler such as channel switch annoucement,
+               measurement report, measurement request actions frames.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID PeerSpectrumAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+
+       UCHAR   Action = Elem->Msg[LENGTH_802_11+1];
+
+       if (pAd->CommonCfg.bIEEE80211H != TRUE)
+               return;
+
+       switch(Action)
+       {
+               case SPEC_MRQ:
+                       // current rt2860 unable do such measure specified in Measurement Request.
+                       // reject all measurement request.
+                       PeerMeasureReqAction(pAd, Elem);
+                       break;
+
+               case SPEC_MRP:
+                       PeerMeasureReportAction(pAd, Elem);
+                       break;
+
+               case SPEC_TPCRQ:
+                       PeerTpcReqAction(pAd, Elem);
+                       break;
+
+               case SPEC_TPCRP:
+                       PeerTpcRepAction(pAd, Elem);
+                       break;
+
+               case SPEC_CHANNEL_SWITCH:
+
+#ifdef DOT11N_DRAFT3
+                       {
+                               SEC_CHA_OFFSET_IE       Secondary;
+                               CHA_SWITCH_ANNOUNCE_IE  ChannelSwitch;
+
+                               // 802.11h only has Channel Switch Announcement IE.
+                               RTMPMoveMemory(&ChannelSwitch, &Elem->Msg[LENGTH_802_11+4], sizeof (CHA_SWITCH_ANNOUNCE_IE));
+
+                               // 802.11n D3.03 adds secondary channel offset element in the end.
+                               if (Elem->MsgLen ==  (LENGTH_802_11 + 2 + sizeof (CHA_SWITCH_ANNOUNCE_IE) + sizeof (SEC_CHA_OFFSET_IE)))
+                               {
+                                       RTMPMoveMemory(&Secondary, &Elem->Msg[LENGTH_802_11+9], sizeof (SEC_CHA_OFFSET_IE));
+                               }
+                               else
+                               {
+                                       Secondary.SecondaryChannelOffset = 0;
+                               }
+
+                               if ((Elem->Msg[LENGTH_802_11+2] == IE_CHANNEL_SWITCH_ANNOUNCEMENT) && (Elem->Msg[LENGTH_802_11+3] == 3))
+                               {
+                                       ChannelSwitchAction(pAd, Elem->Wcid, ChannelSwitch.NewChannel, Secondary.SecondaryChannelOffset);
+                               }
+                       }
+#endif // DOT11N_DRAFT3 //
+
+                       PeerChSwAnnAction(pAd, Elem);
+                       break;
+       }
+
+       return;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       Parametrs:
+
+       Return  : None.
+       ==========================================================================
+ */
+INT Set_MeasureReq_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT Aid = 1;
+       UINT ArgIdx;
+       PSTRING thisChar;
+
+       MEASURE_REQ_MODE MeasureReqMode;
+       UINT8 MeasureReqToken = RandomByte(pAd);
+       UINT8 MeasureReqType = RM_BASIC;
+       UINT8 MeasureCh = 1;
+       UINT64 MeasureStartTime = GetCurrentTimeStamp(pAd);
+       MEASURE_REQ MeasureReq;
+       UINT8 TotalLen;
+
+       HEADER_802_11 ActHdr;
+       PUCHAR pOutBuffer = NULL;
+       NDIS_STATUS NStatus;
+       ULONG FrameLen;
+
+       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);  //Get an unused nonpaged memory
+       if(NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s() allocate memory failed \n", __FUNCTION__));
+               goto END_OF_MEASURE_REQ;
+       }
+
+       ArgIdx = 1;
+       while ((thisChar = strsep((char **)&arg, "-")) != NULL)
+       {
+               switch(ArgIdx)
+               {
+                       case 1: // Aid.
+                               Aid = (UINT8) simple_strtol(thisChar, 0, 16);
+                               break;
+
+                       case 2: // Measurement Request Type.
+                               MeasureReqType = simple_strtol(thisChar, 0, 16);
+                               if (MeasureReqType > 3)
+                               {
+                                       DBGPRINT(RT_DEBUG_ERROR, ("%s: unknow MeasureReqType(%d)\n", __FUNCTION__, MeasureReqType));
+                                       goto END_OF_MEASURE_REQ;
+                               }
+                               break;
+
+                       case 3: // Measurement channel.
+                               MeasureCh = (UINT8) simple_strtol(thisChar, 0, 16);
+                               break;
+               }
+               ArgIdx++;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s::Aid = %d, MeasureReqType=%d MeasureCh=%d\n", __FUNCTION__, Aid, MeasureReqType, MeasureCh));
+       if (!VALID_WCID(Aid))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: unknow sta of Aid(%d)\n", __FUNCTION__, Aid));
+               goto END_OF_MEASURE_REQ;
+       }
+
+       MeasureReqMode.word = 0;
+       MeasureReqMode.field.Enable = 1;
+
+       MeasureReqInsert(pAd, MeasureReqToken);
+
+       // build action frame header.
+       MgtMacHeaderInit(pAd, &ActHdr, SUBTYPE_ACTION, 0, pAd->MacTab.Content[Aid].Addr,
+                                               pAd->CurrentAddress);
+
+       NdisMoveMemory(pOutBuffer, (PCHAR)&ActHdr, sizeof(HEADER_802_11));
+       FrameLen = sizeof(HEADER_802_11);
+
+       TotalLen = sizeof(MEASURE_REQ_INFO) + sizeof(MEASURE_REQ);
+
+       MakeMeasurementReqFrame(pAd, pOutBuffer, &FrameLen,
+               sizeof(MEASURE_REQ_INFO), CATEGORY_RM, RM_BASIC,
+               MeasureReqToken, MeasureReqMode.word,
+               MeasureReqType, 0);
+
+       MeasureReq.ChNum = MeasureCh;
+       MeasureReq.MeasureStartTime = cpu2le64(MeasureStartTime);
+       MeasureReq.MeasureDuration = cpu2le16(2000);
+
+       {
+               ULONG TempLen;
+               MakeOutgoingFrame(      pOutBuffer+FrameLen,    &TempLen,
+                                                       sizeof(MEASURE_REQ),    &MeasureReq,
+                                                       END_OF_ARGS);
+               FrameLen += TempLen;
+       }
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, (UINT)FrameLen);
+
+END_OF_MEASURE_REQ:
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       return TRUE;
+}
+
+INT Set_TpcReq_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT Aid;
+
+       UINT8 TpcReqToken = RandomByte(pAd);
+
+       Aid = (UINT) simple_strtol(arg, 0, 16);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s::Aid = %d\n", __FUNCTION__, Aid));
+       if (!VALID_WCID(Aid))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: unknow sta of Aid(%d)\n", __FUNCTION__, Aid));
+               return TRUE;
+       }
+
+       TpcReqInsert(pAd, TpcReqToken);
+
+       EnqueueTPCReq(pAd, pAd->MacTab.Content[Aid].Addr, TpcReqToken);
+
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/config.mk b/drivers/staging/rt3090/config.mk
new file mode 100644 (file)
index 0000000..8a167e9
--- /dev/null
@@ -0,0 +1,187 @@
+# Support ATE function
+HAS_ATE=y
+
+# Support 28xx QA ATE function
+HAS_28xx_QA=n
+
+
+HAS_NINTENDO=n
+
+# Support LLTD function
+HAS_LLTD=n
+
+# Support WDS function
+HAS_WDS=n
+
+# Support AP-Client function
+HAS_APCLI=n
+
+# Support Wpa_Supplicant
+HAS_WPA_SUPPLICANT=y
+
+# Support Native WpaSupplicant for Network Maganger
+HAS_NATIVE_WPA_SUPPLICANT_SUPPORT=n
+
+#Support Net interface block while Tx-Sw queue full
+HAS_BLOCK_NET_IF=n
+
+#Support IGMP-Snooping function.
+HAS_IGMP_SNOOP_SUPPORT=n
+
+#Support DFS function
+HAS_DFS_SUPPORT=n
+
+#Support Carrier-Sense function
+HAS_CS_SUPPORT=n
+
+# Support for STA Ethernet Converter
+HAS_ETH_CONVERT_SUPPORT=n
+
+# Support user specific transmit rate of Multicast packet.
+HAS_MCAST_RATE_SPECIFIC_SUPPORT=n
+
+# Support for Multiple Cards
+HAS_MC_SUPPORT=n
+
+#Support for PCI-MSI
+HAS_MSI_SUPPORT=n
+
+
+#Support for IEEE802.11e DLS
+HAS_QOS_DLS_SUPPORT=n
+
+#Support for EXT_CHANNEL
+HAS_EXT_BUILD_CHANNEL_LIST=n
+
+#Support for IDS
+HAS_IDS_SUPPORT=n
+
+
+#Support for Net-SNMP
+HAS_SNMP_SUPPORT=n
+
+#Support features of 802.11n Draft3
+HAS_DOT11N_DRAFT3_SUPPORT=n
+
+#Support features of Single SKU.
+HAS_SINGLE_SKU_SUPPORT=n
+
+#Support features of 802.11n
+HAS_DOT11_N_SUPPORT=y
+
+
+
+#Support for 2860/2880 co-exist
+HAS_RT2880_RT2860_COEXIST=n
+
+HAS_KTHREAD_SUPPORT=n
+
+
+#Support for Auto channel select enhance
+HAS_AUTO_CH_SELECT_ENHANCE=n
+
+#Support bypass bridge
+HAS_BG_FT_SUPPORT=n
+
+#Support Antenna Diversity
+HAS_ANTENNA_DIVERSITY_SUPPORT=y
+#################################################
+
+WFLAGS := -DAGGREGATION_SUPPORT -DPIGGYBACK_SUPPORT -DWMM_SUPPORT  -DLINUX -Wall -Wstrict-prototypes -Wno-trigraphs -Wpointer-sign
+
+ifeq ($(HAS_KTHREAD_SUPPORT),y)
+WFLAGS += -DKTHREAD_SUPPORT
+endif
+
+
+#################################################
+
+# config for STA mode
+
+WFLAGS += -DCONFIG_STA_SUPPORT -DDBG
+
+ifeq ($(HAS_WPA_SUPPLICANT),y)
+WFLAGS += -DWPA_SUPPLICANT_SUPPORT
+ifeq ($(HAS_NATIVE_WPA_SUPPLICANT_SUPPORT),y)
+WFLAGS += -DNATIVE_WPA_SUPPLICANT_SUPPORT
+endif
+endif
+
+
+ifeq ($(HAS_ETH_CONVERT_SUPPORT), y)
+WFLAGS += -DETH_CONVERT_SUPPORT  -DMAT_SUPPORT
+endif
+
+ifeq ($(HAS_ATE),y)
+WFLAGS += -DRALINK_ATE
+ifeq ($(HAS_28xx_QA),y)
+WFLAGS += -DRALINK_28xx_QA
+endif
+endif
+
+
+ifeq ($(HAS_SNMP_SUPPORT),y)
+WFLAGS += -DSNMP_SUPPORT
+endif
+
+ifeq ($(HAS_QOS_DLS_SUPPORT),y)
+WFLAGS += -DQOS_DLS_SUPPORT
+endif
+
+ifeq ($(HAS_DOT11_N_SUPPORT),y)
+WFLAGS += -DDOT11_N_SUPPORT
+endif
+
+ifeq ($(HAS_CS_SUPPORT),y)
+WFLAGS += -DCARRIER_DETECTION_SUPPORT
+endif
+
+ifeq ($(HAS_ANTENNA_DIVERSITY_SUPPORT),y)
+WFLAGS += -DANT_DIVERSITY_SUPPORT
+endif
+
+#################################################
+
+#################################################
+
+#
+# Common compiler flag
+#
+
+
+
+
+
+ifeq ($(HAS_EXT_BUILD_CHANNEL_LIST),y)
+WFLAGS += -DEXT_BUILD_CHANNEL_LIST
+endif
+
+ifeq ($(HAS_IDS_SUPPORT),y)
+WFLAGS += -DIDS_SUPPORT
+endif
+
+
+#################################################
+# ChipSet specific definitions.
+#
+WFLAGS +=-DRTMP_MAC_PCI -DRT30xx -DRT3090  -DRTMP_PCI_SUPPORT -DRTMP_RF_RW_SUPPORT -DRTMP_EFUSE_SUPPORT
+#################################################
+
+
+ifeq ($(HAS_BLOCK_NET_IF),y)
+WFLAGS += -DBLOCK_NET_IF
+endif
+
+ifeq ($(HAS_DFS_SUPPORT),y)
+WFLAGS += -DDFS_SUPPORT
+endif
+
+ifeq ($(HAS_MC_SUPPORT),y)
+WFLAGS += -DMULTIPLE_CARD_SUPPORT
+endif
+
+ifeq ($(HAS_LLTD),y)
+WFLAGS += -DLLTD_SUPPORT
+endif
+
+EXTRA_CFLAGS := $(WFLAGS)
diff --git a/drivers/staging/rt3090/crypt_hmac.h b/drivers/staging/rt3090/crypt_hmac.h
new file mode 100644 (file)
index 0000000..557ca73
--- /dev/null
@@ -0,0 +1,81 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    crypt_hmac.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Eddy        2008/11/24      Create HMAC-SHA1, HMAC-SHA256
+*/
+
+#ifndef __CRYPT_HMAC_H__
+#define __CRYPT_HMAC_H__
+
+#ifdef CRYPT_TESTPLAN
+#include "crypt_testplan.h"
+#else
+#include "rt_config.h"
+#endif /* CRYPT_TESTPLAN */
+
+#ifdef SHA1_SUPPORT
+#define HMAC_SHA1_SUPPORT
+VOID HMAC_SHA1 (
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen);
+#endif /* SHA1_SUPPORT */
+
+#ifdef SHA256_SUPPORT
+#define HMAC_SHA256_SUPPORT
+VOID HMAC_SHA256 (
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen);
+#endif /* SHA256_SUPPORT */
+
+#ifdef MD5_SUPPORT
+#define HMAC_MD5_SUPPORT
+VOID HMAC_MD5 (
+    IN  const UINT8 Key[],
+    IN  UINT KeyLen,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 MAC[],
+    IN  UINT MACLen);
+#endif /* MD5_SUPPORT */
+
+#endif /* __CRYPT_HMAC_H__ */
diff --git a/drivers/staging/rt3090/crypt_md5.h b/drivers/staging/rt3090/crypt_md5.h
new file mode 100644 (file)
index 0000000..7ee3f42
--- /dev/null
@@ -0,0 +1,78 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    crypt_md5.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Eddy        2008/11/24      Create md5
+*/
+
+#ifndef __CRYPT_MD5_H__
+#define __CRYPT_MD5_H__
+
+#ifdef CRYPT_TESTPLAN
+#include "crypt_testplan.h"
+#else
+#include "rt_config.h"
+#endif /* CRYPT_TESTPLAN */
+
+/* Algorithm options */
+#define MD5_SUPPORT
+
+#ifdef MD5_SUPPORT
+#define MD5_BLOCK_SIZE    64 /* 512 bits = 64 bytes */
+#define MD5_DIGEST_SIZE   16 /* 128 bits = 16 bytes */
+typedef struct {
+    UINT32 HashValue[4];
+    UINT64 MessageLen;
+    UINT8  Block[MD5_BLOCK_SIZE];
+    UINT   BlockLen;
+} MD5_CTX_STRUC, *PMD5_CTX_STRUC;
+
+VOID MD5_Init (
+    IN  MD5_CTX_STRUC *pMD5_CTX);
+VOID MD5_Hash (
+    IN  MD5_CTX_STRUC *pMD5_CTX);
+VOID MD5_Append (
+    IN  MD5_CTX_STRUC *pMD5_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen);
+VOID MD5_End (
+    IN  MD5_CTX_STRUC *pMD5_CTX,
+    OUT UINT8 DigestMessage[]);
+VOID RT_MD5 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[]);
+#endif /* MD5_SUPPORT */
+
+#endif /* __CRYPT_MD5_H__ */
diff --git a/drivers/staging/rt3090/crypt_sha2.h b/drivers/staging/rt3090/crypt_sha2.h
new file mode 100644 (file)
index 0000000..85c0403
--- /dev/null
@@ -0,0 +1,107 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    crypt_sha2.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Eddy        2008/11/24      Create SHA1
+    Eddy        2008/07/23      Create SHA256
+*/
+
+#ifndef __CRYPT_SHA2_H__
+#define __CRYPT_SHA2_H__
+
+#ifdef CRYPT_TESTPLAN
+#include "crypt_testplan.h"
+#else
+#include "rt_config.h"
+#endif /* CRYPT_TESTPLAN */
+
+/* Algorithm options */
+#define SHA1_SUPPORT
+#define SHA256_SUPPORT
+
+#ifdef SHA1_SUPPORT
+#define SHA1_BLOCK_SIZE    64 /* 512 bits = 64 bytes */
+#define SHA1_DIGEST_SIZE   20 /* 160 bits = 20 bytes */
+typedef struct _SHA1_CTX_STRUC {
+    UINT32 HashValue[5];  /* 5 = (SHA1_DIGEST_SIZE / 32) */
+    UINT64 MessageLen;    /* total size */
+    UINT8  Block[SHA1_BLOCK_SIZE];
+    UINT   BlockLen;
+} SHA1_CTX_STRUC, *PSHA1_CTX_STRUC;
+
+VOID SHA1_Init (
+    IN  SHA1_CTX_STRUC *pSHA_CTX);
+VOID SHA1_Hash (
+    IN  SHA1_CTX_STRUC *pSHA_CTX);
+VOID SHA1_Append (
+    IN  SHA1_CTX_STRUC *pSHA_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen);
+VOID SHA1_End (
+    IN  SHA1_CTX_STRUC *pSHA_CTX,
+    OUT UINT8 DigestMessage[]);
+VOID RT_SHA1 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[]);
+#endif /* SHA1_SUPPORT */
+
+#ifdef SHA256_SUPPORT
+#define SHA256_BLOCK_SIZE   64 /* 512 bits = 64 bytes */
+#define SHA256_DIGEST_SIZE  32 /* 256 bits = 32 bytes */
+typedef struct _SHA256_CTX_STRUC {
+    UINT32 HashValue[8];  /* 8 = (SHA256_DIGEST_SIZE / 32) */
+    UINT64 MessageLen;    /* total size */
+    UINT8  Block[SHA256_BLOCK_SIZE];
+    UINT   BlockLen;
+} SHA256_CTX_STRUC, *PSHA256_CTX_STRUC;
+
+VOID SHA256_Init (
+    IN  SHA256_CTX_STRUC *pSHA_CTX);
+VOID SHA256_Hash (
+    IN  SHA256_CTX_STRUC *pSHA_CTX);
+VOID SHA256_Append (
+    IN  SHA256_CTX_STRUC *pSHA_CTX,
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen);
+VOID SHA256_End (
+    IN  SHA256_CTX_STRUC *pSHA_CTX,
+    OUT UINT8 DigestMessage[]);
+VOID RT_SHA256 (
+    IN  const UINT8 Message[],
+    IN  UINT MessageLen,
+    OUT UINT8 DigestMessage[]);
+#endif /* SHA256_SUPPORT */
+
+#endif /* __CRYPT_SHA2_H__ */
diff --git a/drivers/staging/rt3090/dfs.h b/drivers/staging/rt3090/dfs.h
new file mode 100644 (file)
index 0000000..506468e
--- /dev/null
@@ -0,0 +1,137 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    dfs.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Fonchi    03-12-2007      created
+*/
+
+#define RADAR_PULSE 1
+#define RADAR_WIDTH 2
+
+#define WIDTH_RD_IDLE 0
+#define WIDTH_RD_CHECK 1
+
+
+
+/*************************************************************************
+  *
+  *    DFS Radar related definitions.
+  *
+  ************************************************************************/
+//#define CARRIER_DETECT_TASK_NUM      6
+//#define RADAR_DETECT_TASK_NUM        7
+
+// McuRadarState && McuCarrierState for 2880-SW-MCU
+#define FREE_FOR_TX                            0
+#define WAIT_CTS_BEING_SENT            1
+#define DO_DETECTION                   2
+
+// McuRadarEvent
+#define RADAR_EVENT_CTS_SENT                   0x01 // Host signal MCU that CTS has been sent
+#define RADAR_EVENT_CTS_CARRIER_SENT   0x02 // Host signal MCU that CTS has been sent (Carrier)
+#define RADAR_EVENT_RADAR_DETECTING            0x04 // Radar detection is on going, carrier detection hold back
+#define RADAR_EVENT_CARRIER_DETECTING  0x08 // Carrier detection is on going, radar detection hold back
+#define RADAR_EVENT_WIDTH_RADAR                        0x10 // BBP == 2 radar detected
+#define RADAR_EVENT_CTS_KICKED                 0x20 // Radar detection need to sent double CTS, first CTS sent
+
+// McuRadarCmd
+#define DETECTION_STOP                 0
+#define RADAR_DETECTION                        1
+#define CARRIER_DETECTION              2
+
+
+
+#ifdef TONE_RADAR_DETECT_SUPPORT
+INT Set_CarrierCriteria_Proc(IN PRTMP_ADAPTER pAd, IN PSTRING arg);
+int Set_CarrierReCheck_Proc(IN PRTMP_ADAPTER pAd, IN PSTRING arg);
+INT Set_CarrierStopCheck_Proc(IN PRTMP_ADAPTER pAd, IN PSTRING arg);
+void NewCarrierDetectionStart(PRTMP_ADAPTER pAd);
+void RTMPHandleRadarInterrupt(PRTMP_ADAPTER  pAd);
+VOID CSAsicDisableSync(IN PRTMP_ADAPTER pAd);
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+
+VOID BbpRadarDetectionStart(
+       IN PRTMP_ADAPTER pAd);
+
+VOID BbpRadarDetectionStop(
+       IN PRTMP_ADAPTER pAd);
+
+VOID RadarDetectionStart(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN CTS_Protect,
+       IN UINT8 CTSPeriod);
+
+VOID RadarDetectionStop(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RadarDetectPeriodic(
+       IN PRTMP_ADAPTER        pAd);
+
+
+BOOLEAN RadarChannelCheck(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ch);
+
+ULONG JapRadarType(
+       IN PRTMP_ADAPTER pAd);
+
+ULONG RTMPBbpReadRadarDuration(
+       IN PRTMP_ADAPTER        pAd);
+
+ULONG RTMPReadRadarDuration(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RTMPCleanRadarDuration(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RTMPPrepareRDCTSFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA,
+       IN      ULONG                   Duration,
+       IN  UCHAR           RTSRate,
+       IN  ULONG           CTSBaseAddr,
+       IN  UCHAR                       FrameGap);
+
+VOID RTMPPrepareRadarDetectParams(
+       IN PRTMP_ADAPTER        pAd);
+
+
+INT Set_ChMovingTime_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
+
+INT Set_LongPulseRadarTh_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
diff --git a/drivers/staging/rt3090/eeprom.h b/drivers/staging/rt3090/eeprom.h
new file mode 100644 (file)
index 0000000..ee0e807
--- /dev/null
@@ -0,0 +1,82 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    eeprom.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+#ifndef __EEPROM_H__
+#define __EEPROM_H__
+
+
+
+#ifdef RTMP_PCI_SUPPORT
+/*************************************************************************
+  *    Public function declarations for prom-based chipset
+  ************************************************************************/
+int rtmp_ee_prom_read16(
+       IN PRTMP_ADAPTER        pAd,
+       IN USHORT                       Offset,
+       OUT USHORT                      *pValue);
+
+int rtmp_ee_prom_write16(
+       IN PRTMP_ADAPTER        pAd,
+       IN USHORT                       Offset,
+       IN USHORT                       value);
+#endif // RTMP_PCI_SUPPORT //
+
+
+
+
+
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+int rtmp_ee_efuse_read16(
+       IN RTMP_ADAPTER *pAd,
+       IN USHORT Offset,
+       OUT USHORT *pValue);
+
+int rtmp_ee_efuse_write16(
+       IN RTMP_ADAPTER *pAd,
+       IN USHORT Offset,
+       IN USHORT data);
+#endif // RTMP_EFUSE_SUPPORT //
+#endif // RT30xx //
+
+/*************************************************************************
+  *    Public function declarations for prom operation callback functions setting
+  ************************************************************************/
+INT RtmpChipOpsEepromHook(
+       IN RTMP_ADAPTER *pAd,
+       IN INT                  infType);
+
+#endif // __EEPROM_H__ //
diff --git a/drivers/staging/rt3090/firmware.h b/drivers/staging/rt3090/firmware.h
new file mode 100644 (file)
index 0000000..f2836a2
--- /dev/null
@@ -0,0 +1,517 @@
+/* AUTO GEN PLEASE DO NOT MODIFY IT */
+/* AUTO GEN PLEASE DO NOT MODIFY IT */
+
+
+UCHAR FirmwareImage [] = {
+0x02, 0x02, 0xf3, 0x02, 0x02, 0xa1, 0x22, 0x22, 0xff, 0xff, 0xff, 0x02, 0x01, 0x27, 0xff, 0xff,
+0xff, 0xff, 0xff, 0x02, 0x00, 0x1e, 0xff, 0xff, 0xff, 0xff, 0xff, 0x02, 0x00, 0xd8, 0xc0, 0xe0,
+0xc0, 0xf0, 0xc0, 0x83, 0xc0, 0x82, 0xc0, 0xd0, 0x75, 0xd0, 0x18, 0xc2, 0xaf, 0x30, 0x45, 0x03,
+0x12, 0x10, 0x09, 0x90, 0x04, 0x16, 0xe0, 0x30, 0xe3, 0x03, 0x74, 0x08, 0xf0, 0x90, 0x04, 0x14,
+0xe0, 0x20, 0xe7, 0x03, 0x02, 0x00, 0xcb, 0x74, 0x80, 0xf0, 0x90, 0x70, 0x12, 0xe0, 0xf5, 0x36,
+0x90, 0x04, 0x04, 0xe0, 0x24, 0xcf, 0x60, 0x30, 0x14, 0x60, 0x42, 0x24, 0xe2, 0x60, 0x47, 0x14,
+0x60, 0x55, 0x24, 0x21, 0x70, 0x60, 0xe5, 0x55, 0x24, 0xfe, 0x60, 0x07, 0x14, 0x60, 0x08, 0x24,
+0x02, 0x70, 0x08, 0x7d, 0x01, 0x80, 0x28, 0x7d, 0x02, 0x80, 0x24, 0x90, 0x70, 0x10, 0xe0, 0xf5,
+0x50, 0x85, 0x36, 0x40, 0xd2, 0x01, 0x80, 0x3e, 0xe5, 0x55, 0x64, 0x03, 0x60, 0x04, 0xe5, 0x55,
+0x70, 0x04, 0x7d, 0x02, 0x80, 0x09, 0x85, 0x36, 0x41, 0xd2, 0x02, 0x80, 0x29, 0xad, 0x55, 0xaf,
+0x36, 0x12, 0x02, 0x7d, 0x80, 0x20, 0x90, 0x70, 0x10, 0xe0, 0xf5, 0x47, 0x90, 0x70, 0x11, 0xe0,
+0xf5, 0x44, 0x12, 0x10, 0x25, 0x80, 0x06, 0x90, 0x70, 0x10, 0xe0, 0xf5, 0x45, 0xe4, 0xfd, 0xaf,
+0x36, 0x12, 0x02, 0x7d, 0xd2, 0x04, 0x90, 0x70, 0x13, 0xe4, 0xf0, 0xd2, 0xaf, 0xd0, 0xd0, 0xd0,
+0x82, 0xd0, 0x83, 0xd0, 0xf0, 0xd0, 0xe0, 0x32, 0xc0, 0xe0, 0xc0, 0xf0, 0xc0, 0x83, 0xc0, 0x82,
+0xc0, 0xd0, 0xe8, 0xc0, 0xe0, 0xe9, 0xc0, 0xe0, 0xea, 0xc0, 0xe0, 0xeb, 0xc0, 0xe0, 0xec, 0xc0,
+0xe0, 0xed, 0xc0, 0xe0, 0xee, 0xc0, 0xe0, 0xef, 0xc0, 0xe0, 0xc2, 0xaf, 0x30, 0x45, 0x03, 0x12,
+0x10, 0x12, 0xd2, 0xaf, 0xd0, 0xe0, 0xff, 0xd0, 0xe0, 0xfe, 0xd0, 0xe0, 0xfd, 0xd0, 0xe0, 0xfc,
+0xd0, 0xe0, 0xfb, 0xd0, 0xe0, 0xfa, 0xd0, 0xe0, 0xf9, 0xd0, 0xe0, 0xf8, 0xd0, 0xd0, 0xd0, 0x82,
+0xd0, 0x83, 0xd0, 0xf0, 0xd0, 0xe0, 0x32, 0xc0, 0xe0, 0xc0, 0xf0, 0xc0, 0x83, 0xc0, 0x82, 0xc0,
+0xd0, 0x75, 0xd0, 0x10, 0xc2, 0xaf, 0x30, 0x45, 0x03, 0x12, 0x10, 0x0c, 0x30, 0x58, 0x0a, 0xe5,
+0x54, 0x60, 0x04, 0x15, 0x54, 0x80, 0x02, 0xc2, 0x58, 0x30, 0x59, 0x0a, 0xe5, 0x50, 0x60, 0x04,
+0x15, 0x50, 0x80, 0x02, 0xc2, 0x59, 0xd5, 0x53, 0x07, 0x30, 0x60, 0x04, 0x15, 0x46, 0xd2, 0x04,
+0x30, 0x45, 0x03, 0x12, 0x10, 0x0f, 0xc2, 0x8d, 0xd2, 0xaf, 0xd0, 0xd0, 0xd0, 0x82, 0xd0, 0x83,
+0xd0, 0xf0, 0xd0, 0xe0, 0x32, 0x90, 0x70, 0x2a, 0xe0, 0x30, 0xe1, 0x43, 0xc2, 0xaf, 0x90, 0x70,
+0x28, 0xe0, 0x90, 0x10, 0x1c, 0xf0, 0x90, 0x70, 0x29, 0xe0, 0x90, 0x10, 0x1d, 0xf0, 0x90, 0x70,
+0x2a, 0xe0, 0x90, 0x10, 0x1e, 0xf0, 0x90, 0x10, 0x1c, 0xe0, 0xf5, 0x37, 0x90, 0x10, 0x1e, 0xe0,
+0x20, 0xe1, 0xf3, 0x90, 0x10, 0x1c, 0xe0, 0x90, 0x70, 0x28, 0xf0, 0x90, 0x10, 0x1d, 0xe0, 0x90,
+0x70, 0x29, 0xf0, 0x90, 0x10, 0x1e, 0xe0, 0x90, 0x70, 0x2a, 0xf0, 0xc2, 0x05, 0xd2, 0xaf, 0x22,
+0x12, 0x02, 0xc3, 0x30, 0x45, 0x03, 0x12, 0x10, 0x03, 0x30, 0x01, 0x06, 0x20, 0x09, 0x03, 0x12,
+0x10, 0x1c, 0x30, 0x02, 0x06, 0x20, 0x0a, 0x03, 0x12, 0x10, 0x1f, 0x30, 0x03, 0x06, 0x20, 0x0b,
+0x03, 0x12, 0x10, 0x1f, 0x30, 0x04, 0x06, 0x20, 0x0c, 0x03, 0x12, 0x10, 0x22, 0x20, 0x13, 0x09,
+0x20, 0x11, 0x06, 0xe5, 0x2b, 0x45, 0x2c, 0x60, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x92, 0xa9, 0x12,
+0x03, 0x1c, 0x80, 0xbf, 0xc2, 0x43, 0xd2, 0x45, 0xe4, 0xf5, 0x20, 0xf5, 0x21, 0xf5, 0x53, 0xf5,
+0x46, 0xf5, 0x2b, 0xf5, 0x2c, 0xc2, 0x42, 0xf5, 0x51, 0xf5, 0x52, 0xf5, 0x55, 0x90, 0x04, 0x18,
+0x74, 0x80, 0xf0, 0x90, 0x04, 0x1a, 0x74, 0x08, 0xf0, 0xc2, 0x1a, 0xc2, 0x18, 0xc2, 0x1b, 0x22,
+0xc8, 0xef, 0xc8, 0xe6, 0xfa, 0x08, 0xe6, 0x4a, 0x60, 0x0c, 0xc8, 0xef, 0xc8, 0x08, 0xe6, 0x16,
+0x18, 0x70, 0x01, 0x16, 0xc3, 0x22, 0xed, 0x24, 0xff, 0xfd, 0xec, 0x34, 0xff, 0xc8, 0xef, 0xc8,
+0xf6, 0x08, 0xc6, 0xed, 0xc6, 0xd3, 0x22, 0xd0, 0x83, 0xd0, 0x82, 0xf8, 0xe4, 0x93, 0x70, 0x12,
+0x74, 0x01, 0x93, 0x70, 0x0d, 0xa3, 0xa3, 0x93, 0xf8, 0x74, 0x01, 0x93, 0xf5, 0x82, 0x88, 0x83,
+0xe4, 0x73, 0x74, 0x02, 0x93, 0x68, 0x60, 0xef, 0xa3, 0xa3, 0xa3, 0x80, 0xdf, 0xef, 0xf4, 0x60,
+0x1f, 0xe4, 0xfe, 0x12, 0x03, 0x5b, 0xe0, 0xb4, 0xff, 0x12, 0x12, 0x03, 0x5b, 0xef, 0xf0, 0x74,
+0x1c, 0x2e, 0xf5, 0x82, 0xe4, 0x34, 0x70, 0xf5, 0x83, 0xed, 0xf0, 0x22, 0x0e, 0xbe, 0x04, 0xe3,
+0x22, 0xc0, 0xe0, 0xc0, 0xf0, 0xc0, 0x83, 0xc0, 0x82, 0xc0, 0xd0, 0x75, 0xd0, 0x08, 0xc2, 0xaf,
+0x30, 0x45, 0x03, 0x12, 0x10, 0x06, 0xd2, 0xaf, 0xd0, 0xd0, 0xd0, 0x82, 0xd0, 0x83, 0xd0, 0xf0,
+0xd0, 0xe0, 0x32, 0xc2, 0xaf, 0x12, 0x00, 0x06, 0x12, 0x02, 0x04, 0x12, 0x02, 0xdc, 0xe4, 0xf5,
+0x22, 0xf5, 0x47, 0x90, 0x04, 0x00, 0x74, 0x80, 0xf0, 0xd2, 0xaf, 0x22, 0x75, 0x89, 0x02, 0xe4,
+0xf5, 0x8c, 0xf5, 0x8a, 0xf5, 0x88, 0xf5, 0xb8, 0xf5, 0xe8, 0x75, 0x90, 0x18, 0xd2, 0x8c, 0x75,
+0xa8, 0x05, 0x22, 0x78, 0x7f, 0xe4, 0xf6, 0xd8, 0xfd, 0x75, 0x81, 0x5f, 0x02, 0x01, 0xc0, 0xff,
+0xc0, 0x26, 0x74, 0x03, 0xc0, 0xe0, 0xc0, 0x82, 0xc0, 0x83, 0x75, 0x26, 0x0a, 0x22, 0xc0, 0x26,
+0x74, 0x03, 0xc0, 0xe0, 0xc0, 0x82, 0xc0, 0x83, 0x75, 0x26, 0x18, 0x22, 0x30, 0x45, 0x03, 0x12,
+0x10, 0x15, 0xe5, 0x20, 0x70, 0x03, 0x20, 0x10, 0x03, 0x30, 0x11, 0x03, 0x43, 0x87, 0x01, 0x22,
+0xce, 0xef, 0xce, 0xee, 0x60, 0x08, 0x7f, 0xff, 0x12, 0x03, 0x71, 0x1e, 0x80, 0xf5, 0x22, 0xc8,
+0xef, 0xc8, 0xe6, 0x60, 0x03, 0x16, 0xc3, 0x22, 0xed, 0x14, 0xf6, 0xd3, 0x22, 0xc8, 0xef, 0xc8,
+0xe6, 0x60, 0x06, 0x16, 0xe6, 0x24, 0xff, 0xb3, 0x22, 0xc3, 0x22, 0x74, 0x14, 0x2e, 0xf5, 0x82,
+0xe4, 0x34, 0x70, 0xf5, 0x83, 0x22, 0xef, 0x90, 0x03, 0x6f, 0x93, 0x90, 0x03, 0x00, 0x73, 0x0a,
+0x18, 0xef, 0x60, 0x03, 0x1f, 0x80, 0xfa, 0x22, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+0xff, 0xff, 0xff, 0x02, 0x10, 0x28, 0x02, 0x10, 0x3b, 0x02, 0x10, 0x3c, 0x02, 0x13, 0x68, 0x02,
+0x13, 0x69, 0x02, 0x14, 0x1e, 0x02, 0x14, 0x1f, 0xc3, 0x22, 0xff, 0xff, 0x02, 0x19, 0xa1, 0x02,
+0x1b, 0x31, 0x02, 0x14, 0xea, 0x02, 0x14, 0x20, 0x30, 0x05, 0x06, 0x20, 0x0d, 0x03, 0x12, 0x01,
+0x75, 0x30, 0x06, 0x06, 0x20, 0x0e, 0x03, 0x12, 0x1c, 0x4f, 0x22, 0x22, 0x90, 0x04, 0x14, 0xe0,
+0x20, 0xe7, 0x03, 0x02, 0x13, 0x67, 0x90, 0x70, 0x12, 0xe0, 0xf5, 0x56, 0x90, 0x04, 0x04, 0xe0,
+0x12, 0x02, 0x57, 0x11, 0x11, 0x30, 0x10, 0xe2, 0x31, 0x10, 0x90, 0x33, 0x10, 0xa0, 0x34, 0x10,
+0xbe, 0x35, 0x10, 0xac, 0x36, 0x11, 0x1f, 0x50, 0x11, 0x68, 0x51, 0x11, 0x71, 0x52, 0x11, 0x71,
+0x53, 0x11, 0x71, 0x54, 0x11, 0xb3, 0x55, 0x12, 0x16, 0x70, 0x12, 0x42, 0x71, 0x12, 0x71, 0x72,
+0x12, 0xda, 0x73, 0x12, 0xfe, 0x80, 0x13, 0x29, 0x83, 0x13, 0x47, 0x84, 0x00, 0x00, 0x13, 0x67,
+0xd2, 0x18, 0xd2, 0x61, 0x75, 0x35, 0x2a, 0x75, 0x32, 0x0b, 0x75, 0x33, 0xb8, 0x02, 0x13, 0x62,
+0xc2, 0x18, 0x90, 0x01, 0x14, 0xe0, 0x54, 0xfd, 0xf0, 0x02, 0x13, 0x62, 0x90, 0x70, 0x11, 0xe0,
+0xf5, 0x3c, 0xe4, 0x90, 0x70, 0x13, 0xf0, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x22, 0xe5, 0x55,
+0xb4, 0x02, 0x0f, 0xe5, 0x59, 0xb4, 0x28, 0x06, 0x90, 0x01, 0x0d, 0x74, 0x08, 0xf0, 0x7d, 0x01,
+0x80, 0x02, 0x7d, 0x02, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x02,
+0x13, 0x62, 0x20, 0x02, 0x03, 0x30, 0x03, 0x10, 0x7d, 0x02, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90,
+0x04, 0x14, 0x74, 0x80, 0xf0, 0x02, 0x13, 0x62, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x0c, 0x90,
+0x01, 0x0c, 0xe0, 0x44, 0x02, 0xf0, 0xa3, 0xe0, 0x44, 0x04, 0xf0, 0x85, 0x56, 0x41, 0xd2, 0x02,
+0x22, 0x90, 0x70, 0x11, 0xe0, 0xf4, 0x70, 0x03, 0x02, 0x13, 0x67, 0xe0, 0xf5, 0x30, 0x22, 0xe5,
+0x34, 0xc3, 0x94, 0x03, 0x40, 0x07, 0xe5, 0x55, 0x60, 0x03, 0x02, 0x13, 0x67, 0x90, 0x70, 0x10,
+0xe0, 0x54, 0x7f, 0xff, 0xbf, 0x0a, 0x0d, 0x90, 0x70, 0x11, 0xe0, 0xb4, 0x08, 0x06, 0x75, 0x4e,
+0x01, 0x75, 0x4f, 0x84, 0x90, 0x70, 0x10, 0xe0, 0x54, 0x7f, 0x64, 0x02, 0x60, 0x03, 0x02, 0x13,
+0x67, 0x90, 0x70, 0x11, 0xe0, 0x64, 0x08, 0x60, 0x08, 0xe0, 0x64, 0x20, 0x60, 0x03, 0x02, 0x13,
+0x67, 0x75, 0x4e, 0x03, 0x75, 0x4f, 0x20, 0x22, 0x90, 0x70, 0x11, 0xe0, 0x24, 0xff, 0x92, 0x47,
+0x22, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x07, 0xe5, 0x55, 0x60, 0x03, 0x02, 0x13, 0x09, 0x90,
+0x04, 0x04, 0xe0, 0x25, 0xe0, 0x24, 0x5d, 0xf5, 0x57, 0x90, 0x70, 0x10, 0xe0, 0xff, 0x74, 0x47,
+0x25, 0x57, 0xf8, 0xc6, 0xef, 0xc6, 0x90, 0x70, 0x11, 0xe0, 0xff, 0x74, 0x48, 0x25, 0x57, 0xf8,
+0xc6, 0xef, 0xc6, 0xe4, 0xfd, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0,
+0x02, 0x13, 0x62, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x07, 0xe5, 0x55, 0x60, 0x03, 0x02, 0x13,
+0x09, 0xe5, 0x47, 0x64, 0x07, 0x60, 0x23, 0xe5, 0x47, 0x64, 0x08, 0x60, 0x1d, 0xe5, 0x47, 0x64,
+0x09, 0x60, 0x17, 0xe5, 0x47, 0x64, 0x0a, 0x60, 0x11, 0xe5, 0x47, 0x64, 0x0b, 0x60, 0x0b, 0xe5,
+0x47, 0x64, 0x0d, 0x60, 0x05, 0xe5, 0x47, 0xb4, 0x0d, 0x08, 0x90, 0x70, 0x11, 0xe0, 0x54, 0x0f,
+0xf5, 0x3a, 0xe5, 0x47, 0xb4, 0x09, 0x08, 0xe5, 0x3a, 0xb4, 0x03, 0x03, 0xe4, 0xf5, 0x46, 0xe5,
+0x47, 0xb4, 0x0a, 0x08, 0xe5, 0x3a, 0xb4, 0x01, 0x03, 0xe4, 0xf5, 0x46, 0xe4, 0xfd, 0xaf, 0x56,
+0x12, 0x02, 0x7d, 0xd2, 0x04, 0x22, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x07, 0xe5, 0x55, 0x60,
+0x03, 0x02, 0x13, 0x09, 0x90, 0x70, 0x10, 0xe0, 0xfe, 0x90, 0x70, 0x11, 0xe0, 0xfd, 0xed, 0xf8,
+0xe6, 0xf5, 0x57, 0xfd, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x02,
+0x13, 0x62, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x07, 0xe5, 0x55, 0x60, 0x03, 0x02, 0x13, 0x09,
+0x90, 0x70, 0x10, 0xe0, 0xfe, 0x90, 0x70, 0x11, 0xe0, 0xfd, 0xed, 0xf5, 0x82, 0x8e, 0x83, 0xe0,
+0xf5, 0x57, 0xfd, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x02, 0x13,
+0x62, 0x90, 0x10, 0x00, 0xe0, 0xf5, 0x57, 0x90, 0x10, 0x02, 0xe0, 0xf5, 0x58, 0xa3, 0xe0, 0xf5,
+0x59, 0xe5, 0x58, 0xb4, 0x70, 0x1e, 0xe5, 0x59, 0xb4, 0x30, 0x19, 0x90, 0x05, 0x08, 0xe0, 0x44,
+0x01, 0xf0, 0xfd, 0x90, 0x05, 0x05, 0xe0, 0x54, 0xfb, 0xf0, 0x44, 0x04, 0xf0, 0xed, 0x54, 0xfe,
+0x90, 0x05, 0x08, 0xf0, 0xe4, 0xf5, 0x4e, 0xf5, 0x4f, 0x75, 0x3a, 0xff, 0xc2, 0x1a, 0xc2, 0x18,
+0xc2, 0x1b, 0xf5, 0x34, 0x90, 0x05, 0xa4, 0x74, 0x11, 0xf0, 0xa3, 0x74, 0xff, 0xf0, 0xa3, 0x74,
+0x03, 0xf0, 0xe4, 0xf5, 0x30, 0xc2, 0x19, 0x75, 0x3c, 0xff, 0xad, 0x57, 0xaf, 0x56, 0x12, 0x02,
+0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x02, 0x13, 0x62, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40,
+0x06, 0xe5, 0x55, 0x60, 0x02, 0x80, 0x22, 0x90, 0x70, 0x10, 0xe0, 0x24, 0xff, 0x92, 0x93, 0xe4,
+0xfd, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x80, 0x64, 0xe5, 0x34,
+0xc3, 0x94, 0x03, 0x40, 0x0b, 0xe5, 0x55, 0x60, 0x07, 0x7d, 0x03, 0xaf, 0x56, 0x02, 0x02, 0x7d,
+0x90, 0x70, 0x10, 0xe0, 0x24, 0xff, 0x92, 0x4a, 0xd2, 0x05, 0xad, 0x57, 0xaf, 0x56, 0x12, 0x02,
+0x7d, 0x90, 0x04, 0x14, 0x74, 0x80, 0xf0, 0x80, 0x39, 0xe4, 0xf5, 0x34, 0xf5, 0x30, 0x90, 0x70,
+0x10, 0xe0, 0xf4, 0x60, 0x03, 0xe0, 0xf5, 0x34, 0xad, 0x57, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90,
+0x04, 0x14, 0x74, 0x80, 0xf0, 0x80, 0x1b, 0xd2, 0x19, 0x05, 0x2f, 0xe5, 0x2f, 0xb4, 0x1a, 0x03,
+0xe4, 0xf5, 0x2f, 0xd2, 0x04, 0xad, 0x57, 0xaf, 0x56, 0x12, 0x02, 0x7d, 0x90, 0x04, 0x14, 0x74,
+0x80, 0xf0, 0xe4, 0x90, 0x70, 0x13, 0xf0, 0x22, 0x22, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x17,
+0xe5, 0x55, 0xb4, 0x02, 0x12, 0xe5, 0x30, 0x60, 0x0e, 0x30, 0x60, 0x0b, 0x74, 0xfd, 0x25, 0x46,
+0xf5, 0x46, 0xd2, 0x04, 0xe4, 0xf5, 0x53, 0xe5, 0x53, 0x60, 0x03, 0x02, 0x14, 0x1d, 0x30, 0x60,
+0x21, 0xb2, 0x4d, 0x30, 0x4d, 0x1c, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x11, 0xe5, 0x55, 0xb4,
+0x02, 0x0c, 0xe5, 0x30, 0x60, 0x08, 0x74, 0x03, 0x25, 0x46, 0xf5, 0x46, 0x80, 0x02, 0x05, 0x46,
+0xc2, 0x04, 0xe5, 0x4f, 0x45, 0x4e, 0x60, 0x08, 0xe5, 0x4f, 0x15, 0x4f, 0x70, 0x02, 0x15, 0x4e,
+0x30, 0x1a, 0x49, 0x7f, 0x32, 0x7d, 0xb8, 0x7c, 0x0b, 0x12, 0x02, 0x30, 0x50, 0x06, 0x90, 0x04,
+0x10, 0x74, 0x40, 0xf0, 0x7f, 0x35, 0x7d, 0x32, 0x12, 0x03, 0x3f, 0x50, 0x09, 0x90, 0x10, 0x04,
+0xe0, 0x54, 0xf7, 0xf0, 0xd2, 0x06, 0xe5, 0x35, 0xd3, 0x94, 0x2d, 0x40, 0x30, 0x30, 0x1b, 0x2d,
+0xc2, 0x1b, 0xa2, 0x18, 0x92, 0x1a, 0x20, 0x1a, 0x24, 0x90, 0x04, 0x09, 0xe0, 0x54, 0xdd, 0xf0,
+0x90, 0x10, 0x04, 0xe0, 0x44, 0x08, 0xf0, 0xc2, 0x61, 0xd2, 0x03, 0x22, 0xe4, 0xf5, 0x35, 0xa2,
+0x18, 0x92, 0x1a, 0x30, 0x1a, 0x07, 0x90, 0x04, 0x09, 0xe0, 0x44, 0x22, 0xf0, 0x22, 0x22, 0x22,
+0xc2, 0x4b, 0xc2, 0x4c, 0xe5, 0x44, 0x12, 0x02, 0x57, 0x14, 0x42, 0x00, 0x14, 0xd5, 0x04, 0x14,
+0xd1, 0x08, 0x14, 0xac, 0x10, 0x14, 0x56, 0x20, 0x14, 0x76, 0x60, 0x14, 0x87, 0xa0, 0x00, 0x00,
+0x14, 0xd7, 0x85, 0x48, 0x43, 0x85, 0x4a, 0x42, 0x85, 0x4c, 0x5e, 0xe5, 0x47, 0x64, 0x06, 0x60,
+0x03, 0x02, 0x14, 0xd7, 0x80, 0x1b, 0xe5, 0x48, 0xc4, 0x54, 0x0f, 0xf5, 0x43, 0xe5, 0x4a, 0xc4,
+0x54, 0x0f, 0xf5, 0x42, 0xe5, 0x4c, 0xc4, 0x54, 0x0f, 0xf5, 0x5e, 0xe5, 0x47, 0x64, 0x06, 0x70,
+0x66, 0x53, 0x43, 0x0f, 0x80, 0x61, 0x85, 0x49, 0x43, 0x85, 0x4b, 0x42, 0x85, 0x4d, 0x5e, 0xe5,
+0x47, 0x64, 0x06, 0x70, 0x52, 0x80, 0x1b, 0xe5, 0x49, 0xc4, 0x54, 0x0f, 0xf5, 0x43, 0xe5, 0x4b,
+0xc4, 0x54, 0x0f, 0xf5, 0x42, 0xe5, 0x4d, 0xc4, 0x54, 0x0f, 0xf5, 0x5e, 0xe5, 0x47, 0x64, 0x06,
+0x70, 0x35, 0xe5, 0x43, 0x54, 0x0f, 0x44, 0x10, 0xf5, 0x43, 0x80, 0x2b, 0xe5, 0x47, 0xb4, 0x04,
+0x06, 0x53, 0x5e, 0xfb, 0x75, 0x42, 0x09, 0xe5, 0x47, 0xb4, 0x05, 0x06, 0x43, 0x5e, 0x04, 0x75,
+0x42, 0x09, 0xe5, 0x47, 0xb4, 0x06, 0x10, 0xe5, 0x43, 0x54, 0x0f, 0x44, 0x30, 0xf5, 0x43, 0x80,
+0x06, 0xd2, 0x4b, 0x80, 0x02, 0xd2, 0x4c, 0xe4, 0xf5, 0x2a, 0xe5, 0x42, 0xc4, 0x54, 0xf0, 0xff,
+0xe5, 0x43, 0x54, 0x0f, 0x4f, 0xf5, 0x5f, 0xd2, 0x60, 0x22, 0xe5, 0x47, 0x60, 0x1a, 0x24, 0xc0,
+0x60, 0x0a, 0x24, 0x35, 0x70, 0x09, 0x12, 0x19, 0x5f, 0x12, 0x15, 0x09, 0x12, 0x19, 0x5f, 0x12,
+0x15, 0x09, 0xc2, 0xaf, 0xc2, 0x04, 0xd2, 0xaf, 0x22, 0xc2, 0xaf, 0x90, 0x04, 0x14, 0xe0, 0x54,
+0x0e, 0x60, 0x04, 0xd2, 0x1c, 0x80, 0x08, 0xe5, 0x4e, 0x45, 0x4f, 0x24, 0xff, 0x92, 0x1c, 0xd2,
+0xaf, 0x90, 0x04, 0x14, 0xe0, 0xa2, 0xe4, 0x92, 0x1d, 0x74, 0x1e, 0xf0, 0xe5, 0x5f, 0x54, 0x0f,
+0xf5, 0x2d, 0xe5, 0x2a, 0x70, 0x13, 0x30, 0x1c, 0x05, 0xe5, 0x5f, 0x20, 0xe5, 0x0b, 0x30, 0x1d,
+0x29, 0xe5, 0x5f, 0x54, 0x30, 0x64, 0x30, 0x70, 0x21, 0xe5, 0x2a, 0x70, 0x15, 0xe5, 0x34, 0xc3,
+0x94, 0x03, 0x40, 0x09, 0xe5, 0x30, 0x60, 0x05, 0x75, 0x2a, 0x05, 0x80, 0x07, 0x75, 0x2a, 0x0c,
+0x80, 0x02, 0x15, 0x2a, 0xd2, 0x6c, 0xd2, 0x6d, 0x80, 0x0f, 0xe5, 0x5f, 0x30, 0xe6, 0x06, 0xc2,
+0x6c, 0xd2, 0x6d, 0x80, 0x04, 0xd2, 0x6c, 0xc2, 0x6d, 0xe5, 0x47, 0x64, 0x03, 0x70, 0x21, 0x30,
+0x4b, 0x06, 0xc2, 0x6c, 0xd2, 0x6d, 0x80, 0x18, 0xe5, 0x2a, 0x70, 0x03, 0x30, 0x4c, 0x11, 0xc2,
+0x4c, 0xe5, 0x2a, 0x70, 0x05, 0x75, 0x2a, 0x07, 0x80, 0x02, 0x15, 0x2a, 0xd2, 0x6c, 0xd2, 0x6d,
+0xe5, 0x47, 0xb4, 0x09, 0x14, 0xe5, 0x44, 0x20, 0xe3, 0x0b, 0xe5, 0x3a, 0x64, 0x02, 0x60, 0x05,
+0xe5, 0x3a, 0xb4, 0x03, 0x04, 0xc2, 0x6c, 0xd2, 0x6d, 0xe5, 0x47, 0xb4, 0x0a, 0x13, 0xe5, 0x3a,
+0xb4, 0x01, 0x06, 0xc2, 0x6c, 0xd2, 0x6d, 0x80, 0x08, 0xe5, 0x3a, 0x70, 0x04, 0xd2, 0x6c, 0xc2,
+0x6d, 0x20, 0x69, 0x07, 0xe5, 0x5e, 0x20, 0xe0, 0x02, 0xb2, 0x68, 0x20, 0x6b, 0x07, 0xe5, 0x5e,
+0x20, 0xe1, 0x02, 0xb2, 0x6a, 0x20, 0x6d, 0x07, 0xe5, 0x5e, 0x20, 0xe2, 0x02, 0xb2, 0x6c, 0x75,
+0x2e, 0x40, 0x20, 0x69, 0x04, 0xa2, 0x68, 0x80, 0x45, 0x30, 0x68, 0x06, 0xe5, 0x46, 0xa2, 0xe2,
+0x80, 0x3c, 0x30, 0x19, 0x1c, 0xe5, 0x5e, 0x20, 0xe2, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00,
+0xe5, 0x2f, 0xb4, 0x19, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x80,
+0x1d, 0xe5, 0x5e, 0x20, 0xe2, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00, 0xe5, 0x46, 0x54, 0xf0,
+0xfe, 0xbe, 0xf0, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x92, 0x73,
+0x92, 0x72, 0x20, 0x6b, 0x04, 0xa2, 0x6a, 0x80, 0x45, 0x30, 0x6a, 0x06, 0xe5, 0x46, 0xa2, 0xe2,
+0x80, 0x3c, 0x30, 0x19, 0x1c, 0xe5, 0x5e, 0x20, 0xe0, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00,
+0xe5, 0x2f, 0xb4, 0x19, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x80,
+0x1d, 0xe5, 0x5e, 0x20, 0xe0, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00, 0xe5, 0x46, 0x54, 0xf0,
+0xfe, 0xbe, 0xf0, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x92, 0x75,
+0x92, 0x74, 0x20, 0x6d, 0x04, 0xa2, 0x6c, 0x80, 0x64, 0xe5, 0x47, 0x64, 0x0a, 0x70, 0x19, 0xe5,
+0x3a, 0xb4, 0x01, 0x06, 0xe5, 0x46, 0xa2, 0xe3, 0x80, 0x53, 0xe5, 0x46, 0x20, 0xe4, 0x03, 0x30,
+0xe5, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x80, 0x45, 0x30, 0x6c, 0x06, 0xe5, 0x46, 0xa2, 0xe2, 0x80,
+0x3c, 0x30, 0x19, 0x1c, 0xe5, 0x5e, 0x20, 0xe1, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00, 0xe5,
+0x2f, 0xb4, 0x19, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x80, 0x1d,
+0xe5, 0x5e, 0x20, 0xe1, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00, 0xe5, 0x46, 0x54, 0xf0, 0xfe,
+0xbe, 0xf0, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xee, 0x6f, 0x24, 0xff, 0x92, 0x71, 0x92,
+0x70, 0x90, 0x10, 0x00, 0xe0, 0x90, 0x10, 0x2c, 0xf0, 0x90, 0x10, 0x03, 0xe0, 0xc3, 0x94, 0x30,
+0x40, 0x14, 0xa2, 0x71, 0x92, 0x77, 0xa2, 0x70, 0x92, 0x76, 0xe5, 0x2e, 0x13, 0x13, 0x54, 0x3f,
+0xf5, 0x2e, 0xc2, 0x77, 0xd2, 0x76, 0x90, 0x10, 0x2f, 0xe5, 0x2e, 0xf0, 0xe5, 0x47, 0x64, 0x06,
+0x70, 0x46, 0x90, 0x02, 0x29, 0xe0, 0x54, 0xfe, 0xf0, 0xe5, 0x43, 0xc4, 0x54, 0x0f, 0x14, 0x60,
+0x14, 0x24, 0xfe, 0x60, 0x1f, 0x24, 0x03, 0x60, 0x03, 0x02, 0x19, 0x5e, 0x90, 0x02, 0x28, 0xe0,
+0x30, 0x47, 0x0d, 0x80, 0x07, 0x90, 0x02, 0x28, 0xe0, 0x20, 0x47, 0x04, 0x54, 0xfe, 0xf0, 0x22,
+0x44, 0x01, 0xf0, 0x22, 0xe5, 0x46, 0x30, 0xe2, 0x04, 0x7f, 0x01, 0x80, 0x02, 0x7f, 0x00, 0x90,
+0x02, 0x28, 0xe0, 0x54, 0xfe, 0x4f, 0xf0, 0x22, 0xe5, 0x47, 0x64, 0x07, 0x60, 0x0f, 0xe5, 0x47,
+0x64, 0x08, 0x60, 0x09, 0xe5, 0x47, 0x64, 0x09, 0x60, 0x03, 0x02, 0x18, 0x27, 0xe4, 0xf5, 0x27,
+0x90, 0x02, 0x29, 0xe0, 0x54, 0xfc, 0xf0, 0xe5, 0x3a, 0x14, 0x60, 0x2d, 0x14, 0x60, 0x2e, 0x14,
+0x60, 0x36, 0x24, 0xfc, 0x60, 0x5f, 0x24, 0xf9, 0x60, 0x1f, 0x24, 0x0e, 0x70, 0x69, 0xe5, 0x46,
+0x13, 0x13, 0x54, 0x3f, 0x75, 0xf0, 0x03, 0x84, 0xaf, 0xf0, 0x20, 0x47, 0x04, 0x7e, 0x01, 0x80,
+0x02, 0x7e, 0x00, 0xef, 0x6e, 0x24, 0xff, 0x80, 0x45, 0xa2, 0x47, 0x80, 0x41, 0xe5, 0x46, 0x30,
+0xe2, 0x03, 0xd3, 0x80, 0x27, 0xc3, 0x80, 0x24, 0xe5, 0x46, 0x30, 0xe2, 0x0d, 0x54, 0x38, 0xc3,
+0x94, 0x30, 0x50, 0x06, 0x7e, 0x00, 0x7f, 0x01, 0x80, 0x04, 0x7e, 0x00, 0x7f, 0x00, 0x20, 0x47,
+0x04, 0x7d, 0x01, 0x80, 0x02, 0x7d, 0x00, 0xef, 0x6d, 0x4e, 0x24, 0xff, 0x92, 0x38, 0xa2, 0x47,
+0xb3, 0x92, 0x39, 0x80, 0x19, 0xe5, 0x46, 0x30, 0xe2, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x92, 0x39,
+0xa2, 0x47, 0xb3, 0x92, 0x38, 0x80, 0x07, 0xa2, 0x47, 0xb3, 0x92, 0x38, 0x92, 0x39, 0x90, 0x02,
+0x28, 0xe0, 0x54, 0xfc, 0x02, 0x19, 0x5b, 0xe5, 0x47, 0x64, 0x0c, 0x60, 0x09, 0xe5, 0x47, 0x64,
+0x0b, 0x60, 0x03, 0x02, 0x18, 0xc6, 0xe4, 0xf5, 0x27, 0x90, 0x02, 0x29, 0xe0, 0x54, 0xfd, 0xf0,
+0xe5, 0x3a, 0x14, 0x60, 0x2b, 0x14, 0x60, 0x2e, 0x14, 0x60, 0x38, 0x24, 0xfc, 0x60, 0x5c, 0x24,
+0xf9, 0x60, 0x1d, 0x24, 0x0e, 0x70, 0x61, 0xe5, 0x46, 0x13, 0x13, 0x54, 0x3f, 0x75, 0xf0, 0x03,
+0x84, 0xaf, 0xf0, 0x20, 0x47, 0x04, 0x7e, 0x01, 0x80, 0x02, 0x7e, 0x00, 0xef, 0x6e, 0x80, 0x35,
+0xa2, 0x47, 0x92, 0x39, 0x80, 0x47, 0xe5, 0x46, 0x30, 0xe2, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x92,
+0x39, 0x80, 0x3a, 0xe5, 0x46, 0x30, 0xe2, 0x0d, 0x54, 0x38, 0xc3, 0x94, 0x30, 0x50, 0x06, 0x7e,
+0x00, 0x7f, 0x01, 0x80, 0x04, 0x7e, 0x00, 0x7f, 0x00, 0x20, 0x47, 0x04, 0x7d, 0x01, 0x80, 0x02,
+0x7d, 0x00, 0xef, 0x6d, 0x4e, 0x24, 0xff, 0x92, 0x39, 0x80, 0x12, 0xe5, 0x46, 0x30, 0xe2, 0x03,
+0xd3, 0x80, 0x01, 0xc3, 0x92, 0x39, 0x80, 0x05, 0xa2, 0x47, 0xb3, 0x92, 0x39, 0x90, 0x02, 0x28,
+0xe0, 0x54, 0xfd, 0x02, 0x19, 0x5b, 0xe5, 0x47, 0x64, 0x0d, 0x60, 0x03, 0x02, 0x19, 0x5e, 0xf5,
+0x27, 0x90, 0x02, 0x29, 0xe0, 0x54, 0xef, 0xf0, 0xe5, 0x3a, 0x14, 0x60, 0x2b, 0x14, 0x60, 0x2e,
+0x14, 0x60, 0x38, 0x24, 0xfc, 0x60, 0x5c, 0x24, 0xf9, 0x60, 0x1d, 0x24, 0x0e, 0x70, 0x61, 0xe5,
+0x46, 0x13, 0x13, 0x54, 0x3f, 0x75, 0xf0, 0x03, 0x84, 0xaf, 0xf0, 0x20, 0x47, 0x04, 0x7e, 0x01,
+0x80, 0x02, 0x7e, 0x00, 0xef, 0x6e, 0x80, 0x35, 0xa2, 0x47, 0x92, 0x3c, 0x80, 0x47, 0xe5, 0x46,
+0x30, 0xe2, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x92, 0x3c, 0x80, 0x3a, 0xe5, 0x46, 0x30, 0xe2, 0x0d,
+0x54, 0x38, 0xc3, 0x94, 0x30, 0x50, 0x06, 0x7e, 0x00, 0x7f, 0x01, 0x80, 0x04, 0x7e, 0x00, 0x7f,
+0x00, 0x20, 0x47, 0x04, 0x7d, 0x01, 0x80, 0x02, 0x7d, 0x00, 0xef, 0x6d, 0x4e, 0x24, 0xff, 0x92,
+0x3c, 0x80, 0x12, 0xe5, 0x46, 0x30, 0xe2, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x92, 0x3c, 0x80, 0x05,
+0xa2, 0x47, 0xb3, 0x92, 0x3c, 0x90, 0x02, 0x28, 0xe0, 0x54, 0xef, 0x45, 0x27, 0xf0, 0x22, 0xe5,
+0x47, 0x64, 0x0b, 0x70, 0x1c, 0x90, 0x02, 0x29, 0xe0, 0x54, 0xeb, 0xf0, 0x30, 0x47, 0x04, 0xaf,
+0x45, 0x80, 0x05, 0xe5, 0x45, 0x64, 0x14, 0xff, 0x90, 0x02, 0x28, 0xe0, 0x54, 0xeb, 0x4f, 0xf0,
+0x22, 0xe4, 0x90, 0x02, 0x29, 0xf0, 0x30, 0x47, 0x04, 0xaf, 0x45, 0x80, 0x04, 0xe5, 0x45, 0xf4,
+0xff, 0x90, 0x02, 0x28, 0xef, 0xf0, 0x22, 0x8f, 0x50, 0xd2, 0x59, 0x22, 0x8f, 0x54, 0xd2, 0x58,
+0x22, 0xe4, 0xf5, 0x37, 0xc2, 0xaf, 0xe5, 0x51, 0x14, 0x60, 0x4a, 0x14, 0x60, 0x6b, 0x24, 0x02,
+0x60, 0x03, 0x02, 0x1b, 0x12, 0xd2, 0x59, 0x75, 0x55, 0x01, 0x20, 0x1a, 0x1c, 0x90, 0x02, 0x08,
+0xe0, 0x54, 0xfe, 0xf0, 0xe0, 0x20, 0xe1, 0x23, 0x90, 0x04, 0x34, 0xe0, 0xb4, 0x02, 0x1c, 0xa3,
+0xe0, 0xb4, 0x02, 0x17, 0xa3, 0xe0, 0xb4, 0x02, 0x12, 0x7f, 0x20, 0x12, 0x19, 0x97, 0x90, 0x10,
+0x04, 0xe0, 0x54, 0xf3, 0xf0, 0x75, 0x51, 0x01, 0x02, 0x1b, 0x12, 0xe5, 0x50, 0x70, 0x06, 0x75,
+0x37, 0x03, 0x02, 0x1b, 0x12, 0x90, 0x12, 0x00, 0xe0, 0x54, 0x03, 0x70, 0x15, 0x7f, 0x20, 0x12,
+0x19, 0x97, 0x20, 0x1a, 0x07, 0x90, 0x02, 0x08, 0xe0, 0x54, 0xfb, 0xf0, 0x75, 0x51, 0x02, 0x02,
+0x1b, 0x12, 0xe5, 0x50, 0x70, 0x03, 0x02, 0x1b, 0x0d, 0x20, 0x1a, 0x15, 0x90, 0x02, 0x08, 0xe0,
+0x30, 0xe3, 0x03, 0x02, 0x1b, 0x09, 0x90, 0x04, 0x37, 0xe0, 0x64, 0x22, 0x60, 0x03, 0x02, 0x1b,
+0x09, 0x90, 0x12, 0x04, 0x74, 0x0a, 0xf0, 0xe5, 0x58, 0xb4, 0x72, 0x15, 0xe5, 0x59, 0xb4, 0x35,
+0x10, 0xe4, 0x90, 0x05, 0x00, 0xf0, 0xa3, 0x74, 0x08, 0xf0, 0xa3, 0x74, 0x01, 0xf0, 0x74, 0x03,
+0xf0, 0x7f, 0x01, 0x12, 0x03, 0x30, 0x90, 0x13, 0x28, 0xe0, 0x54, 0xf0, 0xf0, 0xa3, 0xe0, 0x54,
+0xf0, 0xf0, 0xe5, 0x59, 0xb4, 0x35, 0x14, 0xe5, 0x3c, 0xf4, 0x60, 0x06, 0xa3, 0xe0, 0x54, 0xf3,
+0x80, 0x14, 0x90, 0x13, 0x2a, 0xe0, 0x54, 0xfb, 0xf0, 0x80, 0x14, 0xe5, 0x3c, 0xf4, 0x90, 0x13,
+0x2a, 0x60, 0x08, 0xe0, 0x54, 0xf2, 0x45, 0x3c, 0xf0, 0x80, 0x04, 0xe0, 0x54, 0xfa, 0xf0, 0x20,
+0x1a, 0x07, 0x90, 0x04, 0x01, 0xe0, 0x44, 0x10, 0xf0, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x09,
+0xe5, 0x30, 0x70, 0x05, 0x75, 0x8c, 0x40, 0x80, 0x03, 0x75, 0x8c, 0x80, 0x90, 0x04, 0x01, 0xe0,
+0x54, 0xfd, 0xf0, 0x20, 0x1a, 0x07, 0x90, 0x12, 0x04, 0xe0, 0x44, 0x04, 0xf0, 0xe5, 0x59, 0xb4,
+0x28, 0x06, 0x90, 0x01, 0x0d, 0xe0, 0xf5, 0x31, 0xe5, 0x34, 0xc3, 0x94, 0x02, 0x40, 0x14, 0x90,
+0x01, 0x0d, 0xe0, 0x44, 0x01, 0xf0, 0xe5, 0x59, 0x64, 0x35, 0x60, 0x07, 0x90, 0x12, 0x04, 0xe0,
+0x54, 0xfd, 0xf0, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x14, 0x20, 0x02, 0x11, 0x20, 0x03, 0x0e,
+0x90, 0x01, 0x0d, 0xe0, 0x54, 0xfb, 0xf0, 0x90, 0x01, 0x0c, 0xe0, 0x54, 0xfd, 0xf0, 0x75, 0x37,
+0x01, 0x75, 0x55, 0x02, 0xe4, 0xf5, 0x51, 0x80, 0x09, 0xe5, 0x50, 0x70, 0x05, 0x75, 0x37, 0x03,
+0xf5, 0x51, 0xe5, 0x37, 0x60, 0x18, 0xc2, 0x01, 0xe4, 0xf5, 0x51, 0xc2, 0x59, 0x20, 0x1a, 0x0e,
+0xad, 0x37, 0xaf, 0x40, 0x12, 0x1c, 0x1b, 0xe5, 0x37, 0xb4, 0x03, 0x02, 0xd2, 0x03, 0xd2, 0xaf,
+0x22, 0xc2, 0xaf, 0x30, 0x01, 0x0e, 0xe4, 0xf5, 0x51, 0xc2, 0x59, 0xc2, 0x01, 0x7d, 0x02, 0xaf,
+0x40, 0x12, 0x1c, 0x1b, 0xe5, 0x52, 0x14, 0x60, 0x5c, 0x14, 0x60, 0x3a, 0x24, 0x02, 0x60, 0x03,
+0x02, 0x1c, 0x18, 0xe5, 0x34, 0xc3, 0x94, 0x03, 0x40, 0x0c, 0x90, 0x01, 0x0c, 0xe0, 0x44, 0x02,
+0xf0, 0xa3, 0xe0, 0x44, 0x04, 0xf0, 0xe5, 0x34, 0xc3, 0x94, 0x02, 0x40, 0x13, 0x90, 0x12, 0x04,
+0xe0, 0x44, 0x02, 0xf0, 0x7f, 0x32, 0x12, 0x03, 0x30, 0x90, 0x01, 0x0d, 0xe0, 0x54, 0xfe, 0xf0,
+0x75, 0x52, 0x02, 0x75, 0x55, 0x03, 0xe5, 0x59, 0xb4, 0x28, 0x06, 0x90, 0x01, 0x0d, 0xe5, 0x31,
+0xf0, 0x90, 0x12, 0x04, 0xe0, 0x54, 0xfb, 0xf0, 0x7f, 0x20, 0x12, 0x19, 0x9c, 0x75, 0x52, 0x01,
+0x75, 0x55, 0x03, 0x80, 0x73, 0xe5, 0x54, 0x70, 0x6f, 0x90, 0x04, 0x01, 0xe0, 0x44, 0x0e, 0xf0,
+0x20, 0x1a, 0x04, 0xe0, 0x54, 0xef, 0xf0, 0xe4, 0xf5, 0x8c, 0x90, 0x13, 0x28, 0xe0, 0x44, 0x0f,
+0xf0, 0xa3, 0xe0, 0x44, 0x0f, 0xf0, 0xa3, 0xe0, 0x44, 0x05, 0xf0, 0x90, 0x12, 0x04, 0x74, 0x03,
+0xf0, 0xe5, 0x58, 0xb4, 0x72, 0x16, 0xe5, 0x59, 0xb4, 0x35, 0x11, 0x90, 0x05, 0x00, 0x74, 0xe2,
+0xf0, 0xa3, 0x74, 0x08, 0xf0, 0xa3, 0x74, 0x01, 0xf0, 0x74, 0x03, 0xf0, 0x7f, 0x01, 0x12, 0x03,
+0x30, 0x20, 0x1a, 0x07, 0x90, 0x02, 0x08, 0xe0, 0x44, 0x05, 0xf0, 0x90, 0x10, 0x04, 0xe0, 0x44,
+0x0c, 0xf0, 0xe4, 0xf5, 0x52, 0xf5, 0x55, 0x30, 0x02, 0x09, 0xc2, 0x02, 0x7d, 0x01, 0xaf, 0x41,
+0x12, 0x1c, 0x1b, 0x30, 0x03, 0x02, 0xc2, 0x03, 0xd2, 0xaf, 0x22, 0xef, 0xf4, 0x60, 0x2d, 0xe4,
+0xfe, 0x74, 0x14, 0x2e, 0xf5, 0x82, 0xe4, 0x34, 0x70, 0xf5, 0x83, 0xe0, 0xb4, 0xff, 0x19, 0x74,
+0x14, 0x2e, 0xf5, 0x82, 0xe4, 0x34, 0x70, 0xf5, 0x83, 0xef, 0xf0, 0x74, 0x1c, 0x2e, 0xf5, 0x82,
+0xe4, 0x34, 0x70, 0xf5, 0x83, 0xed, 0xf0, 0x22, 0x0e, 0xbe, 0x04, 0xd5, 0x22, 0x22, 0x22, 0x30,
+0x1a, 0x77, 0x90, 0x04, 0x37, 0xe0, 0x20, 0xe5, 0x6c, 0x90, 0x04, 0x28, 0xe0, 0xf5, 0x38, 0xa3,
+0xe0, 0xf5, 0x37, 0xf5, 0x39, 0xe4, 0xf5, 0x25, 0xe5, 0x39, 0x75, 0xf0, 0x80, 0xa4, 0x24, 0x00,
+0xff, 0xe5, 0xf0, 0x34, 0x80, 0xfe, 0xe5, 0x37, 0x65, 0x39, 0x70, 0x05, 0xfc, 0x7d, 0x28, 0x80,
+0x04, 0x7c, 0x00, 0x7d, 0x00, 0xef, 0x2d, 0xff, 0xee, 0x3c, 0xfe, 0x12, 0x1c, 0xca, 0x50, 0x07,
+0x90, 0x01, 0x14, 0xe0, 0x44, 0x02, 0xf0, 0xe5, 0x39, 0x65, 0x38, 0x60, 0x10, 0xe4, 0x25, 0x39,
+0xff, 0xe4, 0x34, 0x80, 0x8f, 0x82, 0xf5, 0x83, 0xe0, 0xf5, 0x39, 0x80, 0xbb, 0x90, 0x04, 0x10,
+0x74, 0x01, 0xf0, 0x90, 0x04, 0x28, 0xe5, 0x38, 0xf0, 0xa3, 0xe5, 0x37, 0xf0, 0x90, 0x04, 0x11,
+0x74, 0x01, 0xf0, 0x80, 0x8d, 0xc2, 0x06, 0xd2, 0x1b, 0x22, 0xe5, 0x25, 0xc3, 0x94, 0x06, 0x50,
+0x19, 0x8f, 0x82, 0x8e, 0x83, 0xe0, 0xb4, 0xff, 0x07, 0x05, 0x25, 0xe4, 0xf5, 0x24, 0x80, 0x2e,
+0xe4, 0xf5, 0x25, 0x8f, 0x82, 0x8e, 0x83, 0xf0, 0x80, 0x24, 0xe5, 0x24, 0x75, 0xf0, 0x06, 0x84,
+0x74, 0x08, 0x25, 0xf0, 0xf5, 0x82, 0xe4, 0x34, 0x10, 0xf5, 0x83, 0xe0, 0xfd, 0x8f, 0x82, 0x8e,
+0x83, 0xe0, 0x6d, 0x70, 0x06, 0x05, 0x25, 0x05, 0x24, 0x80, 0x03, 0xe4, 0xf5, 0x25, 0x0f, 0xbf,
+0x00, 0x01, 0x0e, 0xef, 0x54, 0x7f, 0x60, 0x07, 0xe5, 0x25, 0xc3, 0x94, 0x2a, 0x40, 0xab, 0xe5,
+0x25, 0xb4, 0x2a, 0x03, 0xd3, 0x80, 0x01, 0xc3, 0x22, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0xe3, 0x34, } ;
diff --git a/drivers/staging/rt3090/igmp_snoop.h b/drivers/staging/rt3090/igmp_snoop.h
new file mode 100644 (file)
index 0000000..63f9692
--- /dev/null
@@ -0,0 +1,152 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    igmp_snoop.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+
+#ifndef __RTMP_IGMP_SNOOP_H__
+#define __RTMP_IGMP_SNOOP_H__
+
+#include "link_list.h"
+
+#define IGMP_PROTOCOL_DESCRIPTOR       0x02
+#define IGMP_V1_MEMBERSHIP_REPORT      0x12
+#define IGMP_V2_MEMBERSHIP_REPORT      0x16
+#define IGMP_LEAVE_GROUP                       0x17
+#define IGMP_V3_MEMBERSHIP_REPORT      0x22
+
+#define MLD_V1_LISTENER_REPORT         131
+#define MLD_V1_LISTENER_DONE           132
+#define MLD_V2_LISTERNER_REPORT                143
+
+#define IGMPMAC_TB_ENTRY_AGEOUT_TIME 120 * OS_HZ
+
+#define MULTICAST_ADDR_HASH_INDEX(Addr)      (MAC_ADDR_HASH(Addr) % (MAX_LEN_OF_MULTICAST_FILTER_HASH_TABLE))
+
+#define IS_MULTICAST_MAC_ADDR(Addr)                    ((((Addr[0]) & 0x01) == 0x01) && ((Addr[0]) != 0xff))
+#define IS_BROADCAST_MAC_ADDR(Addr)                    ((((Addr[0]) & 0xff) == 0xff))
+
+VOID MulticastFilterTableInit(
+       IN PMULTICAST_FILTER_TABLE *ppMulticastFilterTable);
+
+VOID MultiCastFilterTableReset(
+       IN PMULTICAST_FILTER_TABLE *ppMulticastFilterTable);
+
+BOOLEAN MulticastFilterTableInsertEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pGrpId,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV dev,
+       IN MulticastFilterEntryType type);
+
+BOOLEAN MulticastFilterTableDeleteEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pGrpId,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV dev);
+
+PMULTICAST_FILTER_TABLE_ENTRY MulticastFilterTableLookup(
+       IN PMULTICAST_FILTER_TABLE pMulticastFilterTable,
+       IN PUCHAR pAddr,
+       IN PNET_DEV dev);
+
+BOOLEAN isIgmpPkt(
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pIpHeader);
+
+VOID IGMPSnooping(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pSrcMacAddr,
+       IN PUCHAR pIpHeader,
+       IN PNET_DEV pDev);
+
+BOOLEAN isMldPkt(
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pIpHeader,
+       OUT UINT8 *pProtoType,
+       OUT PUCHAR *pMldHeader);
+
+VOID MLDSnooping(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDstMacAddr,
+       IN PUCHAR pSrcMacAddr,
+       IN PUCHAR pIpHeader,
+       IN PNET_DEV pDev);
+
+UCHAR IgmpMemberCnt(
+       IN PLIST_HEADER pList);
+
+VOID IgmpGroupDelMembers(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pMemberAddr,
+       IN PNET_DEV pDev);
+
+INT Set_IgmpSn_Enable_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
+
+INT Set_IgmpSn_AddEntry_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
+
+INT Set_IgmpSn_DelEntry_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
+
+INT Set_IgmpSn_TabDisplay_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING arg);
+
+void rtmp_read_igmp_snoop_from_file(
+       IN  PRTMP_ADAPTER pAd,
+       PSTRING tmpbuf,
+       PSTRING buffer);
+
+NDIS_STATUS IgmpPktInfoQuery(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pSrcBufVA,
+       IN PNDIS_PACKET pPacket,
+       IN UCHAR apidx,
+       OUT BOOLEAN *pInIgmpGroup,
+       OUT PMULTICAST_FILTER_TABLE_ENTRY *ppGroupEntry);
+
+NDIS_STATUS IgmpPktClone(
+       IN PRTMP_ADAPTER pAd,
+       IN PNDIS_PACKET pPacket,
+       IN UCHAR QueIdx,
+       IN PMULTICAST_FILTER_TABLE_ENTRY pGroupEntry);
+
+#endif /* __RTMP_IGMP_SNOOP_H__ */
diff --git a/drivers/staging/rt3090/ipv6.h b/drivers/staging/rt3090/ipv6.h
new file mode 100644 (file)
index 0000000..c34a5f2
--- /dev/null
@@ -0,0 +1,215 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    ipv6.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+*/
+
+#ifndef __IPV6_HDR_H_
+#define __IPV6_HDR_H_
+
+#define IPV6_ADDR_LEN 16
+#define IPV6_HDR_LEN  40
+
+// IPv6 address definition
+#define IPV6_LINK_LOCAL_ADDR_PREFIX            0xFE8
+#define IPV6_SITE_LOCAL_ADDR_PREFIX            0xFEC
+#define IPV6_LOCAL_ADDR_PREFIX                 0xFE8
+#define IPV6_MULTICAST_ADDR_PREFIX             0xFF
+#define IPV6_LOOPBACK_ADDR                             0x1
+#define IPV6_UNSPECIFIED_ADDR                  0x0
+
+// defined as sequence in IPv6 header
+#define IPV6_NEXT_HEADER_HOP_BY_HOP            0x00    // 0
+#define IPV6_NEXT_HEADER_DESTINATION   0x3c    // 60
+#define IPV6_NEXT_HEADER_ROUTING               0x2b    // 43
+#define IPV6_NEXT_HEADER_FRAGMENT              0x2c    // 44
+#define IPV6_NEXT_HEADER_AUTHENTICATION        0x33    // 51
+#define IPV6_NEXT_HEADER_ENCAPSULATION 0x32    // 50, RFC-2406
+#define IPV6_NEXT_HEADER_NONE                  0x3b    // 59
+
+#define IPV6_NEXT_HEADER_TCP                   0x06
+#define IPV6_NEXT_HEADER_UDP                   0x11
+#define IPV6_NEXT_HEADER_ICMPV6                        0x3a
+
+// ICMPv6 msg type definition
+#define ICMPV6_MSG_TYPE_ROUTER_SOLICITATION                    0x85 // 133
+#define ROUTER_SOLICITATION_FIXED_LEN                          8
+
+#define ICMPV6_MSG_TYPE_ROUTER_ADVERTISEMENT           0x86 // 134
+#define ROUTER_ADVERTISEMENT_FIXED_LEN                         16
+
+#define ICMPV6_MSG_TYPE_NEIGHBOR_SOLICITATION          0x87 // 135
+#define NEIGHBOR_SOLICITATION_FIXED_LEN                                24
+
+#define ICMPV6_MSG_TYPE_NEIGHBOR_ADVERTISEMENT         0x88 // 136
+#define NEIGHBOR_ADVERTISEMENT_FIXED_LEN                       24
+
+#define ICMPV6_MSG_TYPE_REDIRECT                                       0x89 // 137
+#define REDIRECT_FIXED_LEN                                                     40
+
+/* IPv6 Address related structures */
+typedef struct rt_ipv6_addr_
+{
+       union
+       {
+               UCHAR   ipv6Addr8[16];
+               USHORT  ipv6Addr16[8];
+               UINT32  ipv6Addr32[4];
+       }addr;
+#define ipv6_addr                      addr.ipv6Addr8
+#define ipv6_addr16                    addr.ipv6Addr16
+#define ipv6_addr32                    addr.ipv6Addr32
+}RT_IPV6_ADDR, *PRT_IPV6_ADDR;
+
+
+#define PRINT_IPV6_ADDR(ipv6Addr)      \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[0]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[1]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[2]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[3]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[4]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[5]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[6]), \
+       OS_NTOHS((ipv6Addr).ipv6_addr16[7])
+
+
+/*\14\14IPv6 Header related structures */
+typedef struct PACKED _rt_ipv6_hdr_
+{
+       UINT32                  ver:4,
+                                       trafficClass:8,
+                               flowLabel:20;
+       USHORT                  payload_len;
+       UCHAR                   nextHdr;
+       UCHAR                   hopLimit;
+       RT_IPV6_ADDR    srcAddr;
+       RT_IPV6_ADDR    dstAddr;
+}RT_IPV6_HDR, *PRT_IPV6_HDR;
+
+
+typedef struct PACKED _rt_ipv6_ext_hdr_
+{
+       UCHAR   nextProto; // Indicate the protocol type of next extension header.
+       UCHAR   extHdrLen; // optional field for msg length of this extension header which didn't include the first "nextProto" field.
+       UCHAR   octets[1]; // hook to extend header message body.
+}RT_IPV6_EXT_HDR, *PRT_IPV6_EXT_HDR;
+
+
+/* ICMPv6 related structures */
+typedef struct PACKED _rt_ipv6_icmpv6_hdr_
+{
+       UCHAR   type;
+       UCHAR   code;
+       USHORT  chksum;
+       UCHAR   octets[1]; //hook to extend header message body.
+}RT_ICMPV6_HDR, *PRT_ICMPV6_HDR;
+
+
+typedef struct PACKED _rt_icmp6_option_hdr_
+{
+       UCHAR type;
+       UCHAR len;
+       UCHAR octet[1];
+}RT_ICMPV6_OPTION_HDR, *PRT_ICMPV6_OPTION_HDR;
+
+typedef enum{
+// Defined ICMPv6 Option Types.
+       TYPE_SRC_LL_ADDR        = 1,
+       TYPE_TGT_LL_ADDR        = 2,
+       TYPE_PREFIX_INFO                        = 3,
+       TYPE_REDIRECTED_HDR                     = 4,
+       TYPE_MTU                                        = 5,
+}ICMPV6_OPTIONS_TYPE_DEF;
+
+
+static inline BOOLEAN IPv6ExtHdrHandle(
+       RT_IPV6_EXT_HDR         *pExtHdr,
+       UCHAR                           *pProto,
+       UINT32                          *pOffset)
+{
+       UCHAR nextProto = 0xff;
+       UINT32 extLen = 0;
+       BOOLEAN status = TRUE;
+
+       //printk("%s(): parsing the Extension Header with Protocol(0x%x):\n", __FUNCTION__, *pProto);
+       switch (*pProto)
+       {
+               case IPV6_NEXT_HEADER_HOP_BY_HOP:
+                       // IPv6ExtHopByHopHandle();
+                       nextProto = pExtHdr->nextProto;
+                       extLen = (pExtHdr->extHdrLen + 1) * 8;
+                       break;
+
+               case IPV6_NEXT_HEADER_DESTINATION:
+                       // IPv6ExtDestHandle();
+                       nextProto = pExtHdr->nextProto;
+                       extLen = (pExtHdr->extHdrLen + 1) * 8;
+                       break;
+
+               case IPV6_NEXT_HEADER_ROUTING:
+                       // IPv6ExtRoutingHandle();
+                       nextProto = pExtHdr->nextProto;
+                       extLen = (pExtHdr->extHdrLen + 1) * 8;
+                       break;
+
+               case IPV6_NEXT_HEADER_FRAGMENT:
+                       // IPv6ExtFragmentHandle();
+                       nextProto = pExtHdr->nextProto;
+                       extLen = 8; // The Fragment header length is fixed to 8 bytes.
+                       break;
+
+               case IPV6_NEXT_HEADER_AUTHENTICATION:
+               //   IPV6_NEXT_HEADER_ENCAPSULATION:
+                       /*
+                               TODO: Not support. For encryption issue.
+                       */
+                       nextProto = 0xFF;
+                       status = FALSE;
+                       break;
+
+               default:
+                       nextProto = 0xFF;
+                       status = FALSE;
+                       break;
+       }
+
+       *pProto = nextProto;
+       *pOffset += extLen;
+       //printk("%s(): nextProto = 0x%x!, offset=0x%x!\n", __FUNCTION__, nextProto, offset);
+
+       return status;
+
+}
+
+#endif // __IPV6_HDR_H_ //
diff --git a/drivers/staging/rt3090/link_list.h b/drivers/staging/rt3090/link_list.h
new file mode 100644 (file)
index 0000000..205b610
--- /dev/null
@@ -0,0 +1,133 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#ifndef __LINK_LIST_H__
+#define __LINK_LIST_H__
+
+typedef struct _LIST_ENTRY
+{
+       struct _LIST_ENTRY *pNext;
+} LIST_ENTRY, *PLIST_ENTRY;
+
+typedef struct _LIST_HEADR
+{
+       PLIST_ENTRY pHead;
+       PLIST_ENTRY pTail;
+       UCHAR size;
+} LIST_HEADER, *PLIST_HEADER;
+
+static inline VOID initList(
+       IN PLIST_HEADER pList)
+{
+       pList->pHead = pList->pTail = NULL;
+       pList->size = 0;
+       return;
+}
+
+static inline VOID insertTailList(
+       IN PLIST_HEADER pList,
+       IN PLIST_ENTRY pEntry)
+{
+       pEntry->pNext = NULL;
+       if (pList->pTail)
+               pList->pTail->pNext = pEntry;
+       else
+               pList->pHead = pEntry;
+       pList->pTail = pEntry;
+       pList->size++;
+
+       return;
+}
+
+static inline PLIST_ENTRY removeHeadList(
+       IN PLIST_HEADER pList)
+{
+       PLIST_ENTRY pNext;
+       PLIST_ENTRY pEntry;
+
+       pEntry = pList->pHead;
+       if (pList->pHead != NULL)
+       {
+               pNext = pList->pHead->pNext;
+               pList->pHead = pNext;
+               if (pNext == NULL)
+                       pList->pTail = NULL;
+               pList->size--;
+       }
+       return pEntry;
+}
+
+static inline int getListSize(
+       IN PLIST_HEADER pList)
+{
+       return pList->size;
+}
+
+static inline PLIST_ENTRY delEntryList(
+       IN PLIST_HEADER pList,
+       IN PLIST_ENTRY pEntry)
+{
+       PLIST_ENTRY pCurEntry;
+       PLIST_ENTRY pPrvEntry;
+
+       if(pList->pHead == NULL)
+               return NULL;
+
+       if(pEntry == pList->pHead)
+       {
+               pCurEntry = pList->pHead;
+               pList->pHead = pCurEntry->pNext;
+
+               if(pList->pHead == NULL)
+                       pList->pTail = NULL;
+
+               pList->size--;
+               return pCurEntry;
+       }
+
+       pPrvEntry = pList->pHead;
+       pCurEntry = pPrvEntry->pNext;
+       while(pCurEntry != NULL)
+       {
+               if (pEntry == pCurEntry)
+               {
+                       pPrvEntry->pNext = pCurEntry->pNext;
+
+                       if(pEntry == pList->pTail)
+                               pList->pTail = pPrvEntry;
+
+                       pList->size--;
+                       break;
+               }
+               pPrvEntry = pCurEntry;
+               pCurEntry = pPrvEntry->pNext;
+       }
+
+       return pCurEntry;
+}
+
+#endif // ___LINK_LIST_H__ //
diff --git a/drivers/staging/rt3090/mac_pci.h b/drivers/staging/rt3090/mac_pci.h
new file mode 100644 (file)
index 0000000..bad04d4
--- /dev/null
@@ -0,0 +1,454 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+        mac_pci.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __MAC_PCI_H__
+#define __MAC_PCI_H__
+
+#include "rtmp_type.h"
+#include "rtmp_mac.h"
+#include "rtmp_phy.h"
+#include "rtmp_iface.h"
+#include "rtmp_dot11.h"
+
+
+//
+// Device ID & Vendor ID related definitions,
+// NOTE: you should not add the new VendorID/DeviceID here unless you not sure it belongs to what chip.
+//
+#define NIC_PCI_VENDOR_ID              0x1814
+#define PCIBUS_INTEL_VENDOR    0x8086
+
+#if !defined(PCI_CAP_ID_EXP)
+#define PCI_CAP_ID_EXP                     0x10
+#endif
+#if !defined(PCI_EXP_LNKCTL)
+#define PCI_EXP_LNKCTL                     0x10
+#endif
+#if !defined(PCI_CLASS_BRIDGE_PCI)
+#define PCI_CLASS_BRIDGE_PCI           0x0604
+#endif
+
+
+
+
+
+#define TXINFO_SIZE                                            0
+#define RTMP_PKT_TAIL_PADDING                  0
+#define fRTMP_ADAPTER_NEED_STOP_TX     0
+
+#define AUX_CTRL           0x10c
+
+//
+// TX descriptor format, Tx    ring, Mgmt Ring
+//
+#ifdef RT_BIG_ENDIAN
+typedef        struct  PACKED _TXD_STRUC {
+       // Word 0
+       UINT32          SDPtr0;
+       // Word 1
+       UINT32          DMADONE:1;
+       UINT32          LastSec0:1;
+       UINT32          SDLen0:14;
+       UINT32          Burst:1;
+       UINT32          LastSec1:1;
+       UINT32          SDLen1:14;
+       // Word 2
+       UINT32          SDPtr1;
+       // Word 3
+       UINT32          ICO:1;
+       UINT32          UCO:1;
+       UINT32          TCO:1;
+       UINT32          rsv:2;
+       UINT32          QSEL:2; // select on-chip FIFO ID for 2nd-stage output scheduler.0:MGMT, 1:HCCA 2:EDCA
+       UINT32          WIV:1;  // Wireless Info Valid. 1 if Driver already fill WI,  o if DMA needs to copy WI to correctposition
+       UINT32          rsv2:24;
+}      TXD_STRUC, *PTXD_STRUC;
+#else
+typedef        struct  PACKED _TXD_STRUC {
+       // Word 0
+       UINT32          SDPtr0;
+       // Word 1
+       UINT32          SDLen1:14;
+       UINT32          LastSec1:1;
+       UINT32          Burst:1;
+       UINT32          SDLen0:14;
+       UINT32          LastSec0:1;
+       UINT32          DMADONE:1;
+       //Word2
+       UINT32          SDPtr1;
+       //Word3
+       UINT32          rsv2:24;
+       UINT32          WIV:1;  // Wireless Info Valid. 1 if Driver already fill WI,  o if DMA needs to copy WI to correctposition
+       UINT32          QSEL:2; // select on-chip FIFO ID for 2nd-stage output scheduler.0:MGMT, 1:HCCA 2:EDCA
+       UINT32          rsv:2;
+       UINT32          TCO:1;  //
+       UINT32          UCO:1;  //
+       UINT32          ICO:1;  //
+}      TXD_STRUC, *PTXD_STRUC;
+#endif
+
+
+//
+// Rx descriptor format, Rx Ring
+//
+#ifdef RT_BIG_ENDIAN
+typedef        struct  PACKED _RXD_STRUC{
+       // Word 0
+       UINT32          SDP0;
+       // Word 1
+       UINT32          DDONE:1;
+       UINT32          LS0:1;
+       UINT32          SDL0:14;
+       UINT32          Rsv:2;
+       UINT32          SDL1:14;
+       // Word 2
+       UINT32          SDP1;
+       // Word 3
+       UINT32          Rsv1:13;
+       UINT32          PlcpRssil:1;// To be moved
+       UINT32          PlcpSignal:1;           // To be moved
+       UINT32          Decrypted:1;    // this frame is being decrypted.
+       UINT32          AMPDU:1;
+       UINT32          L2PAD:1;
+       UINT32          RSSI:1;
+       UINT32          HTC:1;
+       UINT32          AMSDU:1;                // rx with 802.3 header, not 802.11 header. obsolete.
+       UINT32          CipherErr:2;        // 0: decryption okay, 1:ICV error, 2:MIC error, 3:KEY not valid
+       UINT32          Crc:1;              // 1: CRC error
+       UINT32          MyBss:1;        // 1: this frame belongs to the same BSSID
+       UINT32          Bcast:1;            // 1: this is a broadcast frame
+       UINT32          Mcast:1;            // 1: this is a multicast frame
+       UINT32          U2M:1;              // 1: this RX frame is unicast to me
+       UINT32          FRAG:1;
+       UINT32          NULLDATA:1;
+       UINT32          DATA:1;
+       UINT32          BA:1;
+
+}      RXD_STRUC, *PRXD_STRUC, RT28XX_RXD_STRUC, *PRT28XX_RXD_STRUC;
+#else
+typedef        struct  PACKED _RXD_STRUC{
+       // Word 0
+       UINT32          SDP0;
+       // Word 1
+       UINT32          SDL1:14;
+       UINT32          Rsv:2;
+       UINT32          SDL0:14;
+       UINT32          LS0:1;
+       UINT32          DDONE:1;
+       // Word 2
+       UINT32          SDP1;
+       // Word 3
+       UINT32          BA:1;
+       UINT32          DATA:1;
+       UINT32          NULLDATA:1;
+       UINT32          FRAG:1;
+       UINT32          U2M:1;              // 1: this RX frame is unicast to me
+       UINT32          Mcast:1;            // 1: this is a multicast frame
+       UINT32          Bcast:1;            // 1: this is a broadcast frame
+       UINT32          MyBss:1;        // 1: this frame belongs to the same BSSID
+       UINT32          Crc:1;              // 1: CRC error
+       UINT32          CipherErr:2;        // 0: decryption okay, 1:ICV error, 2:MIC error, 3:KEY not valid
+       UINT32          AMSDU:1;                // rx with 802.3 header, not 802.11 header.
+       UINT32          HTC:1;
+       UINT32          RSSI:1;
+       UINT32          L2PAD:1;
+       UINT32          AMPDU:1;
+       UINT32          Decrypted:1;    // this frame is being decrypted.
+       UINT32          PlcpSignal:1;           // To be moved
+       UINT32          PlcpRssil:1;// To be moved
+       UINT32          Rsv1:13;
+}      RXD_STRUC, *PRXD_STRUC, RT28XX_RXD_STRUC, *PRT28XX_RXD_STRUC;
+#endif
+
+#ifdef BIG_ENDIAN
+typedef union _TX_ATTENUATION_CTRL_STRUC
+{
+       struct
+       {
+               ULONG   Reserve1:20;
+               ULONG   PCIE_PHY_TX_ATTEN_EN:1;
+               ULONG   PCIE_PHY_TX_ATTEN_VALUE:3;
+               ULONG   Reserve2:7;
+               ULONG   RF_ISOLATION_ENABLE:1;
+       } field;
+
+       ULONG   word;
+} TX_ATTENUATION_CTRL_STRUC, *PTX_ATTENUATION_CTRL_STRUC;
+#else
+typedef union _TX_ATTENUATION_CTRL_STRUC {
+       struct
+       {
+               ULONG   RF_ISOLATION_ENABLE:1;
+               ULONG   Reserve2:7;
+               ULONG   PCIE_PHY_TX_ATTEN_VALUE:3;
+               ULONG   PCIE_PHY_TX_ATTEN_EN:1;
+               ULONG   Reserve1:20;
+       } field;
+
+       ULONG   word;
+} TX_ATTENUATION_CTRL_STRUC, *PTX_ATTENUATION_CTRL_STRUC;
+#endif
+/* ----------------- EEPROM Related MACRO ----------------- */
+
+// 8051 firmware image for RT2860 - base address = 0x4000
+#define FIRMWARE_IMAGE_BASE     0x2000
+#define MAX_FIRMWARE_IMAGE_SIZE 0x2000    // 8kbyte
+
+
+/* ----------------- Frimware Related MACRO ----------------- */
+#define RTMP_WRITE_FIRMWARE(_pAd, _pFwImage, _FwLen)                   \
+       do{                                                             \
+               ULONG   _i, _firm;                                      \
+               RTMP_IO_WRITE32(_pAd, PBF_SYS_CTRL, 0x10000);           \
+                                                                       \
+               for(_i=0; _i<_FwLen; _i+=4)                             \
+               {                                                       \
+                       _firm = _pFwImage[_i] +                         \
+                          (_pFwImage[_i+3] << 24) +                    \
+                          (_pFwImage[_i+2] << 16) +                    \
+                          (_pFwImage[_i+1] << 8);                      \
+                       RTMP_IO_WRITE32(_pAd, FIRMWARE_IMAGE_BASE + _i, _firm); \
+               }                                                       \
+               RTMP_IO_WRITE32(_pAd, PBF_SYS_CTRL, 0x00000);           \
+               RTMP_IO_WRITE32(_pAd, PBF_SYS_CTRL, 0x00001);           \
+                                                                       \
+               /* initialize BBP R/W access agent */                   \
+               RTMP_IO_WRITE32(_pAd, H2M_BBP_AGENT, 0);                \
+               RTMP_IO_WRITE32(_pAd, H2M_MAILBOX_CSR, 0);              \
+       }while(0)
+
+
+/* ----------------- TX Related MACRO ----------------- */
+#define RTMP_START_DEQUEUE(pAd, QueIdx, irqFlags)              do{}while(0)
+#define RTMP_STOP_DEQUEUE(pAd, QueIdx, irqFlags)               do{}while(0)
+
+
+#define RTMP_HAS_ENOUGH_FREE_DESC(pAd, pTxBlk, freeNum, pPacket) \
+               ((freeNum) >= (ULONG)(pTxBlk->TotalFragNum + RTMP_GET_PACKET_FRAGMENTS(pPacket) + 3)) /* rough estimate we will use 3 more descriptor. */
+#define RTMP_RELEASE_DESC_RESOURCE(pAd, QueIdx)        \
+               do{}while(0)
+
+#define NEED_QUEUE_BACK_FOR_AGG(pAd, QueIdx, freeNum, _TxFrameType) \
+               (((freeNum != (TX_RING_SIZE-1)) && (pAd->TxSwQueue[QueIdx].Number == 0)) || (freeNum<3))
+               //(((freeNum) != (TX_RING_SIZE-1)) && (pAd->TxSwQueue[QueIdx].Number == 1 /*0*/))
+
+
+#define HAL_KickOutMgmtTx(_pAd, _QueIdx, _pPacket, _pSrcBufVA, _SrcBufLen)     \
+                       RtmpPCIMgmtKickOut(_pAd, _QueIdx, _pPacket, _pSrcBufVA, _SrcBufLen)
+
+#define HAL_WriteSubTxResource(pAd, pTxBlk, bIsLast, pFreeNumber)      \
+               /* RtmpPCI_WriteSubTxResource(pAd, pTxBlk, bIsLast, pFreeNumber)*/
+
+#define HAL_WriteTxResource(pAd, pTxBlk,bIsLast, pFreeNumber)  \
+                       RtmpPCI_WriteSingleTxResource(pAd, pTxBlk, bIsLast, pFreeNumber)
+
+#define HAL_WriteFragTxResource(pAd, pTxBlk, fragNum, pFreeNumber) \
+                       RtmpPCI_WriteFragTxResource(pAd, pTxBlk, fragNum, pFreeNumber)
+
+#define HAL_WriteMultiTxResource(pAd, pTxBlk,frameNum, pFreeNumber)    \
+                       RtmpPCI_WriteMultiTxResource(pAd, pTxBlk, frameNum, pFreeNumber)
+
+#define HAL_FinalWriteTxResource(_pAd, _pTxBlk, _TotalMPDUSize, _FirstTxIdx)   \
+                       RtmpPCI_FinalWriteTxResource(_pAd, _pTxBlk, _TotalMPDUSize, _FirstTxIdx)
+
+#define HAL_LastTxIdx(_pAd, _QueIdx,_LastTxIdx) \
+                       /*RtmpPCIDataLastTxIdx(_pAd, _QueIdx,_LastTxIdx)*/
+
+#define HAL_KickOutTx(_pAd, _pTxBlk, _QueIdx)  \
+                       RTMP_IO_WRITE32((_pAd), TX_CTX_IDX0+((_QueIdx)*0x10), (_pAd)->TxRing[(_QueIdx)].TxCpuIdx)
+/*                     RtmpPCIDataKickOut(_pAd, _pTxBlk, _QueIdx)*/
+
+#define HAL_KickOutNullFrameTx(_pAd, _QueIdx, _pNullFrame, _frameLen)  \
+                       MiniportMMRequest(_pAd, _QueIdx, _pNullFrame, _frameLen)
+
+#define GET_TXRING_FREENO(_pAd, _QueIdx) \
+       (_pAd->TxRing[_QueIdx].TxSwFreeIdx > _pAd->TxRing[_QueIdx].TxCpuIdx)    ? \
+                       (_pAd->TxRing[_QueIdx].TxSwFreeIdx - _pAd->TxRing[_QueIdx].TxCpuIdx - 1) \
+                        :      \
+                       (_pAd->TxRing[_QueIdx].TxSwFreeIdx + TX_RING_SIZE - _pAd->TxRing[_QueIdx].TxCpuIdx - 1);
+
+
+#define GET_MGMTRING_FREENO(_pAd) \
+       (_pAd->MgmtRing.TxSwFreeIdx > _pAd->MgmtRing.TxCpuIdx)  ? \
+                       (_pAd->MgmtRing.TxSwFreeIdx - _pAd->MgmtRing.TxCpuIdx - 1) \
+                        :      \
+                       (_pAd->MgmtRing.TxSwFreeIdx + MGMT_RING_SIZE - _pAd->MgmtRing.TxCpuIdx - 1);
+
+
+/* ----------------- RX Related MACRO ----------------- */
+
+
+/* ----------------- ASIC Related MACRO ----------------- */
+// reset MAC of a station entry to 0x000000000000
+#define RTMP_STA_ENTRY_MAC_RESET(pAd, Wcid)    \
+       AsicDelWcidTab(pAd, Wcid);
+
+// add this entry into ASIC RX WCID search table
+#define RTMP_STA_ENTRY_ADD(pAd, pEntry)                \
+       AsicUpdateRxWCIDTable(pAd, pEntry->Aid, pEntry->Addr);
+
+// add by johnli, fix "in_interrupt" error when call "MacTableDeleteEntry" in Rx tasklet
+// Set MAC register value according operation mode
+#define RTMP_UPDATE_PROTECT(pAd)       \
+       AsicUpdateProtect(pAd, 0, (ALLN_SETPROTECT), TRUE, 0);
+// end johnli
+
+// remove Pair-wise key material from ASIC
+#define RTMP_STA_ENTRY_KEY_DEL(pAd, BssIdx, Wcid)      \
+       AsicRemovePairwiseKeyEntry(pAd, BssIdx, (UCHAR)Wcid);
+
+// add Client security information into ASIC WCID table and IVEIV table
+#define RTMP_STA_SECURITY_INFO_ADD(pAd, apidx, KeyID, pEntry)          \
+       RTMPAddWcidAttributeEntry(pAd, apidx, KeyID,                    \
+                                                       pAd->SharedKey[apidx][KeyID].CipherAlg, pEntry);
+
+#define RTMP_SECURITY_KEY_ADD(pAd, apidx, KeyID, pEntry)               \
+       {       /* update pairwise key information to ASIC Shared Key Table */  \
+               AsicAddSharedKeyEntry(pAd, apidx, KeyID,                                        \
+                                                 pAd->SharedKey[apidx][KeyID].CipherAlg,               \
+                                                 pAd->SharedKey[apidx][KeyID].Key,                             \
+                                                 pAd->SharedKey[apidx][KeyID].TxMic,                   \
+                                                 pAd->SharedKey[apidx][KeyID].RxMic);                  \
+               /* update ASIC WCID attribute table and IVEIV table */                  \
+               RTMPAddWcidAttributeEntry(pAd, apidx, KeyID,                                    \
+                                                 pAd->SharedKey[apidx][KeyID].CipherAlg,               \
+                                                 pEntry); }
+
+
+// Insert the BA bitmap to ASIC for the Wcid entry
+#define RTMP_ADD_BA_SESSION_TO_ASIC(_pAd, _Aid, _TID)  \
+               do{                                     \
+                       UINT32  _Value = 0, _Offset;                                    \
+                       _Offset = MAC_WCID_BASE + (_Aid) * HW_WCID_ENTRY_SIZE + 4;      \
+                       RTMP_IO_READ32((_pAd), _Offset, &_Value);\
+                       _Value |= (0x10000<<(_TID));    \
+                       RTMP_IO_WRITE32((_pAd), _Offset, _Value);\
+               }while(0)
+
+
+// Remove the BA bitmap from ASIC for the Wcid entry
+//             bitmap field starts at 0x10000 in ASIC WCID table
+#define RTMP_DEL_BA_SESSION_FROM_ASIC(_pAd, _Wcid, _TID)                               \
+               do{                                                             \
+                       UINT32  _Value = 0, _Offset;                            \
+                       _Offset = MAC_WCID_BASE + (_Wcid) * HW_WCID_ENTRY_SIZE + 4;     \
+                       RTMP_IO_READ32((_pAd), _Offset, &_Value);                       \
+                       _Value &= (~(0x10000 << (_TID)));                               \
+                       RTMP_IO_WRITE32((_pAd), _Offset, _Value);                       \
+               }while(0)
+
+
+/* ----------------- Interface Related MACRO ----------------- */
+
+//
+// Enable & Disable NIC interrupt via writing interrupt mask register
+// Since it use ADAPTER structure, it have to be put after structure definition.
+//
+#define RTMP_ASIC_INTERRUPT_DISABLE(_pAd)              \
+       do{                     \
+               RTMP_IO_WRITE32((_pAd), INT_MASK_CSR, 0x0);     /* 0: disable */        \
+               RTMP_CLEAR_FLAG((_pAd), fRTMP_ADAPTER_INTERRUPT_ACTIVE);                \
+       }while(0)
+
+#define RTMP_ASIC_INTERRUPT_ENABLE(_pAd)\
+       do{                             \
+               RTMP_IO_WRITE32((_pAd), INT_MASK_CSR, (_pAd)->int_enable_reg /*DELAYINTMASK*/);     /* 1:enable */      \
+               RTMP_SET_FLAG((_pAd), fRTMP_ADAPTER_INTERRUPT_ACTIVE);  \
+       }while(0)
+
+
+#define RTMP_IRQ_INIT(pAd)     \
+       {       pAd->int_enable_reg = ((DELAYINTMASK) |         \
+                                       (RxINT|TxDataInt|TxMgmtInt)) & ~(0x03); \
+               pAd->int_disable_mask = 0;                                              \
+               pAd->int_pending = 0; }
+
+#define RTMP_IRQ_ENABLE(pAd)                                   \
+       {       /* clear garbage ints */                        \
+               RTMP_IO_WRITE32(pAd, INT_SOURCE_CSR, 0xffffffff);\
+               RTMP_ASIC_INTERRUPT_ENABLE(pAd); }
+
+
+/* ----------------- MLME Related MACRO ----------------- */
+#define RTMP_MLME_HANDLER(pAd)                 MlmeHandler(pAd)
+
+#define RTMP_MLME_PRE_SANITY_CHECK(pAd)
+
+#define RTMP_MLME_STA_QUICK_RSP_WAKE_UP(pAd)   \
+               RTMPSetTimer(&pAd->StaCfg.StaQuickResponeForRateUpTimer, 100);
+
+#define RTMP_MLME_RESET_STATE_MACHINE(pAd)     \
+               MlmeRestartStateMachine(pAd)
+
+#define RTMP_HANDLE_COUNTER_MEASURE(_pAd, _pEntry)\
+               HandleCounterMeasure(_pAd, _pEntry)
+
+/* ----------------- Power Save Related MACRO ----------------- */
+#define RTMP_PS_POLL_ENQUEUE(pAd)                              EnqueuePsPoll(pAd)
+
+
+// For RTMPPCIePowerLinkCtrlRestore () function
+#define RESTORE_HALT           1
+#define RESTORE_WAKEUP         2
+#define RESTORE_CLOSE           3
+
+#define PowerSafeCID           1
+#define PowerRadioOffCID       2
+#define PowerWakeCID           3
+#define CID0MASK               0x000000ff
+#define CID1MASK               0x0000ff00
+#define CID2MASK               0x00ff0000
+#define CID3MASK               0xff000000
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define RTMP_STA_FORCE_WAKEUP(pAd, bFromTx) \
+    RT28xxPciStaAsicForceWakeup(pAd, bFromTx);
+
+#define RTMP_STA_SLEEP_THEN_AUTO_WAKEUP(pAd, TbttNumToNextWakeUp) \
+    RT28xxPciStaAsicSleepThenAutoWakeup(pAd, TbttNumToNextWakeUp);
+
+#define RTMP_SET_PSM_BIT(_pAd, _val) \
+       MlmeSetPsmBit(_pAd, _val);
+#endif // CONFIG_STA_SUPPORT //
+
+#define RTMP_MLME_RADIO_ON(pAd) \
+    RT28xxPciMlmeRadioOn(pAd);
+
+#define RTMP_MLME_RADIO_OFF(pAd) \
+    RT28xxPciMlmeRadioOFF(pAd);
+
+#endif //__MAC_PCI_H__ //
diff --git a/drivers/staging/rt3090/mlme.h b/drivers/staging/rt3090/mlme.h
new file mode 100644 (file)
index 0000000..2336743
--- /dev/null
@@ -0,0 +1,1360 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    mlme.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+       John Chang      2003-08-28              Created
+       John Chang  2004-09-06      modified for RT2600
+*/
+#ifndef __MLME_H__
+#define __MLME_H__
+
+#include "rtmp_dot11.h"
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+
+// maximum supported capability information -
+// ESS, IBSS, Privacy, Short Preamble, Spectrum mgmt, Short Slot
+#define SUPPORTED_CAPABILITY_INFO   0x0533
+
+#define END_OF_ARGS                 -1
+#define LFSR_MASK                   0x80000057
+#define MLME_TASK_EXEC_INTV         100/*200*/       //
+#define LEAD_TIME                   5
+#define MLME_TASK_EXEC_MULTIPLE       10  /*5*/       // MLME_TASK_EXEC_MULTIPLE * MLME_TASK_EXEC_INTV = 1 sec
+#define REORDER_EXEC_INTV              100       // 0.1 sec
+//#define TBTT_PRELOAD_TIME         384        // usec. LomgPreamble + 24-byte at 1Mbps
+
+// The definition of Radar detection duration region
+#define CE             0
+#define FCC            1
+#define JAP            2
+#define JAP_W53        3
+#define JAP_W56        4
+#define MAX_RD_REGION 5
+
+#define BEACON_LOST_TIME            4 * OS_HZ    // 2048 msec = 2 sec
+
+#define DLS_TIMEOUT                 1200      // unit: msec
+#define AUTH_TIMEOUT                300       // unit: msec
+#define ASSOC_TIMEOUT               300       // unit: msec
+#define JOIN_TIMEOUT                2000        // unit: msec
+#define SHORT_CHANNEL_TIME          90        // unit: msec
+#define MIN_CHANNEL_TIME            110        // unit: msec, for dual band scan
+#define MAX_CHANNEL_TIME            140       // unit: msec, for single band scan
+#define        FAST_ACTIVE_SCAN_TIME       30            // Active scan waiting for probe response time
+#define CW_MIN_IN_BITS              4         // actual CwMin = 2^CW_MIN_IN_BITS - 1
+#define LINK_DOWN_TIMEOUT           20000      // unit: msec
+#define AUTO_WAKEUP_TIMEOUT                    70                      //unit: msec
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define CW_MAX_IN_BITS              10        // actual CwMax = 2^CW_MAX_IN_BITS - 1
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+extern UINT32 CW_MAX_IN_BITS;
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+// Note: RSSI_TO_DBM_OFFSET has been changed to variable for new RF (2004-0720).
+// SHould not refer to this constant anymore
+//#define RSSI_TO_DBM_OFFSET          120 // for RT2530 RSSI-115 = dBm
+#define RSSI_FOR_MID_TX_POWER       -55  // -55 db is considered mid-distance
+#define RSSI_FOR_LOW_TX_POWER       -45  // -45 db is considered very short distance and
+                                        // eligible to use a lower TX power
+#define RSSI_FOR_LOWEST_TX_POWER    -30
+//#define MID_TX_POWER_DELTA          0   // 0 db from full TX power upon mid-distance to AP
+#define LOW_TX_POWER_DELTA          6    // -3 db from full TX power upon very short distance. 1 grade is 0.5 db
+#define LOWEST_TX_POWER_DELTA       16   // -8 db from full TX power upon shortest distance. 1 grade is 0.5 db
+
+#define RSSI_TRIGGERED_UPON_BELOW_THRESHOLD     0
+#define RSSI_TRIGGERED_UPON_EXCCEED_THRESHOLD   1
+#define RSSI_THRESHOLD_FOR_ROAMING              25
+#define RSSI_DELTA                              5
+
+// Channel Quality Indication
+#define CQI_IS_GOOD(cqi)            ((cqi) >= 50)
+//#define CQI_IS_FAIR(cqi)          (((cqi) >= 20) && ((cqi) < 50))
+#define CQI_IS_POOR(cqi)            (cqi < 50)  //(((cqi) >= 5) && ((cqi) < 20))
+#define CQI_IS_BAD(cqi)             (cqi < 5)
+#define CQI_IS_DEAD(cqi)            (cqi == 0)
+
+// weighting factor to calculate Channel quality, total should be 100%
+#define RSSI_WEIGHTING                   50
+#define TX_WEIGHTING                     30
+#define RX_WEIGHTING                     20
+
+//#define PEER_KEY_NOT_USED                0
+//#define PEER_KEY_64_BIT                  64
+//#define PEER_KEY_128_BIT                 128
+
+//#define PEER_KEY_64BIT_LEN               8
+//#define PEER_KEY_128BIT_LEN              16
+
+#define BSS_NOT_FOUND                    0xFFFFFFFF
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define MAX_LEN_OF_MLME_QUEUE            40 //10
+#endif // CONFIG_STA_SUPPORT //
+
+#define SCAN_PASSIVE                     18            // scan with no probe request, only wait beacon and probe response
+#define SCAN_ACTIVE                      19            // scan with probe request, and wait beacon and probe response
+#define        SCAN_CISCO_PASSIVE                               20             // Single channel passive scan
+#define        SCAN_CISCO_ACTIVE                                21             // Single channel active scan
+#define        SCAN_CISCO_NOISE                                 22             // Single channel passive scan for noise histogram collection
+#define        SCAN_CISCO_CHANNEL_LOAD                  23             // Single channel passive scan for channel load collection
+#define FAST_SCAN_ACTIVE                 24            // scan with probe request, and wait beacon and probe response
+
+#ifdef DOT11N_DRAFT3
+#define SCAN_2040_BSS_COEXIST                  26
+#endif // DOT11N_DRAFT3 //
+
+//#define BSS_TABLE_EMPTY(x)             ((x).BssNr == 0)
+#define MAC_ADDR_IS_GROUP(Addr)       (((Addr[0]) & 0x01))
+#define MAC_ADDR_HASH(Addr)            (Addr[0] ^ Addr[1] ^ Addr[2] ^ Addr[3] ^ Addr[4] ^ Addr[5])
+#define MAC_ADDR_HASH_INDEX(Addr)      (MAC_ADDR_HASH(Addr) % HASH_TABLE_SIZE)
+#define TID_MAC_HASH(Addr,TID)            (TID^Addr[0] ^ Addr[1] ^ Addr[2] ^ Addr[3] ^ Addr[4] ^ Addr[5])
+#define TID_MAC_HASH_INDEX(Addr,TID)      (TID_MAC_HASH(Addr,TID) % HASH_TABLE_SIZE)
+
+// LED Control
+// assoiation ON. one LED ON. another blinking when TX, OFF when idle
+// no association, both LED off
+#define ASIC_LED_ACT_ON(pAd)        RTMP_IO_WRITE32(pAd, MAC_CSR14, 0x00031e46)
+#define ASIC_LED_ACT_OFF(pAd)       RTMP_IO_WRITE32(pAd, MAC_CSR14, 0x00001e46)
+
+// bit definition of the 2-byte pBEACON->Capability field
+#define CAP_IS_ESS_ON(x)                 (((x) & 0x0001) != 0)
+#define CAP_IS_IBSS_ON(x)                (((x) & 0x0002) != 0)
+#define CAP_IS_CF_POLLABLE_ON(x)         (((x) & 0x0004) != 0)
+#define CAP_IS_CF_POLL_REQ_ON(x)         (((x) & 0x0008) != 0)
+#define CAP_IS_PRIVACY_ON(x)             (((x) & 0x0010) != 0)
+#define CAP_IS_SHORT_PREAMBLE_ON(x)      (((x) & 0x0020) != 0)
+#define CAP_IS_PBCC_ON(x)                (((x) & 0x0040) != 0)
+#define CAP_IS_AGILITY_ON(x)             (((x) & 0x0080) != 0)
+#define CAP_IS_SPECTRUM_MGMT(x)          (((x) & 0x0100) != 0)  // 802.11e d9
+#define CAP_IS_QOS(x)                    (((x) & 0x0200) != 0)  // 802.11e d9
+#define CAP_IS_SHORT_SLOT(x)             (((x) & 0x0400) != 0)
+#define CAP_IS_APSD(x)                   (((x) & 0x0800) != 0)  // 802.11e d9
+#define CAP_IS_IMMED_BA(x)               (((x) & 0x1000) != 0)  // 802.11e d9
+#define CAP_IS_DSSS_OFDM(x)              (((x) & 0x2000) != 0)
+#define CAP_IS_DELAY_BA(x)               (((x) & 0x4000) != 0)  // 802.11e d9
+
+#define CAP_GENERATE(ess,ibss,priv,s_pre,s_slot,spectrum)  (((ess) ? 0x0001 : 0x0000) | ((ibss) ? 0x0002 : 0x0000) | ((priv) ? 0x0010 : 0x0000) | ((s_pre) ? 0x0020 : 0x0000) | ((s_slot) ? 0x0400 : 0x0000) | ((spectrum) ? 0x0100 : 0x0000))
+
+//#define STA_QOS_CAPABILITY               0 // 1-byte. see 802.11e d9.0 for bit definition
+
+#define ERP_IS_NON_ERP_PRESENT(x)        (((x) & 0x01) != 0)    // 802.11g
+#define ERP_IS_USE_PROTECTION(x)         (((x) & 0x02) != 0)    // 802.11g
+#define ERP_IS_USE_BARKER_PREAMBLE(x)    (((x) & 0x04) != 0)    // 802.11g
+
+#define DRS_TX_QUALITY_WORST_BOUND       8// 3  // just test by gary
+#define DRS_PENALTY                      8
+
+#define BA_NOTUSE      2
+//BA Policy subfiled value in ADDBA frame
+#define IMMED_BA       1
+#define DELAY_BA       0
+
+// BA Initiator subfield in DELBA frame
+#define ORIGINATOR     1
+#define RECIPIENT      0
+
+// ADDBA Status Code
+#define ADDBA_RESULTCODE_SUCCESS                                       0
+#define ADDBA_RESULTCODE_REFUSED                                       37
+#define ADDBA_RESULTCODE_INVALID_PARAMETERS                    38
+
+// DELBA Reason Code
+#define DELBA_REASONCODE_QSTA_LEAVING                          36
+#define DELBA_REASONCODE_END_BA                                                37
+#define DELBA_REASONCODE_UNKNOWN_BA                                    38
+#define DELBA_REASONCODE_TIMEOUT                                       39
+
+// reset all OneSecTx counters
+#define RESET_ONE_SEC_TX_CNT(__pEntry) \
+if (((__pEntry)) != NULL) \
+{ \
+       (__pEntry)->OneSecTxRetryOkCount = 0; \
+       (__pEntry)->OneSecTxFailCount = 0; \
+       (__pEntry)->OneSecTxNoRetryOkCount = 0; \
+}
+
+//
+// 802.11 frame formats
+//
+//  HT Capability INFO field in HT Cap IE .
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       USHORT  LSIGTxopProSup:1;
+       USHORT  Forty_Mhz_Intolerant:1;
+       USHORT  PSMP:1;
+       USHORT  CCKmodein40:1;
+       USHORT  AMsduSize:1;
+       USHORT  DelayedBA:1;    //rt2860c not support
+       USHORT  RxSTBC:2;
+       USHORT  TxSTBC:1;
+       USHORT  ShortGIfor40:1; //for40MHz
+       USHORT  ShortGIfor20:1;
+       USHORT  GF:1;   //green field
+       USHORT  MimoPs:2;//momi power safe
+       USHORT  ChannelWidth:1;
+       USHORT  AdvCoding:1;
+#else
+       USHORT  AdvCoding:1;
+       USHORT  ChannelWidth:1;
+       USHORT  MimoPs:2;//momi power safe
+       USHORT  GF:1;   //green field
+       USHORT  ShortGIfor20:1;
+       USHORT  ShortGIfor40:1; //for40MHz
+       USHORT  TxSTBC:1;
+       USHORT  RxSTBC:2;
+       USHORT  DelayedBA:1;    //rt2860c not support
+       USHORT  AMsduSize:1;    // only support as zero
+       USHORT  CCKmodein40:1;
+       USHORT  PSMP:1;
+       USHORT  Forty_Mhz_Intolerant:1;
+       USHORT  LSIGTxopProSup:1;
+#endif /* !RT_BIG_ENDIAN */
+} HT_CAP_INFO, *PHT_CAP_INFO;
+
+//  HT Capability INFO field in HT Cap IE .
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       UCHAR   rsv:3;//momi power safe
+       UCHAR   MpduDensity:3;
+       UCHAR   MaxRAmpduFactor:2;
+#else
+       UCHAR   MaxRAmpduFactor:2;
+       UCHAR   MpduDensity:3;
+       UCHAR   rsv:3;//momi power safe
+#endif /* !RT_BIG_ENDIAN */
+} HT_CAP_PARM, *PHT_CAP_PARM;
+
+//  HT Capability INFO field in HT Cap IE .
+typedef struct PACKED {
+       UCHAR   MCSSet[10];
+       UCHAR   SupRate[2];  // unit : 1Mbps
+#ifdef RT_BIG_ENDIAN
+       UCHAR   rsv:3;
+       UCHAR   MpduDensity:1;
+       UCHAR   TxStream:2;
+       UCHAR   TxRxNotEqual:1;
+       UCHAR   TxMCSSetDefined:1;
+#else
+       UCHAR   TxMCSSetDefined:1;
+       UCHAR   TxRxNotEqual:1;
+       UCHAR   TxStream:2;
+       UCHAR   MpduDensity:1;
+       UCHAR   rsv:3;
+#endif // RT_BIG_ENDIAN //
+       UCHAR   rsv3[3];
+} HT_MCS_SET, *PHT_MCS_SET;
+
+//  HT Capability INFO field in HT Cap IE .
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       USHORT  rsv2:4;
+       USHORT  RDGSupport:1;   //reverse Direction Grant  support
+       USHORT  PlusHTC:1;      //+HTC control field support
+       USHORT  MCSFeedback:2;  //0:no MCS feedback, 2:unsolicited MCS feedback, 3:Full MCS feedback,  1:rsv.
+       USHORT  rsv:5;//momi power safe
+       USHORT  TranTime:2;
+       USHORT  Pco:1;
+#else
+       USHORT  Pco:1;
+       USHORT  TranTime:2;
+       USHORT  rsv:5;//momi power safe
+       USHORT  MCSFeedback:2;  //0:no MCS feedback, 2:unsolicited MCS feedback, 3:Full MCS feedback,  1:rsv.
+       USHORT  PlusHTC:1;      //+HTC control field support
+       USHORT  RDGSupport:1;   //reverse Direction Grant  support
+       USHORT  rsv2:4;
+#endif /* RT_BIG_ENDIAN */
+} EXT_HT_CAP_INFO, *PEXT_HT_CAP_INFO;
+
+//  HT Beamforming field in HT Cap IE .
+typedef struct PACKED _HT_BF_CAP{
+#ifdef RT_BIG_ENDIAN
+       ULONG   rsv:3;
+       ULONG   ChanEstimation:2;
+       ULONG   CSIRowBFSup:2;
+       ULONG   ComSteerBFAntSup:2;
+       ULONG   NoComSteerBFAntSup:2;
+       ULONG   CSIBFAntSup:2;
+       ULONG   MinGrouping:2;
+       ULONG   ExpComBF:2;
+       ULONG   ExpNoComBF:2;
+       ULONG   ExpCSIFbk:2;
+       ULONG   ExpComSteerCapable:1;
+       ULONG   ExpNoComSteerCapable:1;
+       ULONG   ExpCSICapable:1;
+       ULONG   Calibration:2;
+       ULONG   ImpTxBFCapable:1;
+       ULONG   TxNDPCapable:1;
+       ULONG   RxNDPCapable:1;
+       ULONG   TxSoundCapable:1;
+       ULONG   RxSoundCapable:1;
+       ULONG   TxBFRecCapable:1;
+#else
+       ULONG   TxBFRecCapable:1;
+       ULONG   RxSoundCapable:1;
+       ULONG   TxSoundCapable:1;
+       ULONG   RxNDPCapable:1;
+       ULONG   TxNDPCapable:1;
+       ULONG   ImpTxBFCapable:1;
+       ULONG   Calibration:2;
+       ULONG   ExpCSICapable:1;
+       ULONG   ExpNoComSteerCapable:1;
+       ULONG   ExpComSteerCapable:1;
+       ULONG   ExpCSIFbk:2;
+       ULONG   ExpNoComBF:2;
+       ULONG   ExpComBF:2;
+       ULONG   MinGrouping:2;
+       ULONG   CSIBFAntSup:2;
+       ULONG   NoComSteerBFAntSup:2;
+       ULONG   ComSteerBFAntSup:2;
+       ULONG   CSIRowBFSup:2;
+       ULONG   ChanEstimation:2;
+       ULONG   rsv:3;
+#endif // RT_BIG_ENDIAN //
+} HT_BF_CAP, *PHT_BF_CAP;
+
+//  HT antenna selection field in HT Cap IE .
+typedef struct PACKED _HT_AS_CAP{
+#ifdef RT_BIG_ENDIAN
+       UCHAR   rsv:1;
+       UCHAR   TxSoundPPDU:1;
+       UCHAR   RxASel:1;
+       UCHAR   AntIndFbk:1;
+       UCHAR   ExpCSIFbk:1;
+       UCHAR   AntIndFbkTxASEL:1;
+       UCHAR   ExpCSIFbkTxASEL:1;
+       UCHAR   AntSelect:1;
+#else
+       UCHAR   AntSelect:1;
+       UCHAR   ExpCSIFbkTxASEL:1;
+       UCHAR   AntIndFbkTxASEL:1;
+       UCHAR   ExpCSIFbk:1;
+       UCHAR   AntIndFbk:1;
+       UCHAR   RxASel:1;
+       UCHAR   TxSoundPPDU:1;
+       UCHAR   rsv:1;
+#endif // RT_BIG_ENDIAN //
+} HT_AS_CAP, *PHT_AS_CAP;
+
+// Draft 1.0 set IE length 26, but is extensible..
+#define SIZE_HT_CAP_IE         26
+// The structure for HT Capability IE.
+typedef struct PACKED _HT_CAPABILITY_IE{
+       HT_CAP_INFO             HtCapInfo;
+       HT_CAP_PARM             HtCapParm;
+//     HT_MCS_SET              HtMCSSet;
+       UCHAR                   MCSSet[16];
+       EXT_HT_CAP_INFO ExtHtCapInfo;
+       HT_BF_CAP               TxBFCap;        // beamforming cap. rt2860c not support beamforming.
+       HT_AS_CAP               ASCap;  //antenna selection.
+} HT_CAPABILITY_IE, *PHT_CAPABILITY_IE;
+
+
+// 802.11n draft3 related structure definitions.
+// 7.3.2.60
+#define dot11OBSSScanPassiveDwell                                                      20      // in TU. min amount of time that the STA continously scans each channel when performing an active OBSS scan.
+#define dot11OBSSScanActiveDwell                                                       10      // in TU.min amount of time that the STA continously scans each channel when performing an passive OBSS scan.
+#define dot11BSSWidthTriggerScanInterval                                       300  // in sec. max interval between scan operations to be performed to detect BSS channel width trigger events.
+#define dot11OBSSScanPassiveTotalPerChannel                                    200     // in TU. min total amount of time that the STA scans each channel when performing a passive OBSS scan.
+#define dot11OBSSScanActiveTotalPerChannel                                     20      //in TU. min total amount of time that the STA scans each channel when performing a active OBSS scan
+#define dot11BSSWidthChannelTransactionDelayFactor                     5       // min ratio between the delay time in performing a switch from 20MHz BSS to 20/40 BSS operation and the maximum
+                                                                                                                               //      interval between overlapping BSS scan operations.
+#define dot11BSSScanActivityThreshold                                          25      // in %%, max total time that a STA may be active on the medium during a period of
+                                                                                                                               //      (dot11BSSWidthChannelTransactionDelayFactor * dot11BSSWidthTriggerScanInterval) seconds without
+                                                                                                                               //      being obligated to perform OBSS Scan operations. default is 25(== 0.25%)
+
+typedef struct PACKED _OVERLAP_BSS_SCAN_IE{
+       USHORT          ScanPassiveDwell;
+       USHORT          ScanActiveDwell;
+       USHORT          TriggerScanInt;                         // Trigger scan interval
+       USHORT          PassiveTalPerChannel;           // passive total per channel
+       USHORT          ActiveTalPerChannel;            // active total per channel
+       USHORT          DelayFactor;                            // BSS width channel transition delay factor
+       USHORT          ScanActThre;                            // Scan Activity threshold
+}OVERLAP_BSS_SCAN_IE, *POVERLAP_BSS_SCAN_IE;
+
+
+//  7.3.2.56. 20/40 Coexistence element used in  Element ID = 72 = IE_2040_BSS_COEXIST
+typedef union PACKED _BSS_2040_COEXIST_IE{
+ struct PACKED {
+ #ifdef RT_BIG_ENDIAN
+       UCHAR   rsv:5;
+       UCHAR   BSS20WidthReq:1;
+       UCHAR   Intolerant40:1;
+       UCHAR   InfoReq:1;
+ #else
+       UCHAR   InfoReq:1;
+       UCHAR   Intolerant40:1;                 // Inter-BSS. set 1 when prohibits a receiving BSS from operating as a 20/40 Mhz BSS.
+       UCHAR   BSS20WidthReq:1;                // Intra-BSS set 1 when prohibits a receiving AP from operating its BSS as a 20/40MHz BSS.
+       UCHAR   rsv:5;
+#endif // RT_BIG_ENDIAN //
+    } field;
+ UCHAR   word;
+} BSS_2040_COEXIST_IE, *PBSS_2040_COEXIST_IE;
+
+
+typedef struct  _TRIGGER_EVENTA{
+       BOOLEAN                 bValid;
+       UCHAR   BSSID[6];
+       UCHAR   RegClass;       // Regulatory Class
+       USHORT  Channel;
+       ULONG   CDCounter;   // Maintain a seperate count down counter for each Event A.
+} TRIGGER_EVENTA, *PTRIGGER_EVENTA;
+
+// 20/40 trigger event table
+// If one Event A delete or created, or if Event B is detected or not detected, STA should send 2040BSSCoexistence to AP.
+#define MAX_TRIGGER_EVENT              64
+typedef struct  _TRIGGER_EVENT_TAB{
+       UCHAR   EventANo;
+       TRIGGER_EVENTA  EventA[MAX_TRIGGER_EVENT];
+       ULONG                   EventBCountDown;        // Count down counter for Event B.
+} TRIGGER_EVENT_TAB, *PTRIGGER_EVENT_TAB;
+
+// 7.3.27 20/40 Bss Coexistence Mgmt capability used in extended capabilities information IE( ID = 127 = IE_EXT_CAPABILITY).
+//     This is the first octet and was defined in 802.11n D3.03 and 802.11yD9.0
+typedef struct PACKED _EXT_CAP_INFO_ELEMENT{
+#ifdef RT_BIG_ENDIAN
+       UCHAR   rsv2:5;
+       UCHAR   ExtendChannelSwitch:1;
+       UCHAR   rsv:1;
+       UCHAR   BssCoexistMgmtSupport:1;
+#else
+       UCHAR   BssCoexistMgmtSupport:1;
+       UCHAR   rsv:1;
+       UCHAR   ExtendChannelSwitch:1;
+       UCHAR   rsv2:5;
+#endif // RT_BIG_ENDIAN //
+}EXT_CAP_INFO_ELEMENT, *PEXT_CAP_INFO_ELEMENT;
+
+
+// 802.11n 7.3.2.61
+typedef struct PACKED _BSS_2040_COEXIST_ELEMENT{
+       UCHAR                                   ElementID;              // ID = IE_2040_BSS_COEXIST = 72
+       UCHAR                                   Len;
+       BSS_2040_COEXIST_IE             BssCoexistIe;
+}BSS_2040_COEXIST_ELEMENT, *PBSS_2040_COEXIST_ELEMENT;
+
+
+//802.11n 7.3.2.59
+typedef struct PACKED _BSS_2040_INTOLERANT_CH_REPORT{
+       UCHAR                           ElementID;              // ID = IE_2040_BSS_INTOLERANT_REPORT = 73
+       UCHAR                           Len;
+       UCHAR                           RegulatoryClass;
+       UCHAR                           ChList[0];
+}BSS_2040_INTOLERANT_CH_REPORT, *PBSS_2040_INTOLERANT_CH_REPORT;
+
+
+// The structure for channel switch annoucement IE. This is in 802.11n D3.03
+typedef struct PACKED _CHA_SWITCH_ANNOUNCE_IE{
+       UCHAR                   SwitchMode;     //channel switch mode
+       UCHAR                   NewChannel;     //
+       UCHAR                   SwitchCount;    //
+} CHA_SWITCH_ANNOUNCE_IE, *PCHA_SWITCH_ANNOUNCE_IE;
+
+
+// The structure for channel switch annoucement IE. This is in 802.11n D3.03
+typedef struct PACKED _SEC_CHA_OFFSET_IE{
+       UCHAR                   SecondaryChannelOffset;  // 1: Secondary above, 3: Secondary below, 0: no Secondary
+} SEC_CHA_OFFSET_IE, *PSEC_CHA_OFFSET_IE;
+
+
+// This structure is extracted from struct RT_HT_CAPABILITY
+typedef struct {
+       BOOLEAN                 bHtEnable;       // If we should use ht rate.
+       BOOLEAN                 bPreNHt;         // If we should use ht rate.
+       //Substract from HT Capability IE
+       UCHAR                   MCSSet[16];
+} RT_HT_PHY_INFO, *PRT_HT_PHY_INFO;
+
+//This structure substracts ralink supports from all 802.11n-related features.
+//Features not listed here but contained in 802.11n spec are not supported in rt2860.
+typedef struct {
+#ifdef RT_BIG_ENDIAN
+       USHORT  rsv:5;
+       USHORT  AmsduSize:1;    // Max receiving A-MSDU size
+       USHORT  AmsduEnable:1;  // Enable to transmit A-MSDU. Suggest disable. We should use A-MPDU to gain best benifit of 802.11n
+       USHORT  RxSTBC:2;       // 2 bits
+       USHORT  TxSTBC:1;
+       USHORT  ShortGIfor40:1; //for40MHz
+       USHORT  ShortGIfor20:1;
+       USHORT  GF:1;   //green field
+       USHORT  MimoPs:2;//mimo power safe MMPS_
+       USHORT  ChannelWidth:1;
+#else
+       USHORT  ChannelWidth:1;
+       USHORT  MimoPs:2;//mimo power safe MMPS_
+       USHORT  GF:1;   //green field
+       USHORT  ShortGIfor20:1;
+       USHORT  ShortGIfor40:1; //for40MHz
+       USHORT  TxSTBC:1;
+       USHORT  RxSTBC:2;       // 2 bits
+       USHORT  AmsduEnable:1;  // Enable to transmit A-MSDU. Suggest disable. We should use A-MPDU to gain best benifit of 802.11n
+       USHORT  AmsduSize:1;    // Max receiving A-MSDU size
+       USHORT  rsv:5;
+#endif
+
+       //Substract from Addiont HT INFO IE
+#ifdef RT_BIG_ENDIAN
+       UCHAR   RecomWidth:1;
+       UCHAR   ExtChanOffset:2;        // Please not the difference with following     UCHAR   NewExtChannelOffset; from 802.11n
+       UCHAR   MpduDensity:3;
+       UCHAR   MaxRAmpduFactor:2;
+#else
+       UCHAR   MaxRAmpduFactor:2;
+       UCHAR   MpduDensity:3;
+       UCHAR   ExtChanOffset:2;        // Please not the difference with following     UCHAR   NewExtChannelOffset; from 802.11n
+       UCHAR   RecomWidth:1;
+#endif
+
+#ifdef RT_BIG_ENDIAN
+       USHORT  rsv2:11;
+       USHORT  OBSS_NonHTExist:1;
+       USHORT  rsv3:1;
+       USHORT  NonGfPresent:1;
+       USHORT  OperaionMode:2;
+#else
+       USHORT  OperaionMode:2;
+       USHORT  NonGfPresent:1;
+       USHORT  rsv3:1;
+       USHORT  OBSS_NonHTExist:1;
+       USHORT  rsv2:11;
+#endif
+
+       // New Extension Channel Offset IE
+       UCHAR   NewExtChannelOffset;
+       // Extension Capability IE = 127
+       UCHAR   BSSCoexist2040;
+} RT_HT_CAPABILITY, *PRT_HT_CAPABILITY;
+
+//   field in Addtional HT Information IE .
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       UCHAR   SerInterGranu:3;
+       UCHAR   S_PSMPSup:1;
+       UCHAR   RifsMode:1;
+       UCHAR   RecomWidth:1;
+       UCHAR   ExtChanOffset:2;
+#else
+       UCHAR   ExtChanOffset:2;
+       UCHAR   RecomWidth:1;
+       UCHAR   RifsMode:1;
+       UCHAR   S_PSMPSup:1;     //Indicate support for scheduled PSMP
+       UCHAR   SerInterGranu:3;         //service interval granularity
+#endif
+} ADD_HTINFO, *PADD_HTINFO;
+
+typedef struct PACKED{
+#ifdef RT_BIG_ENDIAN
+       USHORT  rsv2:11;
+       USHORT  OBSS_NonHTExist:1;
+       USHORT  rsv:1;
+       USHORT  NonGfPresent:1;
+       USHORT  OperaionMode:2;
+#else
+       USHORT  OperaionMode:2;
+       USHORT  NonGfPresent:1;
+       USHORT  rsv:1;
+       USHORT  OBSS_NonHTExist:1;
+       USHORT  rsv2:11;
+#endif
+} ADD_HTINFO2, *PADD_HTINFO2;
+
+
+// TODO: Need sync with spec about the definition of StbcMcs. In Draft 3.03, it's reserved.
+typedef struct PACKED{
+#ifdef RT_BIG_ENDIAN
+       USHORT  rsv:4;
+       USHORT  PcoPhase:1;
+       USHORT  PcoActive:1;
+       USHORT  LsigTxopProt:1;
+       USHORT  STBCBeacon:1;
+       USHORT  DualCTSProtect:1;
+       USHORT  DualBeacon:1;
+       USHORT  StbcMcs:6;
+#else
+       USHORT  StbcMcs:6;
+       USHORT  DualBeacon:1;
+       USHORT  DualCTSProtect:1;
+       USHORT  STBCBeacon:1;
+       USHORT  LsigTxopProt:1; // L-SIG TXOP protection full support
+       USHORT  PcoActive:1;
+       USHORT  PcoPhase:1;
+       USHORT  rsv:4;
+#endif // RT_BIG_ENDIAN //
+} ADD_HTINFO3, *PADD_HTINFO3;
+
+#define SIZE_ADD_HT_INFO_IE            22
+typedef struct  PACKED{
+       UCHAR                           ControlChan;
+       ADD_HTINFO                      AddHtInfo;
+       ADD_HTINFO2                     AddHtInfo2;
+       ADD_HTINFO3                     AddHtInfo3;
+       UCHAR                           MCSSet[16];             // Basic MCS set
+} ADD_HT_INFO_IE, *PADD_HT_INFO_IE;
+
+typedef struct  PACKED{
+       UCHAR                           NewExtChanOffset;
+} NEW_EXT_CHAN_IE, *PNEW_EXT_CHAN_IE;
+
+typedef struct PACKED _FRAME_802_11 {
+    HEADER_802_11   Hdr;
+    UCHAR            Octet[1];
+}   FRAME_802_11, *PFRAME_802_11;
+
+// QoSNull embedding of management action. When HT Control MA field set to 1.
+typedef struct PACKED _MA_BODY {
+    UCHAR            Category;
+    UCHAR            Action;
+    UCHAR            Octet[1];
+}   MA_BODY, *PMA_BODY;
+
+typedef        struct  PACKED _HEADER_802_3    {
+    UCHAR           DAAddr1[MAC_ADDR_LEN];
+    UCHAR           SAAddr2[MAC_ADDR_LEN];
+    UCHAR           Octet[2];
+}      HEADER_802_3, *PHEADER_802_3;
+////Block ACK related format
+// 2-byte BA Parameter  field  in      DELBA frames to terminate an already set up bA
+typedef struct PACKED{
+#ifdef RT_BIG_ENDIAN
+    USHORT      TID:4; // value of TC os TS
+    USHORT      Initiator:1;   // 1: originator    0:recipient
+    USHORT      Rsv:11;        // always set to 0
+#else
+    USHORT      Rsv:11;        // always set to 0
+    USHORT      Initiator:1;   // 1: originator    0:recipient
+    USHORT      TID:4; // value of TC os TS
+#endif /* !RT_BIG_ENDIAN */
+} DELBA_PARM, *PDELBA_PARM;
+
+// 2-byte BA Parameter Set field  in ADDBA frames to signal parm for setting up a BA
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      BufSize:10;    // number of buffe of size 2304 octetsr
+    USHORT      TID:4; // value of TC os TS
+    USHORT      BAPolicy:1;    // 1: immediately BA    0:delayed BA
+    USHORT      AMSDUSupported:1;      // 0: not permitted             1: permitted
+#else
+    USHORT      AMSDUSupported:1;      // 0: not permitted             1: permitted
+    USHORT      BAPolicy:1;    // 1: immediately BA    0:delayed BA
+    USHORT      TID:4; // value of TC os TS
+    USHORT      BufSize:10;    // number of buffe of size 2304 octetsr
+#endif /* !RT_BIG_ENDIAN */
+} BA_PARM, *PBA_PARM;
+
+// 2-byte BA Starting Seq CONTROL field
+typedef union PACKED {
+    struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      StartSeq:12;   // sequence number of the 1st MSDU for which this BAR is sent
+       USHORT      FragNum:4;  // always set to 0
+#else
+    USHORT      FragNum:4;     // always set to 0
+       USHORT      StartSeq:12;   // sequence number of the 1st MSDU for which this BAR is sent
+#endif /* RT_BIG_ENDIAN */
+    }   field;
+    USHORT           word;
+} BASEQ_CONTROL, *PBASEQ_CONTROL;
+
+//BAControl and BARControl are the same
+// 2-byte BA CONTROL field in BA frame
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      TID:4;
+    USHORT      Rsv:9;
+    USHORT      Compressed:1;
+    USHORT      MTID:1;                //EWC V1.24
+    USHORT      ACKPolicy:1; // only related to N-Delayed BA. But not support in RT2860b. 0:NormalACK  1:No ACK
+#else
+    USHORT      ACKPolicy:1; // only related to N-Delayed BA. But not support in RT2860b. 0:NormalACK  1:No ACK
+    USHORT      MTID:1;                //EWC V1.24
+    USHORT      Compressed:1;
+    USHORT      Rsv:9;
+    USHORT      TID:4;
+#endif /* !RT_BIG_ENDIAN */
+} BA_CONTROL, *PBA_CONTROL;
+
+// 2-byte BAR CONTROL field in BAR frame
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      TID:4;
+    USHORT      Rsv1:9;
+    USHORT      Compressed:1;
+    USHORT      MTID:1;                //if this bit1, use  FRAME_MTBA_REQ,  if 0, use FRAME_BA_REQ
+    USHORT      ACKPolicy:1;
+#else
+    USHORT      ACKPolicy:1; // 0:normal ack,  1:no ack.
+    USHORT      MTID:1;                //if this bit1, use  FRAME_MTBA_REQ,  if 0, use FRAME_BA_REQ
+    USHORT      Compressed:1;
+    USHORT      Rsv1:9;
+    USHORT      TID:4;
+#endif /* !RT_BIG_ENDIAN */
+} BAR_CONTROL, *PBAR_CONTROL;
+
+// BARControl in MTBAR frame
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      NumTID:4;
+    USHORT      Rsv1:9;
+    USHORT      Compressed:1;
+    USHORT      MTID:1;
+    USHORT      ACKPolicy:1;
+#else
+    USHORT      ACKPolicy:1;
+    USHORT      MTID:1;
+    USHORT      Compressed:1;
+    USHORT      Rsv1:9;
+    USHORT      NumTID:4;
+#endif /* !RT_BIG_ENDIAN */
+} MTBAR_CONTROL, *PMTBAR_CONTROL;
+
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      TID:4;
+    USHORT      Rsv1:12;
+#else
+    USHORT      Rsv1:12;
+    USHORT      TID:4;
+#endif /* !RT_BIG_ENDIAN */
+} PER_TID_INFO, *PPER_TID_INFO;
+
+typedef struct {
+       PER_TID_INFO      PerTID;
+       BASEQ_CONTROL    BAStartingSeq;
+} EACH_TID, *PEACH_TID;
+
+
+// BAREQ AND MTBAREQ have the same subtype BAR, 802.11n BAR use compressed bitmap.
+typedef struct PACKED _FRAME_BA_REQ {
+       FRAME_CONTROL   FC;
+       USHORT          Duration;
+       UCHAR           Addr1[MAC_ADDR_LEN];
+       UCHAR           Addr2[MAC_ADDR_LEN];
+       BAR_CONTROL  BARControl;
+       BASEQ_CONTROL    BAStartingSeq;
+}   FRAME_BA_REQ, *PFRAME_BA_REQ;
+
+typedef struct PACKED _FRAME_MTBA_REQ {
+       FRAME_CONTROL   FC;
+       USHORT          Duration;
+       UCHAR           Addr1[MAC_ADDR_LEN];
+       UCHAR           Addr2[MAC_ADDR_LEN];
+       MTBAR_CONTROL  MTBARControl;
+       PER_TID_INFO    PerTIDInfo;
+       BASEQ_CONTROL    BAStartingSeq;
+}   FRAME_MTBA_REQ, *PFRAME_MTBA_REQ;
+
+// Compressed format is mandantory in HT STA
+typedef struct PACKED _FRAME_MTBA {
+       FRAME_CONTROL   FC;
+       USHORT          Duration;
+       UCHAR           Addr1[MAC_ADDR_LEN];
+       UCHAR           Addr2[MAC_ADDR_LEN];
+       BA_CONTROL  BAControl;
+       BASEQ_CONTROL    BAStartingSeq;
+       UCHAR           BitMap[8];
+}   FRAME_MTBA, *PFRAME_MTBA;
+
+typedef struct PACKED _FRAME_PSMP_ACTION {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       UCHAR   Psmp;   // 7.3.1.25
+}   FRAME_PSMP_ACTION, *PFRAME_PSMP_ACTION;
+
+typedef struct PACKED _FRAME_ACTION_HDR {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+}   FRAME_ACTION_HDR, *PFRAME_ACTION_HDR;
+
+//Action Frame
+//Action Frame  Category:Spectrum,  Action:Channel Switch. 7.3.2.20
+typedef struct PACKED _CHAN_SWITCH_ANNOUNCE {
+       UCHAR                                   ElementID;      // ID = IE_CHANNEL_SWITCH_ANNOUNCEMENT = 37
+       UCHAR                                   Len;
+       CHA_SWITCH_ANNOUNCE_IE  CSAnnounceIe;
+}   CHAN_SWITCH_ANNOUNCE, *PCHAN_SWITCH_ANNOUNCE;
+
+
+//802.11n : 7.3.2.20a
+typedef struct PACKED _SECOND_CHAN_OFFSET {
+       UCHAR                           ElementID;              // ID = IE_SECONDARY_CH_OFFSET = 62
+       UCHAR                           Len;
+       SEC_CHA_OFFSET_IE       SecChOffsetIe;
+}   SECOND_CHAN_OFFSET, *PSECOND_CHAN_OFFSET;
+
+
+typedef struct PACKED _FRAME_SPETRUM_CS {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       CHAN_SWITCH_ANNOUNCE    CSAnnounce;
+       SECOND_CHAN_OFFSET              SecondChannel;
+}   FRAME_SPETRUM_CS, *PFRAME_SPETRUM_CS;
+
+
+typedef struct PACKED _FRAME_ADDBA_REQ {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       UCHAR   Token;  // 1
+       BA_PARM         BaParm;       //  2 - 10
+       USHORT          TimeOutValue;   // 0 - 0
+       BASEQ_CONTROL   BaStartSeq; // 0-0
+}   FRAME_ADDBA_REQ, *PFRAME_ADDBA_REQ;
+
+typedef struct PACKED _FRAME_ADDBA_RSP {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       UCHAR   Token;
+       USHORT  StatusCode;
+       BA_PARM         BaParm; //0 - 2
+       USHORT          TimeOutValue;
+}   FRAME_ADDBA_RSP, *PFRAME_ADDBA_RSP;
+
+typedef struct PACKED _FRAME_DELBA_REQ {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       DELBA_PARM              DelbaParm;
+       USHORT  ReasonCode;
+}   FRAME_DELBA_REQ, *PFRAME_DELBA_REQ;
+
+
+//7.2.1.7
+typedef struct PACKED _FRAME_BAR {
+       FRAME_CONTROL   FC;
+       USHORT          Duration;
+       UCHAR           Addr1[MAC_ADDR_LEN];
+       UCHAR           Addr2[MAC_ADDR_LEN];
+       BAR_CONTROL             BarControl;
+       BASEQ_CONTROL   StartingSeq;
+}   FRAME_BAR, *PFRAME_BAR;
+
+//7.2.1.7
+typedef struct PACKED _FRAME_BA {
+       FRAME_CONTROL   FC;
+       USHORT          Duration;
+       UCHAR           Addr1[MAC_ADDR_LEN];
+       UCHAR           Addr2[MAC_ADDR_LEN];
+       BAR_CONTROL             BarControl;
+       BASEQ_CONTROL   StartingSeq;
+       UCHAR           bitmask[8];
+}   FRAME_BA, *PFRAME_BA;
+
+
+// Radio Measuement Request Frame Format
+typedef struct PACKED _FRAME_RM_REQ_ACTION {
+       HEADER_802_11   Hdr;
+       UCHAR   Category;
+       UCHAR   Action;
+       UCHAR   Token;
+       USHORT  Repetition;
+       UCHAR   data[0];
+}   FRAME_RM_REQ_ACTION, *PFRAME_RM_REQ_ACTION;
+
+typedef struct PACKED {
+       UCHAR           ID;
+       UCHAR           Length;
+       UCHAR           ChannelSwitchMode;
+       UCHAR           NewRegClass;
+       UCHAR           NewChannelNum;
+       UCHAR           ChannelSwitchCount;
+} HT_EXT_CHANNEL_SWITCH_ANNOUNCEMENT_IE, *PHT_EXT_CHANNEL_SWITCH_ANNOUNCEMENT_IE;
+
+
+//
+// _Limit must be the 2**n - 1
+// _SEQ1 , _SEQ2 must be within 0 ~ _Limit
+//
+#define SEQ_STEPONE(_SEQ1, _SEQ2, _Limit)      ((_SEQ1 == ((_SEQ2+1) & _Limit)))
+#define SEQ_SMALLER(_SEQ1, _SEQ2, _Limit)      (((_SEQ1-_SEQ2) & ((_Limit+1)>>1)))
+#define SEQ_LARGER(_SEQ1, _SEQ2, _Limit)       ((_SEQ1 != _SEQ2) && !(((_SEQ1-_SEQ2) & ((_Limit+1)>>1))))
+#define SEQ_WITHIN_WIN(_SEQ1, _SEQ2, _WIN, _Limit) (SEQ_LARGER(_SEQ1, _SEQ2, _Limit) &&  \
+                                                                                               SEQ_SMALLER(_SEQ1, ((_SEQ2+_WIN+1)&_Limit), _Limit))
+
+//
+// Contention-free parameter (without ID and Length)
+//
+typedef struct PACKED {
+    BOOLEAN     bValid;         // 1: variable contains valid value
+    UCHAR       CfpCount;
+    UCHAR       CfpPeriod;
+    USHORT      CfpMaxDuration;
+    USHORT      CfpDurRemaining;
+} CF_PARM, *PCF_PARM;
+
+typedef        struct  _CIPHER_SUITE   {
+       NDIS_802_11_ENCRYPTION_STATUS   PairCipher;             // Unicast cipher 1, this one has more secured cipher suite
+       NDIS_802_11_ENCRYPTION_STATUS   PairCipherAux;  // Unicast cipher 2 if AP announce two unicast cipher suite
+       NDIS_802_11_ENCRYPTION_STATUS   GroupCipher;    // Group cipher
+       USHORT                                                  RsnCapability;  // RSN capability from beacon
+       BOOLEAN                                                 bMixMode;               // Indicate Pair & Group cipher might be different
+}      CIPHER_SUITE, *PCIPHER_SUITE;
+
+// EDCA configuration from AP's BEACON/ProbeRsp
+typedef struct {
+    BOOLEAN     bValid;         // 1: variable contains valid value
+    BOOLEAN     bAdd;         // 1: variable contains valid value
+    BOOLEAN     bQAck;
+    BOOLEAN     bQueueRequest;
+    BOOLEAN     bTxopRequest;
+    BOOLEAN     bAPSDCapable;
+//  BOOLEAN     bMoreDataAck;
+    UCHAR       EdcaUpdateCount;
+    UCHAR       Aifsn[4];       // 0:AC_BK, 1:AC_BE, 2:AC_VI, 3:AC_VO
+    UCHAR       Cwmin[4];
+    UCHAR       Cwmax[4];
+    USHORT      Txop[4];      // in unit of 32-us
+    BOOLEAN     bACM[4];      // 1: Admission Control of AC_BK is mandattory
+} EDCA_PARM, *PEDCA_PARM;
+
+// QBSS LOAD information from QAP's BEACON/ProbeRsp
+typedef struct {
+    BOOLEAN     bValid;                     // 1: variable contains valid value
+    USHORT      StaNum;
+    UCHAR       ChannelUtilization;
+    USHORT      RemainingAdmissionControl;  // in unit of 32-us
+} QBSS_LOAD_PARM, *PQBSS_LOAD_PARM;
+
+// QBSS Info field in QSTA's assoc req
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       UCHAR           Rsv2:1;
+       UCHAR           MaxSPLength:2;
+       UCHAR           Rsv1:1;
+       UCHAR           UAPSD_AC_BE:1;
+       UCHAR           UAPSD_AC_BK:1;
+       UCHAR           UAPSD_AC_VI:1;
+       UCHAR           UAPSD_AC_VO:1;
+#else
+    UCHAR              UAPSD_AC_VO:1;
+       UCHAR           UAPSD_AC_VI:1;
+       UCHAR           UAPSD_AC_BK:1;
+       UCHAR           UAPSD_AC_BE:1;
+       UCHAR           Rsv1:1;
+       UCHAR           MaxSPLength:2;
+       UCHAR           Rsv2:1;
+#endif /* !RT_BIG_ENDIAN */
+} QBSS_STA_INFO_PARM, *PQBSS_STA_INFO_PARM;
+
+// QBSS Info field in QAP's Beacon/ProbeRsp
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+       UCHAR           UAPSD:1;
+       UCHAR           Rsv:3;
+    UCHAR              ParamSetCount:4;
+#else
+    UCHAR              ParamSetCount:4;
+       UCHAR           Rsv:3;
+       UCHAR           UAPSD:1;
+#endif /* !RT_BIG_ENDIAN */
+} QBSS_AP_INFO_PARM, *PQBSS_AP_INFO_PARM;
+
+// QOS Capability reported in QAP's BEACON/ProbeRsp
+// QOS Capability sent out in QSTA's AssociateReq/ReAssociateReq
+typedef struct {
+    BOOLEAN     bValid;                     // 1: variable contains valid value
+    BOOLEAN     bQAck;
+    BOOLEAN     bQueueRequest;
+    BOOLEAN     bTxopRequest;
+//  BOOLEAN     bMoreDataAck;
+    UCHAR       EdcaUpdateCount;
+} QOS_CAPABILITY_PARM, *PQOS_CAPABILITY_PARM;
+
+#ifdef CONFIG_STA_SUPPORT
+typedef struct {
+    UCHAR       IELen;
+    UCHAR       IE[MAX_CUSTOM_LEN];
+} WPA_IE_;
+#endif // CONFIG_STA_SUPPORT //
+
+
+typedef struct {
+    UCHAR   Bssid[MAC_ADDR_LEN];
+    UCHAR   Channel;
+       UCHAR   CentralChannel; //Store the wide-band central channel for 40MHz.  .used in 40MHz AP. Or this is the same as Channel.
+    UCHAR   BssType;
+    USHORT  AtimWin;
+    USHORT  BeaconPeriod;
+
+    UCHAR   SupRate[MAX_LEN_OF_SUPPORTED_RATES];
+    UCHAR   SupRateLen;
+    UCHAR   ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+    UCHAR   ExtRateLen;
+       HT_CAPABILITY_IE HtCapability;
+       UCHAR                   HtCapabilityLen;
+       ADD_HT_INFO_IE AddHtInfo;       // AP might use this additional ht info IE
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChanOffset;
+       CHAR    Rssi;
+    UCHAR   Privacy;                   // Indicate security function ON/OFF. Don't mess up with auth mode.
+       UCHAR   Hidden;
+
+    USHORT  DtimPeriod;
+    USHORT  CapabilityInfo;
+
+    USHORT  CfpCount;
+    USHORT  CfpPeriod;
+    USHORT  CfpMaxDuration;
+    USHORT  CfpDurRemaining;
+    UCHAR   SsidLen;
+    CHAR    Ssid[MAX_LEN_OF_SSID];
+
+    ULONG   LastBeaconRxTime; // OS's timestamp
+
+       BOOLEAN bSES;
+
+       // New for WPA2
+       CIPHER_SUITE                                    WPA;                    // AP announced WPA cipher suite
+       CIPHER_SUITE                                    WPA2;                   // AP announced WPA2 cipher suite
+
+       // New for microsoft WPA support
+       NDIS_802_11_FIXED_IEs   FixIEs;
+       NDIS_802_11_AUTHENTICATION_MODE AuthModeAux;    // Addition mode for WPA2 / WPA capable AP
+       NDIS_802_11_AUTHENTICATION_MODE AuthMode;
+       NDIS_802_11_WEP_STATUS  WepStatus;                              // Unicast Encryption Algorithm extract from VAR_IE
+       USHORT                                  VarIELen;                               // Length of next VIE include EID & Length
+       UCHAR                                   VarIEs[MAX_VIE_LEN];
+
+       // CCX Ckip information
+    UCHAR   CkipFlag;
+
+       // CCX 2 TSF
+       UCHAR   PTSF[4];                // Parent TSF
+       UCHAR   TTSF[8];                // Target TSF
+
+    // 802.11e d9, and WMM
+       EDCA_PARM           EdcaParm;
+       QOS_CAPABILITY_PARM QosCapability;
+       QBSS_LOAD_PARM      QbssLoad;
+#ifdef CONFIG_STA_SUPPORT
+    WPA_IE_     WpaIE;
+    WPA_IE_     RsnIE;
+#ifdef EXT_BUILD_CHANNEL_LIST
+       UCHAR           CountryString[3];
+       BOOLEAN         bHasCountryIE;
+#endif // EXT_BUILD_CHANNEL_LIST //
+#endif // CONFIG_STA_SUPPORT //
+
+} BSS_ENTRY, *PBSS_ENTRY;
+
+typedef struct {
+    UCHAR           BssNr;
+    UCHAR           BssOverlapNr;
+    BSS_ENTRY       BssEntry[MAX_LEN_OF_BSS_TABLE];
+} BSS_TABLE, *PBSS_TABLE;
+
+
+typedef struct _MLME_QUEUE_ELEM {
+    ULONG             Machine;
+    ULONG             MsgType;
+    ULONG             MsgLen;
+    UCHAR             Msg[MGMT_DMA_BUFFER_SIZE];
+    LARGE_INTEGER     TimeStamp;
+    UCHAR             Rssi0;
+    UCHAR             Rssi1;
+    UCHAR             Rssi2;
+    UCHAR             Signal;
+    UCHAR             Channel;
+    UCHAR             Wcid;
+    BOOLEAN           Occupied;
+#ifdef MLME_EX
+       USHORT            Idx;
+#endif // MLME_EX //
+} MLME_QUEUE_ELEM, *PMLME_QUEUE_ELEM;
+
+typedef struct _MLME_QUEUE {
+    ULONG             Num;
+    ULONG             Head;
+    ULONG             Tail;
+    NDIS_SPIN_LOCK   Lock;
+    MLME_QUEUE_ELEM  Entry[MAX_LEN_OF_MLME_QUEUE];
+} MLME_QUEUE, *PMLME_QUEUE;
+
+typedef VOID (*STATE_MACHINE_FUNC)(VOID *Adaptor, MLME_QUEUE_ELEM *Elem);
+
+typedef struct _STATE_MACHINE {
+    ULONG                           Base;
+    ULONG                           NrState;
+    ULONG                           NrMsg;
+    ULONG                           CurrState;
+    STATE_MACHINE_FUNC             *TransFunc;
+} STATE_MACHINE, *PSTATE_MACHINE;
+
+
+// MLME AUX data structure that hold temporarliy settings during a connection attempt.
+// Once this attemp succeeds, all settings will be copy to pAd->StaActive.
+// A connection attempt (user set OID, roaming, CCX fast roaming,..) consists of
+// several steps (JOIN, AUTH, ASSOC or REASSOC) and may fail at any step. We purposely
+// separate this under-trial settings away from pAd->StaActive so that once
+// this new attempt failed, driver can auto-recover back to the active settings.
+typedef struct _MLME_AUX {
+    UCHAR               BssType;
+    UCHAR               Ssid[MAX_LEN_OF_SSID];
+    UCHAR               SsidLen;
+    UCHAR               Bssid[MAC_ADDR_LEN];
+       UCHAR                           AutoReconnectSsid[MAX_LEN_OF_SSID];
+       UCHAR                           AutoReconnectSsidLen;
+    USHORT              Alg;
+    UCHAR               ScanType;
+    UCHAR               Channel;
+       UCHAR               CentralChannel;
+    USHORT              Aid;
+    USHORT              CapabilityInfo;
+    USHORT              BeaconPeriod;
+    USHORT              CfpMaxDuration;
+    USHORT              CfpPeriod;
+    USHORT              AtimWin;
+
+       // Copy supported rate from desired AP's beacon. We are trying to match
+       // AP's supported and extended rate settings.
+       UCHAR                   SupRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR                   ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR                   SupRateLen;
+       UCHAR                   ExtRateLen;
+       HT_CAPABILITY_IE                HtCapability;
+       UCHAR                           HtCapabilityLen;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                   NewExtChannelOffset;
+       //RT_HT_CAPABILITY      SupportedHtPhy;
+
+    // new for QOS
+    QOS_CAPABILITY_PARM APQosCapability;    // QOS capability of the current associated AP
+    EDCA_PARM           APEdcaParm;         // EDCA parameters of the current associated AP
+    QBSS_LOAD_PARM      APQbssLoad;         // QBSS load of the current associated AP
+
+    // new to keep Ralink specific feature
+    ULONG               APRalinkIe;
+
+    BSS_TABLE           SsidBssTab;     // AP list for the same SSID
+    BSS_TABLE           RoamTab;        // AP list eligible for roaming
+    ULONG               BssIdx;
+    ULONG               RoamIdx;
+
+       BOOLEAN                         CurrReqIsFromNdis;
+
+    RALINK_TIMER_STRUCT BeaconTimer, ScanTimer;
+    RALINK_TIMER_STRUCT AuthTimer;
+    RALINK_TIMER_STRUCT AssocTimer, ReassocTimer, DisassocTimer;
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+} MLME_AUX, *PMLME_AUX;
+
+typedef struct _MLME_ADDBA_REQ_STRUCT{
+       UCHAR   Wcid;   //
+       UCHAR   pAddr[MAC_ADDR_LEN];
+       UCHAR   BaBufSize;
+       USHORT  TimeOutValue;
+       UCHAR   TID;
+       UCHAR   Token;
+       USHORT  BaStartSeq;
+} MLME_ADDBA_REQ_STRUCT, *PMLME_ADDBA_REQ_STRUCT;
+
+
+typedef struct _MLME_DELBA_REQ_STRUCT{
+       UCHAR   Wcid;   //
+       UCHAR     Addr[MAC_ADDR_LEN];
+       UCHAR   TID;
+       UCHAR   Initiator;
+} MLME_DELBA_REQ_STRUCT, *PMLME_DELBA_REQ_STRUCT;
+
+// assoc struct is equal to reassoc
+typedef struct _MLME_ASSOC_REQ_STRUCT{
+    UCHAR     Addr[MAC_ADDR_LEN];
+    USHORT    CapabilityInfo;
+    USHORT    ListenIntv;
+    ULONG     Timeout;
+} MLME_ASSOC_REQ_STRUCT, *PMLME_ASSOC_REQ_STRUCT, MLME_REASSOC_REQ_STRUCT, *PMLME_REASSOC_REQ_STRUCT;
+
+typedef struct _MLME_DISASSOC_REQ_STRUCT{
+    UCHAR     Addr[MAC_ADDR_LEN];
+    USHORT    Reason;
+} MLME_DISASSOC_REQ_STRUCT, *PMLME_DISASSOC_REQ_STRUCT;
+
+typedef struct _MLME_AUTH_REQ_STRUCT {
+    UCHAR        Addr[MAC_ADDR_LEN];
+    USHORT       Alg;
+    ULONG        Timeout;
+} MLME_AUTH_REQ_STRUCT, *PMLME_AUTH_REQ_STRUCT;
+
+typedef struct _MLME_DEAUTH_REQ_STRUCT {
+    UCHAR        Addr[MAC_ADDR_LEN];
+    USHORT       Reason;
+} MLME_DEAUTH_REQ_STRUCT, *PMLME_DEAUTH_REQ_STRUCT;
+
+typedef struct {
+    ULONG      BssIdx;
+} MLME_JOIN_REQ_STRUCT;
+
+typedef struct _MLME_SCAN_REQ_STRUCT {
+    UCHAR      Bssid[MAC_ADDR_LEN];
+    UCHAR      BssType;
+    UCHAR      ScanType;
+    UCHAR      SsidLen;
+    CHAR       Ssid[MAX_LEN_OF_SSID];
+} MLME_SCAN_REQ_STRUCT, *PMLME_SCAN_REQ_STRUCT;
+
+typedef struct _MLME_START_REQ_STRUCT {
+    CHAR        Ssid[MAX_LEN_OF_SSID];
+    UCHAR       SsidLen;
+} MLME_START_REQ_STRUCT, *PMLME_START_REQ_STRUCT;
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+// structure for DLS
+typedef struct _RT_802_11_DLS {
+       USHORT                                          TimeOut;                // Use to time out while slience, unit: second , set by UI
+       USHORT                                          CountDownTimer; // Use to time out while slience,unit: second , used by driver only
+       NDIS_802_11_MAC_ADDRESS         MacAddr;                // set by UI
+       UCHAR                                           Status;                 // 0: none , 1: wait STAkey, 2: finish DLS setup , set by driver only
+       BOOLEAN                                         Valid;                  // 1: valid , 0: invalid , set by UI, use to setup or tear down DLS link
+       RALINK_TIMER_STRUCT                     Timer;                  // Use to time out while handshake
+       USHORT                                          Sequence;
+       USHORT                                          MacTabMatchWCID;        // ASIC
+       BOOLEAN                                         bHTCap;
+       PVOID                                           pAd;
+} RT_802_11_DLS, *PRT_802_11_DLS;
+
+typedef struct _MLME_DLS_REQ_STRUCT {
+    PRT_802_11_DLS     pDLS;
+    USHORT                     Reason;
+} MLME_DLS_REQ_STRUCT, *PMLME_DLS_REQ_STRUCT;
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+typedef struct PACKED {
+    UCHAR   Eid;
+    UCHAR   Len;
+    UCHAR   Octet[1];
+} EID_STRUCT,*PEID_STRUCT, BEACON_EID_STRUCT, *PBEACON_EID_STRUCT;
+
+typedef struct PACKED _RTMP_TX_RATE_SWITCH
+{
+       UCHAR   ItemNo;
+#ifdef RT_BIG_ENDIAN
+       UCHAR   Rsv2:2;
+       UCHAR   Mode:2;
+       UCHAR   Rsv1:1;
+       UCHAR   BW:1;
+       UCHAR   ShortGI:1;
+       UCHAR   STBC:1;
+#else
+       UCHAR   STBC:1;
+       UCHAR   ShortGI:1;
+       UCHAR   BW:1;
+       UCHAR   Rsv1:1;
+       UCHAR   Mode:2;
+       UCHAR   Rsv2:2;
+#endif
+       UCHAR   CurrMCS;
+       UCHAR   TrainUp;
+       UCHAR   TrainDown;
+} RRTMP_TX_RATE_SWITCH, *PRTMP_TX_RATE_SWITCH;
+
+// ========================== AP mlme.h ===============================
+#define TBTT_PRELOAD_TIME       384        // usec. LomgPreamble + 24-byte at 1Mbps
+#define DEFAULT_DTIM_PERIOD     1
+
+// weighting factor to calculate Channel quality, total should be 100%
+//#define RSSI_WEIGHTING                   0
+//#define TX_WEIGHTING                     40
+//#define RX_WEIGHTING                     60
+
+#define MAC_TABLE_AGEOUT_TIME                  300                     // unit: sec
+#define MAC_TABLE_ASSOC_TIMEOUT                        5                       // unit: sec
+#define MAC_TABLE_FULL(Tab)                            ((Tab).size == MAX_LEN_OF_MAC_TABLE)
+
+// AP shall drop the sta if contine Tx fail count reach it.
+#define MAC_ENTRY_LIFE_CHECK_CNT               20                      // packet cnt.
+
+// Value domain of pMacEntry->Sst
+typedef enum _Sst {
+    SST_NOT_AUTH,   // 0: equivalent to IEEE 802.11/1999 state 1
+    SST_AUTH,       // 1: equivalent to IEEE 802.11/1999 state 2
+    SST_ASSOC       // 2: equivalent to IEEE 802.11/1999 state 3
+} SST;
+
+// value domain of pMacEntry->AuthState
+typedef enum _AuthState {
+    AS_NOT_AUTH,
+    AS_AUTH_OPEN,       // STA has been authenticated using OPEN SYSTEM
+    AS_AUTH_KEY,        // STA has been authenticated using SHARED KEY
+    AS_AUTHENTICATING   // STA is waiting for AUTH seq#3 using SHARED KEY
+} AUTH_STATE;
+
+//for-wpa value domain of pMacEntry->WpaState  802.1i D3   p.114
+typedef enum _ApWpaState {
+    AS_NOTUSE,              // 0
+    AS_DISCONNECT,          // 1
+    AS_DISCONNECTED,        // 2
+    AS_INITIALIZE,          // 3
+    AS_AUTHENTICATION,      // 4
+    AS_AUTHENTICATION2,     // 5
+    AS_INITPMK,             // 6
+    AS_INITPSK,             // 7
+    AS_PTKSTART,            // 8
+    AS_PTKINIT_NEGOTIATING, // 9
+    AS_PTKINITDONE,         // 10
+    AS_UPDATEKEYS,          // 11
+    AS_INTEGRITY_FAILURE,   // 12
+    AS_KEYUPDATE,           // 13
+} AP_WPA_STATE;
+
+// for-wpa value domain of pMacEntry->WpaState  802.1i D3   p.114
+typedef enum _GTKState {
+    REKEY_NEGOTIATING,
+    REKEY_ESTABLISHED,
+    KEYERROR,
+} GTK_STATE;
+
+//  for-wpa  value domain of pMacEntry->WpaState  802.1i D3   p.114
+typedef enum _WpaGTKState {
+    SETKEYS,
+    SETKEYS_DONE,
+} WPA_GTK_STATE;
+// ====================== end of AP mlme.h ============================
+
+
+#endif // MLME_H__
diff --git a/drivers/staging/rt3090/mlme_ex.h b/drivers/staging/rt3090/mlme_ex.h
new file mode 100644 (file)
index 0000000..b3e94dc
--- /dev/null
@@ -0,0 +1,83 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    mlme_ex.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+       Fonchi          2007-06-25              Extend original mlme APIs to support multi-entries
+*/
+#ifndef __MLME_EX_H__
+#define __MLME_EX_H__
+
+#include "mlme_ex_def.h"
+
+
+VOID StateMachineInitEx(
+       IN STATE_MACHINE_EX *S,
+       IN STATE_MACHINE_FUNC_EX Trans[],
+       IN ULONG StNr,
+       IN ULONG MsgNr,
+       IN STATE_MACHINE_FUNC_EX DefFunc,
+       IN ULONG InitState,
+       IN ULONG Base);
+
+VOID StateMachineSetActionEx(
+       IN STATE_MACHINE_EX *S,
+       IN ULONG St,
+       IN ULONG Msg,
+       IN STATE_MACHINE_FUNC_EX Func);
+
+BOOLEAN isValidApCliIf(
+       SHORT Idx);
+
+VOID StateMachinePerformActionEx(
+       IN PRTMP_ADAPTER pAd,
+       IN STATE_MACHINE_EX *S,
+       IN MLME_QUEUE_ELEM *Elem,
+       USHORT Idx,
+       PULONG pCurrState);
+
+BOOLEAN MlmeEnqueueEx(
+       IN      PRTMP_ADAPTER pAd,
+       IN ULONG Machine,
+       IN ULONG MsgType,
+       IN ULONG MsgLen,
+       IN VOID *Msg,
+       IN USHORT Idx);
+
+VOID DropEx(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem,
+       PULONG pCurrState,
+       USHORT Idx);
+
+#endif /* __MLME_EX_H__ */
diff --git a/drivers/staging/rt3090/mlme_ex_def.h b/drivers/staging/rt3090/mlme_ex_def.h
new file mode 100644 (file)
index 0000000..ccd60b4
--- /dev/null
@@ -0,0 +1,53 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    mlme_ex_def.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+       Fonchi          2007-06-25              Extend original mlme APIs to support multi-entries
+*/
+#ifndef __MLME_EX_DEF_H__
+#define __MLME_EX_DEF_H__
+
+
+typedef VOID (*STATE_MACHINE_FUNC_EX)(VOID *Adaptor, MLME_QUEUE_ELEM *Elem, PULONG pCurrState, USHORT Idx);
+
+typedef struct _STA_STATE_MACHINE_EX
+{
+       ULONG                                   Base;
+       ULONG                                   NrState;
+       ULONG                                   NrMsg;
+       ULONG                                   CurrState;
+       STATE_MACHINE_FUNC_EX   *TransFunc;
+} STATE_MACHINE_EX, *PSTA_STATE_MACHINE_EX;
+
+#endif // __MLME_EX_DEF_H__ //
diff --git a/drivers/staging/rt3090/netif_block.h b/drivers/staging/rt3090/netif_block.h
new file mode 100644 (file)
index 0000000..9e75389
--- /dev/null
@@ -0,0 +1,56 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#ifndef __NET_IF_BLOCK_H__
+#define __NET_IF_BLOCK_H__
+
+#include "link_list.h"
+#include "rtmp.h"
+
+#define FREE_NETIF_POOL_SIZE 32
+
+typedef struct _NETIF_ENTRY
+{
+       struct _NETIF_ENTRY *pNext;
+       PNET_DEV pNetDev;
+} NETIF_ENTRY, *PNETIF_ENTRY;
+
+void initblockQueueTab(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN blockNetIf(
+       IN PBLOCK_QUEUE_ENTRY pBlockQueueEntry,
+       IN PNET_DEV pNetDev);
+
+VOID releaseNetIf(
+       IN PBLOCK_QUEUE_ENTRY pBlockQueueEntry);
+
+VOID StopNetIfQueue(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR QueIdx,
+       IN PNDIS_PACKET pPacket);
+#endif // __NET_IF_BLOCK_H__
diff --git a/drivers/staging/rt3090/oid.h b/drivers/staging/rt3090/oid.h
new file mode 100644 (file)
index 0000000..29a4340
--- /dev/null
@@ -0,0 +1,1144 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       oid.h
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Name            Date                    Modification logs
+*/
+#ifndef _OID_H_
+#define _OID_H_
+
+//#include <linux/wireless.h>
+
+#ifndef TRUE
+#define TRUE                           1
+#endif
+#ifndef FALSE
+#define FALSE                          0
+#endif
+//
+// IEEE 802.11 Structures and definitions
+//
+#define MAX_TX_POWER_LEVEL              100   /* mW */
+#define MAX_RSSI_TRIGGER                -10    /* dBm */
+#define MIN_RSSI_TRIGGER                -200   /* dBm */
+#define MAX_FRAG_THRESHOLD              2346  /* byte count */
+#define MIN_FRAG_THRESHOLD              256   /* byte count */
+#define MAX_RTS_THRESHOLD               2347  /* byte count */
+
+// new types for Media Specific Indications
+// Extension channel offset
+#define EXTCHA_NONE                    0
+#define EXTCHA_ABOVE           0x1
+#define EXTCHA_BELOW           0x3
+
+// BW
+#define BAND_WIDTH_20          0
+#define BAND_WIDTH_40          1
+#define BAND_WIDTH_BOTH                2
+#define BAND_WIDTH_10          3       // 802.11j has 10MHz. This definition is for internal usage. doesn't fill in the IE or other field.
+// SHORTGI
+#define GAP_INTERVAL_400       1       // only support in HT mode
+#define GAP_INTERVAL_800       0
+#define GAP_INTERVAL_BOTH      2
+
+#define NdisMediaStateConnected                        1
+#define NdisMediaStateDisconnected             0
+
+#define NDIS_802_11_LENGTH_SSID         32
+#define NDIS_802_11_LENGTH_RATES        8
+#define NDIS_802_11_LENGTH_RATES_EX     16
+#define MAC_ADDR_LENGTH                 6
+//#define MAX_NUM_OF_CHS                                       49 // 14 channels @2.4G +  12@UNII + 4 @MMAC + 11 @HiperLAN2 + 7 @Japan + 1 as NULL terminationc
+#define MAX_NUM_OF_CHS                         54      // 14 channels @2.4G +  12@UNII(lower/middle) + 16@HiperLAN2 + 11@UNII(upper) + 0 @Japan + 1 as NULL termination
+#define MAX_NUMBER_OF_EVENT                            10  // entry # in EVENT table
+#define MAX_NUMBER_OF_MAC                              32 // if MAX_MBSSID_NUM is 8, this value can't be larger than 211
+#define MAX_NUMBER_OF_ACL                              64
+#define MAX_LENGTH_OF_SUPPORT_RATES            12    // 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54
+#define MAX_NUMBER_OF_DLS_ENTRY                        4
+
+
+#define RT_QUERY_SIGNAL_CONTEXT                                0x0402
+#define RT_SET_IAPP_PID                                0x0404
+#define RT_SET_APD_PID                                         0x0405
+#define RT_SET_DEL_MAC_ENTRY                           0x0406
+#define RT_QUERY_EVENT_TABLE                   0x0407
+//
+// IEEE 802.11 OIDs
+//
+#define        OID_GET_SET_TOGGLE                      0x8000
+#define        OID_GET_SET_FROM_UI                     0x4000
+
+#define        OID_802_11_NETWORK_TYPES_SUPPORTED                      0x0103
+#define        OID_802_11_NETWORK_TYPE_IN_USE                          0x0104
+#define        OID_802_11_RSSI_TRIGGER                                         0x0107
+#define        RT_OID_802_11_RSSI                                                      0x0108 //rt2860 only , kathy
+#define        RT_OID_802_11_RSSI_1                                            0x0109 //rt2860 only , kathy
+#define        RT_OID_802_11_RSSI_2                                            0x010A //rt2860 only , kathy
+#define        OID_802_11_NUMBER_OF_ANTENNAS                           0x010B
+#define        OID_802_11_RX_ANTENNA_SELECTED                          0x010C
+#define        OID_802_11_TX_ANTENNA_SELECTED                          0x010D
+#define        OID_802_11_SUPPORTED_RATES                                      0x010E
+#define        OID_802_11_ADD_WEP                                                      0x0112
+#define        OID_802_11_REMOVE_WEP                                           0x0113
+#define        OID_802_11_DISASSOCIATE                                         0x0114
+#define        OID_802_11_PRIVACY_FILTER                                       0x0118
+#define        OID_802_11_ASSOCIATION_INFORMATION                      0x011E
+#define        OID_802_11_TEST                                                         0x011F
+
+
+#define        RT_OID_802_11_COUNTRY_REGION                            0x0507
+#define        OID_802_11_BSSID_LIST_SCAN                                      0x0508
+#define        OID_802_11_SSID                                                         0x0509
+#define        OID_802_11_BSSID                                                        0x050A
+#define        RT_OID_802_11_RADIO                                                     0x050B
+#define        RT_OID_802_11_PHY_MODE                                          0x050C
+#define        RT_OID_802_11_STA_CONFIG                                        0x050D
+#define        OID_802_11_DESIRED_RATES                                        0x050E
+#define        RT_OID_802_11_PREAMBLE                                          0x050F
+#define        OID_802_11_WEP_STATUS                                           0x0510
+#define        OID_802_11_AUTHENTICATION_MODE                          0x0511
+#define        OID_802_11_INFRASTRUCTURE_MODE                          0x0512
+#define        RT_OID_802_11_RESET_COUNTERS                            0x0513
+#define        OID_802_11_RTS_THRESHOLD                                        0x0514
+#define        OID_802_11_FRAGMENTATION_THRESHOLD                      0x0515
+#define        OID_802_11_POWER_MODE                                           0x0516
+#define        OID_802_11_TX_POWER_LEVEL                                       0x0517
+#define        RT_OID_802_11_ADD_WPA                                           0x0518
+#define        OID_802_11_REMOVE_KEY                                           0x0519
+#define        OID_802_11_ADD_KEY                                                      0x0520
+#define        OID_802_11_CONFIGURATION                                        0x0521
+#define        OID_802_11_TX_PACKET_BURST                                      0x0522
+#define        RT_OID_802_11_QUERY_NOISE_LEVEL                         0x0523
+#define        RT_OID_802_11_EXTRA_INFO                                        0x0524
+#ifdef DBG
+#define        RT_OID_802_11_HARDWARE_REGISTER                         0x0525
+#endif
+#define OID_802_11_ENCRYPTION_STATUS            OID_802_11_WEP_STATUS
+#define OID_802_11_DEAUTHENTICATION                 0x0526
+#define OID_802_11_DROP_UNENCRYPTED                 0x0527
+#define OID_802_11_MIC_FAILURE_REPORT_FRAME         0x0528
+#define OID_802_11_EAP_METHOD                                          0x0529
+
+// For 802.1x daemin using to require current driver configuration
+#define OID_802_11_RADIUS_QUERY_SETTING                                0x0540
+
+#define        RT_OID_DEVICE_NAME                                                      0x0607
+#define        RT_OID_VERSION_INFO                                                     0x0608
+#define        OID_802_11_BSSID_LIST                                           0x0609
+#define        OID_802_3_CURRENT_ADDRESS                                       0x060A
+#define        OID_GEN_MEDIA_CONNECT_STATUS                            0x060B
+#define        RT_OID_802_11_QUERY_LINK_STATUS                         0x060C
+#define        OID_802_11_RSSI                                                         0x060D
+#define        OID_802_11_STATISTICS                                           0x060E
+#define        OID_GEN_RCV_OK                                                          0x060F
+#define        OID_GEN_RCV_NO_BUFFER                                           0x0610
+#define        RT_OID_802_11_QUERY_EEPROM_VERSION                      0x0611
+#define        RT_OID_802_11_QUERY_FIRMWARE_VERSION            0x0612
+#define        RT_OID_802_11_QUERY_LAST_RX_RATE                        0x0613
+#define        RT_OID_802_11_TX_POWER_LEVEL_1                          0x0614
+#define        RT_OID_802_11_QUERY_PIDVID                                      0x0615
+//for WPA_SUPPLICANT_SUPPORT
+#define OID_SET_COUNTERMEASURES                     0x0616
+#define OID_802_11_SET_IEEE8021X                    0x0617
+#define OID_802_11_SET_IEEE8021X_REQUIRE_KEY        0x0618
+#define OID_802_11_PMKID                            0x0620
+#define RT_OID_WPA_SUPPLICANT_SUPPORT               0x0621
+#define RT_OID_WE_VERSION_COMPILED                  0x0622
+#define RT_OID_NEW_DRIVER                           0x0623
+
+#define        RT_OID_802_11_SNR_0                                                     0x0630
+#define        RT_OID_802_11_SNR_1                                                     0x0631
+#define        RT_OID_802_11_QUERY_LAST_TX_RATE                        0x0632
+#define        RT_OID_802_11_QUERY_HT_PHYMODE                          0x0633
+#define        RT_OID_802_11_SET_HT_PHYMODE                            0x0634
+#define        OID_802_11_RELOAD_DEFAULTS                                      0x0635
+#define        RT_OID_802_11_QUERY_APSD_SETTING                        0x0636
+#define        RT_OID_802_11_SET_APSD_SETTING                          0x0637
+#define        RT_OID_802_11_QUERY_APSD_PSM                            0x0638
+#define        RT_OID_802_11_SET_APSD_PSM                                      0x0639
+#define        RT_OID_802_11_QUERY_DLS                                         0x063A
+#define        RT_OID_802_11_SET_DLS                                           0x063B
+#define        RT_OID_802_11_QUERY_DLS_PARAM                           0x063C
+#define        RT_OID_802_11_SET_DLS_PARAM                                     0x063D
+#define RT_OID_802_11_QUERY_WMM                                0x063E
+#define RT_OID_802_11_SET_WMM                                          0x063F
+#define RT_OID_802_11_QUERY_IMME_BA_CAP                                0x0640
+#define RT_OID_802_11_SET_IMME_BA_CAP                          0x0641
+#define RT_OID_802_11_QUERY_BATABLE                                    0x0642
+#define RT_OID_802_11_ADD_IMME_BA                                      0x0643
+#define RT_OID_802_11_TEAR_IMME_BA                                     0x0644
+#define RT_OID_DRIVER_DEVICE_NAME                   0x0645
+#define RT_OID_802_11_QUERY_DAT_HT_PHYMODE          0x0646
+#define RT_OID_QUERY_MULTIPLE_CARD_SUPPORT          0x0647
+#define OID_802_11_SET_PSPXLINK_MODE                           0x0648
+/*+++ add by woody +++*/
+#define OID_802_11_SET_PASSPHRASE                              0x0649
+// Ralink defined OIDs
+// Dennis Lee move to platform specific
+
+#define        RT_OID_802_11_BSSID                                       (OID_GET_SET_TOGGLE | OID_802_11_BSSID)
+#define        RT_OID_802_11_SSID                                        (OID_GET_SET_TOGGLE | OID_802_11_SSID)
+#define        RT_OID_802_11_INFRASTRUCTURE_MODE         (OID_GET_SET_TOGGLE | OID_802_11_INFRASTRUCTURE_MODE)
+#define        RT_OID_802_11_ADD_WEP                             (OID_GET_SET_TOGGLE | OID_802_11_ADD_WEP)
+#define        RT_OID_802_11_ADD_KEY                             (OID_GET_SET_TOGGLE | OID_802_11_ADD_KEY)
+#define        RT_OID_802_11_REMOVE_WEP                          (OID_GET_SET_TOGGLE | OID_802_11_REMOVE_WEP)
+#define        RT_OID_802_11_REMOVE_KEY                          (OID_GET_SET_TOGGLE | OID_802_11_REMOVE_KEY)
+#define        RT_OID_802_11_DISASSOCIATE                        (OID_GET_SET_TOGGLE | OID_802_11_DISASSOCIATE)
+#define        RT_OID_802_11_AUTHENTICATION_MODE         (OID_GET_SET_TOGGLE | OID_802_11_AUTHENTICATION_MODE)
+#define        RT_OID_802_11_PRIVACY_FILTER              (OID_GET_SET_TOGGLE | OID_802_11_PRIVACY_FILTER)
+#define        RT_OID_802_11_BSSID_LIST_SCAN             (OID_GET_SET_TOGGLE | OID_802_11_BSSID_LIST_SCAN)
+#define        RT_OID_802_11_WEP_STATUS                          (OID_GET_SET_TOGGLE | OID_802_11_WEP_STATUS)
+#define        RT_OID_802_11_RELOAD_DEFAULTS             (OID_GET_SET_TOGGLE | OID_802_11_RELOAD_DEFAULTS)
+#define        RT_OID_802_11_NETWORK_TYPE_IN_USE         (OID_GET_SET_TOGGLE | OID_802_11_NETWORK_TYPE_IN_USE)
+#define        RT_OID_802_11_TX_POWER_LEVEL              (OID_GET_SET_TOGGLE | OID_802_11_TX_POWER_LEVEL)
+#define        RT_OID_802_11_RSSI_TRIGGER                        (OID_GET_SET_TOGGLE | OID_802_11_RSSI_TRIGGER)
+#define        RT_OID_802_11_FRAGMENTATION_THRESHOLD (OID_GET_SET_TOGGLE |     OID_802_11_FRAGMENTATION_THRESHOLD)
+#define        RT_OID_802_11_RTS_THRESHOLD                       (OID_GET_SET_TOGGLE | OID_802_11_RTS_THRESHOLD)
+#define        RT_OID_802_11_RX_ANTENNA_SELECTED         (OID_GET_SET_TOGGLE | OID_802_11_RX_ANTENNA_SELECTED)
+#define        RT_OID_802_11_TX_ANTENNA_SELECTED         (OID_GET_SET_TOGGLE | OID_802_11_TX_ANTENNA_SELECTED)
+#define        RT_OID_802_11_SUPPORTED_RATES             (OID_GET_SET_TOGGLE | OID_802_11_SUPPORTED_RATES)
+#define        RT_OID_802_11_DESIRED_RATES                       (OID_GET_SET_TOGGLE | OID_802_11_DESIRED_RATES)
+#define        RT_OID_802_11_CONFIGURATION                       (OID_GET_SET_TOGGLE | OID_802_11_CONFIGURATION)
+#define        RT_OID_802_11_POWER_MODE                          (OID_GET_SET_TOGGLE | OID_802_11_POWER_MODE)
+#define RT_OID_802_11_SET_PSPXLINK_MODE                  (OID_GET_SET_TOGGLE | OID_802_11_SET_PSPXLINK_MODE)
+#define RT_OID_802_11_EAP_METHOD                         (OID_GET_SET_TOGGLE | OID_802_11_EAP_METHOD)
+#define RT_OID_802_11_SET_PASSPHRASE             (OID_GET_SET_TOGGLE | OID_802_11_SET_PASSPHRASE)
+
+
+
+typedef enum _NDIS_802_11_STATUS_TYPE
+{
+    Ndis802_11StatusType_Authentication,
+    Ndis802_11StatusType_MediaStreamMode,
+    Ndis802_11StatusType_PMKID_CandidateList,
+    Ndis802_11StatusTypeMax    // not a real type, defined as an upper bound
+} NDIS_802_11_STATUS_TYPE, *PNDIS_802_11_STATUS_TYPE;
+
+typedef UCHAR   NDIS_802_11_MAC_ADDRESS[6];
+
+typedef struct _NDIS_802_11_STATUS_INDICATION
+{
+    NDIS_802_11_STATUS_TYPE StatusType;
+} NDIS_802_11_STATUS_INDICATION, *PNDIS_802_11_STATUS_INDICATION;
+
+// mask for authentication/integrity fields
+#define NDIS_802_11_AUTH_REQUEST_AUTH_FIELDS        0x0f
+
+#define NDIS_802_11_AUTH_REQUEST_REAUTH             0x01
+#define NDIS_802_11_AUTH_REQUEST_KEYUPDATE          0x02
+#define NDIS_802_11_AUTH_REQUEST_PAIRWISE_ERROR     0x06
+#define NDIS_802_11_AUTH_REQUEST_GROUP_ERROR        0x0E
+
+typedef struct _NDIS_802_11_AUTHENTICATION_REQUEST
+{
+    ULONG Length;            // Length of structure
+    NDIS_802_11_MAC_ADDRESS Bssid;
+    ULONG Flags;
+} NDIS_802_11_AUTHENTICATION_REQUEST, *PNDIS_802_11_AUTHENTICATION_REQUEST;
+
+//Added new types for PMKID Candidate lists.
+typedef struct _PMKID_CANDIDATE {
+    NDIS_802_11_MAC_ADDRESS BSSID;
+    ULONG Flags;
+} PMKID_CANDIDATE, *PPMKID_CANDIDATE;
+
+typedef struct _NDIS_802_11_PMKID_CANDIDATE_LIST
+{
+    ULONG Version;       // Version of the structure
+    ULONG NumCandidates; // No. of pmkid candidates
+    PMKID_CANDIDATE CandidateList[1];
+} NDIS_802_11_PMKID_CANDIDATE_LIST, *PNDIS_802_11_PMKID_CANDIDATE_LIST;
+
+//Flags for PMKID Candidate list structure
+#define NDIS_802_11_PMKID_CANDIDATE_PREAUTH_ENABLED    0x01
+
+// Added new types for OFDM 5G and 2.4G
+typedef enum _NDIS_802_11_NETWORK_TYPE
+{
+   Ndis802_11FH,
+   Ndis802_11DS,
+    Ndis802_11OFDM5,
+    Ndis802_11OFDM24,
+       Ndis802_11Automode,
+    Ndis802_11OFDM5_N,
+    Ndis802_11OFDM24_N,
+    Ndis802_11NetworkTypeMax    // not a real type, defined as an upper bound
+} NDIS_802_11_NETWORK_TYPE, *PNDIS_802_11_NETWORK_TYPE;
+
+typedef struct _NDIS_802_11_NETWORK_TYPE_LIST
+{
+    UINT                       NumberOfItems;  // in list below, at least 1
+   NDIS_802_11_NETWORK_TYPE    NetworkType [1];
+} NDIS_802_11_NETWORK_TYPE_LIST, *PNDIS_802_11_NETWORK_TYPE_LIST;
+
+typedef enum _NDIS_802_11_POWER_MODE
+{
+    Ndis802_11PowerModeCAM,
+    Ndis802_11PowerModeMAX_PSP,
+    Ndis802_11PowerModeFast_PSP,
+    Ndis802_11PowerModeLegacy_PSP,
+    Ndis802_11PowerModeMax      // not a real mode, defined as an upper bound
+} NDIS_802_11_POWER_MODE, *PNDIS_802_11_POWER_MODE;
+
+typedef ULONG   NDIS_802_11_TX_POWER_LEVEL; // in milliwatts
+
+//
+// Received Signal Strength Indication
+//
+typedef LONG    NDIS_802_11_RSSI;           // in dBm
+
+typedef struct _NDIS_802_11_CONFIGURATION_FH
+{
+   ULONG           Length;            // Length of structure
+   ULONG           HopPattern;        // As defined by 802.11, MSB set
+   ULONG           HopSet;            // to one if non-802.11
+   ULONG           DwellTime;         // units are Kusec
+} NDIS_802_11_CONFIGURATION_FH, *PNDIS_802_11_CONFIGURATION_FH;
+
+typedef struct _NDIS_802_11_CONFIGURATION
+{
+   ULONG                           Length;             // Length of structure
+   ULONG                           BeaconPeriod;       // units are Kusec
+   ULONG                           ATIMWindow;         // units are Kusec
+   ULONG                           DSConfig;           // Frequency, units are kHz
+   NDIS_802_11_CONFIGURATION_FH    FHConfig;
+} NDIS_802_11_CONFIGURATION, *PNDIS_802_11_CONFIGURATION;
+
+typedef struct _NDIS_802_11_STATISTICS
+{
+   ULONG           Length;             // Length of structure
+   LARGE_INTEGER   TransmittedFragmentCount;
+   LARGE_INTEGER   MulticastTransmittedFrameCount;
+   LARGE_INTEGER   FailedCount;
+   LARGE_INTEGER   RetryCount;
+   LARGE_INTEGER   MultipleRetryCount;
+   LARGE_INTEGER   RTSSuccessCount;
+   LARGE_INTEGER   RTSFailureCount;
+   LARGE_INTEGER   ACKFailureCount;
+   LARGE_INTEGER   FrameDuplicateCount;
+   LARGE_INTEGER   ReceivedFragmentCount;
+   LARGE_INTEGER   MulticastReceivedFrameCount;
+   LARGE_INTEGER   FCSErrorCount;
+   LARGE_INTEGER   TKIPLocalMICFailures;
+   LARGE_INTEGER   TKIPRemoteMICErrors;
+   LARGE_INTEGER   TKIPICVErrors;
+   LARGE_INTEGER   TKIPCounterMeasuresInvoked;
+   LARGE_INTEGER   TKIPReplays;
+   LARGE_INTEGER   CCMPFormatErrors;
+   LARGE_INTEGER   CCMPReplays;
+   LARGE_INTEGER   CCMPDecryptErrors;
+   LARGE_INTEGER   FourWayHandshakeFailures;
+} NDIS_802_11_STATISTICS, *PNDIS_802_11_STATISTICS;
+
+typedef  ULONG  NDIS_802_11_KEY_INDEX;
+typedef ULONGLONG   NDIS_802_11_KEY_RSC;
+
+#define MAX_RADIUS_SRV_NUM                     2         // 802.1x failover number
+
+typedef struct PACKED _RADIUS_SRV_INFO {
+       UINT32                  radius_ip;
+       UINT32                  radius_port;
+       UCHAR                   radius_key[64];
+       UCHAR                   radius_key_len;
+} RADIUS_SRV_INFO, *PRADIUS_SRV_INFO;
+
+typedef struct PACKED _RADIUS_KEY_INFO
+{
+       UCHAR                   radius_srv_num;
+       RADIUS_SRV_INFO radius_srv_info[MAX_RADIUS_SRV_NUM];
+       UCHAR                   ieee8021xWEP;            // dynamic WEP
+    UCHAR           key_index;
+    UCHAR           key_length;          // length of key in bytes
+    UCHAR           key_material[13];
+} RADIUS_KEY_INFO, *PRADIUS_KEY_INFO;
+
+// It's used by 802.1x daemon to require relative configuration
+typedef struct PACKED _RADIUS_CONF
+{
+    UINT32          Length;             // Length of this structure
+    UCHAR                      mbss_num;                       // indicate multiple BSS number
+       UINT32                  own_ip_addr;
+       UINT32                  retry_interval;
+       UINT32                  session_timeout_interval;
+       UCHAR                   EAPifname[8][IFNAMSIZ];
+       UCHAR                   EAPifname_len[8];
+       UCHAR                   PreAuthifname[8][IFNAMSIZ];
+       UCHAR                   PreAuthifname_len[8];
+       RADIUS_KEY_INFO RadiusInfo[8];
+} RADIUS_CONF, *PRADIUS_CONF;
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+// Key mapping keys require a BSSID
+typedef struct _NDIS_802_11_KEY
+{
+    UINT           Length;             // Length of this structure
+    UINT           KeyIndex;
+    UINT           KeyLength;          // length of key in bytes
+    NDIS_802_11_MAC_ADDRESS BSSID;
+    NDIS_802_11_KEY_RSC KeyRSC;
+    UCHAR           KeyMaterial[1];     // variable length depending on above field
+} NDIS_802_11_KEY, *PNDIS_802_11_KEY;
+
+typedef struct _NDIS_802_11_PASSPHRASE
+{
+    UINT           KeyLength;          // length of key in bytes
+    NDIS_802_11_MAC_ADDRESS BSSID;
+    UCHAR           KeyMaterial[1];     // variable length depending on above field
+} NDIS_802_11_PASSPHRASE, *PNDIS_802_11_PASSPHRASE;
+#endif // CONFIG_STA_SUPPORT //
+
+typedef struct _NDIS_802_11_REMOVE_KEY
+{
+    UINT           Length;             // Length of this structure
+    UINT           KeyIndex;
+    NDIS_802_11_MAC_ADDRESS BSSID;
+} NDIS_802_11_REMOVE_KEY, *PNDIS_802_11_REMOVE_KEY;
+
+typedef struct _NDIS_802_11_WEP
+{
+   UINT     Length;        // Length of this structure
+   UINT     KeyIndex;           // 0 is the per-client key, 1-N are the
+                                        // global keys
+   UINT     KeyLength;     // length of key in bytes
+   UCHAR     KeyMaterial[1];// variable length depending on above field
+} NDIS_802_11_WEP, *PNDIS_802_11_WEP;
+
+
+typedef enum _NDIS_802_11_NETWORK_INFRASTRUCTURE
+{
+   Ndis802_11IBSS,
+   Ndis802_11Infrastructure,
+   Ndis802_11AutoUnknown,
+   Ndis802_11Monitor,
+   Ndis802_11InfrastructureMax     // Not a real value, defined as upper bound
+} NDIS_802_11_NETWORK_INFRASTRUCTURE, *PNDIS_802_11_NETWORK_INFRASTRUCTURE;
+
+// Add new authentication modes
+typedef enum _NDIS_802_11_AUTHENTICATION_MODE
+{
+   Ndis802_11AuthModeOpen,
+   Ndis802_11AuthModeShared,
+   Ndis802_11AuthModeAutoSwitch,
+    Ndis802_11AuthModeWPA,
+    Ndis802_11AuthModeWPAPSK,
+    Ndis802_11AuthModeWPANone,
+   Ndis802_11AuthModeWPA2,
+   Ndis802_11AuthModeWPA2PSK,
+       Ndis802_11AuthModeWPA1WPA2,
+       Ndis802_11AuthModeWPA1PSKWPA2PSK,
+   Ndis802_11AuthModeMax           // Not a real mode, defined as upper bound
+} NDIS_802_11_AUTHENTICATION_MODE, *PNDIS_802_11_AUTHENTICATION_MODE;
+
+typedef UCHAR   NDIS_802_11_RATES[NDIS_802_11_LENGTH_RATES];        // Set of 8 data rates
+typedef UCHAR   NDIS_802_11_RATES_EX[NDIS_802_11_LENGTH_RATES_EX];  // Set of 16 data rates
+
+typedef struct PACKED _NDIS_802_11_SSID
+{
+    UINT   SsidLength;         // length of SSID field below, in bytes;
+                                // this can be zero.
+    UCHAR   Ssid[NDIS_802_11_LENGTH_SSID];           // SSID information field
+} NDIS_802_11_SSID, *PNDIS_802_11_SSID;
+
+
+typedef struct PACKED _NDIS_WLAN_BSSID
+{
+   ULONG                               Length;     // Length of this structure
+   NDIS_802_11_MAC_ADDRESS             MacAddress; // BSSID
+   UCHAR                               Reserved[2];
+   NDIS_802_11_SSID                    Ssid;       // SSID
+   ULONG                               Privacy;    // WEP encryption requirement
+   NDIS_802_11_RSSI                    Rssi;       // receive signal strength in dBm
+   NDIS_802_11_NETWORK_TYPE            NetworkTypeInUse;
+   NDIS_802_11_CONFIGURATION           Configuration;
+   NDIS_802_11_NETWORK_INFRASTRUCTURE  InfrastructureMode;
+   NDIS_802_11_RATES                   SupportedRates;
+} NDIS_WLAN_BSSID, *PNDIS_WLAN_BSSID;
+
+typedef struct PACKED _NDIS_802_11_BSSID_LIST
+{
+   UINT           NumberOfItems;      // in list below, at least 1
+   NDIS_WLAN_BSSID Bssid[1];
+} NDIS_802_11_BSSID_LIST, *PNDIS_802_11_BSSID_LIST;
+
+// Added Capabilities, IELength and IEs for each BSSID
+typedef struct PACKED _NDIS_WLAN_BSSID_EX
+{
+    ULONG                               Length;             // Length of this structure
+    NDIS_802_11_MAC_ADDRESS             MacAddress;         // BSSID
+    UCHAR                               Reserved[2];
+    NDIS_802_11_SSID                    Ssid;               // SSID
+    UINT                                Privacy;            // WEP encryption requirement
+    NDIS_802_11_RSSI                    Rssi;               // receive signal
+                                                            // strength in dBm
+    NDIS_802_11_NETWORK_TYPE            NetworkTypeInUse;
+    NDIS_802_11_CONFIGURATION           Configuration;
+    NDIS_802_11_NETWORK_INFRASTRUCTURE  InfrastructureMode;
+    NDIS_802_11_RATES_EX                SupportedRates;
+    ULONG                               IELength;
+    UCHAR                               IEs[1];
+} NDIS_WLAN_BSSID_EX, *PNDIS_WLAN_BSSID_EX;
+
+typedef struct PACKED _NDIS_802_11_BSSID_LIST_EX
+{
+    UINT                   NumberOfItems;      // in list below, at least 1
+    NDIS_WLAN_BSSID_EX      Bssid[1];
+} NDIS_802_11_BSSID_LIST_EX, *PNDIS_802_11_BSSID_LIST_EX;
+
+typedef struct PACKED _NDIS_802_11_FIXED_IEs
+{
+    UCHAR Timestamp[8];
+    USHORT BeaconInterval;
+    USHORT Capabilities;
+} NDIS_802_11_FIXED_IEs, *PNDIS_802_11_FIXED_IEs;
+
+typedef struct _NDIS_802_11_VARIABLE_IEs
+{
+    UCHAR ElementID;
+    UCHAR Length;    // Number of bytes in data field
+    UCHAR data[1];
+} NDIS_802_11_VARIABLE_IEs, *PNDIS_802_11_VARIABLE_IEs;
+
+typedef  ULONG   NDIS_802_11_FRAGMENTATION_THRESHOLD;
+
+typedef  ULONG   NDIS_802_11_RTS_THRESHOLD;
+
+typedef  ULONG   NDIS_802_11_ANTENNA;
+
+typedef enum _NDIS_802_11_PRIVACY_FILTER
+{
+   Ndis802_11PrivFilterAcceptAll,
+   Ndis802_11PrivFilter8021xWEP
+} NDIS_802_11_PRIVACY_FILTER, *PNDIS_802_11_PRIVACY_FILTER;
+
+// Added new encryption types
+// Also aliased typedef to new name
+typedef enum _NDIS_802_11_WEP_STATUS
+{
+   Ndis802_11WEPEnabled,
+    Ndis802_11Encryption1Enabled = Ndis802_11WEPEnabled,
+   Ndis802_11WEPDisabled,
+    Ndis802_11EncryptionDisabled = Ndis802_11WEPDisabled,
+   Ndis802_11WEPKeyAbsent,
+    Ndis802_11Encryption1KeyAbsent = Ndis802_11WEPKeyAbsent,
+   Ndis802_11WEPNotSupported,
+    Ndis802_11EncryptionNotSupported = Ndis802_11WEPNotSupported,
+    Ndis802_11Encryption2Enabled,
+    Ndis802_11Encryption2KeyAbsent,
+    Ndis802_11Encryption3Enabled,
+    Ndis802_11Encryption3KeyAbsent,
+    Ndis802_11Encryption4Enabled,      // TKIP or AES mix
+    Ndis802_11Encryption4KeyAbsent,
+    Ndis802_11GroupWEP40Enabled,
+       Ndis802_11GroupWEP104Enabled,
+} NDIS_802_11_WEP_STATUS, *PNDIS_802_11_WEP_STATUS,
+  NDIS_802_11_ENCRYPTION_STATUS, *PNDIS_802_11_ENCRYPTION_STATUS;
+
+typedef enum _NDIS_802_11_RELOAD_DEFAULTS
+{
+   Ndis802_11ReloadWEPKeys
+} NDIS_802_11_RELOAD_DEFAULTS, *PNDIS_802_11_RELOAD_DEFAULTS;
+
+#define NDIS_802_11_AI_REQFI_CAPABILITIES      1
+#define NDIS_802_11_AI_REQFI_LISTENINTERVAL    2
+#define NDIS_802_11_AI_REQFI_CURRENTAPADDRESS  4
+
+#define NDIS_802_11_AI_RESFI_CAPABILITIES      1
+#define NDIS_802_11_AI_RESFI_STATUSCODE        2
+#define NDIS_802_11_AI_RESFI_ASSOCIATIONID     4
+
+typedef struct _NDIS_802_11_AI_REQFI
+{
+    USHORT Capabilities;
+    USHORT ListenInterval;
+    NDIS_802_11_MAC_ADDRESS  CurrentAPAddress;
+} NDIS_802_11_AI_REQFI, *PNDIS_802_11_AI_REQFI;
+
+typedef struct _NDIS_802_11_AI_RESFI
+{
+    USHORT Capabilities;
+    USHORT StatusCode;
+    USHORT AssociationId;
+} NDIS_802_11_AI_RESFI, *PNDIS_802_11_AI_RESFI;
+
+typedef struct _NDIS_802_11_ASSOCIATION_INFORMATION
+{
+    ULONG                   Length;
+    USHORT                  AvailableRequestFixedIEs;
+    NDIS_802_11_AI_REQFI    RequestFixedIEs;
+    ULONG                   RequestIELength;
+    ULONG                   OffsetRequestIEs;
+    USHORT                  AvailableResponseFixedIEs;
+    NDIS_802_11_AI_RESFI    ResponseFixedIEs;
+    ULONG                   ResponseIELength;
+    ULONG                   OffsetResponseIEs;
+} NDIS_802_11_ASSOCIATION_INFORMATION, *PNDIS_802_11_ASSOCIATION_INFORMATION;
+
+typedef struct _NDIS_802_11_AUTHENTICATION_EVENT
+{
+    NDIS_802_11_STATUS_INDICATION       Status;
+    NDIS_802_11_AUTHENTICATION_REQUEST  Request[1];
+} NDIS_802_11_AUTHENTICATION_EVENT, *PNDIS_802_11_AUTHENTICATION_EVENT;
+
+/*
+typedef struct _NDIS_802_11_TEST
+{
+    ULONG Length;
+    ULONG Type;
+    union
+    {
+        NDIS_802_11_AUTHENTICATION_EVENT AuthenticationEvent;
+        NDIS_802_11_RSSI RssiTrigger;
+    };
+} NDIS_802_11_TEST, *PNDIS_802_11_TEST;
+ */
+
+// 802.11 Media stream constraints, associated with OID_802_11_MEDIA_STREAM_MODE
+typedef enum _NDIS_802_11_MEDIA_STREAM_MODE
+{
+    Ndis802_11MediaStreamOff,
+    Ndis802_11MediaStreamOn,
+} NDIS_802_11_MEDIA_STREAM_MODE, *PNDIS_802_11_MEDIA_STREAM_MODE;
+
+// PMKID Structures
+typedef UCHAR   NDIS_802_11_PMKID_VALUE[16];
+
+#ifdef CONFIG_STA_SUPPORT
+typedef struct _BSSID_INFO
+{
+    NDIS_802_11_MAC_ADDRESS BSSID;
+    NDIS_802_11_PMKID_VALUE PMKID;
+} BSSID_INFO, *PBSSID_INFO;
+
+typedef struct _NDIS_802_11_PMKID
+{
+    UINT    Length;
+    UINT    BSSIDInfoCount;
+    BSSID_INFO BSSIDInfo[1];
+} NDIS_802_11_PMKID, *PNDIS_802_11_PMKID;
+#endif // CONFIG_STA_SUPPORT //
+
+
+typedef struct _NDIS_802_11_AUTHENTICATION_ENCRYPTION
+{
+    NDIS_802_11_AUTHENTICATION_MODE AuthModeSupported;
+    NDIS_802_11_ENCRYPTION_STATUS EncryptStatusSupported;
+} NDIS_802_11_AUTHENTICATION_ENCRYPTION, *PNDIS_802_11_AUTHENTICATION_ENCRYPTION;
+
+typedef struct _NDIS_802_11_CAPABILITY
+{
+     ULONG Length;
+     ULONG Version;
+     ULONG NoOfPMKIDs;
+     ULONG NoOfAuthEncryptPairsSupported;
+     NDIS_802_11_AUTHENTICATION_ENCRYPTION AuthenticationEncryptionSupported[1];
+} NDIS_802_11_CAPABILITY, *PNDIS_802_11_CAPABILITY;
+
+#ifdef LINUX
+#if WIRELESS_EXT <= 11
+#ifndef SIOCDEVPRIVATE
+#define SIOCDEVPRIVATE                              0x8BE0
+#endif
+#define SIOCIWFIRSTPRIV                                                                SIOCDEVPRIVATE
+#endif
+#endif // LINUX //
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define RT_PRIV_IOCTL                                                  (SIOCIWFIRSTPRIV + 0x01) // Sync. with AP for wsc upnp daemon
+#define RTPRIV_IOCTL_SET                                                       (SIOCIWFIRSTPRIV + 0x02)
+
+#ifdef DBG
+#define RTPRIV_IOCTL_BBP                            (SIOCIWFIRSTPRIV + 0x03)
+#define RTPRIV_IOCTL_MAC                            (SIOCIWFIRSTPRIV + 0x05)
+
+#ifdef RTMP_RF_RW_SUPPORT
+// TODO: shiang, Need to reassign the oid number. ArchTeam use (SIOCIWFIRSTPRIV + 0x19) for this oid
+#define RTPRIV_IOCTL_RF                             (SIOCIWFIRSTPRIV + 0x13)  // edit by johnli, fix read rf register problem
+#endif // RTMP_RF_RW_SUPPORT //
+
+#define RTPRIV_IOCTL_E2P                            (SIOCIWFIRSTPRIV + 0x07)
+#endif // DBG //
+
+#ifdef RALINK_ATE
+#ifdef RALINK_28xx_QA
+#define RTPRIV_IOCTL_ATE                                                       (SIOCIWFIRSTPRIV + 0x08)
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+#define RTPRIV_IOCTL_STATISTICS                     (SIOCIWFIRSTPRIV + 0x09)
+#define RTPRIV_IOCTL_ADD_PMKID_CACHE                (SIOCIWFIRSTPRIV + 0x0A)
+#define RTPRIV_IOCTL_RADIUS_DATA                    (SIOCIWFIRSTPRIV + 0x0C)
+#define RTPRIV_IOCTL_GSITESURVEY                                       (SIOCIWFIRSTPRIV + 0x0D)
+#define RT_PRIV_IOCTL_EXT                                                      (SIOCIWFIRSTPRIV + 0x0E) // Sync. with RT61 (for wpa_supplicant)
+#define RTPRIV_IOCTL_GET_MAC_TABLE                                     (SIOCIWFIRSTPRIV + 0x0F)
+
+#define RTPRIV_IOCTL_SHOW                                                      (SIOCIWFIRSTPRIV + 0x11)
+enum {
+       SHOW_CONN_STATUS = 4,
+       SHOW_DRVIER_VERION = 5,
+       SHOW_BA_INFO = 6,
+       SHOW_DESC_INFO = 7,
+       RAIO_OFF = 10,
+       RAIO_ON = 11,
+#ifdef QOS_DLS_SUPPORT
+       SHOW_DLS_ENTRY_INFO = 19,
+#endif // QOS_DLS_SUPPORT //
+       SHOW_CFG_VALUE = 20,
+       SHOW_ADHOC_ENTRY_INFO = 21,
+};
+
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+#ifdef SNMP_SUPPORT
+//SNMP ieee 802dot11, kathy , 2008_0220
+// dot11res(3)
+#define RT_OID_802_11_MANUFACTUREROUI                  0x0700
+#define RT_OID_802_11_MANUFACTURERNAME                 0x0701
+#define RT_OID_802_11_RESOURCETYPEIDNAME               0x0702
+
+// dot11smt(1)
+#define RT_OID_802_11_PRIVACYOPTIONIMPLEMENTED 0x0703
+#define RT_OID_802_11_POWERMANAGEMENTMODE              0x0704
+#define OID_802_11_WEPDEFAULTKEYVALUE                  0x0705 // read , write
+#define OID_802_11_WEPDEFAULTKEYID                             0x0706
+#define RT_OID_802_11_WEPKEYMAPPINGLENGTH              0x0707
+#define OID_802_11_SHORTRETRYLIMIT                             0x0708
+#define OID_802_11_LONGRETRYLIMIT                              0x0709
+#define RT_OID_802_11_PRODUCTID                                        0x0710
+#define RT_OID_802_11_MANUFACTUREID                            0x0711
+
+// //dot11Phy(4)
+#define OID_802_11_CURRENTCHANNEL                              0x0712
+
+//dot11mac
+#define RT_OID_802_11_MAC_ADDRESS                              0x0713
+#endif // SNMP_SUPPORT //
+
+#define OID_802_11_BUILD_CHANNEL_EX                            0x0714
+#define OID_802_11_GET_CH_LIST                                 0x0715
+#define OID_802_11_GET_COUNTRY_CODE                            0x0716
+#define OID_802_11_GET_CHANNEL_GEOGRAPHY               0x0717
+
+//#define RT_OID_802_11_STATISTICS              (OID_GET_SET_TOGGLE | OID_802_11_STATISTICS)
+
+#ifdef CONFIG_STA_SUPPORT
+#define RT_OID_WSC_SET_PASSPHRASE                   0x0740 // passphrase for wpa(2)-psk
+#define RT_OID_WSC_DRIVER_AUTO_CONNECT              0x0741
+#define RT_OID_WSC_QUERY_DEFAULT_PROFILE            0x0742
+#define RT_OID_WSC_SET_CONN_BY_PROFILE_INDEX        0x0743
+#define RT_OID_WSC_SET_ACTION                       0x0744
+#define RT_OID_WSC_SET_SSID                         0x0745
+#define RT_OID_WSC_SET_PIN_CODE                     0x0746
+#define RT_OID_WSC_SET_MODE                         0x0747 // PIN or PBC
+#define RT_OID_WSC_SET_CONF_MODE                    0x0748 // Enrollee or Registrar
+#define RT_OID_WSC_SET_PROFILE                      0x0749
+#endif // CONFIG_STA_SUPPORT //
+#define        RT_OID_WSC_CONFIG_STATUS                                        0x074F
+#define RT_OID_802_11_WSC_QUERY_PROFILE                                0x0750
+// for consistency with RT61
+#define RT_OID_WSC_QUERY_STATUS                                                0x0751
+#define RT_OID_WSC_PIN_CODE                                                    0x0752
+#define RT_OID_WSC_UUID                                                                0x0753
+#define RT_OID_WSC_SET_SELECTED_REGISTRAR                      0x0754
+#define RT_OID_WSC_EAPMSG                                                      0x0755
+#define RT_OID_WSC_MANUFACTURER                                                0x0756
+#define RT_OID_WSC_MODEL_NAME                                          0x0757
+#define RT_OID_WSC_MODEL_NO                                                    0x0758
+#define RT_OID_WSC_SERIAL_NO                                           0x0759
+#define RT_OID_WSC_MAC_ADDRESS                                         0x0760
+
+#ifdef LLTD_SUPPORT
+// for consistency with RT61
+#define RT_OID_GET_PHY_MODE                         0x761
+#endif // LLTD_SUPPORT //
+
+#ifdef NINTENDO_AP
+//#define RT_OID_NINTENDO                             0x0D010770
+#define RT_OID_802_11_NINTENDO_GET_TABLE                       0x0771 //((RT_OID_NINTENDO + 0x01) & 0xffff)
+#define RT_OID_802_11_NINTENDO_SET_TABLE                       0x0772 //((RT_OID_NINTENDO + 0x02) & 0xffff)
+#define RT_OID_802_11_NINTENDO_CAPABLE                         0x0773 //((RT_OID_NINTENDO + 0x03) & 0xffff)
+#endif // NINTENDO_AP //
+
+
+// New for MeetingHouse Api support
+#define OID_MH_802_1X_SUPPORTED               0xFFEDC100
+
+// MIMO Tx parameter, ShortGI, MCS, STBC, etc.  these are fields in TXWI. Don't change this definition!!!
+typedef union  _HTTRANSMIT_SETTING {
+#ifdef RT_BIG_ENDIAN
+       struct  {
+       USHORT          MODE:2; // Use definition MODE_xxx.
+//     USHORT          rsv:3;
+       USHORT          TxBF:1;
+       USHORT          rsv:2;
+       USHORT          STBC:2; //SPACE
+       USHORT          ShortGI:1;
+       USHORT          BW:1;   //channel bandwidth 20MHz or 40 MHz
+       USHORT          MCS:7;                 // MCS
+       }       field;
+#else
+       struct  {
+       USHORT          MCS:7;                 // MCS
+       USHORT          BW:1;   //channel bandwidth 20MHz or 40 MHz
+       USHORT          ShortGI:1;
+       USHORT          STBC:2; //SPACE
+//     USHORT          rsv:3;
+       USHORT          rsv:2;
+       USHORT          TxBF:1;
+       USHORT          MODE:2; // Use definition MODE_xxx.
+       }       field;
+#endif
+       USHORT          word;
+ } HTTRANSMIT_SETTING, *PHTTRANSMIT_SETTING;
+
+typedef enum _RT_802_11_PREAMBLE {
+    Rt802_11PreambleLong,
+    Rt802_11PreambleShort,
+    Rt802_11PreambleAuto
+} RT_802_11_PREAMBLE, *PRT_802_11_PREAMBLE;
+
+typedef enum _RT_802_11_PHY_MODE {
+       PHY_11BG_MIXED = 0,
+       PHY_11B,
+       PHY_11A,
+       PHY_11ABG_MIXED,
+       PHY_11G,
+#ifdef DOT11_N_SUPPORT
+       PHY_11ABGN_MIXED,       // both band   5
+       PHY_11N_2_4G,           // 11n-only with 2.4G band      6
+       PHY_11GN_MIXED, // 2.4G band      7
+       PHY_11AN_MIXED, // 5G  band       8
+       PHY_11BGN_MIXED,        // if check 802.11b.      9
+       PHY_11AGN_MIXED,        // if check 802.11b.      10
+       PHY_11N_5G,                     // 11n-only with 5G band                11
+#endif // DOT11_N_SUPPORT //
+} RT_802_11_PHY_MODE;
+
+
+// put all proprietery for-query objects here to reduce # of Query_OID
+typedef struct _RT_802_11_LINK_STATUS {
+    ULONG   CurrTxRate;         // in units of 0.5Mbps
+    ULONG   ChannelQuality;     // 0..100 %
+    ULONG   TxByteCount;        // both ok and fail
+    ULONG   RxByteCount;        // both ok and fail
+    ULONG      CentralChannel;         // 40MHz central channel number
+} RT_802_11_LINK_STATUS, *PRT_802_11_LINK_STATUS;
+
+typedef struct _RT_802_11_EVENT_LOG {
+    LARGE_INTEGER   SystemTime;  // timestammp via NdisGetCurrentSystemTime()
+    UCHAR           Addr[MAC_ADDR_LENGTH];
+    USHORT          Event;       // EVENT_xxx
+} RT_802_11_EVENT_LOG, *PRT_802_11_EVENT_LOG;
+
+typedef struct _RT_802_11_EVENT_TABLE {
+    ULONG       Num;
+    ULONG       Rsv;     // to align Log[] at LARGE_INEGER boundary
+    RT_802_11_EVENT_LOG   Log[MAX_NUMBER_OF_EVENT];
+} RT_802_11_EVENT_TABLE, PRT_802_11_EVENT_TABLE;
+
+// MIMO Tx parameter, ShortGI, MCS, STBC, etc.  these are fields in TXWI. Don't change this definition!!!
+typedef union  _MACHTTRANSMIT_SETTING {
+       struct  {
+       USHORT          MCS:7;                 // MCS
+       USHORT          BW:1;   //channel bandwidth 20MHz or 40 MHz
+       USHORT          ShortGI:1;
+       USHORT          STBC:2; //SPACE
+       USHORT          rsv:3;
+       USHORT          MODE:2; // Use definition MODE_xxx.
+       }       field;
+       USHORT          word;
+ } MACHTTRANSMIT_SETTING, *PMACHTTRANSMIT_SETTING;
+
+typedef struct _RT_802_11_MAC_ENTRY {
+    UCHAR       Addr[MAC_ADDR_LENGTH];
+    UCHAR       Aid;
+    UCHAR       Psm;     // 0:PWR_ACTIVE, 1:PWR_SAVE
+    UCHAR              MimoPs;  // 0:MMPS_STATIC, 1:MMPS_DYNAMIC, 3:MMPS_Enabled
+    CHAR               AvgRssi0;
+       CHAR            AvgRssi1;
+       CHAR            AvgRssi2;
+       UINT32          ConnectedTime;
+    MACHTTRANSMIT_SETTING      TxRate;
+} RT_802_11_MAC_ENTRY, *PRT_802_11_MAC_ENTRY;
+
+typedef struct _RT_802_11_MAC_TABLE {
+    ULONG       Num;
+    RT_802_11_MAC_ENTRY Entry[MAX_NUMBER_OF_MAC];
+} RT_802_11_MAC_TABLE, *PRT_802_11_MAC_TABLE;
+
+// structure for query/set hardware register - MAC, BBP, RF register
+typedef struct _RT_802_11_HARDWARE_REGISTER {
+    ULONG   HardwareType;       // 0:MAC, 1:BBP, 2:RF register, 3:EEPROM
+    ULONG   Offset;             // Q/S register offset addr
+    ULONG   Data;               // R/W data buffer
+} RT_802_11_HARDWARE_REGISTER, *PRT_802_11_HARDWARE_REGISTER;
+
+typedef struct _RT_802_11_AP_CONFIG {
+    ULONG   EnableTxBurst;      // 0-disable, 1-enable
+    ULONG   EnableTurboRate;    // 0-disable, 1-enable 72/100mbps turbo rate
+    ULONG   IsolateInterStaTraffic;     // 0-disable, 1-enable isolation
+    ULONG   HideSsid;           // 0-disable, 1-enable hiding
+    ULONG   UseBGProtection;    // 0-AUTO, 1-always ON, 2-always OFF
+    ULONG   UseShortSlotTime;   // 0-no use, 1-use 9-us short slot time
+    ULONG   Rsv1;               // must be 0
+    ULONG   SystemErrorBitmap;  // ignore upon SET, return system error upon QUERY
+} RT_802_11_AP_CONFIG, *PRT_802_11_AP_CONFIG;
+
+// structure to query/set STA_CONFIG
+typedef struct _RT_802_11_STA_CONFIG {
+    ULONG   EnableTxBurst;      // 0-disable, 1-enable
+    ULONG   EnableTurboRate;    // 0-disable, 1-enable 72/100mbps turbo rate
+    ULONG   UseBGProtection;    // 0-AUTO, 1-always ON, 2-always OFF
+    ULONG   UseShortSlotTime;   // 0-no use, 1-use 9-us short slot time when applicable
+    ULONG   AdhocMode;                 // 0-11b rates only (WIFI spec), 1 - b/g mixed, 2 - g only
+    ULONG   HwRadioStatus;      // 0-OFF, 1-ON, default is 1, Read-Only
+    ULONG   Rsv1;               // must be 0
+    ULONG   SystemErrorBitmap;  // ignore upon SET, return system error upon QUERY
+} RT_802_11_STA_CONFIG, *PRT_802_11_STA_CONFIG;
+
+//
+//  For OID Query or Set about BA structure
+//
+typedef        struct  _OID_BACAP_STRUC        {
+               UCHAR           RxBAWinLimit;
+               UCHAR           TxBAWinLimit;
+               UCHAR           Policy; // 0: DELAY_BA 1:IMMED_BA  (//BA Policy subfiled value in ADDBA frame)   2:BA-not use. other value invalid
+               UCHAR           MpduDensity;    // 0: DELAY_BA 1:IMMED_BA  (//BA Policy subfiled value in ADDBA frame)   2:BA-not use. other value invalid
+               UCHAR           AmsduEnable;    //Enable AMSDU transmisstion
+               UCHAR           AmsduSize;      // 0:3839, 1:7935 bytes. UINT  MSDUSizeToBytes[]        = { 3839, 7935};
+               UCHAR           MMPSmode;       // MIMO power save more, 0:static, 1:dynamic, 2:rsv, 3:mimo enable
+               BOOLEAN         AutoBA; // Auto BA will automatically
+} OID_BACAP_STRUC, *POID_BACAP_STRUC;
+
+typedef struct _RT_802_11_ACL_ENTRY {
+    UCHAR   Addr[MAC_ADDR_LENGTH];
+    USHORT  Rsv;
+} RT_802_11_ACL_ENTRY, *PRT_802_11_ACL_ENTRY;
+
+typedef struct PACKED _RT_802_11_ACL {
+    ULONG   Policy;             // 0-disable, 1-positive list, 2-negative list
+    ULONG   Num;
+    RT_802_11_ACL_ENTRY Entry[MAX_NUMBER_OF_ACL];
+} RT_802_11_ACL, *PRT_802_11_ACL;
+
+typedef struct _RT_802_11_WDS {
+    ULONG                                              Num;
+    NDIS_802_11_MAC_ADDRESS            Entry[24/*MAX_NUM_OF_WDS_LINK*/];
+       ULONG                                           KeyLength;
+       UCHAR                                           KeyMaterial[32];
+} RT_802_11_WDS, *PRT_802_11_WDS;
+
+typedef struct _RT_802_11_TX_RATES_ {
+    UCHAR       SupRateLen;
+    UCHAR       SupRate[MAX_LENGTH_OF_SUPPORT_RATES];
+    UCHAR       ExtRateLen;
+    UCHAR       ExtRate[MAX_LENGTH_OF_SUPPORT_RATES];
+} RT_802_11_TX_RATES, *PRT_802_11_TX_RATES;
+
+
+// Definition of extra information code
+#define        GENERAL_LINK_UP                 0x0                     // Link is Up
+#define        GENERAL_LINK_DOWN               0x1                     // Link is Down
+#define        HW_RADIO_OFF                    0x2                     // Hardware radio off
+#define        SW_RADIO_OFF                    0x3                     // Software radio off
+#define        AUTH_FAIL                               0x4                     // Open authentication fail
+#define        AUTH_FAIL_KEYS                  0x5                     // Shared authentication fail
+#define        ASSOC_FAIL                              0x6                     // Association failed
+#define        EAP_MIC_FAILURE                 0x7                     // Deauthencation because MIC failure
+#define        EAP_4WAY_TIMEOUT                0x8                     // Deauthencation on 4-way handshake timeout
+#define        EAP_GROUP_KEY_TIMEOUT   0x9                     // Deauthencation on group key handshake timeout
+#define        EAP_SUCCESS                             0xa                     // EAP succeed
+#define        DETECT_RADAR_SIGNAL             0xb         // Radar signal occur in current channel
+#define EXTRA_INFO_MAX                 0xb                     // Indicate Last OID
+
+#define EXTRA_INFO_CLEAR               0xffffffff
+
+// This is OID setting structure. So only GF or MM as Mode. This is valid when our wirelss mode has 802.11n in use.
+typedef struct {
+       RT_802_11_PHY_MODE              PhyMode;        //
+       UCHAR           TransmitNo;
+       UCHAR           HtMode;         //HTMODE_GF or HTMODE_MM
+       UCHAR           ExtOffset;      //extension channel above or below
+       UCHAR           MCS;
+       UCHAR           BW;
+       UCHAR           STBC;
+       UCHAR           SHORTGI;
+       UCHAR           rsv;
+} OID_SET_HT_PHYMODE, *POID_SET_HT_PHYMODE;
+
+#ifdef NINTENDO_AP
+#define NINTENDO_MAX_ENTRY 16
+#define NINTENDO_SSID_NAME_LN 8
+#define NINTENDO_SSID_NAME "NWCUSBAP"
+#define NINTENDO_PROBE_REQ_FLAG_MASK 0x03
+#define NINTENDO_PROBE_REQ_ON 0x01
+#define NINTENDO_PROBE_REQ_SIGNAL 0x02
+#define NINTENDO_PROBE_RSP_ON 0x01
+#define NINTENDO_SSID_NICKNAME_LN 20
+
+#define NINTENDO_WEPKEY_LN 13
+
+typedef struct _NINTENDO_SSID
+{
+       UCHAR   NINTENDOFixChar[NINTENDO_SSID_NAME_LN];
+       UCHAR   zero1;
+       UCHAR   registe;
+       UCHAR   ID;
+       UCHAR   zero2;
+       UCHAR   NICKname[NINTENDO_SSID_NICKNAME_LN];
+} RT_NINTENDO_SSID, *PRT_NINTENDO_SSID;
+
+typedef struct _NINTENDO_ENTRY
+{
+       UCHAR   NICKname[NINTENDO_SSID_NICKNAME_LN];
+    UCHAR   DS_Addr[ETH_LENGTH_OF_ADDRESS];
+       UCHAR   registe;
+       UCHAR   UserSpaceAck;
+} RT_NINTENDO_ENTRY, *PRT_NINTENDO_ENTRY;
+
+//RTPRIV_IOCTL_NINTENDO_GET_TABLE
+//RTPRIV_IOCTL_NINTENDO_SET_TABLE
+typedef struct _NINTENDO_TABLE
+{
+       UINT                            number;
+       RT_NINTENDO_ENTRY       entry[NINTENDO_MAX_ENTRY];
+} RT_NINTENDO_TABLE, *PRT_NINTENDO_TABLE;
+
+//RTPRIV_IOCTL_NINTENDO_SEED_WEPKEY
+typedef struct _NINTENDO_SEED_WEPKEY
+{
+       UCHAR   seed[NINTENDO_SSID_NICKNAME_LN];
+       UCHAR   wepkey[16];//use 13 for 104 bits wep key
+} RT_NINTENDO_SEED_WEPKEY, *PRT_NINTENDO_SEED_WEPKEY;
+#endif // NINTENDO_AP //
+
+#ifdef LLTD_SUPPORT
+typedef struct _RT_LLTD_ASSOICATION_ENTRY {
+    UCHAR           Addr[ETH_LENGTH_OF_ADDRESS];
+    unsigned short  MOR;        // maximum operational rate
+    UCHAR           phyMode;
+} RT_LLTD_ASSOICATION_ENTRY, *PRT_LLTD_ASSOICATION_ENTRY;
+
+typedef struct _RT_LLTD_ASSOICATION_TABLE {
+    unsigned int                Num;
+    RT_LLTD_ASSOICATION_ENTRY   Entry[MAX_NUMBER_OF_MAC];
+} RT_LLTD_ASSOICATION_TABLE, *PRT_LLTD_ASSOICATION_TABLE;
+#endif // LLTD_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+//rt2860, kathy 2007-0118
+// structure for DLS
+typedef struct _RT_802_11_DLS_UI {
+       USHORT                                          TimeOut;                // unit: second , set by UI
+       USHORT                                          CountDownTimer; // unit: second , used by driver only
+       NDIS_802_11_MAC_ADDRESS         MacAddr;                // set by UI
+       UCHAR                                           Status;                 // 0: none , 1: wait STAkey, 2: finish DLS setup , set by driver only
+       BOOLEAN                                         Valid;                  // 1: valid , 0: invalid , set by UI, use to setup or tear down DLS link
+} RT_802_11_DLS_UI, *PRT_802_11_DLS_UI;
+
+typedef struct _RT_802_11_DLS_INFO {
+       RT_802_11_DLS_UI        Entry[MAX_NUMBER_OF_DLS_ENTRY];
+       UCHAR                           num;
+} RT_802_11_DLS_INFO, *PRT_802_11_DLS_INFO;
+
+typedef enum _RT_802_11_DLS_MODE {
+    DLS_NONE,
+    DLS_WAIT_KEY,
+    DLS_FINISH
+} RT_802_11_DLS_MODE;
+#endif // QOS_DLS_SUPPORT //
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+#define        RT_ASSOC_EVENT_FLAG                         0x0101
+#define        RT_DISASSOC_EVENT_FLAG                      0x0102
+#define        RT_REQIE_EVENT_FLAG                         0x0103
+#define        RT_RESPIE_EVENT_FLAG                        0x0104
+#define        RT_ASSOCINFO_EVENT_FLAG                     0x0105
+#define RT_PMKIDCAND_FLAG                           0x0106
+#define RT_INTERFACE_DOWN                           0x0107
+#define RT_INTERFACE_UP                             0x0108
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+
+#define MAX_CUSTOM_LEN 128
+
+#ifdef CONFIG_STA_SUPPORT
+typedef enum _RT_802_11_D_CLIENT_MODE
+{
+   Rt802_11_D_None,
+   Rt802_11_D_Flexible,
+   Rt802_11_D_Strict,
+} RT_802_11_D_CLIENT_MODE, *PRT_802_11_D_CLIENT_MODE;
+#endif // CONFIG_STA_SUPPORT //
+
+typedef struct _RT_CHANNEL_LIST_INFO
+{
+       UCHAR ChannelList[MAX_NUM_OF_CHS];   // list all supported channels for site survey
+       UCHAR ChannelListNum; // number of channel in ChannelList[]
+} RT_CHANNEL_LIST_INFO, *PRT_CHANNEL_LIST_INFO;
+
+// WSC configured credential
+typedef        struct  _WSC_CREDENTIAL
+{
+       NDIS_802_11_SSID        SSID;                           // mandatory
+       USHORT                          AuthType;                       // mandatory, 1: open, 2: wpa-psk, 4: shared, 8:wpa, 0x10: wpa2, 0x20: wpa2-psk
+       USHORT                          EncrType;                       // mandatory, 1: none, 2: wep, 4: tkip, 8: aes
+       UCHAR                           Key[64];                        // mandatory, Maximum 64 byte
+       USHORT                          KeyLength;
+       UCHAR                           MacAddr[6];                     // mandatory, AP MAC address
+       UCHAR                           KeyIndex;                       // optional, default is 1
+       UCHAR                           Rsvd[3];                        // Make alignment
+}      WSC_CREDENTIAL, *PWSC_CREDENTIAL;
+
+// WSC configured profiles
+typedef        struct  _WSC_PROFILE
+{
+       UINT                    ProfileCnt;
+       UINT                    ApplyProfileIdx;  // add by johnli, fix WPS test plan 5.1.1
+       WSC_CREDENTIAL  Profile[8];                             // Support up to 8 profiles
+}      WSC_PROFILE, *PWSC_PROFILE;
+
+
+
+#endif // _OID_H_
diff --git a/drivers/staging/rt3090/pci_main_dev.c b/drivers/staging/rt3090/pci_main_dev.c
new file mode 100644 (file)
index 0000000..30753d5
--- /dev/null
@@ -0,0 +1,1194 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       pci_main_dev.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Name            Date                    Modification logs
+*/
+
+
+#include "rt_config.h"
+#include <linux/pci.h>
+
+// Following information will be show when you run 'modinfo'
+// *** If you have a solution for the bug in current version of driver, please mail to me.
+// Otherwise post to forum in ralinktech's web site(www.ralinktech.com) and let all users help you. ***
+MODULE_AUTHOR("Jett Chen <jett_chen@ralinktech.com>");
+MODULE_DESCRIPTION("RT3090 Wireless Lan Linux Driver");
+MODULE_LICENSE("GPL");
+
+//
+// Function declarations
+//
+extern int rt28xx_close(IN struct net_device *net_dev);
+extern int rt28xx_open(struct net_device *net_dev);
+
+static VOID __devexit rt2860_remove_one(struct pci_dev *pci_dev);
+static INT __devinit rt2860_probe(struct pci_dev *pci_dev, const struct pci_device_id  *ent);
+static void __exit rt2860_cleanup_module(void);
+static int __init rt2860_init_module(void);
+
+
+ static VOID RTMPInitPCIeDevice(
+    IN  struct pci_dev   *pci_dev,
+    IN PRTMP_ADAPTER     pAd);
+
+
+#ifdef CONFIG_PM
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,10)
+#define pm_message_t u32
+#endif
+
+static int rt2860_suspend(struct pci_dev *pci_dev, pm_message_t state);
+static int rt2860_resume(struct pci_dev *pci_dev);
+#endif
+#endif // CONFIG_PM //
+
+//
+// Ralink PCI device table, include all supported chipsets
+//
+static struct pci_device_id rt2860_pci_tbl[] __devinitdata =
+{
+#ifdef RT3090
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3090_PCIe_DEVICE_ID)},
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3091_PCIe_DEVICE_ID)},
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3092_PCIe_DEVICE_ID)},
+#endif // RT3090 //
+#ifdef RT3390
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3390_PCIe_DEVICE_ID)},
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3391_PCIe_DEVICE_ID)},
+       {PCI_DEVICE(NIC_PCI_VENDOR_ID, NIC3392_PCIe_DEVICE_ID)},
+#endif // RT3390 //
+    {0,}               // terminate list
+};
+
+MODULE_DEVICE_TABLE(pci, rt2860_pci_tbl);
+#ifdef CONFIG_STA_SUPPORT
+#ifdef MODULE_VERSION
+MODULE_VERSION(STA_DRIVER_VERSION);
+#endif
+#endif // CONFIG_STA_SUPPORT //
+
+
+//
+// Our PCI driver structure
+//
+static struct pci_driver rt2860_driver =
+{
+    name:       "rt2860",
+    id_table:   rt2860_pci_tbl,
+    probe:      rt2860_probe,
+#if LINUX_VERSION_CODE >= 0x20412
+    remove:     __devexit_p(rt2860_remove_one),
+#else
+    remove:     __devexit(rt2860_remove_one),
+#endif
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#ifdef CONFIG_PM
+       suspend:        rt2860_suspend,
+       resume:         rt2860_resume,
+#endif
+#endif
+};
+
+
+/***************************************************************************
+ *
+ *     PCI device initialization related procedures.
+ *
+ ***************************************************************************/
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#ifdef CONFIG_PM
+
+VOID RT2860RejectPendingPackets(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       // clear PS packets
+       // clear TxSw packets
+}
+
+static int rt2860_suspend(
+       struct pci_dev *pci_dev,
+       pm_message_t state)
+{
+       struct net_device *net_dev = pci_get_drvdata(pci_dev);
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)NULL;
+       INT32 retval = 0;
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> rt2860_suspend()\n"));
+
+       if (net_dev == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("net_dev == NULL!\n"));
+       }
+       else
+       {
+               pAd = (PRTMP_ADAPTER)RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+               /* we can not use IFF_UP because ra0 down but ra1 up */
+               /* and 1 suspend/resume function for 1 module, not for each interface */
+               /* so Linux will call suspend/resume function once */
+               if (VIRTUAL_IF_NUM(pAd) > 0)
+               {
+                       // avoid users do suspend after interface is down
+
+                       // stop interface
+                       netif_carrier_off(net_dev);
+                       netif_stop_queue(net_dev);
+
+                       // mark device as removed from system and therefore no longer available
+                       netif_device_detach(net_dev);
+
+                       // mark halt flag
+                       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS);
+                       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+
+                       // take down the device
+                       rt28xx_close((PNET_DEV)net_dev);
+
+                       RT_MOD_DEC_USE_COUNT();
+               }
+       }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+       // reference to http://vovo2000.com/type-lab/linux/kernel-api/linux-kernel-api.html
+       // enable device to generate PME# when suspended
+       // pci_choose_state(): Choose the power state of a PCI device to be suspended
+       retval = pci_enable_wake(pci_dev, pci_choose_state(pci_dev, state), 1);
+       // save the PCI configuration space of a device before suspending
+       pci_save_state(pci_dev);
+       // disable PCI device after use
+       pci_disable_device(pci_dev);
+
+       retval = pci_set_power_state(pci_dev, pci_choose_state(pci_dev, state));
+#endif
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== rt2860_suspend()\n"));
+       return retval;
+}
+
+static int rt2860_resume(
+       struct pci_dev *pci_dev)
+{
+       struct net_device *net_dev = pci_get_drvdata(pci_dev);
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)NULL;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,10)
+       INT32 retval;
+
+
+       // set the power state of a PCI device
+       // PCI has 4 power states, DO (normal) ~ D3(less power)
+       // in include/linux/pci.h, you can find that
+       // #define PCI_D0          ((pci_power_t __force) 0)
+       // #define PCI_D1          ((pci_power_t __force) 1)
+       // #define PCI_D2          ((pci_power_t __force) 2)
+       // #define PCI_D3hot       ((pci_power_t __force) 3)
+       // #define PCI_D3cold      ((pci_power_t __force) 4)
+       // #define PCI_UNKNOWN     ((pci_power_t __force) 5)
+       // #define PCI_POWER_ERROR ((pci_power_t __force) -1)
+       retval = pci_set_power_state(pci_dev, PCI_D0);
+
+       // restore the saved state of a PCI device
+       pci_restore_state(pci_dev);
+
+       // initialize device before it's used by a driver
+       if (pci_enable_device(pci_dev))
+       {
+               printk("pci enable fail!\n");
+               return 0;
+       }
+#endif
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> rt2860_resume()\n"));
+
+       if (net_dev == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("net_dev == NULL!\n"));
+       }
+       else
+               pAd = (PRTMP_ADAPTER)RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+       if (pAd != NULL)
+       {
+               /* we can not use IFF_UP because ra0 down but ra1 up */
+               /* and 1 suspend/resume function for 1 module, not for each interface */
+               /* so Linux will call suspend/resume function once */
+               if (VIRTUAL_IF_NUM(pAd) > 0)
+               {
+                       // mark device as attached from system and restart if needed
+                       netif_device_attach(net_dev);
+
+                       if (rt28xx_open((PNET_DEV)net_dev) != 0)
+                       {
+                               // open fail
+                               DBGPRINT(RT_DEBUG_TRACE, ("<=== rt2860_resume()\n"));
+                               return 0;
+                       }
+
+                       // increase MODULE use count
+                       RT_MOD_INC_USE_COUNT();
+
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS);
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF);
+
+                       netif_start_queue(net_dev);
+                       netif_carrier_on(net_dev);
+                       netif_wake_queue(net_dev);
+               }
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== rt2860_resume()\n"));
+       return 0;
+}
+#endif // CONFIG_PM //
+#endif
+
+
+static INT __init rt2860_init_module(VOID)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       return pci_register_driver(&rt2860_driver);
+#else
+    return pci_module_init(&rt2860_driver);
+#endif
+}
+
+
+//
+// Driver module unload function
+//
+static VOID __exit rt2860_cleanup_module(VOID)
+{
+    pci_unregister_driver(&rt2860_driver);
+}
+
+module_init(rt2860_init_module);
+module_exit(rt2860_cleanup_module);
+
+
+//
+// PCI device probe & initialization function
+//
+static INT __devinit   rt2860_probe(
+    IN  struct pci_dev              *pci_dev,
+    IN  const struct pci_device_id  *pci_id)
+{
+       PRTMP_ADAPTER           pAd = (PRTMP_ADAPTER)NULL;
+       struct  net_device              *net_dev;
+       PVOID                           handle;
+       PSTRING                         print_name;
+       ULONG                           csr_addr;
+       INT rv = 0;
+       RTMP_OS_NETDEV_OP_HOOK  netDevHook;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> rt2860_probe\n"));
+
+//PCIDevInit==============================================
+       // wake up and enable device
+       if ((rv = pci_enable_device(pci_dev))!= 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Enable PCI device failed, errno=%d!\n", rv));
+               return rv;
+       }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       print_name = pci_dev ? pci_name(pci_dev) : "rt2860";
+#else
+       print_name = pci_dev ? pci_dev->slot_name : "rt2860";
+#endif // LINUX_VERSION_CODE //
+
+       if ((rv = pci_request_regions(pci_dev, print_name)) != 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("Request PCI resource failed, errno=%d!\n", rv));
+               goto err_out;
+       }
+
+       // map physical address to virtual address for accessing register
+       csr_addr = (unsigned long) ioremap(pci_resource_start(pci_dev, 0), pci_resource_len(pci_dev, 0));
+       if (!csr_addr)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("ioremap failed for device %s, region 0x%lX @ 0x%lX\n",
+                                       print_name, (ULONG)pci_resource_len(pci_dev, 0), (ULONG)pci_resource_start(pci_dev, 0)));
+               goto err_out_free_res;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("%s: at 0x%lx, VA 0x%lx, IRQ %d. \n",  print_name,
+                                       (ULONG)pci_resource_start(pci_dev, 0), (ULONG)csr_addr, pci_dev->irq));
+       }
+
+       // Set DMA master
+       pci_set_master(pci_dev);
+
+
+//RtmpDevInit==============================================
+       // Allocate RTMP_ADAPTER adapter structure
+       handle = kmalloc(sizeof(struct os_cookie), GFP_KERNEL);
+       if (handle == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s(): Allocate memory for os handle failed!\n", __FUNCTION__));
+               goto err_out_iounmap;
+       }
+
+       ((POS_COOKIE)handle)->pci_dev = pci_dev;
+
+       rv = RTMPAllocAdapterBlock(handle, &pAd);       //shiang: we may need the pci_dev for allocate structure of "RTMP_ADAPTER"
+       if (rv != NDIS_STATUS_SUCCESS)
+               goto err_out_iounmap;
+       // Here are the RTMP_ADAPTER structure with pci-bus specific parameters.
+       pAd->CSRBaseAddress = (PUCHAR)csr_addr;
+       DBGPRINT(RT_DEBUG_ERROR, ("pAd->CSRBaseAddress =0x%lx, csr_addr=0x%lx!\n", (ULONG)pAd->CSRBaseAddress, csr_addr));
+       RtmpRaDevCtrlInit(pAd, RTMP_DEV_INF_PCI);
+
+
+//NetDevInit==============================================
+       net_dev = RtmpPhyNetDevInit(pAd, &netDevHook);
+       if (net_dev == NULL)
+               goto err_out_free_radev;
+
+       // Here are the net_device structure with pci-bus specific parameters.
+       net_dev->irq = pci_dev->irq;            // Interrupt IRQ number
+       net_dev->base_addr = csr_addr;          // Save CSR virtual address and irq to device structure
+       pci_set_drvdata(pci_dev, net_dev);      // Set driver data
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+/* for supporting Network Manager */
+       /* Set the sysfs physical device reference for the network logical device
+         * if set prior to registration will cause a symlink during initialization.
+        */
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0))
+       SET_NETDEV_DEV(net_dev, &(pci_dev->dev));
+#endif
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+
+//All done, it's time to register the net device to linux kernel.
+       // Register this device
+       rv = RtmpOSNetDevAttach(net_dev, &netDevHook);
+       if (rv)
+               goto err_out_free_netdev;
+
+#ifdef CONFIG_STA_SUPPORT
+       pAd->StaCfg.OriDevType = net_dev->type;
+#endif // CONFIG_STA_SUPPORT //
+RTMPInitPCIeDevice(pci_dev, pAd);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== rt2860_probe\n"));
+
+       return 0; // probe ok
+
+
+       /* --------------------------- ERROR HANDLE --------------------------- */
+err_out_free_netdev:
+       RtmpOSNetDevFree(net_dev);
+
+err_out_free_radev:
+       /* free RTMP_ADAPTER strcuture and os_cookie*/
+       RTMPFreeAdapter(pAd);
+
+err_out_iounmap:
+       iounmap((void *)(csr_addr));
+       release_mem_region(pci_resource_start(pci_dev, 0), pci_resource_len(pci_dev, 0));
+
+err_out_free_res:
+       pci_release_regions(pci_dev);
+
+err_out:
+       pci_disable_device(pci_dev);
+
+       DBGPRINT(RT_DEBUG_ERROR, ("<=== rt2860_probe failed with rv = %d!\n", rv));
+
+       return -ENODEV; /* probe fail */
+}
+
+
+static VOID __devexit rt2860_remove_one(
+    IN  struct pci_dev  *pci_dev)
+{
+       PNET_DEV        net_dev = pci_get_drvdata(pci_dev);
+       RTMP_ADAPTER    *pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       ULONG                   csr_addr = net_dev->base_addr; // pAd->CSRBaseAddress;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("===> rt2860_remove_one\n"));
+
+       if (pAd != NULL)
+       {
+               // Unregister/Free all allocated net_device.
+               RtmpPhyNetDevExit(pAd, net_dev);
+
+               // Unmap CSR base address
+               iounmap((char *)(csr_addr));
+
+               // release memory region
+               release_mem_region(pci_resource_start(pci_dev, 0), pci_resource_len(pci_dev, 0));
+
+               // Free RTMP_ADAPTER related structures.
+               RtmpRaDevCtrlExit(pAd);
+
+       }
+       else
+       {
+               // Unregister network device
+               RtmpOSNetDevDetach(net_dev);
+
+               // Unmap CSR base address
+               iounmap((char *)(net_dev->base_addr));
+
+               // release memory region
+               release_mem_region(pci_resource_start(pci_dev, 0), pci_resource_len(pci_dev, 0));
+       }
+
+       // Free the root net_device
+       RtmpOSNetDevFree(net_dev);
+
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Check the chipset vendor/product ID.
+
+Arguments:
+    _dev_p                             Point to the PCI or USB device
+
+Return Value:
+    TRUE                               Check ok
+       FALSE                           Check fail
+
+Note:
+========================================================================
+*/
+BOOLEAN RT28XXChipsetCheck(
+       IN void *_dev_p)
+{
+       /* always TRUE */
+       return TRUE;
+}
+
+
+
+/***************************************************************************
+ *
+ *     PCIe device initialization related procedures.
+ *
+ ***************************************************************************/
+ static VOID RTMPInitPCIeDevice(
+    IN  struct pci_dev   *pci_dev,
+    IN PRTMP_ADAPTER     pAd)
+{
+       USHORT  device_id;
+       POS_COOKIE pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+       pci_read_config_word(pci_dev, PCI_DEVICE_ID, &device_id);
+       device_id = le2cpu16(device_id);
+       pObj->DeviceID = device_id;
+       if (
+#ifdef RT3090
+               (device_id == NIC3090_PCIe_DEVICE_ID) ||
+               (device_id == NIC3091_PCIe_DEVICE_ID) ||
+               (device_id == NIC3092_PCIe_DEVICE_ID) ||
+#endif // RT3090 //
+                0)
+       {
+               UINT32 MacCsr0 = 0, Index= 0;
+               do
+               {
+                       RTMP_IO_READ32(pAd, MAC_CSR0, &MacCsr0);
+
+                       if ((MacCsr0 != 0x00) && (MacCsr0 != 0xFFFFFFFF))
+                               break;
+
+                       RTMPusecDelay(10);
+               } while (Index++ < 100);
+
+               // Support advanced power save after 2892/2790.
+               // MAC version at offset 0x1000 is 0x2872XXXX/0x2870XXXX(PCIe, USB, SDIO).
+               if ((MacCsr0&0xffff0000) != 0x28600000)
+               {
+                       OPSTATUS_SET_FLAG(pAd, fOP_STATUS_PCIE_DEVICE);
+               }
+       }
+}
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RTMPInitPCIeLinkCtrlValue(
+       IN      PRTMP_ADAPTER   pAd)
+{
+    INT     pos;
+    USHORT     reg16, data2, PCIePowerSaveLevel, Configuration;
+       UINT32 MacValue;
+    BOOLEAN    bFindIntel = FALSE;
+       POS_COOKIE pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+               return;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("%s.===>\n", __FUNCTION__));
+       // Init EEPROM, and save settings
+       if (!(IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd)))
+       {
+               RT28xx_EEPROM_READ16(pAd, 0x22, PCIePowerSaveLevel);
+               pAd->PCIePowerSaveLevel = PCIePowerSaveLevel & 0xff;
+               pAd->LnkCtrlBitMask = 0;
+               if ((PCIePowerSaveLevel&0xff) == 0xff)
+               {
+                       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_PCIE_DEVICE);
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> PCIePowerSaveLevel = 0x%x.\n", PCIePowerSaveLevel));
+                       return;
+               }
+       else
+       {
+               PCIePowerSaveLevel &= 0x3;
+               RT28xx_EEPROM_READ16(pAd, 0x24, data2);
+
+               if( !(((data2&0xff00) == 0x9200) && ((data2&0x80) !=0)) )
+               {
+                       if (PCIePowerSaveLevel > 1 )
+                               PCIePowerSaveLevel = 1;
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("====> Write 0x83 = 0x%x.\n", PCIePowerSaveLevel));
+               AsicSendCommandToMcu(pAd, 0x83, 0xff, (UCHAR)PCIePowerSaveLevel, 0x00);
+               RT28xx_EEPROM_READ16(pAd, 0x22, PCIePowerSaveLevel);
+               PCIePowerSaveLevel &= 0xff;
+               PCIePowerSaveLevel = PCIePowerSaveLevel >> 6;
+               switch(PCIePowerSaveLevel)
+               {
+                               case 0: // Only support L0
+                                       pAd->LnkCtrlBitMask = 0;
+                               break;
+                               case 1: // Only enable L0s
+                                       pAd->LnkCtrlBitMask = 1;
+                               break;
+                               case 2: // enable L1, L0s
+                                       pAd->LnkCtrlBitMask = 3;
+                               break;
+                               case 3: // sync with host clk and enable L1, L0s
+                               pAd->LnkCtrlBitMask = 0x103;
+                               break;
+               }
+                       RT28xx_EEPROM_READ16(pAd, 0x24, data2);
+                       if ((PCIePowerSaveLevel&0xff) != 0xff)
+                       {
+                               PCIePowerSaveLevel &= 0x3;
+
+                               if( !(((data2&0xff00) == 0x9200) && ((data2&0x80) !=0)) )
+                               {
+                                       if (PCIePowerSaveLevel > 1 )
+                                               PCIePowerSaveLevel = 1;
+                               }
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("====> rt28xx Write 0x83 Command = 0x%x.\n", PCIePowerSaveLevel));
+                                              printk("\n\n\n%s:%d\n",__FUNCTION__,__LINE__);
+
+                               AsicSendCommandToMcu(pAd, 0x83, 0xff, (UCHAR)PCIePowerSaveLevel, 0x00);
+                       }
+               DBGPRINT(RT_DEBUG_TRACE, ("====> LnkCtrlBitMask = 0x%x.\n", pAd->LnkCtrlBitMask));
+       }
+       }
+       else if (IS_RT3090(pAd) || IS_RT3572(pAd) || IS_RT3390(pAd))
+       {
+               UCHAR   LinkCtrlSetting = 0;
+
+               // Check 3090E special setting chip.
+                       RT28xx_EEPROM_READ16(pAd, 0x24, data2);
+               if ((data2 == 0x9280) && ((pAd->MACVersion&0xffff) == 0x0211))
+               {
+                       pAd->b3090ESpecialChip = TRUE;
+                       DBGPRINT_RAW(RT_DEBUG_ERROR,("Special 3090E chip \n"));
+               }
+
+               RTMP_IO_READ32(pAd, AUX_CTRL, &MacValue);
+               //enable WAKE_PCIE function, which forces to enable PCIE clock when mpu interrupt asserting.
+               //Force PCIE 125MHz CLK to toggle
+               MacValue |= 0x402;
+               RTMP_IO_WRITE32(pAd, AUX_CTRL, MacValue);
+               DBGPRINT_RAW(RT_DEBUG_ERROR,(" AUX_CTRL = 0x%32x\n", MacValue));
+
+
+
+               // for RT30xx F and after, PCIe infterface, and for power solution 3
+               if ((IS_VERSION_AFTER_F(pAd))
+                       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode >= 2)
+                       && (pAd->StaCfg.PSControl.field.rt30xxPowerMode <= 3))
+               {
+                       RTMP_IO_READ32(pAd, AUX_CTRL, &MacValue);
+                       DBGPRINT_RAW(RT_DEBUG_ERROR,(" Read AUX_CTRL = 0x%x\n", MacValue));
+                       // turn on bit 12.
+                       //enable 32KHz clock mode for power saving
+                       MacValue |= 0x1000;
+                       if (MacValue != 0xffffffff)
+                       {
+                               RTMP_IO_WRITE32(pAd, AUX_CTRL, MacValue);
+                               DBGPRINT_RAW(RT_DEBUG_ERROR,(" Write AUX_CTRL = 0x%x\n", MacValue));
+                               // 1. if use PCIePowerSetting is 2 or 3, need to program OSC_CTRL to 0x3ff11.
+                               MacValue = 0x3ff11;
+                               RTMP_IO_WRITE32(pAd, OSC_CTRL, MacValue);
+                               DBGPRINT_RAW(RT_DEBUG_ERROR,(" OSC_CTRL = 0x%x\n", MacValue));
+                               // 2. Write PCI register Clk ref bit
+                               RTMPrt3xSetPCIePowerLinkCtrl(pAd);
+                       }
+                       else
+                       {
+                               // Error read Aux_Ctrl value.  Force to use solution 1
+                               DBGPRINT(RT_DEBUG_ERROR,(" Error Value in AUX_CTRL = 0x%x\n", MacValue));
+                               pAd->StaCfg.PSControl.field.rt30xxPowerMode = 1;
+                               DBGPRINT(RT_DEBUG_ERROR,(" Force to use power solution1 \n"));
+                       }
+               }
+               // 1. read setting from inf file.
+
+               PCIePowerSaveLevel = (USHORT)pAd->StaCfg.PSControl.field.rt30xxPowerMode;
+               DBGPRINT(RT_DEBUG_ERROR, ("====> rt30xx Read PowerLevelMode =  0x%x.\n", PCIePowerSaveLevel));
+               // 2. Check EnableNewPS.
+               if (pAd->StaCfg.PSControl.field.EnableNewPS == FALSE)
+                       PCIePowerSaveLevel = 1;
+
+               if (IS_VERSION_BEFORE_F(pAd) && (pAd->b3090ESpecialChip == FALSE))
+               {
+                       // Chip Version E only allow 1, So force set 1.
+                       PCIePowerSaveLevel &= 0x1;
+                       pAd->PCIePowerSaveLevel = (USHORT)PCIePowerSaveLevel;
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> rt30xx E Write 0x83 Command = 0x%x.\n", PCIePowerSaveLevel));
+
+                       AsicSendCommandToMcu(pAd, 0x83, 0xff, (UCHAR)PCIePowerSaveLevel, 0x00);
+               }
+               else
+               {
+                       // Chip Version F and after only allow 1 or 2 or 3. This might be modified after new chip version come out.
+                       if (!((PCIePowerSaveLevel == 1) || (PCIePowerSaveLevel == 3)))
+                               PCIePowerSaveLevel = 1;
+                       DBGPRINT(RT_DEBUG_ERROR, ("====> rt30xx F Write 0x83 Command = 0x%x.\n", PCIePowerSaveLevel));
+                       pAd->PCIePowerSaveLevel = (USHORT)PCIePowerSaveLevel;
+                       // for 3090F , we need to add high-byte arg for 0x83 command to indicate the link control setting in
+                       // PCI Configuration Space. Because firmware can't read PCI Configuration Space
+                       if ((pAd->Rt3xxRalinkLinkCtrl & 0x2) && (pAd->Rt3xxHostLinkCtrl & 0x2))
+                       {
+                               LinkCtrlSetting = 1;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> rt30xxF LinkCtrlSetting = 0x%x.\n", LinkCtrlSetting));
+                       AsicSendCommandToMcu(pAd, 0x83, 0xff, (UCHAR)PCIePowerSaveLevel, LinkCtrlSetting);
+               }
+
+       }
+
+    // Find Ralink PCIe Device's Express Capability Offset
+       pos = pci_find_capability(pObj->pci_dev, PCI_CAP_ID_EXP);
+
+    if (pos != 0)
+    {
+        // Ralink PCIe Device's Link Control Register Offset
+        pAd->RLnkCtrlOffset = pos + PCI_EXP_LNKCTL;
+       pci_read_config_word(pObj->pci_dev, pAd->RLnkCtrlOffset, &reg16);
+        Configuration = le2cpu16(reg16);
+        DBGPRINT(RT_DEBUG_TRACE, ("Read (Ralink PCIe Link Control Register) offset 0x%x = 0x%x\n",
+                                    pAd->RLnkCtrlOffset, Configuration));
+        pAd->RLnkCtrlConfiguration = (Configuration & 0x103);
+        Configuration &= 0xfefc;
+        Configuration |= (0x0);
+
+        RTMPFindHostPCIDev(pAd);
+        if (pObj->parent_pci_dev)
+        {
+               USHORT  vendor_id;
+
+               pci_read_config_word(pObj->parent_pci_dev, PCI_VENDOR_ID, &vendor_id);
+               vendor_id = le2cpu16(vendor_id);
+               if (vendor_id == PCIBUS_INTEL_VENDOR)
+                 {
+                       bFindIntel = TRUE;
+                        RTMP_SET_PSFLAG(pAd, fRTMP_PS_TOGGLE_L1);
+                 }
+               /*
+               else if ((vendor_id == PCIBUS_AMD_VENDOR1)
+                                       && (DeviceID == 0x96000000))
+                               {
+                                       //Verified 2792 Aspire 8530 AMD NB (S3/S4/CBoot/WBoot/Chariot) by customer and ourselves.
+                                       // So use L1 Toggle method in this NB.
+                       bFindIntel = TRUE;
+                                       RTMP_SET_PSFLAG(pAd, fRTMP_PS_TOGGLE_L1);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PSM : Aspire 8530 AMD NB. Use L1 Toggle. \n"));
+                               }
+               */
+               // Find PCI-to-PCI Bridge Express Capability Offset
+               pos = pci_find_capability(pObj->parent_pci_dev, PCI_CAP_ID_EXP);
+
+               if (pos != 0)
+               {
+                       BOOLEAN         bChange = FALSE;
+                       // PCI-to-PCI Bridge Link Control Register Offset
+                       pAd->HostLnkCtrlOffset = pos + PCI_EXP_LNKCTL;
+                       pci_read_config_word(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, &reg16);
+                       Configuration = le2cpu16(reg16);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Read (Host PCI-to-PCI Bridge Link Control Register) offset 0x%x = 0x%x\n",
+                                                   pAd->HostLnkCtrlOffset, Configuration));
+                       pAd->HostLnkCtrlConfiguration = (Configuration & 0x103);
+                       Configuration &= 0xfefc;
+                       Configuration |= (0x0);
+
+                       switch (pObj->DeviceID)
+                       {
+#ifdef RT3090
+                               case NIC3090_PCIe_DEVICE_ID:
+                               case NIC3091_PCIe_DEVICE_ID:
+                               case NIC3092_PCIe_DEVICE_ID:
+                                       if (bFindIntel == FALSE)
+                                               bChange = TRUE;
+                                       break;
+#endif // RT3090 //
+                               default:
+                                       break;
+                       }
+
+                       if (bChange)
+                       {
+                               reg16 = cpu2le16(Configuration);
+                               pci_write_config_word(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, reg16);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Write (Host PCI-to-PCI Bridge Link Control Register) offset 0x%x = 0x%x\n",
+                                               pAd->HostLnkCtrlOffset, Configuration));
+                       }
+               }
+               else
+               {
+                       pAd->HostLnkCtrlOffset = 0;
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s: cannot find PCI-to-PCI Bridge PCI Express Capability!\n", __FUNCTION__));
+               }
+        }
+    }
+    else
+    {
+        pAd->RLnkCtrlOffset = 0;
+        pAd->HostLnkCtrlOffset = 0;
+        DBGPRINT(RT_DEBUG_ERROR, ("%s: cannot find Ralink PCIe Device's PCI Express Capability!\n", __FUNCTION__));
+    }
+
+    if (bFindIntel == FALSE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Doesn't find Intel PCI host controller. \n"));
+               // Doesn't switch L0, L1, So set PCIePowerSaveLevel to 0xff
+               pAd->PCIePowerSaveLevel = 0xff;
+               if ((pAd->RLnkCtrlOffset != 0)
+#ifdef RT3090
+                       && ((pObj->DeviceID == NIC3090_PCIe_DEVICE_ID)
+                               ||(pObj->DeviceID == NIC3091_PCIe_DEVICE_ID)
+                               ||(pObj->DeviceID == NIC3092_PCIe_DEVICE_ID))
+#endif // RT3090 //
+               )
+               {
+                       pci_read_config_word(pObj->pci_dev, pAd->RLnkCtrlOffset, &reg16);
+                       Configuration = le2cpu16(reg16);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Read (Ralink 30xx PCIe Link Control Register) offset 0x%x = 0x%x\n",
+                                               pAd->RLnkCtrlOffset, Configuration));
+                       pAd->RLnkCtrlConfiguration = (Configuration & 0x103);
+                       Configuration &= 0xfefc;
+                       Configuration |= (0x0);
+                       reg16 = cpu2le16(Configuration);
+                       pci_write_config_word(pObj->pci_dev, pAd->RLnkCtrlOffset, reg16);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Write (Ralink PCIe Link Control Register)  offset 0x%x = 0x%x\n",
+                                               pos + PCI_EXP_LNKCTL, Configuration));
+               }
+       }
+}
+
+VOID RTMPFindHostPCIDev(
+    IN PRTMP_ADAPTER   pAd)
+{
+    USHORT  reg16;
+    UCHAR   reg8;
+       UINT    DevFn;
+    PPCI_DEV    pPci_dev;
+       POS_COOKIE      pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+               return;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("%s.===>\n", __FUNCTION__));
+
+    pObj->parent_pci_dev = NULL;
+    if (pObj->pci_dev->bus->parent)
+    {
+        for (DevFn = 0; DevFn < 255; DevFn++)
+        {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,0)
+            pPci_dev = pci_get_slot(pObj->pci_dev->bus->parent, DevFn);
+#else
+            pPci_dev = pci_find_slot(pObj->pci_dev->bus->parent->number, DevFn);
+#endif
+            if (pPci_dev)
+            {
+                pci_read_config_word(pPci_dev, PCI_CLASS_DEVICE, &reg16);
+                reg16 = le2cpu16(reg16);
+                pci_read_config_byte(pPci_dev, PCI_CB_CARD_BUS, &reg8);
+                if ((reg16 == PCI_CLASS_BRIDGE_PCI) &&
+                    (reg8 == pObj->pci_dev->bus->number))
+                {
+                    pObj->parent_pci_dev = pPci_dev;
+                }
+            }
+        }
+    }
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+
+       Arguments:
+               Level = RESTORE_HALT : Restore PCI host and Ralink PCIe Link Control field to its default value.
+               Level = Other Value : Restore from dot11 power save or radio off status. And force PCI host Link Control fields to 0x1
+
+       ========================================================================
+*/
+VOID RTMPPCIeLinkCtrlValueRestore(
+       IN      PRTMP_ADAPTER   pAd,
+       IN   UCHAR              Level)
+{
+       USHORT  PCIePowerSaveLevel, reg16;
+       USHORT  Configuration;
+       POS_COOKIE      pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+               return;
+
+       // Check PSControl Configuration
+       if (pAd->StaCfg.PSControl.field.EnableNewPS == FALSE)
+               return TRUE;
+
+       //3090 will not execute the following codes.
+       // Check interface : If not PCIe interface, return.
+
+#ifdef RT3090
+       if ((pObj->DeviceID == NIC3090_PCIe_DEVICE_ID)
+               ||(pObj->DeviceID == NIC3091_PCIe_DEVICE_ID)
+               ||(pObj->DeviceID == NIC3092_PCIe_DEVICE_ID))
+               return;
+#endif // RT3090 //
+       DBGPRINT(RT_DEBUG_TRACE, ("%s.===>\n", __FUNCTION__));
+       PCIePowerSaveLevel = pAd->PCIePowerSaveLevel;
+       if ((PCIePowerSaveLevel&0xff) == 0xff)
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("return  \n"));
+               return;
+       }
+
+       if (pObj->parent_pci_dev && (pAd->HostLnkCtrlOffset != 0))
+    {
+        PCI_REG_READ_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, Configuration);
+        if ((Configuration != 0) &&
+            (Configuration != 0xFFFF))
+        {
+               Configuration &= 0xfefc;
+               // If call from interface down, restore to orginial setting.
+               if (Level == RESTORE_CLOSE)
+               {
+                       Configuration |= pAd->HostLnkCtrlConfiguration;
+               }
+               else
+                       Configuration |= 0x0;
+            PCI_REG_WIRTE_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, Configuration);
+               DBGPRINT(RT_DEBUG_TRACE, ("Restore PCI host : offset 0x%x = 0x%x\n", pAd->HostLnkCtrlOffset, Configuration));
+        }
+        else
+            DBGPRINT(RT_DEBUG_ERROR, ("Restore PCI host : PCI_REG_READ_WORD failed (Configuration = 0x%x)\n", Configuration));
+    }
+
+    if (pObj->pci_dev && (pAd->RLnkCtrlOffset != 0))
+    {
+        PCI_REG_READ_WORD(pObj->pci_dev, pAd->RLnkCtrlOffset, Configuration);
+        if ((Configuration != 0) &&
+            (Configuration != 0xFFFF))
+        {
+               Configuration &= 0xfefc;
+                       // If call from interface down, restore to orginial setting.
+                       if (Level == RESTORE_CLOSE)
+               Configuration |= pAd->RLnkCtrlConfiguration;
+                       else
+                               Configuration |= 0x0;
+            PCI_REG_WIRTE_WORD(pObj->pci_dev, pAd->RLnkCtrlOffset, Configuration);
+               DBGPRINT(RT_DEBUG_TRACE, ("Restore Ralink : offset 0x%x = 0x%x\n", pAd->RLnkCtrlOffset, Configuration));
+        }
+        else
+            DBGPRINT(RT_DEBUG_ERROR, ("Restore Ralink : PCI_REG_READ_WORD failed (Configuration = 0x%x)\n", Configuration));
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("%s <===\n", __FUNCTION__));
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+
+       Arguments:
+               Max : limit Host PCI and Ralink PCIe device's LINK CONTROL field's value.
+               Because now frequently set our device to mode 1 or mode 3 will cause problem.
+
+       ========================================================================
+*/
+VOID RTMPPCIeLinkCtrlSetting(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT          Max)
+{
+       USHORT  PCIePowerSaveLevel, reg16;
+       USHORT  Configuration;
+       POS_COOKIE      pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+               return;
+
+       // Check PSControl Configuration
+       if (pAd->StaCfg.PSControl.field.EnableNewPS == FALSE)
+               return TRUE;
+
+       // Check interface : If not PCIe interface, return.
+       //Block 3090 to enter the following function
+
+#ifdef RT3090
+       if ((pObj->DeviceID == NIC3090_PCIe_DEVICE_ID)
+               ||(pObj->DeviceID == NIC3091_PCIe_DEVICE_ID)
+               ||(pObj->DeviceID == NIC3092_PCIe_DEVICE_ID))
+               return;
+#endif // RT3090 //
+       if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP))
+       {
+               DBGPRINT(RT_DEBUG_INFO, ("RTMPPCIePowerLinkCtrl return on fRTMP_PS_CAN_GO_SLEEP flag\n"));
+               return;
+       }
+       DBGPRINT(RT_DEBUG_TRACE,("%s===>\n", __FUNCTION__));
+       PCIePowerSaveLevel = pAd->PCIePowerSaveLevel;
+       if ((PCIePowerSaveLevel&0xff) == 0xff)
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("return  \n"));
+               return;
+       }
+       PCIePowerSaveLevel = PCIePowerSaveLevel>>6;
+
+    // Skip non-exist deice right away
+       if (pObj->parent_pci_dev && (pAd->HostLnkCtrlOffset != 0))
+       {
+        PCI_REG_READ_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, Configuration);
+               switch (PCIePowerSaveLevel)
+               {
+                       case 0:
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 00
+                               Configuration &= 0xfefc;
+                               break;
+                       case 1:
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 01
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x1;
+                               break;
+                       case 2:
+                               //  Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 11
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x3;
+                               break;
+                       case 3:
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 11 and bit 8 of LinkControl of 2892 to 1
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x103;
+                               break;
+               }
+        PCI_REG_WIRTE_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, Configuration);
+               DBGPRINT(RT_DEBUG_TRACE, ("Write PCI host offset 0x%x = 0x%x\n", pAd->HostLnkCtrlOffset, Configuration));
+       }
+
+       if (pObj->pci_dev && (pAd->RLnkCtrlOffset != 0))
+       {
+               // first 2892 chip not allow to frequently set mode 3. will cause hang problem.
+               if (PCIePowerSaveLevel > Max)
+                       PCIePowerSaveLevel = Max;
+
+        PCI_REG_READ_WORD(pObj->pci_dev, pAd->RLnkCtrlOffset, Configuration);
+               switch (PCIePowerSaveLevel)
+               {
+                       case 0:
+                               // No PCI power safe
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 00 .
+                               Configuration &= 0xfefc;
+                               break;
+                       case 1:
+                               //  L0
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 01 .
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x1;
+                               break;
+                       case 2:
+                               // L0 and L1
+                               //  Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 11
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x3;
+                               break;
+                       case 3:
+                               // L0 , L1 and clock management.
+                               // Set b0 and b1 of LinkControl (both 2892 and PCIe bridge) to 11 and bit 8 of LinkControl of 2892 to 1
+                               Configuration &= 0xfefc;
+                               Configuration |= 0x103;
+                             pAd->bPCIclkOff = TRUE;
+                               break;
+               }
+        PCI_REG_WIRTE_WORD(pObj->pci_dev, pAd->RLnkCtrlOffset, Configuration);
+               DBGPRINT(RT_DEBUG_TRACE, ("Write Ralink device : offset 0x%x = 0x%x\n", pAd->RLnkCtrlOffset, Configuration));
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE,("RTMPPCIePowerLinkCtrl <==============\n"));
+}
+/*
+       ========================================================================
+
+       Routine Description:
+               1. Write a PCI register for rt30xx power solution 3
+
+       ========================================================================
+*/
+VOID RTMPrt3xSetPCIePowerLinkCtrl(
+       IN      PRTMP_ADAPTER   pAd)
+{
+
+       ULONG   HostConfiguration;
+       ULONG   Configuration;
+       ULONG   Vendor;
+       ULONG   offset;
+       POS_COOKIE      pObj;
+       INT     pos;
+       USHORT  reg16;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       DBGPRINT(RT_DEBUG_INFO, ("RTMPrt3xSetPCIePowerLinkCtrl.===> %x\n", pAd->StaCfg.PSControl.word));
+
+       // Check PSControl Configuration
+       if (pAd->StaCfg.PSControl.field.EnableNewPS == FALSE)
+               return;
+       RTMPFindHostPCIDev(pAd);
+        if (pObj->parent_pci_dev)
+        {
+               USHORT  vendor_id;
+               // Find PCI-to-PCI Bridge Express Capability Offset
+               pos = pci_find_capability(pObj->parent_pci_dev, PCI_CAP_ID_EXP);
+
+               if (pos != 0)
+               {
+                       pAd->HostLnkCtrlOffset = pos + PCI_EXP_LNKCTL;
+               }
+       // If configurared to turn on L1.
+       HostConfiguration = 0;
+               if (pAd->StaCfg.PSControl.field.rt30xxForceASPMTest == 1)
+               {
+                                               DBGPRINT(RT_DEBUG_TRACE, ("Enter,PSM : Force ASPM \n"));
+
+                       // Skip non-exist deice right away
+                       if ((pAd->HostLnkCtrlOffset != 0))
+                       {
+                        PCI_REG_READ_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, HostConfiguration);
+                               // Prepare Configuration to write to Host
+                               HostConfiguration |= 0x3;
+                               PCI_REG_WIRTE_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, HostConfiguration);
+                               pAd->Rt3xxHostLinkCtrl = HostConfiguration;
+                               // Because in rt30xxForceASPMTest Mode, Force turn on L0s, L1.
+                               // Fix HostConfiguration bit0:1 = 0x3 for later use.
+                               HostConfiguration = 0x3;
+                               DBGPRINT(RT_DEBUG_TRACE, ("PSM : Force ASPM : Host device L1/L0s Value =  0x%x\n", HostConfiguration));
+                       }
+               }
+               else if (pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM == 1)
+               {
+
+                       // Skip non-exist deice right away
+                       if ((pAd->HostLnkCtrlOffset != 0))
+                       {
+                        PCI_REG_READ_WORD(pObj->parent_pci_dev, pAd->HostLnkCtrlOffset, HostConfiguration);
+                               pAd->Rt3xxHostLinkCtrl = HostConfiguration;
+                               HostConfiguration &= 0x3;
+                               DBGPRINT(RT_DEBUG_TRACE, ("PSM : Follow Host ASPM : Host device L1/L0s Value =  0x%x\n", HostConfiguration));
+                       }
+               }
+        }
+       // Prepare to write Ralink setting.
+       // Find Ralink PCIe Device's Express Capability Offset
+       pos = pci_find_capability(pObj->pci_dev, PCI_CAP_ID_EXP);
+
+    if (pos != 0)
+    {
+        // Ralink PCIe Device's Link Control Register Offset
+       pAd->RLnkCtrlOffset = pos + PCI_EXP_LNKCTL;
+       pci_read_config_word(pObj->pci_dev, pAd->RLnkCtrlOffset, &reg16);
+        Configuration = le2cpu16(reg16);
+       DBGPRINT(RT_DEBUG_TRACE, ("Read (Ralink PCIe Link Control Register) offset 0x%x = 0x%x\n",
+                                                           pAd->RLnkCtrlOffset, Configuration));
+               Configuration |= 0x100;
+               if ((pAd->StaCfg.PSControl.field.rt30xxFollowHostASPM == 1)
+                       || (pAd->StaCfg.PSControl.field.rt30xxForceASPMTest == 1))
+               {
+                       switch(HostConfiguration)
+                       {
+                               case 0:
+                                       Configuration &= 0xffffffc;
+                                       break;
+                               case 1:
+                                       Configuration &= 0xffffffc;
+                                       Configuration |= 0x1;
+                                       break;
+                               case 2:
+                                       Configuration &= 0xffffffc;
+                                       Configuration |= 0x2;
+                                       break;
+                               case 3:
+                                       Configuration |= 0x3;
+                                       break;
+                       }
+               }
+               reg16 = cpu2le16(Configuration);
+               pci_write_config_word(pObj->pci_dev, pAd->RLnkCtrlOffset, reg16);
+               pAd->Rt3xxRalinkLinkCtrl = Configuration;
+               DBGPRINT(RT_DEBUG_TRACE, ("PSM :Write Ralink device L1/L0s Value =  0x%x\n", Configuration));
+       }
+       DBGPRINT(RT_DEBUG_INFO,("PSM :RTMPrt3xSetPCIePowerLinkCtrl <==============\n"));
+
+}
+
+#endif // CONFIG_STA_SUPPORT //
diff --git a/drivers/staging/rt3090/rt3090.h b/drivers/staging/rt3090/rt3090.h
new file mode 100644 (file)
index 0000000..d325cb0
--- /dev/null
@@ -0,0 +1,77 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rt3090.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RT3090_H__
+#define __RT3090_H__
+
+#ifdef RT3090
+
+#ifndef RTMP_PCI_SUPPORT
+#error "For RT3090, you should define the compile flag -DRTMP_PCI_SUPPORT"
+#endif
+
+#ifndef RTMP_MAC_PCI
+#error "For RT3090, you should define the compile flag -DRTMP_MAC_PCI"
+#endif
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "For RT3090, you should define the compile flag -DRTMP_RF_RW_SUPPORT"
+#endif
+
+#ifndef RT30xx
+#error "For RT3090, you should define the compile flag -DRT30xx"
+#endif
+
+#ifdef CARRIER_DETECTION_SUPPORT
+#define TONE_RADAR_DETECT_SUPPORT
+#define CARRIER_SENSE_NEW_ALGO
+#endif // CARRIER_DETECTION_SUPPORT //
+
+#define PCIE_PS_SUPPORT
+
+#include "mac_pci.h"
+#include "rt30xx.h"
+
+//
+// Device ID & Vendor ID, these values should match EEPROM value
+//
+#define NIC3090_PCIe_DEVICE_ID  0x3090         // 1T/1R miniCard
+#define NIC3091_PCIe_DEVICE_ID  0x3091         // 1T/2R miniCard
+#define NIC3092_PCIe_DEVICE_ID  0x3092         // 2T/2R miniCard
+
+#endif // RT3090 //
+
+#endif //__RT3090_H__ //
diff --git a/drivers/staging/rt3090/rt30xx.h b/drivers/staging/rt3090/rt30xx.h
new file mode 100644 (file)
index 0000000..70971a0
--- /dev/null
@@ -0,0 +1,48 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rt30xx.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RT30XX_H__
+#define __RT30XX_H__
+
+#ifdef RT30xx
+
+
+extern REG_PAIR RT30xx_RFRegTable[];
+extern UCHAR NUM_RF_REG_PARMS;
+
+#endif // RT30xx //
+
+#endif //__RT30XX_H__ //
diff --git a/drivers/staging/rt3090/rt3370.h b/drivers/staging/rt3090/rt3370.h
new file mode 100644 (file)
index 0000000..bfa9006
--- /dev/null
@@ -0,0 +1,64 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rt3370.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RT3370_H__
+#define __RT3370_H__
+
+#ifdef RT3370
+
+
+#error "For RT3070, you should define the compile flag -DRTMP_USB_SUPPORT"
+
+#error "For RT3070, you should define the compile flag -DRTMP_MAC_USB"
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "For RT3070, you should define the compile flag -DRTMP_RF_RW_SUPPORT"
+#endif
+
+#ifndef RT33xx
+#error "For RT3070, you should define the compile flag -DRT30xx"
+#endif
+
+#include "mac_usb.h"
+#include "rt33xx.h"
+
+//
+// Device ID & Vendor ID, these values should match EEPROM value
+//
+
+#endif // RT3370 //
+
+#endif //__RT3370_H__ //
diff --git a/drivers/staging/rt3090/rt3390.h b/drivers/staging/rt3090/rt3390.h
new file mode 100644 (file)
index 0000000..412ab3d
--- /dev/null
@@ -0,0 +1,77 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rt3390.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RT3390_H__
+#define __RT3390_H__
+
+#ifdef RT3390
+
+#ifndef RTMP_PCI_SUPPORT
+#error "For RT3390, you should define the compile flag -DRTMP_PCI_SUPPORT"
+#endif
+
+#ifndef RTMP_MAC_PCI
+#error "For RT3390, you should define the compile flag -DRTMP_MAC_PCI"
+#endif
+
+#ifndef RTMP_RF_RW_SUPPORT
+#error "For RT3390, you should define the compile flag -DRTMP_RF_RW_SUPPORT"
+#endif
+
+#ifndef RT30xx
+#error "For RT3390, you should define the compile flag -DRT30xx"
+#endif
+
+#ifdef CARRIER_DETECTION_SUPPORT
+#define TONE_RADAR_DETECT_SUPPORT
+#define CARRIER_SENSE_NEW_ALGO
+#endif // CARRIER_DETECTION_SUPPORT //
+
+#define PCIE_PS_SUPPORT
+
+#include "mac_pci.h"
+#include "rt33xx.h"
+
+//
+// Device ID & Vendor ID, these values should match EEPROM value
+//
+#define NIC3390_PCIe_DEVICE_ID  0x3090         // 1T/1R miniCard
+#define NIC3391_PCIe_DEVICE_ID  0x3091         // 1T/2R miniCard
+#define NIC3392_PCIe_DEVICE_ID  0x3092         // 2T/2R miniCard
+
+#endif // RT3390 //
+
+#endif //__RT3390_H__ //
diff --git a/drivers/staging/rt3090/rt33xx.h b/drivers/staging/rt3090/rt33xx.h
new file mode 100644 (file)
index 0000000..6eb9388
--- /dev/null
@@ -0,0 +1,48 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rt33xx.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RT33XX_H__
+#define __RT33XX_H__
+
+#ifdef RT33xx
+
+
+extern REG_PAIR RFRegTableOverRT3390[];
+extern UCHAR NUM_RF_REG_PARMS_OVER_RT3390;
+
+#endif // RT33xx //
+
+#endif //__RT33XX_H__ //
diff --git a/drivers/staging/rt3090/rt_ate.c b/drivers/staging/rt3090/rt_ate.c
new file mode 100644 (file)
index 0000000..259aae4
--- /dev/null
@@ -0,0 +1,6089 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#include "rt_config.h"
+
+#ifdef RALINK_ATE
+
+#ifdef RT30xx
+#define ATE_BBP_REG_NUM        168
+UCHAR restore_BBP[ATE_BBP_REG_NUM]={0};
+#endif // RT30xx //
+
+// 802.11 MAC Header, Type:Data, Length:24bytes
+UCHAR TemplateFrame[24] = {0x08,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+               0x00,0xAA,0xBB,0x12,0x34,0x56,0x00,0x11,0x22,0xAA,0xBB,0xCC,0x00,0x00};
+
+extern RTMP_RF_REGS RF2850RegTable[];
+extern UCHAR NUM_OF_2850_CHNL;
+
+extern FREQUENCY_ITEM FreqItems3020[];
+extern UCHAR NUM_OF_3020_CHNL;
+
+
+
+
+static CHAR CCKRateTable[] = {0, 1, 2, 3, 8, 9, 10, 11, -1}; /* CCK Mode. */
+static CHAR OFDMRateTable[] = {0, 1, 2, 3, 4, 5, 6, 7, -1}; /* OFDM Mode. */
+static CHAR HTMIXRateTable[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, -1}; /* HT Mix Mode. */
+
+static INT TxDmaBusy(
+       IN PRTMP_ADAPTER pAd);
+
+static INT RxDmaBusy(
+       IN PRTMP_ADAPTER pAd);
+
+static VOID RtmpDmaEnable(
+       IN PRTMP_ADAPTER pAd,
+       IN INT Enable);
+
+static VOID BbpSoftReset(
+       IN PRTMP_ADAPTER pAd);
+
+static VOID RtmpRfIoWrite(
+       IN PRTMP_ADAPTER pAd);
+
+static INT ATESetUpFrame(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT32 TxIdx);
+
+static INT ATETxPwrHandler(
+       IN PRTMP_ADAPTER pAd,
+       IN char index);
+
+static INT ATECmdHandler(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifndef RT30xx
+static int CheckMCSValid(
+       IN UCHAR Mode,
+       IN UCHAR Mcs);
+#endif // RT30xx //
+
+#ifdef RT30xx
+static int CheckMCSValid(
+       IN UCHAR Mode,
+       IN UCHAR Mcs,
+       IN BOOLEAN bRT2070);
+#endif // RT30xx //
+
+#ifdef RTMP_MAC_PCI
+static VOID ATEWriteTxWI(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXWI_STRUC     pOutTxWI,
+       IN      BOOLEAN                 FRAG,
+       IN      BOOLEAN                 CFACK,
+       IN      BOOLEAN                 InsTimestamp,
+       IN      BOOLEAN                 AMPDU,
+       IN      BOOLEAN                 Ack,
+       IN      BOOLEAN                 NSeq,           // HW new a sequence.
+       IN      UCHAR                   BASize,
+       IN      UCHAR                   WCID,
+       IN      ULONG                   Length,
+       IN      UCHAR                   PID,
+       IN      UCHAR                   TID,
+       IN      UCHAR                   TxRate,
+       IN      UCHAR                   Txopmode,
+       IN      BOOLEAN                 CfAck,
+       IN      HTTRANSMIT_SETTING      *pTransmit);
+#endif // RTMP_MAC_PCI //
+
+
+static VOID SetJapanFilter(
+       IN      PRTMP_ADAPTER   pAd);
+
+
+#ifdef RALINK_28xx_QA
+static inline INT      DO_RACFG_CMD_ATE_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_RF_WRITE_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_E2PROM_READ16(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_E2PROM_WRITE16(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_E2PROM_READ_ALL
+(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_E2PROM_WRITE_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_IO_READ(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_IO_WRITE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_IO_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_BBP_READ8(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_BBP_WRITE8(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_BBP_READ_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_GET_NOISE_LEVEL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_GET_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_CLEAR_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_TX_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_GET_TX_STATUS(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_TX_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_RX_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_RX_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_RX_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_CARRIER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_CONT(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_FRAME(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_BW(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_POWER0(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_POWER1(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_FREQ_OFFSET(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_GET_STATISTICS(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_RESET_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SEL_TX_ANTENNA(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SEL_RX_ANTENNA(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_PREAMBLE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_CHANNEL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR1(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR2(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR3(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_RATE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_FRAME_LEN(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_FRAME_COUNT(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_START_RX_FRAME(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_E2PROM_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_E2PROM_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_IO_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_BBP_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+static inline INT DO_RACFG_CMD_ATE_BBP_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN struct ate_racfghdr *pRaCfg
+);
+
+#endif // RALINK_28xx_QA //
+
+
+#ifdef RTMP_MAC_PCI
+static INT TxDmaBusy(
+       IN PRTMP_ADAPTER pAd)
+{
+       INT result;
+       WPDMA_GLO_CFG_STRUC GloCfg;
+
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);       // disable DMA
+       if (GloCfg.field.TxDMABusy)
+               result = 1;
+       else
+               result = 0;
+
+       return result;
+}
+
+
+static INT RxDmaBusy(
+       IN PRTMP_ADAPTER pAd)
+{
+       INT result;
+       WPDMA_GLO_CFG_STRUC GloCfg;
+
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);       // disable DMA
+       if (GloCfg.field.RxDMABusy)
+               result = 1;
+       else
+               result = 0;
+
+       return result;
+}
+
+
+static VOID RtmpDmaEnable(
+       IN PRTMP_ADAPTER pAd,
+       IN INT Enable)
+{
+       BOOLEAN value;
+       ULONG WaitCnt;
+       WPDMA_GLO_CFG_STRUC GloCfg;
+
+       value = Enable > 0 ? 1 : 0;
+
+       // check DMA is in busy mode.
+       WaitCnt = 0;
+
+       while (TxDmaBusy(pAd) || RxDmaBusy(pAd))
+       {
+               RTMPusecDelay(10);
+               if (WaitCnt++ > 100)
+                       break;
+       }
+
+       RTMP_IO_READ32(pAd, WPDMA_GLO_CFG, &GloCfg.word);       // disable DMA
+       GloCfg.field.EnableTxDMA = value;
+       GloCfg.field.EnableRxDMA = value;
+       RTMP_IO_WRITE32(pAd, WPDMA_GLO_CFG, GloCfg.word);       // abort all TX rings
+       RTMPusecDelay(5000);
+
+       return;
+}
+#endif // RTMP_MAC_PCI //
+
+
+
+
+static VOID BbpSoftReset(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR BbpData = 0;
+
+       // Soft reset, set BBP R21 bit0=1->0
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R21, &BbpData);
+       BbpData |= 0x00000001; //set bit0=1
+       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R21, BbpData);
+
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R21, &BbpData);
+       BbpData &= ~(0x00000001); //set bit0=0
+       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R21, BbpData);
+
+       return;
+}
+
+
+static VOID RtmpRfIoWrite(
+       IN PRTMP_ADAPTER pAd)
+{
+       // Set RF value 1's set R3[bit2] = [0]
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+       RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 & (~0x04)));
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+       RTMPusecDelay(200);
+
+       // Set RF value 2's set R3[bit2] = [1]
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+       RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 | 0x04));
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+       RTMPusecDelay(200);
+
+       // Set RF value 3's set R3[bit2] = [0]
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R1);
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R2);
+       RTMP_RF_IO_WRITE32(pAd, (pAd->LatchRfRegs.R3 & (~0x04)));
+       RTMP_RF_IO_WRITE32(pAd, pAd->LatchRfRegs.R4);
+
+       return;
+}
+
+
+#ifdef RT30xx
+static int CheckMCSValid(
+       UCHAR Mode,
+       UCHAR Mcs,
+       BOOLEAN bRT2070)
+#endif // RT30xx //
+#ifndef RT30xx
+static int CheckMCSValid(
+       IN UCHAR Mode,
+       IN UCHAR Mcs)
+#endif // RT30xx //
+{
+       INT i;
+       PCHAR pRateTab;
+
+       switch (Mode)
+       {
+               case 0:
+                       pRateTab = CCKRateTable;
+                       break;
+               case 1:
+                       pRateTab = OFDMRateTable;
+                       break;
+               case 2:
+               case 3:
+#ifdef RT30xx
+                       if (bRT2070)
+                               pRateTab = OFDMRateTable;
+                       else
+#endif // RT30xx //
+                       pRateTab = HTMIXRateTable;
+                       break;
+               default:
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("unrecognizable Tx Mode %d\n", Mode));
+                       return -1;
+                       break;
+       }
+
+       i = 0;
+       while (pRateTab[i] != -1)
+       {
+               if (pRateTab[i] == Mcs)
+                       return 0;
+               i++;
+       }
+
+       return -1;
+}
+
+
+static INT ATETxPwrHandler(
+       IN PRTMP_ADAPTER pAd,
+       IN char index)
+{
+       ULONG R;
+       CHAR TxPower;
+       UCHAR Bbp94 = 0;
+       BOOLEAN bPowerReduce = FALSE;
+#ifdef RTMP_RF_RW_SUPPORT
+       UCHAR RFValue;
+#endif // RTMP_RF_RW_SUPPORT //
+#ifdef RALINK_28xx_QA
+       if ((pAd->ate.bQATxStart == TRUE) || (pAd->ate.bQARxStart == TRUE))
+       {
+               /*
+                       When QA is used for Tx, pAd->ate.TxPower0/1 and real tx power
+                       are not synchronized.
+               */
+               return 0;
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               TxPower = index == 0 ? pAd->ate.TxPower0 : pAd->ate.TxPower1;
+
+               if (pAd->ate.Channel <= 14)
+               {
+                       if (TxPower > 31)
+                       {
+
+                               // R3, R4 can't large than 31 (0x24), 31 ~ 36 used by BBP 94
+                               R = 31;
+                               if (TxPower <= 36)
+                                       Bbp94 = BBPR94_DEFAULT + (UCHAR)(TxPower - 31);
+                       }
+                       else if (TxPower < 0)
+                       {
+
+                               // R3, R4 can't less than 0, -1 ~ -6 used by BBP 94
+                               R = 0;
+                               if (TxPower >= -6)
+                                       Bbp94 = BBPR94_DEFAULT + TxPower;
+                       }
+                       else
+                       {
+                               // 0 ~ 31
+                               R = (ULONG) TxPower;
+                               Bbp94 = BBPR94_DEFAULT;
+                       }
+
+                       ATEDBGPRINT(RT_DEBUG_TRACE, ("%s (TxPower=%d, R=%ld, BBP_R94=%d)\n", __FUNCTION__, TxPower, R, Bbp94));
+               }
+               else /* 5.5 GHz */
+               {
+                       if (TxPower > 15)
+                       {
+
+                               // R3, R4 can't large than 15 (0x0F)
+                               R = 15;
+                       }
+                       else if (TxPower < 0)
+                       {
+
+                               // R3, R4 can't less than 0
+                               // -1 ~ -7
+                               ASSERT((TxPower >= -7));
+                               R = (ULONG)(TxPower + 7);
+                               bPowerReduce = TRUE;
+                       }
+                       else
+                       {
+                               // 0 ~ 15
+                               R = (ULONG) TxPower;
+                       }
+
+                       ATEDBGPRINT(RT_DEBUG_TRACE, ("%s (TxPower=%d, R=%lu)\n", __FUNCTION__, TxPower, R));
+               }
+//2008/09/10:KH adds to support 3070 ATE TX Power tunning real time<--
+#ifdef RTMP_RF_RW_SUPPORT
+               if (IS_RT30xx(pAd))
+               {
+                       // Set Tx Power
+                       ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R12, (PUCHAR)&RFValue);
+                       RFValue = (RFValue & 0xE0) | TxPower;
+                       ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R12, (UCHAR)RFValue);
+                       ATEDBGPRINT(RT_DEBUG_TRACE, ("3070 or 2070:%s (TxPower=%d, RFValue=%x)\n", __FUNCTION__, TxPower, RFValue));
+               }
+               else
+#endif // RTMP_RF_RW_SUPPORT //
+               {
+               if (pAd->ate.Channel <= 14)
+               {
+                       if (index == 0)
+                       {
+                               // shift TX power control to correct RF(R3) register bit position
+                               R = R << 9;
+                               R |= (pAd->LatchRfRegs.R3 & 0xffffc1ff);
+                               pAd->LatchRfRegs.R3 = R;
+                       }
+                       else
+                       {
+                               // shift TX power control to correct RF(R4) register bit position
+                               R = R << 6;
+                               R |= (pAd->LatchRfRegs.R4 & 0xfffff83f);
+                               pAd->LatchRfRegs.R4 = R;
+                       }
+               }
+               else /* 5.5GHz */
+               {
+                       if (bPowerReduce == FALSE)
+                       {
+                               if (index == 0)
+                               {
+                                       // shift TX power control to correct RF(R3) register bit position
+                                       R = (R << 10) | (1 << 9);
+                                       R |= (pAd->LatchRfRegs.R3 & 0xffffc1ff);
+                                       pAd->LatchRfRegs.R3 = R;
+                               }
+                               else
+                               {
+                                       // shift TX power control to correct RF(R4) register bit position
+                                       R = (R << 7) | (1 << 6);
+                                       R |= (pAd->LatchRfRegs.R4 & 0xfffff83f);
+                                       pAd->LatchRfRegs.R4 = R;
+                               }
+                       }
+                       else
+                       {
+                               if (index == 0)
+                               {
+                                       // shift TX power control to correct RF(R3) register bit position
+                                       R = (R << 10);
+                                       R |= (pAd->LatchRfRegs.R3 & 0xffffc1ff);
+
+                                       /* Clear bit 9 of R3 to reduce 7dB. */
+                                       pAd->LatchRfRegs.R3 = (R & (~(1 << 9)));
+                               }
+                               else
+                               {
+                                       // shift TX power control to correct RF(R4) register bit position
+                                       R = (R << 7);
+                                       R |= (pAd->LatchRfRegs.R4 & 0xfffff83f);
+
+                                       /* Clear bit 6 of R4 to reduce 7dB. */
+                                       pAd->LatchRfRegs.R4 = (R & (~(1 << 6)));
+                               }
+                       }
+               }
+               RtmpRfIoWrite(pAd);
+       }
+//2008/09/10:KH adds to support 3070 ATE TX Power tunning real time-->
+
+               return 0;
+       }
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE operation mode to
+        0. ATESTART  = Start ATE Mode
+        1. ATESTOP   = Stop ATE Mode
+        2. TXCONT    = Continuous Transmit
+        3. TXCARR    = Transmit Carrier
+        4. TXFRAME   = Transmit Frames
+        5. RXFRAME   = Receive Frames
+#ifdef RALINK_28xx_QA
+        6. TXSTOP    = Stop Any Type of Transmition
+        7. RXSTOP    = Stop Receiving Frames
+#endif // RALINK_28xx_QA //
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+#ifdef RTMP_MAC_PCI
+static INT     ATECmdHandler(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT32                  Value = 0;
+       UCHAR                   BbpData;
+       UINT32                  MacData = 0;
+       PTXD_STRUC              pTxD;
+       INT                             index;
+       UINT                    i = 0, atemode = 0;
+       PRXD_STRUC              pRxD;
+       PRTMP_TX_RING   pTxRing = &pAd->TxRing[QID_AC_BE];
+       NDIS_STATUS             Status = NDIS_STATUS_SUCCESS;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("===> ATECmdHandler()\n"));
+
+       ATEAsicSwitchChannel(pAd);
+
+       /* empty function */
+       AsicLockChannel(pAd, pAd->ate.Channel);
+
+       RTMPusecDelay(5000);
+
+       // read MAC_SYS_CTRL and backup MAC_SYS_CTRL value.
+       RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &MacData);
+
+       // Default value in BBP R22 is 0x0.
+       BbpData = 0;
+
+       // clean bit4 to stop continuous Tx production test.
+       MacData &= 0xFFFFFFEF;
+
+       // Enter ATE mode and set Tx/Rx Idle
+       if (!strcmp(arg, "ATESTART"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: ATESTART\n"));
+
+#if defined(LINUX) || defined(VXWORKS)
+               // check if we have removed the firmware
+               if (!(ATE_ON(pAd)))
+               {
+                       NICEraseFirmware(pAd);
+               }
+#endif // defined(LINUX) || defined(VXWORKS) //
+
+               atemode = pAd->ate.Mode;
+               pAd->ate.Mode = ATE_START;
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+
+               if (atemode == ATE_TXCARR)
+               {
+                       // No Carrier Test set BBP R22 bit7=0, bit6=0, bit[5~0]=0x0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= 0xFFFFFF00; // clear bit7, bit6, bit[5~0]
+                   ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+               }
+               else if (atemode == ATE_TXCARRSUPP)
+               {
+                       // No Cont. TX set BBP R22 bit7=0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= ~(1 << 7); // set bit7=0
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+                       // No Carrier Suppression set BBP R24 bit0=0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R24, &BbpData);
+                       BbpData &= 0xFFFFFFFE; // clear bit0
+                   ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, BbpData);
+               }
+
+               /*
+                       We should free some resource which was allocated
+                       when ATE_TXFRAME , ATE_STOP, and ATE_TXCONT.
+               */
+               else if ((atemode & ATE_TXFRAME) || (atemode == ATE_STOP))
+               {
+                       PRTMP_TX_RING pTxRing = &pAd->TxRing[QID_AC_BE];
+
+                       if (atemode == ATE_TXCONT)
+                       {
+                               // No Cont. TX set BBP R22 bit7=0
+                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                               BbpData &= ~(1 << 7); // set bit7=0
+                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+                       }
+
+                       // Abort Tx, Rx DMA.
+                       RtmpDmaEnable(pAd, 0);
+                       for (i=0; i<TX_RING_SIZE; i++)
+                       {
+                               PNDIS_PACKET  pPacket;
+
+#ifndef RT_BIG_ENDIAN
+                           pTxD = (PTXD_STRUC)pAd->TxRing[QID_AC_BE].Cell[i].AllocVa;
+#else
+                       pDestTxD = (PTXD_STRUC)pAd->TxRing[QID_AC_BE].Cell[i].AllocVa;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                               pTxD->DMADONE = 0;
+                               pPacket = pTxRing->Cell[i].pNdisPacket;
+
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                               }
+
+                               // Always assign pNdisPacket as NULL after clear
+                               pTxRing->Cell[i].pNdisPacket = NULL;
+
+                               pPacket = pTxRing->Cell[i].pNextNdisPacket;
+
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                               }
+
+                               // Always assign pNextNdisPacket as NULL after clear
+                               pTxRing->Cell[i].pNextNdisPacket = NULL;
+#ifdef RT_BIG_ENDIAN
+                               RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                               WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+                       }
+
+                       // Start Tx, RX DMA
+                       RtmpDmaEnable(pAd, 1);
+               }
+
+               // reset Rx statistics.
+               pAd->ate.LastSNR0 = 0;
+               pAd->ate.LastSNR1 = 0;
+               pAd->ate.LastRssi0 = 0;
+               pAd->ate.LastRssi1 = 0;
+               pAd->ate.LastRssi2 = 0;
+               pAd->ate.AvgRssi0 = 0;
+               pAd->ate.AvgRssi1 = 0;
+               pAd->ate.AvgRssi2 = 0;
+               pAd->ate.AvgRssi0X8 = 0;
+               pAd->ate.AvgRssi1X8 = 0;
+               pAd->ate.AvgRssi2X8 = 0;
+               pAd->ate.NumOfAvgRssiSample = 0;
+
+#ifdef RALINK_28xx_QA
+               // Tx frame
+               pAd->ate.bQATxStart = FALSE;
+               pAd->ate.bQARxStart = FALSE;
+               pAd->ate.seq = 0;
+
+               // counters
+               pAd->ate.U2M = 0;
+               pAd->ate.OtherData = 0;
+               pAd->ate.Beacon = 0;
+               pAd->ate.OtherCount = 0;
+               pAd->ate.TxAc0 = 0;
+               pAd->ate.TxAc1 = 0;
+               pAd->ate.TxAc2 = 0;
+               pAd->ate.TxAc3 = 0;
+               /*pAd->ate.TxHCCA = 0;*/
+               pAd->ate.TxMgmt = 0;
+               pAd->ate.RSSI0 = 0;
+               pAd->ate.RSSI1 = 0;
+               pAd->ate.RSSI2 = 0;
+               pAd->ate.SNR0 = 0;
+               pAd->ate.SNR1 = 0;
+
+               // control
+               pAd->ate.TxDoneCount = 0;
+               // TxStatus : 0 --> task is idle, 1 --> task is running
+               pAd->ate.TxStatus = 0;
+#endif // RALINK_28xx_QA //
+
+               // Soft reset BBP.
+               BbpSoftReset(pAd);
+
+
+#ifdef CONFIG_STA_SUPPORT
+               /* LinkDown() has "AsicDisableSync();" and "RTMP_BBP_IO_R/W8_BY_REG_ID();" inside. */
+//      LinkDown(pAd, FALSE);
+//             AsicEnableBssSync(pAd);
+
+#if defined(LINUX) || defined(VXWORKS)
+               RTMP_OS_NETDEV_STOP_QUEUE(pAd->net_dev);
+#endif // defined(LINUX) || defined(VXWORKS) //
+
+               /*
+                       If we skip "LinkDown()", we should disable protection
+                       to prevent from sending out RTS or CTS-to-self.
+               */
+               ATEDisableAsicProtect(pAd);
+               RTMPStationStop(pAd);
+#endif // CONFIG_STA_SUPPORT //
+
+               /* Disable Tx */
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               /* Disable Rx */
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+       }
+       else if (!strcmp(arg, "ATESTOP"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: ATESTOP\n"));
+
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+               // recover the MAC_SYS_CTRL register back
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+
+               // disable Tx, Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= (0xfffffff3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               // abort Tx, RX DMA
+               RtmpDmaEnable(pAd, 0);
+
+#ifdef LINUX
+               pAd->ate.bFWLoading = TRUE;
+
+               Status = NICLoadFirmware(pAd);
+
+               if (Status != NDIS_STATUS_SUCCESS)
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("NICLoadFirmware failed, Status[=0x%08x]\n", Status));
+                       return FALSE;
+               }
+#endif // LINUX //
+               pAd->ate.Mode = ATE_STOP;
+
+               /*
+                       Even the firmware has been loaded,
+                       we still could use ATE_BBP_IO_READ8_BY_REG_ID().
+                       But this is not suggested.
+               */
+               BbpSoftReset(pAd);
+
+               RTMP_ASIC_INTERRUPT_DISABLE(pAd);
+
+               NICInitializeAdapter(pAd, TRUE);
+
+               /*
+                       Reinitialize Rx Ring before Rx DMA is enabled.
+                       >>>RxCoherent<<< was gone !
+               */
+               for (index = 0; index < RX_RING_SIZE; index++)
+               {
+                       pRxD = (PRXD_STRUC) pAd->RxRing.Cell[index].AllocVa;
+                       pRxD->DDONE = 0;
+               }
+
+               // We should read EEPROM for all cases.
+               NICReadEEPROMParameters(pAd, NULL);
+               NICInitAsicFromEEPROM(pAd);
+
+               AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+
+               /* empty function */
+               AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+
+               /* clear garbage interrupts */
+               RTMP_IO_WRITE32(pAd, INT_SOURCE_CSR, 0xffffffff);
+               /* Enable Interrupt */
+               RTMP_ASIC_INTERRUPT_ENABLE(pAd);
+
+               /* restore RX_FILTR_CFG */
+
+#ifdef CONFIG_STA_SUPPORT
+               /* restore RX_FILTR_CFG due to that QA maybe set it to 0x3 */
+               RTMP_IO_WRITE32(pAd, RX_FILTR_CFG, STANORMAL);
+#endif // CONFIG_STA_SUPPORT //
+
+               // Enable Tx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               // Enable Tx, Rx DMA.
+               RtmpDmaEnable(pAd, 1);
+
+               // Enable Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+
+#ifdef CONFIG_STA_SUPPORT
+               RTMPStationStart(pAd);
+#endif // CONFIG_STA_SUPPORT //
+
+#if defined(LINUX) || defined(VXWORKS)
+               RTMP_OS_NETDEV_START_QUEUE(pAd->net_dev);
+#endif // defined(LINUX) || defined(VXWORKS) //
+       }
+       else if (!strcmp(arg, "TXCARR"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: TXCARR\n"));
+               pAd->ate.Mode = ATE_TXCARR;
+
+               // QA has done the following steps if it is used.
+               if (pAd->ate.bQATxStart == FALSE)
+               {
+                       // Soft reset BBP.
+                       BbpSoftReset(pAd);
+
+                       // Carrier Test set BBP R22 bit7=1, bit6=1, bit[5~0]=0x01
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= 0xFFFFFF00; //clear bit7, bit6, bit[5~0]
+                       BbpData |= 0x000000C1; //set bit7=1, bit6=1, bit[5~0]=0x01
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+                       // set MAC_SYS_CTRL(0x1004) Continuous Tx Production Test (bit4) = 1
+                       RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+                       Value = Value | 0x00000010;
+                       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+               }
+       }
+       else if (!strcmp(arg, "TXCONT"))
+       {
+               if (pAd->ate.bQATxStart == TRUE)
+               {
+                       /*
+                               set MAC_SYS_CTRL(0x1004) bit4(Continuous Tx Production Test)
+                               and bit2(MAC TX enable) back to zero.
+                       */
+                       RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &MacData);
+                       MacData &= 0xFFFFFFEB;
+                       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+
+                       // set BBP R22 bit7=0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= 0xFFFFFF7F; //set bit7=0
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+               }
+
+               /*
+                       for TxCont mode.
+                       Step 1: Send 50 packets first then wait for a moment.
+                       Step 2: Send more 50 packet then start continue mode.
+               */
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: TXCONT\n"));
+
+               // Step 1: send 50 packets first.
+               pAd->ate.Mode = ATE_TXCONT;
+               pAd->ate.TxCount = 50;
+
+               /* Do it after Tx/Rx DMA is aborted. */
+//             pAd->ate.TxDoneCount = 0;
+
+               // Soft reset BBP.
+               BbpSoftReset(pAd);
+
+               // Abort Tx, RX DMA.
+               RtmpDmaEnable(pAd, 0);
+
+               // Fix can't smooth kick
+               {
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QID_AC_BE * 0x10,  &pTxRing->TxDmaIdx);
+                       pTxRing->TxSwFreeIdx = pTxRing->TxDmaIdx;
+                       pTxRing->TxCpuIdx = pTxRing->TxDmaIdx;
+                       RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * 0x10, pTxRing->TxCpuIdx);
+               }
+
+               pAd->ate.TxDoneCount = 0;
+
+               /* Only needed if we have to send some normal frames. */
+               SetJapanFilter(pAd);
+
+               for (i = 0; (i < TX_RING_SIZE-1) && (i < pAd->ate.TxCount); i++)
+               {
+                       PNDIS_PACKET pPacket;
+                       UINT32 TxIdx = pTxRing->TxCpuIdx;
+
+#ifndef RT_BIG_ENDIAN
+                       pTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+#else
+                       pDestTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                       // Clean current cell.
+                       pPacket = pTxRing->Cell[TxIdx].pNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNdisPacket = NULL;
+
+                       pPacket = pTxRing->Cell[TxIdx].pNextNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNextNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+#ifdef RT_BIG_ENDIAN
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+
+                       if (ATESetUpFrame(pAd, TxIdx) != 0)
+                               break;
+
+                       INC_RING_INDEX(pTxRing->TxCpuIdx, TX_RING_SIZE);
+               }
+
+               // Setup frame format.
+               ATESetUpFrame(pAd, pTxRing->TxCpuIdx);
+
+               // Start Tx, RX DMA.
+               RtmpDmaEnable(pAd, 1);
+
+               // Enable Tx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               // Disable Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+#ifdef RALINK_28xx_QA
+               if (pAd->ate.bQATxStart == TRUE)
+               {
+                       pAd->ate.TxStatus = 1;
+               }
+#endif // RALINK_28xx_QA //
+
+               // kick Tx-Ring
+               RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * RINGREG_DIFF, pAd->TxRing[QID_AC_BE].TxCpuIdx);
+
+               RTMPusecDelay(5000);
+
+
+               // Step 2: send more 50 packets then start continue mode.
+               // Abort Tx, RX DMA.
+               RtmpDmaEnable(pAd, 0);
+
+               // Cont. TX set BBP R22 bit7=1
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+               BbpData |= 0x00000080; //set bit7=1
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+               pAd->ate.TxCount = 50;
+
+               // Fix can't smooth kick
+               {
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QID_AC_BE * 0x10,  &pTxRing->TxDmaIdx);
+                       pTxRing->TxSwFreeIdx = pTxRing->TxDmaIdx;
+                       pTxRing->TxCpuIdx = pTxRing->TxDmaIdx;
+                       RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * 0x10, pTxRing->TxCpuIdx);
+               }
+
+               pAd->ate.TxDoneCount = 0;
+
+               SetJapanFilter(pAd);
+
+               for (i = 0; (i < TX_RING_SIZE-1) && (i < pAd->ate.TxCount); i++)
+               {
+                       PNDIS_PACKET pPacket;
+                       UINT32 TxIdx = pTxRing->TxCpuIdx;
+
+#ifndef RT_BIG_ENDIAN
+                       pTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+#else
+                       pDestTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                       // clean current cell.
+                       pPacket = pTxRing->Cell[TxIdx].pNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNdisPacket = NULL;
+
+                       pPacket = pTxRing->Cell[TxIdx].pNextNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNextNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+#ifdef RT_BIG_ENDIAN
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+
+                       if (ATESetUpFrame(pAd, TxIdx) != 0)
+                               break;
+
+                       INC_RING_INDEX(pTxRing->TxCpuIdx, TX_RING_SIZE);
+               }
+
+               ATESetUpFrame(pAd, pTxRing->TxCpuIdx);
+
+               // Start Tx, RX DMA.
+               RtmpDmaEnable(pAd, 1);
+
+               // Enable Tx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               // Disable Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+#ifdef RALINK_28xx_QA
+               if (pAd->ate.bQATxStart == TRUE)
+               {
+                       pAd->ate.TxStatus = 1;
+               }
+#endif // RALINK_28xx_QA //
+
+               // kick Tx-Ring.
+               RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * RINGREG_DIFF, pAd->TxRing[QID_AC_BE].TxCpuIdx);
+
+               RTMPusecDelay(500);
+
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &MacData);
+               MacData |= 0x00000010;
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+       }
+       else if (!strcmp(arg, "TXFRAME"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: TXFRAME(Count=%d)\n", pAd->ate.TxCount));
+               pAd->ate.Mode |= ATE_TXFRAME;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+               // Soft reset BBP.
+               BbpSoftReset(pAd);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+
+               // Abort Tx, RX DMA.
+               RtmpDmaEnable(pAd, 0);
+
+               // Fix can't smooth kick
+               {
+                       RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QID_AC_BE * 0x10,  &pTxRing->TxDmaIdx);
+                       pTxRing->TxSwFreeIdx = pTxRing->TxDmaIdx;
+                       pTxRing->TxCpuIdx = pTxRing->TxDmaIdx;
+                       RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * 0x10, pTxRing->TxCpuIdx);
+               }
+
+               pAd->ate.TxDoneCount = 0;
+
+               SetJapanFilter(pAd);
+
+               for (i = 0; (i < TX_RING_SIZE-1) && (i < pAd->ate.TxCount); i++)
+               {
+                       PNDIS_PACKET pPacket;
+                       UINT32 TxIdx = pTxRing->TxCpuIdx;
+
+#ifndef RT_BIG_ENDIAN
+                       pTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+#else
+                       pDestTxD = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                       // Clean current cell.
+                       pPacket = pTxRing->Cell[TxIdx].pNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNdisPacket = NULL;
+
+                       pPacket = pTxRing->Cell[TxIdx].pNextNdisPacket;
+
+                       if (pPacket)
+                       {
+                               PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                       }
+
+                       // Always assign pNextNdisPacket as NULL after clear
+                       pTxRing->Cell[TxIdx].pNextNdisPacket = NULL;
+
+#ifdef RT_BIG_ENDIAN
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                       WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+
+                       if (ATESetUpFrame(pAd, TxIdx) != 0)
+                               break;
+
+                       INC_RING_INDEX(pTxRing->TxCpuIdx, TX_RING_SIZE);
+
+               }
+
+               ATESetUpFrame(pAd, pTxRing->TxCpuIdx);
+
+               // Start Tx, Rx DMA.
+               RtmpDmaEnable(pAd, 1);
+
+               // Enable Tx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+#ifdef RALINK_28xx_QA
+               // add this for LoopBack mode
+               if (pAd->ate.bQARxStart == FALSE)
+               {
+                       // Disable Rx
+                       RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+                       Value &= ~(1 << 3);
+                       RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+               }
+
+               if (pAd->ate.bQATxStart == TRUE)
+               {
+                       pAd->ate.TxStatus = 1;
+               }
+#else
+               // Disable Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+#endif // RALINK_28xx_QA //
+
+               RTMP_IO_READ32(pAd, TX_DTX_IDX0 + QID_AC_BE * RINGREG_DIFF, &pAd->TxRing[QID_AC_BE].TxDmaIdx);
+               // kick Tx-Ring.
+               RTMP_IO_WRITE32(pAd, TX_CTX_IDX0 + QID_AC_BE * RINGREG_DIFF, pAd->TxRing[QID_AC_BE].TxCpuIdx);
+
+               pAd->RalinkCounters.KickTxCount++;
+       }
+#ifdef RALINK_28xx_QA
+       else if (!strcmp(arg, "TXSTOP"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: TXSTOP\n"));
+               atemode = pAd->ate.Mode;
+               pAd->ate.Mode &= ATE_TXSTOP;
+               pAd->ate.bQATxStart = FALSE;
+//             pAd->ate.TxDoneCount = pAd->ate.TxCount;
+
+               if (atemode == ATE_TXCARR)
+               {
+                       // No Carrier Test set BBP R22 bit7=0, bit6=0, bit[5~0]=0x0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= 0xFFFFFF00; //clear bit7, bit6, bit[5~0]
+                   ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+               }
+               else if (atemode == ATE_TXCARRSUPP)
+               {
+                       // No Cont. TX set BBP R22 bit7=0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                       BbpData &= ~(1 << 7); //set bit7=0
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+
+                       // No Carrier Suppression set BBP R24 bit0=0
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R24, &BbpData);
+                       BbpData &= 0xFFFFFFFE; //clear bit0
+                   ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R24, BbpData);
+               }
+
+               /*
+                       We should free some resource which was allocated
+                       when ATE_TXFRAME, ATE_STOP, and ATE_TXCONT.
+               */
+               else if ((atemode & ATE_TXFRAME) || (atemode == ATE_STOP))
+               {
+                       PRTMP_TX_RING pTxRing = &pAd->TxRing[QID_AC_BE];
+
+                       if (atemode == ATE_TXCONT)
+                       {
+                               // No Cont. TX set BBP R22 bit7=0
+                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R22, &BbpData);
+                               BbpData &= ~(1 << 7); //set bit7=0
+                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+                       }
+
+                       // Abort Tx, Rx DMA.
+                       RtmpDmaEnable(pAd, 0);
+
+                       for (i=0; i<TX_RING_SIZE; i++)
+                       {
+                               PNDIS_PACKET  pPacket;
+
+#ifndef RT_BIG_ENDIAN
+                           pTxD = (PTXD_STRUC)pAd->TxRing[QID_AC_BE].Cell[i].AllocVa;
+#else
+                       pDestTxD = (PTXD_STRUC)pAd->TxRing[QID_AC_BE].Cell[i].AllocVa;
+                       TxD = *pDestTxD;
+                       pTxD = &TxD;
+                       RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+#endif
+                               pTxD->DMADONE = 0;
+                               pPacket = pTxRing->Cell[i].pNdisPacket;
+
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr0, pTxD->SDLen0, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                               }
+
+                               // Always assign pNdisPacket as NULL after clear
+                               pTxRing->Cell[i].pNdisPacket = NULL;
+
+                               pPacket = pTxRing->Cell[i].pNextNdisPacket;
+
+                               if (pPacket)
+                               {
+                                       PCI_UNMAP_SINGLE(pAd, pTxD->SDPtr1, pTxD->SDLen1, PCI_DMA_TODEVICE);
+                                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_SUCCESS);
+                               }
+
+                               // Always assign pNextNdisPacket as NULL after clear
+                               pTxRing->Cell[i].pNextNdisPacket = NULL;
+#ifdef RT_BIG_ENDIAN
+                               RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+                               WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif
+                       }
+                       // Enable Tx, Rx DMA
+                       RtmpDmaEnable(pAd, 1);
+
+               }
+
+               // TxStatus : 0 --> task is idle, 1 --> task is running
+               pAd->ate.TxStatus = 0;
+
+               // Soft reset BBP.
+               BbpSoftReset(pAd);
+
+               // Disable Tx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+       }
+       else if (!strcmp(arg, "RXSTOP"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: RXSTOP\n"));
+               atemode = pAd->ate.Mode;
+               pAd->ate.Mode &= ATE_RXSTOP;
+               pAd->ate.bQARxStart = FALSE;
+//             pAd->ate.TxDoneCount = pAd->ate.TxCount;
+
+               if (atemode == ATE_TXCARR)
+               {
+                       ;
+               }
+               else if (atemode == ATE_TXCARRSUPP)
+               {
+                       ;
+               }
+
+               /*
+                       We should free some resource which was allocated
+                       when ATE_TXFRAME, ATE_STOP, and ATE_TXCONT.
+               */
+               else if ((atemode & ATE_TXFRAME) || (atemode == ATE_STOP))
+               {
+                       if (atemode == ATE_TXCONT)
+                       {
+                               ;
+                       }
+               }
+
+               // Soft reset BBP.
+               BbpSoftReset(pAd);
+
+               // Disable Rx
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+       }
+#endif // RALINK_28xx_QA //
+       else if (!strcmp(arg, "RXFRAME"))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: RXFRAME\n"));
+
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R22, BbpData);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, MacData);
+
+               pAd->ate.Mode |= ATE_RXFRAME;
+
+               // Disable Tx of MAC block.
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value &= ~(1 << 2);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+
+               // Enable Rx of MAC block.
+               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+               Value |= (1 << 3);
+               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+       }
+       else
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATE: Invalid arg!\n"));
+               return FALSE;
+       }
+       RTMPusecDelay(5000);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("<=== ATECmdHandler()\n"));
+
+       return TRUE;
+}
+/*=======================End of RTMP_MAC_PCI =======================*/
+#endif // RTMP_MAC_PCI //
+
+
+
+
+INT    Set_ATE_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       if (ATECmdHandler(pAd, arg))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_Proc Success\n"));
+
+
+               return TRUE;
+       }
+       else
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_Proc Failed\n"));
+               return FALSE;
+       }
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE ADDR1=DA for TxFrame(AP  : To DS = 0 ; From DS = 1)
+        or
+        Set ATE ADDR3=DA for TxFrame(STA : To DS = 1 ; From DS = 0)
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_DA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       PSTRING                         value;
+       INT                                     i;
+
+       // Mac address acceptable format 01:02:03:04:05:06 length 17
+       if (strlen(arg) != 17)
+               return FALSE;
+
+    for (i = 0, value = rstrtok(arg, ":"); value; value = rstrtok(NULL, ":"))
+       {
+               /* sanity check */
+               if ((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))))
+               {
+                       return FALSE;
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               AtoH(value, &pAd->ate.Addr3[i++], 1);
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       /* sanity check */
+       if (i != 6)
+       {
+               return FALSE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_DA_Proc (DA = %2X:%2X:%2X:%2X:%2X:%2X)\n", pAd->ate.Addr3[0],
+               pAd->ate.Addr3[1], pAd->ate.Addr3[2], pAd->ate.Addr3[3], pAd->ate.Addr3[4], pAd->ate.Addr3[5]));
+#endif // CONFIG_STA_SUPPORT //
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_DA_Proc Success\n"));
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE ADDR3=SA for TxFrame(AP  : To DS = 0 ; From DS = 1)
+        or
+        Set ATE ADDR2=SA for TxFrame(STA : To DS = 1 ; From DS = 0)
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_SA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       PSTRING                         value;
+       INT                                     i;
+
+       // Mac address acceptable format 01:02:03:04:05:06 length 17
+       if (strlen(arg) != 17)
+               return FALSE;
+
+    for (i=0, value = rstrtok(arg, ":"); value; value = rstrtok(NULL, ":"))
+       {
+               /* sanity check */
+               if ((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))))
+               {
+                       return FALSE;
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               AtoH(value, &pAd->ate.Addr2[i++], 1);
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       /* sanity check */
+       if (i != 6)
+       {
+               return FALSE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_SA_Proc (SA = %2X:%2X:%2X:%2X:%2X:%2X)\n", pAd->ate.Addr2[0],
+               pAd->ate.Addr2[1], pAd->ate.Addr2[2], pAd->ate.Addr2[3], pAd->ate.Addr2[4], pAd->ate.Addr2[5]));
+#endif // CONFIG_STA_SUPPORT //
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_SA_Proc Success\n"));
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE ADDR2=BSSID for TxFrame(AP  : To DS = 0 ; From DS = 1)
+        or
+        Set ATE ADDR1=BSSID for TxFrame(STA : To DS = 1 ; From DS = 0)
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_BSSID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       PSTRING                         value;
+       INT                                     i;
+
+       // Mac address acceptable format 01:02:03:04:05:06 length 17
+       if (strlen(arg) != 17)
+               return FALSE;
+
+    for (i=0, value = rstrtok(arg, ":"); value; value = rstrtok(NULL, ":"))
+       {
+               /* sanity check */
+               if ((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))))
+               {
+                       return FALSE;
+               }
+
+#ifdef CONFIG_STA_SUPPORT
+               AtoH(value, &pAd->ate.Addr1[i++], 1);
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+       /* sanity check */
+       if(i != 6)
+       {
+               return FALSE;
+       }
+
+#ifdef CONFIG_STA_SUPPORT
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_BSSID_Proc (BSSID = %2X:%2X:%2X:%2X:%2X:%2X)\n",  pAd->ate.Addr1[0],
+               pAd->ate.Addr1[1], pAd->ate.Addr1[2], pAd->ate.Addr1[3], pAd->ate.Addr1[4], pAd->ate.Addr1[5]));
+#endif // CONFIG_STA_SUPPORT //
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_BSSID_Proc Success\n"));
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx Channel
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_CHANNEL_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR channel;
+
+       channel = simple_strtol(arg, 0, 10);
+
+       // to allow A band channel : ((channel < 1) || (channel > 14))
+       if ((channel < 1) || (channel > 216))
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_CHANNEL_Proc::Out of range, it should be in range of 1~14.\n"));
+               return FALSE;
+       }
+       pAd->ate.Channel = channel;
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_CHANNEL_Proc (ATE Channel = %d)\n", pAd->ate.Channel));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_CHANNEL_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx Power0
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_POWER0_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       CHAR TxPower;
+
+       TxPower = simple_strtol(arg, 0, 10);
+
+       if (pAd->ate.Channel <= 14)
+       {
+               if ((TxPower > 31) || (TxPower < 0))
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_POWER0_Proc::Out of range (Value=%d)\n", TxPower));
+                       return FALSE;
+               }
+       }
+       else/* 5.5 GHz */
+       {
+               if ((TxPower > 15) || (TxPower < -7))
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_POWER0_Proc::Out of range (Value=%d)\n", TxPower));
+                       return FALSE;
+               }
+       }
+
+       pAd->ate.TxPower0 = TxPower;
+       ATETxPwrHandler(pAd, 0);
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_POWER0_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx Power1
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_POWER1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       CHAR TxPower;
+
+       TxPower = simple_strtol(arg, 0, 10);
+
+       if (pAd->ate.Channel <= 14)
+       {
+               if ((TxPower > 31) || (TxPower < 0))
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_POWER1_Proc::Out of range (Value=%d)\n", TxPower));
+                       return FALSE;
+               }
+       }
+       else
+       {
+               if ((TxPower > 15) || (TxPower < -7))
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_POWER1_Proc::Out of range (Value=%d)\n", TxPower));
+                       return FALSE;
+               }
+       }
+
+       pAd->ate.TxPower1 = TxPower;
+       ATETxPwrHandler(pAd, 1);
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_POWER1_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx Antenna
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       CHAR value;
+
+       value = simple_strtol(arg, 0, 10);
+
+       if ((value > 2) || (value < 0))
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_Antenna_Proc::Out of range (Value=%d)\n", value));
+               return FALSE;
+       }
+
+       pAd->ate.TxAntennaSel = value;
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_Antenna_Proc (Antenna = %d)\n", pAd->ate.TxAntennaSel));
+       ATEDBGPRINT(RT_DEBUG_TRACE,("Ralink: Set_ATE_TX_Antenna_Proc Success\n"));
+
+       // calibration power unbalance issues, merged from Arch Team
+       ATEAsicSwitchChannel(pAd);
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Rx Antenna
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_RX_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       CHAR value;
+
+       value = simple_strtol(arg, 0, 10);
+
+       if ((value > 3) || (value < 0))
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_RX_Antenna_Proc::Out of range (Value=%d)\n", value));
+               return FALSE;
+       }
+
+       pAd->ate.RxAntennaSel = value;
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_RX_Antenna_Proc (Antenna = %d)\n", pAd->ate.RxAntennaSel));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_RX_Antenna_Proc Success\n"));
+
+       // calibration power unbalance issues, merged from Arch Team
+       ATEAsicSwitchChannel(pAd);
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE RF frequence offset
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_FREQOFFSET_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR RFFreqOffset = 0;
+       ULONG R4 = 0;
+
+       RFFreqOffset = simple_strtol(arg, 0, 10);
+#ifndef RTMP_RF_RW_SUPPORT
+       if (RFFreqOffset >= 64)
+#endif // RTMP_RF_RW_SUPPORT //
+       /* RT35xx ATE will reuse this code segment. */
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/08/06: KH modified the limit of offset value from 65 to 95(0x5F)
+       if (RFFreqOffset >= 95)
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_FREQOFFSET_Proc::Out of range, it should be in range of 0~63.\n"));
+               return FALSE;
+       }
+
+       pAd->ate.RFFreqOffset = RFFreqOffset;
+#ifdef RTMP_RF_RW_SUPPORT
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               // Set RF offset
+               UCHAR RFValue;
+               ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R23, (PUCHAR)&RFValue);
+//2008/08/06: KH modified "pAd->RFFreqOffset" to "pAd->ate.RFFreqOffset"
+               RFValue = ((RFValue & 0x80) | pAd->ate.RFFreqOffset);
+               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R23, (UCHAR)RFValue);
+       }
+       else
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               // RT28xx
+               // shift TX power control to correct RF register bit position
+               R4 = pAd->ate.RFFreqOffset << 15;
+               R4 |= (pAd->LatchRfRegs.R4 & ((~0x001f8000)));
+               pAd->LatchRfRegs.R4 = R4;
+
+               RtmpRfIoWrite(pAd);
+       }
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_FREQOFFSET_Proc (RFFreqOffset = %d)\n", pAd->ate.RFFreqOffset));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_FREQOFFSET_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE RF BW
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_BW_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       INT i;
+       UCHAR value = 0;
+       UCHAR BBPCurrentBW;
+
+       BBPCurrentBW = simple_strtol(arg, 0, 10);
+
+       if ((BBPCurrentBW == 0)
+#ifdef RT30xx
+               || IS_RT2070(pAd)
+#endif // RT30xx //
+               )
+       {
+               pAd->ate.TxWI.BW = BW_20;
+       }
+       else
+       {
+               pAd->ate.TxWI.BW = BW_40;
+       }
+
+       /* RT35xx ATE will reuse this code segment. */
+       // Fix the error spectrum of CCK-40MHZ
+       // Turn on BBP 20MHz mode by request here.
+       if ((pAd->ate.TxWI.PHYMODE == MODE_CCK) && (pAd->ate.TxWI.BW == BW_40))
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_BW_Proc!! Warning!! CCK only supports 20MHZ!!\nBandwidth switch to 20\n"));
+               pAd->ate.TxWI.BW = BW_20;
+       }
+
+       if (pAd->ate.TxWI.BW == BW_20)
+       {
+               if (pAd->ate.Channel <= 14)
+               {
+                       for (i=0; i<5; i++)
+                       {
+                               if (pAd->Tx20MPwrCfgGBand[i] != 0xffffffff)
+                               {
+                                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, pAd->Tx20MPwrCfgGBand[i]);
+                                       RTMPusecDelay(5000);
+                               }
+                       }
+               }
+               else
+               {
+                       for (i=0; i<5; i++)
+                       {
+                               if (pAd->Tx20MPwrCfgABand[i] != 0xffffffff)
+                               {
+                                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, pAd->Tx20MPwrCfgABand[i]);
+                                       RTMPusecDelay(5000);
+                               }
+                       }
+               }
+
+               // Set BBP R4 bit[4:3]=0:0
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &value);
+               value &= (~0x18);
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, value);
+
+
+               // Set BBP R66=0x3C
+               value = 0x3C;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, value);
+
+               // Set BBP R68=0x0B
+               // to improve Rx sensitivity.
+               value = 0x0B;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R68, value);
+               // Set BBP R69=0x16
+               value = 0x16;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, value);
+               // Set BBP R70=0x08
+               value = 0x08;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, value);
+               // Set BBP R73=0x11
+               value = 0x11;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, value);
+
+           /*
+                       If Channel=14, Bandwidth=20M and Mode=CCK, Set BBP R4 bit5=1
+                       (to set Japan filter coefficients).
+                       This segment of code will only works when ATETXMODE and ATECHANNEL
+                       were set to MODE_CCK and 14 respectively before ATETXBW is set to 0.
+           */
+               if (pAd->ate.Channel == 14)
+               {
+                       INT TxMode = pAd->ate.TxWI.PHYMODE;
+
+                       if (TxMode == MODE_CCK)
+                       {
+                               // when Channel==14 && Mode==CCK && BandWidth==20M, BBP R4 bit5=1
+                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &value);
+                               value |= 0x20; //set bit5=1
+                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, value);
+                       }
+               }
+
+#ifdef RT30xx
+               // set BW = 20 MHz
+               if (IS_RT30xx(pAd))
+                       ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R24, (UCHAR) pAd->Mlme.CaliBW20RfR24);
+               else
+#endif // RT30xx //
+               // set BW = 20 MHz
+               {
+                       pAd->LatchRfRegs.R4 &= ~0x00200000;
+                       RtmpRfIoWrite(pAd);
+               }
+
+       }
+       // If bandwidth = 40M, set RF Reg4 bit 21 = 0.
+       else if (pAd->ate.TxWI.BW == BW_40)
+       {
+               if (pAd->ate.Channel <= 14)
+               {
+                       for (i=0; i<5; i++)
+                       {
+                               if (pAd->Tx40MPwrCfgGBand[i] != 0xffffffff)
+                               {
+                                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, pAd->Tx40MPwrCfgGBand[i]);
+                                       RTMPusecDelay(5000);
+                               }
+                       }
+               }
+               else
+               {
+                       for (i=0; i<5; i++)
+                       {
+                               if (pAd->Tx40MPwrCfgABand[i] != 0xffffffff)
+                               {
+                                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, pAd->Tx40MPwrCfgABand[i]);
+                                       RTMPusecDelay(5000);
+                               }
+                       }
+#ifdef DOT11_N_SUPPORT
+                       if ((pAd->ate.TxWI.PHYMODE >= MODE_HTMIX) && (pAd->ate.TxWI.MCS == 7))
+                       {
+                       value = 0x28;
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R67, value);
+                       }
+#endif // DOT11_N_SUPPORT //
+               }
+
+               // Set BBP R4 bit[4:3]=1:0
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &value);
+               value &= (~0x18);
+               value |= 0x10;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, value);
+
+
+               // Set BBP R66=0x3C
+               value = 0x3C;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, value);
+
+               // Set BBP R68=0x0C
+               // to improve Rx sensitivity
+               value = 0x0C;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R68, value);
+               // Set BBP R69=0x1A
+               value = 0x1A;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, value);
+               // Set BBP R70=0x0A
+               value = 0x0A;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, value);
+               // Set BBP R73=0x16
+               value = 0x16;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, value);
+
+               // If bandwidth = 40M, set RF Reg4 bit 21 = 1.
+#ifdef RT30xx
+               // set BW = 40 MHz
+               if(IS_RT30xx(pAd))
+                       ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R24, (UCHAR) pAd->Mlme.CaliBW40RfR24);
+               else
+#endif // RT30xx //
+               // set BW = 40 MHz
+               {
+               pAd->LatchRfRegs.R4 |= 0x00200000;
+               RtmpRfIoWrite(pAd);
+               }
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_BW_Proc (BBPCurrentBW = %d)\n", pAd->ate.TxWI.BW));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_BW_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx frame length
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_LENGTH_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       pAd->ate.TxLength = simple_strtol(arg, 0, 10);
+
+       if ((pAd->ate.TxLength < 24) || (pAd->ate.TxLength > (MAX_FRAME_SIZE - 34/* == 2312 */)))
+       {
+               pAd->ate.TxLength = (MAX_FRAME_SIZE - 34/* == 2312 */);
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_LENGTH_Proc::Out of range, it should be in range of 24~%d.\n", (MAX_FRAME_SIZE - 34/* == 2312 */)));
+               return FALSE;
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_LENGTH_Proc (TxLength = %d)\n", pAd->ate.TxLength));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_LENGTH_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx frame count
+
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_COUNT_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       pAd->ate.TxCount = simple_strtol(arg, 0, 10);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_COUNT_Proc (TxCount = %d)\n", pAd->ate.TxCount));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_COUNT_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx frame MCS
+
+        Return:
+               TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_MCS_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR MCS;
+       INT result;
+
+       MCS = simple_strtol(arg, 0, 10);
+#ifndef RT30xx
+       result = CheckMCSValid(pAd->ate.TxWI.PHYMODE, MCS);
+#endif // RT30xx //
+
+       /* RT35xx ATE will reuse this code segment. */
+#ifdef RT30xx
+       result = CheckMCSValid(pAd->ate.TxWI.PHYMODE, MCS, IS_RT2070(pAd));
+#endif // RT30xx //
+
+
+       if (result != -1)
+       {
+               pAd->ate.TxWI.MCS = (UCHAR)MCS;
+       }
+       else
+       {
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_MCS_Proc::Out of range, refer to rate table.\n"));
+               return FALSE;
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_MCS_Proc (MCS = %d)\n", pAd->ate.TxWI.MCS));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_MCS_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx frame Mode
+        0: MODE_CCK
+        1: MODE_OFDM
+        2: MODE_HTMIX
+        3: MODE_HTGREENFIELD
+
+        Return:
+               TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_MODE_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR BbpData = 0;
+
+       pAd->ate.TxWI.PHYMODE = simple_strtol(arg, 0, 10);
+
+       if (pAd->ate.TxWI.PHYMODE > 3)
+       {
+               pAd->ate.TxWI.PHYMODE = 0;
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_MODE_Proc::Out of range.\nIt should be in range of 0~3\n"));
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("0: CCK, 1: OFDM, 2: HT_MIX, 3: HT_GREEN_FIELD.\n"));
+               return FALSE;
+       }
+
+       // Turn on BBP 20MHz mode by request here.
+       if (pAd->ate.TxWI.PHYMODE == MODE_CCK)
+       {
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BbpData);
+               BbpData &= (~0x18);
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BbpData);
+               pAd->ate.TxWI.BW = BW_20;
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_MODE_Proc::CCK Only support 20MHZ. Switch to 20MHZ.\n"));
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_MODE_Proc (TxMode = %d)\n", pAd->ate.TxWI.PHYMODE));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_MODE_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Set ATE Tx frame GI
+
+        Return:
+               TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+INT    Set_ATE_TX_GI_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       pAd->ate.TxWI.ShortGI = simple_strtol(arg, 0, 10);
+
+       if (pAd->ate.TxWI.ShortGI > 1)
+       {
+               pAd->ate.TxWI.ShortGI = 0;
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("Set_ATE_TX_GI_Proc::Out of range\n"));
+               return FALSE;
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_GI_Proc (GI = %d)\n", pAd->ate.TxWI.ShortGI));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_GI_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+INT    Set_ATE_RX_FER_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       pAd->ate.bRxFER = simple_strtol(arg, 0, 10);
+
+       if (pAd->ate.bRxFER == 1)
+       {
+               pAd->ate.RxCntPerSec = 0;
+               pAd->ate.RxTotalCnt = 0;
+       }
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_RX_FER_Proc (bRxFER = %d)\n", pAd->ate.bRxFER));
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_RX_FER_Proc Success\n"));
+
+
+       return TRUE;
+}
+
+
+INT Set_ATE_Read_RF_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/07/10:KH add to support RT30xx ATE<--
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               /* modify by WY for Read RF Reg. error */
+               UCHAR RFValue;
+               INT index=0;
+
+               for (index = 0; index < 32; index++)
+               {
+                       ATE_RF_IO_READ8_BY_REG_ID(pAd, index, (PUCHAR)&RFValue);
+                       ate_print("R%d=%d\n",index,RFValue);
+               }
+       }
+       else
+//2008/07/10:KH add to support RT30xx ATE-->
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               ate_print(KERN_EMERG "R1 = %lx\n", pAd->LatchRfRegs.R1);
+               ate_print(KERN_EMERG "R2 = %lx\n", pAd->LatchRfRegs.R2);
+               ate_print(KERN_EMERG "R3 = %lx\n", pAd->LatchRfRegs.R3);
+               ate_print(KERN_EMERG "R4 = %lx\n", pAd->LatchRfRegs.R4);
+       }
+       return TRUE;
+}
+
+
+INT Set_ATE_Write_RF1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT32 value = (UINT32) simple_strtol(arg, 0, 16);
+
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/07/10:KH add to support 3070 ATE<--
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               ate_print("Warning!! RT3xxx Don't Support !\n");
+               return FALSE;
+
+       }
+       else
+//2008/07/10:KH add to support 3070 ATE-->
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               pAd->LatchRfRegs.R1 = value;
+               RtmpRfIoWrite(pAd);
+       }
+       return TRUE;
+}
+
+
+INT Set_ATE_Write_RF2_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT32 value = (UINT32) simple_strtol(arg, 0, 16);
+
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/07/10:KH add to support 3070 ATE<--
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               ate_print("Warning!! RT3xxx Don't Support !\n");
+               return FALSE;
+
+       }
+       else
+//2008/07/10:KH add to support 3070 ATE-->
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               pAd->LatchRfRegs.R2 = value;
+               RtmpRfIoWrite(pAd);
+       }
+       return TRUE;
+}
+
+
+INT Set_ATE_Write_RF3_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT32 value = simple_strtol(arg, 0, 16);
+
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/07/10:KH add to support 3070 ATE<--
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               ate_print("Warning!! RT3xxx Don't Support !\n");
+               return FALSE;
+
+       }
+       else
+//2008/07/10:KH add to support 3070 ATE-->
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               pAd->LatchRfRegs.R3 = value;
+               RtmpRfIoWrite(pAd);
+       }
+       return TRUE;
+}
+
+
+INT Set_ATE_Write_RF4_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UINT32 value = (UINT32) simple_strtol(arg, 0, 16);
+
+#ifdef RTMP_RF_RW_SUPPORT
+//2008/07/10:KH add to support 3070 ATE<--
+       if (IS_RT30xx(pAd) || IS_RT3572(pAd))
+       {
+               ate_print("Warning!! RT3xxx Don't Support !\n");
+               return FALSE;
+
+       }
+       else
+//2008/07/10:KH add to support 3070 ATE-->
+#endif // RTMP_RF_RW_SUPPORT //
+       {
+               pAd->LatchRfRegs.R4 = value;
+               RtmpRfIoWrite(pAd);
+       }
+       return TRUE;
+}
+
+
+/*
+==========================================================================
+    Description:
+        Load and Write EEPROM from a binary file prepared in advance.
+
+        Return:
+               TRUE if all parameters are OK, FALSE otherwise
+==========================================================================
+*/
+#if defined(LINUX) || defined(VXWORKS)
+INT Set_ATE_Load_E2P_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       BOOLEAN                 ret = FALSE;
+       PSTRING                 src = EEPROM_BIN_FILE_NAME;
+       RTMP_OS_FD              srcf;
+       INT32                   retval;
+       USHORT                  WriteEEPROM[(EEPROM_SIZE/2)];
+       INT                             FileLength = 0;
+       UINT32                  value = (UINT32) simple_strtol(arg, 0, 10);
+       RTMP_OS_FS_INFO osFSInfo;
+
+       ATEDBGPRINT(RT_DEBUG_ERROR, ("===> %s (value=%d)\n\n", __FUNCTION__, value));
+
+       if (value > 0)
+       {
+               /* zero the e2p buffer */
+               NdisZeroMemory((PUCHAR)WriteEEPROM, EEPROM_SIZE);
+
+               RtmpOSFSInfoChange(&osFSInfo, TRUE);
+
+               do
+               {
+                       /* open the bin file */
+                       srcf = RtmpOSFileOpen(src, O_RDONLY, 0);
+
+                       if (IS_FILE_OPEN_ERR(srcf))
+                       {
+                               ate_print("%s - Error opening file %s\n", __FUNCTION__, src);
+                               break;
+                       }
+
+                       /* read the firmware from the file *.bin */
+                       FileLength = RtmpOSFileRead(srcf, (PSTRING)WriteEEPROM, EEPROM_SIZE);
+
+                       if (FileLength != EEPROM_SIZE)
+                       {
+                               ate_print("%s: error file length (=%d) in e2p.bin\n",
+                                          __FUNCTION__, FileLength);
+                               break;
+                       }
+                       else
+                       {
+                               /* write the content of .bin file to EEPROM */
+                               rt_ee_write_all(pAd, WriteEEPROM);
+                               ret = TRUE;
+                       }
+                       break;
+               } while(TRUE);
+
+               /* close firmware file */
+               if (IS_FILE_OPEN_ERR(srcf))
+               {
+                               ;
+               }
+               else
+               {
+                       retval = RtmpOSFileClose(srcf);
+
+                       if (retval)
+                       {
+                               ATEDBGPRINT(RT_DEBUG_ERROR, ("--> Error %d closing %s\n", -retval, src));
+
+                       }
+               }
+
+               /* restore */
+               RtmpOSFSInfoChange(&osFSInfo, FALSE);
+       }
+
+    ATEDBGPRINT(RT_DEBUG_ERROR, ("<=== %s (ret=%d)\n", __FUNCTION__, ret));
+
+    return ret;
+
+}
+#endif // defined(LINUX) || defined(VXWORKS) //
+
+
+
+
+INT Set_ATE_Read_E2P_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       USHORT buffer[EEPROM_SIZE/2];
+       USHORT *p;
+       int i;
+
+       rt_ee_read_all(pAd, (USHORT *)buffer);
+       p = buffer;
+       for (i = 0; i < (EEPROM_SIZE/2); i++)
+       {
+               ate_print("%4.4x ", *p);
+               if (((i+1) % 16) == 0)
+                       ate_print("\n");
+               p++;
+       }
+       return TRUE;
+}
+
+
+
+
+INT    Set_ATE_Show_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ate_print("Mode=%d\n", pAd->ate.Mode);
+       ate_print("TxPower0=%d\n", pAd->ate.TxPower0);
+       ate_print("TxPower1=%d\n", pAd->ate.TxPower1);
+       ate_print("TxAntennaSel=%d\n", pAd->ate.TxAntennaSel);
+       ate_print("RxAntennaSel=%d\n", pAd->ate.RxAntennaSel);
+       ate_print("BBPCurrentBW=%d\n", pAd->ate.TxWI.BW);
+       ate_print("GI=%d\n", pAd->ate.TxWI.ShortGI);
+       ate_print("MCS=%d\n", pAd->ate.TxWI.MCS);
+       ate_print("TxMode=%d\n", pAd->ate.TxWI.PHYMODE);
+       ate_print("Addr1=%02x:%02x:%02x:%02x:%02x:%02x\n",
+               pAd->ate.Addr1[0], pAd->ate.Addr1[1], pAd->ate.Addr1[2], pAd->ate.Addr1[3], pAd->ate.Addr1[4], pAd->ate.Addr1[5]);
+       ate_print("Addr2=%02x:%02x:%02x:%02x:%02x:%02x\n",
+               pAd->ate.Addr2[0], pAd->ate.Addr2[1], pAd->ate.Addr2[2], pAd->ate.Addr2[3], pAd->ate.Addr2[4], pAd->ate.Addr2[5]);
+       ate_print("Addr3=%02x:%02x:%02x:%02x:%02x:%02x\n",
+               pAd->ate.Addr3[0], pAd->ate.Addr3[1], pAd->ate.Addr3[2], pAd->ate.Addr3[3], pAd->ate.Addr3[4], pAd->ate.Addr3[5]);
+       ate_print("Channel=%d\n", pAd->ate.Channel);
+       ate_print("TxLength=%d\n", pAd->ate.TxLength);
+       ate_print("TxCount=%u\n", pAd->ate.TxCount);
+       ate_print("RFFreqOffset=%d\n", pAd->ate.RFFreqOffset);
+       ate_print(KERN_EMERG "Set_ATE_Show_Proc Success\n");
+       return TRUE;
+}
+
+
+INT    Set_ATE_Help_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ate_print("ATE=ATESTART, ATESTOP, TXCONT, TXCARR, TXFRAME, RXFRAME\n");
+       ate_print("ATEDA\n");
+       ate_print("ATESA\n");
+       ate_print("ATEBSSID\n");
+       ate_print("ATECHANNEL, range:0~14(unless A band !)\n");
+       ate_print("ATETXPOW0, set power level of antenna 1.\n");
+       ate_print("ATETXPOW1, set power level of antenna 2.\n");
+       ate_print("ATETXANT, set TX antenna. 0:all, 1:antenna one, 2:antenna two.\n");
+       ate_print("ATERXANT, set RX antenna.0:all, 1:antenna one, 2:antenna two, 3:antenna three.\n");
+       ate_print("ATETXFREQOFFSET, set frequency offset, range 0~63\n");
+       ate_print("ATETXBW, set BandWidth, 0:20MHz, 1:40MHz.\n");
+       ate_print("ATETXLEN, set Frame length, range 24~%d\n", (MAX_FRAME_SIZE - 34/* == 2312 */));
+       ate_print("ATETXCNT, set how many frame going to transmit.\n");
+       ate_print("ATETXMCS, set MCS, reference to rate table.\n");
+       ate_print("ATETXMODE, set Mode 0:CCK, 1:OFDM, 2:HT-Mix, 3:GreenField, reference to rate table.\n");
+       ate_print("ATETXGI, set GI interval, 0:Long, 1:Short\n");
+       ate_print("ATERXFER, 0:disable Rx Frame error rate. 1:enable Rx Frame error rate.\n");
+       ate_print("ATERRF, show all RF registers.\n");
+       ate_print("ATEWRF1, set RF1 register.\n");
+       ate_print("ATEWRF2, set RF2 register.\n");
+       ate_print("ATEWRF3, set RF3 register.\n");
+       ate_print("ATEWRF4, set RF4 register.\n");
+       ate_print("ATELDE2P, load EEPROM from .bin file.\n");
+       ate_print("ATERE2P, display all EEPROM content.\n");
+       ate_print("ATESHOW, display all parameters of ATE.\n");
+       ate_print("ATEHELP, online help.\n");
+
+       return TRUE;
+}
+
+
+
+
+/*
+==========================================================================
+    Description:
+
+       AsicSwitchChannel() dedicated for ATE.
+
+==========================================================================
+*/
+VOID ATEAsicSwitchChannel(
+    IN PRTMP_ADAPTER pAd)
+{
+       UINT32 R2 = 0, R3 = DEFAULT_RF_TX_POWER, R4 = 0, Value = 0;
+       CHAR TxPwer = 0, TxPwer2 = 0;
+       UCHAR index = 0, BbpValue = 0, R66 = 0x30;
+       RTMP_RF_REGS *RFRegTable;
+       UCHAR Channel = 0;
+
+       RFRegTable = NULL;
+
+#ifdef RALINK_28xx_QA
+       // for QA mode, TX power values are passed from UI
+       if ((pAd->ate.bQATxStart == TRUE) || (pAd->ate.bQARxStart == TRUE))
+       {
+               if (pAd->ate.Channel != pAd->LatchRfRegs.Channel)
+               {
+                       pAd->ate.Channel = pAd->LatchRfRegs.Channel;
+               }
+               return;
+       }
+       else
+#endif // RALINK_28xx_QA //
+       Channel = pAd->ate.Channel;
+
+       // select antenna for RT3090
+       AsicAntennaSelect(pAd, Channel);
+
+       // fill Tx power value
+       TxPwer = pAd->ate.TxPower0;
+       TxPwer2 = pAd->ate.TxPower1;
+#ifdef RT30xx
+//2008/07/10:KH add to support 3070 ATE<--
+
+       /*
+               The RF programming sequence is difference between 3xxx and 2xxx.
+               The 3070 is 1T1R. Therefore, we don't need to set the number of Tx/Rx path
+               and the only job is to set the parameters of channels.
+       */
+       if (IS_RT30xx(pAd) && ((pAd->RfIcType == RFIC_3020) ||
+                       (pAd->RfIcType == RFIC_3021) || (pAd->RfIcType == RFIC_3022) ||
+                       (pAd->RfIcType == RFIC_2020)))
+       {
+               /* modify by WY for Read RF Reg. error */
+               UCHAR RFValue = 0;
+
+               for (index = 0; index < NUM_OF_3020_CHNL; index++)
+               {
+                       if (Channel == FreqItems3020[index].Channel)
+                       {
+                               // Programming channel parameters.
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R02, FreqItems3020[index].N);
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R03, FreqItems3020[index].K);
+
+                               ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R06, (PUCHAR)&RFValue);
+                               RFValue = (RFValue & 0xFC) | FreqItems3020[index].R;
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R06, (UCHAR)RFValue);
+
+                               // Set Tx Power.
+                               ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R12, (PUCHAR)&RFValue);
+                               RFValue = (RFValue & 0xE0) | TxPwer;
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R12, (UCHAR)RFValue);
+
+                               // Set RF offset.
+                               ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R23, (PUCHAR)&RFValue);
+                               //2008/08/06: KH modified "pAd->RFFreqOffset" to "pAd->ate.RFFreqOffset"
+                               RFValue = (RFValue & 0x80) | pAd->ate.RFFreqOffset;
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R23, (UCHAR)RFValue);
+
+                               // Set BW.
+                               if (pAd->ate.TxWI.BW == BW_40)
+                               {
+                                       RFValue = pAd->Mlme.CaliBW40RfR24;
+//                                     DISABLE_11N_CHECK(pAd);
+                               }
+                               else
+                               {
+                                       RFValue = pAd->Mlme.CaliBW20RfR24;
+                               }
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R24, (UCHAR)RFValue);
+
+                               // Enable RF tuning
+                               ATE_RF_IO_READ8_BY_REG_ID(pAd, RF_R07, (PUCHAR)&RFValue);
+                               RFValue = RFValue | 0x1;
+                               ATE_RF_IO_WRITE8_BY_REG_ID(pAd, RF_R07, (UCHAR)RFValue);
+
+                               // latch channel for future usage
+                               pAd->LatchRfRegs.Channel = Channel;
+
+                               break;
+                       }
+               }
+
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("SwitchChannel#%d(RF=%d, Pwr0=%d, Pwr1=%d, %dT), N=0x%02X, K=0x%02X, R=0x%02X\n",
+                       Channel,
+                       pAd->RfIcType,
+                       TxPwer,
+                       TxPwer2,
+                       pAd->Antenna.field.TxPath,
+                       FreqItems3020[index].N,
+                       FreqItems3020[index].K,
+                       FreqItems3020[index].R));
+       }
+       else
+//2008/07/10:KH add to support 3070 ATE-->
+#endif // RT30xx //
+       {
+               /* RT28xx */
+               RFRegTable = RF2850RegTable;
+
+               switch (pAd->RfIcType)
+               {
+                       /* But only 2850 and 2750 support 5.5GHz band... */
+                       case RFIC_2820:
+                       case RFIC_2850:
+                       case RFIC_2720:
+                       case RFIC_2750:
+
+                               for (index = 0; index < NUM_OF_2850_CHNL; index++)
+                               {
+                                       if (Channel == RFRegTable[index].Channel)
+                                       {
+                                               R2 = RFRegTable[index].R2;
+
+                                               // If TX path is 1, bit 14 = 1;
+                                               if (pAd->Antenna.field.TxPath == 1)
+                                               {
+                                                       R2 |= 0x4000;
+                                               }
+
+                                               if (pAd->Antenna.field.RxPath == 2)
+                                               {
+                                                       switch (pAd->ate.RxAntennaSel)
+                                                       {
+                                                               case 1:
+                                                                       R2 |= 0x20040;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x00;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                               case 2:
+                                                                       R2 |= 0x10040;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x01;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                               default:
+                                                                       R2 |= 0x40;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       /* Only enable two Antenna to receive. */
+                                                                       BbpValue |= 0x08;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                       }
+                                               }
+                                               else if (pAd->Antenna.field.RxPath == 1)
+                                               {
+                                                       // write 1 to off RxPath
+                                                       R2 |= 0x20040;
+                                               }
+
+                                               if (pAd->Antenna.field.TxPath == 2)
+                                               {
+                                                       if (pAd->ate.TxAntennaSel == 1)
+                                                       {
+                                                               // If TX Antenna select is 1 , bit 14 = 1; Disable Ant 2
+                                                               R2 |= 0x4000;
+                                                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &BbpValue);
+                                                               BbpValue &= 0xE7;               // 11100111B
+                                                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, BbpValue);
+                                                       }
+                                                       else if (pAd->ate.TxAntennaSel == 2)
+                                                       {
+                                                               // If TX Antenna select is 2 , bit 15 = 1; Disable Ant 1
+                                                               R2 |= 0x8000;
+                                                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &BbpValue);
+                                                               BbpValue &= 0xE7;
+                                                               BbpValue |= 0x08;
+                                                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, BbpValue);
+                                                       }
+                                                       else
+                                                       {
+                                                               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &BbpValue);
+                                                               BbpValue &= 0xE7;
+                                                               BbpValue |= 0x10;
+                                                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, BbpValue);
+                                                       }
+                                               }
+                                               if (pAd->Antenna.field.RxPath == 3)
+                                               {
+                                                       switch (pAd->ate.RxAntennaSel)
+                                                       {
+                                                               case 1:
+                                                                       R2 |= 0x20040;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x00;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                               case 2:
+                                                                       R2 |= 0x10040;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x01;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                               case 3:
+                                                                       R2 |= 0x30000;
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x02;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                               default:
+                                                                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &BbpValue);
+                                                                       BbpValue &= 0xE4;
+                                                                       BbpValue |= 0x10;
+                                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, BbpValue);
+                                                                       break;
+                                                       }
+                                               }
+
+                                               if (Channel > 14)
+                                               {
+                                                       // initialize R3, R4
+                                                       R3 = (RFRegTable[index].R3 & 0xffffc1ff);
+                                                       R4 = (RFRegTable[index].R4 & (~0x001f87c0)) | (pAd->ate.RFFreqOffset << 15);
+
+                                   /*
+                                           According the Rory's suggestion to solve the middle range issue.
+
+                                                               5.5G band power range : 0xF9~0X0F, TX0 Reg3 bit9/TX1 Reg4 bit6="0"
+                                                                                                               means the TX power reduce 7dB.
+                                                       */
+                                                       // R3
+                                                       if ((TxPwer >= -7) && (TxPwer < 0))
+                                                       {
+                                                               TxPwer = (7+TxPwer);
+                                                               TxPwer = (TxPwer > 0xF) ? (0xF) : (TxPwer);
+                                                               R3 |= (TxPwer << 10);
+                                                               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATEAsicSwitchChannel: TxPwer=%d \n", TxPwer));
+                                                       }
+                                                       else
+                                                       {
+                                                               TxPwer = (TxPwer > 0xF) ? (0xF) : (TxPwer);
+                                                               R3 |= (TxPwer << 10) | (1 << 9);
+                                                       }
+
+                                                       // R4
+                                                       if ((TxPwer2 >= -7) && (TxPwer2 < 0))
+                                                       {
+                                                               TxPwer2 = (7+TxPwer2);
+                                                               TxPwer2 = (TxPwer2 > 0xF) ? (0xF) : (TxPwer2);
+                                                               R4 |= (TxPwer2 << 7);
+                                                               ATEDBGPRINT(RT_DEBUG_TRACE, ("ATEAsicSwitchChannel: TxPwer2=%d \n", TxPwer2));
+                                                       }
+                                                       else
+                                                       {
+                                                               TxPwer2 = (TxPwer2 > 0xF) ? (0xF) : (TxPwer2);
+                                                               R4 |= (TxPwer2 << 7) | (1 << 6);
+                                                       }
+                                               }
+                                               else
+                                               {
+                                                       // Set TX power0.
+                                                       R3 = (RFRegTable[index].R3 & 0xffffc1ff) | (TxPwer << 9);
+                                                       // Set frequency offset and TX power1.
+                                                       R4 = (RFRegTable[index].R4 & (~0x001f87c0)) | (pAd->ate.RFFreqOffset << 15) | (TxPwer2 <<6);
+                                               }
+
+                                               // based on BBP current mode before changing RF channel
+                                               if (pAd->ate.TxWI.BW == BW_40)
+                                               {
+                                                       R4 |=0x200000;
+                                               }
+
+                                               // Update variables.
+                                               pAd->LatchRfRegs.Channel = Channel;
+                                               pAd->LatchRfRegs.R1 = RFRegTable[index].R1;
+                                               pAd->LatchRfRegs.R2 = R2;
+                                               pAd->LatchRfRegs.R3 = R3;
+                                               pAd->LatchRfRegs.R4 = R4;
+
+                                               RtmpRfIoWrite(pAd);
+
+                                               break;
+                                       }
+                               }
+                               break;
+
+                       default:
+                               break;
+               }
+       }
+
+       // Change BBP setting during switch from a->g, g->a
+       if (Channel <= 14)
+       {
+           UINT32 TxPinCfg = 0x00050F0A;// 2007.10.09 by Brian : 0x0005050A ==> 0x00050F0A
+
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R62, (0x37 - GET_LNA_GAIN(pAd)));
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R63, (0x37 - GET_LNA_GAIN(pAd)));
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R64, (0x37 - GET_LNA_GAIN(pAd)));
+
+               /* For 1T/2R chip only... */
+           if (pAd->NicConfig2.field.ExternalLNAForG)
+           {
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0x62);
+           }
+           else
+           {
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0x84);
+           }
+
+        // According the Rory's suggestion to solve the middle range issue.
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R86, &BbpValue);// may be removed for RT35xx ++
+
+               ASSERT((BbpValue == 0x00));
+               if ((BbpValue != 0x00))
+               {
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R86, 0x00);
+               }// may be removed for RT35xx --
+
+               // 5.5 GHz band selection PIN, bit1 and bit2 are complement
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Value);
+               Value &= (~0x6);
+               Value |= (0x04);
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+
+        // Turn off unused PA or LNA when only 1T or 1R.
+               if (pAd->Antenna.field.TxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFFFF3;
+               }
+               if (pAd->Antenna.field.RxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFF3FF;
+               }
+
+               // calibration power unbalance issues
+               if (pAd->Antenna.field.TxPath == 2)
+               {
+                       if (pAd->ate.TxAntennaSel == 1)
+                       {
+                               TxPinCfg &= 0xFFFFFFF7;
+                       }
+                       else if (pAd->ate.TxAntennaSel == 2)
+                       {
+                               TxPinCfg &= 0xFFFFFFFD;
+                       }
+               }
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+       }
+       else
+       {
+           UINT32      TxPinCfg = 0x00050F05;// 2007.10.09 by Brian : 0x00050505 ==> 0x00050F05
+
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R62, (0x37 - GET_LNA_GAIN(pAd)));
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R63, (0x37 - GET_LNA_GAIN(pAd)));
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R64, (0x37 - GET_LNA_GAIN(pAd)));
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R82, 0xF2);
+
+        // According the Rory's suggestion to solve the middle range issue.
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R86, &BbpValue);// may be removed for RT35xx ++
+
+               ASSERT((BbpValue == 0x00));
+               if ((BbpValue != 0x00))
+               {
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R86, 0x00);
+               }
+
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R91, &BbpValue);
+               ASSERT((BbpValue == 0x04));
+
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R92, &BbpValue);
+               ASSERT((BbpValue == 0x00));// may be removed for RT35xx --
+
+               // 5.5 GHz band selection PIN, bit1 and bit2 are complement
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Value);
+               Value &= (~0x6);
+               Value |= (0x02);
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Value);
+
+               // Turn off unused PA or LNA when only 1T or 1R.
+               if (pAd->Antenna.field.TxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFFFF3;
+               }
+               if (pAd->Antenna.field.RxPath == 1)
+               {
+                       TxPinCfg &= 0xFFFFF3FF;
+               }
+
+               RTMP_IO_WRITE32(pAd, TX_PIN_CFG, TxPinCfg);
+       }
+
+
+    // R66 should be set according to Channel and use 20MHz when scanning
+       if (Channel <= 14)
+       {
+               // BG band
+               R66 = 0x2E + GET_LNA_GAIN(pAd);
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+       }
+       else
+       {
+               // 5.5 GHz band
+               if (pAd->ate.TxWI.BW == BW_20)
+               {
+                       R66 = (UCHAR)(0x32 + (GET_LNA_GAIN(pAd)*5)/3);
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+               }
+               else
+               {
+                       R66 = (UCHAR)(0x3A + (GET_LNA_GAIN(pAd)*5)/3);
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, R66);
+               }
+       }
+
+       /*
+               On 11A, We should delay and wait RF/BBP to be stable
+               and the appropriate time should be 1000 micro seconds.
+
+               2005/06/05 - On 11G, We also need this delay time. Otherwise it's difficult to pass the WHQL.
+       */
+       RTMPusecDelay(1000);
+
+#ifndef RTMP_RF_RW_SUPPORT
+       if (Channel > 14)
+       {
+               // When 5.5GHz band the LSB of TxPwr will be used to reduced 7dB or not.
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("SwitchChannel#%d(RF=%d, %dT) to , R1=0x%08lx, R2=0x%08lx, R3=0x%08lx, R4=0x%08lx\n",
+                                                                 Channel,
+                                                                 pAd->RfIcType,
+                                                                 pAd->Antenna.field.TxPath,
+                                                                 pAd->LatchRfRegs.R1,
+                                                                 pAd->LatchRfRegs.R2,
+                                                                 pAd->LatchRfRegs.R3,
+                                                                 pAd->LatchRfRegs.R4));
+       }
+       else
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("SwitchChannel#%d(RF=%d, Pwr0=%u, Pwr1=%u, %dT) to , R1=0x%08lx, R2=0x%08lx, R3=0x%08lx, R4=0x%08lx\n",
+                                                                 Channel,
+                                                                 pAd->RfIcType,
+                                                                 (R3 & 0x00003e00) >> 9,
+                                                                 (R4 & 0x000007c0) >> 6,
+                                                                 pAd->Antenna.field.TxPath,
+                                                                 pAd->LatchRfRegs.R1,
+                                                                 pAd->LatchRfRegs.R2,
+                                                                 pAd->LatchRfRegs.R3,
+                                                                 pAd->LatchRfRegs.R4));
+    }
+#endif // RTMP_RF_RW_SUPPORT //
+}
+
+
+
+/* In fact, no one will call this routine so far ! */
+
+/*
+==========================================================================
+       Description:
+               Gives CCK TX rate 2 more dB TX power.
+               This routine works only in ATE mode.
+
+               calculate desired Tx power in RF R3.Tx0~5,      should consider -
+               0. if current radio is a noisy environment (pAd->DrsCounters.fNoisyEnvironment)
+               1. TxPowerPercentage
+               2. auto calibration based on TSSI feedback
+               3. extra 2 db for CCK
+               4. -10 db upon very-short distance (AvgRSSI >= -40db) to AP
+
+       NOTE: Since this routine requires the value of (pAd->DrsCounters.fNoisyEnvironment),
+               it should be called AFTER MlmeDynamicTxRateSwitching()
+==========================================================================
+*/
+VOID ATEAsicAdjustTxPower(
+       IN PRTMP_ADAPTER pAd)
+{
+       INT                     i, j;
+       CHAR            DeltaPwr = 0;
+       BOOLEAN         bAutoTxAgc = FALSE;
+       UCHAR           TssiRef, *pTssiMinusBoundary, *pTssiPlusBoundary, TxAgcStep;
+       UCHAR           BbpR49 = 0, idx;
+       PCHAR           pTxAgcCompensate;
+       ULONG           TxPwr[5];
+       CHAR            Value;
+
+       /* no one calls this procedure so far */
+       if (pAd->ate.TxWI.BW == BW_40)
+       {
+               if (pAd->ate.Channel > 14)
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx40MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx40MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx40MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx40MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx40MPwrCfgGBand[4];
+               }
+       }
+       else
+       {
+               if (pAd->ate.Channel > 14)
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgABand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgABand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgABand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgABand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgABand[4];
+               }
+               else
+               {
+                       TxPwr[0] = pAd->Tx20MPwrCfgGBand[0];
+                       TxPwr[1] = pAd->Tx20MPwrCfgGBand[1];
+                       TxPwr[2] = pAd->Tx20MPwrCfgGBand[2];
+                       TxPwr[3] = pAd->Tx20MPwrCfgGBand[3];
+                       TxPwr[4] = pAd->Tx20MPwrCfgGBand[4];
+               }
+       }
+
+       // TX power compensation for temperature variation based on TSSI.
+       // Do it per 4 seconds.
+       if (pAd->Mlme.OneSecPeriodicRound % 4 == 0)
+       {
+               if (pAd->ate.Channel <= 14)
+               {
+                       /* bg channel */
+                       bAutoTxAgc         = pAd->bAutoTxAgcG;
+                       TssiRef            = pAd->TssiRefG;
+                       pTssiMinusBoundary = &pAd->TssiMinusBoundaryG[0];
+                       pTssiPlusBoundary  = &pAd->TssiPlusBoundaryG[0];
+                       TxAgcStep          = pAd->TxAgcStepG;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateG;
+               }
+               else
+               {
+                       /* a channel */
+                       bAutoTxAgc         = pAd->bAutoTxAgcA;
+                       TssiRef            = pAd->TssiRefA;
+                       pTssiMinusBoundary = &pAd->TssiMinusBoundaryA[0];
+                       pTssiPlusBoundary  = &pAd->TssiPlusBoundaryA[0];
+                       TxAgcStep          = pAd->TxAgcStepA;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateA;
+               }
+
+               if (bAutoTxAgc)
+               {
+                       /* BbpR49 is unsigned char. */
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R49, &BbpR49);
+
+                       /* (p) TssiPlusBoundaryG[0] = 0 = (m) TssiMinusBoundaryG[0] */
+                       /* compensate: +4     +3   +2   +1    0   -1   -2   -3   -4 * steps */
+                       /* step value is defined in pAd->TxAgcStepG for tx power value */
+
+                       /* [4]+1+[4]   p4     p3   p2   p1   o1   m1   m2   m3   m4 */
+                       /* ex:         0x00 0x15 0x25 0x45 0x88 0xA0 0xB5 0xD0 0xF0
+                          above value are examined in mass factory production */
+                       /*             [4]    [3]  [2]  [1]  [0]  [1]  [2]  [3]  [4] */
+
+                       /* plus is 0x10 ~ 0x40, minus is 0x60 ~ 0x90 */
+                       /* if value is between p1 ~ o1 or o1 ~ s1, no need to adjust tx power */
+                       /* if value is 0x65, tx power will be -= TxAgcStep*(2-1) */
+
+                       if (BbpR49 > pTssiMinusBoundary[1])
+                       {
+                               // Reading is larger than the reference value.
+                               // Check for how large we need to decrease the Tx power.
+                               for (idx = 1; idx < 5; idx++)
+                               {
+                                       // Found the range.
+                                       if (BbpR49 <= pTssiMinusBoundary[idx])
+                                               break;
+                               }
+
+                               // The index is the step we should decrease, idx = 0 means there is nothing to compensate.
+//                             if (R3 > (ULONG) (TxAgcStep * (idx-1)))
+                                       *pTxAgcCompensate = -(TxAgcStep * (idx-1));
+//                             else
+//                                     *pTxAgcCompensate = -((UCHAR)R3);
+
+                               DeltaPwr += (*pTxAgcCompensate);
+                               ATEDBGPRINT(RT_DEBUG_TRACE, ("-- Tx Power, BBP R1=%x, TssiRef=%x, TxAgcStep=%x, step = -%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, idx-1));
+                       }
+                       else if (BbpR49 < pTssiPlusBoundary[1])
+                       {
+                               // Reading is smaller than the reference value.
+                               // Check for how large we need to increase the Tx power.
+                               for (idx = 1; idx < 5; idx++)
+                               {
+                                       // Found the range.
+                                       if (BbpR49 >= pTssiPlusBoundary[idx])
+                                               break;
+                               }
+
+                               // The index is the step we should increase, idx = 0 means there is nothing to compensate.
+                               *pTxAgcCompensate = TxAgcStep * (idx-1);
+                               DeltaPwr += (*pTxAgcCompensate);
+                               ATEDBGPRINT(RT_DEBUG_TRACE, ("++ Tx Power, BBP R1=%x, TssiRef=%x, TxAgcStep=%x, step = +%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, idx-1));
+                       }
+                       else
+                       {
+                               *pTxAgcCompensate = 0;
+                               ATEDBGPRINT(RT_DEBUG_TRACE, ("   Tx Power, BBP R1=%x, TssiRef=%x, TxAgcStep=%x, step = +%d\n",
+                                       BbpR49, TssiRef, TxAgcStep, 0));
+                       }
+               }
+       }
+       else
+       {
+               if (pAd->ate.Channel <= 14)
+               {
+                       bAutoTxAgc         = pAd->bAutoTxAgcG;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateG;
+               }
+               else
+               {
+                       bAutoTxAgc         = pAd->bAutoTxAgcA;
+                       pTxAgcCompensate   = &pAd->TxAgcCompensateA;
+               }
+
+               if (bAutoTxAgc)
+                       DeltaPwr += (*pTxAgcCompensate);
+       }
+
+       /* Calculate delta power based on the percentage specified from UI. */
+       // E2PROM setting is calibrated for maximum TX power (i.e. 100%)
+       // We lower TX power here according to the percentage specified from UI.
+       if (pAd->CommonCfg.TxPowerPercentage == 0xffffffff)       // AUTO TX POWER control
+               ;
+       else if (pAd->CommonCfg.TxPowerPercentage > 90)  // 91 ~ 100% & AUTO, treat as 100% in terms of mW
+               ;
+       else if (pAd->CommonCfg.TxPowerPercentage > 60)  // 61 ~ 90%, treat as 75% in terms of mW
+       {
+               DeltaPwr -= 1;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 30)  // 31 ~ 60%, treat as 50% in terms of mW
+       {
+               DeltaPwr -= 3;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 15)  // 16 ~ 30%, treat as 25% in terms of mW
+       {
+               DeltaPwr -= 6;
+       }
+       else if (pAd->CommonCfg.TxPowerPercentage > 9)   // 10 ~ 15%, treat as 12.5% in terms of mW
+       {
+               DeltaPwr -= 9;
+       }
+       else                                           // 0 ~ 9 %, treat as MIN(~3%) in terms of mW
+       {
+               DeltaPwr -= 12;
+       }
+
+       /* Reset different new tx power for different TX rate. */
+       for (i=0; i<5; i++)
+       {
+               if (TxPwr[i] != 0xffffffff)
+               {
+                       for (j=0; j<8; j++)
+                       {
+                               Value = (CHAR)((TxPwr[i] >> j*4) & 0x0F); /* 0 ~ 15 */
+
+                               if ((Value + DeltaPwr) < 0)
+                               {
+                                       Value = 0; /* min */
+                               }
+                               else if ((Value + DeltaPwr) > 0xF)
+                               {
+                                       Value = 0xF; /* max */
+                               }
+                               else
+                               {
+                                       Value += DeltaPwr; /* temperature compensation */
+                               }
+
+                               /* fill new value to CSR offset */
+                               TxPwr[i] = (TxPwr[i] & ~(0x0000000F << j*4)) | (Value << j*4);
+                       }
+
+                       /* write tx power value to CSR */
+                       /* TX_PWR_CFG_0 (8 tx rate) for TX power for OFDM 12M/18M
+                                                                                       TX power for OFDM 6M/9M
+                                                                                       TX power for CCK5.5M/11M
+                                                                                       TX power for CCK1M/2M */
+                       /* TX_PWR_CFG_1 ~ TX_PWR_CFG_4 */
+                       RTMP_IO_WRITE32(pAd, TX_PWR_CFG_0 + i*4, TxPwr[i]);
+
+
+               }
+       }
+
+}
+
+
+/*
+========================================================================
+       Routine Description:
+               Write TxWI for ATE mode.
+
+       Return Value:
+               None
+========================================================================
+*/
+#ifdef RTMP_MAC_PCI
+static VOID ATEWriteTxWI(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXWI_STRUC     pOutTxWI,
+       IN      BOOLEAN                 FRAG,
+       IN      BOOLEAN                 CFACK,
+       IN      BOOLEAN                 InsTimestamp,
+       IN      BOOLEAN                 AMPDU,
+       IN      BOOLEAN                 Ack,
+       IN      BOOLEAN                 NSeq,           // HW new a sequence.
+       IN      UCHAR                   BASize,
+       IN      UCHAR                   WCID,
+       IN      ULONG                   Length,
+       IN      UCHAR                   PID,
+       IN      UCHAR                   TID,
+       IN      UCHAR                   TxRate,
+       IN      UCHAR                   Txopmode,
+       IN      BOOLEAN                 CfAck,
+       IN      HTTRANSMIT_SETTING      *pTransmit)
+{
+       TXWI_STRUC              TxWI;
+       PTXWI_STRUC     pTxWI;
+
+       //
+       // Always use Long preamble before verifiation short preamble functionality works well.
+       // Todo: remove the following line if short preamble functionality works
+       //
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED);
+       NdisZeroMemory(&TxWI, TXWI_SIZE);
+       pTxWI = &TxWI;
+
+       pTxWI->FRAG= FRAG;
+
+       pTxWI->CFACK = CFACK;
+       pTxWI->TS= InsTimestamp;
+       pTxWI->AMPDU = AMPDU;
+       pTxWI->ACK = Ack;
+       pTxWI->txop= Txopmode;
+
+       pTxWI->NSEQ = NSeq;
+
+       // John tune the performace with Intel Client in 20 MHz performance
+       if ( BASize >7 )
+               BASize =7;
+
+       pTxWI->BAWinSize = BASize;
+       pTxWI->WirelessCliID = WCID;
+       pTxWI->MPDUtotalByteCount = Length;
+       pTxWI->PacketId = PID;
+
+       // If CCK or OFDM, BW must be 20
+       pTxWI->BW = (pTransmit->field.MODE <= MODE_OFDM) ? (BW_20) : (pTransmit->field.BW);
+       pTxWI->ShortGI = pTransmit->field.ShortGI;
+       pTxWI->STBC = pTransmit->field.STBC;
+
+       pTxWI->MCS = pTransmit->field.MCS;
+       pTxWI->PHYMODE = pTransmit->field.MODE;
+       pTxWI->CFACK = CfAck;
+       pTxWI->MIMOps = 0;
+       pTxWI->MpduDensity = 0;
+
+       pTxWI->PacketId = pTxWI->MCS;
+       NdisMoveMemory(pOutTxWI, &TxWI, sizeof(TXWI_STRUC));
+
+    return;
+}
+#endif // RTMP_MAC_PCI //
+
+
+
+
+/*
+========================================================================
+
+       Routine Description:
+               Disable protection for ATE.
+========================================================================
+*/
+VOID ATEDisableAsicProtect(
+       IN              PRTMP_ADAPTER   pAd)
+{
+       PROT_CFG_STRUC  ProtCfg, ProtCfg4;
+       UINT32 Protect[6];
+       USHORT                  offset;
+       UCHAR                   i;
+       UINT32 MacReg = 0;
+
+       // Config ASIC RTS threshold register
+       RTMP_IO_READ32(pAd, TX_RTS_CFG, &MacReg);
+       MacReg &= 0xFF0000FF;
+       MacReg |= (pAd->CommonCfg.RtsThreshold << 8);
+       RTMP_IO_WRITE32(pAd, TX_RTS_CFG, MacReg);
+
+       // Initial common protection settings
+       RTMPZeroMemory(Protect, sizeof(Protect));
+       ProtCfg4.word = 0;
+       ProtCfg.word = 0;
+       ProtCfg.field.TxopAllowGF40 = 1;
+       ProtCfg.field.TxopAllowGF20 = 1;
+       ProtCfg.field.TxopAllowMM40 = 1;
+       ProtCfg.field.TxopAllowMM20 = 1;
+       ProtCfg.field.TxopAllowOfdm = 1;
+       ProtCfg.field.TxopAllowCck = 1;
+       ProtCfg.field.RTSThEn = 1;
+       ProtCfg.field.ProtectNav = ASIC_SHORTNAV;
+
+       // Handle legacy(B/G) protection
+       ProtCfg.field.ProtectRate = pAd->CommonCfg.RtsRate;
+       ProtCfg.field.ProtectCtrl = 0;
+       Protect[0] = ProtCfg.word;
+       Protect[1] = ProtCfg.word;
+
+       // NO PROTECT
+       // 1.All STAs in the BSS are 20/40 MHz HT
+       // 2. in ai 20/40MHz BSS
+       // 3. all STAs are 20MHz in a 20MHz BSS
+       // Pure HT. no protection.
+
+       // MM20_PROT_CFG
+       //      Reserved (31:27)
+       //      PROT_TXOP(25:20) -- 010111
+       //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+       //  PROT_CTRL(17:16) -- 00 (None)
+       //      PROT_RATE(15:0)  -- 0x4004 (OFDM 24M)
+       Protect[2] = 0x01744004;
+
+       // MM40_PROT_CFG
+       //      Reserved (31:27)
+       //      PROT_TXOP(25:20) -- 111111
+       //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+       //  PROT_CTRL(17:16) -- 00 (None)
+       //      PROT_RATE(15:0)  -- 0x4084 (duplicate OFDM 24M)
+       Protect[3] = 0x03f44084;
+
+       // CF20_PROT_CFG
+       //      Reserved (31:27)
+       //      PROT_TXOP(25:20) -- 010111
+       //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+       //  PROT_CTRL(17:16) -- 00 (None)
+       //      PROT_RATE(15:0)  -- 0x4004 (OFDM 24M)
+       Protect[4] = 0x01744004;
+
+       // CF40_PROT_CFG
+       //      Reserved (31:27)
+       //      PROT_TXOP(25:20) -- 111111
+       //      PROT_NAV(19:18)  -- 01 (Short NAV protection)
+       //  PROT_CTRL(17:16) -- 00 (None)
+       //      PROT_RATE(15:0)  -- 0x4084 (duplicate OFDM 24M)
+       Protect[5] = 0x03f44084;
+
+       pAd->CommonCfg.IOTestParm.bRTSLongProtOn = FALSE;
+
+       offset = CCK_PROT_CFG;
+       for (i = 0;i < 6;i++)
+               RTMP_IO_WRITE32(pAd, offset + i*4, Protect[i]);
+
+}
+
+
+
+
+/* There are two ways to convert Rssi */
+/* the way used with GET_LNA_GAIN() */
+CHAR ATEConvertToRssi(
+       IN PRTMP_ADAPTER pAd,
+       IN      CHAR    Rssi,
+       IN  UCHAR   RssiNumber)
+{
+       UCHAR   RssiOffset, LNAGain;
+
+       // Rssi equals to zero should be an invalid value
+       if (Rssi == 0)
+               return -99;
+
+       LNAGain = GET_LNA_GAIN(pAd);
+       if (pAd->LatchRfRegs.Channel > 14)
+       {
+               if (RssiNumber == 0)
+                       RssiOffset = pAd->ARssiOffset0;
+               else if (RssiNumber == 1)
+                       RssiOffset = pAd->ARssiOffset1;
+               else
+                       RssiOffset = pAd->ARssiOffset2;
+       }
+       else
+       {
+               if (RssiNumber == 0)
+                       RssiOffset = pAd->BGRssiOffset0;
+               else if (RssiNumber == 1)
+                       RssiOffset = pAd->BGRssiOffset1;
+               else
+                       RssiOffset = pAd->BGRssiOffset2;
+       }
+
+       return (-12 - RssiOffset - LNAGain - Rssi);
+}
+
+
+/*
+========================================================================
+
+       Routine Description:
+               Set Japan filter coefficients if needed.
+       Note:
+               This routine should only be called when
+               entering TXFRAME mode or TXCONT mode.
+
+========================================================================
+*/
+static VOID SetJapanFilter(
+       IN              PRTMP_ADAPTER   pAd)
+{
+       UCHAR                   BbpData = 0;
+
+       //
+       // If Channel=14 and Bandwidth=20M and Mode=CCK, set BBP R4 bit5=1
+       // (Japan Tx filter coefficients)when (TXFRAME or TXCONT).
+       //
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BbpData);
+
+    if ((pAd->ate.TxWI.PHYMODE == MODE_CCK) && (pAd->ate.Channel == 14) && (pAd->ate.TxWI.BW == BW_20))
+    {
+        BbpData |= 0x20;    // turn on
+        ATEDBGPRINT(RT_DEBUG_TRACE, ("SetJapanFilter!!!\n"));
+    }
+    else
+    {
+               BbpData &= 0xdf;    // turn off
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("ClearJapanFilter!!!\n"));
+    }
+
+       ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BbpData);
+}
+
+
+VOID ATESampleRssi(
+       IN PRTMP_ADAPTER        pAd,
+       IN PRXWI_STRUC          pRxWI)
+{
+       /* There are two ways to collect RSSI. */
+//     pAd->LastRxRate = (USHORT)((pRxWI->MCS) + (pRxWI->BW <<7) + (pRxWI->ShortGI <<8)+ (pRxWI->PHYMODE <<14)) ;
+       if (pRxWI->RSSI0 != 0)
+       {
+               pAd->ate.LastRssi0      = ATEConvertToRssi(pAd, (CHAR) pRxWI->RSSI0, RSSI_0);
+               pAd->ate.AvgRssi0X8     = (pAd->ate.AvgRssi0X8 - pAd->ate.AvgRssi0) + pAd->ate.LastRssi0;
+               pAd->ate.AvgRssi0       = pAd->ate.AvgRssi0X8 >> 3;
+       }
+       if (pRxWI->RSSI1 != 0)
+       {
+               pAd->ate.LastRssi1      = ATEConvertToRssi(pAd, (CHAR) pRxWI->RSSI1, RSSI_1);
+               pAd->ate.AvgRssi1X8     = (pAd->ate.AvgRssi1X8 - pAd->ate.AvgRssi1) + pAd->ate.LastRssi1;
+               pAd->ate.AvgRssi1       = pAd->ate.AvgRssi1X8 >> 3;
+       }
+       if (pRxWI->RSSI2 != 0)
+       {
+               pAd->ate.LastRssi2      = ATEConvertToRssi(pAd, (CHAR) pRxWI->RSSI2, RSSI_2);
+               pAd->ate.AvgRssi2X8     = (pAd->ate.AvgRssi2X8 - pAd->ate.AvgRssi2) + pAd->ate.LastRssi2;
+               pAd->ate.AvgRssi2       = pAd->ate.AvgRssi2X8 >> 3;
+       }
+
+       pAd->ate.LastSNR0 = (CHAR)(pRxWI->SNR0);// CHAR ==> UCHAR ?
+       pAd->ate.LastSNR1 = (CHAR)(pRxWI->SNR1);// CHAR ==> UCHAR ?
+
+       pAd->ate.NumOfAvgRssiSample ++;
+}
+
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RTMPStationStop(
+    IN  PRTMP_ADAPTER   pAd)
+{
+//     BOOLEAN       Cancelled;
+
+    ATEDBGPRINT(RT_DEBUG_TRACE, ("==> RTMPStationStop\n"));
+
+       // For rx statistics, we need to keep this timer running.
+//     RTMPCancelTimer(&pAd->Mlme.PeriodicTimer,      &Cancelled);
+
+    ATEDBGPRINT(RT_DEBUG_TRACE, ("<== RTMPStationStop\n"));
+}
+
+
+VOID RTMPStationStart(
+    IN  PRTMP_ADAPTER   pAd)
+{
+    ATEDBGPRINT(RT_DEBUG_TRACE, ("==> RTMPStationStart\n"));
+
+#ifdef RTMP_MAC_PCI
+       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+
+       /* We did not cancel this timer when entering ATE mode. */
+//     RTMPSetTimer(&pAd->Mlme.PeriodicTimer, MLME_TASK_EXEC_INTV);
+#endif // RTMP_MAC_PCI //
+
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("<== RTMPStationStart\n"));
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+/*
+==========================================================================
+       Description:
+               Setup Frame format.
+       NOTE:
+               This routine should only be used in ATE mode.
+==========================================================================
+*/
+#ifdef RTMP_MAC_PCI
+static INT ATESetUpFrame(
+       IN PRTMP_ADAPTER pAd,
+       IN UINT32 TxIdx)
+{
+       UINT j;
+       PTXD_STRUC pTxD;
+#ifdef RT_BIG_ENDIAN
+    PTXD_STRUC      pDestTxD;
+    TXD_STRUC       TxD;
+#endif
+       PNDIS_PACKET pPacket;
+       PUCHAR pDest;
+       PVOID AllocVa;
+       NDIS_PHYSICAL_ADDRESS AllocPa;
+       HTTRANSMIT_SETTING      TxHTPhyMode;
+
+       PRTMP_TX_RING pTxRing = &pAd->TxRing[QID_AC_BE];
+       PTXWI_STRUC pTxWI = (PTXWI_STRUC) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+       PUCHAR pDMAHeaderBufVA = (PUCHAR) pTxRing->Cell[TxIdx].DmaBuf.AllocVa;
+
+#ifdef RALINK_28xx_QA
+       PHEADER_802_11  pHeader80211;
+#endif // RALINK_28xx_QA //
+
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               // always use QID_AC_BE and FIFO_EDCA
+
+               // fill TxWI
+               TxHTPhyMode.field.BW = pAd->ate.TxWI.BW;
+               TxHTPhyMode.field.ShortGI = pAd->ate.TxWI.ShortGI;
+               TxHTPhyMode.field.STBC = 0;
+               TxHTPhyMode.field.MCS = pAd->ate.TxWI.MCS;
+               TxHTPhyMode.field.MODE = pAd->ate.TxWI.PHYMODE;
+
+               ATEWriteTxWI(pAd, pTxWI, pAd->ate.TxWI.FRAG, pAd->ate.TxWI.CFACK,
+                       pAd->ate.TxWI.TS,  pAd->ate.TxWI.AMPDU, pAd->ate.TxWI.ACK, pAd->ate.TxWI.NSEQ,
+                       pAd->ate.TxWI.BAWinSize, 0, pAd->ate.TxWI.MPDUtotalByteCount, pAd->ate.TxWI.PacketId, 0, 0,
+                       pAd->ate.TxWI.txop/*IFS_HTTXOP*/, pAd->ate.TxWI.CFACK/*FALSE*/, &TxHTPhyMode);
+       }
+       else
+       {
+               TxHTPhyMode.field.BW = pAd->ate.TxWI.BW;
+               TxHTPhyMode.field.ShortGI = pAd->ate.TxWI.ShortGI;
+               TxHTPhyMode.field.STBC = 0;
+               TxHTPhyMode.field.MCS = pAd->ate.TxWI.MCS;
+               TxHTPhyMode.field.MODE = pAd->ate.TxWI.PHYMODE;
+               ATEWriteTxWI(pAd, pTxWI, FALSE, FALSE, FALSE,  FALSE, FALSE, FALSE,
+                       4, 0, pAd->ate.TxLength, 0, 0, 0, IFS_HTTXOP, FALSE, &TxHTPhyMode);
+       }
+
+       // fill 802.11 header
+#ifdef RALINK_28xx_QA
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               NdisMoveMemory(pDMAHeaderBufVA+TXWI_SIZE, pAd->ate.Header, pAd->ate.HLen);
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               NdisMoveMemory(pDMAHeaderBufVA+TXWI_SIZE, TemplateFrame, LENGTH_802_11);
+               NdisMoveMemory(pDMAHeaderBufVA+TXWI_SIZE+4, pAd->ate.Addr1, ETH_LENGTH_OF_ADDRESS);
+               NdisMoveMemory(pDMAHeaderBufVA+TXWI_SIZE+10, pAd->ate.Addr2, ETH_LENGTH_OF_ADDRESS);
+               NdisMoveMemory(pDMAHeaderBufVA+TXWI_SIZE+16, pAd->ate.Addr3, ETH_LENGTH_OF_ADDRESS);
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, (((PUCHAR)pDMAHeaderBufVA)+TXWI_SIZE), DIR_READ, FALSE);
+#endif // RT_BIG_ENDIAN //
+
+       /* alloc buffer for payload */
+#ifdef RALINK_28xx_QA
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               pPacket = RTMP_AllocateRxPacketBuffer(pAd, pAd->ate.DLen + 0x100, FALSE, &AllocVa, &AllocPa);
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               pPacket = RTMP_AllocateRxPacketBuffer(pAd, pAd->ate.TxLength, FALSE, &AllocVa, &AllocPa);
+       }
+
+       if (pPacket == NULL)
+       {
+               pAd->ate.TxCount = 0;
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("%s fail to alloc packet space.\n", __FUNCTION__));
+               return -1;
+       }
+       pTxRing->Cell[TxIdx].pNextNdisPacket = pPacket;
+
+       pDest = (PUCHAR) AllocVa;
+
+#ifdef RALINK_28xx_QA
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               RTPKT_TO_OSPKT(pPacket)->len = pAd->ate.DLen;
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               RTPKT_TO_OSPKT(pPacket)->len = pAd->ate.TxLength - LENGTH_802_11;
+       }
+
+       // prepare frame payload
+#ifdef RALINK_28xx_QA
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               // copy pattern
+               if ((pAd->ate.PLen != 0))
+               {
+                       int j;
+
+                       for (j = 0; j < pAd->ate.DLen; j+=pAd->ate.PLen)
+                       {
+                               memcpy(RTPKT_TO_OSPKT(pPacket)->data + j, pAd->ate.Pattern, pAd->ate.PLen);
+                       }
+               }
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               for (j = 0; j < RTPKT_TO_OSPKT(pPacket)->len; j++)
+               {
+                       pDest[j] = 0xA5;
+               }
+       }
+
+       /* build Tx Descriptor */
+#ifndef RT_BIG_ENDIAN
+       pTxD = (PTXD_STRUC) pTxRing->Cell[TxIdx].AllocVa;
+#else
+    pDestTxD  = (PTXD_STRUC)pTxRing->Cell[TxIdx].AllocVa;
+    TxD = *pDestTxD;
+    pTxD = &TxD;
+#endif // !RT_BIG_ENDIAN //
+
+#ifdef RALINK_28xx_QA
+       if (pAd->ate.bQATxStart == TRUE)
+       {
+               // prepare TxD
+               NdisZeroMemory(pTxD, TXD_SIZE);
+               RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+               // build TX DESC
+               pTxD->SDPtr0 = RTMP_GetPhysicalAddressLow(pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+               pTxD->SDLen0 = TXWI_SIZE + pAd->ate.HLen;
+               pTxD->LastSec0 = 0;
+               pTxD->SDPtr1 = AllocPa;
+               pTxD->SDLen1 = RTPKT_TO_OSPKT(pPacket)->len;
+               pTxD->LastSec1 = 1;
+
+               pDest = (PUCHAR)pTxWI;
+               pDest += TXWI_SIZE;
+               pHeader80211 = (PHEADER_802_11)pDest;
+
+               // modify sequence number...
+               if (pAd->ate.TxDoneCount == 0)
+               {
+                       pAd->ate.seq = pHeader80211->Sequence;
+               }
+               else
+                       pHeader80211->Sequence = ++pAd->ate.seq;
+       }
+       else
+#endif // RALINK_28xx_QA //
+       {
+               NdisZeroMemory(pTxD, TXD_SIZE);
+               RTMPWriteTxDescriptor(pAd, pTxD, FALSE, FIFO_EDCA);
+               // build TX DESC
+               pTxD->SDPtr0 = RTMP_GetPhysicalAddressLow (pTxRing->Cell[TxIdx].DmaBuf.AllocPa);
+               pTxD->SDLen0 = TXWI_SIZE + LENGTH_802_11;
+               pTxD->LastSec0 = 0;
+               pTxD->SDPtr1 = AllocPa;
+               pTxD->SDLen1 = RTPKT_TO_OSPKT(pPacket)->len;
+               pTxD->LastSec1 = 1;
+       }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPWIEndianChange((PUCHAR)pTxWI, TYPE_TXWI);
+       RTMPFrameEndianChange(pAd, (((PUCHAR)pDMAHeaderBufVA)+TXWI_SIZE), DIR_WRITE, FALSE);
+    RTMPDescriptorEndianChange((PUCHAR)pTxD, TYPE_TXD);
+    WriteBackToDescriptor((PUCHAR)pDestTxD, (PUCHAR)pTxD, FALSE, TYPE_TXD);
+#endif // RT_BIG_ENDIAN //
+
+       return 0;
+}
+/*=======================End of RTMP_MAC_PCI =======================*/
+#endif // RTMP_MAC_PCI //
+
+
+
+
+VOID rt_ee_read_all(PRTMP_ADAPTER pAd, USHORT *Data)
+{
+       USHORT i;
+       USHORT value;
+
+
+       for (i = 0 ; i < EEPROM_SIZE/2 ; )
+       {
+               /* "value" is especially for some compilers... */
+               RT28xx_EEPROM_READ16(pAd, i*2, value);
+               Data[i] = value;
+               i++;
+       }
+}
+
+
+VOID rt_ee_write_all(PRTMP_ADAPTER pAd, USHORT *Data)
+{
+       USHORT i;
+       USHORT value;
+
+
+       for (i = 0 ; i < EEPROM_SIZE/2 ; )
+       {
+               /* "value" is especially for some compilers... */
+               value = Data[i];
+               RT28xx_EEPROM_WRITE16(pAd, i*2, value);
+               i++;
+       }
+}
+
+
+#ifdef RALINK_28xx_QA
+VOID ATE_QA_Statistics(
+       IN PRTMP_ADAPTER                        pAd,
+       IN PRXWI_STRUC                          pRxWI,
+       IN PRT28XX_RXD_STRUC            pRxD,
+       IN PHEADER_802_11                       pHeader)
+{
+       // update counter first
+       if (pHeader != NULL)
+       {
+               if (pHeader->FC.Type == BTYPE_DATA)
+               {
+                       if (pRxD->U2M)
+                               pAd->ate.U2M++;
+                       else
+                               pAd->ate.OtherData++;
+               }
+               else if (pHeader->FC.Type == BTYPE_MGMT)
+               {
+                       if (pHeader->FC.SubType == SUBTYPE_BEACON)
+                               pAd->ate.Beacon++;
+                       else
+                               pAd->ate.OtherCount++;
+               }
+               else if (pHeader->FC.Type == BTYPE_CNTL)
+               {
+                       pAd->ate.OtherCount++;
+               }
+       }
+       pAd->ate.RSSI0 = pRxWI->RSSI0;
+       pAd->ate.RSSI1 = pRxWI->RSSI1;
+       pAd->ate.RSSI2 = pRxWI->RSSI2;
+       pAd->ate.SNR0 = pRxWI->SNR0;
+       pAd->ate.SNR1 = pRxWI->SNR1;
+}
+
+
+/* command id with Cmd Type == 0x0008(for 28xx)/0x0005(for iNIC) */
+#define RACFG_CMD_RF_WRITE_ALL         0x0000
+#define RACFG_CMD_E2PROM_READ16                0x0001
+#define RACFG_CMD_E2PROM_WRITE16       0x0002
+#define RACFG_CMD_E2PROM_READ_ALL      0x0003
+#define RACFG_CMD_E2PROM_WRITE_ALL     0x0004
+#define RACFG_CMD_IO_READ                      0x0005
+#define RACFG_CMD_IO_WRITE                     0x0006
+#define RACFG_CMD_IO_READ_BULK         0x0007
+#define RACFG_CMD_BBP_READ8                    0x0008
+#define RACFG_CMD_BBP_WRITE8           0x0009
+#define RACFG_CMD_BBP_READ_ALL         0x000a
+#define RACFG_CMD_GET_COUNTER          0x000b
+#define RACFG_CMD_CLEAR_COUNTER                0x000c
+
+#define RACFG_CMD_RSV1                         0x000d
+#define RACFG_CMD_RSV2                         0x000e
+#define RACFG_CMD_RSV3                         0x000f
+
+#define RACFG_CMD_TX_START                     0x0010
+#define RACFG_CMD_GET_TX_STATUS                0x0011
+#define RACFG_CMD_TX_STOP                      0x0012
+#define RACFG_CMD_RX_START                     0x0013
+#define RACFG_CMD_RX_STOP                      0x0014
+#define RACFG_CMD_GET_NOISE_LEVEL      0x0015
+
+#define RACFG_CMD_ATE_START                    0x0080
+#define RACFG_CMD_ATE_STOP                     0x0081
+
+#define RACFG_CMD_ATE_START_TX_CARRIER         0x0100
+#define RACFG_CMD_ATE_START_TX_CONT                    0x0101
+#define RACFG_CMD_ATE_START_TX_FRAME           0x0102
+#define RACFG_CMD_ATE_SET_BW               0x0103
+#define RACFG_CMD_ATE_SET_TX_POWER0            0x0104
+#define RACFG_CMD_ATE_SET_TX_POWER1                    0x0105
+#define RACFG_CMD_ATE_SET_FREQ_OFFSET          0x0106
+#define RACFG_CMD_ATE_GET_STATISTICS           0x0107
+#define RACFG_CMD_ATE_RESET_COUNTER                    0x0108
+#define RACFG_CMD_ATE_SEL_TX_ANTENNA           0x0109
+#define RACFG_CMD_ATE_SEL_RX_ANTENNA           0x010a
+#define RACFG_CMD_ATE_SET_PREAMBLE                     0x010b
+#define RACFG_CMD_ATE_SET_CHANNEL                      0x010c
+#define RACFG_CMD_ATE_SET_ADDR1                                0x010d
+#define RACFG_CMD_ATE_SET_ADDR2                                0x010e
+#define RACFG_CMD_ATE_SET_ADDR3                                0x010f
+#define RACFG_CMD_ATE_SET_RATE                         0x0110
+#define RACFG_CMD_ATE_SET_TX_FRAME_LEN         0x0111
+#define RACFG_CMD_ATE_SET_TX_FRAME_COUNT       0x0112
+#define RACFG_CMD_ATE_START_RX_FRAME           0x0113
+#define RACFG_CMD_ATE_E2PROM_READ_BULK 0x0114
+#define RACFG_CMD_ATE_E2PROM_WRITE_BULK        0x0115
+#define RACFG_CMD_ATE_IO_WRITE_BULK            0x0116
+#define RACFG_CMD_ATE_BBP_READ_BULK            0x0117
+#define RACFG_CMD_ATE_BBP_WRITE_BULK   0x0118
+#define RACFG_CMD_ATE_RF_READ_BULK             0x0119
+#define RACFG_CMD_ATE_RF_WRITE_BULK            0x011a
+
+
+static VOID memcpy_exl(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, ULONG len);
+static VOID memcpy_exs(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, ULONG len);
+static VOID RTMP_IO_READ_BULK(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, UINT32 len);
+
+
+
+VOID RtmpDoAte(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq)
+{
+       USHORT Command_Id;
+       INT     Status = NDIS_STATUS_SUCCESS;
+       struct ate_racfghdr *pRaCfg;
+
+
+       if ((pRaCfg = kmalloc(sizeof(struct ate_racfghdr), GFP_KERNEL)) == NULL)
+       {
+               Status = -EINVAL;
+               return;
+       }
+
+       NdisZeroMemory(pRaCfg, sizeof(struct ate_racfghdr));
+
+    if (copy_from_user((PUCHAR)pRaCfg, wrq->u.data.pointer, wrq->u.data.length))
+       {
+               Status = -EFAULT;
+               kfree(pRaCfg);
+               return;
+       }
+
+       Command_Id = ntohs(pRaCfg->command_id);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("\n%s: Command_Id = 0x%04x !\n", __FUNCTION__, Command_Id));
+
+       switch (Command_Id)
+       {
+               /* We will get this command when QA starts. */
+               case RACFG_CMD_ATE_START:
+                       Status=DO_RACFG_CMD_ATE_START(pAdapter,wrq,pRaCfg);
+                       break;
+
+               /* We will get this command either QA is closed or ated is killed by user. */
+               case RACFG_CMD_ATE_STOP:
+                       Status=DO_RACFG_CMD_ATE_STOP(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_RF_WRITE_ALL:
+                       Status=DO_RACFG_CMD_RF_WRITE_ALL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_E2PROM_READ16:
+                       Status=DO_RACFG_CMD_E2PROM_READ16(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_E2PROM_WRITE16:
+                       Status=DO_RACFG_CMD_E2PROM_WRITE16(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_E2PROM_READ_ALL:
+                       Status=DO_RACFG_CMD_E2PROM_READ_ALL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_E2PROM_WRITE_ALL:
+                       Status=DO_RACFG_CMD_E2PROM_WRITE_ALL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_IO_READ:
+                       Status=DO_RACFG_CMD_IO_READ(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_IO_WRITE:
+                       Status=DO_RACFG_CMD_IO_WRITE(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_IO_READ_BULK:
+                       Status=DO_RACFG_CMD_IO_READ_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_BBP_READ8:
+                       Status=DO_RACFG_CMD_BBP_READ8(pAdapter,wrq,pRaCfg);
+                       break;
+               case RACFG_CMD_BBP_WRITE8:
+                       Status=DO_RACFG_CMD_BBP_WRITE8(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_BBP_READ_ALL:
+                       Status=DO_RACFG_CMD_BBP_READ_ALL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_E2PROM_READ_BULK:
+                       Status=DO_RACFG_CMD_ATE_E2PROM_READ_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_E2PROM_WRITE_BULK:
+                       Status=DO_RACFG_CMD_ATE_E2PROM_WRITE_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_IO_WRITE_BULK:
+                       Status=DO_RACFG_CMD_ATE_IO_WRITE_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_BBP_READ_BULK:
+                       Status=DO_RACFG_CMD_ATE_BBP_READ_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_BBP_WRITE_BULK:
+                       Status=DO_RACFG_CMD_ATE_BBP_WRITE_BULK(pAdapter,wrq,pRaCfg);
+                       break;
+
+
+               case RACFG_CMD_GET_NOISE_LEVEL:
+                       Status=DO_RACFG_CMD_GET_NOISE_LEVEL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_GET_COUNTER:
+                       Status=DO_RACFG_CMD_GET_COUNTER(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_CLEAR_COUNTER:
+                       Status=DO_RACFG_CMD_CLEAR_COUNTER(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_TX_START:
+                       Status=DO_RACFG_CMD_TX_START(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_GET_TX_STATUS:
+                       Status=DO_RACFG_CMD_GET_TX_STATUS(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_TX_STOP:
+                       Status=DO_RACFG_CMD_TX_STOP(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_RX_START:
+                       Status=DO_RACFG_CMD_RX_START(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_RX_STOP:
+                       Status=DO_RACFG_CMD_RX_STOP(pAdapter,wrq,pRaCfg);
+                       break;
+
+               /* The following cases are for new ATE GUI(not QA). */
+               /*==================================================*/
+               case RACFG_CMD_ATE_START_TX_CARRIER:
+                       Status=DO_RACFG_CMD_ATE_START_TX_CARRIER(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_START_TX_CONT:
+                       Status=DO_RACFG_CMD_ATE_START_TX_CONT(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_START_TX_FRAME:
+                       Status=DO_RACFG_CMD_ATE_START_TX_FRAME(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_BW:
+                       Status=DO_RACFG_CMD_ATE_SET_BW(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_TX_POWER0:
+                       Status=DO_RACFG_CMD_ATE_SET_TX_POWER0(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_TX_POWER1:
+                       Status=DO_RACFG_CMD_ATE_SET_TX_POWER1(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_FREQ_OFFSET:
+                       Status=DO_RACFG_CMD_ATE_SET_TX_POWER1(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_GET_STATISTICS:
+                       Status=DO_RACFG_CMD_ATE_GET_STATISTICS(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_RESET_COUNTER:
+                       Status=DO_RACFG_CMD_ATE_RESET_COUNTER(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SEL_TX_ANTENNA:
+                       Status=DO_RACFG_CMD_ATE_SEL_TX_ANTENNA(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SEL_RX_ANTENNA:
+                       Status=DO_RACFG_CMD_ATE_SEL_TX_ANTENNA(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_PREAMBLE:
+                       Status=DO_RACFG_CMD_ATE_SET_PREAMBLE(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_CHANNEL:
+                       Status=DO_RACFG_CMD_ATE_SET_CHANNEL(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_ADDR1:
+                       Status=DO_RACFG_CMD_ATE_SET_ADDR1(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_ADDR2:
+                       Status=DO_RACFG_CMD_ATE_SET_ADDR2(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_ADDR3:
+                       Status=DO_RACFG_CMD_ATE_SET_ADDR3(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_RATE:
+                       Status=DO_RACFG_CMD_ATE_SET_RATE(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_TX_FRAME_LEN:
+                       Status=DO_RACFG_CMD_ATE_SET_TX_FRAME_LEN(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_SET_TX_FRAME_COUNT:
+                       Status=DO_RACFG_CMD_ATE_SET_TX_FRAME_COUNT(pAdapter,wrq,pRaCfg);
+                       break;
+
+               case RACFG_CMD_ATE_START_RX_FRAME:
+                       Status=DO_RACFG_CMD_ATE_START_RX_FRAME(pAdapter,wrq,pRaCfg);
+                       break;
+               default:
+                       break;
+       }
+
+    ASSERT(pRaCfg != NULL);
+
+    if (pRaCfg != NULL)
+           kfree(pRaCfg);
+
+       return;
+}
+
+
+VOID BubbleSort(INT32 n, INT32 a[])
+{
+       INT32 k, j, temp;
+
+       for (k = n-1;  k>0;  k--)
+       {
+               for (j = 0; j<k; j++)
+               {
+                       if (a[j] > a[j+1])
+                       {
+                               temp = a[j];
+                               a[j]=a[j+1];
+                               a[j+1]=temp;
+                       }
+               }
+       }
+}
+
+
+VOID CalNoiseLevel(PRTMP_ADAPTER pAd, UCHAR channel, INT32 RSSI[3][10])
+{
+       INT32           RSSI0, RSSI1, RSSI2;
+       CHAR            Rssi0Offset, Rssi1Offset, Rssi2Offset;
+       UCHAR           BbpR50Rssi0 = 0, BbpR51Rssi1 = 0, BbpR52Rssi2 = 0;
+       UCHAR           Org_BBP66value = 0, Org_BBP69value = 0, Org_BBP70value = 0, data = 0;
+       USHORT          LNA_Gain = 0;
+       INT32       j = 0;
+       UCHAR           Org_Channel = pAd->ate.Channel;
+       USHORT      GainValue = 0, OffsetValue = 0;
+
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R66, &Org_BBP66value);
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R69, &Org_BBP69value);
+       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R70, &Org_BBP70value);
+
+       //**********************************************************************
+       // Read the value of LNA gain and Rssi offset
+       //**********************************************************************
+       RT28xx_EEPROM_READ16(pAd, EEPROM_LNA_OFFSET, GainValue);
+
+       // for Noise Level
+       if (channel <= 14)
+       {
+               LNA_Gain = GainValue & 0x00FF;
+
+               RT28xx_EEPROM_READ16(pAd, EEPROM_RSSI_BG_OFFSET, OffsetValue);
+               Rssi0Offset = OffsetValue & 0x00FF;
+               Rssi1Offset = (OffsetValue & 0xFF00) >> 8;
+               RT28xx_EEPROM_READ16(pAd, (EEPROM_RSSI_BG_OFFSET + 2)/* 0x48 */, OffsetValue);
+               Rssi2Offset = OffsetValue & 0x00FF;
+       }
+       else
+       {
+               LNA_Gain = (GainValue & 0xFF00) >> 8;
+
+               RT28xx_EEPROM_READ16(pAd, EEPROM_RSSI_A_OFFSET, OffsetValue);
+               Rssi0Offset = OffsetValue & 0x00FF;
+               Rssi1Offset = (OffsetValue & 0xFF00) >> 8;
+               RT28xx_EEPROM_READ16(pAd, (EEPROM_RSSI_A_OFFSET + 2)/* 0x4C */, OffsetValue);
+               Rssi2Offset = OffsetValue & 0x00FF;
+       }
+       //**********************************************************************
+       {
+               pAd->ate.Channel = channel;
+               ATEAsicSwitchChannel(pAd);
+               mdelay(5);
+
+               data = 0x10;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, data);
+               data = 0x40;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, data);
+               data = 0x40;
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, data);
+               mdelay(5);
+
+               // start Rx
+               pAd->ate.bQARxStart = TRUE;
+               Set_ATE_Proc(pAd, "RXFRAME");
+
+               mdelay(5);
+
+               for (j = 0; j < 10; j++)
+               {
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R50, &BbpR50Rssi0);
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R51, &BbpR51Rssi1);
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R52, &BbpR52Rssi2);
+
+                       mdelay(10);
+
+                       // calculate RSSI 0
+                       if (BbpR50Rssi0 == 0)
+                       {
+                               RSSI0 = -100;
+                       }
+                       else
+                       {
+                               RSSI0 = (INT32)(-12 - BbpR50Rssi0 - LNA_Gain - Rssi0Offset);
+                       }
+                       RSSI[0][j] = RSSI0;
+
+                       if ( pAd->Antenna.field.RxPath >= 2 ) // 2R
+                       {
+                               // calculate RSSI 1
+                               if (BbpR51Rssi1 == 0)
+                               {
+                                       RSSI1 = -100;
+                               }
+                               else
+                               {
+                                       RSSI1 = (INT32)(-12 - BbpR51Rssi1 - LNA_Gain - Rssi1Offset);
+                               }
+                               RSSI[1][j] = RSSI1;
+                       }
+
+                       if ( pAd->Antenna.field.RxPath >= 3 ) // 3R
+                       {
+                               // calculate RSSI 2
+                               if (BbpR52Rssi2 == 0)
+                                       RSSI2 = -100;
+                               else
+                                       RSSI2 = (INT32)(-12 - BbpR52Rssi2 - LNA_Gain - Rssi2Offset);
+
+                               RSSI[2][j] = RSSI2;
+                       }
+               }
+
+               // stop Rx
+               Set_ATE_Proc(pAd, "RXSTOP");
+
+               mdelay(5);
+
+               BubbleSort(10, RSSI[0]);        // 1R
+
+               if ( pAd->Antenna.field.RxPath >= 2 ) // 2R
+               {
+                       BubbleSort(10, RSSI[1]);
+               }
+
+               if ( pAd->Antenna.field.RxPath >= 3 ) // 3R
+               {
+                       BubbleSort(10, RSSI[2]);
+               }
+       }
+
+       pAd->ate.Channel = Org_Channel;
+       ATEAsicSwitchChannel(pAd);
+
+       // restore original value
+    ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R66, Org_BBP66value);
+    ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, Org_BBP69value);
+    ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, Org_BBP70value);
+
+       return;
+}
+
+
+BOOLEAN SyncTxRxConfig(PRTMP_ADAPTER pAd, USHORT offset, UCHAR value)
+{
+       UCHAR tmp = 0, bbp_data = 0;
+
+       if (ATE_ON(pAd))
+       {
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, offset, &bbp_data);
+       }
+       else
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, offset, &bbp_data);
+       }
+
+       /* confirm again */
+       ASSERT(bbp_data == value);
+
+       switch (offset)
+       {
+               case BBP_R1:
+                       /* Need to synchronize tx configuration with legacy ATE. */
+                       tmp = (bbp_data & ((1 << 4) | (1 << 3))/* 0x18 */) >> 3;
+                   switch (tmp)
+                   {
+                               /* The BBP R1 bit[4:3] = 2 :: Both DACs will be used by QA. */
+                       case 2:
+                                       /* All */
+                                       pAd->ate.TxAntennaSel = 0;
+                           break;
+                               /* The BBP R1 bit[4:3] = 0 :: DAC 0 will be used by QA. */
+                       case 0:
+                                       /* Antenna one */
+                                       pAd->ate.TxAntennaSel = 1;
+                           break;
+                               /* The BBP R1 bit[4:3] = 1 :: DAC 1 will be used by QA. */
+                       case 1:
+                                       /* Antenna two */
+                                       pAd->ate.TxAntennaSel = 2;
+                           break;
+                       default:
+                           DBGPRINT(RT_DEBUG_TRACE, ("%s -- Sth. wrong!  : return FALSE; \n", __FUNCTION__));
+                           return FALSE;
+                   }
+                       break;/* case BBP_R1 */
+
+               case BBP_R3:
+                       /* Need to synchronize rx configuration with legacy ATE. */
+                       tmp = (bbp_data & ((1 << 1) | (1 << 0))/* 0x03 */);
+                   switch(tmp)
+                   {
+                               /* The BBP R3 bit[1:0] = 3 :: All ADCs will be used by QA. */
+                       case 3:
+                                       /* All */
+                                       pAd->ate.RxAntennaSel = 0;
+                           break;
+                               /*
+                                       The BBP R3 bit[1:0] = 0 :: ADC 0 will be used by QA,
+                                       unless the BBP R3 bit[4:3] = 2
+                               */
+                       case 0:
+                                       /* Antenna one */
+                                       pAd->ate.RxAntennaSel = 1;
+                                       tmp = ((bbp_data & ((1 << 4) | (1 << 3))/* 0x03 */) >> 3);
+                                       if (tmp == 2)// 3R
+                                       {
+                                               /* Default : All ADCs will be used by QA */
+                                               pAd->ate.RxAntennaSel = 0;
+                                       }
+                           break;
+                               /* The BBP R3 bit[1:0] = 1 :: ADC 1 will be used by QA. */
+                       case 1:
+                                       /* Antenna two */
+                                       pAd->ate.RxAntennaSel = 2;
+                           break;
+                               /* The BBP R3 bit[1:0] = 2 :: ADC 2 will be used by QA. */
+                       case 2:
+                                       /* Antenna three */
+                                       pAd->ate.RxAntennaSel = 3;
+                           break;
+                       default:
+                           DBGPRINT(RT_DEBUG_ERROR, ("%s -- Impossible!  : return FALSE; \n", __FUNCTION__));
+                           return FALSE;
+                   }
+                       break;/* case BBP_R3 */
+
+        default:
+            DBGPRINT(RT_DEBUG_ERROR, ("%s -- Sth. wrong!  : return FALSE; \n", __FUNCTION__));
+            return FALSE;
+
+       }
+       return TRUE;
+}
+
+
+static VOID memcpy_exl(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, ULONG len)
+{
+       ULONG i, Value = 0;
+       ULONG *pDst, *pSrc;
+       UCHAR *p8;
+
+       p8 = src;
+       pDst = (ULONG *) dst;
+       pSrc = (ULONG *) src;
+
+       for (i = 0 ; i < (len/4); i++)
+       {
+               /* For alignment issue, we need a variable "Value". */
+               memmove(&Value, pSrc, 4);
+               Value = htonl(Value);
+               memmove(pDst, &Value, 4);
+               pDst++;
+               pSrc++;
+       }
+       if ((len % 4) != 0)
+       {
+               /* wish that it will never reach here */
+               memmove(&Value, pSrc, (len % 4));
+               Value = htonl(Value);
+               memmove(pDst, &Value, (len % 4));
+       }
+}
+
+
+static VOID memcpy_exs(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, ULONG len)
+{
+       ULONG i;
+       UCHAR *pDst, *pSrc;
+
+       pDst = dst;
+       pSrc = src;
+
+       for (i = 0; i < (len/2); i++)
+       {
+               memmove(pDst, pSrc, 2);
+               *((USHORT *)pDst) = htons(*((USHORT *)pDst));
+               pDst+=2;
+               pSrc+=2;
+       }
+
+       if ((len % 2) != 0)
+       {
+               memmove(pDst, pSrc, 1);
+       }
+}
+
+
+static VOID RTMP_IO_READ_BULK(PRTMP_ADAPTER pAd, UCHAR *dst, UCHAR *src, UINT32 len)
+{
+       UINT32 i, Value;
+       UINT32 *pDst, *pSrc;
+
+       pDst = (UINT32 *) dst;
+       pSrc = (UINT32 *) src;
+
+       for (i = 0 ; i < (len/4); i++)
+       {
+               RTMP_IO_READ32(pAd, (ULONG)pSrc, &Value);
+               Value = htonl(Value);
+               memmove(pDst, &Value, 4);
+               pDst++;
+               pSrc++;
+       }
+       return;
+}
+
+
+INT Set_TxStop_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("Set_TxStop_Proc\n"));
+
+       if (Set_ATE_Proc(pAd, "TXSTOP"))
+       {
+               return TRUE;
+       }
+       else
+       {
+               return FALSE;
+       }
+}
+
+
+INT Set_RxStop_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("Set_RxStop_Proc\n"));
+
+       if (Set_ATE_Proc(pAd, "RXSTOP"))
+       {
+               return TRUE;
+       }
+       else
+       {
+               return FALSE;
+       }
+}
+
+
+#ifdef DBG
+INT Set_EERead_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       USHORT buffer[EEPROM_SIZE/2];
+       USHORT *p;
+       INT i;
+
+       rt_ee_read_all(pAd, (USHORT *)buffer);
+       p = buffer;
+
+       for (i = 0; i < (EEPROM_SIZE/2); i++)
+       {
+               ate_print(KERN_EMERG "%4.4x ", *p);
+               if (((i+1) % 16) == 0)
+                       ate_print(KERN_EMERG "\n");
+               p++;
+       }
+
+       return TRUE;
+}
+
+
+INT Set_EEWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       USHORT offset = 0, value;
+       PSTRING p2 = arg;
+
+       while ((*p2 != ':') && (*p2 != '\0'))
+       {
+               p2++;
+       }
+
+       if (*p2 == ':')
+       {
+               A2Hex(offset, arg);
+               A2Hex(value, p2 + 1);
+       }
+       else
+       {
+               A2Hex(value, arg);
+       }
+
+       if (offset >= EEPROM_SIZE)
+       {
+               ate_print(KERN_EMERG "Offset can not exceed EEPROM_SIZE( == 0x%04x)\n", EEPROM_SIZE);
+               return FALSE;
+       }
+
+       RT28xx_EEPROM_WRITE16(pAd, offset, value);
+
+       return TRUE;
+}
+
+
+INT Set_BBPRead_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR value = 0, offset;
+
+       A2Hex(offset, arg);
+
+       if (ATE_ON(pAd))
+       {
+               ATE_BBP_IO_READ8_BY_REG_ID(pAd, offset,  &value);
+       }
+       else
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, offset,  &value);
+       }
+
+       ate_print(KERN_EMERG "%x\n", value);
+
+       return TRUE;
+}
+
+
+INT Set_BBPWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       USHORT offset = 0;
+       PSTRING p2 = arg;
+       UCHAR value;
+
+       while ((*p2 != ':') && (*p2 != '\0'))
+       {
+               p2++;
+       }
+
+       if (*p2 == ':')
+       {
+               A2Hex(offset, arg);
+               A2Hex(value, p2 + 1);
+       }
+       else
+       {
+               A2Hex(value, arg);
+       }
+
+       if (ATE_ON(pAd))
+       {
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAd, offset,  value);
+       }
+       else
+       {
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, offset,  value);
+       }
+
+       return TRUE;
+}
+
+
+INT Set_RFWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       PSTRING p2, p3, p4;
+       UINT32 R1, R2, R3, R4;
+
+       p2 = arg;
+
+       while ((*p2 != ':') && (*p2 != '\0'))
+       {
+               p2++;
+       }
+
+       if (*p2 != ':')
+               return FALSE;
+
+       p3 = p2 + 1;
+
+       while((*p3 != ':') && (*p3 != '\0'))
+       {
+               p3++;
+       }
+
+       if (*p3 != ':')
+               return FALSE;
+
+       p4 = p3 + 1;
+
+       while ((*p4 != ':') && (*p4 != '\0'))
+       {
+               p4++;
+       }
+
+       if (*p4 != ':')
+               return FALSE;
+
+
+       A2Hex(R1, arg);
+       A2Hex(R2, p2 + 1);
+       A2Hex(R3, p3 + 1);
+       A2Hex(R4, p4 + 1);
+
+       RTMP_RF_IO_WRITE32(pAd, R1);
+       RTMP_RF_IO_WRITE32(pAd, R2);
+       RTMP_RF_IO_WRITE32(pAd, R3);
+       RTMP_RF_IO_WRITE32(pAd, R4);
+
+       return TRUE;
+}
+#endif // DBG //
+#endif // RALINK_28xx_QA //
+
+
+
+
+#ifdef RALINK_28xx_QA
+#define        LEN_OF_ARG 16
+
+#define RESPONSE_TO_GUI(__pRaCfg, __pwrq, __Length, __Status)                                                                  \
+       (__pRaCfg)->length = htons((__Length));                                                                                                         \
+       (__pRaCfg)->status = htons((__Status));                                                                                                         \
+       (__pwrq)->u.data.length = sizeof((__pRaCfg)->magic_no) + sizeof((__pRaCfg)->command_type)       \
+                                                       + sizeof((__pRaCfg)->command_id) + sizeof((__pRaCfg)->length)           \
+                                                       + sizeof((__pRaCfg)->sequence) + ntohs((__pRaCfg)->length);                     \
+       ATEDBGPRINT(RT_DEBUG_TRACE, ("wrq->u.data.length = %d\n", (__pwrq)->u.data.length));            \
+       if (copy_to_user((__pwrq)->u.data.pointer, (UCHAR *)(__pRaCfg), (__pwrq)->u.data.length))       \
+       {                                                                                                                                                                                       \
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("copy_to_user() fail in %s\n", __FUNCTION__));                             \
+               return (-EFAULT);                                                                                                                                               \
+       }                                                                                                                                                                                       \
+       else                                                                                                                                                                            \
+       {                                                                                                                                                                                       \
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("%s is done !\n", __FUNCTION__));                                                  \
+       }
+
+static inline INT      DO_RACFG_CMD_ATE_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_START\n"));
+
+       /* Prepare feedback as soon as we can to avoid QA timeout. */
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+       Set_ATE_Proc(pAdapter, "ATESTART");
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       INT32 ret;
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_STOP\n"));
+
+       /*
+               Distinguish this command came from QA(via ate agent)
+               or ate agent according to the existence of pid in payload.
+
+               No need to prepare feedback if this cmd came directly from ate agent,
+               not from QA.
+       */
+       pRaCfg->length = ntohs(pRaCfg->length);
+
+       if (pRaCfg->length == sizeof(pAdapter->ate.AtePid))
+       {
+               /*
+                       This command came from QA.
+                       Get the pid of ATE agent.
+               */
+               memcpy((UCHAR *)&pAdapter->ate.AtePid,
+                                               (&pRaCfg->data[0]) - 2/* == sizeof(pRaCfg->status) */,
+                                               sizeof(pAdapter->ate.AtePid));
+
+               /* Prepare feedback as soon as we can to avoid QA timeout. */
+               RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+               /*
+                       Kill ATE agent when leaving ATE mode.
+
+                       We must kill ATE agent first before setting ATESTOP,
+                       or Microsoft will report sth. wrong.
+               */
+               ret = KILL_THREAD_PID(pAdapter->ate.AtePid, SIGTERM, 1);
+
+               if (ret)
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR, ("%s: unable to kill ate thread\n", pAdapter->net_dev->name));
+               }
+       }
+
+
+       /* AP/STA might have in ATE_STOP mode due to cmd from QA. */
+       if (ATE_ON(pAdapter))
+       {
+               /* Someone has killed ate agent while QA GUI is still open. */
+               Set_ATE_Proc(pAdapter, "ATESTOP");
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("RACFG_CMD_AP_START is done !\n"));
+       }
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_RF_WRITE_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32 R1, R2, R3, R4;
+       USHORT channel;
+
+       memcpy(&R1, pRaCfg->data-2, 4);
+       memcpy(&R2, pRaCfg->data+2, 4);
+       memcpy(&R3, pRaCfg->data+6, 4);
+       memcpy(&R4, pRaCfg->data+10, 4);
+       memcpy(&channel, pRaCfg->data+14, 2);
+
+       pAdapter->LatchRfRegs.R1 = ntohl(R1);
+       pAdapter->LatchRfRegs.R2 = ntohl(R2);
+       pAdapter->LatchRfRegs.R3 = ntohl(R3);
+       pAdapter->LatchRfRegs.R4 = ntohl(R4);
+       pAdapter->LatchRfRegs.Channel = ntohs(channel);
+
+       RTMP_RF_IO_WRITE32(pAdapter, pAdapter->LatchRfRegs.R1);
+       RTMP_RF_IO_WRITE32(pAdapter, pAdapter->LatchRfRegs.R2);
+       RTMP_RF_IO_WRITE32(pAdapter, pAdapter->LatchRfRegs.R3);
+       RTMP_RF_IO_WRITE32(pAdapter, pAdapter->LatchRfRegs.R4);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return  NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_E2PROM_READ16(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT16  offset=0, value=0;
+       USHORT  tmp=0;
+
+       offset = ntohs(pRaCfg->status);
+
+       /* "tmp" is especially for some compilers... */
+       RT28xx_EEPROM_READ16(pAdapter, offset, tmp);
+       value = tmp;
+       value = htons(value);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("EEPROM Read offset = 0x%04x, value = 0x%04x\n", offset, value));
+       memcpy(pRaCfg->data, &value, 2);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+2, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_E2PROM_WRITE16(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT  offset, value;
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&value, pRaCfg->data, 2);
+       value = ntohs(value);
+       RT28xx_EEPROM_WRITE16(pAdapter, offset, value);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_E2PROM_READ_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT buffer[EEPROM_SIZE/2];
+
+       rt_ee_read_all(pAdapter,(USHORT *)buffer);
+       memcpy_exs(pAdapter, pRaCfg->data, (UCHAR *)buffer, EEPROM_SIZE);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+EEPROM_SIZE, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_E2PROM_WRITE_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT buffer[EEPROM_SIZE/2];
+
+       NdisZeroMemory((UCHAR *)buffer, EEPROM_SIZE);
+       memcpy_exs(pAdapter, (UCHAR *)buffer, (UCHAR *)&pRaCfg->status, EEPROM_SIZE);
+       rt_ee_write_all(pAdapter,(USHORT *)buffer);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_IO_READ(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32  offset;
+       UINT32  value;
+
+       memcpy(&offset, &pRaCfg->status, 4);
+       offset = ntohl(offset);
+
+       /*
+               We do not need the base address.
+               So just extract the offset out.
+       */
+       offset &= 0x0000FFFF;
+       RTMP_IO_READ32(pAdapter, offset, &value);
+       value = htonl(value);
+       memcpy(pRaCfg->data, &value, 4);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+4, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_IO_WRITE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32  offset, value;
+
+       memcpy(&offset, pRaCfg->data-2, 4);
+       memcpy(&value, pRaCfg->data+2, 4);
+
+       offset = ntohl(offset);
+
+       /*
+               We do not need the base address.
+               So just extract the offset out.
+       */
+       offset &= 0x0000FFFF;
+       value = ntohl(value);
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_IO_WRITE: offset = %x, value = %x\n", offset, value));
+       RTMP_IO_WRITE32(pAdapter, offset, value);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_IO_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32  offset;
+       USHORT  len;
+
+       memcpy(&offset, &pRaCfg->status, 4);
+       offset = ntohl(offset);
+
+       /*
+               We do not need the base address.
+               So just extract the offset out.
+       */
+       offset &= 0x0000FFFF;
+       memcpy(&len, pRaCfg->data+2, 2);
+       len = ntohs(len);
+
+       if (len > 371)
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE,("length requested is too large, make it smaller\n"));
+               pRaCfg->length = htons(2);
+               pRaCfg->status = htons(1);
+               return -EFAULT;
+       }
+
+       RTMP_IO_READ_BULK(pAdapter, pRaCfg->data, (UCHAR *)offset, len*4);// unit in four bytes
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+(len*4), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_BBP_READ8(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT  offset;
+       UCHAR   value;
+
+       value = 0;
+       offset = ntohs(pRaCfg->status);
+
+       if (ATE_ON(pAdapter))
+       {
+               ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, offset, &value);
+       }
+       else
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, offset, &value);
+       }
+
+       pRaCfg->data[0] = value;
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+1, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_BBP_WRITE8(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT  offset;
+       UCHAR   value;
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&value, pRaCfg->data, 1);
+
+       if (ATE_ON(pAdapter))
+       {
+               ATE_BBP_IO_WRITE8_BY_REG_ID(pAdapter, offset, value);
+       }
+       else
+       {
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, offset, value);
+       }
+
+       if ((offset == BBP_R1) || (offset == BBP_R3))
+       {
+               SyncTxRxConfig(pAdapter, offset, value);
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_BBP_READ_ALL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT bbp_reg_index;
+
+       for (bbp_reg_index = 0; bbp_reg_index < MAX_BBP_ID+1; bbp_reg_index++)
+       {
+               pRaCfg->data[bbp_reg_index] = 0;
+
+               if (ATE_ON(pAdapter))
+               {
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, bbp_reg_index, &pRaCfg->data[bbp_reg_index]);
+               }
+               else
+               {
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, bbp_reg_index, &pRaCfg->data[bbp_reg_index]);
+               }
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+MAX_BBP_ID+1, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_GET_NOISE_LEVEL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UCHAR   channel;
+       INT32   buffer[3][10];/* 3 : RxPath ; 10 : no. of per rssi samples */
+
+       channel = (ntohs(pRaCfg->status) & 0x00FF);
+       CalNoiseLevel(pAdapter, channel, buffer);
+       memcpy_exl(pAdapter, (UCHAR *)pRaCfg->data, (UCHAR *)&(buffer[0][0]), (sizeof(INT32)*3*10));
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+(sizeof(INT32)*3*10), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_GET_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       memcpy_exl(pAdapter, &pRaCfg->data[0], (UCHAR *)&pAdapter->ate.U2M, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[4], (UCHAR *)&pAdapter->ate.OtherData, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[8], (UCHAR *)&pAdapter->ate.Beacon, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[12], (UCHAR *)&pAdapter->ate.OtherCount, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[16], (UCHAR *)&pAdapter->ate.TxAc0, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[20], (UCHAR *)&pAdapter->ate.TxAc1, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[24], (UCHAR *)&pAdapter->ate.TxAc2, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[28], (UCHAR *)&pAdapter->ate.TxAc3, 4);
+       /*memcpy_exl(pAdapter, &pRaCfg->data[32], (UCHAR *)&pAdapter->ate.TxHCCA, 4);*/
+       memcpy_exl(pAdapter, &pRaCfg->data[36], (UCHAR *)&pAdapter->ate.TxMgmt, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[40], (UCHAR *)&pAdapter->ate.RSSI0, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[44], (UCHAR *)&pAdapter->ate.RSSI1, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[48], (UCHAR *)&pAdapter->ate.RSSI2, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[52], (UCHAR *)&pAdapter->ate.SNR0, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[56], (UCHAR *)&pAdapter->ate.SNR1, 4);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+60, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_CLEAR_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       pAdapter->ate.U2M = 0;
+       pAdapter->ate.OtherData = 0;
+       pAdapter->ate.Beacon = 0;
+       pAdapter->ate.OtherCount = 0;
+       pAdapter->ate.TxAc0 = 0;
+       pAdapter->ate.TxAc1 = 0;
+       pAdapter->ate.TxAc2 = 0;
+       pAdapter->ate.TxAc3 = 0;
+       /*pAdapter->ate.TxHCCA = 0;*/
+       pAdapter->ate.TxMgmt = 0;
+       pAdapter->ate.TxDoneCount = 0;
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_TX_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT *p;
+       USHORT  err = 1;
+       UCHAR   Bbp22Value = 0, Bbp24Value = 0;
+
+       if ((pAdapter->ate.TxStatus != 0) && (pAdapter->ate.Mode & ATE_TXFRAME))
+       {
+               ATEDBGPRINT(RT_DEBUG_TRACE,("Ate Tx is already running, to run next Tx, you must stop it first\n"));
+               err = 2;
+               goto TX_START_ERROR;
+       }
+       else if ((pAdapter->ate.TxStatus != 0) && !(pAdapter->ate.Mode & ATE_TXFRAME))
+       {
+               int i = 0;
+
+               while ((i++ < 10) && (pAdapter->ate.TxStatus != 0))
+               {
+                       RTMPusecDelay(5000);
+               }
+
+               /* force it to stop */
+               pAdapter->ate.TxStatus = 0;
+               pAdapter->ate.TxDoneCount = 0;
+               pAdapter->ate.bQATxStart = FALSE;
+       }
+
+       /*
+               If pRaCfg->length == 0, this "RACFG_CMD_TX_START"
+               is for Carrier test or Carrier Suppression.
+       */
+       if (ntohs(pRaCfg->length) != 0)
+       {
+               /* get frame info */
+
+               NdisMoveMemory(&pAdapter->ate.TxWI, pRaCfg->data + 2, 16);
+#ifdef RT_BIG_ENDIAN
+               RTMPWIEndianChange((PUCHAR)&pAdapter->ate.TxWI, TYPE_TXWI);
+#endif // RT_BIG_ENDIAN //
+
+               NdisMoveMemory(&pAdapter->ate.TxCount, pRaCfg->data + 18, 4);
+               pAdapter->ate.TxCount = ntohl(pAdapter->ate.TxCount);
+
+               p = (USHORT *)(&pRaCfg->data[22]);
+
+               /* always use QID_AC_BE */
+               pAdapter->ate.QID = 0;
+
+               p = (USHORT *)(&pRaCfg->data[24]);
+               pAdapter->ate.HLen = ntohs(*p);
+
+               if (pAdapter->ate.HLen > 32)
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR,("pAdapter->ate.HLen > 32\n"));
+                       err = 3;
+                       goto TX_START_ERROR;
+               }
+
+               NdisMoveMemory(&pAdapter->ate.Header, pRaCfg->data + 26, pAdapter->ate.HLen);
+
+               pAdapter->ate.PLen = ntohs(pRaCfg->length) - (pAdapter->ate.HLen + 28);
+
+               if (pAdapter->ate.PLen > 32)
+               {
+                       ATEDBGPRINT(RT_DEBUG_ERROR,("pAdapter->ate.PLen > 32\n"));
+                       err = 4;
+                       goto TX_START_ERROR;
+               }
+
+               NdisMoveMemory(&pAdapter->ate.Pattern, pRaCfg->data + 26 + pAdapter->ate.HLen, pAdapter->ate.PLen);
+               pAdapter->ate.DLen = pAdapter->ate.TxWI.MPDUtotalByteCount - pAdapter->ate.HLen;
+       }
+
+       ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R22, &Bbp22Value);
+
+       switch (Bbp22Value)
+       {
+               case BBP22_TXFRAME:
+                       {
+                               if (pAdapter->ate.TxCount == 0)
+                               {
+#ifdef RTMP_MAC_PCI
+                                       pAdapter->ate.TxCount = 0xFFFFFFFF;
+#endif // RTMP_MAC_PCI //
+                               }
+                               ATEDBGPRINT(RT_DEBUG_TRACE,("START TXFRAME\n"));
+                               pAdapter->ate.bQATxStart = TRUE;
+                               Set_ATE_Proc(pAdapter, "TXFRAME");
+                       }
+                       break;
+
+               case BBP22_TXCONT_OR_CARRSUPP:
+                       {
+                               ATEDBGPRINT(RT_DEBUG_TRACE,("BBP22_TXCONT_OR_CARRSUPP\n"));
+                               ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R24, &Bbp24Value);
+
+                               switch (Bbp24Value)
+                               {
+                                       case BBP24_TXCONT:
+                                               {
+                                                       ATEDBGPRINT(RT_DEBUG_TRACE,("START TXCONT\n"));
+                                                       pAdapter->ate.bQATxStart = TRUE;
+                                                       Set_ATE_Proc(pAdapter, "TXCONT");
+                                               }
+                                               break;
+
+                                       case BBP24_CARRSUPP:
+                                               {
+                                                       ATEDBGPRINT(RT_DEBUG_TRACE,("START TXCARRSUPP\n"));
+                                                       pAdapter->ate.bQATxStart = TRUE;
+                                                       pAdapter->ate.Mode |= ATE_TXCARRSUPP;
+                                               }
+                                               break;
+
+                                       default:
+                                               {
+                                                       ATEDBGPRINT(RT_DEBUG_ERROR,("Unknown TX subtype !"));
+                                               }
+                                               break;
+                               }
+                       }
+                       break;
+
+               case BBP22_TXCARR:
+                       {
+                               ATEDBGPRINT(RT_DEBUG_TRACE,("START TXCARR\n"));
+                               pAdapter->ate.bQATxStart = TRUE;
+                               Set_ATE_Proc(pAdapter, "TXCARR");
+                       }
+                       break;
+
+               default:
+                       {
+                               ATEDBGPRINT(RT_DEBUG_ERROR,("Unknown Start TX subtype !"));
+                       }
+                       break;
+       }
+
+       if (pAdapter->ate.bQATxStart == TRUE)
+       {
+               RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+               return NDIS_STATUS_SUCCESS;
+       }
+
+TX_START_ERROR:
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), err);
+
+       return err;
+}
+
+
+static inline INT DO_RACFG_CMD_GET_TX_STATUS(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32 count=0;
+
+       count = htonl(pAdapter->ate.TxDoneCount);
+       NdisMoveMemory(pRaCfg->data, &count, 4);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+4, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_TX_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_TX_STOP\n"));
+
+       Set_ATE_Proc(pAdapter, "TXSTOP");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_RX_START(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_RX_START\n"));
+
+       pAdapter->ate.bQARxStart = TRUE;
+       Set_ATE_Proc(pAdapter, "RXFRAME");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_RX_STOP(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_RX_STOP\n"));
+
+       Set_ATE_Proc(pAdapter, "RXSTOP");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_CARRIER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_START_TX_CARRIER\n"));
+
+       Set_ATE_Proc(pAdapter, "TXCARR");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_CONT(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_START_TX_CONT\n"));
+
+       Set_ATE_Proc(pAdapter, "TXCONT");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_START_TX_FRAME(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_START_TX_FRAME\n"));
+
+       Set_ATE_Proc(pAdapter, "TXFRAME");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_BW(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_BW\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+
+       Set_ATE_TX_BW_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_POWER0(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_TX_POWER0\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_POWER0_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_POWER1(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_TX_POWER1\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_POWER1_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_FREQ_OFFSET(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_FREQ_OFFSET\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_FREQOFFSET_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_GET_STATISTICS(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_GET_STATISTICS\n"));
+
+       memcpy_exl(pAdapter, &pRaCfg->data[0], (UCHAR *)&pAdapter->ate.TxDoneCount, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[4], (UCHAR *)&pAdapter->WlanCounters.RetryCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[8], (UCHAR *)&pAdapter->WlanCounters.FailedCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[12], (UCHAR *)&pAdapter->WlanCounters.RTSSuccessCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[16], (UCHAR *)&pAdapter->WlanCounters.RTSFailureCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[20], (UCHAR *)&pAdapter->WlanCounters.ReceivedFragmentCount.QuadPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[24], (UCHAR *)&pAdapter->WlanCounters.FCSErrorCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[28], (UCHAR *)&pAdapter->Counters8023.RxNoBuffer, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[32], (UCHAR *)&pAdapter->WlanCounters.FrameDuplicateCount.u.LowPart, 4);
+       memcpy_exl(pAdapter, &pRaCfg->data[36], (UCHAR *)&pAdapter->RalinkCounters.OneSecFalseCCACnt, 4);
+
+       if (pAdapter->ate.RxAntennaSel == 0)
+       {
+               INT32 RSSI0 = 0;
+               INT32 RSSI1 = 0;
+               INT32 RSSI2 = 0;
+
+               RSSI0 = (INT32)(pAdapter->ate.LastRssi0 - pAdapter->BbpRssiToDbmDelta);
+               RSSI1 = (INT32)(pAdapter->ate.LastRssi1 - pAdapter->BbpRssiToDbmDelta);
+               RSSI2 = (INT32)(pAdapter->ate.LastRssi2 - pAdapter->BbpRssiToDbmDelta);
+               memcpy_exl(pAdapter, &pRaCfg->data[40], (UCHAR *)&RSSI0, 4);
+               memcpy_exl(pAdapter, &pRaCfg->data[44], (UCHAR *)&RSSI1, 4);
+               memcpy_exl(pAdapter, &pRaCfg->data[48], (UCHAR *)&RSSI2, 4);
+               RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+52, NDIS_STATUS_SUCCESS);
+       }
+       else
+       {
+               INT32 RSSI0 = 0;
+
+               RSSI0 = (INT32)(pAdapter->ate.LastRssi0 - pAdapter->BbpRssiToDbmDelta);
+               memcpy_exl(pAdapter, &pRaCfg->data[40], (UCHAR *)&RSSI0, 4);
+               RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+44, NDIS_STATUS_SUCCESS);
+       }
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_RESET_COUNTER(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 1;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_RESET_COUNTER\n"));
+
+       sprintf((char *)str, "%d", value);
+       Set_ResetStatCounter_Proc(pAdapter, str);
+
+       pAdapter->ate.TxDoneCount = 0;
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SEL_TX_ANTENNA(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SEL_TX_ANTENNA\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_Antenna_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SEL_RX_ANTENNA(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SEL_RX_ANTENNA\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_RX_Antenna_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_PREAMBLE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_PREAMBLE\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_MODE_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_CHANNEL(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_CHANNEL\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_CHANNEL_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR1(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_ADDR1\n"));
+
+       /*
+               Addr is an array of UCHAR,
+               so no need to perform endian swap.
+       */
+       memcpy(pAdapter->ate.Addr1, (PUCHAR)(pRaCfg->data - 2), MAC_ADDR_LEN);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR2(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_ADDR2\n"));
+
+       /*
+               Addr is an array of UCHAR,
+               so no need to perform endian swap.
+       */
+       memcpy(pAdapter->ate.Addr2, (PUCHAR)(pRaCfg->data - 2), MAC_ADDR_LEN);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_ADDR3(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_ADDR3\n"));
+
+       /*
+               Addr is an array of UCHAR,
+               so no need to perform endian swap.
+       */
+       memcpy(pAdapter->ate.Addr3, (PUCHAR)(pRaCfg->data - 2), MAC_ADDR_LEN);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_RATE(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_RATE\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_MCS_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_FRAME_LEN(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       SHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_TX_FRAME_LEN\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+       sprintf((char *)str, "%d", value);
+       Set_ATE_TX_LENGTH_Proc(pAdapter, str);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_SET_TX_FRAME_COUNT(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT    value = 0;
+       STRING    str[LEN_OF_ARG];
+
+       NdisZeroMemory(str, LEN_OF_ARG);
+
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_ATE_SET_TX_FRAME_COUNT\n"));
+
+       memcpy((PUCHAR)&value, (PUCHAR)&(pRaCfg->status), 2);
+       value = ntohs(value);
+
+#ifdef RTMP_MAC_PCI
+       /* TX_FRAME_COUNT == 0 means tx infinitely */
+       if (value == 0)
+       {
+               /* Use TxCount = 0xFFFFFFFF to approximate the infinity. */
+               pAdapter->ate.TxCount = 0xFFFFFFFF;
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("Set_ATE_TX_COUNT_Proc (TxCount = %d)\n", pAdapter->ate.TxCount));
+               ATEDBGPRINT(RT_DEBUG_TRACE, ("Ralink: Set_ATE_TX_COUNT_Proc Success\n"));
+
+
+       }
+       else
+#endif // RTMP_MAC_PCI //
+       {
+               sprintf((char *)str, "%d", value);
+               Set_ATE_TX_COUNT_Proc(pAdapter, str);
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_START_RX_FRAME(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       ATEDBGPRINT(RT_DEBUG_TRACE,("RACFG_CMD_RX_START\n"));
+
+       Set_ATE_Proc(pAdapter, "RXFRAME");
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_E2PROM_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT offset;
+       USHORT len;
+       USHORT buffer[EEPROM_SIZE/2];
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&len, pRaCfg->data, 2);
+       len = ntohs(len);
+
+       rt_ee_read_all(pAdapter, (USHORT *)buffer);
+
+       if (offset + len <= EEPROM_SIZE)
+               memcpy_exs(pAdapter, pRaCfg->data, (UCHAR *)buffer+offset, len);
+       else
+               ATEDBGPRINT(RT_DEBUG_ERROR, ("exceed EEPROM size\n"));
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+len, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_E2PROM_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT offset;
+       USHORT len;
+       USHORT buffer[EEPROM_SIZE/2];
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&len, pRaCfg->data, 2);
+       len = ntohs(len);
+
+       rt_ee_read_all(pAdapter,(USHORT *)buffer);
+       memcpy_exs(pAdapter, (UCHAR *)buffer + offset, (UCHAR *)pRaCfg->data + 2, len);
+       rt_ee_write_all(pAdapter,(USHORT *)buffer);
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_IO_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       UINT32 offset, i, value;
+       USHORT len;
+
+       memcpy(&offset, &pRaCfg->status, 4);
+       offset = ntohl(offset);
+       memcpy(&len, pRaCfg->data+2, 2);
+       len = ntohs(len);
+
+       for (i = 0; i < len; i += 4)
+       {
+               memcpy_exl(pAdapter, (UCHAR *)&value, pRaCfg->data+4+i, 4);
+               ATEDBGPRINT(RT_DEBUG_TRACE,("Write %x %x\n", offset + i, value));
+               RTMP_IO_WRITE32(pAdapter, ((offset+i) & (0xffff)), value);
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_BBP_READ_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT offset;
+       USHORT len;
+       USHORT j;
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&len, pRaCfg->data, 2);
+       len = ntohs(len);
+
+       for (j = offset; j < (offset+len); j++)
+       {
+               pRaCfg->data[j - offset] = 0;
+
+               if (pAdapter->ate.Mode == ATE_STOP)
+               {
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, j, &pRaCfg->data[j - offset]);
+               }
+               else
+               {
+                       ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, j, &pRaCfg->data[j - offset]);
+               }
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status)+len, NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+static inline INT DO_RACFG_CMD_ATE_BBP_WRITE_BULK(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq,
+       IN  struct ate_racfghdr *pRaCfg)
+{
+       USHORT offset;
+       USHORT len;
+       USHORT j;
+       UCHAR *value;
+
+       offset = ntohs(pRaCfg->status);
+       memcpy(&len, pRaCfg->data, 2);
+       len = ntohs(len);
+
+       for (j = offset; j < (offset+len); j++)
+       {
+               value = pRaCfg->data + 2 + (j - offset);
+               if (pAdapter->ate.Mode == ATE_STOP)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, j,  *value);
+               }
+               else
+               {
+                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAdapter, j,  *value);
+               }
+       }
+
+       RESPONSE_TO_GUI(pRaCfg, wrq, sizeof(pRaCfg->status), NDIS_STATUS_SUCCESS);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
diff --git a/drivers/staging/rt3090/rt_ate.h b/drivers/staging/rt3090/rt_ate.h
new file mode 100644 (file)
index 0000000..38d5961
--- /dev/null
@@ -0,0 +1,314 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#ifndef __ATE_H__
+#define __ATE_H__
+
+
+#ifdef LINUX
+#define ate_print printk
+#define ATEDBGPRINT DBGPRINT
+#ifdef RTMP_MAC_PCI
+#define EEPROM_SIZE                                                            0x200
+#ifdef CONFIG_STA_SUPPORT
+#define EEPROM_BIN_FILE_NAME  "/etc/Wireless/RT2860STA/e2p.bin"
+#endif // CONFIG_STA_SUPPORT //
+#endif // RTMP_MAC_PCI //
+#endif // LINUX //
+
+
+#define ATE_ON(_p)              (((_p)->ate.Mode) != ATE_STOP)
+
+#ifdef RTMP_MAC_PCI
+#define ATE_BBP_IO_READ8_BY_REG_ID(_A, _I, _pV)        \
+{                                                       \
+    BBP_CSR_CFG_STRUC  BbpCsr;                             \
+    int             j, k;                               \
+    for (j=0; j<MAX_BUSY_COUNT; j++)                    \
+    {                                                   \
+        RTMP_IO_READ32(_A, BBP_CSR_CFG, &BbpCsr.word);     \
+        if (BbpCsr.field.Busy == BUSY)                  \
+        {                                               \
+            continue;                                   \
+        }                                               \
+        BbpCsr.word = 0;                                \
+        BbpCsr.field.fRead = 1;                         \
+        BbpCsr.field.BBP_RW_MODE = 1;                         \
+        BbpCsr.field.Busy = 1;                          \
+        BbpCsr.field.RegNum = _I;                       \
+        RTMP_IO_WRITE32(_A, BBP_CSR_CFG, BbpCsr.word);     \
+        for (k=0; k<MAX_BUSY_COUNT; k++)                \
+        {                                               \
+            RTMP_IO_READ32(_A, BBP_CSR_CFG, &BbpCsr.word); \
+            if (BbpCsr.field.Busy == IDLE)              \
+                break;                                  \
+        }                                               \
+        if ((BbpCsr.field.Busy == IDLE) &&              \
+            (BbpCsr.field.RegNum == _I))                \
+        {                                               \
+            *(_pV) = (UCHAR)BbpCsr.field.Value;         \
+            break;                                      \
+        }                                               \
+    }                                                   \
+    if (BbpCsr.field.Busy == BUSY)                      \
+    {                                                   \
+        ATEDBGPRINT(RT_DEBUG_ERROR, ("BBP read R%d fail\n", _I));      \
+        *(_pV) = (_A)->BbpWriteLatch[_I];               \
+    }                                                   \
+}
+
+#define ATE_BBP_IO_WRITE8_BY_REG_ID(_A, _I, _V)        \
+{                                                       \
+    BBP_CSR_CFG_STRUC  BbpCsr;                             \
+    int             BusyCnt;                            \
+    for (BusyCnt=0; BusyCnt<MAX_BUSY_COUNT; BusyCnt++)  \
+    {                                                   \
+        RTMP_IO_READ32(_A, BBP_CSR_CFG, &BbpCsr.word);     \
+        if (BbpCsr.field.Busy == BUSY)                  \
+            continue;                                   \
+        BbpCsr.word = 0;                                \
+        BbpCsr.field.fRead = 0;                         \
+        BbpCsr.field.BBP_RW_MODE = 1;                         \
+        BbpCsr.field.Busy = 1;                          \
+        BbpCsr.field.Value = _V;                        \
+        BbpCsr.field.RegNum = _I;                       \
+        RTMP_IO_WRITE32(_A, BBP_CSR_CFG, BbpCsr.word);     \
+        (_A)->BbpWriteLatch[_I] = _V;                   \
+        break;                                          \
+    }                                                   \
+    if (BusyCnt == MAX_BUSY_COUNT)                      \
+    {                                                   \
+        ATEDBGPRINT(RT_DEBUG_ERROR, ("BBP write R%d fail\n", _I));     \
+    }                                                   \
+}
+#endif // RTMP_MAC_PCI //
+
+
+#ifdef RT30xx
+#define ATE_RF_IO_READ8_BY_REG_ID(_A, _I, _pV)     RTMP_RF_IO_READ8_BY_REG_ID(_A, _I, _pV)
+#define ATE_RF_IO_WRITE8_BY_REG_ID(_A, _I, _V)     RTMP_RF_IO_WRITE8_BY_REG_ID(_A, _I, _V)
+#endif // RT30xx //
+
+
+VOID rt_ee_read_all(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT USHORT *Data);
+
+VOID rt_ee_write_all(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  USHORT *Data);
+
+INT Set_ATE_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_DA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_SA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_BSSID_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_CHANNEL_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_POWER0_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_POWER1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_RX_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_FREQOFFSET_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_BW_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_LENGTH_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_COUNT_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_MCS_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_MODE_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_TX_GI_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+
+INT    Set_ATE_RX_FER_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Read_RF_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Write_RF1_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Write_RF2_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Write_RF3_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Write_RF4_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Load_E2P_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ATE_Read_E2P_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+
+INT    Set_ATE_Show_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ATE_Help_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifdef RALINK_28xx_QA
+VOID ATE_QA_Statistics(
+       IN PRTMP_ADAPTER                pAd,
+       IN PRXWI_STRUC                  pRxWI,
+       IN PRT28XX_RXD_STRUC    p28xxRxD,
+       IN PHEADER_802_11               pHeader);
+
+VOID RtmpDoAte(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq);
+
+VOID BubbleSort(
+       IN  INT32 n,
+       IN  INT32 a[]);
+
+VOID CalNoiseLevel(
+       IN  PRTMP_ADAPTER   pAdapter,
+       IN  UCHAR           channel,
+       OUT INT32           buffer[3][10]);
+
+BOOLEAN SyncTxRxConfig(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      USHORT                  offset,
+       IN      UCHAR                   value);
+
+INT Set_TxStop_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_RxStop_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifdef DBG
+INT Set_EERead_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_EEWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_BBPRead_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_BBPWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_RFWrite_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif // DBG //
+#endif // RALINK_28xx_QA //
+
+
+VOID ATEAsicSwitchChannel(
+       IN PRTMP_ADAPTER pAd);
+
+VOID ATEAsicAdjustTxPower(
+       IN PRTMP_ADAPTER pAd);
+
+VOID ATEDisableAsicProtect(
+       IN              PRTMP_ADAPTER   pAd);
+
+CHAR ATEConvertToRssi(
+       IN PRTMP_ADAPTER  pAd,
+       IN CHAR                         Rssi,
+       IN UCHAR    RssiNumber);
+
+VOID ATESampleRssi(
+       IN PRTMP_ADAPTER        pAd,
+       IN PRXWI_STRUC          pRxWI);
+
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RTMPStationStop(
+    IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPStationStart(
+    IN  PRTMP_ADAPTER   pAd);
+#endif // CONFIG_STA_SUPPORT //
+#endif // __ATE_H__ //
diff --git a/drivers/staging/rt3090/rt_config.h b/drivers/staging/rt3090/rt_config.h
new file mode 100644 (file)
index 0000000..005142d
--- /dev/null
@@ -0,0 +1,126 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rt_config.h
+
+       Abstract:
+       Central header file to maintain all include files for all NDIS
+       miniport driver routines.
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+       Paul Lin    08-01-2002    created
+
+*/
+#ifndef        __RT_CONFIG_H__
+#define        __RT_CONFIG_H__
+
+#include "rtmp_type.h"
+#include "rtmp_os.h"
+
+#include "rtmp_def.h"
+#include "rtmp_chip.h"
+#include "rtmp_timer.h"
+
+#include "oid.h"
+#include "mlme.h"
+#include "wpa.h"
+#include "crypt_md5.h"
+#include "crypt_sha2.h"
+#include "crypt_hmac.h"
+#include "rtmp.h"
+#include "ap.h"
+#include "dfs.h"
+#include "chlist.h"
+#include "spectrum.h"
+
+#ifdef MLME_EX
+#include       "mlme_ex_def.h"
+#include       "mlme_ex.h"
+#endif // MLME_EX //
+
+#include "eeprom.h"
+#if defined(RTMP_PCI_SUPPORT) || defined(RTMP_USB_SUPPORT)
+#include "rtmp_mcu.h"
+#endif
+
+
+
+#undef AP_WSC_INCLUDED
+#undef STA_WSC_INCLUDED
+#undef WSC_INCLUDED
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef BLOCK_NET_IF
+#include "netif_block.h"
+#endif // BLOCK_NET_IF //
+
+#ifdef IGMP_SNOOP_SUPPORT
+#include "igmp_snoop.h"
+#endif // IGMP_SNOOP_SUPPORT //
+
+#ifdef RALINK_ATE
+#include "rt_ate.h"
+#endif // RALINK_ATE //
+
+#ifdef RALINK_28xx_QA
+#ifndef RALINK_ATE
+#error "For supporting QA GUI, please set HAS_ATE=y and HAS_28xx_QA=y."
+#endif // RALINK_ATE //
+#endif // RALINK_28xx_QA //
+
+
+
+
+#if defined(AP_WSC_INCLUDED) || defined(STA_WSC_INCLUDED)
+#define WSC_INCLUDED
+#endif
+
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+#ifndef WPA_SUPPLICANT_SUPPORT
+#error "Build for being controlled by NetworkManager or wext, please set HAS_WPA_SUPPLICANT=y and HAS_NATIVE_WPA_SUPPLICANT_SUPPORT=y"
+#endif // WPA_SUPPLICANT_SUPPORT //
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+#ifdef IKANOS_VX_1X0
+#include "vr_ikans.h"
+#endif // IKANOS_VX_1X0 //
+
+
+
+#endif // __RT_CONFIG_H__
diff --git a/drivers/staging/rt3090/rt_linux.c b/drivers/staging/rt3090/rt_linux.c
new file mode 100644 (file)
index 0000000..375d0b7
--- /dev/null
@@ -0,0 +1,1623 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#include "rt_config.h"
+
+ULONG  RTDebugLevel = RT_DEBUG_ERROR;
+
+
+// for wireless system event message
+char const *pWirelessSysEventText[IW_SYS_EVENT_TYPE_NUM] = {
+       // system status event
+    "had associated successfully",                                                     /* IW_ASSOC_EVENT_FLAG */
+    "had disassociated",                                                                       /* IW_DISASSOC_EVENT_FLAG */
+    "had deauthenticated",                                                                     /* IW_DEAUTH_EVENT_FLAG */
+    "had been aged-out and disassociated",                                     /* IW_AGEOUT_EVENT_FLAG */
+    "occurred CounterMeasures attack",                                         /* IW_COUNTER_MEASURES_EVENT_FLAG */
+    "occurred replay counter different in Key Handshaking",    /* IW_REPLAY_COUNTER_DIFF_EVENT_FLAG */
+    "occurred RSNIE different in Key Handshaking",                     /* IW_RSNIE_DIFF_EVENT_FLAG */
+    "occurred MIC different in Key Handshaking",                       /* IW_MIC_DIFF_EVENT_FLAG */
+    "occurred ICV error in RX",                                                                /* IW_ICV_ERROR_EVENT_FLAG */
+    "occurred MIC error in RX",                                                                /* IW_MIC_ERROR_EVENT_FLAG */
+       "Group Key Handshaking timeout",                                                /* IW_GROUP_HS_TIMEOUT_EVENT_FLAG */
+       "Pairwise Key Handshaking timeout",                                             /* IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG */
+       "RSN IE sanity check failure",                                                  /* IW_RSNIE_SANITY_FAIL_EVENT_FLAG */
+       "set key done in WPA/WPAPSK",                                                   /* IW_SET_KEY_DONE_WPA1_EVENT_FLAG */
+       "set key done in WPA2/WPA2PSK",                         /* IW_SET_KEY_DONE_WPA2_EVENT_FLAG */
+       "connects with our wireless client",                    /* IW_STA_LINKUP_EVENT_FLAG */
+       "disconnects with our wireless client",                 /* IW_STA_LINKDOWN_EVENT_FLAG */
+       "scan completed"                                                                                /* IW_SCAN_COMPLETED_EVENT_FLAG */
+       "scan terminate!! Busy!! Enqueue fail!!"                                /* IW_SCAN_ENQUEUE_FAIL_EVENT_FLAG */
+       };
+
+// for wireless IDS_spoof_attack event message
+char const *pWirelessSpoofEventText[IW_SPOOF_EVENT_TYPE_NUM] = {
+    "detected conflict SSID",                                                          /* IW_CONFLICT_SSID_EVENT_FLAG */
+    "detected spoofed association response",                           /* IW_SPOOF_ASSOC_RESP_EVENT_FLAG */
+    "detected spoofed reassociation responses",                                /* IW_SPOOF_REASSOC_RESP_EVENT_FLAG */
+    "detected spoofed probe response",                                         /* IW_SPOOF_PROBE_RESP_EVENT_FLAG */
+    "detected spoofed beacon",                                                         /* IW_SPOOF_BEACON_EVENT_FLAG */
+    "detected spoofed disassociation",                                         /* IW_SPOOF_DISASSOC_EVENT_FLAG */
+    "detected spoofed authentication",                                         /* IW_SPOOF_AUTH_EVENT_FLAG */
+    "detected spoofed deauthentication",                                       /* IW_SPOOF_DEAUTH_EVENT_FLAG */
+    "detected spoofed unknown management frame",                       /* IW_SPOOF_UNKNOWN_MGMT_EVENT_FLAG */
+       "detected replay attack"                                                                /* IW_REPLAY_ATTACK_EVENT_FLAG */
+       };
+
+// for wireless IDS_flooding_attack event message
+char const *pWirelessFloodEventText[IW_FLOOD_EVENT_TYPE_NUM] = {
+       "detected authentication flooding",                                             /* IW_FLOOD_AUTH_EVENT_FLAG */
+    "detected association request flooding",                           /* IW_FLOOD_ASSOC_REQ_EVENT_FLAG */
+    "detected reassociation request flooding",                         /* IW_FLOOD_REASSOC_REQ_EVENT_FLAG */
+    "detected probe request flooding",                                         /* IW_FLOOD_PROBE_REQ_EVENT_FLAG */
+    "detected disassociation flooding",                                                /* IW_FLOOD_DISASSOC_EVENT_FLAG */
+    "detected deauthentication flooding",                                      /* IW_FLOOD_DEAUTH_EVENT_FLAG */
+    "detected 802.1x eap-request flooding"                                     /* IW_FLOOD_EAP_REQ_EVENT_FLAG */
+       };
+
+
+/* timeout -- ms */
+VOID RTMP_SetPeriodicTimer(
+       IN      NDIS_MINIPORT_TIMER *pTimer,
+       IN      unsigned long timeout)
+{
+       timeout = ((timeout*OS_HZ) / 1000);
+       pTimer->expires = jiffies + timeout;
+       add_timer(pTimer);
+}
+
+/* convert NdisMInitializeTimer --> RTMP_OS_Init_Timer */
+VOID RTMP_OS_Init_Timer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      NDIS_MINIPORT_TIMER *pTimer,
+       IN      TIMER_FUNCTION function,
+       IN      PVOID data)
+{
+       init_timer(pTimer);
+    pTimer->data = (unsigned long)data;
+    pTimer->function = function;
+}
+
+
+VOID RTMP_OS_Add_Timer(
+       IN      NDIS_MINIPORT_TIMER             *pTimer,
+       IN      unsigned long timeout)
+{
+       if (timer_pending(pTimer))
+               return;
+
+       timeout = ((timeout*OS_HZ) / 1000);
+       pTimer->expires = jiffies + timeout;
+       add_timer(pTimer);
+}
+
+VOID RTMP_OS_Mod_Timer(
+       IN      NDIS_MINIPORT_TIMER             *pTimer,
+       IN      unsigned long timeout)
+{
+       timeout = ((timeout*OS_HZ) / 1000);
+       mod_timer(pTimer, jiffies + timeout);
+}
+
+VOID RTMP_OS_Del_Timer(
+       IN      NDIS_MINIPORT_TIMER             *pTimer,
+       OUT     BOOLEAN                                 *pCancelled)
+{
+       if (timer_pending(pTimer))
+       {
+               *pCancelled = del_timer_sync(pTimer);
+       }
+       else
+       {
+               *pCancelled = TRUE;
+       }
+
+}
+
+VOID RTMP_OS_Release_Packet(
+       IN      PRTMP_ADAPTER pAd,
+       IN      PQUEUE_ENTRY  pEntry)
+{
+       //RTMPFreeNdisPacket(pAd, (struct sk_buff *)pEntry);
+}
+
+// Unify all delay routine by using udelay
+VOID RTMPusecDelay(
+       IN      ULONG   usec)
+{
+       ULONG   i;
+
+       for (i = 0; i < (usec / 50); i++)
+               udelay(50);
+
+       if (usec % 50)
+               udelay(usec % 50);
+}
+
+void RTMP_GetCurrentSystemTime(LARGE_INTEGER *time)
+{
+       time->u.LowPart = jiffies;
+}
+
+// pAd MUST allow to be NULL
+NDIS_STATUS os_alloc_mem(
+       IN      RTMP_ADAPTER *pAd,
+       OUT     UCHAR **mem,
+       IN      ULONG  size)
+{
+       *mem = (PUCHAR) kmalloc(size, GFP_ATOMIC);
+       if (*mem)
+               return (NDIS_STATUS_SUCCESS);
+       else
+               return (NDIS_STATUS_FAILURE);
+}
+
+// pAd MUST allow to be NULL
+NDIS_STATUS os_free_mem(
+       IN      PRTMP_ADAPTER pAd,
+       IN      PVOID mem)
+{
+
+       ASSERT(mem);
+       kfree(mem);
+       return (NDIS_STATUS_SUCCESS);
+}
+
+
+
+
+PNDIS_PACKET RtmpOSNetPktAlloc(
+       IN RTMP_ADAPTER *pAd,
+       IN int size)
+{
+       struct sk_buff *skb;
+       /* Add 2 more bytes for ip header alignment*/
+       skb = dev_alloc_skb(size+2);
+
+       return ((PNDIS_PACKET)skb);
+}
+
+
+PNDIS_PACKET RTMP_AllocateFragPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length)
+{
+       struct sk_buff *pkt;
+
+       pkt = dev_alloc_skb(Length);
+
+       if (pkt == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("can't allocate frag rx %ld size packet\n",Length));
+       }
+
+       if (pkt)
+       {
+               RTMP_SET_PACKET_SOURCE(OSPKT_TO_RTPKT(pkt), PKTSRC_NDIS);
+       }
+
+       return (PNDIS_PACKET) pkt;
+}
+
+
+PNDIS_PACKET RTMP_AllocateTxPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress)
+{
+       struct sk_buff *pkt;
+
+       pkt = dev_alloc_skb(Length);
+
+       if (pkt == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("can't allocate tx %ld size packet\n",Length));
+       }
+
+       if (pkt)
+       {
+               RTMP_SET_PACKET_SOURCE(OSPKT_TO_RTPKT(pkt), PKTSRC_NDIS);
+               *VirtualAddress = (PVOID) pkt->data;
+       }
+       else
+       {
+               *VirtualAddress = (PVOID) NULL;
+       }
+
+       return (PNDIS_PACKET) pkt;
+}
+
+
+VOID build_tx_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR  pFrame,
+       IN      ULONG   FrameLen)
+{
+
+       struct sk_buff  *pTxPkt;
+
+       ASSERT(pPacket);
+       pTxPkt = RTPKT_TO_OSPKT(pPacket);
+
+       NdisMoveMemory(skb_put(pTxPkt, FrameLen), pFrame, FrameLen);
+}
+
+VOID   RTMPFreeAdapter(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       POS_COOKIE os_cookie;
+       int index;
+
+       os_cookie=(POS_COOKIE)pAd->OS_Cookie;
+
+       if (pAd->BeaconBuf)
+               kfree(pAd->BeaconBuf);
+
+
+       NdisFreeSpinLock(&pAd->MgmtRingLock);
+
+#ifdef RTMP_MAC_PCI
+       NdisFreeSpinLock(&pAd->RxRingLock);
+#ifdef RT3090
+NdisFreeSpinLock(&pAd->McuCmdLock);
+#endif // RT3090 //
+#endif // RTMP_MAC_PCI //
+
+       for (index =0 ; index < NUM_OF_TX_RING; index++)
+       {
+               NdisFreeSpinLock(&pAd->TxSwQueueLock[index]);
+               NdisFreeSpinLock(&pAd->DeQueueLock[index]);
+               pAd->DeQueueRunning[index] = FALSE;
+       }
+
+       NdisFreeSpinLock(&pAd->irq_lock);
+
+
+       vfree(pAd); // pci_free_consistent(os_cookie->pci_dev,sizeof(RTMP_ADAPTER),pAd,os_cookie->pAd_pa);
+       if (os_cookie)
+               kfree(os_cookie);
+}
+
+BOOLEAN OS_Need_Clone_Packet(void)
+{
+       return (FALSE);
+}
+
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               clone an input NDIS PACKET to another one. The new internally created NDIS PACKET
+               must have only one NDIS BUFFER
+               return - byte copied. 0 means can't create NDIS PACKET
+               NOTE: internally created NDIS_PACKET should be destroyed by RTMPFreeNdisPacket
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pInsAMSDUHdr    EWC A-MSDU format has extra 14-bytes header. if TRUE, insert this 14-byte hdr in front of MSDU.
+               *pSrcTotalLen                   return total packet length. This lenght is calculated with 802.3 format packet.
+
+       Return Value:
+               NDIS_STATUS_SUCCESS
+               NDIS_STATUS_FAILURE
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS RTMPCloneNdisPacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      BOOLEAN                 pInsAMSDUHdr,
+       IN      PNDIS_PACKET    pInPacket,
+       OUT PNDIS_PACKET   *ppOutPacket)
+{
+
+       struct sk_buff *pkt;
+
+       ASSERT(pInPacket);
+       ASSERT(ppOutPacket);
+
+       // 1. Allocate a packet
+       pkt = dev_alloc_skb(2048);
+
+       if (pkt == NULL)
+       {
+               return NDIS_STATUS_FAILURE;
+       }
+
+       skb_put(pkt, GET_OS_PKT_LEN(pInPacket));
+       NdisMoveMemory(pkt->data, GET_OS_PKT_DATAPTR(pInPacket), GET_OS_PKT_LEN(pInPacket));
+       *ppOutPacket = OSPKT_TO_RTPKT(pkt);
+
+
+       RTMP_SET_PACKET_SOURCE(OSPKT_TO_RTPKT(pkt), PKTSRC_NDIS);
+
+       printk("###Clone###\n");
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+// the allocated NDIS PACKET must be freed via RTMPFreeNdisPacket()
+NDIS_STATUS RTMPAllocateNdisPacket(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT PNDIS_PACKET   *ppPacket,
+       IN      PUCHAR                  pHeader,
+       IN      UINT                    HeaderLen,
+       IN      PUCHAR                  pData,
+       IN      UINT                    DataLen)
+{
+       PNDIS_PACKET    pPacket;
+       ASSERT(pData);
+       ASSERT(DataLen);
+
+       // 1. Allocate a packet
+       pPacket = (PNDIS_PACKET *) dev_alloc_skb(HeaderLen + DataLen + RTMP_PKT_TAIL_PADDING);
+       if (pPacket == NULL)
+       {
+               *ppPacket = NULL;
+#ifdef DEBUG
+               printk("RTMPAllocateNdisPacket Fail\n\n");
+#endif
+               return NDIS_STATUS_FAILURE;
+       }
+
+       // 2. clone the frame content
+       if (HeaderLen > 0)
+               NdisMoveMemory(GET_OS_PKT_DATAPTR(pPacket), pHeader, HeaderLen);
+       if (DataLen > 0)
+               NdisMoveMemory(GET_OS_PKT_DATAPTR(pPacket) + HeaderLen, pData, DataLen);
+
+       // 3. update length of packet
+       skb_put(GET_OS_PKT_TYPE(pPacket), HeaderLen+DataLen);
+
+       RTMP_SET_PACKET_SOURCE(pPacket, PKTSRC_NDIS);
+//     printk("%s : pPacket = %p, len = %d\n", __FUNCTION__, pPacket, GET_OS_PKT_LEN(pPacket));
+       *ppPacket = pPacket;
+       return NDIS_STATUS_SUCCESS;
+}
+
+/*
+  ========================================================================
+  Description:
+       This routine frees a miniport internally allocated NDIS_PACKET and its
+       corresponding NDIS_BUFFER and allocated memory.
+  ========================================================================
+*/
+VOID RTMPFreeNdisPacket(
+       IN PRTMP_ADAPTER pAd,
+       IN PNDIS_PACKET  pPacket)
+{
+       dev_kfree_skb_any(RTPKT_TO_OSPKT(pPacket));
+}
+
+
+// IRQL = DISPATCH_LEVEL
+// NOTE: we do have an assumption here, that Byte0 and Byte1 always reasid at the same
+//                      scatter gather buffer
+NDIS_STATUS Sniff2BytesFromNdisBuffer(
+       IN      PNDIS_BUFFER    pFirstBuffer,
+       IN      UCHAR                   DesiredOffset,
+       OUT PUCHAR                      pByte0,
+       OUT PUCHAR                      pByte1)
+{
+    *pByte0 = *(PUCHAR)(pFirstBuffer + DesiredOffset);
+    *pByte1 = *(PUCHAR)(pFirstBuffer + DesiredOffset + 1);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+void RTMP_QueryPacketInfo(
+       IN  PNDIS_PACKET pPacket,
+       OUT PACKET_INFO  *pPacketInfo,
+       OUT PUCHAR               *pSrcBufVA,
+       OUT     UINT             *pSrcBufLen)
+{
+       pPacketInfo->BufferCount = 1;
+       pPacketInfo->pFirstBuffer = (PNDIS_BUFFER)GET_OS_PKT_DATAPTR(pPacket);
+       pPacketInfo->PhysicalBufferCount = 1;
+       pPacketInfo->TotalPacketLength = GET_OS_PKT_LEN(pPacket);
+
+       *pSrcBufVA = GET_OS_PKT_DATAPTR(pPacket);
+       *pSrcBufLen = GET_OS_PKT_LEN(pPacket);
+}
+
+void RTMP_QueryNextPacketInfo(
+       IN  PNDIS_PACKET *ppPacket,
+       OUT PACKET_INFO  *pPacketInfo,
+       OUT PUCHAR               *pSrcBufVA,
+       OUT     UINT             *pSrcBufLen)
+{
+       PNDIS_PACKET pPacket = NULL;
+
+       if (*ppPacket)
+               pPacket = GET_OS_PKT_NEXT(*ppPacket);
+
+       if (pPacket)
+       {
+               pPacketInfo->BufferCount = 1;
+               pPacketInfo->pFirstBuffer = (PNDIS_BUFFER)GET_OS_PKT_DATAPTR(pPacket);
+               pPacketInfo->PhysicalBufferCount = 1;
+               pPacketInfo->TotalPacketLength = GET_OS_PKT_LEN(pPacket);
+
+               *pSrcBufVA = GET_OS_PKT_DATAPTR(pPacket);
+               *pSrcBufLen = GET_OS_PKT_LEN(pPacket);
+               *ppPacket = GET_OS_PKT_NEXT(pPacket);
+       }
+       else
+       {
+               pPacketInfo->BufferCount = 0;
+               pPacketInfo->pFirstBuffer = NULL;
+               pPacketInfo->PhysicalBufferCount = 0;
+               pPacketInfo->TotalPacketLength = 0;
+
+               *pSrcBufVA = NULL;
+               *pSrcBufLen = 0;
+               *ppPacket = NULL;
+       }
+}
+
+
+PNDIS_PACKET DuplicatePacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       struct sk_buff  *skb;
+       PNDIS_PACKET    pRetPacket = NULL;
+       USHORT                  DataSize;
+       UCHAR                   *pData;
+
+       DataSize = (USHORT) GET_OS_PKT_LEN(pPacket);
+       pData = (PUCHAR) GET_OS_PKT_DATAPTR(pPacket);
+
+
+       skb = skb_clone(RTPKT_TO_OSPKT(pPacket), MEM_ALLOC_FLAG);
+       if (skb)
+       {
+               skb->dev = get_netdev_from_bssid(pAd, FromWhichBSSID);
+               pRetPacket = OSPKT_TO_RTPKT(skb);
+       }
+
+
+       return pRetPacket;
+
+}
+
+PNDIS_PACKET duplicate_pkt(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pHeader802_3,
+    IN  UINT            HdrLen,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       struct sk_buff  *skb;
+       PNDIS_PACKET    pPacket = NULL;
+
+
+       if ((skb = __dev_alloc_skb(HdrLen + DataSize + 2, MEM_ALLOC_FLAG)) != NULL)
+       {
+               skb_reserve(skb, 2);
+               NdisMoveMemory(skb->tail, pHeader802_3, HdrLen);
+               skb_put(skb, HdrLen);
+               NdisMoveMemory(skb->tail, pData, DataSize);
+               skb_put(skb, DataSize);
+               skb->dev = get_netdev_from_bssid(pAd, FromWhichBSSID);
+               pPacket = OSPKT_TO_RTPKT(skb);
+       }
+
+       return pPacket;
+}
+
+
+#define TKIP_TX_MIC_SIZE               8
+PNDIS_PACKET duplicate_pkt_with_TKIP_MIC(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+       struct sk_buff  *skb, *newskb;
+
+
+       skb = RTPKT_TO_OSPKT(pPacket);
+       if (skb_tailroom(skb) < TKIP_TX_MIC_SIZE)
+       {
+               // alloc a new skb and copy the packet
+               newskb = skb_copy_expand(skb, skb_headroom(skb), TKIP_TX_MIC_SIZE, GFP_ATOMIC);
+               dev_kfree_skb_any(skb);
+               if (newskb == NULL)
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("Extend Tx.MIC for packet failed!, dropping packet!\n"));
+                       return NULL;
+               }
+               skb = newskb;
+       }
+
+       return OSPKT_TO_RTPKT(skb);
+
+
+}
+
+
+
+
+PNDIS_PACKET ClonePacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize)
+{
+       struct sk_buff  *pRxPkt;
+       struct sk_buff  *pClonedPkt;
+
+       ASSERT(pPacket);
+       pRxPkt = RTPKT_TO_OSPKT(pPacket);
+
+       // clone the packet
+       pClonedPkt = skb_clone(pRxPkt, MEM_ALLOC_FLAG);
+
+       if (pClonedPkt)
+       {
+       // set the correct dataptr and data len
+       pClonedPkt->dev = pRxPkt->dev;
+       pClonedPkt->data = pData;
+       pClonedPkt->len = DataSize;
+       pClonedPkt->tail = pClonedPkt->data + pClonedPkt->len;
+               ASSERT(DataSize < 1530);
+       }
+       return pClonedPkt;
+}
+
+//
+// change OS packet DataPtr and DataLen
+//
+void  update_os_packet_info(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN  UCHAR                       FromWhichBSSID)
+{
+       struct sk_buff  *pOSPkt;
+
+       ASSERT(pRxBlk->pRxPacket);
+       pOSPkt = RTPKT_TO_OSPKT(pRxBlk->pRxPacket);
+
+       pOSPkt->dev = get_netdev_from_bssid(pAd, FromWhichBSSID);
+       pOSPkt->data = pRxBlk->pData;
+       pOSPkt->len = pRxBlk->DataSize;
+       pOSPkt->tail = pOSPkt->data + pOSPkt->len;
+}
+
+
+void wlan_802_11_to_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      PUCHAR                  pHeader802_3,
+       IN  UCHAR                       FromWhichBSSID)
+{
+       struct sk_buff  *pOSPkt;
+
+       ASSERT(pRxBlk->pRxPacket);
+       ASSERT(pHeader802_3);
+
+       pOSPkt = RTPKT_TO_OSPKT(pRxBlk->pRxPacket);
+
+       pOSPkt->dev = get_netdev_from_bssid(pAd, FromWhichBSSID);
+       pOSPkt->data = pRxBlk->pData;
+       pOSPkt->len = pRxBlk->DataSize;
+       pOSPkt->tail = pOSPkt->data + pOSPkt->len;
+
+       //
+       // copy 802.3 header
+       //
+       //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               NdisMoveMemory(skb_push(pOSPkt, LENGTH_802_3), pHeader802_3, LENGTH_802_3);
+#endif // CONFIG_STA_SUPPORT //
+       }
+
+
+
+void announce_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+
+       struct sk_buff  *pRxPkt;
+#ifdef INF_AMAZON_PPA
+        int             ret = 0;
+        unsigned int ppa_flags = 0; /* reserved for now */
+#endif // INF_AMAZON_PPA //
+
+       ASSERT(pPacket);
+
+       pRxPkt = RTPKT_TO_OSPKT(pPacket);
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+    /* Push up the protocol stack */
+#ifdef IKANOS_VX_1X0
+       IKANOS_DataFrameRx(pAd, pRxPkt->dev, pRxPkt, pRxPkt->len);
+#else
+#ifdef INF_AMAZON_SE
+#ifdef BG_FT_SUPPORT
+            BG_FTPH_PacketFromApHandle(pRxPkt);
+            return;
+#endif // BG_FT_SUPPORT //
+#endif // INF_AMAZON_SE //
+       pRxPkt->protocol = eth_type_trans(pRxPkt, pRxPkt->dev);
+
+#ifdef INF_AMAZON_PPA
+       if (ppa_hook_directpath_send_fn && pAd->PPAEnable==TRUE )
+       {
+               memset(pRxPkt->head,0,pRxPkt->data-pRxPkt->head-14);
+               DBGPRINT(RT_DEBUG_TRACE, ("ppa_hook_directpath_send_fn rx :ret:%d headroom:%d dev:%s pktlen:%d<===\n",ret,skb_headroom(pRxPkt)
+                       ,pRxPkt->dev->name,pRxPkt->len));
+               hex_dump("rx packet", pRxPkt->data, 32);
+               ret = ppa_hook_directpath_send_fn(pAd->g_if_id, pRxPkt, pRxPkt->len, ppa_flags);
+               pRxPkt=NULL;
+               return;
+
+       }
+#endif // INF_AMAZON_PPA //
+
+//#ifdef CONFIG_5VT_ENHANCE
+//     *(int*)(pRxPkt->cb) = BRIDGE_TAG;
+//#endif
+
+       {
+               netif_rx(pRxPkt);
+       }
+
+#endif // IKANOS_VX_1X0 //
+}
+
+
+PRTMP_SCATTER_GATHER_LIST
+rt_get_sg_list_from_packet(PNDIS_PACKET pPacket, RTMP_SCATTER_GATHER_LIST *sg)
+{
+       sg->NumberOfElements = 1;
+       sg->Elements[0].Address =  GET_OS_PKT_DATAPTR(pPacket);
+       sg->Elements[0].Length = GET_OS_PKT_LEN(pPacket);
+       return (sg);
+}
+
+void hex_dump(char *str, unsigned char *pSrcBufVA, unsigned int SrcBufLen)
+{
+       unsigned char *pt;
+       int x;
+
+       if (RTDebugLevel < RT_DEBUG_TRACE)
+               return;
+
+       pt = pSrcBufVA;
+       printk("%s: %p, len = %d\n",str,  pSrcBufVA, SrcBufLen);
+       for (x=0; x<SrcBufLen; x++)
+       {
+               if (x % 16 == 0)
+                       printk("0x%04x : ", x);
+               printk("%02x ", ((unsigned char)pt[x]));
+               if (x%16 == 15) printk("\n");
+       }
+       printk("\n");
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Send log message through wireless event
+
+               Support standard iw_event with IWEVCUSTOM. It is used below.
+
+               iwreq_data.data.flags is used to store event_flag that is defined by user.
+               iwreq_data.data.length is the length of the event log.
+
+               The format of the event log is composed of the entry's MAC address and
+               the desired log message (refer to pWirelessEventText).
+
+                       ex: 11:22:33:44:55:66 has associated successfully
+
+               p.s. The requirement of Wireless Extension is v15 or newer.
+
+       ========================================================================
+*/
+VOID RTMPSendWirelessEvent(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Event_flag,
+       IN      PUCHAR                  pAddr,
+       IN      UCHAR                   BssIdx,
+       IN      CHAR                    Rssi)
+{
+#if WIRELESS_EXT >= 15
+
+       //union         iwreq_data      wrqu;
+       PSTRING pBuf = NULL, pBufPtr = NULL;
+       USHORT  event, type, BufLen;
+       UCHAR   event_table_len = 0;
+
+       type = Event_flag & 0xFF00;
+       event = Event_flag & 0x00FF;
+
+       switch (type)
+       {
+               case IW_SYS_EVENT_FLAG_START:
+                       event_table_len = IW_SYS_EVENT_TYPE_NUM;
+                       break;
+
+               case IW_SPOOF_EVENT_FLAG_START:
+                       event_table_len = IW_SPOOF_EVENT_TYPE_NUM;
+                       break;
+
+               case IW_FLOOD_EVENT_FLAG_START:
+                       event_table_len = IW_FLOOD_EVENT_TYPE_NUM;
+                       break;
+       }
+
+       if (event_table_len == 0)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s : The type(%0x02x) is not valid.\n", __FUNCTION__, type));
+               return;
+       }
+
+       if (event >= event_table_len)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s : The event(%0x02x) is not valid.\n", __FUNCTION__, event));
+               return;
+       }
+
+       //Allocate memory and copy the msg.
+       if((pBuf = kmalloc(IW_CUSTOM_MAX_LEN, GFP_ATOMIC)) != NULL)
+       {
+               //Prepare the payload
+               memset(pBuf, 0, IW_CUSTOM_MAX_LEN);
+
+               pBufPtr = pBuf;
+
+               if (pAddr)
+                       pBufPtr += sprintf(pBufPtr, "(RT2860) STA(%02x:%02x:%02x:%02x:%02x:%02x) ", PRINT_MAC(pAddr));
+               else if (BssIdx < MAX_MBSSID_NUM)
+                       pBufPtr += sprintf(pBufPtr, "(RT2860) BSS(ra%d) ", BssIdx);
+               else
+                       pBufPtr += sprintf(pBufPtr, "(RT2860) ");
+
+               if (type == IW_SYS_EVENT_FLAG_START)
+                       pBufPtr += sprintf(pBufPtr, "%s", pWirelessSysEventText[event]);
+               else if (type == IW_SPOOF_EVENT_FLAG_START)
+                       pBufPtr += sprintf(pBufPtr, "%s (RSSI=%d)", pWirelessSpoofEventText[event], Rssi);
+               else if (type == IW_FLOOD_EVENT_FLAG_START)
+                       pBufPtr += sprintf(pBufPtr, "%s", pWirelessFloodEventText[event]);
+               else
+                       pBufPtr += sprintf(pBufPtr, "%s", "unknown event");
+
+               pBufPtr[pBufPtr - pBuf] = '\0';
+               BufLen = pBufPtr - pBuf;
+
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, Event_flag, NULL, (PUCHAR)pBuf, BufLen);
+               //DBGPRINT(RT_DEBUG_TRACE, ("%s : %s\n", __FUNCTION__, pBuf));
+
+               kfree(pBuf);
+       }
+       else
+               DBGPRINT(RT_DEBUG_ERROR, ("%s : Can't allocate memory for wireless event.\n", __FUNCTION__));
+#else
+       DBGPRINT(RT_DEBUG_ERROR, ("%s : The Wireless Extension MUST be v15 or newer.\n", __FUNCTION__));
+#endif  /* WIRELESS_EXT >= 15 */
+}
+
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+void send_monitor_packets(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk)
+{
+    struct sk_buff     *pOSPkt;
+    wlan_ng_prism2_header *ph;
+    int rate_index = 0;
+    USHORT header_len = 0;
+    UCHAR temp_header[40] = {0};
+
+    u_int32_t ralinkrate[256] = {2,4,11,22, 12,18,24,36,48,72,96,  108,   109, 110, 111, 112, 13, 26, 39, 52,78,104, 117, 130, 26, 52, 78,104, 156, 208, 234, 260, 27, 54,81,108,162, 216, 243, 270, // Last 38
+       54, 108, 162, 216, 324, 432, 486, 540,  14, 29, 43, 57, 87, 115, 130, 144, 29, 59,87,115, 173, 230,260, 288, 30, 60,90,120,180,240,270,300,60,120,180,240,360,480,540,600, 0,1,2,3,4,5,6,7,8,9,10,
+       11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80};
+
+
+    ASSERT(pRxBlk->pRxPacket);
+    if (pRxBlk->DataSize < 10)
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("%s : Size is too small! (%d)\n", __FUNCTION__, pRxBlk->DataSize));
+               goto err_free_sk_buff;
+    }
+
+    if (pRxBlk->DataSize + sizeof(wlan_ng_prism2_header) > RX_BUFFER_AGGRESIZE)
+    {
+        DBGPRINT(RT_DEBUG_ERROR, ("%s : Size is too large! (%d)\n", __FUNCTION__, pRxBlk->DataSize + sizeof(wlan_ng_prism2_header)));
+               goto err_free_sk_buff;
+    }
+
+    pOSPkt = RTPKT_TO_OSPKT(pRxBlk->pRxPacket);
+       pOSPkt->dev = get_netdev_from_bssid(pAd, BSS0);
+    if (pRxBlk->pHeader->FC.Type == BTYPE_DATA)
+    {
+        pRxBlk->DataSize -= LENGTH_802_11;
+        if ((pRxBlk->pHeader->FC.ToDs == 1) &&
+            (pRxBlk->pHeader->FC.FrDs == 1))
+            header_len = LENGTH_802_11_WITH_ADDR4;
+        else
+            header_len = LENGTH_802_11;
+
+        // QOS
+       if (pRxBlk->pHeader->FC.SubType & 0x08)
+       {
+           header_len += 2;
+               // Data skip QOS contorl field
+               pRxBlk->DataSize -=2;
+       }
+
+       // Order bit: A-Ralink or HTC+
+       if (pRxBlk->pHeader->FC.Order)
+       {
+           header_len += 4;
+                       // Data skip HTC contorl field
+                       pRxBlk->DataSize -= 4;
+       }
+
+        // Copy Header
+        if (header_len <= 40)
+            NdisMoveMemory(temp_header, pRxBlk->pData, header_len);
+
+        // skip HW padding
+       if (pRxBlk->RxD.L2PAD)
+           pRxBlk->pData += (header_len + 2);
+        else
+            pRxBlk->pData += header_len;
+    } //end if
+
+
+       if (pRxBlk->DataSize < pOSPkt->len) {
+        skb_trim(pOSPkt,pRxBlk->DataSize);
+    } else {
+        skb_put(pOSPkt,(pRxBlk->DataSize - pOSPkt->len));
+    } //end if
+
+    if ((pRxBlk->pData - pOSPkt->data) > 0) {
+           skb_put(pOSPkt,(pRxBlk->pData - pOSPkt->data));
+           skb_pull(pOSPkt,(pRxBlk->pData - pOSPkt->data));
+    } //end if
+
+    if (skb_headroom(pOSPkt) < (sizeof(wlan_ng_prism2_header)+ header_len)) {
+        if (pskb_expand_head(pOSPkt, (sizeof(wlan_ng_prism2_header) + header_len), 0, GFP_ATOMIC)) {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s : Reallocate header size of sk_buff fail!\n", __FUNCTION__));
+                       goto err_free_sk_buff;
+           } //end if
+    } //end if
+
+    if (header_len > 0)
+        NdisMoveMemory(skb_push(pOSPkt, header_len), temp_header, header_len);
+
+    ph = (wlan_ng_prism2_header *) skb_push(pOSPkt, sizeof(wlan_ng_prism2_header));
+       NdisZeroMemory(ph, sizeof(wlan_ng_prism2_header));
+
+    ph->msgcode                    = DIDmsg_lnxind_wlansniffrm;
+       ph->msglen                  = sizeof(wlan_ng_prism2_header);
+       strcpy((PSTRING) ph->devname, (PSTRING) pAd->net_dev->name);
+
+    ph->hosttime.did = DIDmsg_lnxind_wlansniffrm_hosttime;
+       ph->hosttime.status = 0;
+       ph->hosttime.len = 4;
+       ph->hosttime.data = jiffies;
+
+       ph->mactime.did = DIDmsg_lnxind_wlansniffrm_mactime;
+       ph->mactime.status = 0;
+       ph->mactime.len = 0;
+       ph->mactime.data = 0;
+
+    ph->istx.did = DIDmsg_lnxind_wlansniffrm_istx;
+       ph->istx.status = 0;
+       ph->istx.len = 0;
+       ph->istx.data = 0;
+
+    ph->channel.did = DIDmsg_lnxind_wlansniffrm_channel;
+       ph->channel.status = 0;
+       ph->channel.len = 4;
+
+    ph->channel.data = (u_int32_t)pAd->CommonCfg.Channel;
+
+    ph->rssi.did = DIDmsg_lnxind_wlansniffrm_rssi;
+       ph->rssi.status = 0;
+       ph->rssi.len = 4;
+    ph->rssi.data = (u_int32_t)RTMPMaxRssi(pAd, ConvertToRssi(pAd, pRxBlk->pRxWI->RSSI0, RSSI_0), ConvertToRssi(pAd, pRxBlk->pRxWI->RSSI1, RSSI_1), ConvertToRssi(pAd, pRxBlk->pRxWI->RSSI2, RSSI_2));;
+
+       ph->signal.did = DIDmsg_lnxind_wlansniffrm_signal;
+       ph->signal.status = 0;
+       ph->signal.len = 4;
+       ph->signal.data = 0; //rssi + noise;
+
+       ph->noise.did = DIDmsg_lnxind_wlansniffrm_noise;
+       ph->noise.status = 0;
+       ph->noise.len = 4;
+       ph->noise.data = 0;
+
+#ifdef DOT11_N_SUPPORT
+    if (pRxBlk->pRxWI->PHYMODE >= MODE_HTMIX)
+    {
+       rate_index = 16 + ((UCHAR)pRxBlk->pRxWI->BW *16) + ((UCHAR)pRxBlk->pRxWI->ShortGI *32) + ((UCHAR)pRxBlk->pRxWI->MCS);
+    }
+    else
+#endif // DOT11_N_SUPPORT //
+       if (pRxBlk->pRxWI->PHYMODE == MODE_OFDM)
+       rate_index = (UCHAR)(pRxBlk->pRxWI->MCS) + 4;
+    else
+       rate_index = (UCHAR)(pRxBlk->pRxWI->MCS);
+    if (rate_index < 0)
+        rate_index = 0;
+    if (rate_index > 255)
+        rate_index = 255;
+
+       ph->rate.did = DIDmsg_lnxind_wlansniffrm_rate;
+       ph->rate.status = 0;
+       ph->rate.len = 4;
+    ph->rate.data = ralinkrate[rate_index];
+
+       ph->frmlen.did = DIDmsg_lnxind_wlansniffrm_frmlen;
+    ph->frmlen.status = 0;
+       ph->frmlen.len = 4;
+       ph->frmlen.data = (u_int32_t)pRxBlk->DataSize;
+
+
+    pOSPkt->pkt_type = PACKET_OTHERHOST;
+    pOSPkt->protocol = eth_type_trans(pOSPkt, pOSPkt->dev);
+    pOSPkt->ip_summed = CHECKSUM_NONE;
+    netif_rx(pOSPkt);
+
+    return;
+
+err_free_sk_buff:
+       RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+       return;
+
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+/*******************************************************************************
+
+       File open/close related functions.
+
+ *******************************************************************************/
+RTMP_OS_FD RtmpOSFileOpen(char *pPath,  int flag, int mode)
+{
+       struct file     *filePtr;
+
+       filePtr = filp_open(pPath, flag, 0);
+       if (IS_ERR(filePtr))
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("%s(): Error %ld opening %s\n", __FUNCTION__, -PTR_ERR(filePtr), pPath));
+       }
+
+       return (RTMP_OS_FD)filePtr;
+}
+
+int RtmpOSFileClose(RTMP_OS_FD osfd)
+{
+       filp_close(osfd, NULL);
+       return 0;
+}
+
+
+void RtmpOSFileSeek(RTMP_OS_FD osfd, int offset)
+{
+       osfd->f_pos = offset;
+}
+
+
+int RtmpOSFileRead(RTMP_OS_FD osfd, char *pDataPtr, int readLen)
+{
+       // The object must have a read method
+       if (osfd->f_op && osfd->f_op->read)
+       {
+               return osfd->f_op->read(osfd,  pDataPtr, readLen, &osfd->f_pos);
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("no file read method\n"));
+               return -1;
+       }
+}
+
+
+int RtmpOSFileWrite(RTMP_OS_FD osfd, char *pDataPtr, int writeLen)
+{
+       return osfd->f_op->write(osfd, pDataPtr, (size_t)writeLen, &osfd->f_pos);
+}
+
+
+void RtmpOSFSInfoChange(RTMP_OS_FS_INFO *pOSFSInfo, BOOLEAN bSet)
+{
+       if (bSet)
+       {
+               // Save uid and gid used for filesystem access.
+               // Set user and group to 0 (root)
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,29)
+               pOSFSInfo->fsuid= current->fsuid;
+               pOSFSInfo->fsgid = current->fsgid;
+               current->fsuid = current->fsgid = 0;
+#else
+               pOSFSInfo->fsuid = current_fsuid();
+               pOSFSInfo->fsgid = current_fsgid();
+#endif
+               pOSFSInfo->fs = get_fs();
+               set_fs(KERNEL_DS);
+       }
+       else
+       {
+               set_fs(pOSFSInfo->fs);
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,29)
+               current->fsuid = pOSFSInfo->fsuid;
+               current->fsgid = pOSFSInfo->fsgid;
+#endif
+       }
+}
+
+
+
+/*******************************************************************************
+
+       Task create/management/kill related functions.
+
+ *******************************************************************************/
+NDIS_STATUS RtmpOSTaskKill(
+       IN RTMP_OS_TASK *pTask)
+{
+       RTMP_ADAPTER *pAd;
+       int ret = NDIS_STATUS_FAILURE;
+
+       pAd = (RTMP_ADAPTER *)pTask->priv;
+
+#ifdef KTHREAD_SUPPORT
+       if (pTask->kthread_task)
+       {
+               kthread_stop(pTask->kthread_task);
+               ret = NDIS_STATUS_SUCCESS;
+       }
+#else
+       CHECK_PID_LEGALITY(pTask->taskPID)
+       {
+               printk("Terminate the task(%s) with pid(%d)!\n", pTask->taskName, GET_PID_NUMBER(pTask->taskPID));
+               mb();
+               pTask->task_killed = 1;
+               mb();
+               ret = KILL_THREAD_PID(pTask->taskPID, SIGTERM, 1);
+               if (ret)
+               {
+                       printk(KERN_WARNING "kill task(%s) with pid(%d) failed(retVal=%d)!\n",
+                               pTask->taskName, GET_PID_NUMBER(pTask->taskPID), ret);
+               }
+               else
+               {
+                       wait_for_completion(&pTask->taskComplete);
+                       pTask->taskPID = THREAD_PID_INIT_VALUE;
+                       pTask->task_killed = 0;
+                       ret = NDIS_STATUS_SUCCESS;
+               }
+       }
+#endif
+
+       return ret;
+
+}
+
+
+INT RtmpOSTaskNotifyToExit(
+       IN RTMP_OS_TASK *pTask)
+{
+
+#ifndef KTHREAD_SUPPORT
+       complete_and_exit(&pTask->taskComplete, 0);
+#endif
+
+       return 0;
+}
+
+
+void RtmpOSTaskCustomize(
+       IN RTMP_OS_TASK *pTask)
+{
+
+#ifndef KTHREAD_SUPPORT
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       daemonize((PSTRING)&pTask->taskName[0]/*"%s",pAd->net_dev->name*/);
+
+       allow_signal(SIGTERM);
+       allow_signal(SIGKILL);
+       current->flags |= PF_NOFREEZE;
+#else
+       unsigned long flags;
+
+       daemonize();
+       reparent_to_init();
+       strcpy(current->comm, &pTask->taskName[0]);
+
+       siginitsetinv(&current->blocked, sigmask(SIGTERM) | sigmask(SIGKILL));
+
+       /* Allow interception of SIGKILL only
+        * Don't allow other signals to interrupt the transmission */
+#if LINUX_VERSION_CODE > KERNEL_VERSION(2,4,22)
+       spin_lock_irqsave(&current->sigmask_lock, flags);
+       flush_signals(current);
+       recalc_sigpending(current);
+       spin_unlock_irqrestore(&current->sigmask_lock, flags);
+#endif
+#endif
+
+    /* signal that we've started the thread */
+       complete(&pTask->taskComplete);
+
+#endif
+}
+
+
+NDIS_STATUS RtmpOSTaskAttach(
+       IN RTMP_OS_TASK *pTask,
+       IN int (*fn)(void *),
+       IN void *arg)
+{
+       NDIS_STATUS status = NDIS_STATUS_SUCCESS;
+       pid_t pid_number = -1;
+
+#ifdef KTHREAD_SUPPORT
+       pTask->task_killed = 0;
+       pTask->kthread_task = NULL;
+       pTask->kthread_task = kthread_run(fn, arg, pTask->taskName);
+       if (IS_ERR(pTask->kthread_task))
+               status = NDIS_STATUS_FAILURE;
+#else
+       pid_number = kernel_thread(fn, arg, RTMP_OS_MGMT_TASK_FLAGS);
+       if (pid_number < 0)
+       {
+               DBGPRINT (RT_DEBUG_ERROR, ("Attach task(%s) failed!\n", pTask->taskName));
+               status = NDIS_STATUS_FAILURE;
+       }
+       else
+       {
+               pTask->taskPID = GET_PID(pid_number);
+
+               // Wait for the thread to start
+               wait_for_completion(&pTask->taskComplete);
+               status = NDIS_STATUS_SUCCESS;
+       }
+#endif
+       return status;
+}
+
+
+NDIS_STATUS RtmpOSTaskInit(
+       IN RTMP_OS_TASK *pTask,
+       IN PSTRING              pTaskName,
+       IN VOID                 *pPriv)
+{
+       int len;
+
+       ASSERT(pTask);
+
+#ifndef KTHREAD_SUPPORT
+       NdisZeroMemory((PUCHAR)(pTask), sizeof(RTMP_OS_TASK));
+#endif
+
+       len = strlen(pTaskName);
+       len = len > (RTMP_OS_TASK_NAME_LEN -1) ? (RTMP_OS_TASK_NAME_LEN-1) : len;
+       NdisMoveMemory(&pTask->taskName[0], pTaskName, len);
+       pTask->priv = pPriv;
+
+#ifndef KTHREAD_SUPPORT
+       RTMP_SEM_EVENT_INIT_LOCKED(&(pTask->taskSema));
+       pTask->taskPID = THREAD_PID_INIT_VALUE;
+
+       init_completion (&pTask->taskComplete);
+#endif
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+void RTMP_IndicateMediaState(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       if (pAd->CommonCfg.bWirelessEvent)
+       {
+               if (pAd->IndicateMediaState == NdisMediaStateConnected)
+               {
+                       RTMPSendWirelessEvent(pAd, IW_STA_LINKUP_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+               }
+               else
+               {
+                       RTMPSendWirelessEvent(pAd, IW_STA_LINKDOWN_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+               }
+       }
+}
+
+
+#if LINUX_VERSION_CODE <= 0x20402      // Red Hat 7.1
+//static struct net_device *alloc_netdev(int sizeof_priv, const char *mask, void (*setup)(struct net_device *)) //sample
+struct net_device *alloc_netdev(
+       int sizeof_priv,
+       const char *mask,
+       void (*setup)(struct net_device *))
+{
+    struct net_device  *dev;
+    INT                                        alloc_size;
+
+
+    /* ensure 32-byte alignment of the private area */
+    alloc_size = sizeof (*dev) + sizeof_priv + 31;
+
+    dev = (struct net_device *) kmalloc(alloc_size, GFP_KERNEL);
+    if (dev == NULL)
+    {
+        DBGPRINT(RT_DEBUG_ERROR,
+                               ("alloc_netdev: Unable to allocate device memory.\n"));
+        return NULL;
+    }
+
+    memset(dev, 0, alloc_size);
+
+    if (sizeof_priv)
+        dev->priv = (void *) (((long)(dev + 1) + 31) & ~31);
+
+    setup(dev);
+    strcpy(dev->name, mask);
+
+    return dev;
+}
+#endif // LINUX_VERSION_CODE //
+
+
+int RtmpOSWrielessEventSend(
+       IN RTMP_ADAPTER *pAd,
+       IN UINT32               eventType,
+       IN INT                  flags,
+       IN PUCHAR               pSrcMac,
+       IN PUCHAR               pData,
+       IN UINT32               dataLen)
+{
+       union iwreq_data    wrqu;
+
+       memset(&wrqu, 0, sizeof(wrqu));
+
+       if (flags>-1)
+              wrqu.data.flags = flags;
+
+       if (pSrcMac)
+               memcpy(wrqu.ap_addr.sa_data, pSrcMac, MAC_ADDR_LEN);
+
+       if ((pData!= NULL) && (dataLen > 0))
+               wrqu.data.length = dataLen;
+
+       wireless_send_event(pAd->net_dev, eventType, &wrqu, (char *)pData);
+       return 0;
+}
+
+
+int RtmpOSNetDevAddrSet(
+       IN PNET_DEV pNetDev,
+       IN PUCHAR       pMacAddr)
+{
+       struct net_device *net_dev;
+       RTMP_ADAPTER *pAd;
+
+       net_dev = pNetDev;
+       //pAd = (RTMP_ADAPTER *)net_dev->priv;
+       pAd=RTMP_OS_NETDEV_GET_PRIV(pNetDev);
+
+#ifdef CONFIG_STA_SUPPORT
+       // work-around for the SuSE due to it has it's own interface name management system.
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               NdisZeroMemory(pAd->StaCfg.dev_name, 16);
+               NdisMoveMemory(pAd->StaCfg.dev_name, net_dev->name, strlen(net_dev->name));
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       NdisMoveMemory(net_dev->dev_addr, pMacAddr, 6);
+
+       return 0;
+}
+
+
+
+/*
+  *    Assign the network dev name for created Ralink WiFi interface.
+  */
+static int RtmpOSNetDevRequestName(
+       IN RTMP_ADAPTER *pAd,
+       IN PNET_DEV dev,
+       IN PSTRING pPrefixStr,
+       IN INT  devIdx)
+{
+       PNET_DEV                existNetDev;
+       STRING          suffixName[IFNAMSIZ];
+       STRING          desiredName[IFNAMSIZ];
+       int     ifNameIdx, prefixLen, slotNameLen;
+       int Status;
+
+
+       prefixLen = strlen(pPrefixStr);
+       ASSERT((prefixLen < IFNAMSIZ));
+
+       for (ifNameIdx = devIdx; ifNameIdx < 32; ifNameIdx++)
+       {
+               memset(suffixName, 0, IFNAMSIZ);
+               memset(desiredName, 0, IFNAMSIZ);
+               strncpy(&desiredName[0], pPrefixStr, prefixLen);
+
+#ifdef MULTIPLE_CARD_SUPPORT
+               if (pAd->MC_RowID >= 0)
+                       sprintf(suffixName, "%02d_%d", pAd->MC_RowID, ifNameIdx);
+               else
+#endif // MULTIPLE_CARD_SUPPORT //
+               sprintf(suffixName, "%d", ifNameIdx);
+
+               slotNameLen = strlen(suffixName);
+               ASSERT(((slotNameLen + prefixLen) < IFNAMSIZ));
+               strcat(desiredName, suffixName);
+
+               existNetDev = RtmpOSNetDevGetByName(dev, &desiredName[0]);
+               if (existNetDev == NULL)
+                       break;
+               else
+                       RtmpOSNetDeviceRefPut(existNetDev);
+       }
+
+       if(ifNameIdx < 32)
+       {
+               strcpy(&dev->name[0], &desiredName[0]);
+               Status = NDIS_STATUS_SUCCESS;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR,
+                                       ("Cannot request DevName with preifx(%s) and in range(0~32) as suffix from OS!\n", pPrefixStr));
+               Status = NDIS_STATUS_FAILURE;
+       }
+
+       return Status;
+}
+
+
+void RtmpOSNetDevClose(
+       IN PNET_DEV pNetDev)
+{
+       dev_close(pNetDev);
+}
+
+
+void RtmpOSNetDevFree(PNET_DEV pNetDev)
+{
+       ASSERT(pNetDev);
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       free_netdev(pNetDev);
+#else
+       kfree(pNetDev);
+#endif
+}
+
+
+INT RtmpOSNetDevAlloc(
+       IN PNET_DEV *new_dev_p,
+       IN UINT32       privDataSize)
+{
+       // assign it as null first.
+       *new_dev_p = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Allocate a net device with private data size=%d!\n", privDataSize));
+#if LINUX_VERSION_CODE <= 0x20402 // Red Hat 7.1
+       *new_dev_p = alloc_netdev(privDataSize, "eth%d", ether_setup);
+#else
+       *new_dev_p = alloc_etherdev(privDataSize);
+#endif // LINUX_VERSION_CODE //
+
+       if (*new_dev_p)
+               return NDIS_STATUS_SUCCESS;
+       else
+               return NDIS_STATUS_FAILURE;
+}
+
+
+PNET_DEV RtmpOSNetDevGetByName(PNET_DEV pNetDev, PSTRING pDevName)
+{
+       PNET_DEV        pTargetNetDev = NULL;
+
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,26)
+       pTargetNetDev = dev_get_by_name(dev_net(pNetDev), pDevName);
+#else
+       ASSERT(pNetDev);
+       pTargetNetDev = dev_get_by_name(pNetDev->nd_net, pDevName);
+#endif
+#else
+       pTargetNetDev = dev_get_by_name(pDevName);
+#endif // KERNEL_VERSION(2,6,24) //
+
+#else
+       int     devNameLen;
+
+       devNameLen = strlen(pDevName);
+       ASSERT((devNameLen <= IFNAMSIZ));
+
+       for(pTargetNetDev=dev_base; pTargetNetDev!=NULL; pTargetNetDev=pTargetNetDev->next)
+       {
+               if (strncmp(pTargetNetDev->name, pDevName, devNameLen) == 0)
+                       break;
+       }
+#endif // KERNEL_VERSION(2,5,0) //
+
+       return pTargetNetDev;
+}
+
+
+void RtmpOSNetDeviceRefPut(PNET_DEV pNetDev)
+{
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       /*
+               every time dev_get_by_name is called, and it has returned a valid struct
+               net_device*, dev_put should be called afterwards, because otherwise the
+               machine hangs when the device is unregistered (since dev->refcnt > 1).
+       */
+       if(pNetDev)
+               dev_put(pNetDev);
+#endif // LINUX_VERSION_CODE //
+}
+
+
+INT RtmpOSNetDevDestory(
+       IN RTMP_ADAPTER *pAd,
+       IN PNET_DEV             pNetDev)
+{
+
+       // TODO: Need to fix this
+       printk("WARNING: This function(%s) not implement yet!!!\n", __FUNCTION__);
+       return 0;
+}
+
+
+void RtmpOSNetDevDetach(PNET_DEV pNetDev)
+{
+       unregister_netdev(pNetDev);
+}
+
+
+int RtmpOSNetDevAttach(
+       IN PNET_DEV pNetDev,
+       IN RTMP_OS_NETDEV_OP_HOOK *pDevOpHook)
+{
+       int ret, rtnl_locked = FALSE;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RtmpOSNetDevAttach()--->\n"));
+       // If we need hook some callback function to the net device structrue, now do it.
+       if (pDevOpHook)
+       {
+               PRTMP_ADAPTER pAd = RTMP_OS_NETDEV_GET_PRIV(pNetDev);
+
+               pNetDev->netdev_ops = pDevOpHook->netdev_ops;
+
+               /* OS specific flags, here we used to indicate if we are virtual interface */
+               pNetDev->priv_flags = pDevOpHook->priv_flags;
+
+#if (WIRELESS_EXT < 21) && (WIRELESS_EXT >= 12)
+               pNetDev->get_wireless_stats = rt28xx_get_wireless_stats;
+#endif
+
+#ifdef CONFIG_STA_SUPPORT
+#if WIRELESS_EXT >= 12
+               if (pAd->OpMode == OPMODE_STA)
+               {
+                       pNetDev->wireless_handlers = &rt28xx_iw_handler_def;
+               }
+#endif //WIRELESS_EXT >= 12
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+#if WIRELESS_EXT >= 12
+               if (pAd->OpMode == OPMODE_AP)
+               {
+                       pNetDev->wireless_handlers = &rt28xx_ap_iw_handler_def;
+               }
+#endif //WIRELESS_EXT >= 12
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+               // copy the net device mac address to the net_device structure.
+               NdisMoveMemory(pNetDev->dev_addr, &pDevOpHook->devAddr[0], MAC_ADDR_LEN);
+
+               rtnl_locked = pDevOpHook->needProtcted;
+       }
+
+       if (rtnl_locked)
+               ret = register_netdevice(pNetDev);
+       else
+               ret = register_netdev(pNetDev);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<---RtmpOSNetDevAttach(), ret=%d\n", ret));
+       if (ret == 0)
+               return NDIS_STATUS_SUCCESS;
+       else
+               return NDIS_STATUS_FAILURE;
+}
+
+
+PNET_DEV RtmpOSNetDevCreate(
+       IN RTMP_ADAPTER *pAd,
+       IN INT                  devType,
+       IN INT                  devNum,
+       IN INT                  privMemSize,
+       IN PSTRING              pNamePrefix)
+{
+       struct net_device *pNetDev = NULL;
+       int status;
+
+
+       /* allocate a new network device */
+       status = RtmpOSNetDevAlloc(&pNetDev, 0 /*privMemSize*/);
+       if (status != NDIS_STATUS_SUCCESS)
+       {
+               /* allocation fail, exit */
+               DBGPRINT(RT_DEBUG_ERROR, ("Allocate network device fail (%s)...\n", pNamePrefix));
+               return NULL;
+       }
+
+
+       /* find a available interface name, max 32 interfaces */
+       status = RtmpOSNetDevRequestName(pAd, pNetDev, pNamePrefix, devNum);
+       if (status != NDIS_STATUS_SUCCESS)
+       {
+               /* error! no any available ra name can be used! */
+               DBGPRINT(RT_DEBUG_ERROR, ("Assign interface name (%s with suffix 0~32) failed...\n", pNamePrefix));
+               RtmpOSNetDevFree(pNetDev);
+
+               return NULL;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("The name of the new %s interface is %s...\n", pNamePrefix, pNetDev->name));
+       }
+
+       return pNetDev;
+}
diff --git a/drivers/staging/rt3090/rt_linux.h b/drivers/staging/rt3090/rt_linux.h
new file mode 100644 (file)
index 0000000..a970e78
--- /dev/null
@@ -0,0 +1,1034 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rt_linux.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+*/
+
+#ifndef __RT_LINUX_H__
+#define __RT_LINUX_H__
+
+#include <linux/module.h>
+#include <linux/version.h>
+#include <linux/kernel.h>
+#include <linux/spinlock.h>
+#include <linux/init.h>
+#include <linux/string.h>
+#include <linux/timer.h>
+#include <linux/errno.h>
+#include <linux/slab.h>
+#include <linux/interrupt.h>
+#include <linux/pci.h>
+#include <linux/netdevice.h>
+#include <linux/etherdevice.h>
+#include <linux/skbuff.h>
+#include <linux/ethtool.h>
+#include <linux/wireless.h>
+#include <linux/proc_fs.h>
+#include <linux/delay.h>
+#include <linux/if_arp.h>
+#include <linux/ctype.h>
+#include <linux/vmalloc.h>
+#include <linux/wireless.h>
+#include <net/iw_handler.h>
+
+#ifdef INF_AMAZON_PPA
+#include <asm/amazon_se/ifx_ppa_interface.h>
+#include <asm/amazon_se/ifx_ppa_hook.h>
+#endif // INF_AMAZON_PPA //
+
+// load firmware
+#define __KERNEL_SYSCALLS__
+#include <linux/unistd.h>
+#include <asm/uaccess.h>
+#include <asm/types.h>
+#include <asm/unaligned.h>     // for get_unaligned()
+
+#ifdef KTHREAD_SUPPORT
+#include <linux/err.h>
+#include <linux/kthread.h>
+#endif // KTHREAD_SUPPORT //
+
+#undef AP_WSC_INCLUDED
+#undef STA_WSC_INCLUDED
+#undef WSC_INCLUDED
+
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+
+#ifdef KTHREAD_SUPPORT
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,4)
+#error "This kerne version doesn't support kthread!!"
+#endif
+#endif // KTHREAD_SUPPORT //
+
+/***********************************************************************************
+ *     Profile related sections
+ ***********************************************************************************/
+
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef RTMP_MAC_PCI
+#define STA_PROFILE_PATH                       "/etc/Wireless/RT2860STA/RT2860STA.dat"
+#define STA_DRIVER_VERSION                     "2.1.0.0"
+#ifdef MULTIPLE_CARD_SUPPORT
+#define CARD_INFO_PATH                 "/etc/Wireless/RT2860STA/RT2860STACard.dat"
+#endif // MULTIPLE_CARD_SUPPORT //
+#endif // RTMP_MAC_PCI //
+
+
+
+extern const struct iw_handler_def rt28xx_iw_handler_def;
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+extern const struct iw_handler_def rt28xx_ap_iw_handler_def;
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+/***********************************************************************************
+ *     Compiler related definitions
+ ***********************************************************************************/
+#undef __inline
+#define __inline               static inline
+#define IN
+#define OUT
+#define INOUT
+#define NDIS_STATUS            INT
+
+
+/***********************************************************************************
+ *     OS Specific definitions and data structures
+ ***********************************************************************************/
+typedef struct pci_dev         * PPCI_DEV;
+typedef struct net_device      * PNET_DEV;
+typedef void                           * PNDIS_PACKET;
+typedef char                           NDIS_PACKET;
+typedef PNDIS_PACKET           * PPNDIS_PACKET;
+typedef        dma_addr_t                      NDIS_PHYSICAL_ADDRESS;
+typedef        dma_addr_t                      * PNDIS_PHYSICAL_ADDRESS;
+typedef void                           * NDIS_HANDLE;
+typedef char                           * PNDIS_BUFFER;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+typedef        struct pid *    RTMP_OS_PID;
+#else
+typedef pid_t                          RTMP_OS_PID;
+#endif
+
+typedef struct semaphore       RTMP_OS_SEM;
+
+#ifdef RTMP_MAC_PCI
+#ifndef PCI_DEVICE
+#define PCI_DEVICE(vend,dev) \
+       .vendor = (vend), .device = (dev), \
+       .subvendor = PCI_ANY_ID, .subdevice = PCI_ANY_ID
+#endif // PCI_DEVICE //
+#endif // RTMP_MAC_PCI //
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#define RT_MOD_INC_USE_COUNT() \
+       if (!try_module_get(THIS_MODULE)) \
+       { \
+               DBGPRINT(RT_DEBUG_ERROR, ("%s: cannot reserve module\n", __FUNCTION__)); \
+               return -1; \
+       }
+
+#define RT_MOD_DEC_USE_COUNT() module_put(THIS_MODULE);
+#else
+#define RT_MOD_INC_USE_COUNT() MOD_INC_USE_COUNT;
+#define RT_MOD_DEC_USE_COUNT() MOD_DEC_USE_COUNT;
+#endif
+
+#define RTMP_INC_REF(_A)               0
+#define RTMP_DEC_REF(_A)               0
+#define RTMP_GET_REF(_A)               0
+
+
+#if WIRELESS_EXT >= 12
+// This function will be called when query /proc
+struct iw_statistics *rt28xx_get_wireless_stats(
+    IN struct net_device *net_dev);
+#endif
+
+
+/***********************************************************************************
+ *     Network related constant definitions
+ ***********************************************************************************/
+#ifndef IFNAMSIZ
+#define IFNAMSIZ 16
+#endif
+
+#define ETH_LENGTH_OF_ADDRESS  6
+
+#define NDIS_STATUS_SUCCESS                     0x00
+#define NDIS_STATUS_FAILURE                     0x01
+#define NDIS_STATUS_INVALID_DATA                               0x02
+#define NDIS_STATUS_RESOURCES                   0x03
+
+#define NDIS_SET_PACKET_STATUS(_p, _status)                    do{} while(0)
+#define NdisWriteErrorLogEntry(_a, _b, _c, _d)         do{} while(0)
+
+/* statistics counter */
+#define STATS_INC_RX_PACKETS(_pAd, _dev)
+#define STATS_INC_TX_PACKETS(_pAd, _dev)
+
+#define STATS_INC_RX_BYTESS(_pAd, _dev, len)
+#define STATS_INC_TX_BYTESS(_pAd, _dev, len)
+
+#define STATS_INC_RX_ERRORS(_pAd, _dev)
+#define STATS_INC_TX_ERRORS(_pAd, _dev)
+
+#define STATS_INC_RX_DROPPED(_pAd, _dev)
+#define STATS_INC_TX_DROPPED(_pAd, _dev)
+
+
+/***********************************************************************************
+ *     Ralink Specific network related constant definitions
+ ***********************************************************************************/
+#define MIN_NET_DEVICE_FOR_AID                 0x00            //0x00~0x3f
+#define MIN_NET_DEVICE_FOR_MBSSID              0x00            //0x00,0x10,0x20,0x30
+#define MIN_NET_DEVICE_FOR_WDS                 0x10            //0x40,0x50,0x60,0x70
+#define MIN_NET_DEVICE_FOR_APCLI               0x20
+#define MIN_NET_DEVICE_FOR_MESH                        0x30
+#ifdef CONFIG_STA_SUPPORT
+#define MIN_NET_DEVICE_FOR_DLS                 0x40
+#endif // CONFIG_STA_SUPPORT //
+#define NET_DEVICE_REAL_IDX_MASK               0x0f            // for each operation mode, we maximum support 15 entities.
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define NDIS_PACKET_TYPE_DIRECTED              0
+#define NDIS_PACKET_TYPE_MULTICAST             1
+#define NDIS_PACKET_TYPE_BROADCAST             2
+#define NDIS_PACKET_TYPE_ALL_MULTICAST 3
+#define NDIS_PACKET_TYPE_PROMISCUOUS   4
+#endif // CONFIG_STA_SUPPORT //
+
+
+/***********************************************************************************
+ *     OS signaling related constant definitions
+ ***********************************************************************************/
+
+
+/***********************************************************************************
+ *     OS file operation related data structure definitions
+ ***********************************************************************************/
+typedef struct file* RTMP_OS_FD;
+
+typedef struct _RTMP_OS_FS_INFO_
+{
+       int                             fsuid;
+       int                             fsgid;
+       mm_segment_t    fs;
+}RTMP_OS_FS_INFO;
+
+#define IS_FILE_OPEN_ERR(_fd)  IS_ERR((_fd))
+
+
+/***********************************************************************************
+ *     OS semaphore related data structure and definitions
+ ***********************************************************************************/
+struct os_lock  {
+       spinlock_t              lock;
+       unsigned long   flags;
+};
+
+typedef spinlock_t                     NDIS_SPIN_LOCK;
+
+//
+//  spin_lock enhanced for Nested spin lock
+//
+#define NdisAllocateSpinLock(__lock)      \
+{                                       \
+    spin_lock_init((spinlock_t *)(__lock));               \
+}
+
+#define NdisFreeSpinLock(lock)          \
+       do{}while(0)
+
+
+#define RTMP_SEM_LOCK(__lock)                                  \
+{                                                                                              \
+       spin_lock_bh((spinlock_t *)(__lock));           \
+}
+
+#define RTMP_SEM_UNLOCK(__lock)                                        \
+{                                                                                              \
+       spin_unlock_bh((spinlock_t *)(__lock));         \
+}
+
+
+// sample, use semaphore lock to replace IRQ lock, 2007/11/15
+#define RTMP_IRQ_LOCK(__lock, __irqflags)                      \
+{                                                                                                      \
+       __irqflags = 0;                                                                 \
+       spin_lock_bh((spinlock_t *)(__lock));                   \
+       pAd->irq_disabled |= 1; \
+}
+
+#define RTMP_IRQ_UNLOCK(__lock, __irqflag)                     \
+{                                                                                                      \
+       pAd->irq_disabled &= 0;                                                 \
+       spin_unlock_bh((spinlock_t *)(__lock));                 \
+}
+
+#define RTMP_INT_LOCK(__lock, __irqflags)                      \
+{                                                                                                      \
+       spin_lock_irqsave((spinlock_t *)__lock, __irqflags);    \
+}
+
+#define RTMP_INT_UNLOCK(__lock, __irqflag)                     \
+{                                                                                                      \
+       spin_unlock_irqrestore((spinlock_t *)(__lock), ((unsigned long)__irqflag));     \
+}
+
+#define NdisAcquireSpinLock            RTMP_SEM_LOCK
+#define NdisReleaseSpinLock            RTMP_SEM_UNLOCK
+
+#ifndef wait_event_interruptible_timeout
+#define __wait_event_interruptible_timeout(wq, condition, ret) \
+do { \
+        wait_queue_t __wait; \
+        init_waitqueue_entry(&__wait, current); \
+        add_wait_queue(&wq, &__wait); \
+        for (;;) { \
+                set_current_state(TASK_INTERRUPTIBLE); \
+                if (condition) \
+                        break; \
+                if (!signal_pending(current)) { \
+                        ret = schedule_timeout(ret); \
+                        if (!ret) \
+                                break; \
+                        continue; \
+                } \
+                ret = -ERESTARTSYS; \
+                break; \
+        } \
+        current->state = TASK_RUNNING; \
+        remove_wait_queue(&wq, &__wait); \
+} while (0)
+
+#define wait_event_interruptible_timeout(wq, condition, timeout) \
+({ \
+        long __ret = timeout; \
+        if (!(condition)) \
+                __wait_event_interruptible_timeout(wq, condition, __ret); \
+        __ret; \
+})
+#endif
+
+#define RTMP_SEM_EVENT_INIT_LOCKED(_pSema)     sema_init((_pSema), 0)
+#define RTMP_SEM_EVENT_INIT(_pSema)                    sema_init((_pSema), 1)
+#define RTMP_SEM_EVENT_WAIT(_pSema, _status)   ((_status) = down_interruptible((_pSema)))
+#define RTMP_SEM_EVENT_UP(_pSema)                      up(_pSema)
+
+#ifdef KTHREAD_SUPPORT
+#define RTMP_WAIT_EVENT_INTERRUPTIBLE(_pAd, _pTask) \
+{ \
+               wait_event_interruptible(_pTask->kthread_q, \
+                                                                _pTask->kthread_running || kthread_should_stop()); \
+               _pTask->kthread_running = FALSE; \
+               if (kthread_should_stop()) \
+               { \
+                       RTMP_SET_FLAG(_pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS); \
+                       break; \
+               } \
+}
+#endif
+
+#ifdef KTHREAD_SUPPORT
+#define WAKE_UP(_pTask) \
+       do{ \
+               if ((_pTask)->kthread_task) \
+        { \
+                       (_pTask)->kthread_running = TRUE; \
+               wake_up(&(_pTask)->kthread_q); \
+               } \
+       }while(0)
+#endif
+
+/***********************************************************************************
+ *     OS Memory Access related data structure and definitions
+ ***********************************************************************************/
+#define MEM_ALLOC_FLAG      (GFP_ATOMIC) //(GFP_DMA | GFP_ATOMIC)
+
+#define NdisMoveMemory(Destination, Source, Length) memmove(Destination, Source, Length)
+#define NdisCopyMemory(Destination, Source, Length) memcpy(Destination, Source, Length)
+#define NdisZeroMemory(Destination, Length)         memset(Destination, 0, Length)
+#define NdisFillMemory(Destination, Length, Fill)   memset(Destination, Fill, Length)
+#define NdisCmpMemory(Destination, Source, Length)  memcmp(Destination, Source, Length)
+#define NdisEqualMemory(Source1, Source2, Length)   (!memcmp(Source1, Source2, Length))
+#define RTMPEqualMemory(Source1, Source2, Length)      (!memcmp(Source1, Source2, Length))
+
+#define MlmeAllocateMemory(_pAd, _ppVA)                os_alloc_mem(_pAd, _ppVA, MGMT_DMA_BUFFER_SIZE)
+#define MlmeFreeMemory(_pAd, _pVA)                     os_free_mem(_pAd, _pVA)
+
+#define COPY_MAC_ADDR(Addr1, Addr2)             memcpy((Addr1), (Addr2), MAC_ADDR_LEN)
+
+
+/***********************************************************************************
+ *     OS task related data structure and definitions
+ ***********************************************************************************/
+#define RTMP_OS_MGMT_TASK_FLAGS        CLONE_VM
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+typedef        struct pid *    THREAD_PID;
+#define        THREAD_PID_INIT_VALUE   NULL
+#define        GET_PID(_v)     find_get_pid((_v))
+#define        GET_PID_NUMBER(_v)      pid_nr((_v))
+#define CHECK_PID_LEGALITY(_pid)       if (pid_nr((_pid)) >= 0)
+#define KILL_THREAD_PID(_A, _B, _C)    kill_pid((_A), (_B), (_C))
+#else
+typedef        pid_t   THREAD_PID;
+#define        THREAD_PID_INIT_VALUE   -1
+#define        GET_PID(_v)     (_v)
+#define        GET_PID_NUMBER(_v)      (_v)
+#define CHECK_PID_LEGALITY(_pid)       if ((_pid) >= 0)
+#define KILL_THREAD_PID(_A, _B, _C)    kill_proc((_A), (_B), (_C))
+#endif
+
+typedef struct tasklet_struct  RTMP_NET_TASK_STRUCT;
+typedef struct tasklet_struct  *PRTMP_NET_TASK_STRUCT;
+
+
+/***********************************************************************************
+ * Timer related definitions and data structures.
+ **********************************************************************************/
+#define OS_HZ                  HZ
+
+typedef struct timer_list      NDIS_MINIPORT_TIMER;
+typedef struct timer_list      RTMP_OS_TIMER;
+typedef void (*TIMER_FUNCTION)(unsigned long);
+
+
+#define OS_WAIT(_time) \
+{      int _i; \
+       long _loop = ((_time)/(1000/OS_HZ)) > 0 ? ((_time)/(1000/OS_HZ)) : 1;\
+       wait_queue_head_t _wait; \
+       init_waitqueue_head(&_wait); \
+       for (_i=0; _i<(_loop); _i++) \
+               wait_event_interruptible_timeout(_wait, 0, ONE_TICK); }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#define RTMP_TIME_AFTER(a,b)           \
+       (typecheck(unsigned long, (unsigned long)a) && \
+        typecheck(unsigned long, (unsigned long)b) && \
+        ((long)(b) - (long)(a) < 0))
+
+#define RTMP_TIME_AFTER_EQ(a,b)        \
+       (typecheck(unsigned long, (unsigned long)a) && \
+        typecheck(unsigned long, (unsigned long)b) && \
+        ((long)(a) - (long)(b) >= 0))
+#define RTMP_TIME_BEFORE(a,b)  RTMP_TIME_AFTER_EQ(b,a)
+#else
+#define typecheck(type,x) \
+({      type __dummy; \
+        typeof(x) __dummy2; \
+        (void)(&__dummy == &__dummy2); \
+        1; \
+})
+#define RTMP_TIME_AFTER_EQ(a,b)        \
+       (typecheck(unsigned long, (unsigned long)a) && \
+        typecheck(unsigned long, (unsigned long)b) && \
+        ((long)(a) - (long)(b) >= 0))
+#define RTMP_TIME_BEFORE(a,b)  RTMP_TIME_AFTER_EQ(b,a)
+#define RTMP_TIME_AFTER(a,b) time_after(a, b)
+#endif
+
+#define ONE_TICK 1
+
+static inline void NdisGetSystemUpTime(ULONG *time)
+{
+       *time = jiffies;
+}
+
+
+/***********************************************************************************
+ *     OS specific cookie data structure binding to RTMP_ADAPTER
+ ***********************************************************************************/
+
+struct os_cookie {
+#ifdef RTMP_MAC_PCI
+       struct pci_dev                  *pci_dev;
+       struct pci_dev                  *parent_pci_dev;
+       USHORT                  DeviceID;
+       dma_addr_t                              pAd_pa;
+#endif // RTMP_MAC_PCI //
+
+
+       RTMP_NET_TASK_STRUCT rx_done_task;
+       RTMP_NET_TASK_STRUCT mgmt_dma_done_task;
+       RTMP_NET_TASK_STRUCT ac0_dma_done_task;
+       RTMP_NET_TASK_STRUCT ac1_dma_done_task;
+       RTMP_NET_TASK_STRUCT ac2_dma_done_task;
+       RTMP_NET_TASK_STRUCT ac3_dma_done_task;
+       /*RTMP_NET_TASK_STRUCT hcca_dma_done_task;*/
+       RTMP_NET_TASK_STRUCT tbtt_task;
+#ifdef RTMP_MAC_PCI
+       RTMP_NET_TASK_STRUCT fifo_statistic_full_task;
+#endif // RTMP_MAC_PCI //
+
+
+
+       unsigned long                   apd_pid; //802.1x daemon pid
+       INT                                             ioctl_if_type;
+       INT                                     ioctl_if;
+};
+
+typedef struct os_cookie       * POS_COOKIE;
+
+
+
+/***********************************************************************************
+ *     OS debugging and printing related definitions and data structure
+ ***********************************************************************************/
+#define PRINT_MAC(addr)        \
+       addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]
+
+#ifdef DBG
+extern ULONG           RTDebugLevel;
+
+#define DBGPRINT_RAW(Level, Fmt)    \
+do{                                   \
+    if (Level <= RTDebugLevel)      \
+    {                               \
+        printk Fmt;               \
+    }                               \
+}while(0)
+
+#define DBGPRINT(Level, Fmt)    DBGPRINT_RAW(Level, Fmt)
+
+
+#define DBGPRINT_ERR(Fmt)           \
+{                                   \
+    printk("ERROR!!! ");          \
+    printk Fmt;                  \
+}
+
+#define DBGPRINT_S(Status, Fmt)                \
+{                                                                      \
+       printk Fmt;                                     \
+}
+#else
+#define DBGPRINT(Level, Fmt)
+#define DBGPRINT_RAW(Level, Fmt)
+#define DBGPRINT_S(Status, Fmt)
+#define DBGPRINT_ERR(Fmt)
+#endif
+
+#undef  ASSERT
+#define ASSERT(x)                                                               \
+{                                                                               \
+    if (!(x))                                                                   \
+    {                                                                           \
+        printk(KERN_WARNING __FILE__ ":%d assert " #x "failed\n", __LINE__);    \
+    }                                                                           \
+}
+
+void hex_dump(char *str, unsigned char *pSrcBufVA, unsigned int SrcBufLen);
+
+
+/*********************************************************************************************************
+       The following code are not revised, temporary put it here.
+  *********************************************************************************************************/
+
+
+/***********************************************************************************
+ * Device DMA Access related definitions and data structures.
+ **********************************************************************************/
+#ifdef RTMP_MAC_PCI
+dma_addr_t linux_pci_map_single(void *handle, void *ptr, size_t size, int sd_idx, int direction);
+void linux_pci_unmap_single(void *handle, dma_addr_t dma_addr, size_t size, int direction);
+
+#define PCI_MAP_SINGLE(_handle, _ptr, _size, _sd_idx, _dir) \
+       linux_pci_map_single(_handle, _ptr, _size, _sd_idx, _dir)
+
+#define PCI_UNMAP_SINGLE(_handle, _ptr, _size, _dir) \
+       linux_pci_unmap_single(_handle, _ptr, _size, _dir)
+
+#define PCI_ALLOC_CONSISTENT(_pci_dev, _size, _ptr) \
+       pci_alloc_consistent(_pci_dev, _size, _ptr)
+
+#define PCI_FREE_CONSISTENT(_pci_dev, _size, _virtual_addr, _physical_addr) \
+       pci_free_consistent(_pci_dev, _size, _virtual_addr, _physical_addr)
+
+#define DEV_ALLOC_SKB(_length) \
+       dev_alloc_skb(_length)
+#endif // RTMP_MAC_PCI //
+
+
+
+/*
+ * ULONG
+ * RTMP_GetPhysicalAddressLow(
+ *   IN NDIS_PHYSICAL_ADDRESS  PhysicalAddress);
+ */
+#define RTMP_GetPhysicalAddressLow(PhysicalAddress)            (PhysicalAddress)
+
+/*
+ * ULONG
+ * RTMP_GetPhysicalAddressHigh(
+ *   IN NDIS_PHYSICAL_ADDRESS  PhysicalAddress);
+ */
+#define RTMP_GetPhysicalAddressHigh(PhysicalAddress)           (0)
+
+/*
+ * VOID
+ * RTMP_SetPhysicalAddressLow(
+ *   IN NDIS_PHYSICAL_ADDRESS  PhysicalAddress,
+ *   IN ULONG  Value);
+ */
+#define RTMP_SetPhysicalAddressLow(PhysicalAddress, Value)     \
+                       PhysicalAddress = Value;
+
+/*
+ * VOID
+ * RTMP_SetPhysicalAddressHigh(
+ *   IN NDIS_PHYSICAL_ADDRESS  PhysicalAddress,
+ *   IN ULONG  Value);
+ */
+#define RTMP_SetPhysicalAddressHigh(PhysicalAddress, Value)
+
+#define NdisMIndicateStatus(_w, _x, _y, _z)
+
+
+
+/***********************************************************************************
+ * Device Register I/O Access related definitions and data structures.
+ **********************************************************************************/
+#ifdef RTMP_MAC_PCI
+#if defined(INF_TWINPASS) || defined(INF_DANUBE) || defined(IKANOS_VX_1X0)
+//Patch for ASIC turst read/write bug, needs to remove after metel fix
+#define RTMP_IO_READ32(_A, _R, _pV)                                                                    \
+{                                                                                                                                      \
+    if ((_A)->bPCIclkOff == FALSE)                                      \
+    {                                                                   \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)));              \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + (_R))));                  \
+       (*_pV = SWAP32(*((UINT32 *)(_pV))));                           \
+    }                                                                   \
+}
+
+#define RTMP_IO_READ8(_A, _R, _pV)                                                                     \
+{                                                                                                                                      \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)));              \
+       (*_pV = readb((void *)((_A)->CSRBaseAddress + (_R))));                  \
+}
+
+#define RTMP_IO_WRITE32(_A, _R, _V)                                                                    \
+{                                                                                                                                      \
+    if ((_A)->bPCIclkOff == FALSE)                                      \
+    {                                                                   \
+       UINT32  _Val;                                                                                                   \
+       _Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0));                \
+       _Val = SWAP32(_V);                                                                                              \
+       writel(_Val, (void *)((_A)->CSRBaseAddress + (_R)));                    \
+    }                                                                   \
+}
+
+#define RTMP_IO_WRITE8(_A, _R, _V)                                                                     \
+{                                                                                                                                      \
+       UINT    Val;                                                                                                    \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0));         \
+       writeb((_V), (PUCHAR)((_A)->CSRBaseAddress + (_R)));                    \
+}
+
+#define RTMP_IO_WRITE16(_A, _R, _V)                                                                    \
+{                                                                                                                                      \
+       UINT    Val;                                                                                                    \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0));         \
+       writew(SWAP16((_V)), (PUSHORT)((_A)->CSRBaseAddress + (_R)));   \
+}
+#else
+//Patch for ASIC turst read/write bug, needs to remove after metel fix
+#define RTMP_IO_READ32(_A, _R, _pV)                                                            \
+{                                                                                                                              \
+    if ((_A)->bPCIclkOff == FALSE)                                  \
+    {                                                               \
+               (*_pV = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)));              \
+               (*_pV = readl((void *)((_A)->CSRBaseAddress + (_R))));                  \
+    }                                                               \
+    else                                                                                                                       \
+               *_pV = 0;                                                                                                       \
+}
+
+#define RTMP_IO_FORCE_READ32(_A, _R, _pV)                                                      \
+{                                                                                                                                      \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)));              \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + (_R))));                  \
+}
+
+#define RTMP_IO_READ8(_A, _R, _pV)                                                             \
+{                                                                                                                              \
+       (*_pV = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)));                      \
+       (*_pV = readb((void *)((_A)->CSRBaseAddress + (_R))));                          \
+}
+
+#define RTMP_IO_WRITE32(_A, _R, _V)                                                                                            \
+{                                                                                                                                                              \
+    if ((_A)->bPCIclkOff == FALSE)                                  \
+    {                                                               \
+       UINT    Val;                                                                                                                            \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0));                 \
+       writel((_V), (void *)((_A)->CSRBaseAddress + (_R)));                                                            \
+    }                                                               \
+}
+
+#define RTMP_IO_FORCE_WRITE32(_A, _R, _V)                                                                                              \
+{                                                                                                                                                              \
+       UINT    Val;                                                                                                                            \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0));                 \
+       writel(_V, (void *)((_A)->CSRBaseAddress + (_R)));                                                              \
+}
+
+
+
+#if defined(BRCM_6358) || defined(RALINK_2880) || defined(RALINK_3052)
+#define RTMP_IO_WRITE8(_A, _R, _V)            \
+{                    \
+       ULONG Val;                \
+       UCHAR _i;                \
+       _i = ((_R) & 0x3);             \
+       Val = readl((void *)((_A)->CSRBaseAddress + ((_R) - _i)));   \
+       Val = Val & (~(0x000000ff << ((_i)*8)));         \
+       Val = Val | ((ULONG)(_V) << ((_i)*8));         \
+       writel((Val), (void *)((_A)->CSRBaseAddress + ((_R) - _i)));    \
+}
+#else
+#define RTMP_IO_WRITE8(_A, _R, _V)                                                     \
+{                                                                                                                      \
+       UINT    Val;                                                                                            \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)); \
+       writeb((_V), (PUCHAR)((_A)->CSRBaseAddress + (_R)));            \
+}
+#endif // #if defined(BRCM_6358) || defined(RALINK_2880) //
+
+#define RTMP_IO_WRITE16(_A, _R, _V)                                                    \
+{                                                                                                                      \
+       UINT    Val;                                                                                    \
+       Val = readl((void *)((_A)->CSRBaseAddress + MAC_CSR0)); \
+       writew((_V), (PUSHORT)((_A)->CSRBaseAddress + (_R)));   \
+}
+#endif // #if defined(INF_TWINPASS) || defined(INF_DANUBE) || defined(IKANOS_VX_1X0) //
+#endif // RTMP_MAC_PCI //
+
+
+
+/***********************************************************************************
+ *     Network Related data structure and marco definitions
+ ***********************************************************************************/
+#define PKTSRC_NDIS             0x7f
+#define PKTSRC_DRIVER           0x0f
+
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,29)
+#define RTMP_OS_NETDEV_SET_PRIV(_pNetDev, _pPriv)      ((_pNetDev)->priv = (_pPriv))
+#define RTMP_OS_NETDEV_GET_PRIV(_pNetDev)              ((_pNetDev)->priv)
+#else
+#define RTMP_OS_NETDEV_SET_PRIV(_pNetDev, _pPriv)      ((_pNetDev)->ml_priv = (_pPriv))
+#define RTMP_OS_NETDEV_GET_PRIV(_pNetDev)              ((_pNetDev)->ml_priv)
+#endif
+#define RTMP_OS_NETDEV_GET_DEVNAME(_pNetDev)   ((_pNetDev)->name)
+#define RTMP_OS_NETDEV_GET_PHYADDR(_PNETDEV)   ((_PNETDEV)->dev_addr)
+
+#define RTMP_OS_NETDEV_START_QUEUE(_pNetDev)   netif_start_queue((_pNetDev))
+#define RTMP_OS_NETDEV_STOP_QUEUE(_pNetDev)    netif_stop_queue((_pNetDev))
+#define RTMP_OS_NETDEV_WAKE_QUEUE(_pNetDev)    netif_wake_queue((_pNetDev))
+#define RTMP_OS_NETDEV_CARRIER_OFF(_pNetDev)   netif_carrier_off((_pNetDev))
+
+#define QUEUE_ENTRY_TO_PACKET(pEntry) \
+       (PNDIS_PACKET)(pEntry)
+
+#define PACKET_TO_QUEUE_ENTRY(pPacket) \
+       (PQUEUE_ENTRY)(pPacket)
+
+#ifdef CONFIG_5VT_ENHANCE
+#define BRIDGE_TAG 0x35564252    // depends on 5VT define in br_input.c
+#endif
+
+#define GET_SG_LIST_FROM_PACKET(_p, _sc)       \
+    rt_get_sg_list_from_packet(_p, _sc)
+
+#define RELEASE_NDIS_PACKET(_pAd, _pPacket, _Status)                    \
+{                                                                       \
+        RTMPFreeNdisPacket(_pAd, _pPacket);                             \
+}
+
+/*
+ * packet helper
+ *     - convert internal rt packet to os packet or
+ *             os packet to rt packet
+ */
+#define RTPKT_TO_OSPKT(_p)             ((struct sk_buff *)(_p))
+#define OSPKT_TO_RTPKT(_p)             ((PNDIS_PACKET)(_p))
+
+#define GET_OS_PKT_DATAPTR(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->data)
+#define SET_OS_PKT_DATAPTR(_pkt, _dataPtr)     \
+               (RTPKT_TO_OSPKT(_pkt)->data) = (_dataPtr)
+
+#define GET_OS_PKT_LEN(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->len)
+#define SET_OS_PKT_LEN(_pkt, _len)     \
+               (RTPKT_TO_OSPKT(_pkt)->len) = (_len)
+
+#define GET_OS_PKT_DATATAIL(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->tail)
+#define SET_OS_PKT_DATATAIL(_pkt, _start, _len)        \
+               ((RTPKT_TO_OSPKT(_pkt))->tail) = (PUCHAR)((_start) + (_len))
+
+#define GET_OS_PKT_HEAD(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->head)
+
+#define GET_OS_PKT_END(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->end)
+
+#define GET_OS_PKT_NETDEV(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->dev)
+#define SET_OS_PKT_NETDEV(_pkt, _pNetDev)      \
+               (RTPKT_TO_OSPKT(_pkt)->dev) = (_pNetDev)
+
+#define GET_OS_PKT_TYPE(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt))
+
+#define GET_OS_PKT_NEXT(_pkt) \
+               (RTPKT_TO_OSPKT(_pkt)->next)
+
+
+#define OS_PKT_CLONED(_pkt)            skb_cloned(RTPKT_TO_OSPKT(_pkt))
+
+#define OS_NTOHS(_Val) \
+               (ntohs(_Val))
+#define OS_HTONS(_Val) \
+               (htons(_Val))
+#define OS_NTOHL(_Val) \
+               (ntohl(_Val))
+#define OS_HTONL(_Val) \
+               (htonl(_Val))
+
+#define CB_OFF  10
+
+// User Priority
+#define RTMP_SET_PACKET_UP(_p, _prio)                  (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+0] = _prio)
+#define RTMP_GET_PACKET_UP(_p)                                 (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+0])
+
+// Fragment #
+#define RTMP_SET_PACKET_FRAGMENTS(_p, _num)            (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+1] = _num)
+#define RTMP_GET_PACKET_FRAGMENTS(_p)                  (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+1])
+
+// 0x0 ~0x7f: TX to AP's own BSS which has the specified AID. if AID>127, set bit 7 in RTMP_SET_PACKET_EMACTAB too.
+//(this value also as MAC(on-chip WCID) table index)
+// 0x80~0xff: TX to a WDS link. b0~6: WDS index
+#define RTMP_SET_PACKET_WCID(_p, _wdsidx)              (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+2] = _wdsidx)
+#define RTMP_GET_PACKET_WCID(_p)                       ((UCHAR)(RTPKT_TO_OSPKT(_p)->cb[CB_OFF+2]))
+
+// 0xff: PKTSRC_NDIS, others: local TX buffer index. This value affects how to a packet
+#define RTMP_SET_PACKET_SOURCE(_p, _pktsrc)            (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+3] = _pktsrc)
+#define RTMP_GET_PACKET_SOURCE(_p)                     (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+3])
+
+// RTS/CTS-to-self protection method
+#define RTMP_SET_PACKET_RTS(_p, _num)                  (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+4] = _num)
+#define RTMP_GET_PACKET_RTS(_p)                                (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+4])
+// see RTMP_S(G)ET_PACKET_EMACTAB
+
+// TX rate index
+#define RTMP_SET_PACKET_TXRATE(_p, _rate)              (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+5] = _rate)
+#define RTMP_GET_PACKET_TXRATE(_p)                             (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+5])
+
+// From which Interface
+#define RTMP_SET_PACKET_IF(_p, _ifdx)          (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+6] = _ifdx)
+#define RTMP_GET_PACKET_IF(_p)                         (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+6])
+#define RTMP_SET_PACKET_NET_DEVICE_MBSSID(_p, _bss)            RTMP_SET_PACKET_IF((_p), (_bss))
+#define RTMP_SET_PACKET_NET_DEVICE_WDS(_p, _bss)               RTMP_SET_PACKET_IF((_p), ((_bss) + MIN_NET_DEVICE_FOR_WDS))
+#define RTMP_SET_PACKET_NET_DEVICE_APCLI(_p, _idx)     RTMP_SET_PACKET_IF((_p), ((_idx) + MIN_NET_DEVICE_FOR_APCLI))
+#define RTMP_SET_PACKET_NET_DEVICE_MESH(_p, _idx)      RTMP_SET_PACKET_IF((_p), ((_idx) + MIN_NET_DEVICE_FOR_MESH))
+#define RTMP_GET_PACKET_NET_DEVICE_MBSSID(_p)                  RTMP_GET_PACKET_IF((_p))
+#define RTMP_GET_PACKET_NET_DEVICE(_p)                                 RTMP_GET_PACKET_IF((_p))
+
+#define RTMP_SET_PACKET_MOREDATA(_p, _morebit)         (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+7] = _morebit)
+#define RTMP_GET_PACKET_MOREDATA(_p)                           (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+7])
+
+
+
+
+
+//
+//     Sepcific Pakcet Type definition
+//
+#define RTMP_PACKET_SPECIFIC_CB_OFFSET 11
+
+#define RTMP_PACKET_SPECIFIC_DHCP              0x01
+#define RTMP_PACKET_SPECIFIC_EAPOL             0x02
+#define RTMP_PACKET_SPECIFIC_IPV4              0x04
+#define RTMP_PACKET_SPECIFIC_WAI               0x08
+#define RTMP_PACKET_SPECIFIC_VLAN              0x10
+#define RTMP_PACKET_SPECIFIC_LLCSNAP   0x20
+
+//Specific
+#define RTMP_SET_PACKET_SPECIFIC(_p, _flg)             (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] = _flg)
+
+//DHCP
+#define RTMP_SET_PACKET_DHCP(_p, _flg)                                                                                                         \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_DHCP);             \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_DHCP);    \
+                       }while(0)
+#define RTMP_GET_PACKET_DHCP(_p)               (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_DHCP)
+
+//EAPOL
+#define RTMP_SET_PACKET_EAPOL(_p, _flg)                                                                                                                \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_EAPOL);            \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_EAPOL);   \
+                       }while(0)
+#define RTMP_GET_PACKET_EAPOL(_p)              (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_EAPOL)
+
+//WAI
+#define RTMP_SET_PACKET_WAI(_p, _flg)                                                                                                          \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_WAI);              \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_WAI);     \
+                       }while(0)
+#define RTMP_GET_PACKET_WAI(_p)                (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_WAI)
+
+#define RTMP_GET_PACKET_LOWRATE(_p)            (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & (RTMP_PACKET_SPECIFIC_EAPOL | RTMP_PACKET_SPECIFIC_DHCP | RTMP_PACKET_SPECIFIC_WAI))
+
+//VLAN
+#define RTMP_SET_PACKET_VLAN(_p, _flg)                                                                                                         \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_VLAN);             \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_VLAN);    \
+                       }while(0)
+#define RTMP_GET_PACKET_VLAN(_p)               (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_VLAN)
+
+//LLC/SNAP
+#define RTMP_SET_PACKET_LLCSNAP(_p, _flg)                                                                                                      \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_LLCSNAP);          \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_LLCSNAP);         \
+                       }while(0)
+
+#define RTMP_GET_PACKET_LLCSNAP(_p)            (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_LLCSNAP)
+
+// IP
+#define RTMP_SET_PACKET_IPV4(_p, _flg)                                                                                                         \
+                       do{                                                                                                                                                             \
+                               if (_flg)                                                                                                                                       \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) |= (RTMP_PACKET_SPECIFIC_IPV4);             \
+                               else                                                                                                                                            \
+                                       (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11]) &= (!RTMP_PACKET_SPECIFIC_IPV4);    \
+                       }while(0)
+
+#define RTMP_GET_PACKET_IPV4(_p)               (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+11] & RTMP_PACKET_SPECIFIC_IPV4)
+
+
+// If this flag is set, it indicates that this EAPoL frame MUST be clear.
+#define RTMP_SET_PACKET_CLEAR_EAP_FRAME(_p, _flg)   (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+12] = _flg)
+#define RTMP_GET_PACKET_CLEAR_EAP_FRAME(_p)         (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+12])
+
+
+
+/* use bit3 of cb[CB_OFF+16] */
+
+#define RTMP_SET_PACKET_5VT(_p, _flg)   (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+22] = _flg)
+#define RTMP_GET_PACKET_5VT(_p)         (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+22])
+
+#ifdef INF_AMAZON_SE
+/* [CB_OFF+28], 1B, Iverson patch for WMM A5-T07 ,WirelessStaToWirelessSta do not bulk out aggregate */
+#define RTMP_SET_PACKET_NOBULKOUT(_p, _morebit)                        (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+28] = _morebit)
+#define RTMP_GET_PACKET_NOBULKOUT(_p)                                  (RTPKT_TO_OSPKT(_p)->cb[CB_OFF+28])
+#endif // INF_AMAZON_SE //
+/* Max skb->cb = 48B = [CB_OFF+38] */
+
+
+
+/***********************************************************************************
+ *     Other function prototypes definitions
+ ***********************************************************************************/
+void RTMP_GetCurrentSystemTime(LARGE_INTEGER *time);
+int rt28xx_packet_xmit(struct sk_buff *skb);
+
+
+void FlashWrite(UCHAR * p, ULONG a, ULONG b);
+void FlashRead(UCHAR * p, ULONG a, ULONG b);
+
+#if LINUX_VERSION_CODE <= 0x20402      // Red Hat 7.1
+struct net_device *alloc_netdev(int sizeof_priv, const char *mask, void (*setup)(struct net_device *));
+#endif // LINUX_VERSION_CODE //
+
+
+#ifdef RTMP_MAC_PCI
+/* function declarations */
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#define IRQ_HANDLE_TYPE  irqreturn_t
+#else
+#define IRQ_HANDLE_TYPE  void
+#endif
+
+IRQ_HANDLE_TYPE
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+rt2860_interrupt(int irq, void *dev_instance);
+#else
+rt2860_interrupt(int irq, void *dev_instance, struct pt_regs *regs);
+#endif
+
+#endif // RTMP_MAC_PCI //
+
+INT rt28xx_ioctl(
+       IN      PNET_DEV                net_dev,
+       IN      OUT     struct ifreq    *rq,
+       IN      INT                     cmd);
+
+
+#ifdef CONFIG_STA_SUPPORT
+INT rt28xx_sta_ioctl(
+       IN      PNET_DEV                net_dev,
+       IN      OUT     struct ifreq    *rq,
+       IN      INT                     cmd);
+#endif // CONFIG_STA_SUPPORT //
+
+extern int ra_mtd_write(int num, loff_t to, size_t len, const u_char *buf);
+extern int ra_mtd_read(int num, loff_t from, size_t len, u_char *buf);
+
+#endif // __RT_LINUX_H__ //
diff --git a/drivers/staging/rt3090/rt_main_dev.c b/drivers/staging/rt3090/rt_main_dev.c
new file mode 100644 (file)
index 0000000..3307a5f
--- /dev/null
@@ -0,0 +1,897 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rt_main_dev.c
+
+    Abstract:
+    Create and register network interface.
+
+    Revision History:
+    Who         When            What
+    --------    ----------      ----------------------------------------------
+*/
+
+#include "rt_config.h"
+
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+UINT32 CW_MAX_IN_BITS;
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+/*---------------------------------------------------------------------*/
+/* Private Variables Used                                              */
+/*---------------------------------------------------------------------*/
+
+PSTRING mac = "";                 // default 00:00:00:00:00:00
+PSTRING hostname = "";            // default CMPC
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(2,6,12)
+MODULE_PARM (mac, "s");
+#else
+module_param (mac, charp, 0);
+#endif
+MODULE_PARM_DESC (mac, "rt28xx: wireless mac addr");
+
+
+/*---------------------------------------------------------------------*/
+/* Prototypes of Functions Used                                        */
+/*---------------------------------------------------------------------*/
+
+// public function prototype
+int rt28xx_close(IN struct net_device *net_dev);
+int rt28xx_open(struct net_device *net_dev);
+
+// private function prototype
+static INT rt28xx_send_packets(IN struct sk_buff *skb_p, IN struct net_device *net_dev);
+
+
+static struct net_device_stats *RT28xx_get_ether_stats(
+    IN  struct net_device *net_dev);
+
+/*
+========================================================================
+Routine Description:
+    Close raxx interface.
+
+Arguments:
+       *net_dev                        the raxx interface pointer
+
+Return Value:
+    0                                  Open OK
+       otherwise                       Open Fail
+
+Note:
+       1. if open fail, kernel will not call the close function.
+       2. Free memory for
+               (1) Mlme Memory Handler:                MlmeHalt()
+               (2) TX & RX:                                    RTMPFreeTxRxRingMemory()
+               (3) BA Reordering:                              ba_reordering_resource_release()
+========================================================================
+*/
+int MainVirtualIF_close(IN struct net_device *net_dev)
+{
+    RTMP_ADAPTER *pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+       // Sanity check for pAd
+       if (pAd == NULL)
+               return 0; // close ok
+
+       netif_carrier_off(pAd->net_dev);
+       netif_stop_queue(pAd->net_dev);
+
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               BOOLEAN                 Cancelled;
+#ifdef QOS_DLS_SUPPORT
+               // send DLS-TEAR_DOWN message,
+               if (pAd->CommonCfg.bDLSCapable)
+               {
+                       UCHAR i;
+
+                       // tear down local dls table entry
+                       for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+                       {
+                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                               {
+                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               }
+                       }
+
+                       // tear down peer dls table entry
+                       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+                       {
+                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                               {
+                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               }
+                       }
+                       RTMP_MLME_HANDLER(pAd);
+               }
+#endif // QOS_DLS_SUPPORT //
+
+               if (INFRA_ON(pAd) &&
+                       (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_NIC_NOT_EXIST)))
+               {
+                       MLME_DISASSOC_REQ_STRUCT        DisReq;
+                       MLME_QUEUE_ELEM *MsgElem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+
+                       if (MsgElem)
+                       {
+                       COPY_MAC_ADDR(DisReq.Addr, pAd->CommonCfg.Bssid);
+                       DisReq.Reason =  REASON_DEAUTH_STA_LEAVING;
+
+                       MsgElem->Machine = ASSOC_STATE_MACHINE;
+                       MsgElem->MsgType = MT2_MLME_DISASSOC_REQ;
+                       MsgElem->MsgLen = sizeof(MLME_DISASSOC_REQ_STRUCT);
+                       NdisMoveMemory(MsgElem->Msg, &DisReq, sizeof(MLME_DISASSOC_REQ_STRUCT));
+
+                       // Prevent to connect AP again in STAMlmePeriodicExec
+                       pAd->MlmeAux.AutoReconnectSsidLen= 32;
+                       NdisZeroMemory(pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen);
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_DISASSOC;
+                       MlmeDisassocReqAction(pAd, MsgElem);
+                       kfree(MsgElem);
+                       }
+
+                       RTMPusecDelay(1000);
+               }
+
+               RTMPCancelTimer(&pAd->StaCfg.StaQuickResponeForRateUpTimer, &Cancelled);
+               RTMPCancelTimer(&pAd->StaCfg.WpaDisassocAndBlockAssocTimer, &Cancelled);
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+               // send wireless event to wpa_supplicant for infroming interface down.
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_INTERFACE_DOWN, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       VIRTUAL_IF_DOWN(pAd);
+
+       RT_MOD_DEC_USE_COUNT();
+
+       return 0; // close ok
+}
+
+/*
+========================================================================
+Routine Description:
+    Open raxx interface.
+
+Arguments:
+       *net_dev                        the raxx interface pointer
+
+Return Value:
+    0                                  Open OK
+       otherwise                       Open Fail
+
+Note:
+       1. if open fail, kernel will not call the close function.
+       2. Free memory for
+               (1) Mlme Memory Handler:                MlmeHalt()
+               (2) TX & RX:                                    RTMPFreeTxRxRingMemory()
+               (3) BA Reordering:                              ba_reordering_resource_release()
+========================================================================
+*/
+int MainVirtualIF_open(IN struct net_device *net_dev)
+{
+    RTMP_ADAPTER *pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+       // Sanity check for pAd
+       if (pAd == NULL)
+               return 0; // close ok
+
+       if (VIRTUAL_IF_UP(pAd) != 0)
+               return -1;
+
+       // increase MODULE use count
+       RT_MOD_INC_USE_COUNT();
+
+       netif_start_queue(net_dev);
+       netif_carrier_on(net_dev);
+       netif_wake_queue(net_dev);
+
+       return 0;
+}
+
+/*
+========================================================================
+Routine Description:
+    Close raxx interface.
+
+Arguments:
+       *net_dev                        the raxx interface pointer
+
+Return Value:
+    0                                  Open OK
+       otherwise                       Open Fail
+
+Note:
+       1. if open fail, kernel will not call the close function.
+       2. Free memory for
+               (1) Mlme Memory Handler:                MlmeHalt()
+               (2) TX & RX:                                    RTMPFreeTxRxRingMemory()
+               (3) BA Reordering:                              ba_reordering_resource_release()
+========================================================================
+*/
+int rt28xx_close(IN PNET_DEV dev)
+{
+       struct net_device * net_dev = (struct net_device *)dev;
+    RTMP_ADAPTER       *pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       BOOLEAN                 Cancelled;
+       UINT32                  i = 0;
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("===> rt28xx_close\n"));
+
+       Cancelled = FALSE;
+       // Sanity check for pAd
+       if (pAd == NULL)
+               return 0; // close ok
+
+
+
+#ifdef WDS_SUPPORT
+       WdsDown(pAd);
+#endif // WDS_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+#ifdef RTMP_MAC_PCI
+               RTMPPCIeLinkCtrlValueRestore(pAd, RESTORE_CLOSE);
+#endif // RTMP_MAC_PCI //
+
+               // If dirver doesn't wake up firmware here,
+               // NICLoadFirmware will hang forever when interface is up again.
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+        {
+                   AsicForceWakeup(pAd, TRUE);
+        }
+
+
+               MlmeRadioOff(pAd);
+#ifdef RTMP_MAC_PCI
+               pAd->bPCIclkOff = FALSE;
+#endif // RTMP_MAC_PCI //
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS);
+
+       for (i = 0 ; i < NUM_OF_TX_RING; i++)
+       {
+               while (pAd->DeQueueRunning[i] == TRUE)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("Waiting for TxQueue[%d] done..........\n", i));
+                       RTMPusecDelay(1000);
+               }
+       }
+
+
+
+       // Stop Mlme state machine
+       MlmeHalt(pAd);
+
+       // Close net tasklets
+       RtmpNetTaskExit(pAd);
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               MacTableReset(pAd);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+
+       MeasureReqTabExit(pAd);
+       TpcReqTabExit(pAd);
+
+
+       // Close kernel threads
+       RtmpMgmtTaskExit(pAd);
+
+#ifdef RTMP_MAC_PCI
+       {
+                       BOOLEAN brc;
+                       //      ULONG                   Value;
+
+                       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_ACTIVE))
+                       {
+                               RTMP_ASIC_INTERRUPT_DISABLE(pAd);
+                       }
+
+                       // Receive packets to clear DMA index after disable interrupt.
+                       //RTMPHandleRxDoneInterrupt(pAd);
+                       // put to radio off to save power when driver unload.  After radiooff, can't write /read register.  So need to finish all
+                       // register access before Radio off.
+
+
+                       brc=RT28xxPciAsicRadioOff(pAd, RTMP_HALT, 0);
+
+//In  solution 3 of 3090F, the bPCIclkOff will be set to TRUE after calling RT28xxPciAsicRadioOff
+                       pAd->bPCIclkOff = FALSE;
+
+                       if (brc==FALSE)
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR,("%s call RT28xxPciAsicRadioOff fail !!\n", __FUNCTION__));
+                       }
+       }
+
+
+/*
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_ACTIVE))
+       {
+               RTMP_ASIC_INTERRUPT_DISABLE(pAd);
+       }
+
+       // Disable Rx, register value supposed will remain after reset
+       NICIssueReset(pAd);
+*/
+#endif // RTMP_MAC_PCI //
+
+       // Free IRQ
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+#ifdef RTMP_MAC_PCI
+               // Deregister interrupt function
+               RTMP_IRQ_RELEASE(net_dev)
+#endif // RTMP_MAC_PCI //
+               RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE);
+       }
+
+       // Free Ring or USB buffers
+       RTMPFreeTxRxRingMemory(pAd);
+
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS);
+
+#ifdef DOT11_N_SUPPORT
+       // Free BA reorder resource
+       ba_reordering_resource_release(pAd);
+#endif // DOT11_N_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_START_UP);
+
+/*+++Modify by woody to solve the bulk fail+++*/
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<=== rt28xx_close\n"));
+       return 0; // close ok
+} /* End of rt28xx_close */
+
+
+/*
+========================================================================
+Routine Description:
+    Open raxx interface.
+
+Arguments:
+       *net_dev                        the raxx interface pointer
+
+Return Value:
+    0                                  Open OK
+       otherwise                       Open Fail
+
+Note:
+========================================================================
+*/
+int rt28xx_open(IN PNET_DEV dev)
+{
+       struct net_device * net_dev = (struct net_device *)dev;
+       PRTMP_ADAPTER pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       int retval = 0;
+       //POS_COOKIE pObj;
+
+
+       // Sanity check for pAd
+       if (pAd == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -1;
+       }
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+       if (pAd->OpMode == OPMODE_AP)
+       {
+               CW_MAX_IN_BITS = 6;
+       }
+       else if (pAd->OpMode == OPMODE_STA)
+       {
+               CW_MAX_IN_BITS = 10;
+       }
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+#if WIRELESS_EXT >= 12
+       if (net_dev->priv_flags == INT_MAIN)
+       {
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+               if (pAd->OpMode == OPMODE_AP)
+                       net_dev->wireless_handlers = (struct iw_handler_def *) &rt28xx_ap_iw_handler_def;
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+#ifdef CONFIG_STA_SUPPORT
+               if (pAd->OpMode == OPMODE_STA)
+                       net_dev->wireless_handlers = (struct iw_handler_def *) &rt28xx_iw_handler_def;
+#endif // CONFIG_STA_SUPPORT //
+       }
+#endif // WIRELESS_EXT >= 12 //
+
+       // Request interrupt service routine for PCI device
+       // register the interrupt routine with the os
+       RTMP_IRQ_REQUEST(net_dev);
+
+       // Init IRQ parameters stored in pAd
+       RTMP_IRQ_INIT(pAd);
+
+       // Chip & other init
+       if (rt28xx_init(pAd, mac, hostname) == FALSE)
+               goto err;
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+       // Enable Interrupt
+       RTMP_IRQ_ENABLE(pAd);
+
+       // Now Enable RxTx
+       RTMPEnableRxTx(pAd);
+       RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_START_UP);
+
+       {
+       UINT32 reg = 0;
+       RTMP_IO_READ32(pAd, 0x1300, &reg);  // clear garbage interrupts
+       printk("0x1300 = %08x\n", reg);
+       }
+
+       {
+//     u32 reg;
+//     UINT8  byte;
+//     u16 tmp;
+
+//     RTMP_IO_READ32(pAd, XIFS_TIME_CFG, &reg);
+
+//     tmp = 0x0805;
+//     reg  = (reg & 0xffff0000) | tmp;
+//     RTMP_IO_WRITE32(pAd, XIFS_TIME_CFG, reg);
+
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef RTMP_MAC_PCI
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+        RTMPInitPCIeLinkCtrlValue(pAd);
+#endif // RTMP_MAC_PCI //
+#endif // CONFIG_STA_SUPPORT //
+
+       return (retval);
+
+err:
+//+++Add by shiang, move from rt28xx_init() to here.
+       RTMP_IRQ_RELEASE(net_dev);
+//---Add by shiang, move from rt28xx_init() to here.
+       return (-1);
+} /* End of rt28xx_open */
+
+static const struct net_device_ops rt3090_netdev_ops = {
+       .ndo_open               = MainVirtualIF_open,
+       .ndo_stop               = MainVirtualIF_close,
+       .ndo_do_ioctl           = rt28xx_ioctl,
+       .ndo_get_stats          = RT28xx_get_ether_stats,
+       .ndo_set_mac_address    = eth_mac_addr,
+       .ndo_change_mtu         = eth_change_mtu,
+#ifdef IKANOS_VX_1X0
+       .ndo_start_xmit         = IKANOS_DataFramesTx,
+#else
+       .ndo_start_xmit         = rt28xx_send_packets,
+#endif
+};
+
+PNET_DEV RtmpPhyNetDevInit(
+       IN RTMP_ADAPTER *pAd,
+       IN RTMP_OS_NETDEV_OP_HOOK *pNetDevHook)
+{
+       struct net_device       *net_dev = NULL;
+//     NDIS_STATUS             Status;
+
+       net_dev = RtmpOSNetDevCreate(pAd, INT_MAIN, 0, sizeof(PRTMP_ADAPTER), INF_MAIN_DEV_NAME);
+       if (net_dev == NULL)
+       {
+               printk("RtmpPhyNetDevInit(): creation failed for main physical net device!\n");
+               return NULL;
+       }
+
+       NdisZeroMemory((unsigned char *)pNetDevHook, sizeof(RTMP_OS_NETDEV_OP_HOOK));
+       pNetDevHook->netdev_ops = &rt3090_netdev_ops;
+       pNetDevHook->priv_flags = INT_MAIN;
+       pNetDevHook->needProtcted = FALSE;
+
+       RTMP_OS_NETDEV_SET_PRIV(net_dev, pAd);
+       //net_dev->priv = (PVOID)pAd;
+       pAd->net_dev = net_dev;
+
+
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
+       SET_MODULE_OWNER(net_dev);
+#endif
+
+       netif_stop_queue(net_dev);
+
+       return net_dev;
+
+}
+
+
+/*
+========================================================================
+Routine Description:
+    The entry point for Linux kernel sent packet to our driver.
+
+Arguments:
+    sk_buff *skb               the pointer refer to a sk_buffer.
+
+Return Value:
+    0
+
+Note:
+       This function is the entry point of Tx Path for Os delivery packet to
+       our driver. You only can put OS-depened & STA/AP common handle procedures
+       in here.
+========================================================================
+*/
+int rt28xx_packet_xmit(struct sk_buff *skb)
+{
+       struct net_device *net_dev = skb->dev;
+       PRTMP_ADAPTER pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       int status = 0;
+       PNDIS_PACKET pPacket = (PNDIS_PACKET) skb;
+
+       /* RT2870STA does this in RTMPSendPackets() */
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       {
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_RESOURCES);
+               return 0;
+       }
+#endif // RALINK_ATE //
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               // Drop send request since we are in monitor mode
+               if (MONITOR_ON(pAd))
+               {
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                       goto done;
+               }
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+        // EapolStart size is 18
+       if (skb->len < 14)
+       {
+               //printk("bad packet size: %d\n", pkt->len);
+               hex_dump("bad packet", skb->data, skb->len);
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+               goto done;
+       }
+
+
+
+       RTMP_SET_PACKET_5VT(pPacket, 0);
+//     MiniportMMRequest(pAd, pkt->data, pkt->len);
+#ifdef CONFIG_5VT_ENHANCE
+    if (*(int*)(skb->cb) == BRIDGE_TAG) {
+               RTMP_SET_PACKET_5VT(pPacket, 1);
+    }
+#endif
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+
+               STASendPackets((NDIS_HANDLE)pAd, (PPNDIS_PACKET) &pPacket, 1);
+       }
+
+#endif // CONFIG_STA_SUPPORT //
+
+       status = 0;
+done:
+
+       return status;
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Send a packet to WLAN.
+
+Arguments:
+    skb_p           points to our adapter
+    dev_p           which WLAN network interface
+
+Return Value:
+    0: transmit successfully
+    otherwise: transmit fail
+
+Note:
+========================================================================
+*/
+static int rt28xx_send_packets(
+       IN struct sk_buff               *skb_p,
+       IN struct net_device    *net_dev)
+{
+       RTMP_ADAPTER *pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+       if (!(net_dev->flags & IFF_UP))
+       {
+               RELEASE_NDIS_PACKET(pAd, (PNDIS_PACKET)skb_p, NDIS_STATUS_FAILURE);
+               return 0;
+       }
+
+       NdisZeroMemory((PUCHAR)&skb_p->cb[CB_OFF], 15);
+       RTMP_SET_PACKET_NET_DEVICE_MBSSID(skb_p, MAIN_MBSSID);
+
+       return rt28xx_packet_xmit(skb_p);
+}
+
+
+#if WIRELESS_EXT >= 12
+// This function will be called when query /proc
+struct iw_statistics *rt28xx_get_wireless_stats(
+    IN struct net_device *net_dev)
+{
+       PRTMP_ADAPTER pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+
+
+       DBGPRINT(RT_DEBUG_TRACE, ("rt28xx_get_wireless_stats --->\n"));
+
+       pAd->iw_stats.status = 0; // Status - device dependent for now
+
+       // link quality
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+       pAd->iw_stats.qual.qual = ((pAd->Mlme.ChannelQuality * 12)/10 + 10);
+#endif // CONFIG_STA_SUPPORT //
+
+       if(pAd->iw_stats.qual.qual > 100)
+               pAd->iw_stats.qual.qual = 100;
+
+#ifdef CONFIG_STA_SUPPORT
+       if (pAd->OpMode == OPMODE_STA)
+       {
+               pAd->iw_stats.qual.level =
+                       RTMPMaxRssi(pAd, pAd->StaCfg.RssiSample.LastRssi0,
+                                                       pAd->StaCfg.RssiSample.LastRssi1,
+                                                       pAd->StaCfg.RssiSample.LastRssi2);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       pAd->iw_stats.qual.noise = pAd->BbpWriteLatch[66]; // noise level (dBm)
+
+       pAd->iw_stats.qual.noise += 256 - 143;
+       pAd->iw_stats.qual.updated = 1;     // Flags to know if updated
+#ifdef IW_QUAL_DBM
+       pAd->iw_stats.qual.updated |= IW_QUAL_DBM;      // Level + Noise are dBm
+#endif // IW_QUAL_DBM //
+
+       pAd->iw_stats.discard.nwid = 0;     // Rx : Wrong nwid/essid
+       pAd->iw_stats.miss.beacon = 0;      // Missed beacons/superframe
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<--- rt28xx_get_wireless_stats\n"));
+       return &pAd->iw_stats;
+}
+#endif // WIRELESS_EXT //
+
+
+void tbtt_tasklet(unsigned long data)
+{
+//#define MAX_TX_IN_TBTT               (16)
+
+}
+
+INT rt28xx_ioctl(
+       IN      PNET_DEV        net_dev,
+       IN      OUT     struct ifreq    *rq,
+       IN      INT                                     cmd)
+{
+       RTMP_ADAPTER    *pAd = NULL;
+       INT                             ret = 0;
+
+       pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       if (pAd == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               ret = rt28xx_sta_ioctl(net_dev, rq, cmd);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+       return ret;
+}
+
+
+/*
+    ========================================================================
+
+    Routine Description:
+        return ethernet statistics counter
+
+    Arguments:
+        net_dev                     Pointer to net_device
+
+    Return Value:
+        net_device_stats*
+
+    Note:
+
+    ========================================================================
+*/
+static struct net_device_stats *RT28xx_get_ether_stats(
+    IN  struct net_device *net_dev)
+{
+    RTMP_ADAPTER *pAd = NULL;
+
+       if (net_dev)
+               pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+
+       if (pAd)
+       {
+
+               pAd->stats.rx_packets = pAd->WlanCounters.ReceivedFragmentCount.QuadPart;
+               pAd->stats.tx_packets = pAd->WlanCounters.TransmittedFragmentCount.QuadPart;
+
+               pAd->stats.rx_bytes = pAd->RalinkCounters.ReceivedByteCount;
+               pAd->stats.tx_bytes = pAd->RalinkCounters.TransmittedByteCount;
+
+               pAd->stats.rx_errors = pAd->Counters8023.RxErrors;
+               pAd->stats.tx_errors = pAd->Counters8023.TxErrors;
+
+               pAd->stats.rx_dropped = 0;
+               pAd->stats.tx_dropped = 0;
+
+           pAd->stats.multicast = pAd->WlanCounters.MulticastReceivedFrameCount.QuadPart;   // multicast packets received
+           pAd->stats.collisions = pAd->Counters8023.OneCollision + pAd->Counters8023.MoreCollisions;  // Collision packets
+
+           pAd->stats.rx_length_errors = 0;
+           pAd->stats.rx_over_errors = pAd->Counters8023.RxNoBuffer;                   // receiver ring buff overflow
+           pAd->stats.rx_crc_errors = 0;//pAd->WlanCounters.FCSErrorCount;     // recved pkt with crc error
+           pAd->stats.rx_frame_errors = pAd->Counters8023.RcvAlignmentErrors;          // recv'd frame alignment error
+           pAd->stats.rx_fifo_errors = pAd->Counters8023.RxNoBuffer;                   // recv'r fifo overrun
+           pAd->stats.rx_missed_errors = 0;                                            // receiver missed packet
+
+           // detailed tx_errors
+           pAd->stats.tx_aborted_errors = 0;
+           pAd->stats.tx_carrier_errors = 0;
+           pAd->stats.tx_fifo_errors = 0;
+           pAd->stats.tx_heartbeat_errors = 0;
+           pAd->stats.tx_window_errors = 0;
+
+           // for cslip etc
+           pAd->stats.rx_compressed = 0;
+           pAd->stats.tx_compressed = 0;
+
+               return &pAd->stats;
+       }
+       else
+       return NULL;
+}
+
+
+BOOLEAN RtmpPhyNetDevExit(
+       IN RTMP_ADAPTER *pAd,
+       IN PNET_DEV net_dev)
+{
+
+
+
+#ifdef INF_AMAZON_PPA
+       if (ppa_hook_directpath_register_dev_fn && pAd->PPAEnable==TRUE)
+       {
+               UINT status;
+               status=ppa_hook_directpath_register_dev_fn(&pAd->g_if_id, pAd->net_dev, NULL, PPA_F_DIRECTPATH_DEREGISTER);
+               printk("unregister PPA:g_if_id=%d status=%d\n",pAd->g_if_id,status);
+       }
+       kfree(pAd->pDirectpathCb);
+#endif // INF_AMAZON_PPA //
+
+       // Unregister network device
+       if (net_dev != NULL)
+       {
+               printk("RtmpOSNetDevDetach(): RtmpOSNetDeviceDetach(), dev->name=%s!\n", net_dev->name);
+               RtmpOSNetDevDetach(net_dev);
+       }
+
+       return TRUE;
+
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Allocate memory for adapter control block.
+
+Arguments:
+    pAd                                        Pointer to our adapter
+
+Return Value:
+       NDIS_STATUS_SUCCESS
+       NDIS_STATUS_FAILURE
+       NDIS_STATUS_RESOURCES
+
+Note:
+========================================================================
+*/
+NDIS_STATUS AdapterBlockAllocateMemory(
+       IN PVOID        handle,
+       OUT     PVOID   *ppAd)
+{
+
+       *ppAd = (PVOID)vmalloc(sizeof(RTMP_ADAPTER)); //pci_alloc_consistent(pci_dev, sizeof(RTMP_ADAPTER), phy_addr);
+
+       if (*ppAd)
+       {
+               NdisZeroMemory(*ppAd, sizeof(RTMP_ADAPTER));
+               ((PRTMP_ADAPTER)*ppAd)->OS_Cookie = handle;
+               return (NDIS_STATUS_SUCCESS);
+       } else {
+               return (NDIS_STATUS_FAILURE);
+       }
+}
diff --git a/drivers/staging/rt3090/rt_pci_rbus.c b/drivers/staging/rt3090/rt_pci_rbus.c
new file mode 100644 (file)
index 0000000..2991319
--- /dev/null
@@ -0,0 +1,989 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rt_pci_rbus.c
+
+    Abstract:
+    Create and register network interface.
+
+    Revision History:
+    Who         When            What
+    --------    ----------      ----------------------------------------------
+*/
+
+#include "rt_config.h"
+#include <linux/pci.h>
+
+
+IRQ_HANDLE_TYPE
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+rt2860_interrupt(int irq, void *dev_instance);
+#else
+rt2860_interrupt(int irq, void *dev_instance, struct pt_regs *regs);
+#endif
+
+
+static void rx_done_tasklet(unsigned long data);
+static void mgmt_dma_done_tasklet(unsigned long data);
+static void ac0_dma_done_tasklet(unsigned long data);
+static void ac1_dma_done_tasklet(unsigned long data);
+static void ac2_dma_done_tasklet(unsigned long data);
+static void ac3_dma_done_tasklet(unsigned long data);
+/*static void hcca_dma_done_tasklet(unsigned long data);*/
+static void fifo_statistic_full_tasklet(unsigned long data);
+
+
+
+/*---------------------------------------------------------------------*/
+/* Symbol & Macro Definitions                                          */
+/*---------------------------------------------------------------------*/
+#define RT2860_INT_RX_DLY                              (1<<0)          // bit 0
+#define RT2860_INT_TX_DLY                              (1<<1)          // bit 1
+#define RT2860_INT_RX_DONE                             (1<<2)          // bit 2
+#define RT2860_INT_AC0_DMA_DONE                        (1<<3)          // bit 3
+#define RT2860_INT_AC1_DMA_DONE                        (1<<4)          // bit 4
+#define RT2860_INT_AC2_DMA_DONE                        (1<<5)          // bit 5
+#define RT2860_INT_AC3_DMA_DONE                        (1<<6)          // bit 6
+#define RT2860_INT_HCCA_DMA_DONE               (1<<7)          // bit 7
+#define RT2860_INT_MGMT_DONE                   (1<<8)          // bit 8
+#ifdef TONE_RADAR_DETECT_SUPPORT
+#define RT2860_INT_TONE_RADAR                  (1<<20)         // bit 20
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+#define INT_RX                 RT2860_INT_RX_DONE
+
+#define INT_AC0_DLY            (RT2860_INT_AC0_DMA_DONE) //| RT2860_INT_TX_DLY)
+#define INT_AC1_DLY            (RT2860_INT_AC1_DMA_DONE) //| RT2860_INT_TX_DLY)
+#define INT_AC2_DLY            (RT2860_INT_AC2_DMA_DONE) //| RT2860_INT_TX_DLY)
+#define INT_AC3_DLY            (RT2860_INT_AC3_DMA_DONE) //| RT2860_INT_TX_DLY)
+#define INT_HCCA_DLY   (RT2860_INT_HCCA_DMA_DONE) //| RT2860_INT_TX_DLY)
+#define INT_MGMT_DLY   RT2860_INT_MGMT_DONE
+#ifdef TONE_RADAR_DETECT_SUPPORT
+#define INT_TONE_RADAR (RT2860_INT_TONE_RADAR)
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+
+/***************************************************************************
+  *
+  *    Interface-depended memory allocation/Free related procedures.
+  *            Mainly for Hardware TxDesc/RxDesc/MgmtDesc, DMA Memory for TxData/RxData, etc.,
+  *
+  **************************************************************************/
+// Function for TxDesc Memory allocation.
+void RTMP_AllocateTxDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      UINT    Index,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       *VirtualAddress = (PVOID)pci_alloc_consistent(pObj->pci_dev,sizeof(char)*Length, PhysicalAddress);
+
+}
+
+
+// Function for MgmtDesc Memory allocation.
+void RTMP_AllocateMgmtDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       *VirtualAddress = (PVOID)pci_alloc_consistent(pObj->pci_dev,sizeof(char)*Length, PhysicalAddress);
+
+}
+
+
+// Function for RxDesc Memory allocation.
+void RTMP_AllocateRxDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       *VirtualAddress = (PVOID)pci_alloc_consistent(pObj->pci_dev,sizeof(char)*Length, PhysicalAddress);
+
+}
+
+
+// Function for free allocated Desc Memory.
+void RTMP_FreeDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      PVOID   VirtualAddress,
+       IN      NDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       pci_free_consistent(pObj->pci_dev, Length, VirtualAddress, PhysicalAddress);
+}
+
+
+// Function for TxData DMA Memory allocation.
+void RTMP_AllocateFirstTxBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      UINT    Index,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       *VirtualAddress = (PVOID)pci_alloc_consistent(pObj->pci_dev,sizeof(char)*Length, PhysicalAddress);
+}
+
+
+void RTMP_FreeFirstTxBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       IN      PVOID   VirtualAddress,
+       IN      NDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       pci_free_consistent(pObj->pci_dev, Length, VirtualAddress, PhysicalAddress);
+}
+
+
+/*
+ * FUNCTION: Allocate a common buffer for DMA
+ * ARGUMENTS:
+ *     AdapterHandle:  AdapterHandle
+ *     Length:  Number of bytes to allocate
+ *     Cached:  Whether or not the memory can be cached
+ *     VirtualAddress:  Pointer to memory is returned here
+ *     PhysicalAddress:  Physical address corresponding to virtual address
+ */
+void RTMP_AllocateSharedMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       POS_COOKIE pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       *VirtualAddress = (PVOID)pci_alloc_consistent(pObj->pci_dev,sizeof(char)*Length, PhysicalAddress);
+}
+
+
+/*
+ * FUNCTION: Allocate a packet buffer for DMA
+ * ARGUMENTS:
+ *     AdapterHandle:  AdapterHandle
+ *     Length:  Number of bytes to allocate
+ *     Cached:  Whether or not the memory can be cached
+ *     VirtualAddress:  Pointer to memory is returned here
+ *     PhysicalAddress:  Physical address corresponding to virtual address
+ * Notes:
+ *     Cached is ignored: always cached memory
+ */
+PNDIS_PACKET RTMP_AllocateRxPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress)
+{
+       struct sk_buff *pkt;
+
+       pkt = dev_alloc_skb(Length);
+
+       if (pkt == NULL) {
+               DBGPRINT(RT_DEBUG_ERROR, ("can't allocate rx %ld size packet\n",Length));
+       }
+
+       if (pkt) {
+               RTMP_SET_PACKET_SOURCE(OSPKT_TO_RTPKT(pkt), PKTSRC_NDIS);
+               *VirtualAddress = (PVOID) pkt->data;
+//#ifdef CONFIG_5VT_ENHANCE
+//             *PhysicalAddress = PCI_MAP_SINGLE(pAd, *VirtualAddress, 1600, PCI_DMA_FROMDEVICE);
+//#else
+               *PhysicalAddress = PCI_MAP_SINGLE(pAd, *VirtualAddress, Length,  -1, PCI_DMA_FROMDEVICE);
+//#endif
+       } else {
+               *VirtualAddress = (PVOID) NULL;
+               *PhysicalAddress = (NDIS_PHYSICAL_ADDRESS) NULL;
+       }
+
+       return (PNDIS_PACKET) pkt;
+}
+
+
+VOID Invalid_Remaining_Packet(
+       IN      PRTMP_ADAPTER pAd,
+       IN       ULONG VirtualAddress)
+{
+       NDIS_PHYSICAL_ADDRESS PhysicalAddress;
+
+       PhysicalAddress = PCI_MAP_SINGLE(pAd, (void *)(VirtualAddress+1600), RX_BUFFER_NORMSIZE-1600, -1, PCI_DMA_FROMDEVICE);
+}
+
+
+int RtmpOSIRQRequest(IN struct net_device *net_dev)
+{
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)(RTMP_OS_NETDEV_GET_PRIV(net_dev));
+       int retval = 0;
+
+       ASSERT(pAd);
+
+       if (pAd->infType != RTMP_DEV_INF_RBUS)
+       {
+               POS_COOKIE _pObj = (POS_COOKIE)(pAd->OS_Cookie);
+               RTMP_MSI_ENABLE(pAd);
+               retval = request_irq(_pObj->pci_dev->irq,  rt2860_interrupt, SA_SHIRQ, (net_dev)->name, (net_dev));
+               if (retval != 0)
+                       printk("RT2860: request_irq  ERROR(%d)\n", retval);
+       }
+       else
+       {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
+               if ((retval = request_irq(net_dev->irq, rt2860_interrupt, IRQF_SHARED, net_dev->name ,net_dev)))
+#else
+               if ((retval = request_irq(net_dev->irq,rt2860_interrupt, SA_INTERRUPT, net_dev->name ,net_dev)))
+#endif
+               {
+                       printk("RT2860: request_irq  ERROR(%d)\n", retval);
+               }
+       }
+
+       return retval;
+
+}
+
+
+int RtmpOSIRQRelease(IN struct net_device *net_dev)
+{
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER)(RTMP_OS_NETDEV_GET_PRIV(net_dev));
+
+       ASSERT(pAd);
+       if (pAd->infType != RTMP_DEV_INF_RBUS)
+       {
+               POS_COOKIE pObj = (POS_COOKIE)(pAd->OS_Cookie);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+               synchronize_irq(pObj->pci_dev->irq);
+#endif
+               free_irq(pObj->pci_dev->irq, (net_dev));
+               RTMP_MSI_DISABLE(pAd);
+       }
+       else
+       {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+               synchronize_irq(net_dev->irq);
+#endif
+               free_irq(net_dev->irq, (net_dev));
+       }
+
+       return 0;
+}
+
+
+NDIS_STATUS RtmpNetTaskInit(IN RTMP_ADAPTER *pAd)
+{
+       POS_COOKIE pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       tasklet_init(&pObj->rx_done_task, rx_done_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->mgmt_dma_done_task, mgmt_dma_done_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->ac0_dma_done_task, ac0_dma_done_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->ac1_dma_done_task, ac1_dma_done_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->ac2_dma_done_task, ac2_dma_done_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->ac3_dma_done_task, ac3_dma_done_tasklet, (unsigned long)pAd);
+       /*tasklet_init(&pObj->hcca_dma_done_task, hcca_dma_done_tasklet, (unsigned long)pAd);*/
+       tasklet_init(&pObj->tbtt_task, tbtt_tasklet, (unsigned long)pAd);
+       tasklet_init(&pObj->fifo_statistic_full_task, fifo_statistic_full_tasklet, (unsigned long)pAd);
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+void RtmpNetTaskExit(IN RTMP_ADAPTER *pAd)
+{
+       POS_COOKIE pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       tasklet_kill(&pObj->rx_done_task);
+       tasklet_kill(&pObj->mgmt_dma_done_task);
+       tasklet_kill(&pObj->ac0_dma_done_task);
+       tasklet_kill(&pObj->ac1_dma_done_task);
+       tasklet_kill(&pObj->ac2_dma_done_task);
+       tasklet_kill(&pObj->ac3_dma_done_task);
+       /*tasklet_kill(&pObj->hcca_dma_done_task);*/
+       tasklet_kill(&pObj->tbtt_task);
+       tasklet_kill(&pObj->fifo_statistic_full_task);
+}
+
+
+NDIS_STATUS RtmpMgmtTaskInit(IN RTMP_ADAPTER *pAd)
+{
+
+
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+/*
+========================================================================
+Routine Description:
+    Close kernel threads.
+
+Arguments:
+       *pAd                            the raxx interface data pointer
+
+Return Value:
+    NONE
+
+Note:
+========================================================================
+*/
+VOID RtmpMgmtTaskExit(
+       IN RTMP_ADAPTER *pAd)
+{
+
+
+       return;
+}
+
+
+static inline void rt2860_int_enable(PRTMP_ADAPTER pAd, unsigned int mode)
+{
+       u32 regValue;
+
+       pAd->int_disable_mask &= ~(mode);
+       regValue = pAd->int_enable_reg & ~(pAd->int_disable_mask);
+       //if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+       {
+               RTMP_IO_WRITE32(pAd, INT_MASK_CSR, regValue);     // 1:enable
+       }
+       //else
+       //      DBGPRINT(RT_DEBUG_TRACE, ("fOP_STATUS_DOZE !\n"));
+
+       if (regValue != 0)
+               RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_ACTIVE);
+}
+
+
+static inline void rt2860_int_disable(PRTMP_ADAPTER pAd, unsigned int mode)
+{
+       u32 regValue;
+
+       pAd->int_disable_mask |= mode;
+       regValue =      pAd->int_enable_reg & ~(pAd->int_disable_mask);
+       RTMP_IO_WRITE32(pAd, INT_MASK_CSR, regValue);     // 0: disable
+
+       if (regValue == 0)
+       {
+               RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_ACTIVE);
+       }
+}
+
+
+/***************************************************************************
+  *
+  *    tasklet related procedures.
+  *
+  **************************************************************************/
+static void mgmt_dma_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+    INT_SOURCE_CSR_STRUC       IntSource;
+       POS_COOKIE pObj;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+//     printk("mgmt_dma_done_process\n");
+       IntSource.word = 0;
+       IntSource.field.MgmtDmaDone = 1;
+       pAd->int_pending &= ~INT_MGMT_DLY;
+
+       RTMPHandleMgmtRingDmaDoneInterrupt(pAd);
+
+       // if you use RTMP_SEM_LOCK, sometimes kernel will hang up, no any
+       // bug report output
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid lose of interrupts
+        */
+       if (pAd->int_pending & INT_MGMT_DLY)
+       {
+               tasklet_hi_schedule(&pObj->mgmt_dma_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable TxDataInt again */
+       rt2860_int_enable(pAd, INT_MGMT_DLY);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+}
+
+
+static void rx_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+       BOOLEAN bReschedule = 0;
+       POS_COOKIE pObj;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+#ifdef UAPSD_AP_SUPPORT
+       UAPSD_TIMING_RECORD(pAd, UAPSD_TIMING_RECORD_TASKLET);
+#endif // UAPSD_AP_SUPPORT //
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       pAd->int_pending &= ~(INT_RX);
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               bReschedule = STARxDoneInterruptHandle(pAd, 0);
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef UAPSD_AP_SUPPORT
+       UAPSD_TIMING_RECORD_STOP();
+#endif // UAPSD_AP_SUPPORT //
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid rotting packet
+        */
+       if (pAd->int_pending & INT_RX || bReschedule)
+       {
+               tasklet_hi_schedule(&pObj->rx_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable RxINT again */
+       rt2860_int_enable(pAd, INT_RX);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+
+}
+
+
+void fifo_statistic_full_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+       POS_COOKIE pObj;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       pAd->int_pending &= ~(FifoStaFullInt);
+       NICUpdateFifoStaCounters(pAd);
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid rotting packet
+        */
+       if (pAd->int_pending & FifoStaFullInt)
+       {
+               tasklet_hi_schedule(&pObj->fifo_statistic_full_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable RxINT again */
+
+       rt2860_int_enable(pAd, FifoStaFullInt);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+
+}
+
+
+
+
+static void ac3_dma_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+    INT_SOURCE_CSR_STRUC       IntSource;
+       POS_COOKIE pObj;
+       BOOLEAN bReschedule = 0;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+//     printk("ac0_dma_done_process\n");
+       IntSource.word = 0;
+       IntSource.field.Ac3DmaDone = 1;
+       pAd->int_pending &= ~INT_AC3_DLY;
+
+       bReschedule = RTMPHandleTxRingDmaDoneInterrupt(pAd, IntSource);
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid lose of interrupts
+        */
+       if ((pAd->int_pending & INT_AC3_DLY) || bReschedule)
+       {
+               tasklet_hi_schedule(&pObj->ac3_dma_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable TxDataInt again */
+       rt2860_int_enable(pAd, INT_AC3_DLY);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+}
+
+
+static void ac2_dma_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+    INT_SOURCE_CSR_STRUC       IntSource;
+       POS_COOKIE pObj;
+       BOOLEAN bReschedule = 0;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+       IntSource.word = 0;
+       IntSource.field.Ac2DmaDone = 1;
+       pAd->int_pending &= ~INT_AC2_DLY;
+
+       bReschedule = RTMPHandleTxRingDmaDoneInterrupt(pAd, IntSource);
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+
+       /*
+        * double check to avoid lose of interrupts
+        */
+       if ((pAd->int_pending & INT_AC2_DLY) || bReschedule)
+       {
+               tasklet_hi_schedule(&pObj->ac2_dma_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable TxDataInt again */
+       rt2860_int_enable(pAd, INT_AC2_DLY);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+}
+
+
+static void ac1_dma_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+    INT_SOURCE_CSR_STRUC       IntSource;
+       POS_COOKIE pObj;
+       BOOLEAN bReschedule = 0;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+    pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+//     printk("ac0_dma_done_process\n");
+       IntSource.word = 0;
+       IntSource.field.Ac1DmaDone = 1;
+       pAd->int_pending &= ~INT_AC1_DLY;
+
+       bReschedule = RTMPHandleTxRingDmaDoneInterrupt(pAd, IntSource);
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid lose of interrupts
+        */
+       if ((pAd->int_pending & INT_AC1_DLY) || bReschedule)
+       {
+               tasklet_hi_schedule(&pObj->ac1_dma_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable TxDataInt again */
+       rt2860_int_enable(pAd, INT_AC1_DLY);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+}
+
+
+static void ac0_dma_done_tasklet(unsigned long data)
+{
+       unsigned long flags;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) data;
+       INT_SOURCE_CSR_STRUC    IntSource;
+       POS_COOKIE pObj;
+       BOOLEAN bReschedule = 0;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+//     printk("ac0_dma_done_process\n");
+       IntSource.word = 0;
+       IntSource.field.Ac0DmaDone = 1;
+       pAd->int_pending &= ~INT_AC0_DLY;
+
+//     RTMPHandleMgmtRingDmaDoneInterrupt(pAd);
+       bReschedule = RTMPHandleTxRingDmaDoneInterrupt(pAd, IntSource);
+
+       RTMP_INT_LOCK(&pAd->irq_lock, flags);
+       /*
+        * double check to avoid lose of interrupts
+        */
+       if ((pAd->int_pending & INT_AC0_DLY) || bReschedule)
+       {
+               tasklet_hi_schedule(&pObj->ac0_dma_done_task);
+               RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+               return;
+       }
+
+       /* enable TxDataInt again */
+       rt2860_int_enable(pAd, INT_AC0_DLY);
+       RTMP_INT_UNLOCK(&pAd->irq_lock, flags);
+}
+
+
+
+
+/***************************************************************************
+  *
+  *    interrupt handler related procedures.
+  *
+  **************************************************************************/
+int print_int_count;
+
+IRQ_HANDLE_TYPE
+#if (LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,19))
+rt2860_interrupt(int irq, void *dev_instance)
+#else
+rt2860_interrupt(int irq, void *dev_instance, struct pt_regs *regs)
+#endif
+{
+       struct net_device *net_dev = (struct net_device *) dev_instance;
+       PRTMP_ADAPTER pAd = (PRTMP_ADAPTER) RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       INT_SOURCE_CSR_STRUC    IntSource;
+       POS_COOKIE pObj;
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+
+       /* Note 03312008: we can not return here before
+               RTMP_IO_READ32(pAd, INT_SOURCE_CSR, &IntSource.word);
+               RTMP_IO_WRITE32(pAd, INT_SOURCE_CSR, IntSource.word);
+               Or kernel will panic after ifconfig ra0 down sometimes */
+
+
+       //
+       // Inital the Interrupt source.
+       //
+       IntSource.word = 0x00000000L;
+//     McuIntSource.word = 0x00000000L;
+
+       //
+       // Get the interrupt sources & saved to local variable
+       //
+       //RTMP_IO_READ32(pAd, where, &McuIntSource.word);
+       //RTMP_IO_WRITE32(pAd, , McuIntSource.word);
+
+       //
+       // Flag fOP_STATUS_DOZE On, means ASIC put to sleep, elase means ASICK WakeUp
+       // And at the same time, clock maybe turned off that say there is no DMA service.
+       // when ASIC get to sleep.
+       // To prevent system hang on power saving.
+       // We need to check it before handle the INT_SOURCE_CSR, ASIC must be wake up.
+       //
+       // RT2661 => when ASIC is sleeping, MAC register cannot be read and written.
+       // RT2860 => when ASIC is sleeping, MAC register can be read and written.
+//     if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+       {
+               RTMP_IO_READ32(pAd, INT_SOURCE_CSR, &IntSource.word);
+               RTMP_IO_WRITE32(pAd, INT_SOURCE_CSR, IntSource.word); // write 1 to clear
+       }
+//     else
+//             DBGPRINT(RT_DEBUG_TRACE, (">>>fOP_STATUS_DOZE<<<\n"));
+
+//     RTMP_IO_READ32(pAd, INT_SOURCE_CSR, &IsrAfterClear);
+//     RTMP_IO_READ32(pAd, MCU_INT_SOURCE_CSR, &McuIsrAfterClear);
+//     DBGPRINT(RT_DEBUG_INFO, ("====> RTMPHandleInterrupt(ISR=%08x,Mcu ISR=%08x, After clear ISR=%08x, MCU ISR=%08x)\n",
+//                     IntSource.word, McuIntSource.word, IsrAfterClear, McuIsrAfterClear));
+
+       // Do nothing if Reset in progress
+       if (RTMP_TEST_FLAG(pAd, (fRTMP_ADAPTER_RESET_IN_PROGRESS |fRTMP_ADAPTER_HALT_IN_PROGRESS)))
+       {
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+        return  IRQ_HANDLED;
+#else
+        return;
+#endif
+       }
+
+       //
+       // Handle interrupt, walk through all bits
+       // Should start from highest priority interrupt
+       // The priority can be adjust by altering processing if statement
+       //
+
+#ifdef DBG
+
+#endif
+
+
+       pAd->bPCIclkOff = FALSE;
+
+       // If required spinlock, each interrupt service routine has to acquire
+       // and release itself.
+       //
+
+       // Do nothing if NIC doesn't exist
+       if (IntSource.word == 0xffffffff)
+       {
+               RTMP_SET_FLAG(pAd, (fRTMP_ADAPTER_NIC_NOT_EXIST | fRTMP_ADAPTER_HALT_IN_PROGRESS));
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+        return  IRQ_HANDLED;
+#else
+        return;
+#endif
+       }
+
+       if (IntSource.word & TxCoherent)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, (">>>TxCoherent<<<\n"));
+               RTMPHandleRxCoherentInterrupt(pAd);
+       }
+
+       if (IntSource.word & RxCoherent)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, (">>>RxCoherent<<<\n"));
+               RTMPHandleRxCoherentInterrupt(pAd);
+       }
+
+       if (IntSource.word & FifoStaFullInt)
+       {
+               if ((pAd->int_disable_mask & FifoStaFullInt) == 0)
+               {
+                       /* mask FifoStaFullInt */
+                       rt2860_int_disable(pAd, FifoStaFullInt);
+                       tasklet_hi_schedule(&pObj->fifo_statistic_full_task);
+               }
+               pAd->int_pending |= FifoStaFullInt;
+       }
+
+       if (IntSource.word & INT_MGMT_DLY)
+       {
+               if ((pAd->int_disable_mask & INT_MGMT_DLY) ==0 )
+               {
+                       rt2860_int_disable(pAd, INT_MGMT_DLY);
+                       tasklet_hi_schedule(&pObj->mgmt_dma_done_task);
+               }
+               pAd->int_pending |= INT_MGMT_DLY ;
+       }
+
+       if (IntSource.word & INT_RX)
+       {
+               if ((pAd->int_disable_mask & INT_RX) == 0)
+               {
+
+                       /* mask RxINT */
+                       rt2860_int_disable(pAd, INT_RX);
+                       tasklet_hi_schedule(&pObj->rx_done_task);
+               }
+               pAd->int_pending |= INT_RX;
+       }
+
+
+       if (IntSource.word & INT_AC3_DLY)
+       {
+
+               if ((pAd->int_disable_mask & INT_AC3_DLY) == 0)
+               {
+                       /* mask TxDataInt */
+                       rt2860_int_disable(pAd, INT_AC3_DLY);
+                       tasklet_hi_schedule(&pObj->ac3_dma_done_task);
+               }
+               pAd->int_pending |= INT_AC3_DLY;
+       }
+
+       if (IntSource.word & INT_AC2_DLY)
+       {
+
+               if ((pAd->int_disable_mask & INT_AC2_DLY) == 0)
+               {
+                       /* mask TxDataInt */
+                       rt2860_int_disable(pAd, INT_AC2_DLY);
+                       tasklet_hi_schedule(&pObj->ac2_dma_done_task);
+               }
+               pAd->int_pending |= INT_AC2_DLY;
+       }
+
+       if (IntSource.word & INT_AC1_DLY)
+       {
+
+               pAd->int_pending |= INT_AC1_DLY;
+
+               if ((pAd->int_disable_mask & INT_AC1_DLY) == 0)
+               {
+                       /* mask TxDataInt */
+                       rt2860_int_disable(pAd, INT_AC1_DLY);
+                       tasklet_hi_schedule(&pObj->ac1_dma_done_task);
+               }
+
+       }
+
+       if (IntSource.word & INT_AC0_DLY)
+       {
+
+/*
+               if (IntSource.word & 0x2) {
+                       u32 reg;
+                       RTMP_IO_READ32(pAd, DELAY_INT_CFG, &reg);
+                       printk("IntSource.word = %08x, DELAY_REG = %08x\n", IntSource.word, reg);
+               }
+*/
+               pAd->int_pending |= INT_AC0_DLY;
+
+               if ((pAd->int_disable_mask & INT_AC0_DLY) == 0)
+               {
+                       /* mask TxDataInt */
+                       rt2860_int_disable(pAd, INT_AC0_DLY);
+                       tasklet_hi_schedule(&pObj->ac0_dma_done_task);
+               }
+
+       }
+
+
+       if (IntSource.word & PreTBTTInt)
+       {
+               RTMPHandlePreTBTTInterrupt(pAd);
+       }
+
+       if (IntSource.word & TBTTInt)
+       {
+               RTMPHandleTBTTInterrupt(pAd);
+       }
+
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+       IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+       {
+               if (IntSource.word & AutoWakeupInt)
+                       RTMPHandleTwakeupInterrupt(pAd);
+       }
+#endif // CONFIG_STA_SUPPORT //
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+       return  IRQ_HANDLED;
+#endif
+
+}
+
+/*
+ * invaild or writeback cache
+ * and convert virtual address to physical address
+ */
+dma_addr_t linux_pci_map_single(void *handle, void *ptr, size_t size, int sd_idx, int direction)
+{
+       PRTMP_ADAPTER pAd;
+       POS_COOKIE pObj;
+
+       /*
+               ------ Porting Information ------
+               > For Tx Alloc:
+                       mgmt packets => sd_idx = 0
+                       SwIdx: pAd->MgmtRing.TxCpuIdx
+                       pTxD : pAd->MgmtRing.Cell[SwIdx].AllocVa;
+
+                       data packets => sd_idx = 1
+                       TxIdx : pAd->TxRing[pTxBlk->QueIdx].TxCpuIdx
+                       QueIdx: pTxBlk->QueIdx
+                       pTxD  : pAd->TxRing[pTxBlk->QueIdx].Cell[TxIdx].AllocVa;
+
+               > For Rx Alloc:
+                       sd_idx = -1
+       */
+
+       pAd = (PRTMP_ADAPTER)handle;
+       pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       if (sd_idx == 1)
+       {
+               PTX_BLK         pTxBlk;
+               pTxBlk = (PTX_BLK)ptr;
+               return pci_map_single(pObj->pci_dev, pTxBlk->pSrcBufData, pTxBlk->SrcBufLen, direction);
+       }
+       else
+       {
+               return pci_map_single(pObj->pci_dev, ptr, size, direction);
+       }
+
+}
+
+void linux_pci_unmap_single(void *handle, dma_addr_t dma_addr, size_t size, int direction)
+{
+       PRTMP_ADAPTER pAd;
+       POS_COOKIE pObj;
+
+       pAd=(PRTMP_ADAPTER)handle;
+       pObj = (POS_COOKIE)pAd->OS_Cookie;
+
+       pci_unmap_single(pObj->pci_dev, dma_addr, size, direction);
+
+}
diff --git a/drivers/staging/rt3090/rt_profile.c b/drivers/staging/rt3090/rt_profile.c
new file mode 100644 (file)
index 0000000..49a0590
--- /dev/null
@@ -0,0 +1,101 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rt_profile.c
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#include "rt_config.h"
+
+
+NDIS_STATUS    RTMPReadParametersHook(
+       IN      PRTMP_ADAPTER pAd)
+{
+       PSTRING                                 src = NULL;
+       RTMP_OS_FD                              srcf;
+       RTMP_OS_FS_INFO                 osFSInfo;
+       INT                                             retval = NDIS_STATUS_FAILURE;
+       PSTRING                                 buffer;
+
+       buffer = kmalloc(MAX_INI_BUFFER_SIZE, MEM_ALLOC_FLAG);
+       if(buffer == NULL)
+               return NDIS_STATUS_FAILURE;
+       memset(buffer, 0x00, MAX_INI_BUFFER_SIZE);
+
+       {
+
+#ifdef CONFIG_STA_SUPPORT
+               IF_DEV_CONFIG_OPMODE_ON_STA(pAd)
+               {
+                       src = STA_PROFILE_PATH;
+               }
+#endif // CONFIG_STA_SUPPORT //
+#ifdef MULTIPLE_CARD_SUPPORT
+               src = (PSTRING)pAd->MC_FileName;
+#endif // MULTIPLE_CARD_SUPPORT //
+       }
+
+       if (src && *src)
+       {
+               RtmpOSFSInfoChange(&osFSInfo, TRUE);
+               srcf = RtmpOSFileOpen(src, O_RDONLY, 0);
+               if (IS_FILE_OPEN_ERR(srcf))
+               {
+                       DBGPRINT(RT_DEBUG_ERROR, ("Open file \"%s\" failed!\n", src));
+               }
+               else
+               {
+                       retval =RtmpOSFileRead(srcf, buffer, MAX_INI_BUFFER_SIZE);
+                       if (retval > 0)
+                       {
+                               RTMPSetProfileParameters(pAd, buffer);
+                               retval = NDIS_STATUS_SUCCESS;
+                       }
+                       else
+                               DBGPRINT(RT_DEBUG_ERROR, ("Read file \"%s\" failed(errCode=%d)!\n", src, retval));
+
+                       retval = RtmpOSFileClose(srcf);
+                       if ( retval != 0)
+                       {
+                               retval = NDIS_STATUS_FAILURE;
+                               DBGPRINT(RT_DEBUG_ERROR, ("Close file \"%s\" failed(errCode=%d)!\n", src, retval));
+                       }
+               }
+
+               RtmpOSFSInfoChange(&osFSInfo, FALSE);
+       }
+
+       kfree(buffer);
+
+       return (retval);
+
+}
diff --git a/drivers/staging/rt3090/rtmp.h b/drivers/staging/rt3090/rtmp.h
new file mode 100644 (file)
index 0000000..8ef6d0b
--- /dev/null
@@ -0,0 +1,6873 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rtmp.h
+
+    Abstract:
+    Miniport generic portion header file
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Paul Lin    2002-08-01    created
+    James Tan   2002-09-06    modified (Revise NTCRegTable)
+    John Chang  2004-09-06    modified for RT2600
+*/
+#ifndef __RTMP_H__
+#define __RTMP_H__
+
+#include "link_list.h"
+#include "spectrum_def.h"
+
+#include "rtmp_dot11.h"
+
+#ifdef MLME_EX
+#include "mlme_ex_def.h"
+#endif // MLME_EX //
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+#undef AP_WSC_INCLUDED
+#undef STA_WSC_INCLUDED
+#undef WSC_INCLUDED
+
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+#if defined(AP_WSC_INCLUDED) || defined(STA_WSC_INCLUDED)
+#define WSC_INCLUDED
+#endif
+
+
+
+
+
+#include "rtmp_chip.h"
+
+
+
+typedef struct _RTMP_ADAPTER           RTMP_ADAPTER;
+typedef struct _RTMP_ADAPTER           *PRTMP_ADAPTER;
+
+typedef struct _RTMP_CHIP_OP_ RTMP_CHIP_OP;
+
+
+//#define DBG          1
+
+//#define DBG_DIAGNOSE         1
+
+
+//+++Add by shiang for merge MiniportMMRequest() and MiniportDataMMRequest() into one function
+#define MAX_DATAMM_RETRY       3
+#define MGMT_USE_QUEUE_FLAG    0x80
+//---Add by shiang for merge MiniportMMRequest() and MiniportDataMMRequest() into one function
+
+#define        MAXSEQ          (0xFFF)
+
+
+#if defined(CONFIG_AP_SUPPORT) && defined(CONFIG_STA_SUPPORT)
+#define IF_DEV_CONFIG_OPMODE_ON_AP(_pAd)       if(_pAd->OpMode == OPMODE_AP)
+#define IF_DEV_CONFIG_OPMODE_ON_STA(_pAd)      if(_pAd->OpMode == OPMODE_STA)
+#else
+#define IF_DEV_CONFIG_OPMODE_ON_AP(_pAd)
+#define IF_DEV_CONFIG_OPMODE_ON_STA(_pAd)
+#endif
+
+extern  unsigned char   SNAP_AIRONET[];
+extern  unsigned char   CISCO_OUI[];
+extern  UCHAR  BaSizeArray[4];
+
+extern UCHAR BROADCAST_ADDR[MAC_ADDR_LEN];
+extern UCHAR ZERO_MAC_ADDR[MAC_ADDR_LEN];
+extern ULONG BIT32[32];
+extern UCHAR BIT8[8];
+extern char* CipherName[];
+extern char* MCSToMbps[];
+extern UCHAR    RxwiMCSToOfdmRate[12];
+extern UCHAR SNAP_802_1H[6];
+extern UCHAR SNAP_BRIDGE_TUNNEL[6];
+extern UCHAR SNAP_AIRONET[8];
+extern UCHAR CKIP_LLC_SNAP[8];
+extern UCHAR EAPOL_LLC_SNAP[8];
+extern UCHAR EAPOL[2];
+extern UCHAR IPX[2];
+extern UCHAR APPLE_TALK[2];
+extern UCHAR RateIdToPlcpSignal[12]; // see IEEE802.11a-1999 p.14
+extern UCHAR    OfdmRateToRxwiMCS[];
+extern UCHAR OfdmSignalToRateId[16] ;
+extern UCHAR default_cwmin[4];
+extern UCHAR default_cwmax[4];
+extern UCHAR default_sta_aifsn[4];
+extern UCHAR MapUserPriorityToAccessCategory[8];
+
+extern USHORT RateUpPER[];
+extern USHORT RateDownPER[];
+extern UCHAR  Phy11BNextRateDownward[];
+extern UCHAR  Phy11BNextRateUpward[];
+extern UCHAR  Phy11BGNextRateDownward[];
+extern UCHAR  Phy11BGNextRateUpward[];
+extern UCHAR  Phy11ANextRateDownward[];
+extern UCHAR  Phy11ANextRateUpward[];
+extern CHAR   RssiSafeLevelForTxRate[];
+extern UCHAR  RateIdToMbps[];
+extern USHORT RateIdTo500Kbps[];
+
+extern UCHAR  CipherSuiteWpaNoneTkip[];
+extern UCHAR  CipherSuiteWpaNoneTkipLen;
+
+extern UCHAR  CipherSuiteWpaNoneAes[];
+extern UCHAR  CipherSuiteWpaNoneAesLen;
+
+extern UCHAR  SsidIe;
+extern UCHAR  SupRateIe;
+extern UCHAR  ExtRateIe;
+
+#ifdef DOT11_N_SUPPORT
+extern UCHAR  HtCapIe;
+extern UCHAR  AddHtInfoIe;
+extern UCHAR  NewExtChanIe;
+#ifdef DOT11N_DRAFT3
+extern UCHAR  ExtHtCapIe;
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+extern UCHAR  ErpIe;
+extern UCHAR  DsIe;
+extern UCHAR  TimIe;
+extern UCHAR  WpaIe;
+extern UCHAR  Wpa2Ie;
+extern UCHAR  IbssIe;
+extern UCHAR  Ccx2Ie;
+extern UCHAR  WapiIe;
+
+extern UCHAR  WPA_OUI[];
+extern UCHAR  RSN_OUI[];
+extern UCHAR  WAPI_OUI[];
+extern UCHAR  WME_INFO_ELEM[];
+extern UCHAR  WME_PARM_ELEM[];
+extern UCHAR  Ccx2QosInfo[];
+extern UCHAR  Ccx2IeInfo[];
+extern UCHAR  RALINK_OUI[];
+extern UCHAR  PowerConstraintIE[];
+
+
+extern UCHAR  RateSwitchTable[];
+extern UCHAR  RateSwitchTable11B[];
+extern UCHAR  RateSwitchTable11G[];
+extern UCHAR  RateSwitchTable11BG[];
+
+#ifdef DOT11_N_SUPPORT
+extern UCHAR  RateSwitchTable11BGN1S[];
+extern UCHAR  RateSwitchTable11BGN2S[];
+extern UCHAR  RateSwitchTable11BGN2SForABand[];
+extern UCHAR  RateSwitchTable11N1S[];
+extern UCHAR  RateSwitchTable11N2S[];
+extern UCHAR  RateSwitchTable11N2SForABand[];
+
+#ifdef CONFIG_STA_SUPPORT
+extern UCHAR  PRE_N_HT_OUI[];
+#endif // CONFIG_STA_SUPPORT //
+#endif // DOT11_N_SUPPORT //
+
+
+#ifdef RALINK_ATE
+typedef        struct _ATE_INFO {
+       UCHAR   Mode;
+       CHAR    TxPower0;
+       CHAR    TxPower1;
+       CHAR    TxAntennaSel;
+       CHAR    RxAntennaSel;
+       TXWI_STRUC  TxWI;         // TXWI
+       USHORT  QID;
+       UCHAR   Addr1[MAC_ADDR_LEN];
+       UCHAR   Addr2[MAC_ADDR_LEN];
+       UCHAR   Addr3[MAC_ADDR_LEN];
+       UCHAR   Channel;
+       UINT32  TxLength;
+       UINT32  TxCount;
+       UINT32  TxDoneCount; // Tx DMA Done
+       UINT32  RFFreqOffset;
+       BOOLEAN bRxFER;         // Show Rx Frame Error Rate
+       BOOLEAN bQATxStart; // Have compiled QA in and use it to ATE tx.
+       BOOLEAN bQARxStart;     // Have compiled QA in and use it to ATE rx.
+#ifdef RTMP_MAC_PCI
+       BOOLEAN bFWLoading;     // Reload firmware when ATE is done.
+#endif // RTMP_MAC_PCI //
+       UINT32  RxTotalCnt;
+       UINT32  RxCntPerSec;
+
+       CHAR    LastSNR0;             // last received SNR
+       CHAR    LastSNR1;             // last received SNR for 2nd  antenna
+       CHAR    LastRssi0;            // last received RSSI
+       CHAR    LastRssi1;            // last received RSSI for 2nd  antenna
+       CHAR    LastRssi2;            // last received RSSI for 3rd  antenna
+       CHAR    AvgRssi0;             // last 8 frames' average RSSI
+       CHAR    AvgRssi1;             // last 8 frames' average RSSI
+       CHAR    AvgRssi2;             // last 8 frames' average RSSI
+       SHORT   AvgRssi0X8;           // sum of last 8 frames' RSSI
+       SHORT   AvgRssi1X8;           // sum of last 8 frames' RSSI
+       SHORT   AvgRssi2X8;           // sum of last 8 frames' RSSI
+
+       UINT32  NumOfAvgRssiSample;
+
+
+#ifdef RALINK_28xx_QA
+       // Tx frame
+       USHORT          HLen; // Header Length
+       USHORT          PLen; // Pattern Length
+       UCHAR           Header[32]; // Header buffer
+       UCHAR           Pattern[32]; // Pattern buffer
+       USHORT          DLen; // Data Length
+       USHORT          seq;
+       UINT32          CID;
+       RTMP_OS_PID     AtePid;
+       // counters
+       UINT32          U2M;
+       UINT32          OtherData;
+       UINT32          Beacon;
+       UINT32          OtherCount;
+       UINT32          TxAc0;
+       UINT32          TxAc1;
+       UINT32          TxAc2;
+       UINT32          TxAc3;
+       /*UINT32                TxHCCA;*/
+       UINT32          TxMgmt;
+       UINT32          RSSI0;
+       UINT32          RSSI1;
+       UINT32          RSSI2;
+       UINT32          SNR0;
+       UINT32          SNR1;
+       // TxStatus : 0 --> task is idle, 1 --> task is running
+       UCHAR           TxStatus;
+#endif // RALINK_28xx_QA //
+}      ATE_INFO, *PATE_INFO;
+
+#ifdef RALINK_28xx_QA
+struct ate_racfghdr {
+       UINT32          magic_no;
+       USHORT          command_type;
+       USHORT          command_id;
+       USHORT          length;
+       USHORT          sequence;
+       USHORT          status;
+       UCHAR           data[2046];
+}  __attribute__((packed));
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+
+typedef struct _RSSI_SAMPLE {
+       CHAR                    LastRssi0;             // last received RSSI
+       CHAR                    LastRssi1;             // last received RSSI
+       CHAR                    LastRssi2;             // last received RSSI
+       CHAR                    AvgRssi0;
+       CHAR                    AvgRssi1;
+       CHAR                    AvgRssi2;
+       SHORT                   AvgRssi0X8;
+       SHORT                   AvgRssi1X8;
+       SHORT                   AvgRssi2X8;
+} RSSI_SAMPLE;
+
+//
+//  Queue structure and macros
+//
+typedef struct  _QUEUE_ENTRY    {
+       struct _QUEUE_ENTRY     *Next;
+}   QUEUE_ENTRY, *PQUEUE_ENTRY;
+
+// Queue structure
+typedef struct  _QUEUE_HEADER   {
+       PQUEUE_ENTRY    Head;
+       PQUEUE_ENTRY    Tail;
+       ULONG           Number;
+}   QUEUE_HEADER, *PQUEUE_HEADER;
+
+#define InitializeQueueHeader(QueueHeader)              \
+{                                                       \
+       (QueueHeader)->Head = (QueueHeader)->Tail = NULL;   \
+       (QueueHeader)->Number = 0;                          \
+}
+
+#define RemoveHeadQueue(QueueHeader)                \
+(QueueHeader)->Head;                                \
+{                                                   \
+       PQUEUE_ENTRY pNext;                             \
+       if ((QueueHeader)->Head != NULL)                                \
+       {                                                                                               \
+               pNext = (QueueHeader)->Head->Next;          \
+               (QueueHeader)->Head->Next = NULL;               \
+               (QueueHeader)->Head = pNext;                \
+               if (pNext == NULL)                          \
+                       (QueueHeader)->Tail = NULL;             \
+               (QueueHeader)->Number--;                    \
+       }                                                                                               \
+}
+
+#define InsertHeadQueue(QueueHeader, QueueEntry)            \
+{                                                           \
+               ((PQUEUE_ENTRY)QueueEntry)->Next = (QueueHeader)->Head; \
+               (QueueHeader)->Head = (PQUEUE_ENTRY)(QueueEntry);       \
+               if ((QueueHeader)->Tail == NULL)                        \
+                       (QueueHeader)->Tail = (PQUEUE_ENTRY)(QueueEntry);   \
+               (QueueHeader)->Number++;                                \
+}
+
+#define InsertTailQueue(QueueHeader, QueueEntry)                               \
+{                                                               \
+       ((PQUEUE_ENTRY)QueueEntry)->Next = NULL;                    \
+       if ((QueueHeader)->Tail)                                    \
+               (QueueHeader)->Tail->Next = (PQUEUE_ENTRY)(QueueEntry); \
+       else                                                        \
+               (QueueHeader)->Head = (PQUEUE_ENTRY)(QueueEntry);       \
+       (QueueHeader)->Tail = (PQUEUE_ENTRY)(QueueEntry);           \
+       (QueueHeader)->Number++;                                    \
+}
+
+#define InsertTailQueueAc(pAd, pEntry, QueueHeader, QueueEntry)                        \
+{                                                                                                                                              \
+       ((PQUEUE_ENTRY)QueueEntry)->Next = NULL;                                                        \
+       if ((QueueHeader)->Tail)                                                                                        \
+               (QueueHeader)->Tail->Next = (PQUEUE_ENTRY)(QueueEntry);                 \
+       else                                                                                                                            \
+               (QueueHeader)->Head = (PQUEUE_ENTRY)(QueueEntry);                               \
+       (QueueHeader)->Tail = (PQUEUE_ENTRY)(QueueEntry);                                       \
+       (QueueHeader)->Number++;                                                                                        \
+}
+
+
+
+//
+//  Macros for flag and ref count operations
+//
+#define RTMP_SET_FLAG(_M, _F)       ((_M)->Flags |= (_F))
+#define RTMP_CLEAR_FLAG(_M, _F)     ((_M)->Flags &= ~(_F))
+#define RTMP_CLEAR_FLAGS(_M)        ((_M)->Flags = 0)
+#define RTMP_TEST_FLAG(_M, _F)      (((_M)->Flags & (_F)) != 0)
+#define RTMP_TEST_FLAGS(_M, _F)     (((_M)->Flags & (_F)) == (_F))
+// Macro for power save flag.
+#define RTMP_SET_PSFLAG(_M, _F)       ((_M)->PSFlags |= (_F))
+#define RTMP_CLEAR_PSFLAG(_M, _F)     ((_M)->PSFlags &= ~(_F))
+#define RTMP_CLEAR_PSFLAGS(_M)        ((_M)->PSFlags = 0)
+#define RTMP_TEST_PSFLAG(_M, _F)      (((_M)->PSFlags & (_F)) != 0)
+#define RTMP_TEST_PSFLAGS(_M, _F)     (((_M)->PSFlags & (_F)) == (_F))
+
+#define OPSTATUS_SET_FLAG(_pAd, _F)     ((_pAd)->CommonCfg.OpStatusFlags |= (_F))
+#define OPSTATUS_CLEAR_FLAG(_pAd, _F)   ((_pAd)->CommonCfg.OpStatusFlags &= ~(_F))
+#define OPSTATUS_TEST_FLAG(_pAd, _F)    (((_pAd)->CommonCfg.OpStatusFlags & (_F)) != 0)
+
+#define CLIENT_STATUS_SET_FLAG(_pEntry,_F)      ((_pEntry)->ClientStatusFlags |= (_F))
+#define CLIENT_STATUS_CLEAR_FLAG(_pEntry,_F)    ((_pEntry)->ClientStatusFlags &= ~(_F))
+#define CLIENT_STATUS_TEST_FLAG(_pEntry,_F)     (((_pEntry)->ClientStatusFlags & (_F)) != 0)
+
+#define RX_FILTER_SET_FLAG(_pAd, _F)    ((_pAd)->CommonCfg.PacketFilter |= (_F))
+#define RX_FILTER_CLEAR_FLAG(_pAd, _F)  ((_pAd)->CommonCfg.PacketFilter &= ~(_F))
+#define RX_FILTER_TEST_FLAG(_pAd, _F)   (((_pAd)->CommonCfg.PacketFilter & (_F)) != 0)
+
+#ifdef CONFIG_STA_SUPPORT
+#define STA_NO_SECURITY_ON(_p)          (_p->StaCfg.WepStatus == Ndis802_11EncryptionDisabled)
+#define STA_WEP_ON(_p)                  (_p->StaCfg.WepStatus == Ndis802_11Encryption1Enabled)
+#define STA_TKIP_ON(_p)                 (_p->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
+#define STA_AES_ON(_p)                  (_p->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
+
+#define STA_TGN_WIFI_ON(_p)             (_p->StaCfg.bTGnWifiTest == TRUE)
+#endif // CONFIG_STA_SUPPORT //
+
+#define CKIP_KP_ON(_p)                         ((((_p)->StaCfg.CkipFlag) & 0x10) && ((_p)->StaCfg.bCkipCmicOn == TRUE))
+#define CKIP_CMIC_ON(_p)                       ((((_p)->StaCfg.CkipFlag) & 0x08) && ((_p)->StaCfg.bCkipCmicOn == TRUE))
+
+
+#define INC_RING_INDEX(_idx, _RingSize)    \
+{                                          \
+    (_idx) = (_idx+1) % (_RingSize);       \
+}
+
+
+#ifdef DOT11_N_SUPPORT
+// StaActive.SupportedHtPhy.MCSSet is copied from AP beacon.  Don't need to update here.
+#define COPY_HTSETTINGS_FROM_MLME_AUX_TO_ACTIVE_CFG(_pAd)                                 \
+{                                                                                       \
+       _pAd->StaActive.SupportedHtPhy.ChannelWidth = _pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth;      \
+       _pAd->StaActive.SupportedHtPhy.MimoPs = _pAd->MlmeAux.HtCapability.HtCapInfo.MimoPs;      \
+       _pAd->StaActive.SupportedHtPhy.GF = _pAd->MlmeAux.HtCapability.HtCapInfo.GF;      \
+       _pAd->StaActive.SupportedHtPhy.ShortGIfor20 = _pAd->MlmeAux.HtCapability.HtCapInfo.ShortGIfor20;      \
+       _pAd->StaActive.SupportedHtPhy.ShortGIfor40 = _pAd->MlmeAux.HtCapability.HtCapInfo.ShortGIfor40;      \
+       _pAd->StaActive.SupportedHtPhy.TxSTBC = _pAd->MlmeAux.HtCapability.HtCapInfo.TxSTBC;      \
+       _pAd->StaActive.SupportedHtPhy.RxSTBC = _pAd->MlmeAux.HtCapability.HtCapInfo.RxSTBC;      \
+       _pAd->StaActive.SupportedHtPhy.ExtChanOffset = _pAd->MlmeAux.AddHtInfo.AddHtInfo.ExtChanOffset;      \
+       _pAd->StaActive.SupportedHtPhy.RecomWidth = _pAd->MlmeAux.AddHtInfo.AddHtInfo.RecomWidth;      \
+       _pAd->StaActive.SupportedHtPhy.OperaionMode = _pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode;      \
+       _pAd->StaActive.SupportedHtPhy.NonGfPresent = _pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent;      \
+       NdisMoveMemory((_pAd)->MacTab.Content[BSSID_WCID].HTCapability.MCSSet, (_pAd)->StaActive.SupportedPhyInfo.MCSSet, sizeof(UCHAR) * 16);\
+}
+
+#define COPY_AP_HTSETTINGS_FROM_BEACON(_pAd, _pHtCapability)                                 \
+{                                                                                       \
+       _pAd->MacTab.Content[BSSID_WCID].AMsduSize = (UCHAR)(_pHtCapability->HtCapInfo.AMsduSize);      \
+       _pAd->MacTab.Content[BSSID_WCID].MmpsMode= (UCHAR)(_pHtCapability->HtCapInfo.MimoPs);   \
+       _pAd->MacTab.Content[BSSID_WCID].MaxRAmpduFactor = (UCHAR)(_pHtCapability->HtCapParm.MaxRAmpduFactor);  \
+}
+#endif // DOT11_N_SUPPORT //
+
+//
+// MACRO for 32-bit PCI register read / write
+//
+// Usage : RTMP_IO_READ32(
+//              PRTMP_ADAPTER pAd,
+//              ULONG Register_Offset,
+//              PULONG  pValue)
+//
+//         RTMP_IO_WRITE32(
+//              PRTMP_ADAPTER pAd,
+//              ULONG Register_Offset,
+//              ULONG Value)
+//
+
+
+//
+// Common fragment list structure -  Identical to the scatter gather frag list structure
+//
+//#define RTMP_SCATTER_GATHER_ELEMENT         SCATTER_GATHER_ELEMENT
+//#define PRTMP_SCATTER_GATHER_ELEMENT        PSCATTER_GATHER_ELEMENT
+#define NIC_MAX_PHYS_BUF_COUNT              8
+
+typedef struct _RTMP_SCATTER_GATHER_ELEMENT {
+    PVOID              Address;
+    ULONG              Length;
+    PULONG             Reserved;
+} RTMP_SCATTER_GATHER_ELEMENT, *PRTMP_SCATTER_GATHER_ELEMENT;
+
+
+typedef struct _RTMP_SCATTER_GATHER_LIST {
+    ULONG  NumberOfElements;
+    PULONG Reserved;
+    RTMP_SCATTER_GATHER_ELEMENT Elements[NIC_MAX_PHYS_BUF_COUNT];
+} RTMP_SCATTER_GATHER_LIST, *PRTMP_SCATTER_GATHER_LIST;
+
+
+//
+//  Some utility macros
+//
+#ifndef min
+#define min(_a, _b)     (((_a) < (_b)) ? (_a) : (_b))
+#endif
+
+#ifndef max
+#define max(_a, _b)     (((_a) > (_b)) ? (_a) : (_b))
+#endif
+
+#define GET_LNA_GAIN(_pAd)     ((_pAd->LatchRfRegs.Channel <= 14) ? (_pAd->BLNAGain) : ((_pAd->LatchRfRegs.Channel <= 64) ? (_pAd->ALNAGain0) : ((_pAd->LatchRfRegs.Channel <= 128) ? (_pAd->ALNAGain1) : (_pAd->ALNAGain2))))
+
+#define INC_COUNTER64(Val)          (Val.QuadPart++)
+
+#define INFRA_ON(_p)                (OPSTATUS_TEST_FLAG(_p, fOP_STATUS_INFRA_ON))
+#define ADHOC_ON(_p)                (OPSTATUS_TEST_FLAG(_p, fOP_STATUS_ADHOC_ON))
+#define MONITOR_ON(_p)              (((_p)->StaCfg.BssType) == BSS_MONITOR)
+#define IDLE_ON(_p)                 (!INFRA_ON(_p) && !ADHOC_ON(_p))
+
+// Check LEAP & CCKM flags
+#define LEAP_ON(_p)                 (((_p)->StaCfg.LeapAuthMode) == CISCO_AuthModeLEAP)
+#define LEAP_CCKM_ON(_p)            ((((_p)->StaCfg.LeapAuthMode) == CISCO_AuthModeLEAP) && ((_p)->StaCfg.LeapAuthInfo.CCKM == TRUE))
+
+// if orginal Ethernet frame contains no LLC/SNAP, then an extra LLC/SNAP encap is required
+#define EXTRA_LLCSNAP_ENCAP_FROM_PKT_START(_pBufVA, _pExtraLlcSnapEncap)               \
+{                                                                                                                              \
+       if (((*(_pBufVA + 12) << 8) + *(_pBufVA + 13)) > 1500)          \
+       {                                                                                                                       \
+               _pExtraLlcSnapEncap = SNAP_802_1H;                                              \
+               if (NdisEqualMemory(IPX, _pBufVA + 12, 2) ||                    \
+                       NdisEqualMemory(APPLE_TALK, _pBufVA + 12, 2))           \
+               {                                                                                                               \
+                       _pExtraLlcSnapEncap = SNAP_BRIDGE_TUNNEL;                       \
+               }                                                                                                               \
+       }                                                                                                                       \
+       else                                                                                                            \
+       {                                                                                                                       \
+               _pExtraLlcSnapEncap = NULL;                                                             \
+       }                                                                                                                       \
+}
+
+// New Define for new Tx Path.
+#define EXTRA_LLCSNAP_ENCAP_FROM_PKT_OFFSET(_pBufVA, _pExtraLlcSnapEncap)      \
+{                                                                                                                              \
+       if (((*(_pBufVA) << 8) + *(_pBufVA + 1)) > 1500)                        \
+       {                                                                                                                       \
+               _pExtraLlcSnapEncap = SNAP_802_1H;                                              \
+               if (NdisEqualMemory(IPX, _pBufVA, 2) ||                                 \
+                       NdisEqualMemory(APPLE_TALK, _pBufVA, 2))                        \
+               {                                                                                                               \
+                       _pExtraLlcSnapEncap = SNAP_BRIDGE_TUNNEL;                       \
+               }                                                                                                               \
+       }                                                                                                                       \
+       else                                                                                                            \
+       {                                                                                                                       \
+               _pExtraLlcSnapEncap = NULL;                                                             \
+       }                                                                                                                       \
+}
+
+
+#define MAKE_802_3_HEADER(_p, _pMac1, _pMac2, _pType)                   \
+{                                                                       \
+    NdisMoveMemory(_p, _pMac1, MAC_ADDR_LEN);                           \
+    NdisMoveMemory((_p + MAC_ADDR_LEN), _pMac2, MAC_ADDR_LEN);          \
+    NdisMoveMemory((_p + MAC_ADDR_LEN * 2), _pType, LENGTH_802_3_TYPE); \
+}
+
+// if pData has no LLC/SNAP (neither RFC1042 nor Bridge tunnel), keep it that way.
+// else if the received frame is LLC/SNAP-encaped IPX or APPLETALK, preserve the LLC/SNAP field
+// else remove the LLC/SNAP field from the result Ethernet frame
+// Patch for WHQL only, which did not turn on Netbios but use IPX within its payload
+// Note:
+//     _pData & _DataSize may be altered (remove 8-byte LLC/SNAP) by this MACRO
+//     _pRemovedLLCSNAP: pointer to removed LLC/SNAP; NULL is not removed
+#define CONVERT_TO_802_3(_p8023hdr, _pDA, _pSA, _pData, _DataSize, _pRemovedLLCSNAP)      \
+{                                                                       \
+    char LLC_Len[2];                                                    \
+                                                                        \
+    _pRemovedLLCSNAP = NULL;                                            \
+    if (NdisEqualMemory(SNAP_802_1H, _pData, 6)  ||                     \
+        NdisEqualMemory(SNAP_BRIDGE_TUNNEL, _pData, 6))                 \
+    {                                                                   \
+        PUCHAR pProto = _pData + 6;                                     \
+                                                                        \
+        if ((NdisEqualMemory(IPX, pProto, 2) || NdisEqualMemory(APPLE_TALK, pProto, 2)) &&  \
+            NdisEqualMemory(SNAP_802_1H, _pData, 6))                    \
+        {                                                               \
+            LLC_Len[0] = (UCHAR)(_DataSize / 256);                      \
+            LLC_Len[1] = (UCHAR)(_DataSize % 256);                      \
+            MAKE_802_3_HEADER(_p8023hdr, _pDA, _pSA, LLC_Len);          \
+        }                                                               \
+        else                                                            \
+        {                                                               \
+            MAKE_802_3_HEADER(_p8023hdr, _pDA, _pSA, pProto);           \
+            _pRemovedLLCSNAP = _pData;                                  \
+            _DataSize -= LENGTH_802_1_H;                                \
+            _pData += LENGTH_802_1_H;                                   \
+        }                                                               \
+    }                                                                   \
+    else                                                                \
+    {                                                                   \
+        LLC_Len[0] = (UCHAR)(_DataSize / 256);                          \
+        LLC_Len[1] = (UCHAR)(_DataSize % 256);                          \
+        MAKE_802_3_HEADER(_p8023hdr, _pDA, _pSA, LLC_Len);              \
+    }                                                                   \
+}
+
+
+// Enqueue this frame to MLME engine
+// We need to enqueue the whole frame because MLME need to pass data type
+// information from 802.11 header
+#ifdef RTMP_MAC_PCI
+#define REPORT_MGMT_FRAME_TO_MLME(_pAd, Wcid, _pFrame, _FrameSize, _Rssi0, _Rssi1, _Rssi2, _PlcpSignal)        \
+{                                                                                       \
+    UINT32 High32TSF, Low32TSF;                                                          \
+    RTMP_IO_READ32(_pAd, TSF_TIMER_DW1, &High32TSF);                                       \
+    RTMP_IO_READ32(_pAd, TSF_TIMER_DW0, &Low32TSF);                                        \
+    MlmeEnqueueForRecv(_pAd, Wcid, High32TSF, Low32TSF, (UCHAR)_Rssi0, (UCHAR)_Rssi1,(UCHAR)_Rssi2,_FrameSize, _pFrame, (UCHAR)_PlcpSignal);   \
+}
+#endif // RTMP_MAC_PCI //
+
+#define MAC_ADDR_EQUAL(pAddr1,pAddr2)           RTMPEqualMemory((PVOID)(pAddr1), (PVOID)(pAddr2), MAC_ADDR_LEN)
+#define SSID_EQUAL(ssid1, len1, ssid2, len2)    ((len1==len2) && (RTMPEqualMemory(ssid1, ssid2, len1)))
+
+//
+// Check if it is Japan W53(ch52,56,60,64) channel.
+//
+#define JapanChannelCheck(channel)  ((channel == 52) || (channel == 56) || (channel == 60) || (channel == 64))
+
+#ifdef CONFIG_STA_SUPPORT
+#define STA_EXTRA_SETTING(_pAd)
+
+#define STA_PORT_SECURED(_pAd) \
+{ \
+       BOOLEAN Cancelled; \
+       (_pAd)->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED; \
+       NdisAcquireSpinLock(&((_pAd)->MacTabLock)); \
+       (_pAd)->MacTab.Content[BSSID_WCID].PortSecured = (_pAd)->StaCfg.PortSecured; \
+       (_pAd)->MacTab.Content[BSSID_WCID].PrivacyFilter = Ndis802_11PrivFilterAcceptAll;\
+       NdisReleaseSpinLock(&(_pAd)->MacTabLock); \
+       RTMPCancelTimer(&((_pAd)->Mlme.LinkDownTimer), &Cancelled);\
+       STA_EXTRA_SETTING(_pAd); \
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+//
+//  Data buffer for DMA operation, the buffer must be contiguous physical memory
+//  Both DMA to / from CPU use the same structure.
+//
+typedef struct  _RTMP_DMABUF
+{
+       ULONG                   AllocSize;
+       PVOID                   AllocVa;            // TxBuf virtual address
+       NDIS_PHYSICAL_ADDRESS   AllocPa;            // TxBuf physical address
+} RTMP_DMABUF, *PRTMP_DMABUF;
+
+
+//
+// Control block (Descriptor) for all ring descriptor DMA operation, buffer must be
+// contiguous physical memory. NDIS_PACKET stored the binding Rx packet descriptor
+// which won't be released, driver has to wait until upper layer return the packet
+// before giveing up this rx ring descriptor to ASIC. NDIS_BUFFER is assocaited pair
+// to describe the packet buffer. For Tx, NDIS_PACKET stored the tx packet descriptor
+// which driver should ACK upper layer when the tx is physically done or failed.
+//
+typedef struct _RTMP_DMACB
+{
+       ULONG                   AllocSize;          // Control block size
+       PVOID                   AllocVa;            // Control block virtual address
+       NDIS_PHYSICAL_ADDRESS   AllocPa;            // Control block physical address
+       PNDIS_PACKET pNdisPacket;
+       PNDIS_PACKET pNextNdisPacket;
+
+       RTMP_DMABUF             DmaBuf;             // Associated DMA buffer structure
+} RTMP_DMACB, *PRTMP_DMACB;
+
+
+typedef struct _RTMP_TX_RING
+{
+       RTMP_DMACB  Cell[TX_RING_SIZE];
+       UINT32          TxCpuIdx;
+       UINT32          TxDmaIdx;
+       UINT32          TxSwFreeIdx;    // software next free tx index
+} RTMP_TX_RING, *PRTMP_TX_RING;
+
+typedef struct _RTMP_RX_RING
+{
+       RTMP_DMACB  Cell[RX_RING_SIZE];
+       UINT32          RxCpuIdx;
+       UINT32          RxDmaIdx;
+       INT32           RxSwReadIdx;    // software next read index
+} RTMP_RX_RING, *PRTMP_RX_RING;
+
+typedef struct _RTMP_MGMT_RING
+{
+       RTMP_DMACB  Cell[MGMT_RING_SIZE];
+       UINT32          TxCpuIdx;
+       UINT32          TxDmaIdx;
+       UINT32          TxSwFreeIdx; // software next free tx index
+} RTMP_MGMT_RING, *PRTMP_MGMT_RING;
+
+
+//
+//  Statistic counter structure
+//
+typedef struct _COUNTER_802_3
+{
+       // General Stats
+       ULONG       GoodTransmits;
+       ULONG       GoodReceives;
+       ULONG       TxErrors;
+       ULONG       RxErrors;
+       ULONG       RxNoBuffer;
+
+       // Ethernet Stats
+       ULONG       RcvAlignmentErrors;
+       ULONG       OneCollision;
+       ULONG       MoreCollisions;
+
+} COUNTER_802_3, *PCOUNTER_802_3;
+
+typedef struct _COUNTER_802_11 {
+       ULONG           Length;
+       LARGE_INTEGER   LastTransmittedFragmentCount;
+       LARGE_INTEGER   TransmittedFragmentCount;
+       LARGE_INTEGER   MulticastTransmittedFrameCount;
+       LARGE_INTEGER   FailedCount;
+       LARGE_INTEGER   RetryCount;
+       LARGE_INTEGER   MultipleRetryCount;
+       LARGE_INTEGER   RTSSuccessCount;
+       LARGE_INTEGER   RTSFailureCount;
+       LARGE_INTEGER   ACKFailureCount;
+       LARGE_INTEGER   FrameDuplicateCount;
+       LARGE_INTEGER   ReceivedFragmentCount;
+       LARGE_INTEGER   MulticastReceivedFrameCount;
+       LARGE_INTEGER   FCSErrorCount;
+} COUNTER_802_11, *PCOUNTER_802_11;
+
+typedef struct _COUNTER_RALINK {
+       ULONG           TransmittedByteCount;   // both successful and failure, used to calculate TX throughput
+       ULONG           ReceivedByteCount;      // both CRC okay and CRC error, used to calculate RX throughput
+       ULONG           BeenDisassociatedCount;
+       ULONG           BadCQIAutoRecoveryCount;
+       ULONG           PoorCQIRoamingCount;
+       ULONG           MgmtRingFullCount;
+       ULONG           RxCountSinceLastNULL;
+       ULONG           RxCount;
+       ULONG           RxRingErrCount;
+       ULONG           KickTxCount;
+       ULONG           TxRingErrCount;
+       LARGE_INTEGER   RealFcsErrCount;
+       ULONG           PendingNdisPacketCount;
+
+       ULONG           OneSecOsTxCount[NUM_OF_TX_RING];
+       ULONG           OneSecDmaDoneCount[NUM_OF_TX_RING];
+       UINT32          OneSecTxDoneCount;
+       ULONG           OneSecRxCount;
+       UINT32          OneSecTxAggregationCount;
+       UINT32          OneSecRxAggregationCount;
+       UINT32          OneSecReceivedByteCount;
+       UINT32                  OneSecFrameDuplicateCount;
+
+       UINT32          OneSecTransmittedByteCount;   // both successful and failure, used to calculate TX throughput
+       UINT32          OneSecTxNoRetryOkCount;
+       UINT32          OneSecTxRetryOkCount;
+       UINT32          OneSecTxFailCount;
+       UINT32          OneSecFalseCCACnt;      // CCA error count, for debug purpose, might move to global counter
+       UINT32          OneSecRxOkCnt;          // RX without error
+       UINT32          OneSecRxOkDataCnt;      // unicast-to-me DATA frame count
+       UINT32          OneSecRxFcsErrCnt;      // CRC error
+       UINT32          OneSecBeaconSentCnt;
+       UINT32          LastOneSecTotalTxCount; // OneSecTxNoRetryOkCount + OneSecTxRetryOkCount + OneSecTxFailCount
+       UINT32          LastOneSecRxOkDataCnt;  // OneSecRxOkDataCnt
+       ULONG           DuplicateRcv;
+       ULONG           TxAggCount;
+       ULONG           TxNonAggCount;
+       ULONG           TxAgg1MPDUCount;
+       ULONG           TxAgg2MPDUCount;
+       ULONG           TxAgg3MPDUCount;
+       ULONG           TxAgg4MPDUCount;
+       ULONG           TxAgg5MPDUCount;
+       ULONG           TxAgg6MPDUCount;
+       ULONG           TxAgg7MPDUCount;
+       ULONG           TxAgg8MPDUCount;
+       ULONG           TxAgg9MPDUCount;
+       ULONG           TxAgg10MPDUCount;
+       ULONG           TxAgg11MPDUCount;
+       ULONG           TxAgg12MPDUCount;
+       ULONG           TxAgg13MPDUCount;
+       ULONG           TxAgg14MPDUCount;
+       ULONG           TxAgg15MPDUCount;
+       ULONG           TxAgg16MPDUCount;
+
+       LARGE_INTEGER       TransmittedOctetsInAMSDU;
+       LARGE_INTEGER       TransmittedAMSDUCount;
+       LARGE_INTEGER       ReceivedOctesInAMSDUCount;
+       LARGE_INTEGER       ReceivedAMSDUCount;
+       LARGE_INTEGER       TransmittedAMPDUCount;
+       LARGE_INTEGER       TransmittedMPDUsInAMPDUCount;
+       LARGE_INTEGER       TransmittedOctetsInAMPDUCount;
+       LARGE_INTEGER       MPDUInReceivedAMPDUCount;
+} COUNTER_RALINK, *PCOUNTER_RALINK;
+
+
+typedef struct _COUNTER_DRS {
+       // to record the each TX rate's quality. 0 is best, the bigger the worse.
+       USHORT          TxQuality[MAX_STEP_OF_TX_RATE_SWITCH];
+       UCHAR           PER[MAX_STEP_OF_TX_RATE_SWITCH];
+       UCHAR           TxRateUpPenalty;      // extra # of second penalty due to last unstable condition
+       ULONG           CurrTxRateStableTime; // # of second in current TX rate
+       BOOLEAN         fNoisyEnvironment;
+       BOOLEAN         fLastSecAccordingRSSI;
+       UCHAR           LastSecTxRateChangeAction; // 0: no change, 1:rate UP, 2:rate down
+       UCHAR                   LastTimeTxRateChangeAction; //Keep last time value of LastSecTxRateChangeAction
+       ULONG                   LastTxOkCount;
+} COUNTER_DRS, *PCOUNTER_DRS;
+
+
+
+
+/***************************************************************************
+  *    security key related data structure
+  **************************************************************************/
+typedef struct _CIPHER_KEY {
+       UCHAR   Key[16];            // right now we implement 4 keys, 128 bits max
+       UCHAR   RxMic[8];                       // make alignment
+       UCHAR   TxMic[8];
+       UCHAR   TxTsc[6];           // 48bit TSC value
+       UCHAR   RxTsc[6];           // 48bit TSC value
+       UCHAR   CipherAlg;          // 0-none, 1:WEP64, 2:WEP128, 3:TKIP, 4:AES, 5:CKIP64, 6:CKIP128
+       UCHAR   KeyLen;
+#ifdef CONFIG_STA_SUPPORT
+       UCHAR   BssId[6];
+#endif // CONFIG_STA_SUPPORT //
+            // Key length for each key, 0: entry is invalid
+       UCHAR   Type;               // Indicate Pairwise/Group when reporting MIC error
+} CIPHER_KEY, *PCIPHER_KEY;
+
+
+// structure to define WPA Group Key Rekey Interval
+typedef struct PACKED _RT_802_11_WPA_REKEY {
+       ULONG ReKeyMethod;          // mechanism for rekeying: 0:disable, 1: time-based, 2: packet-based
+       ULONG ReKeyInterval;        // time-based: seconds, packet-based: kilo-packets
+} RT_WPA_REKEY,*PRT_WPA_REKEY, RT_802_11_WPA_REKEY, *PRT_802_11_WPA_REKEY;
+
+
+
+typedef struct {
+       UCHAR        Addr[MAC_ADDR_LEN];
+       UCHAR        ErrorCode[2];  //00 01-Invalid authentication type
+                                                       //00 02-Authentication timeout
+                                                       //00 03-Challenge from AP failed
+                                                       //00 04-Challenge to AP failed
+       BOOLEAN      Reported;
+} ROGUEAP_ENTRY, *PROGUEAP_ENTRY;
+
+typedef struct {
+       UCHAR               RogueApNr;
+       ROGUEAP_ENTRY       RogueApEntry[MAX_LEN_OF_BSS_TABLE];
+} ROGUEAP_TABLE, *PROGUEAP_TABLE;
+
+//
+// Cisco IAPP format
+//
+typedef struct  _CISCO_IAPP_CONTENT_
+{
+       USHORT     Length;        //IAPP Length
+       UCHAR      MessageType;      //IAPP type
+       UCHAR      FunctionCode;     //IAPP function type
+       UCHAR      DestinaionMAC[MAC_ADDR_LEN];
+       UCHAR      SourceMAC[MAC_ADDR_LEN];
+       USHORT     Tag;           //Tag(element IE) - Adjacent AP report
+       USHORT     TagLength;     //Length of element not including 4 byte header
+       UCHAR      OUI[4];           //0x00, 0x40, 0x96, 0x00
+       UCHAR      PreviousAP[MAC_ADDR_LEN];       //MAC Address of access point
+       USHORT     Channel;
+       USHORT     SsidLen;
+       UCHAR      Ssid[MAX_LEN_OF_SSID];
+       USHORT     Seconds;          //Seconds that the client has been disassociated.
+} CISCO_IAPP_CONTENT, *PCISCO_IAPP_CONTENT;
+
+
+/*
+  *    Fragment Frame structure
+  */
+typedef struct  _FRAGMENT_FRAME {
+       PNDIS_PACKET    pFragPacket;
+       ULONG       RxSize;
+       USHORT      Sequence;
+       USHORT      LastFrag;
+       ULONG       Flags;          // Some extra frame information. bit 0: LLC presented
+} FRAGMENT_FRAME, *PFRAGMENT_FRAME;
+
+
+//
+// Packet information for NdisQueryPacket
+//
+typedef struct  _PACKET_INFO    {
+       UINT            PhysicalBufferCount;    // Physical breaks of buffer descripor chained
+       UINT            BufferCount ;           // Number of Buffer descriptor chained
+       UINT            TotalPacketLength ;     // Self explained
+       PNDIS_BUFFER    pFirstBuffer;           // Pointer to first buffer descriptor
+} PACKET_INFO, *PPACKET_INFO;
+
+
+//
+//  Arcfour Structure Added by PaulWu
+//
+typedef struct  _ARCFOUR
+{
+       UINT            X;
+       UINT            Y;
+       UCHAR           STATE[256];
+} ARCFOURCONTEXT, *PARCFOURCONTEXT;
+
+
+//
+// Tkip Key structure which RC4 key & MIC calculation
+//
+typedef struct  _TKIP_KEY_INFO  {
+       UINT        nBytesInM;  // # bytes in M for MICKEY
+       ULONG       IV16;
+       ULONG       IV32;
+       ULONG       K0;         // for MICKEY Low
+       ULONG       K1;         // for MICKEY Hig
+       ULONG       L;          // Current state for MICKEY
+       ULONG       R;          // Current state for MICKEY
+       ULONG       M;          // Message accumulator for MICKEY
+       UCHAR       RC4KEY[16];
+       UCHAR       MIC[8];
+} TKIP_KEY_INFO, *PTKIP_KEY_INFO;
+
+
+//
+// Private / Misc data, counters for driver internal use
+//
+typedef struct  __PRIVATE_STRUC {
+       UINT       SystemResetCnt;         // System reset counter
+       UINT       TxRingFullCnt;          // Tx ring full occurrance number
+       UINT       PhyRxErrCnt;            // PHY Rx error count, for debug purpose, might move to global counter
+       // Variables for WEP encryption / decryption in rtmp_wep.c
+       UINT       FCSCRC32;
+       ARCFOURCONTEXT  WEPCONTEXT;
+       // Tkip stuff
+       TKIP_KEY_INFO   Tx;
+       TKIP_KEY_INFO   Rx;
+} PRIVATE_STRUC, *PPRIVATE_STRUC;
+
+
+/***************************************************************************
+  *    Channel and BBP related data structures
+  **************************************************************************/
+// structure to tune BBP R66 (BBP TUNING)
+typedef struct _BBP_R66_TUNING {
+       BOOLEAN     bEnable;
+       USHORT      FalseCcaLowerThreshold;  // default 100
+       USHORT      FalseCcaUpperThreshold;  // default 512
+       UCHAR       R66Delta;
+       UCHAR       R66CurrentValue;
+       BOOLEAN         R66LowerUpperSelect; //Before LinkUp, Used LowerBound or UpperBound as R66 value.
+} BBP_R66_TUNING, *PBBP_R66_TUNING;
+
+// structure to store channel TX power
+typedef struct _CHANNEL_TX_POWER {
+       USHORT     RemainingTimeForUse;         //unit: sec
+       UCHAR      Channel;
+#ifdef DOT11N_DRAFT3
+       BOOLEAN       bEffectedChannel; // For BW 40 operating in 2.4GHz , the "effected channel" is the channel that is covered in 40Mhz.
+#endif // DOT11N_DRAFT3 //
+       CHAR       Power;
+       CHAR       Power2;
+       UCHAR      MaxTxPwr;
+       UCHAR      DfsReq;
+} CHANNEL_TX_POWER, *PCHANNEL_TX_POWER;
+
+// structure to store 802.11j channel TX power
+typedef struct _CHANNEL_11J_TX_POWER {
+       UCHAR      Channel;
+       UCHAR      BW;  // BW_10 or BW_20
+       CHAR       Power;
+       CHAR       Power2;
+       USHORT     RemainingTimeForUse;         //unit: sec
+} CHANNEL_11J_TX_POWER, *PCHANNEL_11J_TX_POWER;
+
+typedef struct _SOFT_RX_ANT_DIVERSITY_STRUCT {
+       UCHAR     EvaluatePeriod;                // 0:not evalute status, 1: evaluate status, 2: switching status
+       UCHAR     EvaluateStableCnt;
+       UCHAR     Pair1PrimaryRxAnt;     // 0:Ant-E1, 1:Ant-E2
+       UCHAR     Pair1SecondaryRxAnt;   // 0:Ant-E1, 1:Ant-E2
+       UCHAR     Pair2PrimaryRxAnt;     // 0:Ant-E3, 1:Ant-E4
+       UCHAR     Pair2SecondaryRxAnt;   // 0:Ant-E3, 1:Ant-E4
+#ifdef CONFIG_STA_SUPPORT
+       SHORT     Pair1AvgRssi[2];       // AvgRssi[0]:E1, AvgRssi[1]:E2
+       SHORT     Pair2AvgRssi[2];       // AvgRssi[0]:E3, AvgRssi[1]:E4
+#endif // CONFIG_STA_SUPPORT //
+       SHORT     Pair1LastAvgRssi;      //
+       SHORT     Pair2LastAvgRssi;      //
+       ULONG     RcvPktNumWhenEvaluate;
+       BOOLEAN   FirstPktArrivedWhenEvaluate;
+       RALINK_TIMER_STRUCT    RxAntDiversityTimer;
+} SOFT_RX_ANT_DIVERSITY, *PSOFT_RX_ANT_DIVERSITY;
+
+
+/***************************************************************************
+  *    structure for radar detection and channel switch
+  **************************************************************************/
+typedef struct _RADAR_DETECT_STRUCT {
+    //BOOLEAN          IEEE80211H;                     // 0: disable, 1: enable IEEE802.11h
+       UCHAR           CSCount;                        //Channel switch counter
+       UCHAR           CSPeriod;                       //Channel switch period (beacon count)
+       UCHAR           RDCount;                        //Radar detection counter
+       UCHAR           RDMode;                         //Radar Detection mode
+       UCHAR           RDDurRegion;            //Radar detection duration region
+       UCHAR           BBPR16;
+       UCHAR           BBPR17;
+       UCHAR           BBPR18;
+       UCHAR           BBPR21;
+       UCHAR           BBPR22;
+       UCHAR           BBPR64;
+       ULONG           InServiceMonitorCount; // unit: sec
+       UINT8           DfsSessionTime;
+#ifdef DFS_FCC_BW40_FIX
+       CHAR            DfsSessionFccOff;
+#endif
+       BOOLEAN         bFastDfs;
+       UINT8           ChMovingTime;
+       UINT8           LongPulseRadarTh;
+#ifdef MERGE_ARCH_TEAM
+       CHAR            AvgRssiReq;
+       ULONG           DfsLowerLimit;
+       ULONG           DfsUpperLimit;
+       UINT8           FixDfsLimit;
+       ULONG           upperlimit;
+       ULONG           lowerlimit;
+#endif // MERGE_ARCH_TEAM //
+} RADAR_DETECT_STRUCT, *PRADAR_DETECT_STRUCT;
+
+#ifdef CARRIER_DETECTION_SUPPORT
+typedef enum CD_STATE_n
+{
+       CD_NORMAL,
+       CD_SILENCE,
+       CD_MAX_STATE
+} CD_STATE;
+
+#ifdef TONE_RADAR_DETECT_SUPPORT
+#define CARRIER_DETECT_RECHECK_TIME                    3
+
+
+#ifdef CARRIER_SENSE_NEW_ALGO
+#define CARRIER_DETECT_CRITIRIA                                400
+#define CARRIER_DETECT_STOP_RATIO                              0x11
+#define        CARRIER_DETECT_STOP_RATIO_OLD_3090                      2
+#endif // CARRIER_SENSE_NEW_ALGO //
+
+
+#define CARRIER_DETECT_STOP_RECHECK_TIME               4
+#define CARRIER_DETECT_CRITIRIA_A                              230
+#define CARRIER_DETECT_DELTA                                   7
+#define CARRIER_DETECT_DIV_FLAG                                0
+#ifdef RT3090
+#define CARRIER_DETECT_THRESHOLD_3090A                 0x1fffffff
+#endif // RT3090 //
+#ifdef RT3390
+#define CARRIER_DETECT_THRESHOLD                       0x0fffffff
+#endif // RT3390 //
+#ifndef RT3390
+#define CARRIER_DETECT_THRESHOLD                       0x0fffffff
+#endif // RT3390 //
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+typedef struct CARRIER_DETECTION_s
+{
+       BOOLEAN                                 Enable;
+       UINT8                                   CDSessionTime;
+       UINT8                                   CDPeriod;
+       CD_STATE                                CD_State;
+#ifdef TONE_RADAR_DETECT_SUPPORT
+       UINT8                                   delta;
+       UINT8                                   div_flag;
+       UINT32                                  threshold;
+       UINT8                                   recheck;
+       UINT8                                   recheck1;
+       UINT8                                   recheck2;
+       UINT32                                  TimeStamp;
+       UINT32                                  criteria;
+       UINT32                                  CarrierDebug;
+       ULONG                                   idle_time;
+       ULONG                                   busy_time;
+       ULONG                                   Debug;
+#endif // TONE_RADAR_DETECT_SUPPORT //
+}CARRIER_DETECTION_STRUCT, *PCARRIER_DETECTION_STRUCT;
+#endif // CARRIER_DETECTION_SUPPORT //
+
+
+#ifdef NEW_DFS
+typedef struct _NewDFSDebug
+{
+       UCHAR channel;
+       ULONG wait_time;
+       UCHAR delta_delay_range;
+       UCHAR delta_delay_step;
+       UCHAR EL_range;
+       UCHAR EL_step;
+       UCHAR EH_range;
+       UCHAR EH_step;
+       UCHAR WL_range;
+       UCHAR WL_step;
+       UCHAR WH_range;
+       UCHAR WH_step;
+       ULONG T_expected;
+       ULONG T_margin;
+       UCHAR start;
+       ULONG count;
+       ULONG idx;
+
+}NewDFSDebug, *pNewDFSDebug;
+
+#define NEW_DFS_FCC_5_ENT_NUM          5
+#define NEW_DFS_DBG_PORT_ENT_NUM_POWER 8
+#define NEW_DFS_DBG_PORT_ENT_NUM               (1 << NEW_DFS_DBG_PORT_ENT_NUM_POWER)  // CE Debug Port entry number, 256
+#define NEW_DFS_DBG_PORT_MASK  0xff
+
+// Matched Period definition
+#define NEW_DFS_MPERIOD_ENT_NUM_POWER          8
+#define NEW_DFS_MPERIOD_ENT_NUM                (1 << NEW_DFS_MPERIOD_ENT_NUM_POWER)     // CE Period Table entry number, 512
+#define NEW_DFS_MAX_CHANNEL    4
+
+typedef struct _NewDFSDebugPort{
+       ULONG counter;
+       ULONG timestamp;
+       USHORT width;
+       USHORT start_idx; // start index to period table
+       USHORT end_idx; // end index to period table
+}NewDFSDebugPort, *pNewDFSDebugPort;
+
+// Matched Period Table
+typedef struct _NewDFSMPeriod{
+       USHORT  idx;
+       USHORT width;
+       USHORT  idx2;
+       USHORT width2;
+       ULONG period;
+}NewDFSMPeriod, *pNewDFSMPeriod;
+
+#endif // NEW_DFS //
+
+
+typedef enum _ABGBAND_STATE_ {
+       UNKNOWN_BAND,
+       BG_BAND,
+       A_BAND,
+} ABGBAND_STATE;
+
+#ifdef RTMP_MAC_PCI
+#ifdef CONFIG_STA_SUPPORT
+// Power save method control
+typedef        union   _PS_CONTROL     {
+       struct  {
+               ULONG           EnablePSinIdle:1;                       // Enable radio off when not connect to AP. radio on only when sitesurvey,
+               ULONG           EnableNewPS:1;          // Enable new  Chip power save fucntion . New method can only be applied in chip version after 2872. and PCIe.
+               ULONG           rt30xxPowerMode:2;                      // Power Level Mode for rt30xx chip
+               ULONG           rt30xxFollowHostASPM:1;                 // Card Follows Host's setting for rt30xx chip.
+               ULONG           rt30xxForceASPMTest:1;                  // Force enable L1 for rt30xx chip. This has higher priority than rt30xxFollowHostASPM Mode.
+               ULONG           rsv:26;                 // Radio Measurement Enable
+       }       field;
+       ULONG                   word;
+}      PS_CONTROL, *PPS_CONTROL;
+#endif // CONFIG_STA_SUPPORT //
+#endif // RTMP_MAC_PCI //
+/***************************************************************************
+  *    structure for MLME state machine
+  **************************************************************************/
+typedef struct _MLME_STRUCT {
+#ifdef CONFIG_STA_SUPPORT
+       // STA state machines
+       STATE_MACHINE           CntlMachine;
+       STATE_MACHINE           AssocMachine;
+       STATE_MACHINE           AuthMachine;
+       STATE_MACHINE           AuthRspMachine;
+       STATE_MACHINE           SyncMachine;
+       STATE_MACHINE           WpaPskMachine;
+       STATE_MACHINE           LeapMachine;
+       STATE_MACHINE_FUNC      AssocFunc[ASSOC_FUNC_SIZE];
+       STATE_MACHINE_FUNC      AuthFunc[AUTH_FUNC_SIZE];
+       STATE_MACHINE_FUNC      AuthRspFunc[AUTH_RSP_FUNC_SIZE];
+       STATE_MACHINE_FUNC      SyncFunc[SYNC_FUNC_SIZE];
+#endif // CONFIG_STA_SUPPORT //
+       STATE_MACHINE_FUNC      ActFunc[ACT_FUNC_SIZE];
+       // Action
+       STATE_MACHINE           ActMachine;
+
+
+#ifdef QOS_DLS_SUPPORT
+       STATE_MACHINE                   DlsMachine;
+       STATE_MACHINE_FUNC      DlsFunc[DLS_FUNC_SIZE];
+#endif // QOS_DLS_SUPPORT //
+
+
+       // common WPA state machine
+       STATE_MACHINE           WpaMachine;
+       STATE_MACHINE_FUNC      WpaFunc[WPA_FUNC_SIZE];
+
+
+
+       ULONG                   ChannelQuality;  // 0..100, Channel Quality Indication for Roaming
+       ULONG                   Now32;           // latch the value of NdisGetSystemUpTime()
+       ULONG                   LastSendNULLpsmTime;
+
+       BOOLEAN                 bRunning;
+       NDIS_SPIN_LOCK          TaskLock;
+       MLME_QUEUE              Queue;
+
+       UINT                    ShiftReg;
+
+       RALINK_TIMER_STRUCT     PeriodicTimer;
+       RALINK_TIMER_STRUCT     APSDPeriodicTimer;
+       RALINK_TIMER_STRUCT     LinkDownTimer;
+       RALINK_TIMER_STRUCT     LinkUpTimer;
+#ifdef RTMP_MAC_PCI
+    UCHAR                   bPsPollTimerRunning;
+    RALINK_TIMER_STRUCT     PsPollTimer;
+       RALINK_TIMER_STRUCT     RadioOnOffTimer;
+#endif // RTMP_MAC_PCI //
+       ULONG                   PeriodicRound;
+       ULONG                   OneSecPeriodicRound;
+
+       UCHAR                                   RealRxPath;
+       BOOLEAN                                 bLowThroughput;
+       BOOLEAN                                 bEnableAutoAntennaCheck;
+       RALINK_TIMER_STRUCT             RxAntEvalTimer;
+
+#ifdef RT30xx
+       UCHAR CaliBW40RfR24;
+       UCHAR CaliBW20RfR24;
+#endif // RT30xx //
+
+} MLME_STRUCT, *PMLME_STRUCT;
+
+
+#ifdef DOT11_N_SUPPORT
+/***************************************************************************
+  *    802.11 N related data structures
+  **************************************************************************/
+struct reordering_mpdu
+{
+       struct reordering_mpdu  *next;
+       PNDIS_PACKET                    pPacket;                /* coverted to 802.3 frame */
+       int                                             Sequence;               /* sequence number of MPDU */
+       BOOLEAN                                 bAMSDU;
+};
+
+struct reordering_list
+{
+       struct reordering_mpdu *next;
+       int     qlen;
+};
+
+struct reordering_mpdu_pool
+{
+       PVOID                                   mem;
+       NDIS_SPIN_LOCK                  lock;
+       struct reordering_list  freelist;
+};
+
+typedef enum _REC_BLOCKACK_STATUS
+{
+    Recipient_NONE=0,
+       Recipient_USED,
+       Recipient_HandleRes,
+    Recipient_Accept
+} REC_BLOCKACK_STATUS, *PREC_BLOCKACK_STATUS;
+
+typedef enum _ORI_BLOCKACK_STATUS
+{
+    Originator_NONE=0,
+       Originator_USED,
+    Originator_WaitRes,
+    Originator_Done
+} ORI_BLOCKACK_STATUS, *PORI_BLOCKACK_STATUS;
+
+typedef struct _BA_ORI_ENTRY{
+       UCHAR   Wcid;
+       UCHAR   TID;
+       UCHAR   BAWinSize;
+       UCHAR   Token;
+// Sequence is to fill every outgoing QoS DATA frame's sequence field in 802.11 header.
+       USHORT  Sequence;
+       USHORT  TimeOutValue;
+       ORI_BLOCKACK_STATUS  ORI_BA_Status;
+       RALINK_TIMER_STRUCT ORIBATimer;
+       PVOID   pAdapter;
+} BA_ORI_ENTRY, *PBA_ORI_ENTRY;
+
+typedef struct _BA_REC_ENTRY {
+       UCHAR   Wcid;
+       UCHAR   TID;
+       UCHAR   BAWinSize;      // 7.3.1.14. each buffer is capable of holding a max AMSDU or MSDU.
+       //UCHAR NumOfRxPkt;
+       //UCHAR    Curindidx; // the head in the RX reordering buffer
+       USHORT          LastIndSeq;
+//     USHORT          LastIndSeqAtTimer;
+       USHORT          TimeOutValue;
+       RALINK_TIMER_STRUCT RECBATimer;
+       ULONG           LastIndSeqAtTimer;
+       ULONG           nDropPacket;
+       ULONG           rcvSeq;
+       REC_BLOCKACK_STATUS  REC_BA_Status;
+//     UCHAR   RxBufIdxUsed;
+       // corresponding virtual address for RX reordering packet storage.
+       //RTMP_REORDERDMABUF MAP_RXBuf[MAX_RX_REORDERBUF];
+       NDIS_SPIN_LOCK          RxReRingLock;                 // Rx Ring spinlock
+//     struct _BA_REC_ENTRY *pNext;
+       PVOID   pAdapter;
+       struct reordering_list  list;
+} BA_REC_ENTRY, *PBA_REC_ENTRY;
+
+
+typedef struct {
+       ULONG           numAsRecipient;         // I am recipient of numAsRecipient clients. These client are in the BARecEntry[]
+       ULONG           numAsOriginator;        // I am originator of   numAsOriginator clients. These clients are in the BAOriEntry[]
+       ULONG           numDoneOriginator;      // count Done Originator sessions
+       BA_ORI_ENTRY       BAOriEntry[MAX_LEN_OF_BA_ORI_TABLE];
+       BA_REC_ENTRY       BARecEntry[MAX_LEN_OF_BA_REC_TABLE];
+} BA_TABLE, *PBA_TABLE;
+
+//For QureyBATableOID use;
+typedef struct  PACKED _OID_BA_REC_ENTRY{
+       UCHAR   MACAddr[MAC_ADDR_LEN];
+       UCHAR   BaBitmap;   // if (BaBitmap&(1<<TID)), this session with{MACAddr, TID}exists, so read BufSize[TID] for BufferSize
+       UCHAR   rsv;
+       UCHAR   BufSize[8];
+       REC_BLOCKACK_STATUS     REC_BA_Status[8];
+} OID_BA_REC_ENTRY, *POID_BA_REC_ENTRY;
+
+//For QureyBATableOID use;
+typedef struct  PACKED _OID_BA_ORI_ENTRY{
+       UCHAR   MACAddr[MAC_ADDR_LEN];
+       UCHAR   BaBitmap;  // if (BaBitmap&(1<<TID)), this session with{MACAddr, TID}exists, so read BufSize[TID] for BufferSize, read ORI_BA_Status[TID] for status
+       UCHAR   rsv;
+       UCHAR   BufSize[8];
+       ORI_BLOCKACK_STATUS  ORI_BA_Status[8];
+} OID_BA_ORI_ENTRY, *POID_BA_ORI_ENTRY;
+
+typedef struct _QUERYBA_TABLE{
+       OID_BA_ORI_ENTRY       BAOriEntry[32];
+       OID_BA_REC_ENTRY       BARecEntry[32];
+       UCHAR   OriNum;// Number of below BAOriEntry
+       UCHAR   RecNum;// Number of below BARecEntry
+} QUERYBA_TABLE, *PQUERYBA_TABLE;
+
+typedef        union   _BACAP_STRUC    {
+#ifdef RT_BIG_ENDIAN
+       struct  {
+               UINT32     :4;
+               UINT32     b2040CoexistScanSup:1;               //As Sta, support do 2040 coexistence scan for AP. As Ap, support monitor trigger event to check if can use BW 40MHz.
+               UINT32     bHtAdhoc:1;                  // adhoc can use ht rate.
+               UINT32     MMPSmode:2;  // MIMO power save more, 0:static, 1:dynamic, 2:rsv, 3:mimo enable
+               UINT32     AmsduSize:1; // 0:3839, 1:7935 bytes. UINT  MSDUSizeToBytes[]        = { 3839, 7935};
+               UINT32     AmsduEnable:1;       //Enable AMSDU transmisstion
+               UINT32          MpduDensity:3;
+               UINT32          Policy:2;       // 0: DELAY_BA 1:IMMED_BA  (//BA Policy subfiled value in ADDBA frame)   2:BA-not use
+               UINT32          AutoBA:1;       // automatically BA
+               UINT32          TxBAWinLimit:8;
+               UINT32          RxBAWinLimit:8;
+       }       field;
+#else
+       struct  {
+               UINT32          RxBAWinLimit:8;
+               UINT32          TxBAWinLimit:8;
+               UINT32          AutoBA:1;       // automatically BA
+               UINT32          Policy:2;       // 0: DELAY_BA 1:IMMED_BA  (//BA Policy subfiled value in ADDBA frame)   2:BA-not use
+               UINT32          MpduDensity:3;
+               UINT32          AmsduEnable:1;  //Enable AMSDU transmisstion
+               UINT32          AmsduSize:1;    // 0:3839, 1:7935 bytes. UINT  MSDUSizeToBytes[]        = { 3839, 7935};
+               UINT32          MMPSmode:2;     // MIMO power save more, 0:static, 1:dynamic, 2:rsv, 3:mimo enable
+               UINT32          bHtAdhoc:1;                     // adhoc can use ht rate.
+               UINT32          b2040CoexistScanSup:1;          //As Sta, support do 2040 coexistence scan for AP. As Ap, support monitor trigger event to check if can use BW 40MHz.
+               UINT32          :4;
+       }       field;
+#endif
+       UINT32                  word;
+} BACAP_STRUC, *PBACAP_STRUC;
+
+
+typedef struct {
+       BOOLEAN         IsRecipient;
+       UCHAR   MACAddr[MAC_ADDR_LEN];
+       UCHAR   TID;
+       UCHAR   nMSDU;
+       USHORT   TimeOut;
+       BOOLEAN bAllTid;  // If True, delete all TID for BA sessions with this MACaddr.
+} OID_ADD_BA_ENTRY, *POID_ADD_BA_ENTRY;
+
+
+#ifdef DOT11N_DRAFT3
+typedef enum _BSS2040COEXIST_FLAG{
+       BSS_2040_COEXIST_DISABLE = 0,
+       BSS_2040_COEXIST_TIMER_FIRED  = 1,
+       BSS_2040_COEXIST_INFO_SYNC = 2,
+       BSS_2040_COEXIST_INFO_NOTIFY = 4,
+}BSS2040COEXIST_FLAG;
+#endif // DOT11N_DRAFT3 //
+
+#define IS_HT_STA(_pMacEntry)  \
+       (_pMacEntry->MaxHTPhyMode.field.MODE >= MODE_HTMIX)
+
+#define IS_HT_RATE(_pMacEntry) \
+       (_pMacEntry->HTPhyMode.field.MODE >= MODE_HTMIX)
+
+#define PEER_IS_HT_RATE(_pMacEntry)    \
+       (_pMacEntry->HTPhyMode.field.MODE >= MODE_HTMIX)
+
+#endif // DOT11_N_SUPPORT //
+
+
+//This structure is for all 802.11n card InterOptibilityTest action. Reset all Num every n second.  (Details see MLMEPeriodic)
+typedef        struct  _IOT_STRUC      {
+       UCHAR                   Threshold[2];
+       UCHAR                   ReorderTimeOutNum[MAX_LEN_OF_BA_REC_TABLE];     // compare with threshold[0]
+       UCHAR                   RefreshNum[MAX_LEN_OF_BA_REC_TABLE];    // compare with threshold[1]
+       ULONG                   OneSecInWindowCount;
+       ULONG                   OneSecFrameDuplicateCount;
+       ULONG                   OneSecOutWindowCount;
+       UCHAR                   DelOriAct;
+       UCHAR                   DelRecAct;
+       UCHAR                   RTSShortProt;
+       UCHAR                   RTSLongProt;
+       BOOLEAN                 bRTSLongProtOn;
+#ifdef CONFIG_STA_SUPPORT
+       BOOLEAN                 bLastAtheros;
+    BOOLEAN                    bCurrentAtheros;
+    BOOLEAN         bNowAtherosBurstOn;
+       BOOLEAN                 bNextDisableRxBA;
+    BOOLEAN                    bToggle;
+#endif // CONFIG_STA_SUPPORT //
+} IOT_STRUC, *PIOT_STRUC;
+
+
+// This is the registry setting for 802.11n transmit setting.  Used in advanced page.
+typedef union _REG_TRANSMIT_SETTING {
+#ifdef RT_BIG_ENDIAN
+ struct {
+         UINT32  rsv:13;
+                UINT32  EXTCHA:2;
+                UINT32  HTMODE:1;
+                UINT32  TRANSNO:2;
+                UINT32  STBC:1; //SPACE
+                UINT32  ShortGI:1;
+                UINT32  BW:1; //channel bandwidth 20MHz or 40 MHz
+                UINT32  TxBF:1; // 3*3
+                UINT32  rsv0:10;
+                //UINT32  MCS:7;                 // MCS
+         //UINT32  PhyMode:4;
+    } field;
+#else
+ struct {
+         //UINT32  PhyMode:4;
+         //UINT32  MCS:7;                 // MCS
+                UINT32  rsv0:10;
+                UINT32  TxBF:1;
+         UINT32  BW:1; //channel bandwidth 20MHz or 40 MHz
+         UINT32  ShortGI:1;
+         UINT32  STBC:1; //SPACE
+         UINT32  TRANSNO:2;
+         UINT32  HTMODE:1;
+         UINT32  EXTCHA:2;
+         UINT32  rsv:13;
+    } field;
+#endif
+ UINT32   word;
+} REG_TRANSMIT_SETTING, *PREG_TRANSMIT_SETTING;
+
+
+typedef union  _DESIRED_TRANSMIT_SETTING {
+#ifdef RT_BIG_ENDIAN
+       struct  {
+                       USHORT          rsv:3;
+                       USHORT          FixedTxMode:2;                  // If MCS isn't AUTO, fix rate in CCK, OFDM or HT mode.
+                       USHORT          PhyMode:4;
+                       USHORT          MCS:7;                 // MCS
+       }       field;
+#else
+       struct  {
+                       USHORT          MCS:7;                  // MCS
+                       USHORT          PhyMode:4;
+                       USHORT          FixedTxMode:2;                  // If MCS isn't AUTO, fix rate in CCK, OFDM or HT mode.
+                       USHORT          rsv:3;
+       }       field;
+#endif
+       USHORT          word;
+ } DESIRED_TRANSMIT_SETTING, *PDESIRED_TRANSMIT_SETTING;
+
+
+
+
+/***************************************************************************
+  *    Multiple SSID related data structures
+  **************************************************************************/
+#define WLAN_MAX_NUM_OF_TIM                    ((MAX_LEN_OF_MAC_TABLE >> 3) + 1) /* /8 + 1 */
+#define WLAN_CT_TIM_BCMC_OFFSET                0 /* unit: 32B */
+
+/* clear bcmc TIM bit */
+#define WLAN_MR_TIM_BCMC_CLEAR(apidx) \
+       pAd->ApCfg.MBSSID[apidx].TimBitmaps[WLAN_CT_TIM_BCMC_OFFSET] &= ~BIT8[0];
+
+/* set bcmc TIM bit */
+#define WLAN_MR_TIM_BCMC_SET(apidx) \
+       pAd->ApCfg.MBSSID[apidx].TimBitmaps[WLAN_CT_TIM_BCMC_OFFSET] |= BIT8[0];
+
+/* clear a station PS TIM bit */
+#define WLAN_MR_TIM_BIT_CLEAR(ad_p, apidx, wcid) \
+       {       UCHAR tim_offset = wcid >> 3; \
+               UCHAR bit_offset = wcid & 0x7; \
+               ad_p->ApCfg.MBSSID[apidx].TimBitmaps[tim_offset] &= (~BIT8[bit_offset]); }
+
+/* set a station PS TIM bit */
+#define WLAN_MR_TIM_BIT_SET(ad_p, apidx, wcid) \
+       {       UCHAR tim_offset = wcid >> 3; \
+               UCHAR bit_offset = wcid & 0x7; \
+               ad_p->ApCfg.MBSSID[apidx].TimBitmaps[tim_offset] |= BIT8[bit_offset]; }
+
+
+// configuration common to OPMODE_AP as well as OPMODE_STA
+typedef struct _COMMON_CONFIG {
+
+       BOOLEAN         bCountryFlag;
+       UCHAR           CountryCode[3];
+       UCHAR           Geography;
+       UCHAR       CountryRegion;      // Enum of country region, 0:FCC, 1:IC, 2:ETSI, 3:SPAIN, 4:France, 5:MKK, 6:MKK1, 7:Israel
+       UCHAR       CountryRegionForABand;      // Enum of country region for A band
+       UCHAR       PhyMode;            // PHY_11A, PHY_11B, PHY_11BG_MIXED, PHY_ABG_MIXED
+       UCHAR       DesiredPhyMode;            // PHY_11A, PHY_11B, PHY_11BG_MIXED, PHY_ABG_MIXED
+       USHORT      Dsifs;              // in units of usec
+       ULONG       PacketFilter;       // Packet filter for receiving
+       UINT8           RegulatoryClass[MAX_NUM_OF_REGULATORY_CLASS];
+
+       CHAR        Ssid[MAX_LEN_OF_SSID]; // NOT NULL-terminated
+       UCHAR       SsidLen;               // the actual ssid length in used
+       UCHAR       LastSsidLen;               // the actual ssid length in used
+       CHAR        LastSsid[MAX_LEN_OF_SSID]; // NOT NULL-terminated
+       UCHAR           LastBssid[MAC_ADDR_LEN];
+
+       UCHAR       Bssid[MAC_ADDR_LEN];
+       USHORT      BeaconPeriod;
+       UCHAR       Channel;
+       UCHAR       CentralChannel;     // Central Channel when using 40MHz is indicating. not real channel.
+
+       UCHAR       SupRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR       SupRateLen;
+       UCHAR       ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR       ExtRateLen;
+       UCHAR       DesireRate[MAX_LEN_OF_SUPPORTED_RATES];      // OID_802_11_DESIRED_RATES
+       UCHAR       MaxDesiredRate;
+       UCHAR       ExpectedACKRate[MAX_LEN_OF_SUPPORTED_RATES];
+
+       ULONG       BasicRateBitmap;        // backup basic ratebitmap
+
+       BOOLEAN         bAPSDCapable;
+       BOOLEAN         bInServicePeriod;
+       BOOLEAN         bAPSDAC_BE;
+       BOOLEAN         bAPSDAC_BK;
+       BOOLEAN         bAPSDAC_VI;
+       BOOLEAN         bAPSDAC_VO;
+
+       /* because TSPEC can modify the APSD flag, we need to keep the APSD flag
+               requested in association stage from the station;
+               we need to recover the APSD flag after the TSPEC is deleted. */
+       BOOLEAN         bACMAPSDBackup[4]; /* for delivery-enabled & trigger-enabled both */
+       BOOLEAN         bACMAPSDTr[4]; /* no use */
+
+       BOOLEAN         bNeedSendTriggerFrame;
+       BOOLEAN         bAPSDForcePowerSave;    // Force power save mode, should only use in APSD-STAUT
+       ULONG           TriggerTimerCount;
+       UCHAR           MaxSPLength;
+       UCHAR           BBPCurrentBW;   // BW_10,       BW_20, BW_40
+       // move to MULTISSID_STRUCT for MBSS
+       //HTTRANSMIT_SETTING    HTPhyMode, MaxHTPhyMode, MinHTPhyMode;// For transmit phy setting in TXWI.
+       REG_TRANSMIT_SETTING        RegTransmitSetting; //registry transmit setting. this is for reading registry setting only. not useful.
+       //UCHAR       FixedTxMode;              // Fixed Tx Mode (CCK, OFDM), for HT fixed tx mode (GF, MIX) , refer to RegTransmitSetting.field.HTMode
+       UCHAR       TxRate;                 // Same value to fill in TXD. TxRate is 6-bit
+       UCHAR       MaxTxRate;              // RATE_1, RATE_2, RATE_5_5, RATE_11
+       UCHAR       TxRateIndex;            // Tx rate index in RateSwitchTable
+       UCHAR       TxRateTableSize;        // Valid Tx rate table size in RateSwitchTable
+       //BOOLEAN               bAutoTxRateSwitch;
+       UCHAR       MinTxRate;              // RATE_1, RATE_2, RATE_5_5, RATE_11
+       UCHAR       RtsRate;                // RATE_xxx
+       HTTRANSMIT_SETTING      MlmeTransmit;   // MGMT frame PHY rate setting when operatin at Ht rate.
+       UCHAR       MlmeRate;               // RATE_xxx, used to send MLME frames
+       UCHAR       BasicMlmeRate;          // Default Rate for sending MLME frames
+
+       USHORT      RtsThreshold;           // in unit of BYTE
+       USHORT      FragmentThreshold;      // in unit of BYTE
+
+       UCHAR       TxPower;                // in unit of mW
+       ULONG       TxPowerPercentage;      // 0~100 %
+       ULONG       TxPowerDefault;         // keep for TxPowerPercentage
+       UINT8           PwrConstraint;
+
+#ifdef DOT11_N_SUPPORT
+       BACAP_STRUC        BACapability; //   NO USE = 0XFF  ;  IMMED_BA =1  ;  DELAY_BA=0
+       BACAP_STRUC        REGBACapability; //   NO USE = 0XFF  ;  IMMED_BA =1  ;  DELAY_BA=0
+#endif // DOT11_N_SUPPORT //
+       IOT_STRUC               IOTestParm;     // 802.11n InterOpbility Test Parameter;
+       ULONG       TxPreamble;             // Rt802_11PreambleLong, Rt802_11PreambleShort, Rt802_11PreambleAuto
+       BOOLEAN     bUseZeroToDisableFragment;     // Microsoft use 0 as disable
+       ULONG       UseBGProtection;        // 0: auto, 1: always use, 2: always not use
+       BOOLEAN     bUseShortSlotTime;      // 0: disable, 1 - use short slot (9us)
+       BOOLEAN     bEnableTxBurst;         // 1: enble TX PACKET BURST (when BA is established or AP is not a legacy WMM AP), 0: disable TX PACKET BURST
+       BOOLEAN     bAggregationCapable;      // 1: enable TX aggregation when the peer supports it
+       BOOLEAN     bPiggyBackCapable;          // 1: enable TX piggy-back according MAC's version
+       BOOLEAN     bIEEE80211H;                        // 1: enable IEEE802.11h spec.
+       ULONG           DisableOLBCDetect;              // 0: enable OLBC detect; 1 disable OLBC detect
+
+#ifdef DOT11_N_SUPPORT
+       BOOLEAN                         bRdg;
+#endif // DOT11_N_SUPPORT //
+       BOOLEAN             bWmmCapable;        // 0:disable WMM, 1:enable WMM
+       QOS_CAPABILITY_PARM APQosCapability;    // QOS capability of the current associated AP
+       EDCA_PARM           APEdcaParm;         // EDCA parameters of the current associated AP
+       QBSS_LOAD_PARM      APQbssLoad;         // QBSS load of the current associated AP
+       UCHAR               AckPolicy[4];       // ACK policy of the specified AC. see ACK_xxx
+#ifdef CONFIG_STA_SUPPORT
+       BOOLEAN                         bDLSCapable;            // 0:disable DLS, 1:enable DLS
+#endif // CONFIG_STA_SUPPORT //
+       // a bitmap of BOOLEAN flags. each bit represent an operation status of a particular
+       // BOOLEAN control, either ON or OFF. These flags should always be accessed via
+       // OPSTATUS_TEST_FLAG(), OPSTATUS_SET_FLAG(), OP_STATUS_CLEAR_FLAG() macros.
+       // see fOP_STATUS_xxx in RTMP_DEF.C for detail bit definition
+       ULONG               OpStatusFlags;
+
+       BOOLEAN                         NdisRadioStateOff; //For HCT 12.0, set this flag to TRUE instead of called MlmeRadioOff.
+       ABGBAND_STATE           BandState;              // For setting BBP used on B/G or A mode.
+#ifdef ANT_DIVERSITY_SUPPORT
+       UCHAR                           bRxAntDiversity; // 0:disable, 1:enable Software Rx Antenna Diversity.
+#endif // ANT_DIVERSITY_SUPPORT //
+
+       // IEEE802.11H--DFS.
+       RADAR_DETECT_STRUCT     RadarDetect;
+
+#ifdef CARRIER_DETECTION_SUPPORT
+       CARRIER_DETECTION_STRUCT                CarrierDetect;
+#endif // CARRIER_DETECTION_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+       // HT
+       UCHAR                   BASize;         // USer desired BAWindowSize. Should not exceed our max capability
+       //RT_HT_CAPABILITY      SupportedHtPhy;
+       RT_HT_CAPABILITY        DesiredHtPhy;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHTInfo;      // Useful as AP.
+       //This IE is used with channel switch announcement element when changing to a new 40MHz.
+       //This IE is included in channel switch ammouncement frames 7.4.1.5, beacons, probe Rsp.
+       NEW_EXT_CHAN_IE NewExtChanOffset;       //7.3.2.20A, 1 if extension channel is above the control channel, 3 if below, 0 if not present
+
+#ifdef DOT11N_DRAFT3
+       UCHAR                                   Bss2040CoexistFlag;             // bit 0: bBssCoexistTimerRunning, bit 1: NeedSyncAddHtInfo.
+       RALINK_TIMER_STRUCT     Bss2040CoexistTimer;
+
+       //This IE is used for 20/40 BSS Coexistence.
+       BSS_2040_COEXIST_IE             BSS2040CoexistInfo;
+       // ====== 11n D3.0 =======================>
+       USHORT                                  Dot11OBssScanPassiveDwell;                              // Unit : TU. 5~1000
+       USHORT                                  Dot11OBssScanActiveDwell;                               // Unit : TU. 10~1000
+       USHORT                                  Dot11BssWidthTriggerScanInt;                    // Unit : Second
+       USHORT                                  Dot11OBssScanPassiveTotalPerChannel;    // Unit : TU. 200~10000
+       USHORT                                  Dot11OBssScanActiveTotalPerChannel;     // Unit : TU. 20~10000
+       USHORT                                  Dot11BssWidthChanTranDelayFactor;
+       USHORT                                  Dot11OBssScanActivityThre;                              // Unit : percentage
+
+       ULONG                                   Dot11BssWidthChanTranDelay;                     // multiple of (Dot11BssWidthTriggerScanInt * Dot11BssWidthChanTranDelayFactor)
+       ULONG                                   CountDownCtr;   // CountDown Counter from (Dot11BssWidthTriggerScanInt * Dot11BssWidthChanTranDelayFactor)
+
+       NDIS_SPIN_LOCK          TriggerEventTabLock;
+       BSS_2040_COEXIST_IE             LastBSSCoexist2040;
+       BSS_2040_COEXIST_IE             BSSCoexist2040;
+       TRIGGER_EVENT_TAB               TriggerEventTab;
+       UCHAR                                   ChannelListIdx;
+       // <====== 11n D3.0 =======================
+       BOOLEAN                                 bOverlapScanning;
+#endif // DOT11N_DRAFT3 //
+
+    BOOLEAN                 bHTProtect;
+    BOOLEAN                 bMIMOPSEnable;
+    BOOLEAN                                    bBADecline;
+//2008/11/05: KH add to support Antenna power-saving of AP<--
+       BOOLEAN                                 bGreenAPEnable;
+       BOOLEAN                                 bBlockAntDivforGreenAP;
+//2008/11/05: KH add to support Antenna power-saving of AP-->
+       BOOLEAN                                 bDisableReordering;
+       BOOLEAN                                 bForty_Mhz_Intolerant;
+       BOOLEAN                                 bExtChannelSwitchAnnouncement;
+       BOOLEAN                                 bRcvBSSWidthTriggerEvents;
+       ULONG                                   LastRcvBSSWidthTriggerEventsTime;
+
+       UCHAR                                   TxBASize;
+#endif // DOT11_N_SUPPORT //
+
+       // Enable wireless event
+       BOOLEAN                         bWirelessEvent;
+       BOOLEAN                         bWiFiTest;                              // Enable this parameter for WiFi test
+
+       // Tx & Rx Stream number selection
+       UCHAR                           TxStream;
+       UCHAR                           RxStream;
+
+       // transmit phy mode, trasmit rate for Multicast.
+#ifdef MCAST_RATE_SPECIFIC
+       UCHAR                           McastTransmitMcs;
+       UCHAR                           McastTransmitPhyMode;
+#endif // MCAST_RATE_SPECIFIC //
+
+       BOOLEAN                 bHardwareRadio;     // Hardware controlled Radio enabled
+
+
+
+       NDIS_SPIN_LOCK                  MeasureReqTabLock;
+       PMEASURE_REQ_TAB                pMeasureReqTab;
+
+       NDIS_SPIN_LOCK                  TpcReqTabLock;
+       PTPC_REQ_TAB                    pTpcReqTab;
+
+       // transmit phy mode, trasmit rate for Multicast.
+#ifdef MCAST_RATE_SPECIFIC
+       HTTRANSMIT_SETTING              MCastPhyMode;
+#endif // MCAST_RATE_SPECIFIC //
+
+#ifdef SINGLE_SKU
+       UINT16                                  DefineMaxTxPwr;
+#endif // SINGLE_SKU //
+
+
+       BOOLEAN                         PSPXlink;  // 0: Disable. 1: Enable
+
+
+#if defined(RT305x)||defined(RT30xx)
+       // request by Gary, for High Power issue
+       UCHAR   HighPowerPatchDisabled;
+#endif
+
+       BOOLEAN         HT_DisallowTKIP;                /* Restrict the encryption type in 11n HT mode */
+} COMMON_CONFIG, *PCOMMON_CONFIG;
+
+
+#ifdef CONFIG_STA_SUPPORT
+/* Modified by Wu Xi-Kun 4/21/2006 */
+// STA configuration and status
+typedef struct _STA_ADMIN_CONFIG {
+       // GROUP 1 -
+       //   User configuration loaded from Registry, E2PROM or OID_xxx. These settings describe
+       //   the user intended configuration, but not necessary fully equal to the final
+       //   settings in ACTIVE BSS after negotiation/compromize with the BSS holder (either
+       //   AP or IBSS holder).
+       //   Once initialized, user configuration can only be changed via OID_xxx
+       UCHAR       BssType;              // BSS_INFRA or BSS_ADHOC
+       USHORT      AtimWin;          // used when starting a new IBSS
+
+       // GROUP 2 -
+       //   User configuration loaded from Registry, E2PROM or OID_xxx. These settings describe
+       //   the user intended configuration, and should be always applied to the final
+       //   settings in ACTIVE BSS without compromising with the BSS holder.
+       //   Once initialized, user configuration can only be changed via OID_xxx
+       UCHAR       RssiTrigger;
+       UCHAR       RssiTriggerMode;      // RSSI_TRIGGERED_UPON_BELOW_THRESHOLD or RSSI_TRIGGERED_UPON_EXCCEED_THRESHOLD
+       USHORT      DefaultListenCount;   // default listen count;
+       ULONG       WindowsPowerMode;           // Power mode for AC power
+       ULONG       WindowsBatteryPowerMode;    // Power mode for battery if exists
+       BOOLEAN     bWindowsACCAMEnable;        // Enable CAM power mode when AC on
+       BOOLEAN     bAutoReconnect;         // Set to TRUE when setting OID_802_11_SSID with no matching BSSID
+       ULONG       WindowsPowerProfile;    // Windows power profile, for NDIS5.1 PnP
+
+       // MIB:ieee802dot11.dot11smt(1).dot11StationConfigTable(1)
+       USHORT      Psm;                  // power management mode   (PWR_ACTIVE|PWR_SAVE)
+       USHORT      DisassocReason;
+       UCHAR       DisassocSta[MAC_ADDR_LEN];
+       USHORT      DeauthReason;
+       UCHAR       DeauthSta[MAC_ADDR_LEN];
+       USHORT      AuthFailReason;
+       UCHAR       AuthFailSta[MAC_ADDR_LEN];
+
+       NDIS_802_11_PRIVACY_FILTER          PrivacyFilter;  // PrivacyFilter enum for 802.1X
+       NDIS_802_11_AUTHENTICATION_MODE     AuthMode;       // This should match to whatever microsoft defined
+       NDIS_802_11_WEP_STATUS              WepStatus;
+       NDIS_802_11_WEP_STATUS                          OrigWepStatus;  // Original wep status set from OID
+
+       // Add to support different cipher suite for WPA2/WPA mode
+       NDIS_802_11_ENCRYPTION_STATUS           GroupCipher;            // Multicast cipher suite
+       NDIS_802_11_ENCRYPTION_STATUS           PairCipher;                     // Unicast cipher suite
+       BOOLEAN                                                         bMixCipher;                     // Indicate current Pair & Group use different cipher suites
+       USHORT                                                          RsnCapability;
+
+       NDIS_802_11_WEP_STATUS              GroupKeyWepStatus;
+
+       UCHAR           WpaPassPhrase[64];              // WPA PSK pass phrase
+       UINT            WpaPassPhraseLen;               // the length of WPA PSK pass phrase
+       UCHAR           PMK[32];                // WPA PSK mode PMK
+       UCHAR       PTK[64];                // WPA PSK mode PTK
+       UCHAR           GTK[32];                                // GTK from authenticator
+       BSSID_INFO      SavedPMK[PMKID_NO];
+       UINT            SavedPMKNum;                    // Saved PMKID number
+
+       UCHAR           DefaultKeyId;
+
+
+       // WPA 802.1x port control, WPA_802_1X_PORT_SECURED, WPA_802_1X_PORT_NOT_SECURED
+       UCHAR       PortSecured;
+
+       // For WPA countermeasures
+       ULONG       LastMicErrorTime;   // record last MIC error time
+       ULONG       MicErrCnt;          // Should be 0, 1, 2, then reset to zero (after disassoiciation).
+       BOOLEAN     bBlockAssoc;        // Block associate attempt for 60 seconds after counter measure occurred.
+       // For WPA-PSK supplicant state
+       WPA_STATE   WpaState;           // Default is SS_NOTUSE and handled by microsoft 802.1x
+       UCHAR       ReplayCounter[8];
+       UCHAR       ANonce[32];         // ANonce for WPA-PSK from aurhenticator
+       UCHAR       SNonce[32];         // SNonce for WPA-PSK
+
+       UCHAR       LastSNR0;             // last received BEACON's SNR
+       UCHAR       LastSNR1;            // last received BEACON's SNR for 2nd  antenna
+       RSSI_SAMPLE RssiSample;
+       ULONG       NumOfAvgRssiSample;
+
+       ULONG       LastBeaconRxTime;     // OS's timestamp of the last BEACON RX time
+       ULONG       Last11bBeaconRxTime;  // OS's timestamp of the last 11B BEACON RX time
+       ULONG           Last11gBeaconRxTime;    // OS's timestamp of the last 11G BEACON RX time
+       ULONG           Last20NBeaconRxTime;    // OS's timestamp of the last 20MHz N BEACON RX time
+
+       ULONG       LastScanTime;       // Record last scan time for issue BSSID_SCAN_LIST
+       ULONG       ScanCnt;            // Scan counts since most recent SSID, BSSID, SCAN OID request
+       BOOLEAN     bSwRadio;           // Software controlled Radio On/Off, TRUE: On
+       BOOLEAN     bHwRadio;           // Hardware controlled Radio On/Off, TRUE: On
+       BOOLEAN     bRadio;             // Radio state, And of Sw & Hw radio state
+       BOOLEAN     bHardwareRadio;     // Hardware controlled Radio enabled
+       BOOLEAN     bShowHiddenSSID;    // Show all known SSID in SSID list get operation
+
+       // New for WPA, windows want us to to keep association information and
+       // Fixed IEs from last association response
+       NDIS_802_11_ASSOCIATION_INFORMATION     AssocInfo;
+       USHORT       ReqVarIELen;                // Length of next VIE include EID & Length
+       UCHAR       ReqVarIEs[MAX_VIE_LEN];             // The content saved here should be little-endian format.
+       USHORT       ResVarIELen;                // Length of next VIE include EID & Length
+       UCHAR       ResVarIEs[MAX_VIE_LEN];
+
+       UCHAR       RSNIE_Len;
+       UCHAR       RSN_IE[MAX_LEN_OF_RSNIE];   // The content saved here should be little-endian format.
+
+       ULONG               CLBusyBytes;                // Save the total bytes received durning channel load scan time
+       USHORT              RPIDensity[8];              // Array for RPI density collection
+
+       UCHAR               RMReqCnt;                   // Number of measurement request saved.
+       UCHAR               CurrentRMReqIdx;            // Number of measurement request saved.
+       BOOLEAN             ParallelReq;                // Parallel measurement, only one request performed,
+                                                                                                       // It must be the same channel with maximum duration
+       USHORT              ParallelDuration;           // Maximum duration for parallel measurement
+       UCHAR               ParallelChannel;            // Only one channel with parallel measurement
+       USHORT              IAPPToken;                  // IAPP dialog token
+       // Hack for channel load and noise histogram parameters
+       UCHAR               NHFactor;                   // Parameter for Noise histogram
+       UCHAR               CLFactor;                   // Parameter for channel load
+
+       RALINK_TIMER_STRUCT     StaQuickResponeForRateUpTimer;
+       BOOLEAN                         StaQuickResponeForRateUpTimerRunning;
+
+       UCHAR                   DtimCount;      // 0.. DtimPeriod-1
+       UCHAR                   DtimPeriod;     // default = 3
+
+#ifdef QOS_DLS_SUPPORT
+       RT_802_11_DLS           DLSEntry[MAX_NUM_OF_DLS_ENTRY];
+       UCHAR                           DlsReplayCounter[8];
+#endif // QOS_DLS_SUPPORT //
+       ////////////////////////////////////////////////////////////////////////////////////////
+       // This is only for WHQL test.
+       BOOLEAN                         WhqlTest;
+       ////////////////////////////////////////////////////////////////////////////////////////
+
+    RALINK_TIMER_STRUCT WpaDisassocAndBlockAssocTimer;
+    // Fast Roaming
+       BOOLEAN                 bAutoRoaming;       // 0:disable auto roaming by RSSI, 1:enable auto roaming by RSSI
+       CHAR                    dBmToRoam;          // the condition to roam when receiving Rssi less than this value. It's negative value.
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+    BOOLEAN             IEEE8021X;
+    BOOLEAN             IEEE8021x_required_keys;
+    CIPHER_KEY         DesireSharedKey[4];     // Record user desired WEP keys
+    UCHAR               DesireSharedKeyId;
+
+    // 0: driver ignores wpa_supplicant
+    // 1: wpa_supplicant initiates scanning and AP selection
+    // 2: driver takes care of scanning, AP selection, and IEEE 802.11 association parameters
+    UCHAR               WpaSupplicantUP;
+       UCHAR                           WpaSupplicantScanCount;
+       BOOLEAN                         bRSN_IE_FromWpaSupplicant;
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+    CHAR                dev_name[16];
+    USHORT              OriDevType;
+
+    BOOLEAN             bTGnWifiTest;
+       BOOLEAN                     bScanReqIsFromWebUI;
+
+       HTTRANSMIT_SETTING                              HTPhyMode, MaxHTPhyMode, MinHTPhyMode;// For transmit phy setting in TXWI.
+       DESIRED_TRANSMIT_SETTING        DesiredTransmitSetting;
+       RT_HT_PHY_INFO                                  DesiredHtPhyInfo;
+       BOOLEAN                                                 bAutoTxRateSwitch;
+
+#ifdef RTMP_MAC_PCI
+    UCHAR       BBPR3;
+       // PS Control has 2 meanings for advanced power save function.
+       // 1. EnablePSinIdle : When no connection, always radio off except need to do site survey.
+       // 2. EnableNewPS  : will save more current in sleep or radio off mode.
+       PS_CONTROL                              PSControl;
+#endif // RTMP_MAC_PCI //
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+       UCHAR                           IEEE80211dClientMode;
+       UCHAR                           StaOriCountryCode[3];
+       UCHAR                           StaOriGeography;
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+
+
+       BOOLEAN                         bAutoConnectByBssid;
+       ULONG                           BeaconLostTime; // seconds
+       BOOLEAN                 bForceTxBurst;          // 1: force enble TX PACKET BURST, 0: disable
+} STA_ADMIN_CONFIG, *PSTA_ADMIN_CONFIG;
+
+// This data structure keep the current active BSS/IBSS's configuration that this STA
+// had agreed upon joining the network. Which means these parameters are usually decided
+// by the BSS/IBSS creator instead of user configuration. Data in this data structurre
+// is valid only when either ADHOC_ON(pAd) or INFRA_ON(pAd) is TRUE.
+// Normally, after SCAN or failed roaming attempts, we need to recover back to
+// the current active settings.
+typedef struct _STA_ACTIVE_CONFIG {
+       USHORT      Aid;
+       USHORT      AtimWin;                // in kusec; IBSS parameter set element
+       USHORT      CapabilityInfo;
+       USHORT      CfpMaxDuration;
+       USHORT      CfpPeriod;
+
+       // Copy supported rate from desired AP's beacon. We are trying to match
+       // AP's supported and extended rate settings.
+       UCHAR       SupRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR       ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR       SupRateLen;
+       UCHAR       ExtRateLen;
+       // Copy supported ht from desired AP's beacon. We are trying to match
+       RT_HT_PHY_INFO          SupportedPhyInfo;
+       RT_HT_CAPABILITY        SupportedHtPhy;
+} STA_ACTIVE_CONFIG, *PSTA_ACTIVE_CONFIG;
+
+
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+typedef struct _MAC_TABLE_ENTRY {
+       //Choose 1 from ValidAsWDS and ValidAsCLI  to validize.
+       BOOLEAN         ValidAsCLI;             // Sta mode, set this TRUE after Linkup,too.
+       BOOLEAN         ValidAsWDS;     // This is WDS Entry. only for AP mode.
+       BOOLEAN         ValidAsApCli;   //This is a AP-Client entry, only for AP mode which enable AP-Client functions.
+       BOOLEAN         ValidAsMesh;
+       BOOLEAN         ValidAsDls;     // This is DLS Entry. only for STA mode.
+       BOOLEAN         isCached;
+       BOOLEAN         bIAmBadAtheros; // Flag if this is Atheros chip that has IOT problem.  We need to turn on RTS/CTS protection.
+
+       UCHAR           EnqueueEapolStartTimerRunning;  // Enqueue EAPoL-Start for triggering EAP SM
+       //jan for wpa
+       // record which entry revoke MIC Failure , if it leaves the BSS itself, AP won't update aMICFailTime MIB
+       UCHAR           CMTimerRunning;
+       UCHAR           apidx;                  // MBSS number
+       UCHAR           RSNIE_Len;
+       UCHAR           RSN_IE[MAX_LEN_OF_RSNIE];
+       UCHAR           ANonce[LEN_KEY_DESC_NONCE];
+       UCHAR           SNonce[LEN_KEY_DESC_NONCE];
+       UCHAR           R_Counter[LEN_KEY_DESC_REPLAY];
+       UCHAR           PTK[64];
+       UCHAR           ReTryCounter;
+       RALINK_TIMER_STRUCT                 RetryTimer;
+       RALINK_TIMER_STRUCT                                     EnqueueStartForPSKTimer;        // A timer which enqueue EAPoL-Start for triggering PSK SM
+       NDIS_802_11_AUTHENTICATION_MODE     AuthMode;   // This should match to whatever microsoft defined
+       NDIS_802_11_WEP_STATUS              WepStatus;
+       NDIS_802_11_WEP_STATUS              GroupKeyWepStatus;
+       AP_WPA_STATE    WpaState;
+       GTK_STATE       GTKState;
+       USHORT          PortSecured;
+       NDIS_802_11_PRIVACY_FILTER  PrivacyFilter;      // PrivacyFilter enum for 802.1X
+       CIPHER_KEY      PairwiseKey;
+       PVOID           pAd;
+       INT                             PMKID_CacheIdx;
+       UCHAR                   PMKID[LEN_PMKID];
+
+
+       UCHAR           Addr[MAC_ADDR_LEN];
+       UCHAR           PsMode;
+       SST             Sst;
+       AUTH_STATE      AuthState; // for SHARED KEY authentication state machine used only
+       BOOLEAN                 IsReassocSta;   // Indicate whether this is a reassociation procedure
+       USHORT          Aid;
+       USHORT          CapabilityInfo;
+       UCHAR           LastRssi;
+       ULONG           NoDataIdleCount;
+       UINT16                  StationKeepAliveCount; // unit: second
+       ULONG           PsQIdleCount;
+       QUEUE_HEADER    PsQueue;
+
+       UINT32                  StaConnectTime;         // the live time of this station since associated with AP
+
+
+#ifdef DOT11_N_SUPPORT
+       BOOLEAN                 bSendBAR;
+       USHORT                  NoBADataCountDown;
+
+       UINT32                  CachedBuf[16];          // UINT (4 bytes) for alignment
+       UINT                    TxBFCount; // 3*3
+#endif // DOT11_N_SUPPORT //
+       UINT                    FIFOCount;
+       UINT                    DebugFIFOCount;
+       UINT                    DebugTxCount;
+    BOOLEAN                    bDlsInit;
+
+
+//====================================================
+//WDS entry needs these
+// if ValidAsWDS==TRUE, MatchWDSTabIdx is the index in WdsTab.MacTab
+       UINT                    MatchWDSTabIdx;
+       UCHAR           MaxSupportedRate;
+       UCHAR           CurrTxRate;
+       UCHAR           CurrTxRateIndex;
+       // to record the each TX rate's quality. 0 is best, the bigger the worse.
+       USHORT          TxQuality[MAX_STEP_OF_TX_RATE_SWITCH];
+//     USHORT          OneSecTxOkCount;
+       UINT32                  OneSecTxNoRetryOkCount;
+       UINT32          OneSecTxRetryOkCount;
+       UINT32          OneSecTxFailCount;
+       UINT32                  ContinueTxFailCnt;
+       UINT32          CurrTxRateStableTime; // # of second in current TX rate
+       UCHAR           TxRateUpPenalty;      // extra # of second penalty due to last unstable condition
+#ifdef WDS_SUPPORT
+       BOOLEAN         LockEntryTx; // TRUE = block to WDS Entry traffic, FALSE = not.
+       UINT32          TimeStamp_toTxRing;
+#endif // WDS_SUPPORT //
+
+//====================================================
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+       UINT                    MatchDlsEntryIdx; // indicate the index in pAd->StaCfg.DLSEntry
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+       BOOLEAN         fNoisyEnvironment;
+       BOOLEAN                 fLastSecAccordingRSSI;
+       UCHAR           LastSecTxRateChangeAction; // 0: no change, 1:rate UP, 2:rate down
+       CHAR                    LastTimeTxRateChangeAction; //Keep last time value of LastSecTxRateChangeAction
+       ULONG                   LastTxOkCount;
+       UCHAR           PER[MAX_STEP_OF_TX_RATE_SWITCH];
+
+       // a bitmap of BOOLEAN flags. each bit represent an operation status of a particular
+       // BOOLEAN control, either ON or OFF. These flags should always be accessed via
+       // CLIENT_STATUS_TEST_FLAG(), CLIENT_STATUS_SET_FLAG(), CLIENT_STATUS_CLEAR_FLAG() macros.
+       // see fOP_STATUS_xxx in RTMP_DEF.C for detail bit definition. fCLIENT_STATUS_AMSDU_INUSED
+       ULONG           ClientStatusFlags;
+
+       HTTRANSMIT_SETTING      HTPhyMode, MaxHTPhyMode, MinHTPhyMode;// For transmit phy setting in TXWI.
+
+#ifdef DOT11_N_SUPPORT
+       // HT EWC MIMO-N used parameters
+       USHORT          RXBAbitmap;     // fill to on-chip  RXWI_BA_BITMASK in 8.1.3RX attribute entry format
+       USHORT          TXBAbitmap;     // This bitmap as originator, only keep in software used to mark AMPDU bit in TXWI
+       USHORT          TXAutoBAbitmap;
+       USHORT          BADeclineBitmap;
+       USHORT          BARecWcidArray[NUM_OF_TID];     // The mapping wcid of recipient session. if RXBAbitmap bit is masked
+       USHORT          BAOriWcidArray[NUM_OF_TID]; // The mapping wcid of originator session. if TXBAbitmap bit is masked
+       USHORT          BAOriSequence[NUM_OF_TID]; // The mapping wcid of originator session. if TXBAbitmap bit is masked
+
+       // 802.11n features.
+       UCHAR           MpduDensity;
+       UCHAR           MaxRAmpduFactor;
+       UCHAR           AMsduSize;
+       UCHAR           MmpsMode;       // MIMO power save more.
+
+       HT_CAPABILITY_IE                HTCapability;
+
+#ifdef DOT11N_DRAFT3
+       UCHAR           BSS2040CoexistenceMgmtSupport;
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+       BOOLEAN         bAutoTxRateSwitch;
+
+       UCHAR       RateLen;
+       struct _MAC_TABLE_ENTRY *pNext;
+    USHORT      TxSeq[NUM_OF_TID];
+       USHORT          NonQosDataSeq;
+
+       RSSI_SAMPLE     RssiSample;
+
+       UINT32                  TXMCSExpected[16];
+       UINT32                  TXMCSSuccessful[16];
+       UINT32                  TXMCSFailed[16];
+       UINT32                  TXMCSAutoFallBack[16][16];
+
+#ifdef CONFIG_STA_SUPPORT
+       ULONG                   LastBeaconRxTime;
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+       ULONG AssocDeadLine;
+
+
+
+       ULONG ChannelQuality;  // 0..100, Channel Quality Indication for Roaming
+
+} MAC_TABLE_ENTRY, *PMAC_TABLE_ENTRY;
+
+typedef struct _MAC_TABLE {
+       USHORT                  Size;
+       MAC_TABLE_ENTRY *Hash[HASH_TABLE_SIZE];
+       MAC_TABLE_ENTRY Content[MAX_LEN_OF_MAC_TABLE];
+       QUEUE_HEADER    McastPsQueue;
+       ULONG           PsQIdleCount;
+       BOOLEAN         fAnyStationInPsm;
+       BOOLEAN         fAnyStationBadAtheros;  // Check if any Station is atheros 802.11n Chip.  We need to use RTS/CTS with Atheros 802,.11n chip.
+       BOOLEAN                 fAnyTxOPForceDisable;   // Check if it is necessary to disable BE TxOP
+       BOOLEAN                 fAllStationAsRalink;    // Check if all stations are ralink-chipset
+#ifdef DOT11_N_SUPPORT
+       BOOLEAN         fAnyStationIsLegacy;    // Check if I use legacy rate to transmit to my BSS Station/
+       BOOLEAN         fAnyStationNonGF;               // Check if any Station can't support GF.
+       BOOLEAN         fAnyStation20Only;              // Check if any Station can't support GF.
+       BOOLEAN                 fAnyStationMIMOPSDynamic; // Check if any Station is MIMO Dynamic
+       BOOLEAN         fAnyBASession;   // Check if there is BA session.  Force turn on RTS/CTS
+//2008/10/28: KH add to support Antenna power-saving of AP<--
+//2008/10/28: KH add to support Antenna power-saving of AP-->
+#endif // DOT11_N_SUPPORT //
+} MAC_TABLE, *PMAC_TABLE;
+
+
+
+
+#ifdef BLOCK_NET_IF
+typedef struct _BLOCK_QUEUE_ENTRY
+{
+       BOOLEAN SwTxQueueBlockFlag;
+       LIST_HEADER NetIfList;
+} BLOCK_QUEUE_ENTRY, *PBLOCK_QUEUE_ENTRY;
+#endif // BLOCK_NET_IF //
+
+
+struct wificonf
+{
+       BOOLEAN bShortGI;
+       BOOLEAN bGreenField;
+};
+
+
+typedef struct _RTMP_DEV_INFO_
+{
+       UCHAR                   chipName[16];
+       RTMP_INF_TYPE   infType;
+}RTMP_DEV_INFO;
+
+
+#ifdef DBG_DIAGNOSE
+#define DIAGNOSE_TIME  10   // 10 sec
+typedef struct _RtmpDiagStrcut_
+{      // Diagnosis Related element
+       unsigned char           inited;
+       unsigned char   qIdx;
+       unsigned char   ArrayStartIdx;
+       unsigned char           ArrayCurIdx;
+       // Tx Related Count
+       USHORT                  TxDataCnt[DIAGNOSE_TIME];
+       USHORT                  TxFailCnt[DIAGNOSE_TIME];
+//     USHORT                  TxDescCnt[DIAGNOSE_TIME][16];           // TxDesc queue length in scale of 0~14, >=15
+       USHORT                  TxDescCnt[DIAGNOSE_TIME][24]; // 3*3    // TxDesc queue length in scale of 0~14, >=15
+//     USHORT                  TxMcsCnt[DIAGNOSE_TIME][16];                    // TxDate MCS Count in range from 0 to 15, step in 1.
+       USHORT                  TxMcsCnt[DIAGNOSE_TIME][24]; // 3*3
+       USHORT                  TxSWQueCnt[DIAGNOSE_TIME][9];           // TxSwQueue length in scale of 0, 1, 2, 3, 4, 5, 6, 7, >=8
+
+       USHORT                  TxAggCnt[DIAGNOSE_TIME];
+       USHORT                  TxNonAggCnt[DIAGNOSE_TIME];
+//     USHORT                  TxAMPDUCnt[DIAGNOSE_TIME][16];          // 10 sec, TxDMA APMDU Aggregation count in range from 0 to 15, in setp of 1.
+       USHORT                  TxAMPDUCnt[DIAGNOSE_TIME][24]; // 3*3 // 10 sec, TxDMA APMDU Aggregation count in range from 0 to 15, in setp of 1.
+       USHORT                  TxRalinkCnt[DIAGNOSE_TIME];                     // TxRalink Aggregation Count in 1 sec scale.
+       USHORT                  TxAMSDUCnt[DIAGNOSE_TIME];                      // TxAMSUD Aggregation Count in 1 sec scale.
+
+       // Rx Related Count
+       USHORT                  RxDataCnt[DIAGNOSE_TIME];                       // Rx Total Data count.
+       USHORT                  RxCrcErrCnt[DIAGNOSE_TIME];
+//     USHORT                  RxMcsCnt[DIAGNOSE_TIME][16];            // Rx MCS Count in range from 0 to 15, step in 1.
+       USHORT                  RxMcsCnt[DIAGNOSE_TIME][24]; // 3*3
+}RtmpDiagStruct;
+#endif // DBG_DIAGNOSE //
+
+
+struct _RTMP_CHIP_OP_
+{
+       /*  Calibration access related callback functions */
+       int (*eeinit)(RTMP_ADAPTER *pAd);                                                                               /* int (*eeinit)(RTMP_ADAPTER *pAd); */
+       int (*eeread)(RTMP_ADAPTER *pAd, USHORT offset, PUSHORT pValue);                                /* int (*eeread)(RTMP_ADAPTER *pAd, int offset, PUSHORT pValue); */
+       int (*eewrite)(RTMP_ADAPTER *pAd, USHORT offset, USHORT value);;                                /* int (*eewrite)(RTMP_ADAPTER *pAd, int offset, USHORT value); */
+
+       /* MCU related callback functions */
+       int (*loadFirmware)(RTMP_ADAPTER *pAd);                                                         /* int (*loadFirmware)(RTMP_ADAPTER *pAd); */
+       int (*eraseFirmware)(RTMP_ADAPTER *pAd);                                                                /* int (*eraseFirmware)(RTMP_ADAPTER *pAd); */
+       int (*sendCommandToMcu)(RTMP_ADAPTER *pAd, UCHAR cmd, UCHAR token, UCHAR arg0, UCHAR arg1);;    /* int (*sendCommandToMcu)(RTMP_ADAPTER *pAd, UCHAR cmd, UCHAR token, UCHAR arg0, UCHAR arg1); */
+
+       /* RF access related callback functions */
+       REG_PAIR *pRFRegTable;
+       void (*AsicRfInit)(RTMP_ADAPTER *pAd);
+       void (*AsicRfTurnOn)(RTMP_ADAPTER *pAd);
+       void (*AsicRfTurnOff)(RTMP_ADAPTER *pAd);
+       void (*AsicReverseRfFromSleepMode)(RTMP_ADAPTER *pAd);
+       void (*AsicHaltAction)(RTMP_ADAPTER *pAd);
+};
+
+
+//
+//  The miniport adapter structure
+//
+struct _RTMP_ADAPTER
+{
+       PVOID                                   OS_Cookie;      // save specific structure relative to OS
+       PNET_DEV                                net_dev;
+       ULONG                                   VirtualIfCnt;
+
+       RTMP_CHIP_OP                    chipOps;
+       USHORT                                  ThisTbttNumToNextWakeUp;
+
+#ifdef INF_AMAZON_PPA
+       UINT32  g_if_id;
+       BOOLEAN PPAEnable;
+       PPA_DIRECTPATH_CB       *pDirectpathCb;
+#endif // INF_AMAZON_PPA //
+
+#ifdef RTMP_MAC_PCI
+/*****************************************************************************************/
+/*      PCI related parameters                                                                                                                           */
+/*****************************************************************************************/
+       PUCHAR                  CSRBaseAddress;     // PCI MMIO Base Address, all access will use
+       unsigned int                    irq_num;
+
+       USHORT                      LnkCtrlBitMask;
+       USHORT                      RLnkCtrlConfiguration;
+       USHORT                  RLnkCtrlOffset;
+       USHORT                      HostLnkCtrlConfiguration;
+       USHORT                  HostLnkCtrlOffset;
+       USHORT                      PCIePowerSaveLevel;
+       ULONG                           Rt3xxHostLinkCtrl;      // USed for 3090F chip
+       ULONG                           Rt3xxRalinkLinkCtrl;    // USed for 3090F chip
+       USHORT                          DeviceID;           // Read from PCI config
+       ULONG                           AccessBBPFailCount;
+       BOOLEAN                                 bPCIclkOff;                                             // flag that indicate if the PICE power status in Configuration SPace..
+       BOOLEAN                                 bPCIclkOffDisableTx;                    //
+
+       BOOLEAN                                 brt30xxBanMcuCmd;       //when = 0xff means all commands are ok to set .
+       BOOLEAN                                 b3090ESpecialChip;      //3090E special chip that write EEPROM 0x24=0x9280.
+       ULONG                                   CheckDmaBusyCount;  // Check Interrupt Status Register Count.
+
+       UINT                                    int_enable_reg;
+       UINT                                    int_disable_mask;
+       UINT                                    int_pending;
+
+
+       RTMP_DMABUF             TxBufSpace[NUM_OF_TX_RING]; // Shared memory of all 1st pre-allocated TxBuf associated with each TXD
+       RTMP_DMABUF             RxDescRing;                 // Shared memory for RX descriptors
+       RTMP_DMABUF             TxDescRing[NUM_OF_TX_RING];     // Shared memory for Tx descriptors
+       RTMP_TX_RING            TxRing[NUM_OF_TX_RING];         // AC0~4 + HCCA
+#endif // RTMP_MAC_PCI //
+
+
+       NDIS_SPIN_LOCK          irq_lock;
+       UCHAR                           irq_disabled;
+
+
+/*****************************************************************************************/
+/*      RBUS related parameters                                                                                                                                  */
+/*****************************************************************************************/
+
+
+/*****************************************************************************************/
+/*      Both PCI/USB related parameters                                                                                                                  */
+/*****************************************************************************************/
+       //RTMP_DEV_INFO                 chipInfo;
+       RTMP_INF_TYPE                   infType;
+
+/*****************************************************************************************/
+/*      Driver Mgmt related parameters                                                                                                           */
+/*****************************************************************************************/
+       RTMP_OS_TASK                    mlmeTask;
+#ifdef RTMP_TIMER_TASK_SUPPORT
+       // If you want use timer task to handle the timer related jobs, enable this.
+       RTMP_TIMER_TASK_QUEUE   TimerQ;
+       NDIS_SPIN_LOCK                  TimerQLock;
+       RTMP_OS_TASK                    timerTask;
+#endif // RTMP_TIMER_TASK_SUPPORT //
+
+
+/*****************************************************************************************/
+/*      Tx related parameters                                                           */
+/*****************************************************************************************/
+       BOOLEAN                 DeQueueRunning[NUM_OF_TX_RING];  // for ensuring RTUSBDeQueuePacket get call once
+       NDIS_SPIN_LOCK          DeQueueLock[NUM_OF_TX_RING];
+
+
+       // resource for software backlog queues
+       QUEUE_HEADER            TxSwQueue[NUM_OF_TX_RING];  // 4 AC + 1 HCCA
+       NDIS_SPIN_LOCK          TxSwQueueLock[NUM_OF_TX_RING];  // TxSwQueue spinlock
+
+       RTMP_DMABUF             MgmtDescRing;                   // Shared memory for MGMT descriptors
+       RTMP_MGMT_RING          MgmtRing;
+       NDIS_SPIN_LOCK          MgmtRingLock;                   // Prio Ring spinlock
+
+
+/*****************************************************************************************/
+/*      Rx related parameters                                                           */
+/*****************************************************************************************/
+
+#ifdef RTMP_MAC_PCI
+       RTMP_RX_RING            RxRing;
+       NDIS_SPIN_LOCK          RxRingLock;                 // Rx Ring spinlock
+#ifdef RT3090
+       NDIS_SPIN_LOCK          McuCmdLock;              //MCU Command Queue spinlock
+#endif // RT3090 //
+#endif // RTMP_MAC_PCI //
+
+
+
+/*****************************************************************************************/
+/*      ASIC related parameters                                                          */
+/*****************************************************************************************/
+       UINT32                  MACVersion;             // MAC version. Record rt2860C(0x28600100) or rt2860D (0x28600101)..
+
+       // ---------------------------
+       // E2PROM
+       // ---------------------------
+       ULONG                           EepromVersion;          // byte 0: version, byte 1: revision, byte 2~3: unused
+       ULONG                           FirmwareVersion;        // byte 0: Minor version, byte 1: Major version, otherwise unused.
+       USHORT                          EEPROMDefaultValue[NUM_EEPROM_BBP_PARMS];
+       UCHAR                           EEPROMAddressNum;       // 93c46=6  93c66=8
+       BOOLEAN                         EepromAccess;
+       UCHAR                           EFuseTag;
+
+
+       // ---------------------------
+       // BBP Control
+       // ---------------------------
+#ifdef MERGE_ARCH_TEAM
+       UCHAR                   BbpWriteLatch[256];     // record last BBP register value written via BBP_IO_WRITE/BBP_IO_WRITE_VY_REG_ID
+#else
+       UCHAR                   BbpWriteLatch[140];     // record last BBP register value written via BBP_IO_WRITE/BBP_IO_WRITE_VY_REG_ID
+#endif // MERGE_ARCH_TEAM //
+       CHAR                                    BbpRssiToDbmDelta;              // change from UCHAR to CHAR for high power
+       BBP_R66_TUNING          BbpTuning;
+
+       // ----------------------------
+       // RFIC control
+       // ----------------------------
+       UCHAR                   RfIcType;       // RFIC_xxx
+       ULONG                   RfFreqOffset;   // Frequency offset for channel switching
+       RTMP_RF_REGS            LatchRfRegs;    // latch th latest RF programming value since RF IC doesn't support READ
+
+       EEPROM_ANTENNA_STRUC    Antenna;                            // Since ANtenna definition is different for a & g. We need to save it for future reference.
+       EEPROM_NIC_CONFIG2_STRUC    NicConfig2;
+
+       // This soft Rx Antenna Diversity mechanism is used only when user set
+       // RX Antenna = DIVERSITY ON
+       SOFT_RX_ANT_DIVERSITY   RxAnt;
+
+       UCHAR                   RFProgSeq;
+       CHANNEL_TX_POWER        TxPower[MAX_NUM_OF_CHANNELS];       // Store Tx power value for all channels.
+       CHANNEL_TX_POWER        ChannelList[MAX_NUM_OF_CHANNELS];   // list all supported channels for site survey
+       CHANNEL_11J_TX_POWER    TxPower11J[MAX_NUM_OF_11JCHANNELS];       // 802.11j channel and bw
+       CHANNEL_11J_TX_POWER    ChannelList11J[MAX_NUM_OF_11JCHANNELS];   // list all supported channels for site survey
+
+       UCHAR                   ChannelListNum;                     // number of channel in ChannelList[]
+       UCHAR                                   Bbp94;
+       BOOLEAN                                 BbpForCCK;
+       ULONG           Tx20MPwrCfgABand[5];
+       ULONG           Tx20MPwrCfgGBand[5];
+       ULONG           Tx40MPwrCfgABand[5];
+       ULONG           Tx40MPwrCfgGBand[5];
+
+       BOOLEAN     bAutoTxAgcA;                // Enable driver auto Tx Agc control
+       UCHAR       TssiRefA;                                   // Store Tssi reference value as 25 temperature.
+       UCHAR       TssiPlusBoundaryA[5];               // Tssi boundary for increase Tx power to compensate.
+       UCHAR       TssiMinusBoundaryA[5];              // Tssi boundary for decrease Tx power to compensate.
+       UCHAR       TxAgcStepA;                                 // Store Tx TSSI delta increment / decrement value
+       CHAR            TxAgcCompensateA;                       // Store the compensation (TxAgcStep * (idx-1))
+
+       BOOLEAN     bAutoTxAgcG;                // Enable driver auto Tx Agc control
+       UCHAR       TssiRefG;                                   // Store Tssi reference value as 25 temperature.
+       UCHAR       TssiPlusBoundaryG[5];               // Tssi boundary for increase Tx power to compensate.
+       UCHAR       TssiMinusBoundaryG[5];              // Tssi boundary for decrease Tx power to compensate.
+       UCHAR       TxAgcStepG;                                 // Store Tx TSSI delta increment / decrement value
+       CHAR            TxAgcCompensateG;                       // Store the compensation (TxAgcStep * (idx-1))
+
+       CHAR            BGRssiOffset0;                          // Store B/G RSSI#0 Offset value on EEPROM 0x46h
+       CHAR            BGRssiOffset1;                          // Store B/G RSSI#1 Offset value
+       CHAR            BGRssiOffset2;                          // Store B/G RSSI#2 Offset value
+
+       CHAR            ARssiOffset0;                           // Store A RSSI#0 Offset value on EEPROM 0x4Ah
+       CHAR            ARssiOffset1;                           // Store A RSSI#1 Offset value
+       CHAR            ARssiOffset2;                           // Store A RSSI#2 Offset value
+
+       CHAR            BLNAGain;                                       // Store B/G external LNA#0 value on EEPROM 0x44h
+       CHAR            ALNAGain0;                                      // Store A external LNA#0 value for ch36~64
+       CHAR            ALNAGain1;                                      // Store A external LNA#1 value for ch100~128
+       CHAR            ALNAGain2;                                      // Store A external LNA#2 value for ch132~165
+#ifdef RT30xx
+       // for 3572
+       UCHAR           Bbp25;
+       UCHAR           Bbp26;
+
+       UCHAR           TxMixerGain24G;                         // Tx mixer gain value from EEPROM to improve Tx EVM / Tx DAC, 2.4G
+       UCHAR           TxMixerGain5G;
+#endif // RT30xx //
+       // ----------------------------
+       // LED control
+       // ----------------------------
+       MCU_LEDCS_STRUC         LedCntl;
+       USHORT                          Led1;   // read from EEPROM 0x3c
+       USHORT                          Led2;   // EEPROM 0x3e
+       USHORT                          Led3;   // EEPROM 0x40
+       UCHAR                           LedIndicatorStrength;
+       UCHAR                           RssiSingalstrengthOffet;
+       BOOLEAN                         bLedOnScanning;
+       UCHAR                           LedStatus;
+
+/*****************************************************************************************/
+/*      802.11 related parameters                                                        */
+/*****************************************************************************************/
+       // outgoing BEACON frame buffer and corresponding TXD
+       TXWI_STRUC                      BeaconTxWI;
+       PUCHAR                                          BeaconBuf;
+       USHORT                                          BeaconOffset[HW_BEACON_MAX_COUNT];
+
+       // pre-build PS-POLL and NULL frame upon link up. for efficiency purpose.
+       PSPOLL_FRAME                    PsPollFrame;
+       HEADER_802_11                   NullFrame;
+
+
+
+
+//=========AP===========
+
+
+//=======STA===========
+#ifdef CONFIG_STA_SUPPORT
+       // -----------------------------------------------
+       // STA specific configuration & operation status
+       // used only when pAd->OpMode == OPMODE_STA
+       // -----------------------------------------------
+       STA_ADMIN_CONFIG        StaCfg;         // user desired settings
+       STA_ACTIVE_CONFIG       StaActive;              // valid only when ADHOC_ON(pAd) || INFRA_ON(pAd)
+       CHAR                    nickname[IW_ESSID_MAX_SIZE+1]; // nickname, only used in the iwconfig i/f
+       NDIS_MEDIA_STATE        PreMediaState;
+#endif // CONFIG_STA_SUPPORT //
+
+//=======Common===========
+       // OP mode: either AP or STA
+       UCHAR                   OpMode;                     // OPMODE_STA, OPMODE_AP
+
+       NDIS_MEDIA_STATE        IndicateMediaState;                     // Base on Indication state, default is NdisMediaStateDisConnected
+
+
+       /* MAT related parameters */
+
+       // configuration: read from Registry & E2PROM
+       BOOLEAN                 bLocalAdminMAC;             // Use user changed MAC
+       UCHAR                   PermanentAddress[MAC_ADDR_LEN];    // Factory default MAC address
+       UCHAR                   CurrentAddress[MAC_ADDR_LEN];      // User changed MAC address
+
+       // ------------------------------------------------------
+       // common configuration to both OPMODE_STA and OPMODE_AP
+       // ------------------------------------------------------
+       COMMON_CONFIG           CommonCfg;
+       MLME_STRUCT             Mlme;
+
+       // AP needs those vaiables for site survey feature.
+       MLME_AUX                MlmeAux;           // temporary settings used during MLME state machine
+       BSS_TABLE               ScanTab;           // store the latest SCAN result
+
+       //About MacTab, the sta driver will use #0 and #1 for multicast and AP.
+       MAC_TABLE                 MacTab;     // ASIC on-chip WCID entry table.  At TX, ASIC always use key according to this on-chip table.
+       NDIS_SPIN_LOCK          MacTabLock;
+
+#ifdef DOT11_N_SUPPORT
+       BA_TABLE                        BATable;
+       NDIS_SPIN_LOCK          BATabLock;
+       RALINK_TIMER_STRUCT RECBATimer;
+#endif // DOT11_N_SUPPORT //
+
+       // encryption/decryption KEY tables
+       CIPHER_KEY              SharedKey[MAX_MBSSID_NUM][4]; // STA always use SharedKey[BSS0][0..3]
+
+       // RX re-assembly buffer for fragmentation
+       FRAGMENT_FRAME          FragFrame;                  // Frame storage for fragment frame
+
+       // various Counters
+       COUNTER_802_3           Counters8023;               // 802.3 counters
+       COUNTER_802_11          WlanCounters;               // 802.11 MIB counters
+       COUNTER_RALINK          RalinkCounters;             // Ralink propriety counters
+       COUNTER_DRS             DrsCounters;                // counters for Dynamic TX Rate Switching
+       PRIVATE_STRUC           PrivateInfo;                // Private information & counters
+
+       // flags, see fRTMP_ADAPTER_xxx flags
+       ULONG                   Flags;                      // Represent current device status
+       ULONG                   PSFlags;                    // Power Save operation flag.
+
+       // current TX sequence #
+       USHORT                  Sequence;
+
+       // Control disconnect / connect event generation
+       //+++Didn't used anymore
+       ULONG                   LinkDownTime;
+       //---
+       ULONG                   LastRxRate;
+       ULONG                   LastTxRate;
+       //+++Used only for Station
+       BOOLEAN                 bConfigChanged;         // Config Change flag for the same SSID setting
+       //---
+
+       ULONG                   ExtraInfo;              // Extra information for displaying status
+       ULONG                   SystemErrorBitmap;      // b0: E2PROM version error
+
+       //+++Didn't used anymore
+       ULONG                   MacIcVersion;           // MAC/BBP serial interface issue solved after ver.D
+       //---
+
+       // ---------------------------
+       // System event log
+       // ---------------------------
+       RT_802_11_EVENT_TABLE   EventTab;
+
+
+       BOOLEAN         HTCEnable;
+
+       /*****************************************************************************************/
+       /*      Statistic related parameters                                                     */
+       /*****************************************************************************************/
+
+       BOOLEAN                                         bUpdateBcnCntDone;
+       ULONG                                           watchDogMacDeadlock;    // prevent MAC/BBP into deadlock condition
+       // ----------------------------
+       // DEBUG paramerts
+       // ----------------------------
+       //ULONG         DebugSetting[4];
+       BOOLEAN         bBanAllBaSetup;
+       BOOLEAN         bPromiscuous;
+
+       // ----------------------------
+       // rt2860c emulation-use Parameters
+       // ----------------------------
+       //ULONG         rtsaccu[30];
+       //ULONG         ctsaccu[30];
+       //ULONG         cfendaccu[30];
+       //ULONG         bacontent[16];
+       //ULONG         rxint[RX_RING_SIZE+1];
+       //UCHAR         rcvba[60];
+       BOOLEAN         bLinkAdapt;
+       BOOLEAN         bForcePrintTX;
+       BOOLEAN         bForcePrintRX;
+       //BOOLEAN               bDisablescanning;               //defined in RT2870 USB
+       BOOLEAN         bStaFifoTest;
+       BOOLEAN         bProtectionTest;
+       /*
+       BOOLEAN         bHCCATest;
+       BOOLEAN         bGenOneHCCA;
+       */
+       BOOLEAN         bBroadComHT;
+       //+++Following add from RT2870 USB.
+       ULONG           BulkOutReq;
+       ULONG           BulkOutComplete;
+       ULONG           BulkOutCompleteOther;
+       ULONG           BulkOutCompleteCancel;  // seems not use now?
+       ULONG           BulkInReq;
+       ULONG           BulkInComplete;
+       ULONG           BulkInCompleteFail;
+       //---
+
+    struct wificonf                    WIFItestbed;
+
+#ifdef RALINK_ATE
+       ATE_INFO                                ate;
+#endif // RALINK_ATE //
+
+#ifdef DOT11_N_SUPPORT
+       struct reordering_mpdu_pool mpdu_blk_pool;
+#endif // DOT11_N_SUPPORT //
+
+       ULONG                                   OneSecondnonBEpackets;          // record non BE packets per second
+
+#ifdef LINUX
+#if WIRELESS_EXT >= 12
+    struct iw_statistics    iw_stats;
+#endif
+
+       struct net_device_stats stats;
+#endif // LINUX //
+
+#ifdef BLOCK_NET_IF
+       BLOCK_QUEUE_ENTRY               blockQueueTab[NUM_OF_TX_RING];
+#endif // BLOCK_NET_IF //
+
+
+
+#ifdef MULTIPLE_CARD_SUPPORT
+       INT32                                   MC_RowID;
+       STRING                                  MC_FileName[256];
+#endif // MULTIPLE_CARD_SUPPORT //
+
+       ULONG                                   TbttTickCount;
+#ifdef PCI_MSI_SUPPORT
+       BOOLEAN                                 HaveMsi;
+#endif // PCI_MSI_SUPPORT //
+
+
+       UCHAR                                   is_on;
+
+#define TIME_BASE                      (1000000/OS_HZ)
+#define TIME_ONE_SECOND                (1000000/TIME_BASE)
+       UCHAR                                   flg_be_adjust;
+       ULONG                                   be_adjust_last_time;
+
+#ifdef NINTENDO_AP
+       NINDO_CTRL_BLOCK                nindo_ctrl_block;
+#endif // NINTENDO_AP //
+
+
+#ifdef IKANOS_VX_1X0
+       struct IKANOS_TX_INFO   IkanosTxInfo;
+       struct IKANOS_TX_INFO   IkanosRxInfo[MAX_MBSSID_NUM + MAX_WDS_ENTRY + MAX_APCLI_NUM + MAX_MESH_NUM];
+#endif // IKANOS_VX_1X0 //
+
+
+#ifdef DBG_DIAGNOSE
+       RtmpDiagStruct  DiagStruct;
+#endif // DBG_DIAGNOSE //
+
+
+       UINT8                                   FlgCtsEnabled;
+       UINT8                                   PM_FlgSuspend;
+
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+       BOOLEAN         bUseEfuse;
+       BOOLEAN         bEEPROMFile;
+       BOOLEAN         bFroceEEPROMBuffer;
+       UCHAR           EEPROMImage[1024];
+#endif // RTMP_EFUSE_SUPPORT //
+#endif // RT30xx //
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+};
+
+
+
+#ifdef TONE_RADAR_DETECT_SUPPORT
+#define DELAYINTMASK           0x0013fffb
+#define INTMASK                                0x0013fffb
+#define IndMask                                0x0013fffc
+#define RadarInt                       0x00100000
+#else
+#define DELAYINTMASK           0x0003fffb
+#define INTMASK                                0x0003fffb
+#define IndMask                                0x0003fffc
+#endif // TONE_RADAR_DETECT_SUPPORT //
+
+#define RxINT                          0x00000005      // Delayed Rx or indivi rx
+#define TxDataInt                      0x000000fa      // Delayed Tx or indivi tx
+#define TxMgmtInt                      0x00000102      // Delayed Tx or indivi tx
+#define TxCoherent                     0x00020000      // tx coherent
+#define RxCoherent                     0x00010000      // rx coherent
+#define McuCommand                     0x00000200      // mcu
+#define PreTBTTInt                     0x00001000      // Pre-TBTT interrupt
+#define TBTTInt                                0x00000800              // TBTT interrupt
+#define GPTimeOutInt                   0x00008000              // GPtimeout interrupt
+#define AutoWakeupInt          0x00004000              // AutoWakeupInt interrupt
+#define FifoStaFullInt                 0x00002000      //  fifo statistics full interrupt
+
+
+/***************************************************************************
+  *    Rx Path software control block related data structures
+  **************************************************************************/
+typedef struct _RX_BLK_
+{
+//     RXD_STRUC               RxD; // sample
+       RT28XX_RXD_STRUC        RxD;
+       PRXWI_STRUC                     pRxWI;
+       PHEADER_802_11          pHeader;
+       PNDIS_PACKET            pRxPacket;
+       UCHAR                           *pData;
+       USHORT                          DataSize;
+       USHORT                          Flags;
+       UCHAR                           UserPriority;   // for calculate TKIP MIC using
+} RX_BLK;
+
+
+#define RX_BLK_SET_FLAG(_pRxBlk, _flag)                (_pRxBlk->Flags |= _flag)
+#define RX_BLK_TEST_FLAG(_pRxBlk, _flag)       (_pRxBlk->Flags & _flag)
+#define RX_BLK_CLEAR_FLAG(_pRxBlk, _flag)      (_pRxBlk->Flags &= ~(_flag))
+
+
+#define fRX_WDS                        0x0001
+#define fRX_AMSDU              0x0002
+#define fRX_ARALINK            0x0004
+#define fRX_HTC                        0x0008
+#define fRX_PAD                        0x0010
+#define fRX_AMPDU              0x0020
+#define fRX_QOS                        0x0040
+#define fRX_INFRA              0x0080
+#define fRX_EAP                        0x0100
+#define fRX_MESH               0x0200
+#define fRX_APCLI              0x0400
+#define fRX_DLS                        0x0800
+#define fRX_WPI                        0x1000
+
+#define LENGTH_AMSDU_SUBFRAMEHEAD      14
+#define LENGTH_ARALINK_SUBFRAMEHEAD    14
+#define LENGTH_ARALINK_HEADER_FIELD     2
+
+
+/***************************************************************************
+  *    Tx Path software control block related data structures
+  **************************************************************************/
+#define TX_UNKOWN_FRAME                0x00
+#define TX_MCAST_FRAME                 0x01
+#define TX_LEGACY_FRAME                0x02
+#define TX_AMPDU_FRAME         0x04
+#define TX_AMSDU_FRAME         0x08
+#define TX_RALINK_FRAME                0x10
+#define TX_FRAG_FRAME                  0x20
+
+
+//     Currently the sizeof(TX_BLK) is 148 bytes.
+typedef struct _TX_BLK_
+{
+       UCHAR                           QueIdx;
+       UCHAR                           TxFrameType;                            // Indicate the Transmission type of the all frames in one batch
+       UCHAR                           TotalFrameNum;                          // Total frame number want to send-out in one batch
+       USHORT                          TotalFragNum;                           // Total frame fragments required in one batch
+       USHORT                          TotalFrameLen;                          // Total length of all frames want to send-out in one batch
+
+       QUEUE_HEADER            TxPacketList;
+       MAC_TABLE_ENTRY         *pMacEntry;                                     // NULL: packet with 802.11 RA field is multicast/broadcast address
+       HTTRANSMIT_SETTING      *pTransmit;
+
+       // Following structure used for the characteristics of a specific packet.
+       PNDIS_PACKET            pPacket;
+       PUCHAR                          pSrcBufHeader;                          // Reference to the head of sk_buff->data
+       PUCHAR                          pSrcBufData;                            // Reference to the sk_buff->data, will changed depends on hanlding progresss
+       UINT                            SrcBufLen;                                      // Length of packet payload which not including Layer 2 header
+       PUCHAR                          pExtraLlcSnapEncap;                     // NULL means no extra LLC/SNAP is required
+       UCHAR                           HeaderBuf[96];                          // TempBuffer for TX_INFO + TX_WI + 802.11 Header + padding + AMSDU SubHeader + LLC/SNAP
+       UCHAR                           MpduHeaderLen;                          // 802.11 header length NOT including the padding
+       UCHAR                           HdrPadLen;                                      // recording Header Padding Length;
+       UCHAR                           apidx;                                          // The interface associated to this packet
+       UCHAR                           Wcid;                                           // The MAC entry associated to this packet
+       UCHAR                           UserPriority;                           // priority class of packet
+       UCHAR                           FrameGap;                                       // what kind of IFS this packet use
+       UCHAR                           MpduReqNum;                                     // number of fragments of this frame
+       UCHAR                           TxRate;                                         // TODO: Obsoleted? Should change to MCS?
+       UCHAR                           CipherAlg;                                      // cipher alogrithm
+       PCIPHER_KEY                     pKey;
+
+
+
+       USHORT                          Flags;                                          //See following definitions for detail.
+
+       //YOU SHOULD NOT TOUCH IT! Following parameters are used for hardware-depended layer.
+       ULONG                           Priv;                                           // Hardware specific value saved in here.
+
+} TX_BLK, *PTX_BLK;
+
+
+#define fTX_bRtsRequired                       0x0001  // Indicate if need send RTS frame for protection. Not used in RT2860/RT2870.
+#define fTX_bAckRequired                       0x0002  // the packet need ack response
+#define fTX_bPiggyBack                 0x0004  // Legacy device use Piggback or not
+#define fTX_bHTRate                            0x0008  // allow to use HT rate
+#define fTX_bForceNonQoS               0x0010  // force to transmit frame without WMM-QoS in HT mode
+#define fTX_bAllowFrag                 0x0020  // allow to fragment the packet, A-MPDU, A-MSDU, A-Ralink is not allowed to fragment
+#define fTX_bMoreData                  0x0040  // there are more data packets in PowerSave Queue
+#define fTX_bWMM                               0x0080  // QOS Data
+#define fTX_bClearEAPFrame             0x0100
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+
+#define TX_BLK_SET_FLAG(_pTxBlk, _flag)                (_pTxBlk->Flags |= _flag)
+#define TX_BLK_TEST_FLAG(_pTxBlk, _flag)       (((_pTxBlk->Flags & _flag) == _flag) ? 1 : 0)
+#define TX_BLK_CLEAR_FLAG(_pTxBlk, _flag)      (_pTxBlk->Flags &= ~(_flag))
+
+
+
+
+#ifdef RT_BIG_ENDIAN
+/***************************************************************************
+  *    Endian conversion related functions
+  **************************************************************************/
+/*
+       ========================================================================
+
+       Routine Description:
+               Endian conversion of Tx/Rx descriptor .
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pData                   Pointer to Tx/Rx descriptor
+               DescriptorType  Direction of the frame
+
+       Return Value:
+               None
+
+       Note:
+               Call this function when read or update descriptor
+       ========================================================================
+*/
+static inline VOID     RTMPWIEndianChange(
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DescriptorType)
+{
+       int size;
+       int i;
+
+       size = ((DescriptorType == TYPE_TXWI) ? TXWI_SIZE : RXWI_SIZE);
+
+       if(DescriptorType == TYPE_TXWI)
+       {
+               *((UINT32 *)(pData)) = SWAP32(*((UINT32 *)(pData)));            // Byte 0~3
+               *((UINT32 *)(pData + 4)) = SWAP32(*((UINT32 *)(pData+4)));      // Byte 4~7
+       }
+       else
+       {
+               for(i=0; i < size/4 ; i++)
+                       *(((UINT32 *)pData) +i) = SWAP32(*(((UINT32 *)pData)+i));
+       }
+}
+
+
+#ifdef RTMP_MAC_PCI
+static inline VOID     WriteBackToDescriptor(
+       IN  PUCHAR                      Dest,
+       IN      PUCHAR                  Src,
+    IN  BOOLEAN                        DoEncrypt,
+       IN  ULONG           DescriptorType)
+{
+       UINT32 *p1, *p2;
+
+       p1 = ((UINT32 *)Dest);
+       p2 = ((UINT32 *)Src);
+
+       *p1 = *p2;
+       *(p1+2) = *(p2+2);
+       *(p1+3) = *(p2+3);
+       *(p1+1) = *(p2+1); // Word 1; this must be written back last
+}
+#endif // RTMP_MAC_PCI //
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Endian conversion of Tx/Rx descriptor .
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pData                   Pointer to Tx/Rx descriptor
+               DescriptorType  Direction of the frame
+
+       Return Value:
+               None
+
+       Note:
+               Call this function when read or update descriptor
+       ========================================================================
+*/
+#ifdef RTMP_MAC_PCI
+static inline VOID     RTMPDescriptorEndianChange(
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DescriptorType)
+{
+       *((UINT32 *)(pData)) = SWAP32(*((UINT32 *)(pData)));            // Byte 0~3
+       *((UINT32 *)(pData + 8)) = SWAP32(*((UINT32 *)(pData+8)));      // Byte 8~11
+       *((UINT32 *)(pData +12)) = SWAP32(*((UINT32 *)(pData + 12)));   // Byte 12~15
+       *((UINT32 *)(pData + 4)) = SWAP32(*((UINT32 *)(pData + 4)));                            // Byte 4~7, this must be swapped last
+}
+#endif // RTMP_MAC_PCI //
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Endian conversion of all kinds of 802.11 frames .
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pData                   Pointer to the 802.11 frame structure
+               Dir                     Direction of the frame
+               FromRxDoneInt   Caller is from RxDone interrupt
+
+       Return Value:
+               None
+
+       Note:
+               Call this function when read or update buffer data
+       ========================================================================
+*/
+static inline VOID     RTMPFrameEndianChange(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   Dir,
+       IN      BOOLEAN                 FromRxDoneInt)
+{
+       PHEADER_802_11 pFrame;
+       PUCHAR  pMacHdr;
+
+       // swab 16 bit fields - Frame Control field
+       if(Dir == DIR_READ)
+       {
+               *(USHORT *)pData = SWAP16(*(USHORT *)pData);
+       }
+
+       pFrame = (PHEADER_802_11) pData;
+       pMacHdr = (PUCHAR) pFrame;
+
+       // swab 16 bit fields - Duration/ID field
+       *(USHORT *)(pMacHdr + 2) = SWAP16(*(USHORT *)(pMacHdr + 2));
+
+       // swab 16 bit fields - Sequence Control field
+       *(USHORT *)(pMacHdr + 22) = SWAP16(*(USHORT *)(pMacHdr + 22));
+
+       if(pFrame->FC.Type == BTYPE_MGMT)
+       {
+               switch(pFrame->FC.SubType)
+               {
+                       case SUBTYPE_ASSOC_REQ:
+                       case SUBTYPE_REASSOC_REQ:
+                               // swab 16 bit fields - CapabilityInfo field
+                               pMacHdr += sizeof(HEADER_802_11);
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                               // swab 16 bit fields - Listen Interval field
+                               pMacHdr += 2;
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+                               break;
+
+                       case SUBTYPE_ASSOC_RSP:
+                       case SUBTYPE_REASSOC_RSP:
+                               // swab 16 bit fields - CapabilityInfo field
+                               pMacHdr += sizeof(HEADER_802_11);
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                               // swab 16 bit fields - Status Code field
+                               pMacHdr += 2;
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                               // swab 16 bit fields - AID field
+                               pMacHdr += 2;
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+                               break;
+
+                       case SUBTYPE_AUTH:
+                               // If from APHandleRxDoneInterrupt routine, it is still a encrypt format.
+                               // The convertion is delayed to RTMPHandleDecryptionDoneInterrupt.
+                               if(!FromRxDoneInt && pFrame->FC.Wep == 1)
+                                       break;
+                               else
+                               {
+                                       // swab 16 bit fields - Auth Alg No. field
+                                       pMacHdr += sizeof(HEADER_802_11);
+                                       *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                                       // swab 16 bit fields - Auth Seq No. field
+                                       pMacHdr += 2;
+                                       *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                                       // swab 16 bit fields - Status Code field
+                                       pMacHdr += 2;
+                                       *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+                               }
+                               break;
+
+                       case SUBTYPE_BEACON:
+                       case SUBTYPE_PROBE_RSP:
+                               // swab 16 bit fields - BeaconInterval field
+                               pMacHdr += (sizeof(HEADER_802_11) + TIMESTAMP_LEN);
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+
+                               // swab 16 bit fields - CapabilityInfo field
+                               pMacHdr += sizeof(USHORT);
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+                               break;
+
+                       case SUBTYPE_DEAUTH:
+                       case SUBTYPE_DISASSOC:
+                               // swab 16 bit fields - Reason code field
+                               pMacHdr += sizeof(HEADER_802_11);
+                               *(USHORT *)pMacHdr = SWAP16(*(USHORT *)pMacHdr);
+                               break;
+               }
+       }
+       else if( pFrame->FC.Type == BTYPE_DATA )
+       {
+       }
+       else if(pFrame->FC.Type == BTYPE_CNTL)
+       {
+               switch(pFrame->FC.SubType)
+               {
+                       case SUBTYPE_BLOCK_ACK_REQ:
+                               {
+                                       PFRAME_BA_REQ pBAReq = (PFRAME_BA_REQ)pFrame;
+                                       *(USHORT *)(&pBAReq->BARControl) = SWAP16(*(USHORT *)(&pBAReq->BARControl));
+                                       pBAReq->BAStartingSeq.word = SWAP16(pBAReq->BAStartingSeq.word);
+                               }
+                               break;
+                       case SUBTYPE_BLOCK_ACK:
+                               // For Block Ack packet, the HT_CONTROL field is in the same offset with Addr3
+                               *(UINT32 *)(&pFrame->Addr3[0]) = SWAP32(*(UINT32 *)(&pFrame->Addr3[0]));
+                               break;
+
+                       case SUBTYPE_ACK:
+                               //For ACK packet, the HT_CONTROL field is in the same offset with Addr2
+                               *(UINT32 *)(&pFrame->Addr2[0])= SWAP32(*(UINT32 *)(&pFrame->Addr2[0]));
+                               break;
+               }
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("Invalid Frame Type!!!\n"));
+       }
+
+       // swab 16 bit fields - Frame Control
+       if(Dir == DIR_WRITE)
+       {
+               *(USHORT *)pData = SWAP16(*(USHORT *)pData);
+       }
+}
+#endif // RT_BIG_ENDIAN //
+
+
+/***************************************************************************
+  *    Other static inline function definitions
+  **************************************************************************/
+static inline VOID ConvertMulticastIP2MAC(
+       IN PUCHAR pIpAddr,
+       IN PUCHAR *ppMacAddr,
+       IN UINT16 ProtoType)
+{
+       if (pIpAddr == NULL)
+               return;
+
+       if (ppMacAddr == NULL || *ppMacAddr == NULL)
+               return;
+
+       switch (ProtoType)
+       {
+               case ETH_P_IPV6:
+//                     memset(*ppMacAddr, 0, ETH_LENGTH_OF_ADDRESS);
+                       *(*ppMacAddr) = 0x33;
+                       *(*ppMacAddr + 1) = 0x33;
+                       *(*ppMacAddr + 2) = pIpAddr[12];
+                       *(*ppMacAddr + 3) = pIpAddr[13];
+                       *(*ppMacAddr + 4) = pIpAddr[14];
+                       *(*ppMacAddr + 5) = pIpAddr[15];
+                       break;
+
+               case ETH_P_IP:
+               default:
+//                     memset(*ppMacAddr, 0, ETH_LENGTH_OF_ADDRESS);
+                       *(*ppMacAddr) = 0x01;
+                       *(*ppMacAddr + 1) = 0x00;
+                       *(*ppMacAddr + 2) = 0x5e;
+                       *(*ppMacAddr + 3) = pIpAddr[1] & 0x7f;
+                       *(*ppMacAddr + 4) = pIpAddr[2];
+                       *(*ppMacAddr + 5) = pIpAddr[3];
+                       break;
+       }
+
+       return;
+}
+
+
+char *GetPhyMode(int Mode);
+char* GetBW(int BW);
+
+
+
+BOOLEAN RTMPCheckForHang(
+       IN  NDIS_HANDLE MiniportAdapterContext);
+
+VOID  RTMPHalt(
+       IN  NDIS_HANDLE MiniportAdapterContext);
+
+//
+//  Private routines in rtmp_init.c
+//
+NDIS_STATUS RTMPAllocAdapterBlock(
+       IN PVOID                        handle,
+       OUT PRTMP_ADAPTER   *ppAdapter);
+
+NDIS_STATUS RTMPAllocTxRxRingMemory(
+       IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS RTMPFindAdapter(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  NDIS_HANDLE     WrapperConfigurationContext);
+
+NDIS_STATUS    RTMPReadParametersHook(
+       IN      PRTMP_ADAPTER pAd);
+
+NDIS_STATUS    RTMPSetProfileParameters(
+       IN RTMP_ADAPTER *pAd,
+       IN PSTRING              pBuffer);
+
+INT RTMPGetKeyParameter(
+    IN PSTRING key,
+    OUT PSTRING dest,
+    IN INT destsize,
+    IN PSTRING buffer,
+    IN BOOLEAN bTrimSpace);
+
+VOID RTMPFreeAdapter(
+       IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS NICReadRegParameters(
+       IN  PRTMP_ADAPTER       pAd,
+       IN  NDIS_HANDLE         WrapperConfigurationContext);
+
+#ifdef RTMP_RF_RW_SUPPORT
+VOID NICInitRFRegisters(
+       IN PRTMP_ADAPTER pAd);
+
+VOID RtmpChipOpsRFHook(
+       IN RTMP_ADAPTER *pAd);
+
+NDIS_STATUS    RT30xxWriteRFRegister(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   regID,
+       IN      UCHAR                   value);
+
+NDIS_STATUS    RT30xxReadRFRegister(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   regID,
+       IN      PUCHAR                  pValue);
+#endif // RTMP_RF_RW_SUPPORT //
+
+VOID NICReadEEPROMParameters(
+       IN  PRTMP_ADAPTER       pAd,
+       IN      PUCHAR                          mac_addr);
+
+VOID NICInitAsicFromEEPROM(
+       IN  PRTMP_ADAPTER       pAd);
+
+
+NDIS_STATUS NICInitializeAdapter(
+       IN  PRTMP_ADAPTER   pAd,
+       IN   BOOLEAN    bHardReset);
+
+NDIS_STATUS NICInitializeAsic(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  BOOLEAN             bHardReset);
+
+VOID NICIssueReset(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPRingCleanUp(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR           RingType);
+
+VOID RxTest(
+       IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS DbgSendPacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PNDIS_PACKET    pPacket);
+
+VOID UserCfgInit(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID NICResetFromError(
+       IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS NICLoadFirmware(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID NICEraseFirmware(
+       IN PRTMP_ADAPTER pAd);
+
+NDIS_STATUS NICLoadRateSwitchingParams(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN NICCheckForHang(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID NICUpdateFifoStaCounters(
+       IN PRTMP_ADAPTER pAd);
+
+VOID NICUpdateRawCounters(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPZeroMemory(
+       IN  PVOID   pSrc,
+       IN  ULONG   Length);
+
+ULONG RTMPCompareMemory(
+       IN  PVOID   pSrc1,
+       IN  PVOID   pSrc2,
+       IN  ULONG   Length);
+
+VOID RTMPMoveMemory(
+       OUT PVOID   pDest,
+       IN  PVOID   pSrc,
+       IN  ULONG   Length);
+
+VOID AtoH(
+       PSTRING src,
+       PUCHAR dest,
+       int             destlen);
+
+UCHAR BtoH(
+       char ch);
+
+VOID RTMPPatchMacBbpBug(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPPatchCardBus(
+       IN      PRTMP_ADAPTER   pAdapter);
+
+VOID RTMPPatchRalinkCardBus(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      ULONG                   Bus);
+
+ULONG RTMPReadCBConfig(
+       IN      ULONG   Bus,
+       IN      ULONG   Slot,
+       IN      ULONG   Func,
+       IN      ULONG   Offset);
+
+VOID RTMPWriteCBConfig(
+       IN      ULONG   Bus,
+       IN      ULONG   Slot,
+       IN      ULONG   Func,
+       IN      ULONG   Offset,
+       IN      ULONG   Value);
+
+VOID RTMPInitTimer(
+       IN  PRTMP_ADAPTER           pAd,
+       IN  PRALINK_TIMER_STRUCT    pTimer,
+       IN  PVOID                   pTimerFunc,
+       IN      PVOID                                   pData,
+       IN  BOOLEAN                 Repeat);
+
+VOID RTMPSetTimer(
+       IN  PRALINK_TIMER_STRUCT    pTimer,
+       IN  ULONG                   Value);
+
+
+VOID RTMPModTimer(
+       IN      PRALINK_TIMER_STRUCT    pTimer,
+       IN      ULONG                                   Value);
+
+VOID RTMPCancelTimer(
+       IN  PRALINK_TIMER_STRUCT    pTimer,
+       OUT BOOLEAN                 *pCancelled);
+
+VOID RTMPSetLED(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Status);
+
+VOID RTMPSetSignalLED(
+       IN PRTMP_ADAPTER        pAd,
+       IN NDIS_802_11_RSSI Dbm);
+
+
+VOID RTMPEnableRxTx(
+       IN PRTMP_ADAPTER        pAd);
+
+//
+// prototype in action.c
+//
+VOID ActionStateMachineInit(
+    IN PRTMP_ADAPTER   pAd,
+    IN  STATE_MACHINE *S,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID MlmeADDBAAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeDELBAAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeDLSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeInvalidAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeQOSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+#ifdef DOT11_N_SUPPORT
+VOID PeerAddBAReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerAddBARspAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerDelBAAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerBAAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+#endif // DOT11_N_SUPPORT //
+
+VOID SendPSMPAction(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Wcid,
+       IN UCHAR                        Psmp);
+
+
+VOID PeerRMAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerPublicAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+#ifdef CONFIG_STA_SUPPORT
+VOID StaPublicAction(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR Bss2040Coexist);
+#endif // CONFIG_STA_SUPPORT //
+
+
+VOID PeerBSSTranAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+#ifdef DOT11_N_SUPPORT
+VOID PeerHTAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+#endif // DOT11_N_SUPPORT //
+
+VOID PeerQOSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+#ifdef QOS_DLS_SUPPORT
+VOID PeerDLSAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+#endif // QOS_DLS_SUPPORT //
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+VOID DlsParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_DLS_REQ_STRUCT *pDlsReq,
+       IN PRT_802_11_DLS pDls,
+       IN USHORT reason);
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+VOID RECBATimerTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+VOID ORIBATimerTimeout(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID SendRefreshBAR(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry);
+
+#ifdef DOT11N_DRAFT3
+VOID SendBSS2040CoexistMgmtAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   Wcid,
+       IN      UCHAR   apidx,
+       IN      UCHAR   InfoReq);
+
+VOID SendNotifyBWActionFrame(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR  Wcid,
+       IN UCHAR apidx);
+
+BOOLEAN ChannelSwitchSanityCheck(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN    UCHAR  NewChannel,
+       IN    UCHAR  Secondary);
+
+VOID ChannelSwitchAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN    UCHAR  Channel,
+       IN    UCHAR  Secondary);
+
+ULONG BuildIntolerantChannelRep(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    PUCHAR  pDest);
+
+VOID Update2040CoexistFrameAndNotify(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN      BOOLEAN bAddIntolerantCha);
+
+VOID Send2040CoexistAction(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR  Wcid,
+       IN      BOOLEAN bAddIntolerantCha);
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+VOID ActHeaderInit(
+    IN PRTMP_ADAPTER   pAd,
+    IN OUT PHEADER_802_11 pHdr80211,
+    IN PUCHAR Addr1,
+    IN PUCHAR Addr2,
+    IN PUCHAR Addr3);
+
+VOID BarHeaderInit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN OUT PFRAME_BAR pCntlBar,
+       IN PUCHAR pDA,
+       IN PUCHAR pSA);
+
+VOID InsertActField(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 Category,
+       IN UINT8 ActCode);
+
+BOOLEAN QosBADataParse(
+       IN PRTMP_ADAPTER        pAd,
+       IN BOOLEAN bAMSDU,
+       IN PUCHAR p8023Header,
+       IN UCHAR        WCID,
+       IN UCHAR        TID,
+       IN USHORT Sequence,
+       IN UCHAR DataOffset,
+       IN USHORT Datasize,
+       IN UINT   CurRxIndex);
+
+#ifdef DOT11_N_SUPPORT
+BOOLEAN CntlEnqueueForRecv(
+    IN PRTMP_ADAPTER   pAd,
+       IN ULONG Wcid,
+    IN ULONG MsgLen,
+       IN PFRAME_BA_REQ pMsg);
+
+VOID BaAutoManSwitch(
+       IN      PRTMP_ADAPTER   pAd);
+#endif // DOT11_N_SUPPORT //
+
+VOID HTIOTCheck(
+       IN      PRTMP_ADAPTER   pAd,
+       IN    UCHAR     BatRecIdx);
+
+//
+// Private routines in rtmp_data.c
+//
+BOOLEAN RTMPHandleRxDoneInterrupt(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPHandleTxDoneInterrupt(
+       IN  PRTMP_ADAPTER   pAd);
+
+BOOLEAN RTMPHandleTxRingDmaDoneInterrupt(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  INT_SOURCE_CSR_STRUC TxRingBitmap);
+
+VOID RTMPHandleMgmtRingDmaDoneInterrupt(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPHandleTBTTInterrupt(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPHandlePreTBTTInterrupt(
+       IN  PRTMP_ADAPTER   pAd);
+
+void RTMPHandleTwakeupInterrupt(
+       IN PRTMP_ADAPTER pAd);
+
+VOID   RTMPHandleRxCoherentInterrupt(
+       IN      PRTMP_ADAPTER   pAd);
+
+
+BOOLEAN TxFrameIsAggregatible(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pPrevAddr1,
+       IN  PUCHAR          p8023hdr);
+
+BOOLEAN PeerIsAggreOn(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  ULONG          TxRate,
+    IN  PMAC_TABLE_ENTRY pMacEntry);
+
+
+NDIS_STATUS Sniff2BytesFromNdisBuffer(
+       IN  PNDIS_BUFFER    pFirstBuffer,
+       IN  UCHAR           DesiredOffset,
+       OUT PUCHAR          pByte0,
+       OUT PUCHAR          pByte1);
+
+NDIS_STATUS STASendPacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PNDIS_PACKET    pPacket);
+
+VOID STASendPackets(
+       IN  NDIS_HANDLE     MiniportAdapterContext,
+       IN  PPNDIS_PACKET   ppPacketArray,
+       IN  UINT            NumberOfPackets);
+
+VOID RTMPDeQueuePacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      BOOLEAN                 bIntContext,
+       IN  UCHAR                       QueIdx,
+       IN      UCHAR                   Max_Tx_Packets);
+
+NDIS_STATUS    RTMPHardTransmit(
+       IN PRTMP_ADAPTER        pAd,
+       IN PNDIS_PACKET         pPacket,
+       IN  UCHAR                       QueIdx,
+       OUT     PULONG                  pFreeTXDLeft);
+
+NDIS_STATUS    STAHardTransmit(
+       IN PRTMP_ADAPTER        pAd,
+       IN TX_BLK                       *pTxBlk,
+       IN  UCHAR                       QueIdx);
+
+VOID STARxEAPOLFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+NDIS_STATUS RTMPFreeTXDRequest(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR           RingType,
+       IN  UCHAR           NumberRequired,
+       IN      PUCHAR          FreeNumberIs);
+
+NDIS_STATUS MlmeHardTransmit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR       QueIdx,
+       IN  PNDIS_PACKET    pPacket);
+
+NDIS_STATUS MlmeHardTransmitMgmtRing(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR       QueIdx,
+       IN  PNDIS_PACKET    pPacket);
+
+#ifdef RTMP_MAC_PCI
+NDIS_STATUS MlmeHardTransmitTxRing(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR       QueIdx,
+       IN  PNDIS_PACKET    pPacket);
+
+NDIS_STATUS MlmeDataHardTransmit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR   QueIdx,
+       IN      PNDIS_PACKET    pPacket);
+
+VOID RTMPWriteTxDescriptor(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXD_STRUC              pTxD,
+       IN      BOOLEAN                 bWIV,
+       IN      UCHAR                   QSEL);
+#endif // RTMP_MAC_PCI //
+
+USHORT  RTMPCalcDuration(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR           Rate,
+       IN  ULONG           Size);
+
+VOID RTMPWriteTxWI(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PTXWI_STRUC             pTxWI,
+       IN  BOOLEAN             FRAG,
+       IN  BOOLEAN             CFACK,
+       IN  BOOLEAN             InsTimestamp,
+       IN      BOOLEAN                 AMPDU,
+       IN      BOOLEAN                 Ack,
+       IN      BOOLEAN                 NSeq,           // HW new a sequence.
+       IN      UCHAR                   BASize,
+       IN      UCHAR                   WCID,
+       IN      ULONG                   Length,
+       IN  UCHAR               PID,
+       IN      UCHAR                   TID,
+       IN      UCHAR                   TxRate,
+       IN      UCHAR                   Txopmode,
+       IN      BOOLEAN                 CfAck,
+       IN      HTTRANSMIT_SETTING      *pTransmit);
+
+
+VOID RTMPWriteTxWI_Data(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      OUT PTXWI_STRUC         pTxWI,
+       IN      TX_BLK                          *pTxBlk);
+
+
+VOID RTMPWriteTxWI_Cache(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      OUT PTXWI_STRUC         pTxWI,
+       IN      TX_BLK                          *pTxBlk);
+
+VOID RTMPSuspendMsduTransmission(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPResumeMsduTransmission(
+       IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS MiniportMMRequest(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   QueIdx,
+       IN      PUCHAR                  pData,
+       IN  UINT            Length);
+
+//+++mark by shiang, now this function merge to MiniportMMRequest()
+//---mark by shiang, now this function merge to MiniportMMRequest()
+
+VOID RTMPSendNullFrame(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR           TxRate,
+       IN      BOOLEAN                 bQosNull);
+
+VOID RTMPSendDisassociationFrame(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID RTMPSendRTSFrame(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDA,
+       IN      unsigned int    NextMpduSize,
+       IN  UCHAR           TxRate,
+       IN  UCHAR           RTSRate,
+       IN  USHORT          AckDuration,
+       IN  UCHAR           QueIdx,
+       IN  UCHAR                       FrameGap);
+
+
+NDIS_STATUS RTMPApplyPacketFilter(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PRT28XX_RXD_STRUC      pRxD,
+       IN  PHEADER_802_11  pHeader);
+
+PQUEUE_HEADER   RTMPCheckTxSwQueue(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT UCHAR           *QueIdx);
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RTMPReportMicError(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PCIPHER_KEY     pWpaKey);
+
+VOID   WpaMicFailureReportFrame(
+       IN  PRTMP_ADAPTER    pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID    WpaDisassocApAndBlockAssoc(
+    IN  PVOID SystemSpecific1,
+    IN  PVOID FunctionContext,
+    IN  PVOID SystemSpecific2,
+    IN  PVOID SystemSpecific3);
+
+VOID WpaStaPairwiseKeySetting(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID WpaStaGroupKeySetting(
+       IN      PRTMP_ADAPTER   pAd);
+
+#endif // CONFIG_STA_SUPPORT //
+
+NDIS_STATUS RTMPCloneNdisPacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      BOOLEAN    pInsAMSDUHdr,
+       IN  PNDIS_PACKET    pInPacket,
+       OUT PNDIS_PACKET   *ppOutPacket);
+
+NDIS_STATUS RTMPAllocateNdisPacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PNDIS_PACKET    *pPacket,
+       IN  PUCHAR          pHeader,
+       IN  UINT            HeaderLen,
+       IN  PUCHAR          pData,
+       IN  UINT            DataLen);
+
+VOID RTMPFreeNdisPacket(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PNDIS_PACKET    pPacket);
+
+BOOLEAN RTMPFreeTXDUponTxDmaDone(
+       IN PRTMP_ADAPTER    pAd,
+       IN UCHAR            QueIdx);
+
+BOOLEAN RTMPCheckDHCPFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket);
+
+
+BOOLEAN RTMPCheckEtherType(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket);
+
+
+VOID RTMPCckBbpTuning(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UINT                    TxRate);
+
+//
+// Private routines in rtmp_wep.c
+//
+VOID RTMPInitWepEngine(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKey,
+       IN  UCHAR           KeyId,
+       IN  UCHAR           KeyLen,
+       IN  PUCHAR          pDest);
+
+VOID RTMPEncryptData(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pSrc,
+       IN  PUCHAR          pDest,
+       IN  UINT            Len);
+
+BOOLEAN        RTMPDecryptData(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PUCHAR                  pSrc,
+       IN      UINT                    Len,
+       IN      UINT                    idx);
+
+BOOLEAN        RTMPSoftDecryptWEP(
+       IN PRTMP_ADAPTER        pAd,
+       IN PUCHAR                       pData,
+       IN ULONG                        DataByteCnt,
+       IN PCIPHER_KEY          pGroupKey);
+
+VOID RTMPSetICV(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDest);
+
+VOID ARCFOUR_INIT(
+       IN  PARCFOURCONTEXT Ctx,
+       IN  PUCHAR          pKey,
+       IN  UINT            KeyLen);
+
+UCHAR   ARCFOUR_BYTE(
+       IN  PARCFOURCONTEXT     Ctx);
+
+VOID ARCFOUR_DECRYPT(
+       IN  PARCFOURCONTEXT Ctx,
+       IN  PUCHAR          pDest,
+       IN  PUCHAR          pSrc,
+       IN  UINT            Len);
+
+VOID ARCFOUR_ENCRYPT(
+       IN  PARCFOURCONTEXT Ctx,
+       IN  PUCHAR          pDest,
+       IN  PUCHAR          pSrc,
+       IN  UINT            Len);
+
+VOID WPAARCFOUR_ENCRYPT(
+       IN  PARCFOURCONTEXT Ctx,
+       IN  PUCHAR          pDest,
+       IN  PUCHAR          pSrc,
+       IN  UINT            Len);
+
+UINT RTMP_CALC_FCS32(
+       IN  UINT   Fcs,
+       IN  PUCHAR  Cp,
+       IN  INT     Len);
+
+//
+// MLME routines
+//
+
+// Asic/RF/BBP related functions
+
+VOID AsicAdjustTxPower(
+       IN PRTMP_ADAPTER pAd);
+
+VOID   AsicUpdateProtect(
+       IN              PRTMP_ADAPTER   pAd,
+       IN              USHORT                  OperaionMode,
+       IN              UCHAR                   SetMask,
+       IN              BOOLEAN                 bDisableBGProtect,
+       IN              BOOLEAN                 bNonGFExist);
+
+VOID AsicSwitchChannel(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   Channel,
+       IN      BOOLEAN                 bScan);
+
+VOID AsicLockChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR Channel) ;
+
+VOID AsicAntennaSelect(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR           Channel);
+
+VOID AsicAntennaSetting(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      ABGBAND_STATE   BandState);
+
+VOID AsicRfTuningExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+#ifdef CONFIG_STA_SUPPORT
+
+VOID AsicResetBBPAgent(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicSleepThenAutoWakeup(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  USHORT TbttNumToNextWakeUp);
+
+VOID AsicForceSleep(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicForceWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN    bFromTx);
+#endif // CONFIG_STA_SUPPORT //
+
+VOID AsicSetBssid(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR pBssid);
+
+VOID AsicSetMcastWC(
+       IN PRTMP_ADAPTER pAd);
+
+
+VOID AsicDelWcidTab(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR        Wcid);
+
+VOID AsicEnableRDG(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicDisableRDG(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicDisableSync(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID AsicEnableBssSync(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID AsicEnableIbssSync(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID AsicSetEdcaParm(
+       IN PRTMP_ADAPTER pAd,
+       IN PEDCA_PARM    pEdcaParm);
+
+VOID AsicSetSlotTime(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN bUseShortSlotTime);
+
+
+VOID AsicAddSharedKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR         BssIndex,
+       IN UCHAR         KeyIdx,
+       IN UCHAR         CipherAlg,
+       IN PUCHAR        pKey,
+       IN PUCHAR        pTxMic,
+       IN PUCHAR        pRxMic);
+
+VOID AsicRemoveSharedKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR         BssIndex,
+       IN UCHAR         KeyIdx);
+
+VOID AsicUpdateWCIDAttribute(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN UCHAR                BssIndex,
+       IN UCHAR        CipherAlg,
+       IN BOOLEAN              bUsePairewiseKeyTable);
+
+VOID AsicUpdateWCIDIVEIV(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN ULONG        uIV,
+       IN ULONG        uEIV);
+
+VOID AsicUpdateRxWCIDTable(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN PUCHAR        pAddr);
+
+VOID AsicAddKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT               WCID,
+       IN UCHAR                BssIndex,
+       IN UCHAR                KeyIdx,
+       IN PCIPHER_KEY  pCipherKey,
+       IN BOOLEAN              bUsePairewiseKeyTable,
+       IN BOOLEAN              bTxKey);
+
+VOID AsicAddPairwiseKeyEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR        pAddr,
+       IN UCHAR                WCID,
+       IN CIPHER_KEY            *pCipherKey);
+
+VOID AsicRemovePairwiseKeyEntry(
+       IN PRTMP_ADAPTER  pAd,
+       IN UCHAR                 BssIdx,
+       IN UCHAR                 Wcid);
+
+BOOLEAN AsicSendCommandToMcu(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR         Command,
+       IN UCHAR         Token,
+       IN UCHAR         Arg0,
+       IN UCHAR         Arg1);
+
+
+#ifdef RTMP_MAC_PCI
+BOOLEAN AsicCheckCommanOk(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 Command);
+#endif // RTMP_MAC_PCI //
+
+VOID MacAddrRandomBssid(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT PUCHAR pAddr);
+
+VOID MgtMacHeaderInit(
+       IN  PRTMP_ADAPTER     pAd,
+       IN OUT PHEADER_802_11 pHdr80211,
+       IN UCHAR SubType,
+       IN UCHAR ToDs,
+       IN PUCHAR pDA,
+       IN PUCHAR pBssid);
+
+VOID MlmeRadioOff(
+       IN PRTMP_ADAPTER pAd);
+
+VOID MlmeRadioOn(
+       IN PRTMP_ADAPTER pAd);
+
+
+VOID BssTableInit(
+       IN BSS_TABLE *Tab);
+
+#ifdef DOT11_N_SUPPORT
+VOID BATableInit(
+       IN PRTMP_ADAPTER pAd,
+    IN BA_TABLE *Tab);
+#endif // DOT11_N_SUPPORT //
+
+ULONG BssTableSearch(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR pBssid,
+       IN UCHAR Channel);
+
+ULONG BssSsidTableSearch(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR    pBssid,
+       IN PUCHAR    pSsid,
+       IN UCHAR     SsidLen,
+       IN UCHAR     Channel);
+
+ULONG BssTableSearchWithSSID(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR    Bssid,
+       IN PUCHAR    pSsid,
+       IN UCHAR     SsidLen,
+       IN UCHAR     Channel);
+
+ULONG BssSsidTableSearchBySSID(
+       IN BSS_TABLE *Tab,
+       IN PUCHAR        pSsid,
+       IN UCHAR         SsidLen);
+
+VOID BssTableDeleteEntry(
+       IN OUT  PBSS_TABLE pTab,
+       IN      PUCHAR pBssid,
+       IN      UCHAR Channel);
+
+#ifdef DOT11_N_SUPPORT
+VOID BATableDeleteORIEntry(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              BA_ORI_ENTRY    *pBAORIEntry);
+
+VOID BATableDeleteRECEntry(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              BA_REC_ENTRY    *pBARECEntry);
+
+VOID BATableTearORIEntry(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              UCHAR TID,
+       IN              UCHAR Wcid,
+       IN              BOOLEAN bForceDelete,
+       IN              BOOLEAN ALL);
+
+VOID BATableTearRECEntry(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              UCHAR TID,
+       IN              UCHAR WCID,
+       IN              BOOLEAN ALL);
+#endif // DOT11_N_SUPPORT //
+
+VOID  BssEntrySet(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT PBSS_ENTRY pBss,
+       IN PUCHAR pBssid,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR BssType,
+       IN USHORT BeaconPeriod,
+       IN PCF_PARM CfParm,
+       IN USHORT AtimWin,
+       IN USHORT CapabilityInfo,
+       IN UCHAR SupRate[],
+       IN UCHAR SupRateLen,
+       IN UCHAR ExtRate[],
+       IN UCHAR ExtRateLen,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN ADD_HT_INFO_IE *pAddHtInfo,  // AP might use this additional ht info IE
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        AddHtInfoLen,
+       IN UCHAR                        NewExtChanOffset,
+       IN UCHAR Channel,
+       IN CHAR Rssi,
+       IN LARGE_INTEGER TimeStamp,
+       IN UCHAR CkipFlag,
+       IN PEDCA_PARM pEdcaParm,
+       IN PQOS_CAPABILITY_PARM pQosCapability,
+       IN PQBSS_LOAD_PARM pQbssLoad,
+       IN USHORT LengthVIE,
+       IN PNDIS_802_11_VARIABLE_IEs pVIE);
+
+ULONG  BssTableSetEntry(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT PBSS_TABLE pTab,
+       IN PUCHAR pBssid,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR BssType,
+       IN USHORT BeaconPeriod,
+       IN CF_PARM *CfParm,
+       IN USHORT AtimWin,
+       IN USHORT CapabilityInfo,
+       IN UCHAR SupRate[],
+       IN UCHAR SupRateLen,
+       IN UCHAR ExtRate[],
+       IN UCHAR ExtRateLen,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN ADD_HT_INFO_IE *pAddHtInfo,  // AP might use this additional ht info IE
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        AddHtInfoLen,
+       IN UCHAR                        NewExtChanOffset,
+       IN UCHAR Channel,
+       IN CHAR Rssi,
+       IN LARGE_INTEGER TimeStamp,
+       IN UCHAR CkipFlag,
+       IN PEDCA_PARM pEdcaParm,
+       IN PQOS_CAPABILITY_PARM pQosCapability,
+       IN PQBSS_LOAD_PARM pQbssLoad,
+       IN USHORT LengthVIE,
+       IN PNDIS_802_11_VARIABLE_IEs pVIE);
+
+#ifdef DOT11_N_SUPPORT
+VOID BATableInsertEntry(
+    IN PRTMP_ADAPTER   pAd,
+       IN USHORT Aid,
+    IN USHORT          TimeOutValue,
+       IN USHORT               StartingSeq,
+    IN UCHAR TID,
+       IN UCHAR BAWinSize,
+       IN UCHAR OriginatorStatus,
+    IN BOOLEAN IsRecipient);
+
+#ifdef DOT11N_DRAFT3
+VOID Bss2040CoexistTimeOut(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+
+VOID  TriEventInit(
+       IN      PRTMP_ADAPTER   pAd);
+
+ULONG TriEventTableSetEntry(
+       IN      PRTMP_ADAPTER   pAd,
+       OUT TRIGGER_EVENT_TAB *Tab,
+       IN PUCHAR pBssid,
+       IN HT_CAPABILITY_IE *pHtCapability,
+       IN UCHAR                        HtCapabilityLen,
+       IN UCHAR                        RegClass,
+       IN UCHAR ChannelNo);
+
+VOID TriEventCounterMaintenance(
+       IN      PRTMP_ADAPTER   pAd);
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+VOID BssTableSsidSort(
+       IN  PRTMP_ADAPTER   pAd,
+       OUT BSS_TABLE *OutTab,
+       IN  CHAR Ssid[],
+       IN  UCHAR SsidLen);
+
+VOID  BssTableSortByRssi(
+       IN OUT BSS_TABLE *OutTab);
+
+VOID BssCipherParse(
+       IN OUT  PBSS_ENTRY  pBss);
+
+NDIS_STATUS  MlmeQueueInit(
+       IN MLME_QUEUE *Queue);
+
+VOID  MlmeQueueDestroy(
+       IN MLME_QUEUE *Queue);
+
+BOOLEAN MlmeEnqueue(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG Machine,
+       IN ULONG MsgType,
+       IN ULONG MsgLen,
+       IN VOID *Msg);
+
+BOOLEAN MlmeEnqueueForRecv(
+       IN  PRTMP_ADAPTER   pAd,
+       IN ULONG Wcid,
+       IN ULONG TimeStampHigh,
+       IN ULONG TimeStampLow,
+       IN UCHAR Rssi0,
+       IN UCHAR Rssi1,
+       IN UCHAR Rssi2,
+       IN ULONG MsgLen,
+       IN PVOID Msg,
+       IN UCHAR Signal);
+
+
+BOOLEAN MlmeDequeue(
+       IN MLME_QUEUE *Queue,
+       OUT MLME_QUEUE_ELEM **Elem);
+
+VOID    MlmeRestartStateMachine(
+       IN  PRTMP_ADAPTER   pAd);
+
+BOOLEAN  MlmeQueueEmpty(
+       IN MLME_QUEUE *Queue);
+
+BOOLEAN  MlmeQueueFull(
+       IN MLME_QUEUE *Queue);
+
+BOOLEAN  MsgTypeSubst(
+       IN PRTMP_ADAPTER pAd,
+       IN PFRAME_802_11 pFrame,
+       OUT INT *Machine,
+       OUT INT *MsgType);
+
+VOID StateMachineInit(
+       IN STATE_MACHINE *Sm,
+       IN STATE_MACHINE_FUNC Trans[],
+       IN ULONG StNr,
+       IN ULONG MsgNr,
+       IN STATE_MACHINE_FUNC DefFunc,
+       IN ULONG InitState,
+       IN ULONG Base);
+
+VOID StateMachineSetAction(
+       IN STATE_MACHINE *S,
+       IN ULONG St,
+       ULONG Msg,
+       IN STATE_MACHINE_FUNC F);
+
+VOID StateMachinePerformAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN STATE_MACHINE *S,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID Drop(
+       IN  PRTMP_ADAPTER   pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID AssocStateMachineInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  STATE_MACHINE *Sm,
+       OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID ReassocTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID AssocTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID DisassocTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+//----------------------------------------------
+VOID MlmeDisassocReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeAssocReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeReassocReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeDisassocReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerAssocRspAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerReassocRspAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerDisassocAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID DisassocTimeoutAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID AssocTimeoutAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID  ReassocTimeoutAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID  Cls3errAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR pAddr);
+
+VOID  InvalidStateWhenAssoc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID  InvalidStateWhenReassoc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID InvalidStateWhenDisassociate(
+       IN  PRTMP_ADAPTER pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+
+VOID  ComposePsPoll(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID  ComposeNullFrame(
+       IN  PRTMP_ADAPTER pAd);
+
+VOID  AssocPostProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR pAddr2,
+       IN  USHORT CapabilityInfo,
+       IN  USHORT Aid,
+       IN  UCHAR SupRate[],
+       IN  UCHAR SupRateLen,
+       IN  UCHAR ExtRate[],
+       IN  UCHAR ExtRateLen,
+       IN PEDCA_PARM pEdcaParm,
+       IN HT_CAPABILITY_IE             *pHtCapability,
+       IN  UCHAR HtCapabilityLen,
+       IN ADD_HT_INFO_IE               *pAddHtInfo);
+
+VOID AuthStateMachineInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN PSTATE_MACHINE sm,
+       OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID AuthTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID MlmeAuthReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerAuthRspAtSeq2Action(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerAuthRspAtSeq4Action(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID AuthTimeoutAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID Cls2errAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR pAddr);
+
+VOID MlmeDeauthReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID InvalidStateWhenAuth(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+//=============================================
+
+VOID AuthRspStateMachineInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PSTATE_MACHINE Sm,
+       IN  STATE_MACHINE_FUNC Trans[]);
+
+VOID PeerDeauthAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerAuthSimpleRspGenAndSend(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PHEADER_802_11  pHdr80211,
+       IN  USHORT Alg,
+       IN  USHORT Seq,
+       IN  USHORT Reason,
+       IN  USHORT Status);
+
+//
+// Private routines in dls.c
+//
+
+#ifdef CONFIG_STA_SUPPORT
+#ifdef QOS_DLS_SUPPORT
+void DlsStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID MlmeDlsReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerDlsReqAction(
+    IN PRTMP_ADAPTER   pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerDlsRspAction(
+    IN PRTMP_ADAPTER   pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeDlsTearDownAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerDlsTearDownAction(
+    IN PRTMP_ADAPTER   pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+VOID RTMPCheckDLSTimeOut(
+       IN PRTMP_ADAPTER        pAd);
+
+BOOLEAN RTMPRcvFrameDLSCheck(
+       IN PRTMP_ADAPTER        pAd,
+       IN PHEADER_802_11       pHeader,
+       IN ULONG                        Len,
+       IN PRT28XX_RXD_STRUC    pRxD);
+
+INT    RTMPCheckDLSFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDA);
+
+VOID RTMPSendDLSTearDownFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDA);
+
+NDIS_STATUS RTMPSendSTAKeyRequest(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA);
+
+NDIS_STATUS RTMPSendSTAKeyHandShake(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA);
+
+VOID DlsTimeoutAction(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+BOOLEAN MlmeDlsReqSanity(
+       IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PRT_802_11_DLS *pDLS,
+    OUT PUSHORT pReason);
+
+INT Set_DlsEntryInfo_Display_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR arg);
+
+MAC_TABLE_ENTRY *MacTableInsertDlsEntry(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR      pAddr,
+       IN  UINT        DlsEntryIdx);
+
+BOOLEAN MacTableDeleteDlsEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT wcid,
+       IN PUCHAR pAddr);
+
+MAC_TABLE_ENTRY *DlsEntryTableLookup(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pAddr,
+       IN BOOLEAN      bResetIdelCount);
+
+MAC_TABLE_ENTRY *DlsEntryTableLookupByWcid(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR        wcid,
+       IN PUCHAR       pAddr,
+       IN BOOLEAN      bResetIdelCount);
+
+INT    Set_DlsAddEntry_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_DlsTearDownEntry_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif // QOS_DLS_SUPPORT //
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef QOS_DLS_SUPPORT
+BOOLEAN PeerDlsReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pDlsTimeout,
+    OUT UCHAR *pRatesLen,
+    OUT UCHAR Rates[],
+    OUT UCHAR *pHtCapabilityLen,
+    OUT HT_CAPABILITY_IE *pHtCapability);
+
+BOOLEAN PeerDlsRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pStatus,
+    OUT UCHAR *pRatesLen,
+    OUT UCHAR Rates[],
+    OUT UCHAR *pHtCapabilityLen,
+    OUT HT_CAPABILITY_IE *pHtCapability);
+
+BOOLEAN PeerDlsTearDownSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pDA,
+    OUT PUCHAR pSA,
+    OUT USHORT *pReason);
+#endif // QOS_DLS_SUPPORT //
+
+//========================================
+
+VOID SyncStateMachineInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  STATE_MACHINE *Sm,
+       OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID BeaconTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID ScanTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID MlmeScanReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID InvalidStateWhenScan(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID InvalidStateWhenJoin(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID InvalidStateWhenStart(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerBeacon(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID EnqueueProbeRequest(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN ScanRunning(
+               IN PRTMP_ADAPTER pAd);
+//=========================================
+
+VOID MlmeCntlInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  STATE_MACHINE *S,
+       OUT STATE_MACHINE_FUNC Trans[]);
+
+VOID MlmeCntlMachinePerformAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  STATE_MACHINE *S,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlIdleProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlOidScanProc(
+       IN  PRTMP_ADAPTER pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlOidSsidProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM * Elem);
+
+VOID CntlOidRTBssidProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM * Elem);
+
+VOID CntlMlmeRoamingProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM * Elem);
+
+VOID CntlWaitDisassocProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitJoinProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitReassocProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitStartProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitAuthProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitAuthProc2(
+       IN  PRTMP_ADAPTER pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID CntlWaitAssocProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+#ifdef QOS_DLS_SUPPORT
+VOID CntlOidDLSSetupProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem);
+#endif // QOS_DLS_SUPPORT //
+
+VOID LinkUp(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR BssType);
+
+VOID LinkDown(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  BOOLEAN         IsReqFromAP);
+
+VOID IterateOnBssTab(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID IterateOnBssTab2(
+       IN  PRTMP_ADAPTER   pAd);;
+
+VOID JoinParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  OUT MLME_JOIN_REQ_STRUCT *JoinReq,
+       IN  ULONG BssIdx);
+
+VOID AssocParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN OUT MLME_ASSOC_REQ_STRUCT *AssocReq,
+       IN  PUCHAR pAddr,
+       IN  USHORT CapabilityInfo,
+       IN  ULONG Timeout,
+       IN  USHORT ListenIntv);
+
+VOID ScanParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  OUT MLME_SCAN_REQ_STRUCT *ScanReq,
+       IN  STRING Ssid[],
+       IN  UCHAR SsidLen,
+       IN  UCHAR BssType,
+       IN  UCHAR ScanType);
+
+VOID DisassocParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  OUT MLME_DISASSOC_REQ_STRUCT *DisassocReq,
+       IN  PUCHAR pAddr,
+       IN  USHORT Reason);
+
+VOID StartParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  OUT MLME_START_REQ_STRUCT *StartReq,
+       IN  CHAR Ssid[],
+       IN  UCHAR SsidLen);
+
+VOID AuthParmFill(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  OUT MLME_AUTH_REQ_STRUCT *AuthReq,
+       IN  PUCHAR pAddr,
+       IN  USHORT Alg);
+
+VOID EnqueuePsPoll(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID EnqueueBeaconFrame(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID MlmeJoinReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeScanReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID MlmeStartReqAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID ScanTimeoutAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID BeaconTimeoutAtJoinAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerBeaconAtScanAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerBeaconAtJoinAction(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerBeacon(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID PeerProbeReqAction(
+       IN  PRTMP_ADAPTER pAd,
+       IN  MLME_QUEUE_ELEM *Elem);
+
+VOID ScanNextChannel(
+       IN  PRTMP_ADAPTER   pAd);
+
+ULONG MakeIbssBeacon(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID CCXAdjacentAPReport(
+       IN  PRTMP_ADAPTER   pAd);
+
+BOOLEAN MlmeScanReqSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT UCHAR *BssType,
+       OUT CHAR ssid[],
+       OUT UCHAR *SsidLen,
+       OUT UCHAR *ScanType);
+
+BOOLEAN PeerBeaconAndProbeRspSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       IN  UCHAR MsgChannel,
+       OUT PUCHAR pAddr2,
+       OUT PUCHAR pBssid,
+       OUT CHAR Ssid[],
+       OUT UCHAR *pSsidLen,
+       OUT UCHAR *pBssType,
+       OUT USHORT *pBeaconPeriod,
+       OUT UCHAR *pChannel,
+       OUT UCHAR *pNewChannel,
+       OUT LARGE_INTEGER *pTimestamp,
+       OUT CF_PARM *pCfParm,
+       OUT USHORT *pAtimWin,
+       OUT USHORT *pCapabilityInfo,
+       OUT UCHAR *pErp,
+       OUT UCHAR *pDtimCount,
+       OUT UCHAR *pDtimPeriod,
+       OUT UCHAR *pBcastFlag,
+       OUT UCHAR *pMessageToMe,
+       OUT UCHAR SupRate[],
+       OUT UCHAR *pSupRateLen,
+       OUT UCHAR ExtRate[],
+       OUT UCHAR *pExtRateLen,
+       OUT     UCHAR *pCkipFlag,
+       OUT     UCHAR *pAironetCellPowerLimit,
+       OUT PEDCA_PARM       pEdcaParm,
+       OUT PQBSS_LOAD_PARM  pQbssLoad,
+       OUT PQOS_CAPABILITY_PARM pQosCapability,
+       OUT ULONG *pRalinkIe,
+       OUT UCHAR                *pHtCapabilityLen,
+#ifdef CONFIG_STA_SUPPORT
+       OUT UCHAR                *pPreNHtCapabilityLen,
+#endif // CONFIG_STA_SUPPORT //
+       OUT HT_CAPABILITY_IE *pHtCapability,
+       OUT UCHAR                *AddHtInfoLen,
+       OUT ADD_HT_INFO_IE *AddHtInfo,
+       OUT UCHAR *NewExtChannel,
+       OUT USHORT *LengthVIE,
+       OUT PNDIS_802_11_VARIABLE_IEs pVIE);
+
+BOOLEAN PeerAddBAReqActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen,
+       OUT PUCHAR pAddr2);
+
+BOOLEAN PeerAddBARspActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen);
+
+BOOLEAN PeerDelBAActionSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN UCHAR Wcid,
+    IN VOID *pMsg,
+    IN ULONG MsgLen);
+
+BOOLEAN MlmeAssocReqSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pApAddr,
+       OUT USHORT *CapabilityInfo,
+       OUT ULONG *Timeout,
+       OUT USHORT *ListenIntv);
+
+BOOLEAN MlmeAuthReqSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr,
+       OUT ULONG *Timeout,
+       OUT USHORT *Alg);
+
+BOOLEAN MlmeStartReqSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT CHAR Ssid[],
+       OUT UCHAR *Ssidlen);
+
+BOOLEAN PeerAuthSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr,
+       OUT USHORT *Alg,
+       OUT USHORT *Seq,
+       OUT USHORT *Status,
+       OUT CHAR ChlgText[]);
+
+BOOLEAN PeerAssocRspSanity(
+       IN  PRTMP_ADAPTER   pAd,
+    IN VOID *pMsg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr2,
+       OUT USHORT *pCapabilityInfo,
+       OUT USHORT *pStatus,
+       OUT USHORT *pAid,
+       OUT UCHAR SupRate[],
+       OUT UCHAR *pSupRateLen,
+       OUT UCHAR ExtRate[],
+       OUT UCHAR *pExtRateLen,
+    OUT HT_CAPABILITY_IE               *pHtCapability,
+    OUT ADD_HT_INFO_IE         *pAddHtInfo,    // AP might use this additional ht info IE
+    OUT UCHAR                  *pHtCapabilityLen,
+    OUT UCHAR                  *pAddHtInfoLen,
+    OUT UCHAR                  *pNewExtChannelOffset,
+       OUT PEDCA_PARM pEdcaParm,
+       OUT UCHAR *pCkipFlag);
+
+BOOLEAN PeerDisassocSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr2,
+       OUT USHORT *Reason);
+
+BOOLEAN PeerWpaMessageSanity(
+    IN PRTMP_ADAPTER           pAd,
+    IN PEAPOL_PACKET           pMsg,
+    IN ULONG                           MsgLen,
+    IN UCHAR                           MsgType,
+    IN MAC_TABLE_ENTRY         *pEntry);
+
+BOOLEAN PeerDeauthSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr2,
+       OUT USHORT *Reason);
+
+BOOLEAN PeerProbeReqSanity(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  VOID *Msg,
+       IN  ULONG MsgLen,
+       OUT PUCHAR pAddr2,
+       OUT CHAR Ssid[],
+       OUT UCHAR *pSsidLen);
+
+BOOLEAN GetTimBit(
+       IN  CHAR *Ptr,
+       IN  USHORT Aid,
+       OUT UCHAR *TimLen,
+       OUT UCHAR *BcastFlag,
+       OUT UCHAR *DtimCount,
+       OUT UCHAR *DtimPeriod,
+       OUT UCHAR *MessageToMe);
+
+UCHAR ChannelSanity(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR channel);
+
+NDIS_802_11_NETWORK_TYPE NetworkTypeInUseSanity(
+       IN PBSS_ENTRY pBss);
+
+
+BOOLEAN MlmeDelBAReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen);
+
+BOOLEAN MlmeAddBAReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2);
+
+ULONG MakeOutgoingFrame(
+       OUT UCHAR *Buffer,
+       OUT ULONG *Length, ...);
+
+VOID  LfsrInit(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  ULONG Seed);
+
+UCHAR RandomByte(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID AsicUpdateAutoFallBackTable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pTxRate);
+
+VOID  MlmePeriodicExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID LinkDownExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID LinkUpExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID STAMlmePeriodicExec(
+       PRTMP_ADAPTER pAd);
+
+VOID MlmeAutoScan(
+       IN PRTMP_ADAPTER pAd);
+
+VOID MlmeAutoReconnectLastSSID(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN MlmeValidateSSID(
+       IN PUCHAR pSsid,
+       IN UCHAR  SsidLen);
+
+VOID MlmeCheckForRoaming(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG    Now32);
+
+BOOLEAN MlmeCheckForFastRoaming(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID MlmeDynamicTxRateSwitching(
+       IN PRTMP_ADAPTER pAd);
+
+VOID MlmeSetTxRate(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PRTMP_TX_RATE_SWITCH pTxRate);
+
+VOID MlmeSelectTxRateTable(
+       IN PRTMP_ADAPTER                pAd,
+       IN PMAC_TABLE_ENTRY             pEntry,
+       IN PUCHAR                               *ppTable,
+       IN PUCHAR                               pTableSize,
+       IN PUCHAR                               pInitTxRateIdx);
+
+VOID MlmeCalculateChannelQuality(
+       IN PRTMP_ADAPTER pAd,
+       IN PMAC_TABLE_ENTRY pMacEntry,
+       IN ULONG Now);
+
+VOID MlmeCheckPsmChange(
+       IN PRTMP_ADAPTER pAd,
+       IN ULONG    Now32);
+
+VOID MlmeSetPsmBit(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT psm);
+
+VOID MlmeSetTxPreamble(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT TxPreamble);
+
+VOID UpdateBasicRateBitmap(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID MlmeUpdateTxRates(
+       IN PRTMP_ADAPTER        pAd,
+       IN      BOOLEAN                 bLinkUp,
+       IN      UCHAR                   apidx);
+
+#ifdef DOT11_N_SUPPORT
+VOID MlmeUpdateHtTxRates(
+       IN PRTMP_ADAPTER                pAd,
+       IN      UCHAR                           apidx);
+#endif // DOT11_N_SUPPORT //
+
+VOID    RTMPCheckRates(
+       IN      PRTMP_ADAPTER   pAd,
+       IN OUT  UCHAR           SupRate[],
+       IN OUT  UCHAR           *SupRateLen);
+
+#ifdef CONFIG_STA_SUPPORT
+BOOLEAN RTMPCheckChannel(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                CentralChannel,
+       IN UCHAR                Channel);
+#endif // CONFIG_STA_SUPPORT //
+
+BOOLEAN                RTMPCheckHt(
+       IN              PRTMP_ADAPTER   pAd,
+       IN              UCHAR   Wcid,
+       IN OUT  HT_CAPABILITY_IE                        *pHtCapability,
+       IN OUT  ADD_HT_INFO_IE                  *pAddHtInfo);
+
+VOID StaQuickResponeForRateUpExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID AsicBbpTuning1(
+       IN PRTMP_ADAPTER pAd);
+
+VOID AsicBbpTuning2(
+       IN PRTMP_ADAPTER pAd);
+
+VOID RTMPUpdateMlmeRate(
+       IN PRTMP_ADAPTER        pAd);
+
+CHAR RTMPMaxRssi(
+       IN PRTMP_ADAPTER        pAd,
+       IN CHAR                         Rssi0,
+       IN CHAR                         Rssi1,
+       IN CHAR                         Rssi2);
+
+#ifdef RT30xx
+VOID AsicSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant);
+
+VOID RTMPFilterCalibration(
+       IN PRTMP_ADAPTER pAd);
+
+#ifdef RTMP_EFUSE_SUPPORT
+//2008/09/11:KH add to support efuse<--
+INT set_eFuseGetFreeBlockCount_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT set_eFusedump_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT set_eFuseLoadFromBin_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+VOID eFusePhysicalReadRegisters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT Offset,
+       IN      USHORT Length,
+       OUT     USHORT* pData);
+
+int RtmpEfuseSupportCheck(
+       IN RTMP_ADAPTER *pAd);
+
+INT set_eFuseBufferModeWriteBack_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT eFuseLoadEEPROM(
+       IN PRTMP_ADAPTER pAd);
+
+INT eFuseWriteEeeppromBuf(
+       IN PRTMP_ADAPTER pAd);
+
+VOID eFuseGetFreeBlockCount(IN PRTMP_ADAPTER pAd,
+       PUINT EfuseFreeBlock);
+
+INT eFuse_init(
+       IN PRTMP_ADAPTER pAd);
+
+NTSTATUS eFuseRead(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Offset,
+       OUT     PUCHAR                  pData,
+       IN      USHORT                  Length);
+
+NTSTATUS eFuseWrite(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Offset,
+       IN      PUCHAR                  pData,
+       IN      USHORT                  length);
+//2008/09/11:KH add to support efuse-->
+#endif // RTMP_EFUSE_SUPPORT //
+
+// add by johnli, RF power sequence setup
+VOID RT30xxLoadRFNormalModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT30xxLoadRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT30xxReverseRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+// end johnli
+
+
+#ifdef RT3090
+VOID NICInitRT3090RFRegisters(
+       IN RTMP_ADAPTER *pAd);
+#endif // RT3090 //
+
+VOID RT30xxHaltAction(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT30xxSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant);
+#endif // RT30xx //
+#ifdef RT33xx
+VOID RT33xxLoadRFNormalModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT33xxLoadRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT33xxReverseRFSleepModeSetup(
+       IN PRTMP_ADAPTER        pAd);
+
+#ifdef RT3370
+VOID NICInitRT3370RFRegisters(
+       IN RTMP_ADAPTER *pAd);
+#endif // RT3070 //
+
+#ifdef RT3390
+VOID NICInitRT3390RFRegisters(
+       IN RTMP_ADAPTER *pAd);
+#endif // RT3090 //
+
+VOID RT33xxHaltAction(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID RT33xxSetRxAnt(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        Ant);
+
+#endif // RT33xx //
+
+
+
+VOID AsicEvaluateRxAnt(
+       IN PRTMP_ADAPTER        pAd);
+
+VOID AsicRxAntEvalTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID APSDPeriodicExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+BOOLEAN RTMPCheckEntryEnableAutoRateSwitch(
+       IN PRTMP_ADAPTER    pAd,
+       IN PMAC_TABLE_ENTRY     pEntry);
+
+UCHAR RTMPStaFixedTxMode(
+       IN PRTMP_ADAPTER    pAd,
+       IN PMAC_TABLE_ENTRY     pEntry);
+
+VOID RTMPUpdateLegacyTxSetting(
+               UCHAR                           fixed_tx_mode,
+               PMAC_TABLE_ENTRY        pEntry);
+
+BOOLEAN RTMPAutoRateSwitchCheck(
+       IN PRTMP_ADAPTER    pAd);
+
+NDIS_STATUS MlmeInit(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID MlmeHandler(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID MlmeHalt(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID MlmeResetRalinkCounters(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID BuildChannelList(
+       IN PRTMP_ADAPTER pAd);
+
+UCHAR FirstChannel(
+       IN  PRTMP_ADAPTER   pAd);
+
+UCHAR NextChannel(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR channel);
+
+VOID ChangeToCellPowerLimit(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR         AironetCellPowerLimit);
+
+//
+// Prototypes of function definition in rtmp_tkip.c
+//
+VOID    RTMPInitTkipEngine(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pTKey,
+       IN  UCHAR           KeyId,
+       IN  PUCHAR          pTA,
+       IN  PUCHAR          pMICKey,
+       IN  PUCHAR          pTSC,
+       OUT PULONG          pIV16,
+       OUT PULONG          pIV32);
+
+VOID    RTMPInitMICEngine(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKey,
+       IN  PUCHAR          pDA,
+       IN  PUCHAR          pSA,
+       IN  UCHAR           UserPriority,
+       IN  PUCHAR          pMICKey);
+
+BOOLEAN RTMPTkipCompareMICValue(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pSrc,
+       IN  PUCHAR          pDA,
+       IN  PUCHAR          pSA,
+       IN  PUCHAR          pMICKey,
+       IN      UCHAR                   UserPriority,
+       IN  UINT            Len);
+
+VOID    RTMPCalculateMICValue(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PNDIS_PACKET    pPacket,
+       IN  PUCHAR          pEncap,
+       IN  PCIPHER_KEY     pKey,
+       IN      UCHAR                   apidx);
+
+BOOLEAN RTMPTkipCompareMICValueWithLLC(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pLLC,
+       IN  PUCHAR          pSrc,
+       IN  PUCHAR          pDA,
+       IN  PUCHAR          pSA,
+       IN  PUCHAR          pMICKey,
+       IN  UINT            Len);
+
+VOID    RTMPTkipAppendByte(
+       IN  PTKIP_KEY_INFO  pTkip,
+       IN  UCHAR           uChar);
+
+VOID    RTMPTkipAppend(
+       IN  PTKIP_KEY_INFO  pTkip,
+       IN  PUCHAR          pSrc,
+       IN  UINT            nBytes);
+
+VOID    RTMPTkipGetMIC(
+       IN  PTKIP_KEY_INFO  pTkip);
+
+BOOLEAN RTMPSoftDecryptTKIP(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pData,
+       IN ULONG        DataByteCnt,
+       IN UCHAR    UserPriority,
+       IN PCIPHER_KEY  pWpaKey);
+
+BOOLEAN RTMPSoftDecryptAES(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pData,
+       IN ULONG        DataByteCnt,
+       IN PCIPHER_KEY  pWpaKey);
+
+
+
+//
+// Prototypes of function definition in cmm_info.c
+//
+INT RT_CfgSetCountryRegion(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg,
+       IN INT                          band);
+
+INT RT_CfgSetWirelessMode(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT RT_CfgSetShortSlot(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    RT_CfgSetWepKey(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 keyString,
+       IN      CIPHER_KEY              *pSharedKey,
+       IN      INT                             keyIdx);
+
+INT RT_CfgSetWPAPSKKey(
+       IN RTMP_ADAPTER *pAd,
+       IN PSTRING              keyString,
+       IN UCHAR                *pHashStr,
+       IN INT                  hashStrLen,
+       OUT PUCHAR              pPMKBuf);
+
+
+
+//
+// Prototypes of function definition in cmm_info.c
+//
+NDIS_STATUS RTMPWPARemoveKeyProc(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PVOID           pBuf);
+
+VOID    RTMPWPARemoveAllKeys(
+       IN  PRTMP_ADAPTER   pAd);
+
+BOOLEAN RTMPCheckStrPrintAble(
+    IN  CHAR *pInPutStr,
+    IN  UCHAR strLen);
+
+VOID    RTMPSetPhyMode(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  ULONG phymode);
+
+VOID   RTMPUpdateHTIE(
+       IN      RT_HT_CAPABILITY        *pRtHt,
+       IN              UCHAR                           *pMcsSet,
+       OUT             HT_CAPABILITY_IE *pHtCapability,
+       OUT             ADD_HT_INFO_IE          *pAddHtInfo);
+
+VOID   RTMPAddWcidAttributeEntry(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   BssIdx,
+       IN      UCHAR                   KeyIdx,
+       IN      UCHAR                   CipherAlg,
+       IN      MAC_TABLE_ENTRY *pEntry);
+
+PSTRING GetEncryptType(
+       CHAR enc);
+
+PSTRING GetAuthMode(
+       CHAR auth);
+
+
+VOID RTMPIndicateWPA2Status(
+       IN  PRTMP_ADAPTER  pAdapter);
+
+VOID   RTMPOPModeSwitching(
+       IN      PRTMP_ADAPTER   pAd);
+
+
+#ifdef DOT11_N_SUPPORT
+VOID   RTMPSetHT(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      OID_SET_HT_PHYMODE *pHTPhyMode);
+
+VOID   RTMPSetIndividualHT(
+       IN      PRTMP_ADAPTER           pAd,
+       IN      UCHAR                           apidx);
+#endif // DOT11_N_SUPPORT //
+
+VOID RTMPSendWirelessEvent(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT                  Event_flag,
+       IN      PUCHAR                  pAddr,
+       IN  UCHAR                       BssIdx,
+       IN      CHAR                    Rssi);
+
+VOID   NICUpdateCntlCounters(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PHEADER_802_11  pHeader,
+       IN    UCHAR                     SubType,
+       IN      PRXWI_STRUC     pRxWI);
+
+VOID    DBGPRINT_TX_RING(
+       IN PRTMP_ADAPTER  pAd,
+       IN UCHAR          QueIdx);
+
+VOID DBGPRINT_RX_RING(
+       IN PRTMP_ADAPTER  pAd);
+
+CHAR    ConvertToRssi(
+       IN PRTMP_ADAPTER  pAd,
+       IN CHAR                         Rssi,
+       IN UCHAR    RssiNumber);
+
+
+#ifdef DOT11N_DRAFT3
+VOID BuildEffectedChannelList(
+       IN PRTMP_ADAPTER pAd);
+#endif // DOT11N_DRAFT3 //
+
+
+VOID APAsicEvaluateRxAnt(
+       IN PRTMP_ADAPTER        pAd);
+
+#ifdef ANT_DIVERSITY_SUPPORT
+VOID   APAsicAntennaAvg(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                 AntSelect,
+       IN      SHORT                 *RssiAvg);
+#endif // ANT_DIVERSITY_SUPPORT //
+
+VOID APAsicRxAntEvalTimeout(
+       IN PRTMP_ADAPTER        pAd);
+
+/*===================================
+       Function prototype in cmm_wpa.c
+  =================================== */
+VOID   RTMPToWirelessSta(
+    IN  PRTMP_ADAPTER          pAd,
+    IN  PMAC_TABLE_ENTRY       pEntry,
+    IN  PUCHAR                 pHeader802_3,
+    IN  UINT                   HdrLen,
+    IN  PUCHAR                 pData,
+    IN  UINT                   DataLen,
+    IN BOOLEAN                         bClearFrame);
+
+VOID WpaDerivePTK(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UCHAR   *PMK,
+       IN  UCHAR   *ANonce,
+       IN  UCHAR   *AA,
+       IN  UCHAR   *SNonce,
+       IN  UCHAR   *SA,
+       OUT UCHAR   *output,
+       IN  UINT    len);
+
+VOID    GenRandom(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   *macAddr,
+       OUT     UCHAR                   *random);
+
+BOOLEAN RTMPCheckWPAframe(
+       IN PRTMP_ADAPTER pAd,
+       IN PMAC_TABLE_ENTRY     pEntry,
+       IN PUCHAR                       pData,
+       IN ULONG                        DataByteCount,
+       IN UCHAR                        FromWhichBSSID);
+
+VOID AES_GTK_KEY_UNWRAP(
+       IN  UCHAR   *key,
+       OUT UCHAR   *plaintext,
+       IN      UINT32  c_len,
+       IN  UCHAR   *ciphertext);
+
+BOOLEAN RTMPParseEapolKeyData(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pKeyData,
+       IN  UCHAR           KeyDataLen,
+       IN      UCHAR                   GroupKeyIndex,
+       IN      UCHAR                   MsgType,
+       IN      BOOLEAN                 bWPA2,
+       IN  MAC_TABLE_ENTRY *pEntry);
+
+VOID   ConstructEapolMsg(
+       IN      PMAC_TABLE_ENTRY        pEntry,
+    IN UCHAR                           GroupKeyWepStatus,
+    IN UCHAR                           MsgType,
+    IN UCHAR                           DefaultKeyIdx,
+       IN      UCHAR                           *KeyNonce,
+       IN      UCHAR                           *TxRSC,
+       IN      UCHAR                           *GTK,
+       IN      UCHAR                           *RSNIE,
+       IN      UCHAR                           RSNIE_Len,
+    OUT PEAPOL_PACKET       pMsg);
+
+NDIS_STATUS    RTMPSoftDecryptBroadCastData(
+       IN      PRTMP_ADAPTER                                   pAd,
+       IN      RX_BLK                                                  *pRxBlk,
+       IN  NDIS_802_11_ENCRYPTION_STATUS       GroupCipher,
+       IN  PCIPHER_KEY                                         pShard_key);
+
+VOID RTMPMakeRSNIE(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  UINT            AuthMode,
+       IN  UINT            WepStatus,
+       IN      UCHAR                   apidx);
+
+//
+// function prototype in ap_wpa.c
+//
+VOID RTMPGetTxTscFromAsic(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   apidx,
+       OUT     PUCHAR                  pTxTsc);
+
+VOID APInstallPairwiseKey(
+       PRTMP_ADAPTER           pAd,
+       PMAC_TABLE_ENTRY        pEntry);
+
+MAC_TABLE_ENTRY *PACInquiry(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  ULONG           Wcid);
+
+UINT   APValidateRSNIE(
+       IN PRTMP_ADAPTER    pAd,
+       IN PMAC_TABLE_ENTRY pEntry,
+       IN PUCHAR                       pRsnIe,
+       IN UCHAR                        rsnie_len);
+
+VOID HandleCounterMeasure(
+       IN PRTMP_ADAPTER pAd,
+       IN MAC_TABLE_ENTRY  *pEntry);
+
+VOID WPAStart4WayHS(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MAC_TABLE_ENTRY *pEntry,
+       IN      ULONG                   TimeInterval);
+
+VOID WPAStart2WayGroupHS(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  MAC_TABLE_ENTRY *pEntry);
+
+VOID PeerPairMsg1Action(
+       IN PRTMP_ADAPTER pAd,
+       IN MAC_TABLE_ENTRY  *pEntry,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerPairMsg2Action(
+       IN PRTMP_ADAPTER pAd,
+       IN MAC_TABLE_ENTRY  *pEntry,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerPairMsg3Action(
+       IN PRTMP_ADAPTER pAd,
+       IN MAC_TABLE_ENTRY  *pEntry,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerPairMsg4Action(
+       IN PRTMP_ADAPTER pAd,
+       IN MAC_TABLE_ENTRY  *pEntry,
+       IN MLME_QUEUE_ELEM *Elem);
+
+VOID PeerGroupMsg1Action(
+       IN  PRTMP_ADAPTER    pAd,
+       IN  PMAC_TABLE_ENTRY pEntry,
+    IN  MLME_QUEUE_ELEM  *Elem);
+
+VOID PeerGroupMsg2Action(
+       IN  PRTMP_ADAPTER    pAd,
+       IN  PMAC_TABLE_ENTRY pEntry,
+       IN  VOID             *Msg,
+       IN  UINT             MsgLen);
+
+VOID CMTimerExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID WPARetryExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID EnqueueStartForPSKExec(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3);
+
+VOID RTMPHandleSTAKey(
+    IN PRTMP_ADAPTER    pAdapter,
+    IN MAC_TABLE_ENTRY  *pEntry,
+    IN MLME_QUEUE_ELEM  *Elem);
+
+VOID PairDisAssocAction(
+       IN  PRTMP_ADAPTER    pAd,
+       IN  PMAC_TABLE_ENTRY pEntry,
+       IN  USHORT           Reason);
+
+VOID MlmeDeAuthAction(
+       IN  PRTMP_ADAPTER    pAd,
+       IN  PMAC_TABLE_ENTRY pEntry,
+       IN  USHORT           Reason);
+
+VOID GREKEYPeriodicExec(
+       IN  PVOID   SystemSpecific1,
+       IN  PVOID   FunctionContext,
+       IN  PVOID   SystemSpecific2,
+       IN  PVOID   SystemSpecific3);
+
+VOID WpaDeriveGTK(
+       IN  UCHAR   *PMK,
+       IN  UCHAR   *GNonce,
+       IN  UCHAR   *AA,
+       OUT UCHAR   *output,
+       IN  UINT    len);
+
+VOID AES_GTK_KEY_WRAP(
+       IN UCHAR *key,
+       IN UCHAR *plaintext,
+       IN UINT32 p_len,
+       OUT UCHAR *ciphertext);
+
+VOID AES_128_CMAC(
+       IN      PUCHAR  key,
+       IN      PUCHAR  input,
+       IN      INT             len,
+       OUT     PUCHAR  mac);
+
+VOID    WpaSend(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PUCHAR          pPacket,
+    IN  ULONG           Len);
+
+VOID RTMPAddPMKIDCache(
+       IN  PRTMP_ADAPTER               pAd,
+       IN      INT                                             apidx,
+       IN      PUCHAR                          pAddr,
+       IN      UCHAR                                   *PMKID,
+       IN      UCHAR                                   *PMK);
+
+INT RTMPSearchPMKIDCache(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      INT                             apidx,
+       IN      PUCHAR          pAddr);
+
+VOID RTMPDeletePMKIDCache(
+       IN  PRTMP_ADAPTER   pAd,
+       IN      INT                             apidx,
+       IN  INT                         idx);
+
+VOID RTMPMaintainPMKIDCache(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID   RTMPSendTriggerFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PVOID                   pBuffer,
+       IN      ULONG                   Length,
+       IN  UCHAR           TxRate,
+       IN      BOOLEAN                 bQosNull);
+
+//typedef void (*TIMER_FUNCTION)(unsigned long);
+
+
+/* timeout -- ms */
+VOID RTMP_SetPeriodicTimer(
+       IN      NDIS_MINIPORT_TIMER *pTimer,
+       IN      unsigned long timeout);
+
+VOID RTMP_OS_Init_Timer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      NDIS_MINIPORT_TIMER *pTimer,
+       IN      TIMER_FUNCTION function,
+       IN      PVOID data);
+
+VOID RTMP_OS_Add_Timer(
+       IN      NDIS_MINIPORT_TIMER     *pTimer,
+       IN      unsigned long timeout);
+
+VOID RTMP_OS_Mod_Timer(
+       IN      NDIS_MINIPORT_TIMER     *pTimer,
+       IN      unsigned long timeout);
+
+
+VOID RTMP_OS_Del_Timer(
+       IN      NDIS_MINIPORT_TIMER     *pTimer,
+       OUT     BOOLEAN                          *pCancelled);
+
+
+VOID RTMP_OS_Release_Packet(
+       IN      PRTMP_ADAPTER pAd,
+       IN      PQUEUE_ENTRY  pEntry);
+
+VOID RTMPusecDelay(
+       IN      ULONG   usec);
+
+NDIS_STATUS os_alloc_mem(
+       IN      RTMP_ADAPTER *pAd,
+       OUT     UCHAR **mem,
+       IN      ULONG  size);
+
+NDIS_STATUS os_free_mem(
+       IN      PRTMP_ADAPTER pAd,
+       IN      PVOID mem);
+
+
+void RTMP_AllocateSharedMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+VOID RTMPFreeTxRxRingMemory(
+    IN  PRTMP_ADAPTER   pAd);
+
+NDIS_STATUS AdapterBlockAllocateMemory(
+       IN PVOID        handle,
+       OUT     PVOID   *ppAd);
+
+void RTMP_AllocateTxDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      UINT    Index,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+void RTMP_AllocateFirstTxBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      UINT    Index,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+void RTMP_FreeFirstTxBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       IN      PVOID   VirtualAddress,
+       IN      NDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+void RTMP_AllocateMgmtDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+void RTMP_AllocateRxDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+void RTMP_FreeDescMemory(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      PVOID   VirtualAddress,
+       IN      NDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+PNDIS_PACKET RtmpOSNetPktAlloc(
+       IN RTMP_ADAPTER *pAd,
+       IN int size);
+
+PNDIS_PACKET RTMP_AllocateRxPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress,
+       OUT     PNDIS_PHYSICAL_ADDRESS PhysicalAddress);
+
+PNDIS_PACKET RTMP_AllocateTxPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length,
+       IN      BOOLEAN Cached,
+       OUT     PVOID   *VirtualAddress);
+
+PNDIS_PACKET RTMP_AllocateFragPacketBuffer(
+       IN      PRTMP_ADAPTER pAd,
+       IN      ULONG   Length);
+
+void RTMP_QueryPacketInfo(
+       IN  PNDIS_PACKET pPacket,
+       OUT PACKET_INFO  *pPacketInfo,
+       OUT PUCHAR               *pSrcBufVA,
+       OUT     UINT             *pSrcBufLen);
+
+void RTMP_QueryNextPacketInfo(
+       IN  PNDIS_PACKET *ppPacket,
+       OUT PACKET_INFO  *pPacketInfo,
+       OUT PUCHAR               *pSrcBufVA,
+       OUT     UINT             *pSrcBufLen);
+
+
+BOOLEAN RTMP_FillTxBlkInfo(
+       IN RTMP_ADAPTER *pAd,
+       IN TX_BLK *pTxBlk);
+
+
+PRTMP_SCATTER_GATHER_LIST
+rt_get_sg_list_from_packet(PNDIS_PACKET pPacket, RTMP_SCATTER_GATHER_LIST *sg);
+
+
+ void announce_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket);
+
+
+UINT BA_Reorder_AMSDU_Annnounce(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket);
+
+
+UINT Handle_AMSDU_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize,
+       IN  UCHAR                       FromWhichBSSID);
+
+
+void convert_802_11_to_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR                  p8023hdr,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize,
+       IN  UCHAR                       FromWhichBSSID);
+
+
+PNET_DEV get_netdev_from_bssid(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   FromWhichBSSID);
+
+
+PNDIS_PACKET duplicate_pkt(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pHeader802_3,
+    IN  UINT            HdrLen,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize,
+       IN      UCHAR                   FromWhichBSSID);
+
+
+PNDIS_PACKET duplicate_pkt_with_TKIP_MIC(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pOldPkt);
+
+PNDIS_PACKET duplicate_pkt_with_VLAN(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pHeader802_3,
+    IN  UINT            HdrLen,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize,
+       IN      UCHAR                   FromWhichBSSID);
+
+
+UCHAR VLAN_8023_Header_Copy(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pHeader802_3,
+       IN      UINT            HdrLen,
+       OUT PUCHAR                      pData,
+       IN      UCHAR                   FromWhichBSSID);
+
+#ifdef DOT11_N_SUPPORT
+void ba_flush_reordering_timeout_mpdus(
+       IN PRTMP_ADAPTER        pAd,
+       IN PBA_REC_ENTRY        pBAEntry,
+       IN ULONG                        Now32);
+
+
+VOID BAOriSessionSetUp(
+                       IN PRTMP_ADAPTER    pAd,
+                       IN MAC_TABLE_ENTRY      *pEntry,
+                       IN UCHAR                        TID,
+                       IN USHORT                       TimeOut,
+                       IN ULONG                        DelayTime,
+                       IN BOOLEAN              isForced);
+
+VOID BASessionTearDownALL(
+       IN OUT  PRTMP_ADAPTER pAd,
+       IN              UCHAR Wcid);
+#endif // DOT11_N_SUPPORT //
+
+BOOLEAN OS_Need_Clone_Packet(void);
+
+
+VOID build_tx_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR  pFrame,
+       IN      ULONG   FrameLen);
+
+
+VOID BAOriSessionTearDown(
+       IN OUT  PRTMP_ADAPTER   pAd,
+       IN              UCHAR                   Wcid,
+       IN              UCHAR                   TID,
+       IN              BOOLEAN                 bPassive,
+       IN              BOOLEAN                 bForceSend);
+
+VOID BARecSessionTearDown(
+       IN OUT  PRTMP_ADAPTER   pAd,
+       IN              UCHAR                   Wcid,
+       IN              UCHAR                   TID,
+       IN              BOOLEAN                 bPassive);
+
+BOOLEAN ba_reordering_resource_init(PRTMP_ADAPTER pAd, int num);
+void ba_reordering_resource_release(PRTMP_ADAPTER pAd);
+
+
+
+#ifdef NINTENDO_AP
+VOID   InitNINTENDO_TABLE(
+       IN PRTMP_ADAPTER pAd);
+
+UCHAR  CheckNINTENDO_TABLE(
+       IN PRTMP_ADAPTER pAd,
+       PCHAR pDS_Ssid,
+       UCHAR DS_SsidLen,
+       PUCHAR pDS_Addr);
+
+UCHAR  DelNINTENDO_ENTRY(
+       IN      PRTMP_ADAPTER pAd,
+       UCHAR * pDS_Addr);
+
+VOID   RTMPIoctlNintendoCapable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+VOID   RTMPIoctlNintendoGetTable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+VOID   RTMPIoctlNintendoSetTable(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      struct iwreq    *wrq);
+
+#endif // NINTENDO_AP //
+
+BOOLEAN rtstrmactohex(
+       IN PSTRING s1,
+       IN PSTRING s2);
+
+BOOLEAN rtstrcasecmp(
+       IN PSTRING s1,
+       IN PSTRING s2);
+
+PSTRING rtstrstruncasecmp(
+       IN PSTRING s1,
+       IN PSTRING s2);
+
+PSTRING rtstrstr(
+       IN      const PSTRING s1,
+       IN      const PSTRING s2);
+
+PSTRING rstrtok(
+       IN PSTRING s,
+       IN const PSTRING ct);
+
+int rtinet_aton(
+       const PSTRING cp,
+       unsigned int *addr);
+
+////////// common ioctl functions //////////
+INT Set_DriverVersion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_CountryRegion_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_CountryRegionABand_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_WirelessMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_Channel_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ShortSlot_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_TxPower_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_BGProtection_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+
+INT Set_TxPreamble_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+
+INT Set_RTSThreshold_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+
+INT Set_FragThreshold_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+
+INT Set_TxBurst_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+
+#ifdef AGGREGATION_SUPPORT
+INT    Set_PktAggregate_Proc(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PSTRING                     arg);
+#endif // AGGREGATION_SUPPORT //
+
+#ifdef INF_AMAZON_PPA
+INT    Set_INF_AMAZON_SE_PPA_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  arg);
+
+#endif // INF_AMAZON_PPA //
+
+INT    Set_IEEE80211H_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifdef DBG
+INT    Set_Debug_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif
+
+INT    Show_DescInfo_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ResetStatCounter_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifdef DOT11_N_SUPPORT
+INT    Set_BASetup_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_BADecline_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_BAOriTearDown_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_BARecTearDown_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtBw_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtMcs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtGi_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtOpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtStbc_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtHtc_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtExtcha_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtMpduDensity_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtBaWinSize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtRdg_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtLinkAdapt_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtAmsdu_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtAutoBa_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtProtect_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtMimoPs_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+
+INT    Set_ForceShortGI_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_ForceGF_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    SetCommonHT(
+       IN      PRTMP_ADAPTER   pAd);
+
+INT    Set_SendPSMPAction_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtMIMOPSmode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+
+INT    Set_HtTxBASize_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT    Set_HtDisallowTKIP_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#endif // DOT11_N_SUPPORT //
+
+
+
+#ifdef CONFIG_STA_SUPPORT
+//Dls ,        kathy
+VOID RTMPSendDLSTearDownFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA);
+
+#ifdef DOT11_N_SUPPORT
+//Block ACK
+VOID QueryBATABLE(
+       IN  PRTMP_ADAPTER pAd,
+       OUT PQUERYBA_TABLE pBAT);
+#endif // DOT11_N_SUPPORT //
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+INT        WpaCheckEapCode(
+       IN  PRTMP_ADAPTER       pAd,
+       IN  PUCHAR                              pFrame,
+       IN  USHORT                              FrameLen,
+       IN  USHORT                              OffSet);
+
+VOID    WpaSendMicFailureToWpaSupplicant(
+    IN  PRTMP_ADAPTER       pAd,
+    IN  BOOLEAN             bUnicast);
+
+VOID    SendAssocIEsToWpaSupplicant(
+    IN  PRTMP_ADAPTER       pAd);
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+int wext_notify_event_assoc(
+       IN  RTMP_ADAPTER *pAd);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+#ifdef DOT11_N_SUPPORT
+VOID Handle_BSS_Width_Trigger_Events(
+       IN PRTMP_ADAPTER pAd);
+
+void build_ext_channel_switch_ie(
+       IN PRTMP_ADAPTER pAd,
+       IN HT_EXT_CHANNEL_SWITCH_ANNOUNCEMENT_IE *pIE);
+#endif // DOT11_N_SUPPORT //
+
+
+BOOLEAN APRxDoneInterruptHandle(
+       IN      PRTMP_ADAPTER   pAd);
+
+BOOLEAN STARxDoneInterruptHandle(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      BOOLEAN                 argc);
+
+#ifdef DOT11_N_SUPPORT
+// AMPDU packet indication
+VOID Indicate_AMPDU_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+// AMSDU packet indication
+VOID Indicate_AMSDU_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+#endif // DOT11_N_SUPPORT //
+
+// Normal legacy Rx packet indication
+VOID Indicate_Legacy_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+VOID Indicate_EAPOL_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+void  update_os_packet_info(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+void wlan_802_11_to_802_3_packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      PUCHAR                  pHeader802_3,
+       IN  UCHAR                       FromWhichBSSID);
+
+UINT deaggregate_AMSDU_announce(
+       IN      PRTMP_ADAPTER   pAd,
+       PNDIS_PACKET            pPacket,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize);
+
+
+#ifdef CONFIG_STA_SUPPORT
+// remove LLC and get 802_3 Header
+#define  RTMP_802_11_REMOVE_LLC_AND_CONVERT_TO_802_3(_pRxBlk, _pHeader802_3)   \
+{                                                                                                                                                              \
+       PUCHAR _pRemovedLLCSNAP = NULL, _pDA, _pSA;                                 \
+                                                                                                                                                               \
+       if (RX_BLK_TEST_FLAG(_pRxBlk, fRX_MESH))                                    \
+       {                                                                           \
+               _pDA = _pRxBlk->pHeader->Addr3;                                         \
+               _pSA = (PUCHAR)_pRxBlk->pHeader + sizeof(HEADER_802_11);                \
+       }                                                                           \
+       else                                                                        \
+       {                                                                           \
+               if (RX_BLK_TEST_FLAG(_pRxBlk, fRX_INFRA))                               \
+               {                                                                       \
+                       _pDA = _pRxBlk->pHeader->Addr1;                                     \
+               if (RX_BLK_TEST_FLAG(_pRxBlk, fRX_DLS))                                                                 \
+                       _pSA = _pRxBlk->pHeader->Addr2;                                                                         \
+               else                                                                                                                                    \
+                       _pSA = _pRxBlk->pHeader->Addr3;                                     \
+               }                                                                       \
+               else                                                                    \
+               {                                                                       \
+                       _pDA = _pRxBlk->pHeader->Addr1;                                     \
+                       _pSA = _pRxBlk->pHeader->Addr2;                                     \
+               }                                                                       \
+       }                                                                           \
+                                                                                                                                                               \
+       CONVERT_TO_802_3(_pHeader802_3, _pDA, _pSA, _pRxBlk->pData,                             \
+               _pRxBlk->DataSize, _pRemovedLLCSNAP);                                   \
+}
+#endif // CONFIG_STA_SUPPORT //
+
+
+BOOLEAN APFowardWirelessStaToWirelessSta(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      ULONG                   FromWhichBSSID);
+
+VOID Announce_or_Forward_802_3_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      UCHAR                   FromWhichBSSID);
+
+VOID Sta_Announce_or_Forward_802_3_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      UCHAR                   FromWhichBSSID);
+
+
+#ifdef CONFIG_STA_SUPPORT
+#define ANNOUNCE_OR_FORWARD_802_3_PACKET(_pAd, _pPacket, _FromWhichBSS)\
+                       Sta_Announce_or_Forward_802_3_Packet(_pAd, _pPacket, _FromWhichBSS);
+                       //announce_802_3_packet(_pAd, _pPacket);
+#endif // CONFIG_STA_SUPPORT //
+
+
+PNDIS_PACKET DuplicatePacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      UCHAR                   FromWhichBSSID);
+
+
+PNDIS_PACKET ClonePacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      PUCHAR                  pData,
+       IN      ULONG                   DataSize);
+
+
+// Normal, AMPDU or AMSDU
+VOID CmmRxnonRalinkFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+VOID CmmRxRalinkFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID);
+
+VOID Update_Rssi_Sample(
+       IN PRTMP_ADAPTER        pAd,
+       IN RSSI_SAMPLE          *pRssi,
+       IN PRXWI_STRUC          pRxWI);
+
+PNDIS_PACKET GetPacketFromRxRing(
+       IN              PRTMP_ADAPTER   pAd,
+       OUT             PRT28XX_RXD_STRUC               pSaveRxD,
+       OUT             BOOLEAN                 *pbReschedule,
+       IN OUT  UINT32                  *pRxPending);
+
+PNDIS_PACKET RTMPDeFragmentDataFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk);
+
+////////////////////////////////////////
+
+VOID RTMPIoctlGetSiteSurvey(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq);
+
+
+
+
+
+#ifdef SNMP_SUPPORT
+//for snmp , kathy
+typedef struct _DefaultKeyIdxValue
+{
+       UCHAR   KeyIdx;
+       UCHAR   Value[16];
+} DefaultKeyIdxValue, *PDefaultKeyIdxValue;
+#endif
+
+
+#ifdef CONFIG_STA_SUPPORT
+enum {
+       DIDmsg_lnxind_wlansniffrm               = 0x00000044,
+       DIDmsg_lnxind_wlansniffrm_hosttime      = 0x00010044,
+       DIDmsg_lnxind_wlansniffrm_mactime       = 0x00020044,
+       DIDmsg_lnxind_wlansniffrm_channel       = 0x00030044,
+       DIDmsg_lnxind_wlansniffrm_rssi          = 0x00040044,
+       DIDmsg_lnxind_wlansniffrm_sq            = 0x00050044,
+       DIDmsg_lnxind_wlansniffrm_signal        = 0x00060044,
+       DIDmsg_lnxind_wlansniffrm_noise         = 0x00070044,
+       DIDmsg_lnxind_wlansniffrm_rate          = 0x00080044,
+       DIDmsg_lnxind_wlansniffrm_istx          = 0x00090044,
+       DIDmsg_lnxind_wlansniffrm_frmlen        = 0x000A0044
+};
+enum {
+       P80211ENUM_msgitem_status_no_value      = 0x00
+};
+enum {
+       P80211ENUM_truth_false                  = 0x00,
+       P80211ENUM_truth_true                   = 0x01
+};
+
+/* Definition from madwifi */
+typedef struct {
+        UINT32 did;
+        UINT16 status;
+        UINT16 len;
+        UINT32 data;
+} p80211item_uint32_t;
+
+typedef struct {
+        UINT32 msgcode;
+        UINT32 msglen;
+#define WLAN_DEVNAMELEN_MAX 16
+        UINT8 devname[WLAN_DEVNAMELEN_MAX];
+        p80211item_uint32_t hosttime;
+        p80211item_uint32_t mactime;
+        p80211item_uint32_t channel;
+        p80211item_uint32_t rssi;
+        p80211item_uint32_t sq;
+        p80211item_uint32_t signal;
+        p80211item_uint32_t noise;
+        p80211item_uint32_t rate;
+        p80211item_uint32_t istx;
+        p80211item_uint32_t frmlen;
+} wlan_ng_prism2_header;
+
+/* The radio capture header precedes the 802.11 header. */
+typedef struct PACKED _ieee80211_radiotap_header {
+    UINT8      it_version;     /* Version 0. Only increases
+                                * for drastic changes,
+                                * introduction of compatible
+                                * new fields does not count.
+                                */
+    UINT8      it_pad;
+    UINT16     it_len;         /* length of the whole
+                                * header in bytes, including
+                                * it_version, it_pad,
+                                * it_len, and data fields.
+                                */
+    UINT32   it_present;       /* A bitmap telling which
+                                        * fields are present. Set bit 31
+                                        * (0x80000000) to extend the
+                                        * bitmap by another 32 bits.
+                                        * Additional extensions are made
+                                        * by setting bit 31.
+                                        */
+}ieee80211_radiotap_header ;
+
+enum ieee80211_radiotap_type {
+    IEEE80211_RADIOTAP_TSFT = 0,
+    IEEE80211_RADIOTAP_FLAGS = 1,
+    IEEE80211_RADIOTAP_RATE = 2,
+    IEEE80211_RADIOTAP_CHANNEL = 3,
+    IEEE80211_RADIOTAP_FHSS = 4,
+    IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
+    IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
+    IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
+    IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
+    IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
+    IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
+    IEEE80211_RADIOTAP_ANTENNA = 11,
+    IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
+    IEEE80211_RADIOTAP_DB_ANTNOISE = 13
+};
+
+#define WLAN_RADIOTAP_PRESENT (                        \
+       (1 << IEEE80211_RADIOTAP_TSFT)  |       \
+       (1 << IEEE80211_RADIOTAP_FLAGS) |       \
+       (1 << IEEE80211_RADIOTAP_RATE)  |       \
+        0)
+
+typedef struct _wlan_radiotap_header {
+       ieee80211_radiotap_header wt_ihdr;
+       INT64 wt_tsft;
+       UINT8 wt_flags;
+       UINT8 wt_rate;
+} wlan_radiotap_header;
+/* Definition from madwifi */
+
+void send_monitor_packets(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk);
+
+
+VOID    RTMPSetDesiredRates(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  LONG            Rates);
+#endif // CONFIG_STA_SUPPORT //
+
+INT    Set_FixedTxMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+INT    Set_OpMode_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+
+INT Set_LongRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg);
+
+INT Set_ShortRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg);
+
+BOOLEAN RT28XXChipsetCheck(
+       IN void *_dev_p);
+
+
+VOID RT28XXDMADisable(
+       IN RTMP_ADAPTER                 *pAd);
+
+VOID RT28XXDMAEnable(
+       IN RTMP_ADAPTER                 *pAd);
+
+VOID RT28xx_UpdateBeaconToAsic(
+       IN RTMP_ADAPTER * pAd,
+       IN INT apidx,
+       IN ULONG BeaconLen,
+       IN ULONG UpdatePos);
+
+int rt28xx_init(
+       IN PRTMP_ADAPTER pAd,
+       IN PSTRING pDefaultMac,
+       IN PSTRING pHostName);
+
+BOOLEAN RT28XXSecurityKeyAdd(
+       IN              PRTMP_ADAPTER           pAd,
+       IN              ULONG                           apidx,
+       IN              ULONG                           KeyIdx,
+       IN              MAC_TABLE_ENTRY         *pEntry);
+
+NDIS_STATUS RtmpNetTaskInit(
+       IN RTMP_ADAPTER *pAd);
+
+VOID RtmpNetTaskExit(
+       IN PRTMP_ADAPTER pAd);
+
+NDIS_STATUS RtmpMgmtTaskInit(
+       IN RTMP_ADAPTER *pAd);
+
+VOID RtmpMgmtTaskExit(
+       IN RTMP_ADAPTER *pAd);
+
+void tbtt_tasklet(unsigned long data);
+
+
+PNET_DEV RtmpPhyNetDevInit(
+       IN RTMP_ADAPTER *pAd,
+       IN RTMP_OS_NETDEV_OP_HOOK *pNetHook);
+
+BOOLEAN RtmpPhyNetDevExit(
+       IN RTMP_ADAPTER *pAd,
+       IN PNET_DEV net_dev);
+
+INT RtmpRaDevCtrlInit(
+       IN RTMP_ADAPTER *pAd,
+       IN RTMP_INF_TYPE infType);
+
+BOOLEAN RtmpRaDevCtrlExit(
+       IN RTMP_ADAPTER *pAd);
+
+
+#ifdef RTMP_MAC_PCI
+//
+// Function Prototype in cmm_data_pci.c
+//
+USHORT RtmpPCI_WriteTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      BOOLEAN                 bIsLast,
+       OUT     USHORT                  *FreeNumber);
+
+USHORT RtmpPCI_WriteSingleTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      BOOLEAN                 bIsLast,
+       OUT     USHORT                  *FreeNumber);
+
+USHORT RtmpPCI_WriteMultiTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   frameNum,
+       OUT     USHORT                  *FreeNumber);
+
+USHORT RtmpPCI_WriteFragTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   fragNum,
+       OUT     USHORT                  *FreeNumber);
+
+USHORT RtmpPCI_WriteSubTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      BOOLEAN                 bIsLast,
+       OUT     USHORT                  *FreeNumber);
+
+VOID RtmpPCI_FinalWriteTxResource(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      USHORT                  totalMPDUSize,
+       IN      USHORT                  FirstTxIdx);
+
+VOID RtmpPCIDataLastTxIdx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   QueIdx,
+       IN      USHORT                  LastTxIdx);
+
+VOID RtmpPCIDataKickOut(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk,
+       IN      UCHAR                   QueIdx);
+
+
+int RtmpPCIMgmtKickOut(
+       IN RTMP_ADAPTER         *pAd,
+       IN UCHAR                        QueIdx,
+       IN PNDIS_PACKET         pPacket,
+       IN PUCHAR                       pSrcBufVA,
+       IN UINT                         SrcBufLen);
+
+
+NDIS_STATUS RTMPCheckRxError(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PHEADER_802_11  pHeader,
+       IN      PRXWI_STRUC     pRxWI,
+       IN  PRT28XX_RXD_STRUC      pRxD);
+
+BOOLEAN RT28xxPciAsicRadioOff(
+       IN PRTMP_ADAPTER    pAd,
+       IN UCHAR            Level,
+       IN USHORT           TbttNumToNextWakeUp);
+
+BOOLEAN RT28xxPciAsicRadioOn(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR     Level);
+
+#ifdef CONFIG_STA_SUPPORT
+VOID RTMPInitPCIeLinkCtrlValue(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID RTMPFindHostPCIDev(
+    IN PRTMP_ADAPTER   pAd);
+
+VOID RTMPPCIeLinkCtrlValueRestore(
+       IN      PRTMP_ADAPTER   pAd,
+       IN   UCHAR              Level);
+
+VOID RTMPPCIeLinkCtrlSetting(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      USHORT          Max);
+
+VOID RTMPrt3xSetPCIePowerLinkCtrl(
+       IN      PRTMP_ADAPTER   pAd);
+
+
+VOID RT28xxPciStaAsicForceWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN BOOLEAN       bFromTx);
+
+VOID RT28xxPciStaAsicSleepThenAutoWakeup(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT TbttNumToNextWakeUp);
+
+VOID PsPollWakeExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+
+VOID  RadioOnExec(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3);
+#endif // CONFIG_STA_SUPPORT //
+
+VOID RT28xxPciMlmeRadioOn(
+       IN PRTMP_ADAPTER pAd);
+
+VOID RT28xxPciMlmeRadioOFF(
+       IN PRTMP_ADAPTER pAd);
+#endif // RTMP_MAC_PCI //
+
+VOID AsicTurnOffRFClk(
+       IN PRTMP_ADAPTER    pAd,
+       IN      UCHAR           Channel);
+
+VOID AsicTurnOnRFClk(
+       IN PRTMP_ADAPTER        pAd,
+       IN      UCHAR                   Channel);
+
+
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+INT RtmpTimerQThread(
+       IN OUT PVOID Context);
+
+RTMP_TIMER_TASK_ENTRY *RtmpTimerQInsert(
+       IN RTMP_ADAPTER *pAd,
+       IN RALINK_TIMER_STRUCT *pTimer);
+
+BOOLEAN RtmpTimerQRemove(
+       IN RTMP_ADAPTER *pAd,
+       IN RALINK_TIMER_STRUCT *pTimer);
+
+void RtmpTimerQExit(
+       IN RTMP_ADAPTER *pAd);
+
+void RtmpTimerQInit(
+       IN RTMP_ADAPTER *pAd);
+#endif // RTMP_TIMER_TASK_SUPPORT //
+
+
+
+////////////////////////////////////////
+
+VOID QBSS_LoadInit(
+       IN              RTMP_ADAPTER    *pAd);
+
+UINT32 QBSS_LoadElementAppend(
+       IN              RTMP_ADAPTER    *pAd,
+       OUT             UINT8                   *buf_p);
+
+VOID QBSS_LoadUpdate(
+       IN              RTMP_ADAPTER    *pAd);
+
+///////////////////////////////////////
+INT RTMPShowCfgValue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 pName,
+       IN      PSTRING                 pBuf);
+
+PSTRING RTMPGetRalinkAuthModeStr(
+    IN  NDIS_802_11_AUTHENTICATION_MODE authMode);
+
+PSTRING RTMPGetRalinkEncryModeStr(
+    IN  USHORT encryMode);
+//////////////////////////////////////
+
+#ifdef CONFIG_STA_SUPPORT
+VOID AsicStaBbpTuning(
+       IN PRTMP_ADAPTER pAd);
+
+BOOLEAN StaAddMacTableEntry(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PMAC_TABLE_ENTRY    pEntry,
+       IN  UCHAR                               MaxSupportedRateIn500Kbps,
+       IN  HT_CAPABILITY_IE    *pHtCapability,
+       IN  UCHAR                               HtCapabilityLen,
+       IN  ADD_HT_INFO_IE              *pAddHtInfo,
+       IN  UCHAR                               AddHtInfoLen,
+       IN  USHORT                      CapabilityInfo);
+
+
+BOOLEAN        AUTH_ReqSend(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PMLME_QUEUE_ELEM    pElem,
+       IN  PRALINK_TIMER_STRUCT pAuthTimer,
+       IN  PSTRING                             pSMName,
+       IN  USHORT                              SeqNo,
+       IN  PUCHAR                              pNewElement,
+       IN  ULONG                               ElementLen);
+#endif // CONFIG_STA_SUPPORT //
+
+void RTMP_IndicateMediaState(
+       IN      PRTMP_ADAPTER   pAd);
+
+VOID ReSyncBeaconTime(
+       IN  PRTMP_ADAPTER   pAd);
+
+VOID RTMPSetAGCInitValue(
+       IN PRTMP_ADAPTER        pAd,
+       IN UCHAR                        BandWidth);
+
+int rt28xx_close(IN PNET_DEV dev);
+int rt28xx_open(IN PNET_DEV dev);
+
+
+#define VIRTUAL_IF_INC(__pAd) ((__pAd)->VirtualIfCnt++)
+#define VIRTUAL_IF_DEC(__pAd) ((__pAd)->VirtualIfCnt--)
+#define VIRTUAL_IF_NUM(__pAd) ((__pAd)->VirtualIfCnt)
+
+
+#ifdef LINUX
+__inline INT VIRTUAL_IF_UP(PRTMP_ADAPTER pAd)
+{
+       if (VIRTUAL_IF_NUM(pAd) == 0)
+       {
+               if (rt28xx_open(pAd->net_dev) != 0)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("rt28xx_open return fail!\n"));
+                       return -1;
+               }
+       }
+       else
+       {
+       }
+       VIRTUAL_IF_INC(pAd);
+       return 0;
+}
+
+__inline VOID VIRTUAL_IF_DOWN(PRTMP_ADAPTER pAd)
+{
+       VIRTUAL_IF_DEC(pAd);
+       if (VIRTUAL_IF_NUM(pAd) == 0)
+               rt28xx_close(pAd->net_dev);
+       return;
+}
+#endif // LINUX //
+
+
+
+
+/*
+       OS Related funciton prototype definitions.
+       TODO: Maybe we need to move these function prototypes to other proper place.
+*/
+int RtmpOSWrielessEventSend(
+       IN RTMP_ADAPTER *pAd,
+       IN UINT32               eventType,
+       IN INT                  flags,
+       IN PUCHAR               pSrcMac,
+       IN PUCHAR               pData,
+       IN UINT32               dataLen);
+
+int RtmpOSNetDevAddrSet(
+       IN PNET_DEV pNetDev,
+       IN PUCHAR       pMacAddr);
+
+int RtmpOSNetDevAttach(
+       IN PNET_DEV pNetDev,
+       IN RTMP_OS_NETDEV_OP_HOOK *pDevOpHook);
+
+void RtmpOSNetDevClose(
+       IN PNET_DEV pNetDev);
+
+void RtmpOSNetDevDetach(
+       IN PNET_DEV pNetDev);
+
+INT RtmpOSNetDevAlloc(
+       IN PNET_DEV *pNewNetDev,
+       IN UINT32       privDataSize);
+
+void RtmpOSNetDevFree(
+       IN PNET_DEV pNetDev);
+
+PNET_DEV RtmpOSNetDevGetByName(
+       IN PNET_DEV pNetDev,
+       IN PSTRING      pDevName);
+
+void RtmpOSNetDeviceRefPut(
+       IN PNET_DEV pNetDev);
+
+PNET_DEV RtmpOSNetDevCreate(
+       IN RTMP_ADAPTER *pAd,
+       IN INT                  devType,
+       IN INT                  devNum,
+       IN INT                  privMemSize,
+       IN PSTRING              pNamePrefix);
+
+/*
+       Task operation related function prototypes
+*/
+void RtmpOSTaskCustomize(
+       IN RTMP_OS_TASK *pTask);
+
+INT RtmpOSTaskNotifyToExit(
+       IN RTMP_OS_TASK *pTask);
+
+NDIS_STATUS RtmpOSTaskKill(
+       IN RTMP_OS_TASK *pTask);
+
+NDIS_STATUS RtmpOSTaskInit(
+       IN RTMP_OS_TASK *pTask,
+       PSTRING                  pTaskName,
+       VOID                     *pPriv);
+
+NDIS_STATUS RtmpOSTaskAttach(
+       IN RTMP_OS_TASK *pTask,
+       IN int (*fn)(void *),
+       IN void *arg);
+
+
+/*
+       File operation related function prototypes
+*/
+RTMP_OS_FD RtmpOSFileOpen(
+       IN char *pPath,
+       IN int flag,
+       IN int mode);
+
+int RtmpOSFileClose(
+       IN RTMP_OS_FD osfd);
+
+void RtmpOSFileSeek(
+       IN RTMP_OS_FD osfd,
+       IN int offset);
+
+int RtmpOSFileRead(
+       IN RTMP_OS_FD osfd,
+       IN char *pDataPtr,
+       IN int readLen);
+
+int RtmpOSFileWrite(
+       IN RTMP_OS_FD osfd,
+       IN char *pDataPtr,
+       IN int writeLen);
+
+void RtmpOSFSInfoChange(
+       IN RTMP_OS_FS_INFO *pOSFSInfo,
+       IN BOOLEAN bSet);
+
+
+#endif  // __RTMP_H__
diff --git a/drivers/staging/rt3090/rtmp_chip.h b/drivers/staging/rt3090/rtmp_chip.h
new file mode 100644 (file)
index 0000000..a0b4bf0
--- /dev/null
@@ -0,0 +1,355 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_chip.h
+
+       Abstract:
+       Ralink Wireless Chip related definition & structures
+
+       Revision History:
+       Who                     When              What
+       --------        ----------        ----------------------------------------------
+*/
+
+#ifndef        __RTMP_CHIP_H__
+#define        __RTMP_CHIP_H__
+
+#include "rtmp_type.h"
+
+#ifdef RT3090
+#include "rt3090.h"
+#endif // RT3090 //
+
+#ifdef RT3370
+#include "rt3370.h"
+#endif // RT3370 //
+
+#ifdef RT3390
+#include "rt3390.h"
+#endif // RT3390 //
+
+// We will have a cost down version which mac version is 0x3090xxxx
+//
+// RT3090A facts
+//
+// a) 2.4 GHz
+// b) Replacement for RT3090
+// c) Internal LNA
+// d) Interference over channel #14
+// e) New BBP features (e.g., SIG re-modulation)
+//
+#define IS_RT3090A(_pAd)                               ((((_pAd)->MACVersion & 0xffff0000) == 0x30900000))
+
+// We will have a cost down version which mac version is 0x3090xxxx
+#define IS_RT3090(_pAd)                                ((((_pAd)->MACVersion & 0xffff0000) == 0x30710000) || (IS_RT3090A(_pAd)))
+
+#define IS_RT3070(_pAd)                (((_pAd)->MACVersion & 0xffff0000) == 0x30700000)
+#define IS_RT3071(_pAd)                (((_pAd)->MACVersion & 0xffff0000) == 0x30710000)
+#define IS_RT2070(_pAd)                (((_pAd)->RfIcType == RFIC_2020) || ((_pAd)->EFuseTag == 0x27))
+
+#define IS_RT30xx(_pAd)                (((_pAd)->MACVersion & 0xfff00000) == 0x30700000||IS_RT3090A(_pAd))
+//#define IS_RT305X(_pAd)              ((_pAd)->MACVersion == 0x28720200)
+
+/* RT3572, 3592, 3562, 3062 share the same MAC version */
+#define IS_RT3572(_pAd)                (((_pAd)->MACVersion & 0xffff0000) == 0x35720000)
+#define IS_VERSION_BEFORE_F(_pAd)                      (((_pAd)->MACVersion&0xffff) <= 0x0211)
+// F version is 0x0212, E version is 0x0211. 309x can save more power after F version.
+#define IS_VERSION_AFTER_F(_pAd)                       ((((_pAd)->MACVersion&0xffff) >= 0x0212) || (((_pAd)->b3090ESpecialChip == TRUE)))
+//
+// RT3390 facts
+//
+// a) Base on RT3090 (RF IC: RT3020)
+// b) 2.4 GHz
+// c) 1x1
+// d) Single chip
+// e) Internal components: PA and LNA
+//
+//RT3390,RT3370
+#define IS_RT3390(_pAd)                                (((_pAd)->MACVersion & 0xFFFF0000) == 0x33900000)
+
+// ------------------------------------------------------
+// PCI registers - base address 0x0000
+// ------------------------------------------------------
+#define CHIP_PCI_CFG           0x0000
+#define CHIP_PCI_EECTRL                0x0004
+#define CHIP_PCI_MCUCTRL       0x0008
+
+#define OPT_14                 0x114
+
+#define RETRY_LIMIT            10
+
+
+
+// ------------------------------------------------------
+// BBP & RF    definition
+// ------------------------------------------------------
+#define        BUSY                            1
+#define        IDLE                            0
+
+
+//-------------------------------------------------------------------------
+// EEPROM definition
+//-------------------------------------------------------------------------
+#define EEDO                        0x08
+#define EEDI                        0x04
+#define EECS                        0x02
+#define EESK                        0x01
+#define EERL                        0x80
+
+#define EEPROM_WRITE_OPCODE         0x05
+#define EEPROM_READ_OPCODE          0x06
+#define EEPROM_EWDS_OPCODE          0x10
+#define EEPROM_EWEN_OPCODE          0x13
+
+#define NUM_EEPROM_BBP_PARMS           19                      // Include NIC Config 0, 1, CR, TX ALC step, BBPs
+#define NUM_EEPROM_TX_G_PARMS          7
+#define EEPROM_NIC1_OFFSET          0x34               // The address is from NIC config 0, not BBP register ID
+#define EEPROM_NIC2_OFFSET          0x36               // The address is from NIC config 0, not BBP register ID
+#define EEPROM_BBP_BASE_OFFSET         0xf0            // The address is from NIC config 0, not BBP register ID
+#define EEPROM_G_TX_PWR_OFFSET         0x52
+#define EEPROM_G_TX2_PWR_OFFSET                0x60
+#define EEPROM_LED1_OFFSET                     0x3c
+#define EEPROM_LED2_OFFSET                     0x3e
+#define EEPROM_LED3_OFFSET                     0x40
+#define EEPROM_LNA_OFFSET                      0x44
+#define EEPROM_RSSI_BG_OFFSET          0x46
+#define EEPROM_TXMIXER_GAIN_2_4G       0x48
+#define EEPROM_RSSI_A_OFFSET           0x4a
+#define EEPROM_TXMIXER_GAIN_5G         0x4c
+#define EEPROM_DEFINE_MAX_TXPWR                0x4e
+#define EEPROM_TXPOWER_BYRATE_20MHZ_2_4G       0xde    // 20MHZ 2.4G tx power.
+#define EEPROM_TXPOWER_BYRATE_40MHZ_2_4G       0xee    // 40MHZ 2.4G tx power.
+#define EEPROM_TXPOWER_BYRATE_20MHZ_5G         0xfa    // 20MHZ 5G tx power.
+#define EEPROM_TXPOWER_BYRATE_40MHZ_5G         0x10a   // 40MHZ 5G tx power.
+#define EEPROM_A_TX_PWR_OFFSET      0x78
+#define EEPROM_A_TX2_PWR_OFFSET      0xa6
+//#define EEPROM_Japan_TX_PWR_OFFSET      0x90 // 802.11j
+//#define EEPROM_Japan_TX2_PWR_OFFSET      0xbe
+//#define EEPROM_TSSI_REF_OFFSET       0x54
+//#define EEPROM_TSSI_DELTA_OFFSET     0x24
+//#define EEPROM_CCK_TX_PWR_OFFSET  0x62
+//#define EEPROM_CALIBRATE_OFFSET      0x7c
+#define EEPROM_VERSION_OFFSET       0x02
+#define EEPROM_FREQ_OFFSET                     0x3a
+#define EEPROM_TXPOWER_BYRATE  0xde    // 20MHZ power.
+#define EEPROM_TXPOWER_DELTA           0x50    // 20MHZ AND 40 MHZ use different power. This is delta in 40MHZ.
+#define VALID_EEPROM_VERSION        1
+
+
+/*
+  *   EEPROM operation related marcos
+  */
+#define RT28xx_EEPROM_READ16(_pAd, _offset, _value)                    \
+       (_pAd)->chipOps.eeread((RTMP_ADAPTER *)(_pAd), (USHORT)(_offset), (PUSHORT)&(_value))
+
+#define RT28xx_EEPROM_WRITE16(_pAd, _offset, _value)           \
+       (_pAd)->chipOps.eewrite((RTMP_ADAPTER *)(_pAd), (USHORT)(_offset), (USHORT)(_value))
+
+
+
+// -------------------------------------------------------------------
+//  E2PROM data layout
+// -------------------------------------------------------------------
+
+//
+// MCU_LEDCS: MCU LED Control Setting.
+//
+typedef union  _MCU_LEDCS_STRUC {
+       struct  {
+#ifdef RT_BIG_ENDIAN
+               UCHAR           Polarity:1;
+               UCHAR           LedMode:7;
+#else
+               UCHAR           LedMode:7;
+               UCHAR           Polarity:1;
+#endif // RT_BIG_ENDIAN //
+       } field;
+       UCHAR                           word;
+} MCU_LEDCS_STRUC, *PMCU_LEDCS_STRUC;
+
+
+//
+// EEPROM antenna select format
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EEPROM_ANTENNA_STRUC   {
+       struct  {
+               USHORT      Rsv:4;
+               USHORT      RfIcType:4;             // see E2PROM document
+               USHORT          TxPath:4;       // 1: 1T, 2: 2T
+               USHORT          RxPath:4;       // 1: 1R, 2: 2R, 3: 3R
+       }       field;
+       USHORT                  word;
+}      EEPROM_ANTENNA_STRUC, *PEEPROM_ANTENNA_STRUC;
+#else
+typedef        union   _EEPROM_ANTENNA_STRUC   {
+       struct  {
+               USHORT          RxPath:4;       // 1: 1R, 2: 2R, 3: 3R
+               USHORT          TxPath:4;       // 1: 1T, 2: 2T
+               USHORT      RfIcType:4;             // see E2PROM document
+               USHORT      Rsv:4;
+       }       field;
+       USHORT                  word;
+}      EEPROM_ANTENNA_STRUC, *PEEPROM_ANTENNA_STRUC;
+#endif
+
+#ifdef RT_BIG_ENDIAN
+typedef        union _EEPROM_NIC_CINFIG2_STRUC {
+       struct  {
+               USHORT          DACTestBit:1;                   // control if driver should patch the DAC issue
+               USHORT          Rsv2:3;                                 // must be 0
+               USHORT          AntDiversity:1;                 // Antenna diversity
+               USHORT          Rsv1:1;                                 // must be 0
+               USHORT          BW40MAvailForA:1;                       // 0:enable, 1:disable
+               USHORT          BW40MAvailForG:1;                       // 0:enable, 1:disable
+               USHORT          EnableWPSPBC:1;                 // WPS PBC Control bit
+               USHORT          BW40MSidebandForA:1;
+               USHORT          BW40MSidebandForG:1;
+               USHORT          CardbusAcceleration:1;  // !!! NOTE: 0 - enable, 1 - disable
+               USHORT          ExternalLNAForA:1;                      // external LNA enable for 5G
+               USHORT          ExternalLNAForG:1;                      // external LNA enable for 2.4G
+               USHORT          DynamicTxAgcControl:1;                  //
+               USHORT          HardwareRadioControl:1; // Whether RF is controlled by driver or HW. 1:enable hw control, 0:disable
+       }       field;
+       USHORT                  word;
+}      EEPROM_NIC_CONFIG2_STRUC, *PEEPROM_NIC_CONFIG2_STRUC;
+#else
+typedef        union _EEPROM_NIC_CINFIG2_STRUC {
+       struct {
+               USHORT          HardwareRadioControl:1; // 1:enable, 0:disable
+               USHORT          DynamicTxAgcControl:1;                  //
+               USHORT          ExternalLNAForG:1;                              //
+               USHORT          ExternalLNAForA:1;                      // external LNA enable for 2.4G
+               USHORT          CardbusAcceleration:1;  // !!! NOTE: 0 - enable, 1 - disable
+               USHORT          BW40MSidebandForG:1;
+               USHORT          BW40MSidebandForA:1;
+               USHORT          EnableWPSPBC:1;                 // WPS PBC Control bit
+               USHORT          BW40MAvailForG:1;                       // 0:enable, 1:disable
+               USHORT          BW40MAvailForA:1;                       // 0:enable, 1:disable
+               USHORT          Rsv1:1;                                 // must be 0
+               USHORT          AntDiversity:1;                 // Antenna diversity
+               USHORT          Rsv2:3;                                 // must be 0
+               USHORT          DACTestBit:1;                   // control if driver should patch the DAC issue
+       }       field;
+       USHORT                  word;
+}      EEPROM_NIC_CONFIG2_STRUC, *PEEPROM_NIC_CONFIG2_STRUC;
+#endif
+
+//
+// TX_PWR Value valid range 0xFA(-6) ~ 0x24(36)
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EEPROM_TX_PWR_STRUC    {
+       struct  {
+               CHAR    Byte1;                          // High Byte
+               CHAR    Byte0;                          // Low Byte
+       }       field;
+       USHORT  word;
+}      EEPROM_TX_PWR_STRUC, *PEEPROM_TX_PWR_STRUC;
+#else
+typedef        union   _EEPROM_TX_PWR_STRUC    {
+       struct  {
+               CHAR    Byte0;                          // Low Byte
+               CHAR    Byte1;                          // High Byte
+       }       field;
+       USHORT  word;
+}      EEPROM_TX_PWR_STRUC, *PEEPROM_TX_PWR_STRUC;
+#endif
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EEPROM_VERSION_STRUC   {
+       struct  {
+               UCHAR   Version;                        // High Byte
+               UCHAR   FaeReleaseNumber;       // Low Byte
+       }       field;
+       USHORT  word;
+}      EEPROM_VERSION_STRUC, *PEEPROM_VERSION_STRUC;
+#else
+typedef        union   _EEPROM_VERSION_STRUC   {
+       struct  {
+               UCHAR   FaeReleaseNumber;       // Low Byte
+               UCHAR   Version;                        // High Byte
+       }       field;
+       USHORT  word;
+}      EEPROM_VERSION_STRUC, *PEEPROM_VERSION_STRUC;
+#endif
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EEPROM_LED_STRUC       {
+       struct  {
+               USHORT  Rsvd:3;                         // Reserved
+               USHORT  LedMode:5;                      // Led mode.
+               USHORT  PolarityGPIO_4:1;       // Polarity GPIO#4 setting.
+               USHORT  PolarityGPIO_3:1;       // Polarity GPIO#3 setting.
+               USHORT  PolarityGPIO_2:1;       // Polarity GPIO#2 setting.
+               USHORT  PolarityGPIO_1:1;       // Polarity GPIO#1 setting.
+               USHORT  PolarityGPIO_0:1;       // Polarity GPIO#0 setting.
+               USHORT  PolarityACT:1;          // Polarity ACT setting.
+               USHORT  PolarityRDY_A:1;                // Polarity RDY_A setting.
+               USHORT  PolarityRDY_G:1;                // Polarity RDY_G setting.
+       }       field;
+       USHORT  word;
+}      EEPROM_LED_STRUC, *PEEPROM_LED_STRUC;
+#else
+typedef        union   _EEPROM_LED_STRUC       {
+       struct  {
+               USHORT  PolarityRDY_G:1;                // Polarity RDY_G setting.
+               USHORT  PolarityRDY_A:1;                // Polarity RDY_A setting.
+               USHORT  PolarityACT:1;          // Polarity ACT setting.
+               USHORT  PolarityGPIO_0:1;       // Polarity GPIO#0 setting.
+               USHORT  PolarityGPIO_1:1;       // Polarity GPIO#1 setting.
+               USHORT  PolarityGPIO_2:1;       // Polarity GPIO#2 setting.
+               USHORT  PolarityGPIO_3:1;       // Polarity GPIO#3 setting.
+               USHORT  PolarityGPIO_4:1;       // Polarity GPIO#4 setting.
+               USHORT  LedMode:5;                      // Led mode.
+               USHORT  Rsvd:3;                         // Reserved
+       }       field;
+       USHORT  word;
+}      EEPROM_LED_STRUC, *PEEPROM_LED_STRUC;
+#endif
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EEPROM_TXPOWER_DELTA_STRUC     {
+       struct  {
+               UCHAR   TxPowerEnable:1;// Enable
+               UCHAR   Type:1;                 // 1: plus the delta value, 0: minus the delta value
+               UCHAR   DeltaValue:6;   // Tx Power dalta value (MAX=4)
+       }       field;
+       UCHAR   value;
+}      EEPROM_TXPOWER_DELTA_STRUC, *PEEPROM_TXPOWER_DELTA_STRUC;
+#else
+typedef        union   _EEPROM_TXPOWER_DELTA_STRUC     {
+       struct  {
+               UCHAR   DeltaValue:6;   // Tx Power dalta value (MAX=4)
+               UCHAR   Type:1;                 // 1: plus the delta value, 0: minus the delta value
+               UCHAR   TxPowerEnable:1;// Enable
+       }       field;
+       UCHAR   value;
+}      EEPROM_TXPOWER_DELTA_STRUC, *PEEPROM_TXPOWER_DELTA_STRUC;
+#endif
+
+#endif // __RTMP_CHIP_H__ //
diff --git a/drivers/staging/rt3090/rtmp_def.h b/drivers/staging/rt3090/rtmp_def.h
new file mode 100644 (file)
index 0000000..cf0d5a1
--- /dev/null
@@ -0,0 +1,1650 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rtmp_def.h
+
+    Abstract:
+    Miniport related definition header
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Paul Lin    08-01-2002    created
+    John Chang  08-05-2003    add definition for 11g & other drafts
+*/
+#ifndef __RTMP_DEF_H__
+#define __RTMP_DEF_H__
+
+#include "oid.h"
+
+#undef AP_WSC_INCLUDED
+#undef STA_WSC_INCLUDED
+#undef WSC_INCLUDED
+
+
+#ifdef CONFIG_STA_SUPPORT
+#endif // CONFIG_STA_SUPPORT //
+
+#if defined(AP_WSC_INCLUDED) || defined(STA_WSC_INCLUDED)
+#define WSC_INCLUDED
+#endif
+//
+//  Debug information verbosity: lower values indicate higher urgency
+//
+#define RT_DEBUG_OFF        0
+#define RT_DEBUG_ERROR      1
+#define RT_DEBUG_WARN       2
+#define RT_DEBUG_TRACE      3
+#define RT_DEBUG_INFO       4
+#define RT_DEBUG_LOUD       5
+
+#define NIC_TAG             ((ULONG)'0682')
+#define NIC_DBG_STRING      ("**RT28xx**")
+
+#ifdef SNMP_SUPPORT
+// for snmp
+// to get manufacturer OUI, kathy, 2008_0220
+#define ManufacturerOUI_LEN                    3
+#define ManufacturerNAME                       ("Ralink Technology Company.")
+#define        ResourceTypeIdName                      ("Ralink_ID")
+#endif
+
+
+//#define PACKED
+
+#define RALINK_2883_VERSION            ((UINT32)0x28830300)
+#define RALINK_2880E_VERSION   ((UINT32)0x28720200)
+#define RALINK_3070_VERSION            ((UINT32)0x30700200)
+
+#define MAX_RX_PKT_LEN 1520
+
+//
+// Entry number for each DMA descriptor ring
+//
+
+#ifdef RTMP_MAC_PCI
+#define TX_RING_SIZE            64 //64
+#define MGMT_RING_SIZE          128
+#define RX_RING_SIZE            128 //64
+#define MAX_TX_PROCESS          TX_RING_SIZE //8
+#define MAX_DMA_DONE_PROCESS    TX_RING_SIZE
+#define MAX_TX_DONE_PROCESS     TX_RING_SIZE //8
+#define LOCAL_TXBUF_SIZE        2
+#endif // RTMP_MAC_PCI //
+
+#define PCI_VIRT_TO_PHYS(__Addr)       (((UINT32)(__Addr)) & 0x0FFFFFFF)
+
+
+#ifdef MULTIPLE_CARD_SUPPORT
+// MC: Multple Cards
+#define MAX_NUM_OF_MULTIPLE_CARD               32
+#endif // MULTIPLE_CARD_SUPPORT //
+
+#define MAX_RX_PROCESS          128 //64 //32
+#define NUM_OF_LOCAL_TXBUF      2
+#define TXD_SIZE                16
+#define TXWI_SIZE               16
+#define RXD_SIZE               16
+#define RXWI_SIZE              16
+// TXINFO_SIZE + TXWI_SIZE + 802.11 Header Size + AMSDU sub frame header
+#define TX_DMA_1ST_BUFFER_SIZE  96    // only the 1st physical buffer is pre-allocated
+#define MGMT_DMA_BUFFER_SIZE    1536 //2048
+#define RX_BUFFER_AGGRESIZE     3840 //3904 //3968 //4096 //2048 //4096
+#define RX_BUFFER_NORMSIZE      3840 //3904 //3968 //4096 //2048 //4096
+#define TX_BUFFER_NORMSIZE             RX_BUFFER_NORMSIZE
+#define MAX_FRAME_SIZE          2346                    // Maximum 802.11 frame size
+#define MAX_AGGREGATION_SIZE    3840 //3904 //3968 //4096
+#define MAX_NUM_OF_TUPLE_CACHE  2
+#define MAX_MCAST_LIST_SIZE     32
+#define MAX_LEN_OF_VENDOR_DESC  64
+//#define MAX_SIZE_OF_MCAST_PSQ   (NUM_OF_LOCAL_TXBUF >> 2) // AP won't spend more than 1/4 of total buffers on M/BCAST PSQ
+#define MAX_SIZE_OF_MCAST_PSQ               32
+
+#define MAX_RX_PROCESS_CNT     (RX_RING_SIZE)
+
+
+/*
+       WMM Note: If memory of your system is not much, please reduce the definition;
+       or when you do WMM test, the queue for low priority AC will be full, i.e.
+       TX_RING_SIZE + MAX_PACKETS_IN_QUEUE packets for the AC will be buffered in
+       WLAN, maybe no any packet buffer can be got in Ethernet driver.
+
+       Sometimes no packet buffer can be got in Ethernet driver, the system will
+       send flow control packet to the sender to slow down its sending rate.
+       So no WMM can be saw in the air.
+*/
+
+/*
+       Need to use 64 in vxworks for test case WMM A5-T07
+       Two dnlink (10Mbps) from a WMM station to a non-WMM station.
+       If use 256, queue is not enough.
+       And in rt_main_end.c, clConfig.clNum = RX_RING_SIZE * 3; is changed to
+       clConfig.clNum = RX_RING_SIZE * 4;
+*/
+// TODO: For VxWorks the size is 256. Shall we cahnge the value as 256 for all OS?????
+#define MAX_PACKETS_IN_QUEUE                           (512) //(512)    // to pass WMM A5-WPAPSK
+
+#define MAX_PACKETS_IN_MCAST_PS_QUEUE          32
+#define MAX_PACKETS_IN_PS_QUEUE                                128     //32
+#define WMM_NUM_OF_AC                       4  /* AC0, AC1, AC2, and AC3 */
+
+
+#ifdef RTMP_EFUSE_SUPPORT
+//2008/09/11:KH add to support efuse<--
+#define MAX_EEPROM_BIN_FILE_SIZE                               1024
+#define EFUSE_BUFFER_PATH                                              "/tmp/RT30xxEEPROM.bin"
+//2008/09/11:KH add to support efuse-->
+#endif // RTMP_EFUSE_SUPPORT //
+
+// RxFilter
+#define STANORMAL       0x17f97
+#define APNORMAL        0x15f97
+#define PSPXLINK        0x17f93
+//
+//  RTMP_ADAPTER flags
+//
+#define fRTMP_ADAPTER_MAP_REGISTER          0x00000001
+#define fRTMP_ADAPTER_INTERRUPT_IN_USE      0x00000002
+#define fRTMP_ADAPTER_HARDWARE_ERROR        0x00000004
+#define fRTMP_ADAPTER_SCATTER_GATHER        0x00000008
+#define fRTMP_ADAPTER_SEND_PACKET_ERROR     0x00000010
+#define fRTMP_ADAPTER_MLME_RESET_IN_PROGRESS 0x00000020
+#define fRTMP_ADAPTER_HALT_IN_PROGRESS      0x00000040
+#define fRTMP_ADAPTER_RESET_IN_PROGRESS     0x00000080
+#define fRTMP_ADAPTER_NIC_NOT_EXIST         0x00000100
+#define fRTMP_ADAPTER_TX_RING_ALLOCATED     0x00000200
+#define fRTMP_ADAPTER_REMOVE_IN_PROGRESS    0x00000400
+#define fRTMP_ADAPTER_MIMORATE_INUSED       0x00000800
+#define fRTMP_ADAPTER_RX_RING_ALLOCATED     0x00001000
+#define fRTMP_ADAPTER_INTERRUPT_ACTIVE      0x00002000
+#define fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS  0x00004000
+#define        fRTMP_ADAPTER_REASSOC_IN_PROGRESS       0x00008000
+#define        fRTMP_ADAPTER_MEDIA_STATE_PENDING       0x00010000
+#define        fRTMP_ADAPTER_RADIO_OFF                         0x00020000
+#define fRTMP_ADAPTER_BULKOUT_RESET                    0x00040000
+#define        fRTMP_ADAPTER_BULKIN_RESET                      0x00080000
+#define fRTMP_ADAPTER_RDG_ACTIVE                       0x00100000
+#define fRTMP_ADAPTER_DYNAMIC_BE_TXOP_ACTIVE 0x00200000
+#define fRTMP_ADAPTER_SCAN_2040                                0x04000000
+#define        fRTMP_ADAPTER_RADIO_MEASUREMENT         0x08000000
+
+#define fRTMP_ADAPTER_START_UP                 0x10000000      //Devive already initialized and enabled Tx/Rx.
+#define fRTMP_ADAPTER_MEDIA_STATE_CHANGE    0x20000000
+#define fRTMP_ADAPTER_IDLE_RADIO_OFF        0x40000000
+
+// Lock bit for accessing different ring buffers
+//#define fRTMP_ADAPTER_TX_RING_BUSY        0x80000000
+//#define fRTMP_ADAPTER_MGMT_RING_BUSY      0x40000000
+//#define fRTMP_ADAPTER_ATIM_RING_BUSY      0x20000000
+//#define fRTMP_ADAPTER_RX_RING_BUSY        0x10000000
+
+// Lock bit for accessing different queue
+//#define   fRTMP_ADAPTER_TX_QUEUE_BUSY     0x08000000
+//#define   fRTMP_ADAPTER_MGMT_QUEUE_BUSY   0x04000000
+
+//
+//  STA operation status flags
+//
+#define fOP_STATUS_INFRA_ON                 0x00000001
+#define fOP_STATUS_ADHOC_ON                 0x00000002
+#define fOP_STATUS_BG_PROTECTION_INUSED     0x00000004
+#define fOP_STATUS_SHORT_SLOT_INUSED        0x00000008
+#define fOP_STATUS_SHORT_PREAMBLE_INUSED    0x00000010
+#define fOP_STATUS_RECEIVE_DTIM             0x00000020
+//#define fOP_STATUS_TX_RATE_SWITCH_ENABLED   0x00000040
+#define fOP_STATUS_MEDIA_STATE_CONNECTED    0x00000080
+#define fOP_STATUS_WMM_INUSED               0x00000100
+#define fOP_STATUS_AGGREGATION_INUSED       0x00000200
+#define fOP_STATUS_DOZE                     0x00000400  // debug purpose
+#define fOP_STATUS_PIGGYBACK_INUSED         0x00000800  // piggy-back, and aggregation
+#define fOP_STATUS_APSD_INUSED                         0x00001000
+#define fOP_STATUS_TX_AMSDU_INUSED                     0x00002000
+#define fOP_STATUS_MAX_RETRY_ENABLED           0x00004000
+#define fOP_STATUS_WAKEUP_NOW               0x00008000
+#define fOP_STATUS_PCIE_DEVICE       0x00020000
+
+//
+//  RTMP_ADAPTER PSFlags : related to advanced power save.
+//
+// Indicate whether driver can go to sleep mode from now. This flag is useful AFTER link up
+#define fRTMP_PS_CAN_GO_SLEEP          0x00000001
+// Indicate whether driver has issue a LinkControl command to PCIe L1
+#define fRTMP_PS_SET_PCI_CLK_OFF_COMMAND          0x00000002
+// Indicate driver should disable kick off hardware to send packets from now.
+#define fRTMP_PS_DISABLE_TX         0x00000004
+// Indicate driver should IMMEDIATELY fo to sleep after receiving AP's beacon in which  doesn't indicate unicate nor multicast packets for me
+//. This flag is used ONLY in RTMPHandleRxDoneInterrupt routine.
+#define fRTMP_PS_GO_TO_SLEEP_NOW         0x00000008
+#define fRTMP_PS_TOGGLE_L1             0x00000010      // Use Toggle L1 mechanism for rt28xx PCIe
+#ifdef RT3090
+#define WAKE_MCU_CMD                           0x31
+#define SLEEP_MCU_CMD                                  0x30
+#define RFOFF_MCU_CMD                          0x35
+#endif // RT3090 //
+#ifdef DOT11N_DRAFT3
+#define fOP_STATUS_SCAN_2040                       0x00040000
+#endif // DOT11N_DRAFT3 //
+
+#define CCKSETPROTECT          0x1
+#define OFDMSETPROTECT         0x2
+#define MM20SETPROTECT         0x4
+#define MM40SETPROTECT         0x8
+#define GF20SETPROTECT         0x10
+#define GR40SETPROTECT         0x20
+#define ALLN_SETPROTECT                (GR40SETPROTECT | GF20SETPROTECT | MM40SETPROTECT | MM20SETPROTECT)
+
+//
+//  AP's client table operation status flags
+//
+#define fCLIENT_STATUS_WMM_CAPABLE          0x00000001  // CLIENT can parse QOS DATA frame
+#define fCLIENT_STATUS_AGGREGATION_CAPABLE  0x00000002  // CLIENT can receive Ralink's proprietary TX aggregation frame
+#define fCLIENT_STATUS_PIGGYBACK_CAPABLE    0x00000004  // CLIENT support piggy-back
+#define fCLIENT_STATUS_AMSDU_INUSED                    0x00000008
+#define fCLIENT_STATUS_SGI20_CAPABLE           0x00000010
+#define fCLIENT_STATUS_SGI40_CAPABLE           0x00000020
+#define fCLIENT_STATUS_TxSTBC_CAPABLE          0x00000040
+#define fCLIENT_STATUS_RxSTBC_CAPABLE          0x00000080
+#define fCLIENT_STATUS_HTC_CAPABLE                     0x00000100
+#define fCLIENT_STATUS_RDG_CAPABLE                     0x00000200
+#define fCLIENT_STATUS_MCSFEEDBACK_CAPABLE  0x00000400
+#define fCLIENT_STATUS_APSD_CAPABLE         0x00000800  /* UAPSD STATION */
+
+#ifdef DOT11N_DRAFT3
+#define fCLIENT_STATUS_BSSCOEXIST_CAPABLE      0x00001000
+#endif // DOT11N_DRAFT3 //
+
+#define fCLIENT_STATUS_RALINK_CHIPSET          0x00100000
+//
+//  STA configuration flags
+//
+//#define fSTA_CFG_ENABLE_TX_BURST          0x00000001
+
+// 802.11n Operating Mode Definition. 0-3 also used in ASICUPdateProtect switch case
+#define HT_NO_PROTECT  0
+#define HT_LEGACY_PROTECT      1
+#define HT_40_PROTECT  2
+#define HT_2040_PROTECT        3
+#define HT_RTSCTS_6M   7
+//following is our own definition in order to turn on our ASIC protection register in INFRASTRUCTURE.
+#define HT_ATHEROS     8       // rt2860c has problem with atheros chip. we need to turn on RTS/CTS .
+#define HT_FORCERTSCTS 9       // Force turn on RTS/CTS first. then go to evaluate if this force RTS is necessary.
+
+//
+// RX Packet Filter control flags. Apply on pAd->PacketFilter
+//
+#define fRX_FILTER_ACCEPT_DIRECT            NDIS_PACKET_TYPE_DIRECTED
+#define fRX_FILTER_ACCEPT_MULTICAST         NDIS_PACKET_TYPE_MULTICAST
+#define fRX_FILTER_ACCEPT_BROADCAST         NDIS_PACKET_TYPE_BROADCAST
+#define fRX_FILTER_ACCEPT_ALL_MULTICAST     NDIS_PACKET_TYPE_ALL_MULTICAST
+#define fRX_FILTER_ACCEPT_PROMISCUOUS       NDIS_PACKET_TYPE_PROMISCUOUS
+
+//
+// Error code section
+//
+// NDIS_ERROR_CODE_ADAPTER_NOT_FOUND
+#define ERRLOG_READ_PCI_SLOT_FAILED     0x00000101L
+#define ERRLOG_WRITE_PCI_SLOT_FAILED    0x00000102L
+#define ERRLOG_VENDOR_DEVICE_NOMATCH    0x00000103L
+
+// NDIS_ERROR_CODE_ADAPTER_DISABLED
+#define ERRLOG_BUS_MASTER_DISABLED      0x00000201L
+
+// NDIS_ERROR_CODE_UNSUPPORTED_CONFIGURATION
+#define ERRLOG_INVALID_SPEED_DUPLEX     0x00000301L
+#define ERRLOG_SET_SECONDARY_FAILED     0x00000302L
+
+// NDIS_ERROR_CODE_OUT_OF_RESOURCES
+#define ERRLOG_OUT_OF_MEMORY            0x00000401L
+#define ERRLOG_OUT_OF_SHARED_MEMORY     0x00000402L
+#define ERRLOG_OUT_OF_MAP_REGISTERS     0x00000403L
+#define ERRLOG_OUT_OF_BUFFER_POOL       0x00000404L
+#define ERRLOG_OUT_OF_NDIS_BUFFER       0x00000405L
+#define ERRLOG_OUT_OF_PACKET_POOL       0x00000406L
+#define ERRLOG_OUT_OF_NDIS_PACKET       0x00000407L
+#define ERRLOG_OUT_OF_LOOKASIDE_MEMORY  0x00000408L
+
+// NDIS_ERROR_CODE_HARDWARE_FAILURE
+#define ERRLOG_SELFTEST_FAILED          0x00000501L
+#define ERRLOG_INITIALIZE_ADAPTER       0x00000502L
+#define ERRLOG_REMOVE_MINIPORT          0x00000503L
+
+// NDIS_ERROR_CODE_RESOURCE_CONFLICT
+#define ERRLOG_MAP_IO_SPACE             0x00000601L
+#define ERRLOG_QUERY_ADAPTER_RESOURCES  0x00000602L
+#define ERRLOG_NO_IO_RESOURCE           0x00000603L
+#define ERRLOG_NO_INTERRUPT_RESOURCE    0x00000604L
+#define ERRLOG_NO_MEMORY_RESOURCE       0x00000605L
+
+
+// WDS definition
+#define        MAX_WDS_ENTRY               4
+#define WDS_PAIRWISE_KEY_OFFSET     60    // WDS links uses pairwise key#60 ~ 63 in ASIC pairwise key table
+
+#define        WDS_DISABLE_MODE            0
+#define        WDS_RESTRICT_MODE           1
+#define        WDS_BRIDGE_MODE             2
+#define        WDS_REPEATER_MODE           3
+#define        WDS_LAZY_MODE               4
+
+
+#define MAX_MESH_NUM                           0
+
+#define MAX_APCLI_NUM                          0
+#ifdef APCLI_SUPPORT
+#undef MAX_APCLI_NUM
+#define MAX_APCLI_NUM                          1
+#endif // APCLI_SUPPORT //
+
+#define MAX_MBSSID_NUM                         1
+#ifdef MBSS_SUPPORT
+#undef MAX_MBSSID_NUM
+#define MAX_MBSSID_NUM                         (8 - MAX_MESH_NUM - MAX_APCLI_NUM)
+#endif // MBSS_SUPPORT //
+
+/* sanity check for apidx */
+#define MBSS_MR_APIDX_SANITY_CHECK(apidx) \
+    { if (apidx > MAX_MBSSID_NUM) { \
+          DBGPRINT(RT_DEBUG_ERROR, ("%s> Error! apidx = %d > MAX_MBSSID_NUM!\n", __FUNCTION__, apidx)); \
+         apidx = MAIN_MBSSID; } }
+
+#define VALID_WCID(_wcid)      ((_wcid) > 0 && (_wcid) < MAX_LEN_OF_MAC_TABLE )
+
+#define MAIN_MBSSID                 0
+#define FIRST_MBSSID                1
+
+
+#define MAX_BEACON_SIZE                                512
+// If the MAX_MBSSID_NUM is larger than 6,
+// it shall reserve some WCID space(wcid 222~253) for beacon frames.
+// -   these wcid 238~253 are reserved for beacon#6(ra6).
+// -   these wcid 222~237 are reserved for beacon#7(ra7).
+#if defined(MAX_MBSSID_NUM) && (MAX_MBSSID_NUM == 8)
+#define HW_RESERVED_WCID       222
+#elif defined(MAX_MBSSID_NUM) && (MAX_MBSSID_NUM == 7)
+#define HW_RESERVED_WCID       238
+#else
+#define HW_RESERVED_WCID       255
+#endif
+
+// Then dedicate wcid of DFS and Carrier-Sense.
+#define DFS_CTS_WCID           (HW_RESERVED_WCID - 1)
+#define CS_CTS_WCID            (HW_RESERVED_WCID - 2)
+#define LAST_SPECIFIC_WCID     (HW_RESERVED_WCID - 2)
+
+// If MAX_MBSSID_NUM is 8, the maximum available wcid for the associated STA is 211.
+// If MAX_MBSSID_NUM is 7, the maximum available wcid for the associated STA is 228.
+#define MAX_AVAILABLE_CLIENT_WCID      (LAST_SPECIFIC_WCID - MAX_MBSSID_NUM - 1)
+
+// TX need WCID to find Cipher Key
+// these wcid 212 ~ 219 are reserved for bc/mc packets if MAX_MBSSID_NUM is 8.
+#define GET_GroupKey_WCID(__wcid, __bssidx) \
+       {                                                                               \
+               __wcid = LAST_SPECIFIC_WCID - (MAX_MBSSID_NUM) + __bssidx;      \
+       }
+
+#define IsGroupKeyWCID(__wcid) (((__wcid) < LAST_SPECIFIC_WCID) && ((__wcid) >= (LAST_SPECIFIC_WCID - (MAX_MBSSID_NUM))))
+
+
+// definition to support multiple BSSID
+#define BSS0                            0
+#define BSS1                            1
+#define BSS2                            2
+#define BSS3                            3
+#define BSS4                            4
+#define BSS5                            5
+#define BSS6                            6
+#define BSS7                            7
+
+
+//============================================================
+// Length definitions
+#define PEER_KEY_NO                     2
+#define MAC_ADDR_LEN                    6
+#define TIMESTAMP_LEN                   8
+#define MAX_LEN_OF_SUPPORTED_RATES      MAX_LENGTH_OF_SUPPORT_RATES // 1, 2, 5.5, 11, 6, 9, 12, 18, 24, 36, 48, 54
+#define MAX_NUM_OF_REGULATORY_CLASS            16
+#define MAX_LEN_OF_KEY                  32      // 32 octets == 256 bits, Redefine for WPA
+#define MAX_NUM_OF_CHANNELS             MAX_NUM_OF_CHS      // 14 channels @2.4G +  12@UNII + 4 @MMAC + 11 @HiperLAN2 + 7 @Japan + 1 as NULL termination
+#define MAX_NUM_OF_11JCHANNELS             20      // 14 channels @2.4G +  12@UNII + 4 @MMAC + 11 @HiperLAN2 + 7 @Japan + 1 as NULL termination
+#define MAX_LEN_OF_SSID                 32
+#define CIPHER_TEXT_LEN                 128
+#define HASH_TABLE_SIZE                 256
+#define MAX_VIE_LEN                     1024   // New for WPA cipher suite variable IE sizes.
+#define MAX_SUPPORT_MCS             32
+#define MAX_NUM_OF_BBP_LATCH             140
+//============================================================
+// ASIC WCID Table definition.
+//============================================================
+#define BSSID_WCID             1       // in infra mode, always put bssid with this WCID
+#define MCAST_WCID     0x0
+#define BSS0Mcast_WCID 0x0
+#define BSS1Mcast_WCID 0xf8
+#define BSS2Mcast_WCID 0xf9
+#define BSS3Mcast_WCID 0xfa
+#define BSS4Mcast_WCID 0xfb
+#define BSS5Mcast_WCID 0xfc
+#define BSS6Mcast_WCID 0xfd
+#define BSS7Mcast_WCID 0xfe
+#define RESERVED_WCID          0xff
+
+#define MAX_NUM_OF_ACL_LIST                            MAX_NUMBER_OF_ACL
+
+#define MAX_LEN_OF_MAC_TABLE            MAX_NUMBER_OF_MAC // if MAX_MBSSID_NUM is 8, this value can't be larger than 211
+
+#if MAX_LEN_OF_MAC_TABLE>MAX_AVAILABLE_CLIENT_WCID
+#error MAX_LEN_OF_MAC_TABLE can not be larger than MAX_AVAILABLE_CLIENT_WCID!!!!
+#endif
+
+#define MAX_NUM_OF_WDS_LINK_PERBSSID               3
+#define MAX_NUM_OF_WDS_LINK                (MAX_NUM_OF_WDS_LINK_PERBSSID*MAX_MBSSID_NUM)
+#define MAX_NUM_OF_EVENT                MAX_NUMBER_OF_EVENT
+#define WDS_LINK_START_WCID                            (MAX_LEN_OF_MAC_TABLE-1)
+
+#define NUM_OF_TID                     8
+#define MAX_AID_BA                    4
+#define MAX_LEN_OF_BA_REC_TABLE          ((NUM_OF_TID * MAX_LEN_OF_MAC_TABLE)/2)//   (NUM_OF_TID*MAX_AID_BA + 32)       //Block ACK recipient
+#define MAX_LEN_OF_BA_ORI_TABLE          ((NUM_OF_TID * MAX_LEN_OF_MAC_TABLE)/2)//   (NUM_OF_TID*MAX_AID_BA + 32)   // Block ACK originator
+#define MAX_LEN_OF_BSS_TABLE             64
+#define MAX_REORDERING_MPDU_NUM                         512
+
+// key related definitions
+#define SHARE_KEY_NUM                   4
+#define MAX_LEN_OF_SHARE_KEY            16    // byte count
+#define MAX_LEN_OF_PEER_KEY             16    // byte count
+#define PAIRWISE_KEY_NUM                64    // in MAC ASIC pairwise key table
+#define GROUP_KEY_NUM                   4
+#define PMK_LEN                         32
+#define WDS_PAIRWISE_KEY_OFFSET         60    // WDS links uses pairwise key#60 ~ 63 in ASIC pairwise key table
+#define        PMKID_NO                        4     // Number of PMKID saved supported
+#define MAX_LEN_OF_MLME_BUFFER          2048
+
+// power status related definitions
+#define PWR_ACTIVE                      0
+#define PWR_SAVE                        1
+#define PWR_MMPS                        2                      //MIMO power save
+//#define PWR_UNKNOWN                   2
+
+// Auth and Assoc mode related definitions
+#define AUTH_MODE_OPEN                  0x00
+#define AUTH_MODE_KEY                   0x01
+//#define AUTH_MODE_AUTO_SWITCH         0x03
+//#define AUTH_MODE_DEAUTH              0x04
+//#define AUTH_MODE_UPLAYER             0x05 // reserved for 802.11i use
+
+// BSS Type definitions
+#define BSS_ADHOC                       0  // = Ndis802_11IBSS
+#define BSS_INFRA                       1  // = Ndis802_11Infrastructure
+#define BSS_ANY                         2  // = Ndis802_11AutoUnknown
+#define BSS_MONITOR                                3  // = Ndis802_11Monitor
+
+
+// Reason code definitions
+#define REASON_RESERVED                 0
+#define REASON_UNSPECIFY                1
+#define REASON_NO_LONGER_VALID          2
+#define REASON_DEAUTH_STA_LEAVING       3
+#define REASON_DISASSOC_INACTIVE        4
+#define REASON_DISASSPC_AP_UNABLE       5
+#define REASON_CLS2ERR                  6
+#define REASON_CLS3ERR                  7
+#define REASON_DISASSOC_STA_LEAVING     8
+#define REASON_STA_REQ_ASSOC_NOT_AUTH   9
+#define REASON_INVALID_IE               13
+#define REASON_MIC_FAILURE              14
+#define REASON_4_WAY_TIMEOUT            15
+#define REASON_GROUP_KEY_HS_TIMEOUT     16
+#define REASON_IE_DIFFERENT             17
+#define REASON_MCIPHER_NOT_VALID        18
+#define REASON_UCIPHER_NOT_VALID        19
+#define REASON_AKMP_NOT_VALID           20
+#define REASON_UNSUPPORT_RSNE_VER       21
+#define REASON_INVALID_RSNE_CAP         22
+#define REASON_8021X_AUTH_FAIL          23
+#define REASON_CIPHER_SUITE_REJECTED    24
+#define REASON_DECLINED                 37
+
+#define REASON_QOS_UNSPECIFY              32
+#define REASON_QOS_LACK_BANDWIDTH         33
+#define REASON_POOR_CHANNEL_CONDITION     34
+#define REASON_QOS_OUTSIDE_TXOP_LIMITION  35
+#define REASON_QOS_QSTA_LEAVING_QBSS      36
+#define REASON_QOS_UNWANTED_MECHANISM     37
+#define REASON_QOS_MECH_SETUP_REQUIRED    38
+#define REASON_QOS_REQUEST_TIMEOUT        39
+#define REASON_QOS_CIPHER_NOT_SUPPORT     45
+
+// Status code definitions
+#define MLME_SUCCESS                    0
+#define MLME_UNSPECIFY_FAIL             1
+#define MLME_CANNOT_SUPPORT_CAP         10
+#define MLME_REASSOC_DENY_ASSOC_EXIST   11
+#define MLME_ASSOC_DENY_OUT_SCOPE       12
+#define MLME_ALG_NOT_SUPPORT            13
+#define MLME_SEQ_NR_OUT_OF_SEQUENCE     14
+#define MLME_REJ_CHALLENGE_FAILURE      15
+#define MLME_REJ_TIMEOUT                  16
+#define MLME_ASSOC_REJ_UNABLE_HANDLE_STA  17
+#define MLME_ASSOC_REJ_DATA_RATE          18
+
+#define MLME_ASSOC_REJ_NO_EXT_RATE        22
+#define MLME_ASSOC_REJ_NO_EXT_RATE_PBCC   23
+#define MLME_ASSOC_REJ_NO_CCK_OFDM        24
+
+#define MLME_QOS_UNSPECIFY                32
+#define MLME_REQUEST_DECLINED             37
+#define MLME_REQUEST_WITH_INVALID_PARAM   38
+#define MLME_INVALID_GROUP_CIPHER        41
+#define MLME_INVALID_PAIRWISE_CIPHER     42
+#define MLME_INVALID_AKMP                        43
+#define MLME_DLS_NOT_ALLOW_IN_QBSS        48
+#define MLME_DEST_STA_NOT_IN_QBSS         49
+#define MLME_DEST_STA_IS_NOT_A_QSTA       50
+
+#define MLME_INVALID_FORMAT             0x51
+#define MLME_FAIL_NO_RESOURCE           0x52
+#define MLME_STATE_MACHINE_REJECT       0x53
+#define MLME_MAC_TABLE_FAIL             0x54
+
+// IE code
+#define IE_SSID                         0
+#define IE_SUPP_RATES                   1
+#define IE_FH_PARM                      2
+#define IE_DS_PARM                      3
+#define IE_CF_PARM                      4
+#define IE_TIM                          5
+#define IE_IBSS_PARM                    6
+#define IE_COUNTRY                      7     // 802.11d
+#define IE_802_11D_REQUEST              10    // 802.11d
+#define IE_QBSS_LOAD                    11    // 802.11e d9
+#define IE_EDCA_PARAMETER               12    // 802.11e d9
+#define IE_TSPEC                        13    // 802.11e d9
+#define IE_TCLAS                        14    // 802.11e d9
+#define IE_SCHEDULE                     15    // 802.11e d9
+#define IE_CHALLENGE_TEXT               16
+#define IE_POWER_CONSTRAINT             32    // 802.11h d3.3
+#define IE_POWER_CAPABILITY             33    // 802.11h d3.3
+#define IE_TPC_REQUEST                  34    // 802.11h d3.3
+#define IE_TPC_REPORT                   35    // 802.11h d3.3
+#define IE_SUPP_CHANNELS                36    // 802.11h d3.3
+#define IE_CHANNEL_SWITCH_ANNOUNCEMENT  37    // 802.11h d3.3
+#define IE_MEASUREMENT_REQUEST          38    // 802.11h d3.3
+#define IE_MEASUREMENT_REPORT           39    // 802.11h d3.3
+#define IE_QUIET                        40    // 802.11h d3.3
+#define IE_IBSS_DFS                     41    // 802.11h d3.3
+#define IE_ERP                          42    // 802.11g
+#define IE_TS_DELAY                     43    // 802.11e d9
+#define IE_TCLAS_PROCESSING             44    // 802.11e d9
+#define IE_QOS_CAPABILITY               46    // 802.11e d6
+#define IE_HT_CAP                       45    // 802.11n d1. HT CAPABILITY. ELEMENT ID TBD
+#define IE_AP_CHANNEL_REPORT                   51    // 802.11k d6
+#define IE_HT_CAP2                         52    // 802.11n d1. HT CAPABILITY. ELEMENT ID TBD
+#define IE_RSN                          48    // 802.11i d3.0
+#define IE_WPA2                         48    // WPA2
+#define IE_EXT_SUPP_RATES               50    // 802.11g
+#define IE_SUPP_REG_CLASS               59    // 802.11y. Supported regulatory classes.
+#define IE_EXT_CHANNEL_SWITCH_ANNOUNCEMENT     60      // 802.11n
+#define IE_ADD_HT                         61    // 802.11n d1. ADDITIONAL HT CAPABILITY. ELEMENT ID TBD
+#define IE_ADD_HT2                        53    // 802.11n d1. ADDITIONAL HT CAPABILITY. ELEMENT ID TBD
+
+
+// For 802.11n D3.03
+//#define IE_NEW_EXT_CHA_OFFSET             62    // 802.11n d1. New extension channel offset elemet
+#define IE_SECONDARY_CH_OFFSET         62      // 802.11n D3.03        Secondary Channel Offset element
+#define IE_WAPI                                                        68              // WAPI information element
+#define IE_2040_BSS_COEXIST               72    // 802.11n D3.0.3
+#define IE_2040_BSS_INTOLERANT_REPORT     73    // 802.11n D3.03
+#define IE_OVERLAPBSS_SCAN_PARM           74    // 802.11n D3.03
+#define IE_EXT_CAPABILITY                127   // 802.11n D3.03
+
+
+#define IE_WPA                          221   // WPA
+#define IE_VENDOR_SPECIFIC              221   // Wifi WMM (WME)
+
+#define OUI_BROADCOM_HT              51   //
+#define OUI_BROADCOM_HTADD              52   //
+#define OUI_PREN_HT_CAP              51   //
+#define OUI_PREN_ADD_HT              52   //
+
+// CCX information
+#define IE_AIRONET_CKIP                 133   // CCX1.0 ID 85H for CKIP
+#define IE_AP_TX_POWER                  150   // CCX 2.0 for AP transmit power
+#define IE_MEASUREMENT_CAPABILITY       221   // CCX 2.0
+#define IE_CCX_V2                       221
+#define IE_AIRONET_IPADDRESS            149   // CCX ID 95H for IP Address
+#define IE_AIRONET_CCKMREASSOC          156   // CCX ID 9CH for CCKM Reassociation Request element
+#define CKIP_NEGOTIATION_LENGTH         30
+#define AIRONET_IPADDRESS_LENGTH        10
+#define AIRONET_CCKMREASSOC_LENGTH      24
+
+// ========================================================
+// MLME state machine definition
+// ========================================================
+
+// STA MLME state mahcines
+#define ASSOC_STATE_MACHINE             1
+#define AUTH_STATE_MACHINE              2
+#define AUTH_RSP_STATE_MACHINE          3
+#define SYNC_STATE_MACHINE              4
+#define MLME_CNTL_STATE_MACHINE         5
+#define WPA_PSK_STATE_MACHINE           6
+//#define LEAP_STATE_MACHINE              7
+#define AIRONET_STATE_MACHINE           8
+#define ACTION_STATE_MACHINE           9
+
+// AP MLME state machines
+#define AP_ASSOC_STATE_MACHINE          11
+#define AP_AUTH_STATE_MACHINE           12
+#define AP_SYNC_STATE_MACHINE           14
+#define AP_CNTL_STATE_MACHINE           15
+#define WSC_STATE_MACHINE            17
+#define WSC_UPNP_STATE_MACHINE             18
+
+
+#define WPA_STATE_MACHINE                      23
+
+
+#ifdef QOS_DLS_SUPPORT
+#define DLS_STATE_MACHINE               26
+#endif // QOS_DLS_SUPPORT //
+
+//
+// STA's CONTROL/CONNECT state machine: states, events, total function #
+//
+#define CNTL_IDLE                       0
+#define CNTL_WAIT_DISASSOC              1
+#define CNTL_WAIT_JOIN                  2
+#define CNTL_WAIT_REASSOC               3
+#define CNTL_WAIT_START                 4
+#define CNTL_WAIT_AUTH                  5
+#define CNTL_WAIT_ASSOC                 6
+#define CNTL_WAIT_AUTH2                 7
+#define CNTL_WAIT_OID_LIST_SCAN         8
+#define CNTL_WAIT_OID_DISASSOC          9
+
+#define MT2_ASSOC_CONF                  34
+#define MT2_AUTH_CONF                   35
+#define MT2_DEAUTH_CONF                 36
+#define MT2_DISASSOC_CONF               37
+#define MT2_REASSOC_CONF                38
+#define MT2_PWR_MGMT_CONF               39
+#define MT2_JOIN_CONF                   40
+#define MT2_SCAN_CONF                   41
+#define MT2_START_CONF                  42
+#define MT2_GET_CONF                    43
+#define MT2_SET_CONF                    44
+#define MT2_RESET_CONF                  45
+#define MT2_FT_OTD_CONF                                        46
+#define MT2_MLME_ROAMING_REQ            52
+
+#define CNTL_FUNC_SIZE                  1
+
+//
+// STA's ASSOC state machine: states, events, total function #
+//
+#define ASSOC_IDLE                      0
+#define ASSOC_WAIT_RSP                  1
+#define REASSOC_WAIT_RSP                2
+#define DISASSOC_WAIT_RSP               3
+#define MAX_ASSOC_STATE                 4
+
+#define ASSOC_MACHINE_BASE              0
+#define MT2_MLME_ASSOC_REQ              0
+#define MT2_MLME_REASSOC_REQ            1
+#define MT2_MLME_DISASSOC_REQ           2
+#define MT2_PEER_DISASSOC_REQ           3
+#define MT2_PEER_ASSOC_REQ              4
+#define MT2_PEER_ASSOC_RSP              5
+#define MT2_PEER_REASSOC_REQ            6
+#define MT2_PEER_REASSOC_RSP            7
+#define MT2_DISASSOC_TIMEOUT            8
+#define MT2_ASSOC_TIMEOUT               9
+#define MT2_REASSOC_TIMEOUT             10
+#define MAX_ASSOC_MSG                   11
+
+#define ASSOC_FUNC_SIZE                 (MAX_ASSOC_STATE * MAX_ASSOC_MSG)
+
+//
+// ACT state machine: states, events, total function #
+//
+#define ACT_IDLE                      0
+#define MAX_ACT_STATE                 1
+
+#define ACT_MACHINE_BASE              0
+
+//Those PEER_xx_CATE number is based on real Categary value in IEEE spec. Please don'es modify it by your self.
+//Category
+#define MT2_PEER_SPECTRUM_CATE              0
+#define MT2_PEER_QOS_CATE              1
+#define MT2_PEER_DLS_CATE             2
+#define MT2_PEER_BA_CATE             3
+#define MT2_PEER_PUBLIC_CATE             4
+#define MT2_PEER_RM_CATE             5
+/* "FT_CATEGORY_BSS_TRANSITION equal to 6" is defined file of "dot11r_ft.h" */
+#define MT2_PEER_HT_CATE             7 //      7.4.7
+#define MAX_PEER_CATE_MSG                   7
+
+
+#define MT2_MLME_ADD_BA_CATE             8
+#define MT2_MLME_ORI_DELBA_CATE             9
+#define MT2_MLME_REC_DELBA_CATE             10
+#define MT2_MLME_QOS_CATE              11
+#define MT2_MLME_DLS_CATE             12
+#define MT2_ACT_INVALID             13
+
+#define MAX_ACT_MSG                   14
+
+
+//Category field
+#define CATEGORY_SPECTRUM              0
+#define CATEGORY_QOS                   1
+#define CATEGORY_DLS                   2
+#define CATEGORY_BA                    3
+#define CATEGORY_PUBLIC                4
+#define CATEGORY_RM                    5
+#define CATEGORY_HT                    7
+
+
+// DLS Action frame definition
+#define ACTION_DLS_REQUEST                     0
+#define ACTION_DLS_RESPONSE                    1
+#define ACTION_DLS_TEARDOWN                    2
+
+//Spectrum  Action field value 802.11h 7.4.1
+#define SPEC_MRQ       0       // Request
+#define SPEC_MRP       1       //Report
+#define SPEC_TPCRQ     2
+#define SPEC_TPCRP     3
+#define SPEC_CHANNEL_SWITCH    4
+
+
+//BA  Action field value
+#define ADDBA_REQ      0
+#define ADDBA_RESP     1
+#define DELBA   2
+
+//Public's  Action field value in Public Category.  Some in 802.11y and some in 11n
+#define ACTION_BSS_2040_COEXIST                                0       // 11n
+#define ACTION_DSE_ENABLEMENT                                  1       // 11y D9.0
+#define ACTION_DSE_DEENABLEMENT                                2       // 11y D9.0
+#define ACTION_DSE_REG_LOCATION_ANNOUNCE       3       // 11y D9.0
+#define ACTION_EXT_CH_SWITCH_ANNOUNCE          4       // 11y D9.0
+#define ACTION_DSE_MEASUREMENT_REQ                     5       // 11y D9.0
+#define ACTION_DSE_MEASUREMENT_REPORT          6       // 11y D9.0
+#define ACTION_MEASUREMENT_PILOT_ACTION                7       // 11y D9.0
+#define ACTION_DSE_POWER_CONSTRAINT                    8       // 11y D9.0
+
+
+//HT  Action field value
+#define NOTIFY_BW_ACTION                               0
+#define SMPS_ACTION                                            1
+#define PSMP_ACTION                                    2
+#define SETPCO_ACTION                                  3
+#define MIMO_CHA_MEASURE_ACTION                        4
+#define MIMO_N_BEACONFORM                              5
+#define MIMO_BEACONFORM                                        6
+#define ANTENNA_SELECT                                 7
+#define HT_INFO_EXCHANGE                               8
+
+#define ACT_FUNC_SIZE                 (MAX_ACT_STATE * MAX_ACT_MSG)
+//
+// STA's AUTHENTICATION state machine: states, evvents, total function #
+//
+#define AUTH_REQ_IDLE                   0
+#define AUTH_WAIT_SEQ2                  1
+#define AUTH_WAIT_SEQ4                  2
+#define MAX_AUTH_STATE                  3
+
+#define AUTH_MACHINE_BASE               0
+#define MT2_MLME_AUTH_REQ               0
+#define MT2_PEER_AUTH_EVEN              1
+#define MT2_AUTH_TIMEOUT                2
+#define MAX_AUTH_MSG                    3
+
+#define AUTH_FUNC_SIZE                  (MAX_AUTH_STATE * MAX_AUTH_MSG)
+
+//
+// STA's AUTH_RSP state machine: states, events, total function #
+//
+#define AUTH_RSP_IDLE                   0
+#define AUTH_RSP_WAIT_CHAL              1
+#define MAX_AUTH_RSP_STATE              2
+
+#define AUTH_RSP_MACHINE_BASE           0
+#define MT2_AUTH_CHALLENGE_TIMEOUT      0
+#define MT2_PEER_AUTH_ODD               1
+#define MT2_PEER_DEAUTH                 2
+#define MAX_AUTH_RSP_MSG                3
+
+#define AUTH_RSP_FUNC_SIZE              (MAX_AUTH_RSP_STATE * MAX_AUTH_RSP_MSG)
+
+//
+// STA's SYNC state machine: states, events, total function #
+//
+#define SYNC_IDLE                       0  // merge NO_BSS,IBSS_IDLE,IBSS_ACTIVE and BSS in to 1 state
+#define JOIN_WAIT_BEACON                1
+#define SCAN_LISTEN                     2
+#define MAX_SYNC_STATE                  3
+
+#define SYNC_MACHINE_BASE               0
+#define MT2_MLME_SCAN_REQ               0
+#define MT2_MLME_JOIN_REQ               1
+#define MT2_MLME_START_REQ              2
+#define MT2_PEER_BEACON                 3
+#define MT2_PEER_PROBE_RSP              4
+#define MT2_PEER_ATIM                   5
+#define MT2_SCAN_TIMEOUT                6
+#define MT2_BEACON_TIMEOUT              7
+#define MT2_ATIM_TIMEOUT                8
+#define MT2_PEER_PROBE_REQ              9
+#define MAX_SYNC_MSG                    10
+
+#define SYNC_FUNC_SIZE                  (MAX_SYNC_STATE * MAX_SYNC_MSG)
+
+//Messages for the DLS state machine
+#define DLS_IDLE                                               0
+#define MAX_DLS_STATE                                  1
+
+#define DLS_MACHINE_BASE                               0
+#define MT2_MLME_DLS_REQ                           0
+#define MT2_PEER_DLS_REQ                           1
+#define MT2_PEER_DLS_RSP                           2
+#define MT2_MLME_DLS_TEAR_DOWN             3
+#define MT2_PEER_DLS_TEAR_DOWN             4
+#define MAX_DLS_MSG                                    5
+
+#define DLS_FUNC_SIZE                                  (MAX_DLS_STATE * MAX_DLS_MSG)
+
+//
+// WSC State machine: states, events, total function #
+//
+
+//
+// AP's CONTROL/CONNECT state machine: states, events, total function #
+//
+#define AP_CNTL_FUNC_SIZE               1
+
+//
+// AP's ASSOC state machine: states, events, total function #
+//
+#define AP_ASSOC_IDLE                   0
+#define AP_MAX_ASSOC_STATE              1
+
+#define AP_ASSOC_MACHINE_BASE           0
+#define APMT2_MLME_DISASSOC_REQ         0
+#define APMT2_PEER_DISASSOC_REQ         1
+#define APMT2_PEER_ASSOC_REQ            2
+#define APMT2_PEER_REASSOC_REQ          3
+#define APMT2_CLS3ERR                   4
+#define AP_MAX_ASSOC_MSG                5
+
+#define AP_ASSOC_FUNC_SIZE              (AP_MAX_ASSOC_STATE * AP_MAX_ASSOC_MSG)
+
+//
+// AP's AUTHENTICATION state machine: states, events, total function #
+//
+#define AP_AUTH_REQ_IDLE                0
+#define AP_MAX_AUTH_STATE               1
+
+#define AP_AUTH_MACHINE_BASE            0
+#define APMT2_MLME_DEAUTH_REQ           0
+#define APMT2_CLS2ERR                   1
+#define APMT2_PEER_DEAUTH                              2
+#define APMT2_PEER_AUTH_REQ                            3
+#define APMT2_PEER_AUTH_CONFIRM                        4
+#define AP_MAX_AUTH_MSG                 5
+
+#define AP_AUTH_FUNC_SIZE               (AP_MAX_AUTH_STATE * AP_MAX_AUTH_MSG)
+
+//
+// AP's SYNC state machine: states, events, total function #
+//
+#define AP_SYNC_IDLE                    0
+#define AP_SCAN_LISTEN                                 1
+#define AP_MAX_SYNC_STATE               2
+
+#define AP_SYNC_MACHINE_BASE            0
+#define APMT2_PEER_PROBE_REQ            0
+#define APMT2_PEER_BEACON               1
+#define APMT2_MLME_SCAN_REQ                            2
+#define APMT2_PEER_PROBE_RSP                   3
+#define APMT2_SCAN_TIMEOUT                             4
+#define APMT2_MLME_SCAN_CNCL                   5
+#define AP_MAX_SYNC_MSG                 6
+
+#define AP_SYNC_FUNC_SIZE               (AP_MAX_SYNC_STATE * AP_MAX_SYNC_MSG)
+
+//
+// Common WPA state machine: states, events, total function #
+//
+#define WPA_PTK                      0
+#define MAX_WPA_PTK_STATE            1
+
+#define WPA_MACHINE_BASE             0
+#define MT2_EAPPacket                0
+#define MT2_EAPOLStart               1
+#define MT2_EAPOLLogoff              2
+#define MT2_EAPOLKey                 3
+#define MT2_EAPOLASFAlert            4
+#define MAX_WPA_MSG                  5
+
+#define WPA_FUNC_SIZE                (MAX_WPA_PTK_STATE * MAX_WPA_MSG)
+
+#ifdef APCLI_SUPPORT
+//ApCli authentication state machine
+#define APCLI_AUTH_REQ_IDLE                0
+#define APCLI_AUTH_WAIT_SEQ2               1
+#define APCLI_AUTH_WAIT_SEQ4               2
+#define APCLI_MAX_AUTH_STATE               3
+
+#define APCLI_AUTH_MACHINE_BASE            0
+#define APCLI_MT2_MLME_AUTH_REQ            0
+#define APCLI_MT2_MLME_DEAUTH_REQ          1
+#define APCLI_MT2_PEER_AUTH_EVEN           2
+#define APCLI_MT2_PEER_DEAUTH              3
+#define APCLI_MT2_AUTH_TIMEOUT             4
+#define APCLI_MAX_AUTH_MSG                 5
+
+#define APCLI_AUTH_FUNC_SIZE               (APCLI_MAX_AUTH_STATE * APCLI_MAX_AUTH_MSG)
+
+//ApCli association state machine
+#define APCLI_ASSOC_IDLE                   0
+#define APCLI_ASSOC_WAIT_RSP               1
+#define APCLI_MAX_ASSOC_STATE              2
+
+#define APCLI_ASSOC_MACHINE_BASE           0
+#define APCLI_MT2_MLME_ASSOC_REQ           0
+#define APCLI_MT2_MLME_DISASSOC_REQ        1
+#define APCLI_MT2_PEER_DISASSOC_REQ        2
+#define APCLI_MT2_PEER_ASSOC_RSP           3
+#define APCLI_MT2_ASSOC_TIMEOUT            4
+#define APCLI_MAX_ASSOC_MSG                5
+
+#define APCLI_ASSOC_FUNC_SIZE              (APCLI_MAX_ASSOC_STATE * APCLI_MAX_ASSOC_MSG)
+
+//ApCli sync state machine
+#define APCLI_SYNC_IDLE                   0  // merge NO_BSS,IBSS_IDLE,IBSS_ACTIVE and BSS in to 1 state
+#define APCLI_JOIN_WAIT_PROBE_RSP         1
+#define APCLI_MAX_SYNC_STATE              2
+
+#define APCLI_SYNC_MACHINE_BASE           0
+#define APCLI_MT2_MLME_PROBE_REQ          0
+#define APCLI_MT2_PEER_PROBE_RSP          1
+#define APCLI_MT2_PROBE_TIMEOUT           2
+#define APCLI_MAX_SYNC_MSG                3
+
+#define APCLI_SYNC_FUNC_SIZE              (APCLI_MAX_SYNC_STATE * APCLI_MAX_SYNC_MSG)
+
+//ApCli ctrl state machine
+#define APCLI_CTRL_DISCONNECTED           0  // merge NO_BSS,IBSS_IDLE,IBSS_ACTIVE and BSS in to 1 state
+#define APCLI_CTRL_PROBE                  1
+#define APCLI_CTRL_AUTH                   2
+#define APCLI_CTRL_AUTH_2                 3
+#define APCLI_CTRL_ASSOC                  4
+#define APCLI_CTRL_DEASSOC                5
+#define APCLI_CTRL_CONNECTED              6
+#define APCLI_MAX_CTRL_STATE              7
+
+#define APCLI_CTRL_MACHINE_BASE           0
+#define APCLI_CTRL_JOIN_REQ               0
+#define APCLI_CTRL_PROBE_RSP              1
+#define APCLI_CTRL_AUTH_RSP               2
+#define APCLI_CTRL_DISCONNECT_REQ         3
+#define APCLI_CTRL_PEER_DISCONNECT_REQ    4
+#define APCLI_CTRL_ASSOC_RSP              5
+#define APCLI_CTRL_DEASSOC_RSP            6
+#define APCLI_CTRL_JOIN_REQ_TIMEOUT       7
+#define APCLI_CTRL_AUTH_REQ_TIMEOUT       8
+#define APCLI_CTRL_ASSOC_REQ_TIMEOUT      9
+#define APCLI_MAX_CTRL_MSG                10
+
+#define APCLI_CTRL_FUNC_SIZE              (APCLI_MAX_CTRL_STATE * APCLI_MAX_CTRL_MSG)
+
+
+#endif // APCLI_SUPPORT //
+
+
+// =============================================================================
+
+// value domain of 802.11 header FC.Tyte, which is b3..b2 of the 1st-byte of MAC header
+#define BTYPE_MGMT                  0
+#define BTYPE_CNTL                  1
+#define BTYPE_DATA                  2
+
+// value domain of 802.11 MGMT frame's FC.subtype, which is b7..4 of the 1st-byte of MAC header
+#define SUBTYPE_ASSOC_REQ           0
+#define SUBTYPE_ASSOC_RSP           1
+#define SUBTYPE_REASSOC_REQ         2
+#define SUBTYPE_REASSOC_RSP         3
+#define SUBTYPE_PROBE_REQ           4
+#define SUBTYPE_PROBE_RSP           5
+#define SUBTYPE_BEACON              8
+#define SUBTYPE_ATIM                9
+#define SUBTYPE_DISASSOC            10
+#define SUBTYPE_AUTH                11
+#define SUBTYPE_DEAUTH              12
+#define SUBTYPE_ACTION              13
+#define SUBTYPE_ACTION_NO_ACK              14
+
+// value domain of 802.11 CNTL frame's FC.subtype, which is b7..4 of the 1st-byte of MAC header
+#define SUBTYPE_WRAPPER                7
+#define SUBTYPE_BLOCK_ACK_REQ       8
+#define SUBTYPE_BLOCK_ACK           9
+#define SUBTYPE_PS_POLL             10
+#define SUBTYPE_RTS                 11
+#define SUBTYPE_CTS                 12
+#define SUBTYPE_ACK                 13
+#define SUBTYPE_CFEND               14
+#define SUBTYPE_CFEND_CFACK         15
+
+// value domain of 802.11 DATA frame's FC.subtype, which is b7..4 of the 1st-byte of MAC header
+#define SUBTYPE_DATA                0
+#define SUBTYPE_DATA_CFACK          1
+#define SUBTYPE_DATA_CFPOLL         2
+#define SUBTYPE_DATA_CFACK_CFPOLL   3
+#define SUBTYPE_NULL_FUNC           4
+#define SUBTYPE_CFACK               5
+#define SUBTYPE_CFPOLL              6
+#define SUBTYPE_CFACK_CFPOLL        7
+#define SUBTYPE_QDATA               8
+#define SUBTYPE_QDATA_CFACK         9
+#define SUBTYPE_QDATA_CFPOLL        10
+#define SUBTYPE_QDATA_CFACK_CFPOLL  11
+#define SUBTYPE_QOS_NULL            12
+#define SUBTYPE_QOS_CFACK           13
+#define SUBTYPE_QOS_CFPOLL          14
+#define SUBTYPE_QOS_CFACK_CFPOLL    15
+
+// ACK policy of QOS Control field bit 6:5
+#define NORMAL_ACK                  0x00  // b6:5 = 00
+#define NO_ACK                      0x20  // b6:5 = 01
+#define NO_EXPLICIT_ACK             0x40  // b6:5 = 10
+#define BLOCK_ACK                   0x60  // b6:5 = 11
+
+//
+// rtmp_data.c use these definition
+//
+#define LENGTH_802_11               24
+#define LENGTH_802_11_AND_H         30
+#define LENGTH_802_11_CRC_H         34
+#define LENGTH_802_11_CRC           28
+#define LENGTH_802_11_WITH_ADDR4    30
+#define LENGTH_802_3                14
+#define LENGTH_802_3_TYPE           2
+#define LENGTH_802_1_H              8
+#define LENGTH_EAPOL_H              4
+#define LENGTH_WMMQOS_H                                2
+#define LENGTH_CRC                  4
+#define MAX_SEQ_NUMBER              0x0fff
+#define LENGTH_802_3_NO_TYPE           12
+#define LENGTH_802_1Q                          4 /* VLAN related */
+
+// STA_CSR4.field.TxResult
+#define TX_RESULT_SUCCESS           0
+#define TX_RESULT_ZERO_LENGTH       1
+#define TX_RESULT_UNDER_RUN         2
+#define TX_RESULT_OHY_ERROR         4
+#define TX_RESULT_RETRY_FAIL        6
+
+// All PHY rate summary in TXD
+// Preamble MODE in TxD
+#define MODE_CCK       0
+#define MODE_OFDM   1
+#ifdef DOT11_N_SUPPORT
+#define MODE_HTMIX     2
+#define MODE_HTGREENFIELD      3
+#endif // DOT11_N_SUPPORT //
+// MCS for CCK.  BW.SGI.STBC are reserved
+#define MCS_LONGP_RATE_1                      0         // long preamble CCK 1Mbps
+#define MCS_LONGP_RATE_2                      1        // long preamble CCK 1Mbps
+#define MCS_LONGP_RATE_5_5                    2
+#define MCS_LONGP_RATE_11                     3
+#define MCS_SHORTP_RATE_1                      4        // long preamble CCK 1Mbps. short is forbidden in 1Mbps
+#define MCS_SHORTP_RATE_2                      5       // short preamble CCK 2Mbps
+#define MCS_SHORTP_RATE_5_5                    6
+#define MCS_SHORTP_RATE_11                     7
+// To send duplicate legacy OFDM. set BW=BW_40.  SGI.STBC are reserved
+#define MCS_RATE_6                      0   // legacy OFDM
+#define MCS_RATE_9                      1   // OFDM
+#define MCS_RATE_12                     2   // OFDM
+#define MCS_RATE_18                     3   // OFDM
+#define MCS_RATE_24                     4  // OFDM
+#define MCS_RATE_36                     5   // OFDM
+#define MCS_RATE_48                     6  // OFDM
+#define MCS_RATE_54                     7 // OFDM
+// HT
+#define MCS_0          0       // 1S
+#define MCS_1          1
+#define MCS_2          2
+#define MCS_3          3
+#define MCS_4          4
+#define MCS_5          5
+#define MCS_6          6
+#define MCS_7          7
+#define MCS_8          8       // 2S
+#define MCS_9          9
+#define MCS_10         10
+#define MCS_11         11
+#define MCS_12         12
+#define MCS_13         13
+#define MCS_14         14
+#define MCS_15         15
+#define MCS_16         16      // 3*3
+#define MCS_17         17
+#define MCS_18         18
+#define MCS_19         19
+#define MCS_20         20
+#define MCS_21         21
+#define MCS_22         22
+#define MCS_23         23
+#define MCS_32         32
+#define MCS_AUTO               33
+
+#ifdef DOT11_N_SUPPORT
+// OID_HTPHYMODE
+// MODE
+#define HTMODE_MM      0
+#define HTMODE_GF      1
+#endif // DOT11_N_SUPPORT //
+
+// Fixed Tx MODE - HT, CCK or OFDM
+#define FIXED_TXMODE_HT                0
+#define FIXED_TXMODE_CCK       1
+#define FIXED_TXMODE_OFDM      2
+// BW
+#define BW_20          BAND_WIDTH_20
+#define BW_40          BAND_WIDTH_40
+#define BW_BOTH                BAND_WIDTH_BOTH
+#define BW_10          BAND_WIDTH_10   // 802.11j has 10MHz. This definition is for internal usage. doesn't fill in the IE or other field.
+
+#ifdef DOT11_N_SUPPORT
+// SHORTGI
+#define GI_400         GAP_INTERVAL_400        // only support in HT mode
+#define GI_BOTH                GAP_INTERVAL_BOTH
+#endif // DOT11_N_SUPPORT //
+#define GI_800         GAP_INTERVAL_800
+// STBC
+#define STBC_NONE      0
+#ifdef DOT11_N_SUPPORT
+#define STBC_USE       1       // limited use in rt2860b phy
+#define RXSTBC_ONE     1       // rx support of one spatial stream
+#define RXSTBC_TWO     2       // rx support of 1 and 2 spatial stream
+#define RXSTBC_THR     3       // rx support of 1~3 spatial stream
+// MCS FEEDBACK
+#define MCSFBK_NONE    0  // not support mcs feedback /
+#define MCSFBK_RSV     1       // reserved
+#define MCSFBK_UNSOLICIT       2       // only support unsolict mcs feedback
+#define MCSFBK_MRQ     3       // response to both MRQ and unsolict mcs feedback
+
+// MIMO power safe
+#define        MMPS_STATIC     0
+#define        MMPS_DYNAMIC            1
+#define   MMPS_RSV             2
+#define MMPS_ENABLE            3
+
+
+// A-MSDU size
+#define        AMSDU_0 0
+#define        AMSDU_1         1
+
+#endif // DOT11_N_SUPPORT //
+
+// MCS use 7 bits
+#define TXRATEMIMO             0x80
+#define TXRATEMCS              0x7F
+#define TXRATEOFDM             0x7F
+#define RATE_1                      0
+#define RATE_2                      1
+#define RATE_5_5                    2
+#define RATE_11                     3
+#define RATE_6                      4   // OFDM
+#define RATE_9                      5   // OFDM
+#define RATE_12                     6   // OFDM
+#define RATE_18                     7   // OFDM
+#define RATE_24                     8   // OFDM
+#define RATE_36                     9   // OFDM
+#define RATE_48                     10  // OFDM
+#define RATE_54                     11  // OFDM
+#define RATE_FIRST_OFDM_RATE        RATE_6
+#define RATE_LAST_OFDM_RATE            RATE_54
+#define RATE_6_5                    12  // HT mix
+#define RATE_13                     13  // HT mix
+#define RATE_19_5                   14  // HT mix
+#define RATE_26                     15  // HT mix
+#define RATE_39                     16  // HT mix
+#define RATE_52                     17  // HT mix
+#define RATE_58_5                   18  // HT mix
+#define RATE_65                     19  // HT mix
+#define RATE_78                     20  // HT mix
+#define RATE_104                    21  // HT mix
+#define RATE_117                    22  // HT mix
+#define RATE_130                    23  // HT mix
+//#define RATE_AUTO_SWITCH            255 // for StaCfg.FixedTxRate only
+#define HTRATE_0                      12
+#define RATE_FIRST_MM_RATE        HTRATE_0
+#define RATE_FIRST_HT_RATE        HTRATE_0
+#define RATE_LAST_HT_RATE        HTRATE_0
+
+// pTxWI->txop
+#define IFS_HTTXOP                 0   // The txop will be handles by ASIC.
+#define IFS_PIFS                    1
+#define IFS_SIFS                    2
+#define IFS_BACKOFF                 3
+
+// pTxD->RetryMode
+#define LONG_RETRY                  1
+#define SHORT_RETRY                 0
+
+// Country Region definition
+#define REGION_MINIMUM_BG_BAND            0
+#define REGION_0_BG_BAND                  0       // 1-11
+#define REGION_1_BG_BAND                  1       // 1-13
+#define REGION_2_BG_BAND                  2       // 10-11
+#define REGION_3_BG_BAND                  3       // 10-13
+#define REGION_4_BG_BAND                  4       // 14
+#define REGION_5_BG_BAND                  5       // 1-14
+#define REGION_6_BG_BAND                  6       // 3-9
+#define REGION_7_BG_BAND                  7       // 5-13
+#define REGION_31_BG_BAND                 31       // 5-13
+#define REGION_MAXIMUM_BG_BAND            7
+
+#define REGION_MINIMUM_A_BAND             0
+#define REGION_0_A_BAND                   0       // 36, 40, 44, 48, 52, 56, 60, 64, 149, 153, 157, 161, 165
+#define REGION_1_A_BAND                   1       // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140
+#define REGION_2_A_BAND                   2       // 36, 40, 44, 48, 52, 56, 60, 64
+#define REGION_3_A_BAND                   3       // 52, 56, 60, 64, 149, 153, 157, 161
+#define REGION_4_A_BAND                   4       // 149, 153, 157, 161, 165
+#define REGION_5_A_BAND                   5       // 149, 153, 157, 161
+#define REGION_6_A_BAND                   6       // 36, 40, 44, 48
+#define REGION_7_A_BAND                   7       // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165, 169, 173
+#define REGION_8_A_BAND                   8       // 52, 56, 60, 64
+#define REGION_9_A_BAND                   9       // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 132, 136, 140, 149, 153, 157, 161, 165
+#define REGION_10_A_BAND                  10     // 36, 40, 44, 48, 149, 153, 157, 161, 165
+#define REGION_11_A_BAND                  11     // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 149, 153, 157, 161
+#define REGION_12_A_BAND                  12       // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140
+#define REGION_13_A_BAND                  13       // 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161
+#define REGION_14_A_BAND                  14       // 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 136, 140, 149, 153, 157, 161, 165
+#define REGION_15_A_BAND                  15       // 149, 153, 157, 161, 165, 169, 173
+#define REGION_MAXIMUM_A_BAND             15
+
+// pTxD->CipherAlg
+#define CIPHER_NONE                 0
+#define CIPHER_WEP64                1
+#define CIPHER_WEP128               2
+#define CIPHER_TKIP                 3
+#define CIPHER_AES                  4
+#define CIPHER_CKIP64               5
+#define CIPHER_CKIP128              6
+#define CIPHER_TKIP_NO_MIC          7       // MIC appended by driver: not a valid value in hardware key table
+#define CIPHER_SMS4                                    8
+
+
+// LED Status.
+#define LED_LINK_DOWN               0
+#define LED_LINK_UP                 1
+#define LED_RADIO_OFF               2
+#define LED_RADIO_ON                3
+#define LED_HALT                    4
+#define LED_WPS                     5
+#define LED_ON_SITE_SURVEY          6
+#define LED_POWER_UP                7
+
+
+// value domain of pAd->LedCntl.LedMode and E2PROM
+#define LED_MODE_DEFAULT            0
+#define LED_MODE_TWO_LED                       1
+//#define LED_MODE_SIGNAL_STREGTH              8  // EEPROM define =8
+#define LED_MODE_SIGNAL_STREGTH                0x40 // EEPROM define = 64
+
+// RC4 init value, used fro WEP & TKIP
+#define PPPINITFCS32                0xffffffff   /* Initial FCS value */
+
+// value domain of pAd->StaCfg.PortSecured. 802.1X controlled port definition
+#define WPA_802_1X_PORT_SECURED     1
+#define WPA_802_1X_PORT_NOT_SECURED 2
+
+#define PAIRWISE_KEY                1
+#define GROUP_KEY                   2
+
+//definition of DRS
+#define MAX_STEP_OF_TX_RATE_SWITCH     32
+
+
+// pre-allocated free NDIS PACKET/BUFFER poll for internal usage
+#define MAX_NUM_OF_FREE_NDIS_PACKET 128
+
+//Block ACK
+#define MAX_TX_REORDERBUF   64
+#define MAX_RX_REORDERBUF   64
+#define DEFAULT_TX_TIMEOUT   30
+#define DEFAULT_RX_TIMEOUT   30
+
+// definition of Recipient or Originator
+#define I_RECIPIENT                  TRUE
+#define I_ORIGINATOR                   FALSE
+
+#define DEFAULT_BBP_TX_POWER        0
+#define DEFAULT_RF_TX_POWER         5
+
+#define MAX_INI_BUFFER_SIZE            4096
+#define MAX_PARAM_BUFFER_SIZE          (2048) // enough for ACL (18*64)
+                                                                                       //18 : the length of Mac address acceptable format "01:02:03:04:05:06;")
+                                                                                       //64 : MAX_NUM_OF_ACL_LIST
+// definition of pAd->OpMode
+#define OPMODE_STA                  0
+#define OPMODE_AP                   1
+//#define OPMODE_L3_BRG               2       // as AP and STA at the same time
+
+#ifdef RT_BIG_ENDIAN
+#define DIR_READ                    0
+#define DIR_WRITE                   1
+#define TYPE_TXD                    0
+#define TYPE_RXD                    1
+#define TYPE_TXINFO                                    0
+#define TYPE_RXINFO                                    1
+#define TYPE_TXWI                                      0
+#define TYPE_RXWI                                      1
+#endif
+
+// ========================= AP rtmp_def.h ===========================
+// value domain for pAd->EventTab.Log[].Event
+#define EVENT_RESET_ACCESS_POINT    0 // Log = "hh:mm:ss   Restart Access Point"
+#define EVENT_ASSOCIATED            1 // Log = "hh:mm:ss   STA 00:01:02:03:04:05 associated"
+#define EVENT_DISASSOCIATED         2 // Log = "hh:mm:ss   STA 00:01:02:03:04:05 left this BSS"
+#define EVENT_AGED_OUT              3 // Log = "hh:mm:ss   STA 00:01:02:03:04:05 was aged-out and removed from this BSS"
+#define EVENT_COUNTER_M             4
+#define EVENT_INVALID_PSK           5
+#define EVENT_MAX_EVENT_TYPE        6
+// ==== end of AP rtmp_def.h ============
+
+// definition RSSI Number
+#define RSSI_0                                 0
+#define RSSI_1                                 1
+#define RSSI_2                                 2
+
+// definition of radar detection
+#define RD_NORMAL_MODE                         0       // Not found radar signal
+#define RD_SWITCHING_MODE                      1       // Found radar signal, and doing channel switch
+#define RD_SILENCE_MODE                                2       // After channel switch, need to be silence a while to ensure radar not found
+
+//Driver defined cid for mapping status and command.
+#define  SLEEPCID      0x11
+#define  WAKECID       0x22
+#define  QUERYPOWERCID 0x33
+#define  OWNERMCU      0x1
+#define  OWNERCPU      0x0
+
+// MBSSID definition
+#define ENTRY_NOT_FOUND             0xFF
+
+
+/* After Linux 2.6.9,
+ * VLAN module use Private (from user) interface flags (netdevice->priv_flags).
+ * #define IFF_802_1Q_VLAN 0x1         --    802.1Q VLAN device.  in if.h
+ * ref to ip_sabotage_out() [ out->priv_flags & IFF_802_1Q_VLAN ] in br_netfilter.c
+ *
+ * For this reason, we MUST use EVEN value in priv_flags
+ */
+#define INT_MAIN                       0x0100
+#define INT_MBSSID                     0x0200
+#define INT_WDS                                0x0300
+#define INT_APCLI                      0x0400
+#define INT_MESH                       0x0500
+
+#define INF_MAIN_DEV_NAME              "ra"
+#define INF_MBSSID_DEV_NAME            "ra"
+#define INF_WDS_DEV_NAME               "wds"
+#define INF_APCLI_DEV_NAME             "apcli"
+#define INF_MESH_DEV_NAME              "mesh"
+
+// Use bitmap to allow coexist of ATE_TXFRAME and ATE_RXFRAME(i.e.,to support LoopBack mode).
+#ifdef RALINK_ATE
+#define        ATE_START                   0x00   // Start ATE
+#define        ATE_STOP                    0x80   // Stop ATE
+#define        ATE_TXCONT                  0x05   // Continuous Transmit
+#define        ATE_TXCARR                  0x09   // Transmit Carrier
+#define        ATE_TXCARRSUPP              0x11   // Transmit Carrier Suppression
+#define        ATE_TXFRAME                 0x01   // Transmit Frames
+#define        ATE_RXFRAME                 0x02   // Receive Frames
+#ifdef RALINK_28xx_QA
+#define ATE_TXSTOP                  0xe2   // Stop Transmition(i.e., TXCONT, TXCARR, TXCARRSUPP, and TXFRAME)
+#define ATE_RXSTOP                                     0xfd   // Stop receiving Frames
+#define        BBP22_TXFRAME                           0x00   // Transmit Frames
+#define        BBP22_TXCONT_OR_CARRSUPP    0x80   // Continuous Transmit or Carrier Suppression
+#define        BBP22_TXCARR                0xc1   // Transmit Carrier
+#define        BBP24_TXCONT                0x00   // Continuous Transmit
+#define        BBP24_CARRSUPP              0x01   // Carrier Suppression
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+// WEP Key TYPE
+#define WEP_HEXADECIMAL_TYPE    0
+#define WEP_ASCII_TYPE          1
+
+
+
+// WIRELESS EVENTS definition
+/* Max number of char in custom event, refer to wireless_tools.28/wireless.20.h */
+#define IW_CUSTOM_MAX_LEN                                                      255     /* In bytes */
+
+// For system event - start
+#define        IW_SYS_EVENT_FLAG_START                     0x0200
+#define        IW_ASSOC_EVENT_FLAG                         0x0200
+#define        IW_DISASSOC_EVENT_FLAG                      0x0201
+#define        IW_DEAUTH_EVENT_FLAG                            0x0202
+#define        IW_AGEOUT_EVENT_FLAG                            0x0203
+#define        IW_COUNTER_MEASURES_EVENT_FLAG              0x0204
+#define        IW_REPLAY_COUNTER_DIFF_EVENT_FLAG           0x0205
+#define        IW_RSNIE_DIFF_EVENT_FLAG                                0x0206
+#define        IW_MIC_DIFF_EVENT_FLAG                                  0x0207
+#define IW_ICV_ERROR_EVENT_FLAG                                                0x0208
+#define IW_MIC_ERROR_EVENT_FLAG                                                0x0209
+#define IW_GROUP_HS_TIMEOUT_EVENT_FLAG                         0x020A
+#define        IW_PAIRWISE_HS_TIMEOUT_EVENT_FLAG                       0x020B
+#define IW_RSNIE_SANITY_FAIL_EVENT_FLAG                                0x020C
+#define IW_SET_KEY_DONE_WPA1_EVENT_FLAG                                0x020D
+#define IW_SET_KEY_DONE_WPA2_EVENT_FLAG                                0x020E
+#define IW_STA_LINKUP_EVENT_FLAG                                       0x020F
+#define IW_STA_LINKDOWN_EVENT_FLAG                                     0x0210
+#define IW_SCAN_COMPLETED_EVENT_FLAG                           0x0211
+#define IW_SCAN_ENQUEUE_FAIL_EVENT_FLAG                                0x0212
+// if add new system event flag, please upadte the IW_SYS_EVENT_FLAG_END
+#define        IW_SYS_EVENT_FLAG_END                       0x0212
+#define        IW_SYS_EVENT_TYPE_NUM                                           (IW_SYS_EVENT_FLAG_END - IW_SYS_EVENT_FLAG_START + 1)
+// For system event - end
+
+// For spoof attack event - start
+#define        IW_SPOOF_EVENT_FLAG_START                   0x0300
+#define IW_CONFLICT_SSID_EVENT_FLAG                                    0x0300
+#define IW_SPOOF_ASSOC_RESP_EVENT_FLAG                         0x0301
+#define IW_SPOOF_REASSOC_RESP_EVENT_FLAG                       0x0302
+#define IW_SPOOF_PROBE_RESP_EVENT_FLAG                         0x0303
+#define IW_SPOOF_BEACON_EVENT_FLAG                                     0x0304
+#define IW_SPOOF_DISASSOC_EVENT_FLAG                           0x0305
+#define IW_SPOOF_AUTH_EVENT_FLAG                                       0x0306
+#define IW_SPOOF_DEAUTH_EVENT_FLAG                                     0x0307
+#define IW_SPOOF_UNKNOWN_MGMT_EVENT_FLAG                       0x0308
+#define IW_REPLAY_ATTACK_EVENT_FLAG                                    0x0309
+// if add new spoof attack event flag, please upadte the IW_SPOOF_EVENT_FLAG_END
+#define        IW_SPOOF_EVENT_FLAG_END                     0x0309
+#define        IW_SPOOF_EVENT_TYPE_NUM                                         (IW_SPOOF_EVENT_FLAG_END - IW_SPOOF_EVENT_FLAG_START + 1)
+// For spoof attack event - end
+
+// For flooding attack event - start
+#define        IW_FLOOD_EVENT_FLAG_START                   0x0400
+#define IW_FLOOD_AUTH_EVENT_FLAG                                       0x0400
+#define IW_FLOOD_ASSOC_REQ_EVENT_FLAG                          0x0401
+#define IW_FLOOD_REASSOC_REQ_EVENT_FLAG                                0x0402
+#define IW_FLOOD_PROBE_REQ_EVENT_FLAG                          0x0403
+#define IW_FLOOD_DISASSOC_EVENT_FLAG                           0x0404
+#define IW_FLOOD_DEAUTH_EVENT_FLAG                                     0x0405
+#define IW_FLOOD_EAP_REQ_EVENT_FLAG                                    0x0406
+// if add new flooding attack event flag, please upadte the IW_FLOOD_EVENT_FLAG_END
+#define        IW_FLOOD_EVENT_FLAG_END                         0x0406
+#define        IW_FLOOD_EVENT_TYPE_NUM                                         (IW_FLOOD_EVENT_FLAG_END - IW_FLOOD_EVENT_FLAG_START + 1)
+// For flooding attack - end
+
+// End - WIRELESS EVENTS definition
+
+#ifdef CONFIG_STA_SUPPORT
+// definition for DLS, kathy
+#define        MAX_NUM_OF_INIT_DLS_ENTRY   1
+#define        MAX_NUM_OF_DLS_ENTRY        MAX_NUMBER_OF_DLS_ENTRY
+
+//Block ACK, kathy
+#define MAX_TX_REORDERBUF              64
+#define MAX_RX_REORDERBUF              64
+#define DEFAULT_TX_TIMEOUT             30
+#define DEFAULT_RX_TIMEOUT             30
+#define MAX_BARECI_SESSION             8
+
+#ifndef IW_ESSID_MAX_SIZE
+/* Maximum size of the ESSID and pAd->nickname strings */
+#define IW_ESSID_MAX_SIZE              32
+#endif
+#endif // CONFIG_STA_SUPPORT //
+
+#ifdef MCAST_RATE_SPECIFIC
+#define MCAST_DISABLE  0
+#define MCAST_CCK              1
+#define MCAST_OFDM             2
+#define MCAST_HTMIX            3
+#endif // MCAST_RATE_SPECIFIC //
+
+// For AsicRadioOff/AsicRadioOn function
+#define DOT11POWERSAVE         0
+#define GUIRADIO_OFF           1
+#define RTMP_HALT                  2
+#define GUI_IDLE_POWER_SAVE            3
+// --
+
+
+// definition for WpaSupport flag
+#define WPA_SUPPLICANT_DISABLE                         0
+#define WPA_SUPPLICANT_ENABLE                          1
+#define        WPA_SUPPLICANT_ENABLE_WITH_WEB_UI       2
+
+// definition for Antenna Diversity flag
+#ifdef ANT_DIVERSITY_SUPPORT
+enum ANT_DIVERSITY_TYPE {
+    ANT_DIVERSITY_DISABLE = 0,
+    ANT_DIVERSITY_ENABLE = 1,
+    ANT_FIX_ANT1 = 2,
+    ANT_FIX_ANT2 = 3
+};
+#endif // ANT_DIVERSITY_SUPPORT //
+
+// Endian byte swapping codes
+#define SWAP16(x) \
+    ((UINT16)( \
+    (((UINT16)(x) & (UINT16) 0x00ffU) << 8) | \
+    (((UINT16)(x) & (UINT16) 0xff00U) >> 8) ))
+
+#define SWAP32(x) \
+    ((UINT32)( \
+    (((UINT32)(x) & (UINT32) 0x000000ffUL) << 24) | \
+    (((UINT32)(x) & (UINT32) 0x0000ff00UL) <<  8) | \
+    (((UINT32)(x) & (UINT32) 0x00ff0000UL) >>  8) | \
+    (((UINT32)(x) & (UINT32) 0xff000000UL) >> 24) ))
+
+#define SWAP64(x) \
+    ((UINT64)( \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x00000000000000ffULL) << 56) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x000000000000ff00ULL) << 40) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x0000000000ff0000ULL) << 24) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x00000000ff000000ULL) <<  8) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x000000ff00000000ULL) >>  8) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x0000ff0000000000ULL) >> 24) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0x00ff000000000000ULL) >> 40) | \
+    (UINT64)(((UINT64)(x) & (UINT64) 0xff00000000000000ULL) >> 56) ))
+
+#ifdef RT_BIG_ENDIAN
+
+#define cpu2le64(x) SWAP64((x))
+#define le2cpu64(x) SWAP64((x))
+#define cpu2le32(x) SWAP32((x))
+#define le2cpu32(x) SWAP32((x))
+#define cpu2le16(x) SWAP16((x))
+#define le2cpu16(x) SWAP16((x))
+#define cpu2be64(x) ((UINT64)(x))
+#define be2cpu64(x) ((UINT64)(x))
+#define cpu2be32(x) ((UINT32)(x))
+#define be2cpu32(x) ((UINT32)(x))
+#define cpu2be16(x) ((UINT16)(x))
+#define be2cpu16(x) ((UINT16)(x))
+
+#else   // Little_Endian
+
+#define cpu2le64(x) ((UINT64)(x))
+#define le2cpu64(x) ((UINT64)(x))
+#define cpu2le32(x) ((UINT32)(x))
+#define le2cpu32(x) ((UINT32)(x))
+#define cpu2le16(x) ((UINT16)(x))
+#define le2cpu16(x) ((UINT16)(x))
+#define cpu2be64(x) SWAP64((x))
+#define be2cpu64(x) SWAP64((x))
+#define cpu2be32(x) SWAP32((x))
+#define be2cpu32(x) SWAP32((x))
+#define cpu2be16(x) SWAP16((x))
+#define be2cpu16(x) SWAP16((x))
+
+#endif  // RT_BIG_ENDIAN
+
+#define ABS(_x, _y) ((_x) > (_y)) ? ((_x) -(_y)) : ((_y) -(_x))
+
+
+#define A2Dec(_X, _p)                          \
+{                                                                      \
+       UCHAR *p;                                               \
+       _X = 0;                                                 \
+       p = _p;                                                 \
+       while (((*p >= '0') && (*p <= '9')))            \
+       {                                                                                               \
+               if ((*p >= '0') && (*p <= '9'))         \
+                       _X = _X * 10 + *p - 48;                                 \
+               p++;                                                                            \
+       }                                                                                               \
+}
+
+
+#define A2Hex(_X, _p)                          \
+do{                                                                    \
+       char *__p;                                              \
+       (_X) = 0;                                                       \
+       __p = (char *)(_p);                                                     \
+       while (((*__p >= 'a') && (*__p <= 'f')) || ((*__p >= 'A') && (*__p <= 'F')) || ((*__p >= '0') && (*__p <= '9')))                \
+       {                                                                                               \
+               if ((*__p >= 'a') && (*__p <= 'f'))                             \
+                       (_X) = (_X) * 16 + *__p - 87;                                   \
+               else if ((*__p >= 'A') && (*__p <= 'F'))                \
+                       (_X) = (_X) * 16 + *__p - 55;                                   \
+               else if ((*__p >= '0') && (*__p <= '9'))                \
+                       (_X) = (_X) * 16 + *__p - 48;                                   \
+               __p++;                                                                          \
+       }                                                                                               \
+}while(0)
+
+#endif  // __RTMP_DEF_H__
diff --git a/drivers/staging/rt3090/rtmp_dot11.h b/drivers/staging/rt3090/rtmp_dot11.h
new file mode 100644 (file)
index 0000000..a637825
--- /dev/null
@@ -0,0 +1,146 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+*/
+
+#ifndef __DOT11_BASE_H__
+#define __DOT11_BASE_H__
+
+#include "rtmp_type.h"
+
+
+// 4-byte HTC field.  maybe included in any frame except non-QOS data frame.  The Order bit must set 1.
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    UINT32             RDG:1;  //RDG / More PPDU
+    UINT32             ACConstraint:1; //feedback request
+    UINT32             rsv:5;  //calibration sequence
+    UINT32             ZLFAnnouce:1;   // ZLF announcement
+    UINT32             CSISTEERING:2;  //CSI/ STEERING
+    UINT32             FBKReq:2;       //feedback request
+    UINT32             CalSeq:2;  //calibration sequence
+    UINT32             CalPos:2;       // calibration position
+    UINT32             MFBorASC:7;     //Link adaptation feedback containing recommended MCS. 0x7f for no feedback or not available
+    UINT32             MFS:3;  //SET to the received value of MRS. 0x111 for unsolicited MFB.
+    UINT32             MRSorASI:3;     // MRQ Sequence identifier. unchanged during entire procedure. 0x000-0x110.
+    UINT32             MRQ:1;  //MCS feedback. Request for a MCS feedback
+    UINT32             TRQ:1;  //sounding request
+    UINT32             MA:1;   //management action payload exist in (QoS Null+HTC)
+#else
+    UINT32             MA:1;   //management action payload exist in (QoS Null+HTC)
+    UINT32             TRQ:1;  //sounding request
+    UINT32             MRQ:1;  //MCS feedback. Request for a MCS feedback
+    UINT32             MRSorASI:3;     // MRQ Sequence identifier. unchanged during entire procedure. 0x000-0x110.
+    UINT32             MFS:3;  //SET to the received value of MRS. 0x111 for unsolicited MFB.
+    UINT32             MFBorASC:7;     //Link adaptation feedback containing recommended MCS. 0x7f for no feedback or not available
+    UINT32             CalPos:2;       // calibration position
+    UINT32             CalSeq:2;  //calibration sequence
+    UINT32             FBKReq:2;       //feedback request
+    UINT32             CSISTEERING:2;  //CSI/ STEERING
+    UINT32             ZLFAnnouce:1;   // ZLF announcement
+    UINT32             rsv:5;  //calibration sequence
+    UINT32             ACConstraint:1; //feedback request
+    UINT32             RDG:1;  //RDG / More PPDU
+#endif /* !RT_BIG_ENDIAN */
+} HT_CONTROL, *PHT_CONTROL;
+
+// 2-byte QOS CONTROL field
+typedef struct PACKED {
+#ifdef RT_BIG_ENDIAN
+    USHORT      Txop_QueueSize:8;
+    USHORT      AMsduPresent:1;
+    USHORT      AckPolicy:2;  //0: normal ACK 1:No ACK 2:scheduled under MTBA/PSMP  3: BA
+    USHORT      EOSP:1;
+    USHORT      TID:4;
+#else
+    USHORT      TID:4;
+    USHORT      EOSP:1;
+    USHORT      AckPolicy:2;  //0: normal ACK 1:No ACK 2:scheduled under MTBA/PSMP  3: BA
+    USHORT      AMsduPresent:1;
+    USHORT      Txop_QueueSize:8;
+#endif /* !RT_BIG_ENDIAN */
+} QOS_CONTROL, *PQOS_CONTROL;
+
+
+// 2-byte Frame control field
+typedef        struct  PACKED {
+#ifdef RT_BIG_ENDIAN
+       USHORT          Order:1;                        // Strict order expected
+       USHORT          Wep:1;                          // Wep data
+       USHORT          MoreData:1;                     // More data bit
+       USHORT          PwrMgmt:1;                      // Power management bit
+       USHORT          Retry:1;                        // Retry status bit
+       USHORT          MoreFrag:1;                     // More fragment bit
+       USHORT          FrDs:1;                         // From DS indication
+       USHORT          ToDs:1;                         // To DS indication
+       USHORT          SubType:4;                      // MSDU subtype
+       USHORT          Type:2;                         // MSDU type
+       USHORT          Ver:2;                          // Protocol version
+#else
+       USHORT          Ver:2;                          // Protocol version
+       USHORT          Type:2;                         // MSDU type
+       USHORT          SubType:4;                      // MSDU subtype
+       USHORT          ToDs:1;                         // To DS indication
+       USHORT          FrDs:1;                         // From DS indication
+       USHORT          MoreFrag:1;                     // More fragment bit
+       USHORT          Retry:1;                        // Retry status bit
+       USHORT          PwrMgmt:1;                      // Power management bit
+       USHORT          MoreData:1;                     // More data bit
+       USHORT          Wep:1;                          // Wep data
+       USHORT          Order:1;                        // Strict order expected
+#endif /* !RT_BIG_ENDIAN */
+} FRAME_CONTROL, *PFRAME_CONTROL;
+
+typedef        struct  PACKED _HEADER_802_11   {
+    FRAME_CONTROL   FC;
+    USHORT          Duration;
+    UCHAR           Addr1[MAC_ADDR_LEN];
+    UCHAR           Addr2[MAC_ADDR_LEN];
+       UCHAR                   Addr3[MAC_ADDR_LEN];
+#ifdef RT_BIG_ENDIAN
+       USHORT                  Sequence:12;
+       USHORT                  Frag:4;
+#else
+       USHORT                  Frag:4;
+       USHORT                  Sequence:12;
+#endif /* !RT_BIG_ENDIAN */
+       UCHAR                   Octet[0];
+}      HEADER_802_11, *PHEADER_802_11;
+
+typedef struct PACKED _PSPOLL_FRAME {
+    FRAME_CONTROL   FC;
+    USHORT          Aid;
+    UCHAR           Bssid[MAC_ADDR_LEN];
+    UCHAR           Ta[MAC_ADDR_LEN];
+}   PSPOLL_FRAME, *PPSPOLL_FRAME;
+
+typedef        struct  PACKED _RTS_FRAME       {
+    FRAME_CONTROL   FC;
+    USHORT          Duration;
+    UCHAR           Addr1[MAC_ADDR_LEN];
+    UCHAR           Addr2[MAC_ADDR_LEN];
+}RTS_FRAME, *PRTS_FRAME;
+
+#endif // __DOT11_BASE_H__ //
diff --git a/drivers/staging/rt3090/rtmp_iface.h b/drivers/staging/rt3090/rtmp_iface.h
new file mode 100644 (file)
index 0000000..168d079
--- /dev/null
@@ -0,0 +1,81 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rt_iface.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+#ifndef __RTMP_IFACE_H__
+#define __RTMP_IFACE_H__
+
+#ifdef RTMP_PCI_SUPPORT
+#include "rtmp_pci.h"
+#endif // RTMP_PCI_SUPPORT //
+
+
+typedef struct _INF_PCI_CONFIG_
+{
+       unsigned long   CSRBaseAddress;     // PCI MMIO Base Address, all access will use
+       unsigned int    irq_num;
+}INF_PCI_CONFIG;
+
+
+typedef struct _INF_USB_CONFIG_
+{
+       UINT8                BulkInEpAddr;              // bulk-in endpoint address
+       UINT8                BulkOutEpAddr[6];  // bulk-out endpoint address
+}INF_USB_CONFIG;
+
+
+typedef struct _INF_RBUS_CONFIG_
+{
+       unsigned long           csr_addr;
+       unsigned int            irq;
+}INF_RBUS_CONFIG;
+
+
+typedef enum _RTMP_INF_TYPE_
+{
+       RTMP_DEV_INF_UNKNOWN = 0,
+       RTMP_DEV_INF_PCI = 1,
+       RTMP_DEV_INF_USB = 2,
+       RTMP_DEV_INF_RBUS = 4,
+}RTMP_INF_TYPE;
+
+
+typedef union _RTMP_INF_CONFIG_{
+       struct _INF_PCI_CONFIG_                 pciConfig;
+       struct _INF_USB_CONFIG_                 usbConfig;
+       struct _INF_RBUS_CONFIG_                rbusConfig;
+}RTMP_INF_CONFIG;
+
+#endif // __RTMP_IFACE_H__ //
diff --git a/drivers/staging/rt3090/rtmp_mac.h b/drivers/staging/rt3090/rtmp_mac.h
new file mode 100644 (file)
index 0000000..c57b295
--- /dev/null
@@ -0,0 +1,2304 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_mac.h
+
+       Abstract:
+       Ralink Wireless Chip MAC related definition & structures
+
+       Revision History:
+       Who                     When              What
+       --------        ----------        ----------------------------------------------
+*/
+
+#ifndef __RTMP_MAC_H__
+#define __RTMP_MAC_H__
+
+
+
+// =================================================================================
+// TX / RX ring descriptor format
+// =================================================================================
+
+// the first 24-byte in TXD is called TXINFO and will be DMAed to MAC block through TXFIFO.
+// MAC block use this TXINFO to control the transmission behavior of this frame.
+#define FIFO_MGMT                 0
+#define FIFO_HCCA                 1
+#define FIFO_EDCA                 2
+
+
+//
+// TXD Wireless Information format for Tx ring and Mgmt Ring
+//
+//txop : for txop mode
+// 0:txop for the MPDU frame will be handles by ASIC by register
+// 1/2/3:the MPDU frame is send after PIFS/backoff/SIFS
+#ifdef RT_BIG_ENDIAN
+typedef        struct  PACKED _TXWI_STRUC {
+       // Word 0
+       UINT32          PHYMODE:2;
+       UINT32          TxBF:1; // 3*3
+       UINT32          rsv2:1;
+//     UINT32          rsv2:2;
+       UINT32          Ifs:1;  //
+       UINT32          STBC:2; //channel bandwidth 20MHz or 40 MHz
+       UINT32          ShortGI:1;
+       UINT32          BW:1;   //channel bandwidth 20MHz or 40 MHz
+       UINT32          MCS:7;
+
+       UINT32          rsv:6;
+       UINT32          txop:2; //tx back off mode 0:HT TXOP rule , 1:PIFS TX ,2:Backoff, 3:sifs only when previous frame exchange is successful.
+       UINT32          MpduDensity:3;
+       UINT32          AMPDU:1;
+
+       UINT32          TS:1;
+       UINT32          CFACK:1;
+       UINT32          MIMOps:1;       // the remote peer is in dynamic MIMO-PS mode
+       UINT32          FRAG:1;         // 1 to inform TKIP engine this is a fragment.
+       // Word 1
+       UINT32          PacketId:4;
+       UINT32          MPDUtotalByteCount:12;
+       UINT32          WirelessCliID:8;
+       UINT32          BAWinSize:6;
+       UINT32          NSEQ:1;
+       UINT32          ACK:1;
+       // Word 2
+       UINT32          IV;
+       // Word 3
+       UINT32          EIV;
+}      TXWI_STRUC, *PTXWI_STRUC;
+#else
+typedef        struct  PACKED _TXWI_STRUC {
+       // Word 0
+       // ex: 00 03 00 40 means txop = 3, PHYMODE = 1
+       UINT32          FRAG:1;         // 1 to inform TKIP engine this is a fragment.
+       UINT32          MIMOps:1;       // the remote peer is in dynamic MIMO-PS mode
+       UINT32          CFACK:1;
+       UINT32          TS:1;
+
+       UINT32          AMPDU:1;
+       UINT32          MpduDensity:3;
+       UINT32          txop:2; //FOR "THIS" frame. 0:HT TXOP rule , 1:PIFS TX ,2:Backoff, 3:sifs only when previous frame exchange is successful.
+       UINT32          rsv:6;
+
+       UINT32          MCS:7;
+       UINT32          BW:1;   //channel bandwidth 20MHz or 40 MHz
+       UINT32          ShortGI:1;
+       UINT32          STBC:2; // 1: STBC support MCS =0-7,   2,3 : RESERVE
+       UINT32          Ifs:1;  //
+//     UINT32          rsv2:2; //channel bandwidth 20MHz or 40 MHz
+       UINT32          rsv2:1;
+       UINT32          TxBF:1; // 3*3
+       UINT32          PHYMODE:2;
+       // Word1
+       // ex:  1c ff 38 00 means ACK=0, BAWinSize=7, MPDUtotalByteCount = 0x38
+       UINT32          ACK:1;
+       UINT32          NSEQ:1;
+       UINT32          BAWinSize:6;
+       UINT32          WirelessCliID:8;
+       UINT32          MPDUtotalByteCount:12;
+       UINT32          PacketId:4;
+       //Word2
+       UINT32          IV;
+       //Word3
+       UINT32          EIV;
+}      TXWI_STRUC, *PTXWI_STRUC;
+#endif
+
+
+//
+// RXWI wireless information format, in PBF. invisible in driver.
+//
+#ifdef RT_BIG_ENDIAN
+typedef        struct  PACKED _RXWI_STRUC {
+       // Word 0
+       UINT32          TID:4;
+       UINT32          MPDUtotalByteCount:12;
+       UINT32          UDF:3;
+       UINT32          BSSID:3;
+       UINT32          KeyIndex:2;
+       UINT32          WirelessCliID:8;
+       // Word 1
+       UINT32          PHYMODE:2;              // 1: this RX frame is unicast to me
+       UINT32          rsv:3;
+       UINT32          STBC:2;
+       UINT32          ShortGI:1;
+       UINT32          BW:1;
+       UINT32          MCS:7;
+       UINT32          SEQUENCE:12;
+       UINT32          FRAG:4;
+       // Word 2
+       UINT32          rsv1:8;
+       UINT32          RSSI2:8;
+       UINT32          RSSI1:8;
+       UINT32          RSSI0:8;
+       // Word 3
+       /*UINT32                rsv2:16;*/
+       UINT32          rsv2:8;
+       UINT32          FOFFSET:8;      // RT35xx
+       UINT32          SNR1:8;
+       UINT32          SNR0:8;
+}      RXWI_STRUC, *PRXWI_STRUC;
+#else
+typedef        struct  PACKED _RXWI_STRUC {
+       // Word 0
+       UINT32          WirelessCliID:8;
+       UINT32          KeyIndex:2;
+       UINT32          BSSID:3;
+       UINT32          UDF:3;
+       UINT32          MPDUtotalByteCount:12;
+       UINT32          TID:4;
+       // Word 1
+       UINT32          FRAG:4;
+       UINT32          SEQUENCE:12;
+       UINT32          MCS:7;
+       UINT32          BW:1;
+       UINT32          ShortGI:1;
+       UINT32          STBC:2;
+       UINT32          rsv:3;
+       UINT32          PHYMODE:2;              // 1: this RX frame is unicast to me
+       //Word2
+       UINT32          RSSI0:8;
+       UINT32          RSSI1:8;
+       UINT32          RSSI2:8;
+       UINT32          rsv1:8;
+       //Word3
+       UINT32          SNR0:8;
+       UINT32          SNR1:8;
+       UINT32          FOFFSET:8;      // RT35xx
+       UINT32          rsv2:8;
+       /*UINT32                rsv2:16;*/
+}      RXWI_STRUC, *PRXWI_STRUC;
+#endif
+
+
+// =================================================================================
+// Register format
+// =================================================================================
+
+
+//
+// SCH/DMA registers - base address 0x0200
+//
+// INT_SOURCE_CSR: Interrupt source register. Write one to clear corresponding bit
+//
+#define DMA_CSR0               0x200
+#define INT_SOURCE_CSR         0x200
+#ifdef RT_BIG_ENDIAN
+typedef        union   _INT_SOURCE_CSR_STRUC   {
+       struct  {
+#ifdef TONE_RADAR_DETECT_SUPPORT
+               UINT32                  :11;
+               UINT32                  RadarINT:1;
+               UINT32          rsv:2;
+#else // original source code
+               UINT32          :14;
+#endif // TONE_RADAR_DETECT_SUPPORT //
+               UINT32          TxCoherent:1;
+               UINT32          RxCoherent:1;
+               UINT32          GPTimer:1;
+               UINT32          AutoWakeup:1;//bit14
+               UINT32          TXFifoStatusInt:1;//FIFO Statistics is full, sw should read 0x171c
+               UINT32          PreTBTT:1;
+               UINT32          TBTTInt:1;
+               UINT32          RxTxCoherent:1;
+               UINT32          MCUCommandINT:1;
+               UINT32          MgmtDmaDone:1;
+               UINT32          HccaDmaDone:1;
+               UINT32          Ac3DmaDone:1;
+               UINT32          Ac2DmaDone:1;
+               UINT32          Ac1DmaDone:1;
+               UINT32          Ac0DmaDone:1;
+               UINT32          RxDone:1;
+               UINT32          TxDelayINT:1;   //delayed interrupt, not interrupt until several int or time limit hit
+               UINT32          RxDelayINT:1; //dealyed interrupt
+       }       field;
+       UINT32                  word;
+}      INT_SOURCE_CSR_STRUC, *PINT_SOURCE_CSR_STRUC;
+#else
+typedef        union   _INT_SOURCE_CSR_STRUC   {
+       struct  {
+               UINT32          RxDelayINT:1;
+               UINT32          TxDelayINT:1;
+               UINT32          RxDone:1;
+               UINT32          Ac0DmaDone:1;//4
+               UINT32          Ac1DmaDone:1;
+               UINT32          Ac2DmaDone:1;
+               UINT32          Ac3DmaDone:1;
+               UINT32          HccaDmaDone:1; // bit7
+               UINT32          MgmtDmaDone:1;
+               UINT32          MCUCommandINT:1;//bit 9
+               UINT32          RxTxCoherent:1;
+               UINT32          TBTTInt:1;
+               UINT32          PreTBTT:1;
+               UINT32          TXFifoStatusInt:1;//FIFO Statistics is full, sw should read 0x171c
+               UINT32          AutoWakeup:1;//bit14
+               UINT32          GPTimer:1;
+               UINT32          RxCoherent:1;//bit16
+               UINT32          TxCoherent:1;
+#ifdef TONE_RADAR_DETECT_SUPPORT
+               UINT32          rsv:2;
+               UINT32                  RadarINT:1;
+               UINT32                  :11;
+#else
+               UINT32          :14;
+#endif // TONE_RADAR_DETECT_SUPPORT //
+       }       field;
+       UINT32                  word;
+} INT_SOURCE_CSR_STRUC, *PINT_SOURCE_CSR_STRUC;
+#endif
+
+//
+// INT_MASK_CSR:   Interrupt MASK register.   1: the interrupt is mask OFF
+//
+#define INT_MASK_CSR        0x204
+#ifdef RT_BIG_ENDIAN
+typedef        union   _INT_MASK_CSR_STRUC     {
+       struct  {
+               UINT32          TxCoherent:1;
+               UINT32          RxCoherent:1;
+#ifdef TONE_RADAR_DETECT_SUPPORT
+               UINT32                  :9;
+               UINT32                  RadarINT:1;
+               UINT32          rsv:10;
+#else
+               UINT32          :20;
+#endif // TONE_RADAR_DETECT_SUPPORT //
+               UINT32          MCUCommandINT:1;
+               UINT32          MgmtDmaDone:1;
+               UINT32          HccaDmaDone:1;
+               UINT32          Ac3DmaDone:1;
+               UINT32          Ac2DmaDone:1;
+               UINT32          Ac1DmaDone:1;
+               UINT32          Ac0DmaDone:1;
+               UINT32          RxDone:1;
+               UINT32          TxDelay:1;
+               UINT32          RXDelay_INT_MSK:1;
+       }       field;
+       UINT32                  word;
+}INT_MASK_CSR_STRUC, *PINT_MASK_CSR_STRUC;
+#else
+typedef        union   _INT_MASK_CSR_STRUC     {
+       struct  {
+               UINT32          RXDelay_INT_MSK:1;
+               UINT32          TxDelay:1;
+               UINT32          RxDone:1;
+               UINT32          Ac0DmaDone:1;
+               UINT32          Ac1DmaDone:1;
+               UINT32          Ac2DmaDone:1;
+               UINT32          Ac3DmaDone:1;
+               UINT32          HccaDmaDone:1;
+               UINT32          MgmtDmaDone:1;
+               UINT32          MCUCommandINT:1;
+#ifdef TONE_RADAR_DETECT_SUPPORT
+               UINT32          rsv:10;
+               UINT32                  RadarINT:1;
+               UINT32                  :9;
+#else
+               UINT32          :20;
+#endif // TONE_RADAR_DETECT_SUPPORT //
+               UINT32          RxCoherent:1;
+               UINT32          TxCoherent:1;
+       }       field;
+       UINT32                  word;
+} INT_MASK_CSR_STRUC, *PINT_MASK_CSR_STRUC;
+#endif
+
+#define WPDMA_GLO_CFG  0x208
+#ifdef RT_BIG_ENDIAN
+typedef        union   _WPDMA_GLO_CFG_STRUC    {
+       struct  {
+               UINT32          HDR_SEG_LEN:16;
+               UINT32          RXHdrScater:8;
+               UINT32          BigEndian:1;
+               UINT32          EnTXWriteBackDDONE:1;
+               UINT32          WPDMABurstSIZE:2;
+               UINT32          RxDMABusy:1;
+               UINT32          EnableRxDMA:1;
+               UINT32          TxDMABusy:1;
+               UINT32          EnableTxDMA:1;
+       }       field;
+       UINT32                  word;
+}WPDMA_GLO_CFG_STRUC, *PWPDMA_GLO_CFG_STRUC;
+#else
+typedef        union   _WPDMA_GLO_CFG_STRUC    {
+       struct  {
+               UINT32          EnableTxDMA:1;
+               UINT32          TxDMABusy:1;
+               UINT32          EnableRxDMA:1;
+               UINT32          RxDMABusy:1;
+               UINT32          WPDMABurstSIZE:2;
+               UINT32          EnTXWriteBackDDONE:1;
+               UINT32          BigEndian:1;
+               UINT32          RXHdrScater:8;
+               UINT32          HDR_SEG_LEN:16;
+       }       field;
+       UINT32                  word;
+} WPDMA_GLO_CFG_STRUC, *PWPDMA_GLO_CFG_STRUC;
+#endif
+
+#define WPDMA_RST_IDX  0x20c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _WPDMA_RST_IDX_STRUC    {
+       struct  {
+               UINT32          :15;
+               UINT32          RST_DRX_IDX0:1;
+               UINT32          rsv:10;
+               UINT32          RST_DTX_IDX5:1;
+               UINT32          RST_DTX_IDX4:1;
+               UINT32          RST_DTX_IDX3:1;
+               UINT32          RST_DTX_IDX2:1;
+               UINT32          RST_DTX_IDX1:1;
+               UINT32          RST_DTX_IDX0:1;
+       }       field;
+       UINT32                  word;
+}WPDMA_RST_IDX_STRUC, *PWPDMA_RST_IDX_STRUC;
+#else
+typedef        union   _WPDMA_RST_IDX_STRUC    {
+       struct  {
+               UINT32          RST_DTX_IDX0:1;
+               UINT32          RST_DTX_IDX1:1;
+               UINT32          RST_DTX_IDX2:1;
+               UINT32          RST_DTX_IDX3:1;
+               UINT32          RST_DTX_IDX4:1;
+               UINT32          RST_DTX_IDX5:1;
+               UINT32          rsv:10;
+               UINT32          RST_DRX_IDX0:1;
+               UINT32          :15;
+       }       field;
+       UINT32                  word;
+} WPDMA_RST_IDX_STRUC, *PWPDMA_RST_IDX_STRUC;
+#endif
+#define DELAY_INT_CFG  0x0210
+#ifdef RT_BIG_ENDIAN
+typedef        union   _DELAY_INT_CFG_STRUC    {
+       struct  {
+               UINT32          TXDLY_INT_EN:1;
+               UINT32          TXMAX_PINT:7;
+               UINT32          TXMAX_PTIME:8;
+               UINT32          RXDLY_INT_EN:1;
+               UINT32          RXMAX_PINT:7;
+               UINT32          RXMAX_PTIME:8;
+       }       field;
+       UINT32                  word;
+}DELAY_INT_CFG_STRUC, *PDELAY_INT_CFG_STRUC;
+#else
+typedef        union   _DELAY_INT_CFG_STRUC    {
+       struct  {
+               UINT32          RXMAX_PTIME:8;
+               UINT32          RXMAX_PINT:7;
+               UINT32          RXDLY_INT_EN:1;
+               UINT32          TXMAX_PTIME:8;
+               UINT32          TXMAX_PINT:7;
+               UINT32          TXDLY_INT_EN:1;
+       }       field;
+       UINT32                  word;
+} DELAY_INT_CFG_STRUC, *PDELAY_INT_CFG_STRUC;
+#endif
+#define WMM_AIFSN_CFG   0x0214
+#ifdef RT_BIG_ENDIAN
+typedef        union   _AIFSN_CSR_STRUC        {
+       struct  {
+           UINT32   Rsv:16;
+           UINT32   Aifsn3:4;       // for AC_VO
+           UINT32   Aifsn2:4;       // for AC_VI
+           UINT32   Aifsn1:4;       // for AC_BK
+           UINT32   Aifsn0:4;       // for AC_BE
+       }       field;
+       UINT32                  word;
+}      AIFSN_CSR_STRUC, *PAIFSN_CSR_STRUC;
+#else
+typedef        union   _AIFSN_CSR_STRUC        {
+       struct  {
+           UINT32   Aifsn0:4;       // for AC_BE
+           UINT32   Aifsn1:4;       // for AC_BK
+           UINT32   Aifsn2:4;       // for AC_VI
+           UINT32   Aifsn3:4;       // for AC_VO
+           UINT32   Rsv:16;
+       }       field;
+       UINT32                  word;
+}      AIFSN_CSR_STRUC, *PAIFSN_CSR_STRUC;
+#endif
+//
+// CWMIN_CSR: CWmin for each EDCA AC
+//
+#define WMM_CWMIN_CFG   0x0218
+#ifdef RT_BIG_ENDIAN
+typedef        union   _CWMIN_CSR_STRUC        {
+       struct  {
+           UINT32   Rsv:16;
+           UINT32   Cwmin3:4;       // for AC_VO
+           UINT32   Cwmin2:4;       // for AC_VI
+           UINT32   Cwmin1:4;       // for AC_BK
+           UINT32   Cwmin0:4;       // for AC_BE
+       }       field;
+       UINT32                  word;
+}      CWMIN_CSR_STRUC, *PCWMIN_CSR_STRUC;
+#else
+typedef        union   _CWMIN_CSR_STRUC        {
+       struct  {
+           UINT32   Cwmin0:4;       // for AC_BE
+           UINT32   Cwmin1:4;       // for AC_BK
+           UINT32   Cwmin2:4;       // for AC_VI
+           UINT32   Cwmin3:4;       // for AC_VO
+           UINT32   Rsv:16;
+       }       field;
+       UINT32                  word;
+}      CWMIN_CSR_STRUC, *PCWMIN_CSR_STRUC;
+#endif
+
+//
+// CWMAX_CSR: CWmin for each EDCA AC
+//
+#define WMM_CWMAX_CFG   0x021c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _CWMAX_CSR_STRUC        {
+       struct  {
+           UINT32   Rsv:16;
+           UINT32   Cwmax3:4;       // for AC_VO
+           UINT32   Cwmax2:4;       // for AC_VI
+           UINT32   Cwmax1:4;       // for AC_BK
+           UINT32   Cwmax0:4;       // for AC_BE
+       }       field;
+       UINT32                  word;
+}      CWMAX_CSR_STRUC, *PCWMAX_CSR_STRUC;
+#else
+typedef        union   _CWMAX_CSR_STRUC        {
+       struct  {
+           UINT32   Cwmax0:4;       // for AC_BE
+           UINT32   Cwmax1:4;       // for AC_BK
+           UINT32   Cwmax2:4;       // for AC_VI
+           UINT32   Cwmax3:4;       // for AC_VO
+           UINT32   Rsv:16;
+       }       field;
+       UINT32                  word;
+}      CWMAX_CSR_STRUC, *PCWMAX_CSR_STRUC;
+#endif
+
+
+//
+// AC_TXOP_CSR0: AC_BK/AC_BE TXOP register
+//
+#define WMM_TXOP0_CFG    0x0220
+#ifdef RT_BIG_ENDIAN
+typedef        union   _AC_TXOP_CSR0_STRUC     {
+       struct  {
+           USHORT  Ac1Txop;        // for AC_BE, in unit of 32us
+           USHORT  Ac0Txop;        // for AC_BK, in unit of 32us
+       }       field;
+       UINT32                  word;
+}      AC_TXOP_CSR0_STRUC, *PAC_TXOP_CSR0_STRUC;
+#else
+typedef        union   _AC_TXOP_CSR0_STRUC     {
+       struct  {
+           USHORT  Ac0Txop;        // for AC_BK, in unit of 32us
+           USHORT  Ac1Txop;        // for AC_BE, in unit of 32us
+       }       field;
+       UINT32                  word;
+}      AC_TXOP_CSR0_STRUC, *PAC_TXOP_CSR0_STRUC;
+#endif
+
+//
+// AC_TXOP_CSR1: AC_VO/AC_VI TXOP register
+//
+#define WMM_TXOP1_CFG    0x0224
+#ifdef RT_BIG_ENDIAN
+typedef        union   _AC_TXOP_CSR1_STRUC     {
+       struct  {
+           USHORT  Ac3Txop;        // for AC_VO, in unit of 32us
+           USHORT  Ac2Txop;        // for AC_VI, in unit of 32us
+       }       field;
+       UINT32                  word;
+}      AC_TXOP_CSR1_STRUC, *PAC_TXOP_CSR1_STRUC;
+#else
+typedef        union   _AC_TXOP_CSR1_STRUC     {
+       struct  {
+           USHORT  Ac2Txop;        // for AC_VI, in unit of 32us
+           USHORT  Ac3Txop;        // for AC_VO, in unit of 32us
+       }       field;
+       UINT32                  word;
+}      AC_TXOP_CSR1_STRUC, *PAC_TXOP_CSR1_STRUC;
+#endif
+
+
+#define RINGREG_DIFF                   0x10
+#define GPIO_CTRL_CFG    0x0228        //MAC_CSR13
+#define MCU_CMD_CFG    0x022c
+#define TX_BASE_PTR0     0x0230        //AC_BK base address
+#define TX_MAX_CNT0      0x0234
+#define TX_CTX_IDX0       0x0238
+#define TX_DTX_IDX0      0x023c
+#define TX_BASE_PTR1     0x0240                //AC_BE base address
+#define TX_MAX_CNT1      0x0244
+#define TX_CTX_IDX1       0x0248
+#define TX_DTX_IDX1      0x024c
+#define TX_BASE_PTR2     0x0250                //AC_VI base address
+#define TX_MAX_CNT2      0x0254
+#define TX_CTX_IDX2       0x0258
+#define TX_DTX_IDX2      0x025c
+#define TX_BASE_PTR3     0x0260                //AC_VO base address
+#define TX_MAX_CNT3      0x0264
+#define TX_CTX_IDX3       0x0268
+#define TX_DTX_IDX3      0x026c
+#define TX_BASE_PTR4     0x0270                //HCCA base address
+#define TX_MAX_CNT4      0x0274
+#define TX_CTX_IDX4       0x0278
+#define TX_DTX_IDX4      0x027c
+#define TX_BASE_PTR5     0x0280                //MGMT base address
+#define  TX_MAX_CNT5     0x0284
+#define TX_CTX_IDX5       0x0288
+#define TX_DTX_IDX5      0x028c
+#define TX_MGMTMAX_CNT      TX_MAX_CNT5
+#define TX_MGMTCTX_IDX       TX_CTX_IDX5
+#define TX_MGMTDTX_IDX      TX_DTX_IDX5
+#define RX_BASE_PTR     0x0290 //RX base address
+#define RX_MAX_CNT      0x0294
+#define RX_CRX_IDX       0x0298
+#define RX_DRX_IDX      0x029c
+
+
+#define USB_DMA_CFG      0x02a0
+#ifdef RT_BIG_ENDIAN
+typedef        union   _USB_DMA_CFG_STRUC      {
+       struct  {
+           UINT32  TxBusy:1;           //USB DMA TX FSM busy . debug only
+           UINT32  RxBusy:1;        //USB DMA RX FSM busy . debug only
+           UINT32  EpoutValid:6;        //OUT endpoint data valid. debug only
+           UINT32  TxBulkEn:1;        //Enable USB DMA Tx
+           UINT32  RxBulkEn:1;        //Enable USB DMA Rx
+           UINT32  RxBulkAggEn:1;        //Enable Rx Bulk Aggregation
+           UINT32  TxopHalt:1;        //Halt TXOP count down when TX buffer is full.
+           UINT32  TxClear:1;        //Clear USB DMA TX path
+           UINT32  rsv:2;
+           UINT32  phyclear:1;                 //phy watch dog enable. write 1
+           UINT32  RxBulkAggLmt:8;        //Rx Bulk Aggregation Limit  in unit of 1024 bytes
+           UINT32  RxBulkAggTOut:8;        //Rx Bulk Aggregation TimeOut  in unit of 33ns
+       }       field;
+       UINT32                  word;
+}      USB_DMA_CFG_STRUC, *PUSB_DMA_CFG_STRUC;
+#else
+typedef        union   _USB_DMA_CFG_STRUC      {
+       struct  {
+           UINT32  RxBulkAggTOut:8;        //Rx Bulk Aggregation TimeOut  in unit of 33ns
+           UINT32  RxBulkAggLmt:8;        //Rx Bulk Aggregation Limit  in unit of 256 bytes
+           UINT32  phyclear:1;                 //phy watch dog enable. write 1
+           UINT32  rsv:2;
+           UINT32  TxClear:1;        //Clear USB DMA TX path
+           UINT32  TxopHalt:1;        //Halt TXOP count down when TX buffer is full.
+           UINT32  RxBulkAggEn:1;        //Enable Rx Bulk Aggregation
+           UINT32  RxBulkEn:1;        //Enable USB DMA Rx
+           UINT32  TxBulkEn:1;        //Enable USB DMA Tx
+           UINT32  EpoutValid:6;        //OUT endpoint data valid
+           UINT32  RxBusy:1;        //USB DMA RX FSM busy
+           UINT32  TxBusy:1;           //USB DMA TX FSM busy
+       }       field;
+       UINT32                  word;
+}      USB_DMA_CFG_STRUC, *PUSB_DMA_CFG_STRUC;
+#endif
+
+
+//
+//  3  PBF  registers
+//
+//
+// Most are for debug. Driver doesn't touch PBF register.
+#define PBF_SYS_CTRL    0x0400
+#define PBF_CFG                 0x0408
+#define PBF_MAX_PCNT    0x040C
+#define PBF_CTRL               0x0410
+#define PBF_INT_STA     0x0414
+#define PBF_INT_ENA     0x0418
+#define TXRXQ_PCNT      0x0438
+#define PBF_DBG                         0x043c
+#define PBF_CAP_CTRL     0x0440
+
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+// eFuse registers
+#define EFUSE_CTRL                             0x0580
+#define EFUSE_DATA0                            0x0590
+#define EFUSE_DATA1                            0x0594
+#define EFUSE_DATA2                            0x0598
+#define EFUSE_DATA3                            0x059c
+#endif // RTMP_EFUSE_SUPPORT //
+#endif // RT30xx //
+
+#define OSC_CTRL               0x5a4
+#define PCIE_PHY_TX_ATTENUATION_CTRL   0x05C8
+#define LDO_CFG0                               0x05d4
+#define GPIO_SWITCH                            0x05dc
+
+
+//
+//  4  MAC  registers
+//
+//
+//  4.1 MAC SYSTEM  configuration registers (offset:0x1000)
+//
+#define MAC_CSR0            0x1000
+#ifdef RT_BIG_ENDIAN
+typedef        union   _ASIC_VER_ID_STRUC      {
+       struct  {
+           USHORT  ASICVer;        // version : 2860
+           USHORT  ASICRev;        // reversion  : 0
+       }       field;
+       UINT32                  word;
+}      ASIC_VER_ID_STRUC, *PASIC_VER_ID_STRUC;
+#else
+typedef        union   _ASIC_VER_ID_STRUC      {
+       struct  {
+           USHORT  ASICRev;        // reversion  : 0
+           USHORT  ASICVer;        // version : 2860
+       }       field;
+       UINT32                  word;
+}      ASIC_VER_ID_STRUC, *PASIC_VER_ID_STRUC;
+#endif
+#define MAC_SYS_CTRL            0x1004         //MAC_CSR1
+#define MAC_ADDR_DW0                           0x1008          // MAC ADDR DW0
+#define MAC_ADDR_DW1                    0x100c         // MAC ADDR DW1
+//
+// MAC_CSR2: STA MAC register 0
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _MAC_DW0_STRUC  {
+       struct  {
+               UCHAR           Byte3;          // MAC address byte 3
+               UCHAR           Byte2;          // MAC address byte 2
+               UCHAR           Byte1;          // MAC address byte 1
+               UCHAR           Byte0;          // MAC address byte 0
+       }       field;
+       UINT32                  word;
+}      MAC_DW0_STRUC, *PMAC_DW0_STRUC;
+#else
+typedef        union   _MAC_DW0_STRUC  {
+       struct  {
+               UCHAR           Byte0;          // MAC address byte 0
+               UCHAR           Byte1;          // MAC address byte 1
+               UCHAR           Byte2;          // MAC address byte 2
+               UCHAR           Byte3;          // MAC address byte 3
+       }       field;
+       UINT32                  word;
+}      MAC_DW0_STRUC, *PMAC_DW0_STRUC;
+#endif
+
+//
+// MAC_CSR3: STA MAC register 1
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _MAC_DW1_STRUC  {
+       struct  {
+               UCHAR           Rsvd1;
+               UCHAR           U2MeMask;
+               UCHAR           Byte5;          // MAC address byte 5
+               UCHAR           Byte4;          // MAC address byte 4
+       }       field;
+       UINT32                  word;
+}      MAC_DW1_STRUC, *PMAC_DW1_STRUC;
+#else
+typedef        union   _MAC_DW1_STRUC  {
+       struct  {
+               UCHAR           Byte4;          // MAC address byte 4
+               UCHAR           Byte5;          // MAC address byte 5
+               UCHAR           U2MeMask;
+               UCHAR           Rsvd1;
+       }       field;
+       UINT32                  word;
+}      MAC_DW1_STRUC, *PMAC_DW1_STRUC;
+#endif
+
+#define MAC_BSSID_DW0                          0x1010          // MAC BSSID DW0
+#define MAC_BSSID_DW1                          0x1014          // MAC BSSID DW1
+
+//
+// MAC_CSR5: BSSID register 1
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _MAC_CSR5_STRUC {
+       struct  {
+               USHORT          Rsvd:11;
+               USHORT          MBssBcnNum:3;
+               USHORT          BssIdMode:2; // 0: one BSSID, 10: 4 BSSID,  01: 2 BSSID , 11: 8BSSID
+               UCHAR           Byte5;           // BSSID byte 5
+               UCHAR           Byte4;           // BSSID byte 4
+       }       field;
+       UINT32                  word;
+}      MAC_CSR5_STRUC, *PMAC_CSR5_STRUC;
+#else
+typedef        union   _MAC_CSR5_STRUC {
+       struct  {
+               UCHAR           Byte4;           // BSSID byte 4
+               UCHAR           Byte5;           // BSSID byte 5
+               USHORT          BssIdMask:2; // 0: one BSSID, 10: 4 BSSID,  01: 2 BSSID , 11: 8BSSID
+               USHORT          MBssBcnNum:3;
+               USHORT          Rsvd:11;
+       }       field;
+       UINT32                  word;
+}      MAC_CSR5_STRUC, *PMAC_CSR5_STRUC;
+#endif
+
+#define MAX_LEN_CFG              0x1018                // rt2860b max 16k bytes. bit12:13 Maximum PSDU length (power factor) 0:2^13, 1:2^14, 2:2^15, 3:2^16
+#define BBP_CSR_CFG                    0x101c          //
+//
+// BBP_CSR_CFG: BBP serial control register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _BBP_CSR_CFG_STRUC      {
+       struct  {
+               UINT32          :12;
+               UINT32          BBP_RW_MODE:1;          // 0: use serial mode  1:parallel
+               UINT32          BBP_PAR_DUR:1;              // 0: 4 MAC clock cycles  1: 8 MAC clock cycles
+               UINT32          Busy:1;                         // 1: ASIC is busy execute BBP programming.
+               UINT32          fRead:1;                    // 0: Write BBP, 1: Read BBP
+               UINT32          RegNum:8;                       // Selected     BBP     register
+               UINT32          Value:8;                        // Register     value to program into BBP
+       }       field;
+       UINT32                  word;
+}      BBP_CSR_CFG_STRUC, *PBBP_CSR_CFG_STRUC;
+#else
+typedef        union   _BBP_CSR_CFG_STRUC      {
+       struct  {
+               UINT32          Value:8;                        // Register     value to program into BBP
+               UINT32          RegNum:8;                       // Selected     BBP     register
+               UINT32          fRead:1;                    // 0: Write BBP, 1: Read BBP
+               UINT32          Busy:1;                         // 1: ASIC is busy execute BBP programming.
+               UINT32          BBP_PAR_DUR:1;               // 0: 4 MAC clock cycles  1: 8 MAC clock cycles
+               UINT32          BBP_RW_MODE:1;          // 0: use serial mode  1:parallel
+               UINT32          :12;
+       }       field;
+       UINT32                  word;
+}      BBP_CSR_CFG_STRUC, *PBBP_CSR_CFG_STRUC;
+#endif
+#define RF_CSR_CFG0                    0x1020
+//
+// RF_CSR_CFG: RF control register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RF_CSR_CFG0_STRUC      {
+       struct  {
+               UINT32          Busy:1;             // 0: idle 1: 8busy
+               UINT32          Sel:1;                          // 0:RF_LE0 activate  1:RF_LE1 activate
+               UINT32          StandbyMode:1;              // 0: high when stand by 1: low when standby
+               UINT32          bitwidth:5;                     // Selected     BBP     register
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG0_STRUC, *PRF_CSR_CFG0_STRUC;
+#else
+typedef        union   _RF_CSR_CFG0_STRUC      {
+       struct  {
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+               UINT32          bitwidth:5;                     // Selected     BBP     register
+               UINT32          StandbyMode:1;              // 0: high when stand by 1: low when standby
+               UINT32          Sel:1;                          // 0:RF_LE0 activate  1:RF_LE1 activate
+               UINT32          Busy:1;             // 0: idle 1: 8busy
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG0_STRUC, *PRF_CSR_CFG0_STRUC;
+#endif
+#define RF_CSR_CFG1                    0x1024
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RF_CSR_CFG1_STRUC      {
+       struct  {
+               UINT32          rsv:7;              // 0: idle 1: 8busy
+               UINT32          RFGap:5;                        // Gap between BB_CONTROL_RF and RF_LE. 0: 3 system clock cycle (37.5usec) 1: 5 system clock cycle (62.5usec)
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG1_STRUC, *PRF_CSR_CFG1_STRUC;
+#else
+typedef        union   _RF_CSR_CFG1_STRUC      {
+       struct  {
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+               UINT32          RFGap:5;                        // Gap between BB_CONTROL_RF and RF_LE. 0: 3 system clock cycle (37.5usec) 1: 5 system clock cycle (62.5usec)
+               UINT32          rsv:7;              // 0: idle 1: 8busy
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG1_STRUC, *PRF_CSR_CFG1_STRUC;
+#endif
+#define RF_CSR_CFG2                    0x1028          //
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RF_CSR_CFG2_STRUC      {
+       struct  {
+               UINT32          rsv:8;              // 0: idle 1: 8busy
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG2_STRUC, *PRF_CSR_CFG2_STRUC;
+#else
+typedef        union   _RF_CSR_CFG2_STRUC      {
+       struct  {
+               UINT32          RegIdAndContent:24;                     // Register     value to program into BBP
+               UINT32          rsv:8;              // 0: idle 1: 8busy
+       }       field;
+       UINT32                  word;
+}      RF_CSR_CFG2_STRUC, *PRF_CSR_CFG2_STRUC;
+#endif
+#define LED_CFG                                0x102c          //  MAC_CSR14
+#ifdef RT_BIG_ENDIAN
+typedef        union   _LED_CFG_STRUC  {
+       struct  {
+               UINT32          :1;
+               UINT32          LedPolar:1;                     // Led Polarity.  0: active low1: active high
+               UINT32          YLedMode:2;                     // yellow Led Mode
+               UINT32          GLedMode:2;                     // green Led Mode
+               UINT32          RLedMode:2;                     // red Led Mode    0: off1: blinking upon TX2: periodic slow blinking3: always on
+               UINT32          rsv:2;
+               UINT32          SlowBlinkPeriod:6;                      // slow blinking period. unit:1ms
+               UINT32          OffPeriod:8;                    // blinking off period unit 1ms
+               UINT32          OnPeriod:8;                     // blinking on period unit 1ms
+       }       field;
+       UINT32                  word;
+}      LED_CFG_STRUC, *PLED_CFG_STRUC;
+#else
+typedef        union   _LED_CFG_STRUC  {
+       struct  {
+               UINT32          OnPeriod:8;                     // blinking on period unit 1ms
+               UINT32          OffPeriod:8;                    // blinking off period unit 1ms
+               UINT32          SlowBlinkPeriod:6;                      // slow blinking period. unit:1ms
+               UINT32          rsv:2;
+               UINT32          RLedMode:2;                     // red Led Mode    0: off1: blinking upon TX2: periodic slow blinking3: always on
+               UINT32          GLedMode:2;                     // green Led Mode
+               UINT32          YLedMode:2;                     // yellow Led Mode
+               UINT32          LedPolar:1;                     // Led Polarity.  0: active low1: active high
+               UINT32          :1;
+       }       field;
+       UINT32                  word;
+}      LED_CFG_STRUC, *PLED_CFG_STRUC;
+#endif
+//
+//  4.2 MAC TIMING  configuration registers (offset:0x1100)
+//
+#define XIFS_TIME_CFG             0x1100                // MAC_CSR8  MAC_CSR9
+#ifdef RT_BIG_ENDIAN
+typedef        union   _IFS_SLOT_CFG_STRUC     {
+       struct  {
+           UINT32  rsv:2;
+           UINT32  BBRxendEnable:1;        //  reference RXEND signal to begin XIFS defer
+           UINT32  EIFS:9;        //  unit 1us
+           UINT32  OfdmXifsTime:4;        //OFDM SIFS. unit 1us. Applied after OFDM RX when MAC doesn't reference BBP signal BBRXEND
+           UINT32  OfdmSifsTime:8;        //  unit 1us. Applied after OFDM RX/TX
+           UINT32  CckmSifsTime:8;        //  unit 1us. Applied after CCK RX/TX
+       }       field;
+       UINT32                  word;
+}      IFS_SLOT_CFG_STRUC, *PIFS_SLOT_CFG_STRUC;
+#else
+typedef        union   _IFS_SLOT_CFG_STRUC     {
+       struct  {
+           UINT32  CckmSifsTime:8;        //  unit 1us. Applied after CCK RX/TX
+           UINT32  OfdmSifsTime:8;        //  unit 1us. Applied after OFDM RX/TX
+           UINT32  OfdmXifsTime:4;        //OFDM SIFS. unit 1us. Applied after OFDM RX when MAC doesn't reference BBP signal BBRXEND
+           UINT32  EIFS:9;        //  unit 1us
+           UINT32  BBRxendEnable:1;        //  reference RXEND signal to begin XIFS defer
+           UINT32  rsv:2;
+       }       field;
+       UINT32                  word;
+}      IFS_SLOT_CFG_STRUC, *PIFS_SLOT_CFG_STRUC;
+#endif
+
+#define BKOFF_SLOT_CFG             0x1104               //  mac_csr9 last 8 bits
+#define NAV_TIME_CFG             0x1108                 // NAV  (MAC_CSR15)
+#define CH_TIME_CFG             0x110C                 // Count as channel busy
+#define PBF_LIFE_TIMER             0x1110               //TX/RX MPDU timestamp timer (free run)Unit: 1us
+#define BCN_TIME_CFG             0x1114                 // TXRX_CSR9
+
+#define BCN_OFFSET0                            0x042C
+#define BCN_OFFSET1                            0x0430
+
+//
+// BCN_TIME_CFG : Synchronization control register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _BCN_TIME_CFG_STRUC     {
+       struct  {
+               UINT32          TxTimestampCompensate:8;
+        UINT32       :3;
+               UINT32          bBeaconGen:1;           // Enable beacon generator
+        UINT32       bTBTTEnable:1;
+               UINT32          TsfSyncMode:2;          // Enable TSF sync, 00: disable, 01: infra mode, 10: ad-hoc mode
+               UINT32          bTsfTicking:1;          // Enable TSF auto counting
+               UINT32       BeaconInterval:16;  // in unit of 1/16 TU
+       }       field;
+       UINT32                  word;
+}      BCN_TIME_CFG_STRUC, *PBCN_TIME_CFG_STRUC;
+#else
+typedef        union   _BCN_TIME_CFG_STRUC     {
+       struct  {
+               UINT32       BeaconInterval:16;  // in unit of 1/16 TU
+               UINT32          bTsfTicking:1;          // Enable TSF auto counting
+               UINT32          TsfSyncMode:2;          // Enable TSF sync, 00: disable, 01: infra mode, 10: ad-hoc mode
+        UINT32       bTBTTEnable:1;
+               UINT32          bBeaconGen:1;           // Enable beacon generator
+        UINT32       :3;
+               UINT32          TxTimestampCompensate:8;
+       }       field;
+       UINT32                  word;
+}      BCN_TIME_CFG_STRUC, *PBCN_TIME_CFG_STRUC;
+#endif
+#define TBTT_SYNC_CFG            0x1118                        // txrx_csr10
+#define TSF_TIMER_DW0             0x111C               // Local TSF timer lsb 32 bits. Read-only
+#define TSF_TIMER_DW1             0x1120               // msb 32 bits. Read-only.
+#define TBTT_TIMER             0x1124                  // TImer remains till next TBTT. Read-only.  TXRX_CSR14
+#define INT_TIMER_CFG                  0x1128                  //
+#define INT_TIMER_EN                   0x112c                  //  GP-timer and pre-tbtt Int enable
+#define CH_IDLE_STA                    0x1130                  //  channel idle time
+#define CH_BUSY_STA                    0x1134                  //  channle busy time
+//
+//  4.2 MAC POWER  configuration registers (offset:0x1200)
+//
+#define MAC_STATUS_CFG             0x1200               // old MAC_CSR12
+#define PWR_PIN_CFG             0x1204          // old MAC_CSR12
+#define AUTO_WAKEUP_CFG             0x1208              // old MAC_CSR10
+//
+// AUTO_WAKEUP_CFG: Manual power control / status register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _AUTO_WAKEUP_STRUC      {
+       struct  {
+               UINT32          :16;
+               UINT32          EnableAutoWakeup:1;     // 0:sleep, 1:awake
+               UINT32       NumofSleepingTbtt:7;          // ForceWake has high privilege than PutToSleep when both set
+               UINT32       AutoLeadTime:8;
+       }       field;
+       UINT32                  word;
+}      AUTO_WAKEUP_STRUC, *PAUTO_WAKEUP_STRUC;
+#else
+typedef        union   _AUTO_WAKEUP_STRUC      {
+       struct  {
+               UINT32       AutoLeadTime:8;
+               UINT32       NumofSleepingTbtt:7;          // ForceWake has high privilege than PutToSleep when both set
+               UINT32          EnableAutoWakeup:1;     // 0:sleep, 1:awake
+               UINT32          :16;
+       }       field;
+       UINT32                  word;
+}      AUTO_WAKEUP_STRUC, *PAUTO_WAKEUP_STRUC;
+#endif
+//
+//  4.3 MAC TX  configuration registers (offset:0x1300)
+//
+
+#define EDCA_AC0_CFG   0x1300          //AC_TXOP_CSR0 0x3474
+#define EDCA_AC1_CFG   0x1304
+#define EDCA_AC2_CFG   0x1308
+#define EDCA_AC3_CFG   0x130c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _EDCA_AC_CFG_STRUC      {
+       struct  {
+           UINT32  :12;        //
+           UINT32  Cwmax:4;        //unit power of 2
+           UINT32  Cwmin:4;        //
+           UINT32  Aifsn:4;        // # of slot time
+           UINT32  AcTxop:8;        //  in unit of 32us
+       }       field;
+       UINT32                  word;
+}      EDCA_AC_CFG_STRUC, *PEDCA_AC_CFG_STRUC;
+#else
+typedef        union   _EDCA_AC_CFG_STRUC      {
+       struct  {
+           UINT32  AcTxop:8;        //  in unit of 32us
+           UINT32  Aifsn:4;        // # of slot time
+           UINT32  Cwmin:4;        //
+           UINT32  Cwmax:4;        //unit power of 2
+           UINT32  :12;       //
+       }       field;
+       UINT32                  word;
+}      EDCA_AC_CFG_STRUC, *PEDCA_AC_CFG_STRUC;
+#endif
+
+#define EDCA_TID_AC_MAP        0x1310
+#define TX_PWR_CFG_0   0x1314
+#define TX_PWR_CFG_1   0x1318
+#define TX_PWR_CFG_2   0x131C
+#define TX_PWR_CFG_3   0x1320
+#define TX_PWR_CFG_4   0x1324
+#define TX_PIN_CFG             0x1328
+#define TX_BAND_CFG    0x132c          // 0x1 use upper 20MHz. 0 juse lower 20MHz
+#define TX_SW_CFG0             0x1330
+#define TX_SW_CFG1             0x1334
+#define TX_SW_CFG2             0x1338
+#define TXOP_THRES_CFG         0x133c
+#define TXOP_CTRL_CFG          0x1340
+#define TX_RTS_CFG             0x1344
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_RTS_CFG_STRUC       {
+       struct  {
+           UINT32       rsv:7;
+           UINT32       RtsFbkEn:1;    // enable rts rate fallback
+           UINT32       RtsThres:16;    // unit:byte
+           UINT32       AutoRtsRetryLimit:8;
+       }       field;
+       UINT32                  word;
+}      TX_RTS_CFG_STRUC, *PTX_RTS_CFG_STRUC;
+#else
+typedef        union   _TX_RTS_CFG_STRUC       {
+       struct  {
+           UINT32       AutoRtsRetryLimit:8;
+           UINT32       RtsThres:16;    // unit:byte
+           UINT32       RtsFbkEn:1;    // enable rts rate fallback
+           UINT32       rsv:7;     // 1: HT non-STBC control frame enable
+       }       field;
+       UINT32                  word;
+}      TX_RTS_CFG_STRUC, *PTX_RTS_CFG_STRUC;
+#endif
+#define TX_TIMEOUT_CFG 0x1348
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_TIMEOUT_CFG_STRUC   {
+       struct  {
+           UINT32       rsv2:8;
+           UINT32       TxopTimeout:8; //TXOP timeout value for TXOP truncation.  It is recommended that (SLOT_TIME) > (TX_OP_TIMEOUT) > (RX_ACK_TIMEOUT)
+           UINT32       RxAckTimeout:8;        // unit:slot. Used for TX precedure
+           UINT32       MpduLifeTime:4;    //  expiration time = 2^(9+MPDU LIFE TIME)  us
+           UINT32       rsv:4;
+       }       field;
+       UINT32                  word;
+}      TX_TIMEOUT_CFG_STRUC, *PTX_TIMEOUT_CFG_STRUC;
+#else
+typedef        union   _TX_TIMEOUT_CFG_STRUC   {
+       struct  {
+           UINT32       rsv:4;
+           UINT32       MpduLifeTime:4;    //  expiration time = 2^(9+MPDU LIFE TIME)  us
+           UINT32       RxAckTimeout:8;        // unit:slot. Used for TX precedure
+           UINT32       TxopTimeout:8; //TXOP timeout value for TXOP truncation.  It is recommended that (SLOT_TIME) > (TX_OP_TIMEOUT) > (RX_ACK_TIMEOUT)
+           UINT32       rsv2:8;     // 1: HT non-STBC control frame enable
+       }       field;
+       UINT32                  word;
+}      TX_TIMEOUT_CFG_STRUC, *PTX_TIMEOUT_CFG_STRUC;
+#endif
+#define TX_RTY_CFG     0x134c
+#ifdef RT_BIG_ENDIAN
+typedef        union PACKED _TX_RTY_CFG_STRUC  {
+       struct  {
+           UINT32       rsv:1;
+           UINT32       TxautoFBEnable:1;    // Tx retry PHY rate auto fallback enable
+           UINT32       AggRtyMode:1;  // Aggregate MPDU retry mode.  0:expired by retry limit, 1: expired by mpdu life timer
+           UINT32       NonAggRtyMode:1;       // Non-Aggregate MPDU retry mode.  0:expired by retry limit, 1: expired by mpdu life timer
+           UINT32       LongRtyThre:12;        // Long retry threshoold
+           UINT32       LongRtyLimit:8;        //long retry limit
+           UINT32       ShortRtyLimit:8;       //  short retry limit
+
+       }       field;
+       UINT32                  word;
+}      TX_RTY_CFG_STRUC, *PTX_RTY_CFG_STRUC;
+#else
+typedef        union PACKED _TX_RTY_CFG_STRUC  {
+       struct  {
+           UINT32       ShortRtyLimit:8;       //  short retry limit
+           UINT32       LongRtyLimit:8;        //long retry limit
+           UINT32       LongRtyThre:12;        // Long retry threshoold
+           UINT32       NonAggRtyMode:1;       // Non-Aggregate MPDU retry mode.  0:expired by retry limit, 1: expired by mpdu life timer
+           UINT32       AggRtyMode:1;  // Aggregate MPDU retry mode.  0:expired by retry limit, 1: expired by mpdu life timer
+           UINT32       TxautoFBEnable:1;    // Tx retry PHY rate auto fallback enable
+           UINT32       rsv:1;     // 1: HT non-STBC control frame enable
+       }       field;
+       UINT32                  word;
+}      TX_RTY_CFG_STRUC, *PTX_RTY_CFG_STRUC;
+#endif
+#define TX_LINK_CFG    0x1350
+#ifdef RT_BIG_ENDIAN
+typedef        union   PACKED _TX_LINK_CFG_STRUC       {
+       struct PACKED {
+           UINT32       RemotMFS:8;    //remote MCS feedback sequence number
+           UINT32       RemotMFB:8;    //  remote MCS feedback
+           UINT32       rsv:3; //
+           UINT32       TxCFAckEn:1;   //   Piggyback CF-ACK enable
+           UINT32       TxRDGEn:1;     // RDG TX enable
+           UINT32       TxMRQEn:1;     //  MCS request TX enable
+           UINT32       RemoteUMFSEnable:1;    //  remote unsolicit  MFB enable.  0: not apply remote remote unsolicit (MFS=7)
+           UINT32       MFBEnable:1;   //  TX apply remote MFB 1:enable
+           UINT32       RemoteMFBLifeTime:8;   //remote MFB life time. unit : 32us
+       }       field;
+       UINT32                  word;
+}      TX_LINK_CFG_STRUC, *PTX_LINK_CFG_STRUC;
+#else
+typedef        union   PACKED _TX_LINK_CFG_STRUC       {
+       struct PACKED {
+           UINT32       RemoteMFBLifeTime:8;   //remote MFB life time. unit : 32us
+           UINT32       MFBEnable:1;   //  TX apply remote MFB 1:enable
+           UINT32       RemoteUMFSEnable:1;    //  remote unsolicit  MFB enable.  0: not apply remote remote unsolicit (MFS=7)
+           UINT32       TxMRQEn:1;     //  MCS request TX enable
+           UINT32       TxRDGEn:1;     // RDG TX enable
+           UINT32       TxCFAckEn:1;   //   Piggyback CF-ACK enable
+           UINT32       rsv:3; //
+           UINT32       RemotMFB:8;    //  remote MCS feedback
+           UINT32       RemotMFS:8;    //remote MCS feedback sequence number
+       }       field;
+       UINT32                  word;
+}      TX_LINK_CFG_STRUC, *PTX_LINK_CFG_STRUC;
+#endif
+#define HT_FBK_CFG0    0x1354
+#ifdef RT_BIG_ENDIAN
+typedef        union PACKED _HT_FBK_CFG0_STRUC {
+       struct  {
+           UINT32       HTMCS7FBK:4;
+           UINT32       HTMCS6FBK:4;
+           UINT32       HTMCS5FBK:4;
+           UINT32       HTMCS4FBK:4;
+           UINT32       HTMCS3FBK:4;
+           UINT32       HTMCS2FBK:4;
+           UINT32       HTMCS1FBK:4;
+           UINT32       HTMCS0FBK:4;
+       }       field;
+       UINT32                  word;
+}      HT_FBK_CFG0_STRUC, *PHT_FBK_CFG0_STRUC;
+#else
+typedef        union PACKED _HT_FBK_CFG0_STRUC {
+       struct  {
+           UINT32       HTMCS0FBK:4;
+           UINT32       HTMCS1FBK:4;
+           UINT32       HTMCS2FBK:4;
+           UINT32       HTMCS3FBK:4;
+           UINT32       HTMCS4FBK:4;
+           UINT32       HTMCS5FBK:4;
+           UINT32       HTMCS6FBK:4;
+           UINT32       HTMCS7FBK:4;
+       }       field;
+       UINT32                  word;
+}      HT_FBK_CFG0_STRUC, *PHT_FBK_CFG0_STRUC;
+#endif
+#define HT_FBK_CFG1    0x1358
+#ifdef RT_BIG_ENDIAN
+typedef        union   _HT_FBK_CFG1_STRUC      {
+       struct  {
+           UINT32       HTMCS15FBK:4;
+           UINT32       HTMCS14FBK:4;
+           UINT32       HTMCS13FBK:4;
+           UINT32       HTMCS12FBK:4;
+           UINT32       HTMCS11FBK:4;
+           UINT32       HTMCS10FBK:4;
+           UINT32       HTMCS9FBK:4;
+           UINT32       HTMCS8FBK:4;
+       }       field;
+       UINT32                  word;
+}      HT_FBK_CFG1_STRUC, *PHT_FBK_CFG1_STRUC;
+#else
+typedef        union   _HT_FBK_CFG1_STRUC      {
+       struct  {
+           UINT32       HTMCS8FBK:4;
+           UINT32       HTMCS9FBK:4;
+           UINT32       HTMCS10FBK:4;
+           UINT32       HTMCS11FBK:4;
+           UINT32       HTMCS12FBK:4;
+           UINT32       HTMCS13FBK:4;
+           UINT32       HTMCS14FBK:4;
+           UINT32       HTMCS15FBK:4;
+       }       field;
+       UINT32                  word;
+}      HT_FBK_CFG1_STRUC, *PHT_FBK_CFG1_STRUC;
+#endif
+#define LG_FBK_CFG0    0x135c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _LG_FBK_CFG0_STRUC      {
+       struct  {
+           UINT32       OFDMMCS7FBK:4; //initial value is 6
+           UINT32       OFDMMCS6FBK:4; //initial value is 5
+           UINT32       OFDMMCS5FBK:4; //initial value is 4
+           UINT32       OFDMMCS4FBK:4; //initial value is 3
+           UINT32       OFDMMCS3FBK:4; //initial value is 2
+           UINT32       OFDMMCS2FBK:4; //initial value is 1
+           UINT32       OFDMMCS1FBK:4; //initial value is 0
+           UINT32       OFDMMCS0FBK:4; //initial value is 0
+       }       field;
+       UINT32                  word;
+}      LG_FBK_CFG0_STRUC, *PLG_FBK_CFG0_STRUC;
+#else
+typedef        union   _LG_FBK_CFG0_STRUC      {
+       struct  {
+           UINT32       OFDMMCS0FBK:4; //initial value is 0
+           UINT32       OFDMMCS1FBK:4; //initial value is 0
+           UINT32       OFDMMCS2FBK:4; //initial value is 1
+           UINT32       OFDMMCS3FBK:4; //initial value is 2
+           UINT32       OFDMMCS4FBK:4; //initial value is 3
+           UINT32       OFDMMCS5FBK:4; //initial value is 4
+           UINT32       OFDMMCS6FBK:4; //initial value is 5
+           UINT32       OFDMMCS7FBK:4; //initial value is 6
+       }       field;
+       UINT32                  word;
+}      LG_FBK_CFG0_STRUC, *PLG_FBK_CFG0_STRUC;
+#endif
+#define LG_FBK_CFG1            0x1360
+#ifdef RT_BIG_ENDIAN
+typedef        union   _LG_FBK_CFG1_STRUC      {
+       struct  {
+           UINT32       rsv:16;
+           UINT32       CCKMCS3FBK:4;  //initial value is 2
+           UINT32       CCKMCS2FBK:4;  //initial value is 1
+           UINT32       CCKMCS1FBK:4;  //initial value is 0
+           UINT32       CCKMCS0FBK:4;  //initial value is 0
+       }       field;
+       UINT32                  word;
+}      LG_FBK_CFG1_STRUC, *PLG_FBK_CFG1_STRUC;
+#else
+typedef        union   _LG_FBK_CFG1_STRUC      {
+       struct  {
+           UINT32       CCKMCS0FBK:4;  //initial value is 0
+           UINT32       CCKMCS1FBK:4;  //initial value is 0
+           UINT32       CCKMCS2FBK:4;  //initial value is 1
+           UINT32       CCKMCS3FBK:4;  //initial value is 2
+           UINT32       rsv:16;
+       }       field;
+       UINT32                  word;
+}      LG_FBK_CFG1_STRUC, *PLG_FBK_CFG1_STRUC;
+#endif
+
+
+//=======================================================
+//================ Protection Paramater================================
+//=======================================================
+#define CCK_PROT_CFG   0x1364          //CCK Protection
+#define ASIC_SHORTNAV          1
+#define ASIC_LONGNAV           2
+#define ASIC_RTS               1
+#define ASIC_CTS               2
+#ifdef RT_BIG_ENDIAN
+typedef        union   _PROT_CFG_STRUC {
+       struct  {
+           UINT32       rsv:5;
+           UINT32       RTSThEn:1;     //RTS threshold enable on CCK TX
+           UINT32       TxopAllowGF40:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowGF20:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowMM40:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowMM20:1;       //CCK TXOP allowance. 0:disallow.
+           UINT32       TxopAllowOfdm:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowCck:1;        //CCK TXOP allowance.0:disallow.
+           UINT32       ProtectNav:2;  //TXOP protection type for CCK TX. 0:None, 1:ShortNAVprotect,  2:LongNAVProtect, 3:rsv
+           UINT32       ProtectCtrl:2; //Protection control frame type for CCK TX. 1:RTS/CTS, 2:CTS-to-self, 0:None, 3:rsv
+           UINT32       ProtectRate:16;        //Protection control frame rate for CCK TX(RTS/CTS/CFEnd).
+       }       field;
+       UINT32                  word;
+}      PROT_CFG_STRUC, *PPROT_CFG_STRUC;
+#else
+typedef        union   _PROT_CFG_STRUC {
+       struct  {
+           UINT32       ProtectRate:16;        //Protection control frame rate for CCK TX(RTS/CTS/CFEnd).
+           UINT32       ProtectCtrl:2; //Protection control frame type for CCK TX. 1:RTS/CTS, 2:CTS-to-self, 0:None, 3:rsv
+           UINT32       ProtectNav:2;  //TXOP protection type for CCK TX. 0:None, 1:ShortNAVprotect,  2:LongNAVProtect, 3:rsv
+           UINT32       TxopAllowCck:1;        //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowOfdm:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowMM20:1;       //CCK TXOP allowance. 0:disallow.
+           UINT32       TxopAllowMM40:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowGF20:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       TxopAllowGF40:1;       //CCK TXOP allowance.0:disallow.
+           UINT32       RTSThEn:1;     //RTS threshold enable on CCK TX
+           UINT32       rsv:5;
+       }       field;
+       UINT32                  word;
+}      PROT_CFG_STRUC, *PPROT_CFG_STRUC;
+#endif
+
+#define OFDM_PROT_CFG  0x1368          //OFDM Protection
+#define MM20_PROT_CFG  0x136C          //MM20 Protection
+#define MM40_PROT_CFG  0x1370          //MM40 Protection
+#define GF20_PROT_CFG  0x1374          //GF20 Protection
+#define GF40_PROT_CFG  0x1378          //GR40 Protection
+#define EXP_CTS_TIME   0x137C          //
+#define EXP_ACK_TIME   0x1380          //
+
+//
+//  4.4 MAC RX configuration registers (offset:0x1400)
+//
+#define RX_FILTR_CFG   0x1400                  //TXRX_CSR0
+#define AUTO_RSP_CFG   0x1404                  //TXRX_CSR4
+//
+// TXRX_CSR4: Auto-Responder/
+//
+#ifdef RT_BIG_ENDIAN
+typedef union _AUTO_RSP_CFG_STRUC {
+ struct {
+     UINT32        :24;
+     UINT32       AckCtsPsmBit:1;   // Power bit value in conrtrol frame
+     UINT32       DualCTSEn:1;   // Power bit value in conrtrol frame
+     UINT32       rsv:1;   // Power bit value in conrtrol frame
+     UINT32       AutoResponderPreamble:1;    // 0:long, 1:short preamble
+     UINT32       CTS40MRef:1;  // Response CTS 40MHz duplicate mode
+     UINT32       CTS40MMode:1;  // Response CTS 40MHz duplicate mode
+     UINT32       BACAckPolicyEnable:1;    // 0:long, 1:short preamble
+     UINT32       AutoResponderEnable:1;
+ } field;
+ UINT32   word;
+} AUTO_RSP_CFG_STRUC, *PAUTO_RSP_CFG_STRUC;
+#else
+typedef union _AUTO_RSP_CFG_STRUC {
+ struct {
+     UINT32       AutoResponderEnable:1;
+     UINT32       BACAckPolicyEnable:1;    // 0:long, 1:short preamble
+     UINT32       CTS40MMode:1;  // Response CTS 40MHz duplicate mode
+     UINT32       CTS40MRef:1;  // Response CTS 40MHz duplicate mode
+     UINT32       AutoResponderPreamble:1;    // 0:long, 1:short preamble
+     UINT32       rsv:1;   // Power bit value in conrtrol frame
+     UINT32       DualCTSEn:1;   // Power bit value in conrtrol frame
+     UINT32       AckCtsPsmBit:1;   // Power bit value in conrtrol frame
+     UINT32        :24;
+ } field;
+ UINT32   word;
+} AUTO_RSP_CFG_STRUC, *PAUTO_RSP_CFG_STRUC;
+#endif
+
+#define LEGACY_BASIC_RATE      0x1408  //  TXRX_CSR5           0x3054
+#define HT_BASIC_RATE          0x140c
+#define HT_CTRL_CFG            0x1410
+#define SIFS_COST_CFG          0x1414
+#define RX_PARSER_CFG          0x1418  //Set NAV for all received frames
+
+//
+//  4.5 MAC Security configuration (offset:0x1500)
+//
+#define TX_SEC_CNT0            0x1500          //
+#define RX_SEC_CNT0            0x1504          //
+#define CCMP_FC_MUTE           0x1508          //
+//
+//  4.6 HCCA/PSMP (offset:0x1600)
+//
+#define TXOP_HLDR_ADDR0                0x1600
+#define TXOP_HLDR_ADDR1                0x1604
+#define TXOP_HLDR_ET           0x1608
+#define QOS_CFPOLL_RA_DW0              0x160c
+#define QOS_CFPOLL_A1_DW1              0x1610
+#define QOS_CFPOLL_QC          0x1614
+//
+//  4.7 MAC Statistis registers (offset:0x1700)
+//
+#define RX_STA_CNT0            0x1700          //
+#define RX_STA_CNT1            0x1704          //
+#define RX_STA_CNT2            0x1708          //
+
+//
+// RX_STA_CNT0_STRUC: RX PLCP error count & RX CRC error count
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RX_STA_CNT0_STRUC      {
+       struct  {
+           USHORT  PhyErr;
+           USHORT  CrcErr;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT0_STRUC, *PRX_STA_CNT0_STRUC;
+#else
+typedef        union   _RX_STA_CNT0_STRUC      {
+       struct  {
+           USHORT  CrcErr;
+           USHORT  PhyErr;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT0_STRUC, *PRX_STA_CNT0_STRUC;
+#endif
+
+//
+// RX_STA_CNT1_STRUC: RX False CCA count & RX LONG frame count
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RX_STA_CNT1_STRUC      {
+       struct  {
+           USHORT  PlcpErr;
+           USHORT  FalseCca;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT1_STRUC, *PRX_STA_CNT1_STRUC;
+#else
+typedef        union   _RX_STA_CNT1_STRUC      {
+       struct  {
+           USHORT  FalseCca;
+           USHORT  PlcpErr;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT1_STRUC, *PRX_STA_CNT1_STRUC;
+#endif
+
+//
+// RX_STA_CNT2_STRUC:
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RX_STA_CNT2_STRUC      {
+       struct  {
+           USHORT  RxFifoOverflowCount;
+           USHORT  RxDupliCount;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT2_STRUC, *PRX_STA_CNT2_STRUC;
+#else
+typedef        union   _RX_STA_CNT2_STRUC      {
+       struct  {
+           USHORT  RxDupliCount;
+           USHORT  RxFifoOverflowCount;
+       }       field;
+       UINT32                  word;
+}      RX_STA_CNT2_STRUC, *PRX_STA_CNT2_STRUC;
+#endif
+#define TX_STA_CNT0            0x170C          //
+//
+// STA_CSR3: TX Beacon count
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_STA_CNT0_STRUC      {
+       struct  {
+           USHORT  TxBeaconCount;
+           USHORT  TxFailCount;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT0_STRUC, *PTX_STA_CNT0_STRUC;
+#else
+typedef        union   _TX_STA_CNT0_STRUC      {
+       struct  {
+           USHORT  TxFailCount;
+           USHORT  TxBeaconCount;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT0_STRUC, *PTX_STA_CNT0_STRUC;
+#endif
+#define TX_STA_CNT1            0x1710          //
+//
+// TX_STA_CNT1: TX tx count
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_STA_CNT1_STRUC      {
+       struct  {
+           USHORT  TxRetransmit;
+           USHORT  TxSuccess;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT1_STRUC, *PTX_STA_CNT1_STRUC;
+#else
+typedef        union   _TX_STA_CNT1_STRUC      {
+       struct  {
+           USHORT  TxSuccess;
+           USHORT  TxRetransmit;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT1_STRUC, *PTX_STA_CNT1_STRUC;
+#endif
+#define TX_STA_CNT2            0x1714          //
+//
+// TX_STA_CNT2: TX tx count
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_STA_CNT2_STRUC      {
+       struct  {
+           USHORT  TxUnderFlowCount;
+           USHORT  TxZeroLenCount;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT2_STRUC, *PTX_STA_CNT2_STRUC;
+#else
+typedef        union   _TX_STA_CNT2_STRUC      {
+       struct  {
+           USHORT  TxZeroLenCount;
+           USHORT  TxUnderFlowCount;
+       }       field;
+       UINT32                  word;
+}      TX_STA_CNT2_STRUC, *PTX_STA_CNT2_STRUC;
+#endif
+#define TX_STA_FIFO            0x1718          //
+//
+// TX_STA_FIFO_STRUC: TX Result for specific PID status fifo register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union PACKED _TX_STA_FIFO_STRUC {
+       struct  {
+               UINT32          Reserve:2;
+               UINT32          TxBF:1; // 3*3
+               UINT32          SuccessRate:13; //include MCS, mode ,shortGI, BW settingSame format as TXWI Word 0 Bit 31-16.
+//             UINT32          SuccessRate:16; //include MCS, mode ,shortGI, BW settingSame format as TXWI Word 0 Bit 31-16.
+               UINT32          wcid:8;         //wireless client index
+               UINT32          TxAckRequired:1;    // ack required
+               UINT32          TxAggre:1;    // Tx is aggregated
+               UINT32          TxSuccess:1;   // Tx success. whether success or not
+               UINT32          PidType:4;
+               UINT32          bValid:1;   // 1:This register contains a valid TX result
+       }       field;
+       UINT32                  word;
+}      TX_STA_FIFO_STRUC, *PTX_STA_FIFO_STRUC;
+#else
+typedef        union PACKED _TX_STA_FIFO_STRUC {
+       struct  {
+               UINT32          bValid:1;   // 1:This register contains a valid TX result
+               UINT32          PidType:4;
+               UINT32          TxSuccess:1;   // Tx No retry success
+               UINT32          TxAggre:1;    // Tx Retry Success
+               UINT32          TxAckRequired:1;    // Tx fail
+               UINT32          wcid:8;         //wireless client index
+//             UINT32          SuccessRate:16; //include MCS, mode ,shortGI, BW settingSame format as TXWI Word 0 Bit 31-16.
+               UINT32          SuccessRate:13; //include MCS, mode ,shortGI, BW settingSame format as TXWI Word 0 Bit 31-16.
+               UINT32          TxBF:1;
+               UINT32          Reserve:2;
+       }       field;
+       UINT32                  word;
+}      TX_STA_FIFO_STRUC, *PTX_STA_FIFO_STRUC;
+#endif
+// Debug counter
+#define TX_AGG_CNT     0x171c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT_STRUC       {
+       struct  {
+           USHORT  AggTxCount;
+           USHORT  NonAggTxCount;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT_STRUC, *PTX_AGG_CNT_STRUC;
+#else
+typedef        union   _TX_AGG_CNT_STRUC       {
+       struct  {
+           USHORT  NonAggTxCount;
+           USHORT  AggTxCount;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT_STRUC, *PTX_AGG_CNT_STRUC;
+#endif
+// Debug counter
+#define TX_AGG_CNT0    0x1720
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT0_STRUC      {
+       struct  {
+           USHORT  AggSize2Count;
+           USHORT  AggSize1Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT0_STRUC, *PTX_AGG_CNT0_STRUC;
+#else
+typedef        union   _TX_AGG_CNT0_STRUC      {
+       struct  {
+           USHORT  AggSize1Count;
+           USHORT  AggSize2Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT0_STRUC, *PTX_AGG_CNT0_STRUC;
+#endif
+// Debug counter
+#define TX_AGG_CNT1    0x1724
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT1_STRUC      {
+       struct  {
+           USHORT  AggSize4Count;
+           USHORT  AggSize3Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT1_STRUC, *PTX_AGG_CNT1_STRUC;
+#else
+typedef        union   _TX_AGG_CNT1_STRUC      {
+       struct  {
+           USHORT  AggSize3Count;
+           USHORT  AggSize4Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT1_STRUC, *PTX_AGG_CNT1_STRUC;
+#endif
+#define TX_AGG_CNT2    0x1728
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT2_STRUC      {
+       struct  {
+           USHORT  AggSize6Count;
+           USHORT  AggSize5Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT2_STRUC, *PTX_AGG_CNT2_STRUC;
+#else
+typedef        union   _TX_AGG_CNT2_STRUC      {
+       struct  {
+           USHORT  AggSize5Count;
+           USHORT  AggSize6Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT2_STRUC, *PTX_AGG_CNT2_STRUC;
+#endif
+// Debug counter
+#define TX_AGG_CNT3    0x172c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT3_STRUC      {
+       struct  {
+           USHORT  AggSize8Count;
+           USHORT  AggSize7Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT3_STRUC, *PTX_AGG_CNT3_STRUC;
+#else
+typedef        union   _TX_AGG_CNT3_STRUC      {
+       struct  {
+           USHORT  AggSize7Count;
+           USHORT  AggSize8Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT3_STRUC, *PTX_AGG_CNT3_STRUC;
+#endif
+// Debug counter
+#define TX_AGG_CNT4    0x1730
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT4_STRUC      {
+       struct  {
+           USHORT  AggSize10Count;
+           USHORT  AggSize9Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT4_STRUC, *PTX_AGG_CNT4_STRUC;
+#else
+typedef        union   _TX_AGG_CNT4_STRUC      {
+       struct  {
+           USHORT  AggSize9Count;
+           USHORT  AggSize10Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT4_STRUC, *PTX_AGG_CNT4_STRUC;
+#endif
+#define TX_AGG_CNT5    0x1734
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT5_STRUC      {
+       struct  {
+           USHORT  AggSize12Count;
+           USHORT  AggSize11Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT5_STRUC, *PTX_AGG_CNT5_STRUC;
+#else
+typedef        union   _TX_AGG_CNT5_STRUC      {
+       struct  {
+           USHORT  AggSize11Count;
+           USHORT  AggSize12Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT5_STRUC, *PTX_AGG_CNT5_STRUC;
+#endif
+#define TX_AGG_CNT6            0x1738
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT6_STRUC      {
+       struct  {
+           USHORT  AggSize14Count;
+           USHORT  AggSize13Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT6_STRUC, *PTX_AGG_CNT6_STRUC;
+#else
+typedef        union   _TX_AGG_CNT6_STRUC      {
+       struct  {
+           USHORT  AggSize13Count;
+           USHORT  AggSize14Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT6_STRUC, *PTX_AGG_CNT6_STRUC;
+#endif
+#define TX_AGG_CNT7            0x173c
+#ifdef RT_BIG_ENDIAN
+typedef        union   _TX_AGG_CNT7_STRUC      {
+       struct  {
+           USHORT  AggSize16Count;
+           USHORT  AggSize15Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT7_STRUC, *PTX_AGG_CNT7_STRUC;
+#else
+typedef        union   _TX_AGG_CNT7_STRUC      {
+       struct  {
+           USHORT  AggSize15Count;
+           USHORT  AggSize16Count;
+       }       field;
+       UINT32                  word;
+}      TX_AGG_CNT7_STRUC, *PTX_AGG_CNT7_STRUC;
+#endif
+#define MPDU_DENSITY_CNT               0x1740
+#ifdef RT_BIG_ENDIAN
+typedef        union   _MPDU_DEN_CNT_STRUC     {
+       struct  {
+           USHORT  RXZeroDelCount;     //RX zero length delimiter count
+           USHORT  TXZeroDelCount;     //TX zero length delimiter count
+       }       field;
+       UINT32                  word;
+}      MPDU_DEN_CNT_STRUC, *PMPDU_DEN_CNT_STRUC;
+#else
+typedef        union   _MPDU_DEN_CNT_STRUC     {
+       struct  {
+           USHORT  TXZeroDelCount;     //TX zero length delimiter count
+           USHORT  RXZeroDelCount;     //RX zero length delimiter count
+       }       field;
+       UINT32                  word;
+}      MPDU_DEN_CNT_STRUC, *PMPDU_DEN_CNT_STRUC;
+#endif
+//
+// TXRX control registers - base address 0x3000
+//
+// rt2860b  UNKNOWN reg use R/O Reg Addr 0x77d0 first..
+#define TXRX_CSR1           0x77d0
+
+//
+// Security key table memory, base address = 0x1000
+//
+#define MAC_WCID_BASE          0x1800 //8-bytes(use only 6-bytes) * 256 entry =
+#define HW_WCID_ENTRY_SIZE   8
+#define PAIRWISE_KEY_TABLE_BASE     0x4000      // 32-byte * 256-entry =  -byte
+#define HW_KEY_ENTRY_SIZE           0x20
+#define PAIRWISE_IVEIV_TABLE_BASE     0x6000      // 8-byte * 256-entry =  -byte
+#define MAC_IVEIV_TABLE_BASE     0x6000      // 8-byte * 256-entry =  -byte
+#define HW_IVEIV_ENTRY_SIZE   8
+#define MAC_WCID_ATTRIBUTE_BASE     0x6800      // 4-byte * 256-entry =  -byte
+#define HW_WCID_ATTRI_SIZE   4
+#define WCID_RESERVED                  0x6bfc
+#define SHARED_KEY_TABLE_BASE       0x6c00      // 32-byte * 16-entry = 512-byte
+#define SHARED_KEY_MODE_BASE       0x7000      // 32-byte * 16-entry = 512-byte
+#define HW_SHARED_KEY_MODE_SIZE   4
+#define SHAREDKEYTABLE                 0
+#define PAIRWISEKEYTABLE                       1
+
+
+#ifdef RT_BIG_ENDIAN
+typedef        union   _SHAREDKEY_MODE_STRUC   {
+       struct  {
+               UINT32       :1;
+               UINT32       Bss1Key3CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key2CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key1CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key0CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key3CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key2CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key1CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key0CipherAlg:3;
+       }       field;
+       UINT32                  word;
+}      SHAREDKEY_MODE_STRUC, *PSHAREDKEY_MODE_STRUC;
+#else
+typedef        union   _SHAREDKEY_MODE_STRUC   {
+       struct  {
+               UINT32       Bss0Key0CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key1CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key2CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss0Key3CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key0CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key1CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key2CipherAlg:3;
+               UINT32       :1;
+               UINT32       Bss1Key3CipherAlg:3;
+               UINT32       :1;
+       }       field;
+       UINT32                  word;
+}      SHAREDKEY_MODE_STRUC, *PSHAREDKEY_MODE_STRUC;
+#endif
+// 64-entry for pairwise key table
+typedef struct _HW_WCID_ENTRY {  // 8-byte per entry
+    UCHAR   Address[6];
+    UCHAR   Rsv[2];
+} HW_WCID_ENTRY, PHW_WCID_ENTRY;
+
+
+// =================================================================================
+// WCID  format
+// =================================================================================
+//7.1  WCID  ENTRY  format  : 8bytes
+typedef        struct  _WCID_ENTRY_STRUC {
+       UCHAR           RXBABitmap7;    // bit0 for TID8, bit7 for TID 15
+       UCHAR           RXBABitmap0;    // bit0 for TID0, bit7 for TID 7
+       UCHAR           MAC[6]; // 0 for shared key table.  1 for pairwise key table
+}      WCID_ENTRY_STRUC, *PWCID_ENTRY_STRUC;
+
+//8.1.1        SECURITY  KEY  format  : 8DW
+// 32-byte per entry, total 16-entry for shared key table, 64-entry for pairwise key table
+typedef struct _HW_KEY_ENTRY {          // 32-byte per entry
+    UCHAR   Key[16];
+    UCHAR   TxMic[8];
+    UCHAR   RxMic[8];
+} HW_KEY_ENTRY, *PHW_KEY_ENTRY;
+
+//8.1.2        IV/EIV  format  : 2DW
+
+//8.1.3        RX attribute entry format  : 1DW
+#ifdef RT_BIG_ENDIAN
+typedef        struct  _MAC_ATTRIBUTE_STRUC {
+       UINT32          rsv:22;
+       UINT32          RXWIUDF:3;
+       UINT32          BSSIDIdx:3; //multipleBSS index for the WCID
+       UINT32          PairKeyMode:3;
+       UINT32          KeyTab:1;       // 0 for shared key table.  1 for pairwise key table
+}      MAC_ATTRIBUTE_STRUC, *PMAC_ATTRIBUTE_STRUC;
+#else
+typedef        struct  _MAC_ATTRIBUTE_STRUC {
+       UINT32          KeyTab:1;       // 0 for shared key table.  1 for pairwise key table
+       UINT32          PairKeyMode:3;
+       UINT32          BSSIDIdx:3; //multipleBSS index for the WCID
+       UINT32          RXWIUDF:3;
+       UINT32          rsv:22;
+}      MAC_ATTRIBUTE_STRUC, *PMAC_ATTRIBUTE_STRUC;
+#endif
+
+
+// =================================================================================
+// HOST-MCU communication data structure
+// =================================================================================
+
+//
+// H2M_MAILBOX_CSR: Host-to-MCU Mailbox
+//
+#ifdef RT_BIG_ENDIAN
+typedef union  _H2M_MAILBOX_STRUC {
+    struct {
+        UINT32       Owner:8;
+        UINT32       CmdToken:8;    // 0xff tells MCU not to report CmdDoneInt after excuting the command
+        UINT32       HighByte:8;
+        UINT32       LowByte:8;
+    }   field;
+    UINT32           word;
+} H2M_MAILBOX_STRUC, *PH2M_MAILBOX_STRUC;
+#else
+typedef union  _H2M_MAILBOX_STRUC {
+    struct {
+        UINT32       LowByte:8;
+        UINT32       HighByte:8;
+        UINT32       CmdToken:8;
+        UINT32       Owner:8;
+    }   field;
+    UINT32           word;
+} H2M_MAILBOX_STRUC, *PH2M_MAILBOX_STRUC;
+#endif
+
+//
+// M2H_CMD_DONE_CSR: MCU-to-Host command complete indication
+//
+#ifdef RT_BIG_ENDIAN
+typedef union _M2H_CMD_DONE_STRUC {
+    struct  {
+        UINT32       CmdToken3;
+        UINT32       CmdToken2;
+        UINT32       CmdToken1;
+        UINT32       CmdToken0;
+    } field;
+    UINT32           word;
+} M2H_CMD_DONE_STRUC, *PM2H_CMD_DONE_STRUC;
+#else
+typedef union _M2H_CMD_DONE_STRUC {
+    struct  {
+        UINT32       CmdToken0;
+        UINT32       CmdToken1;
+        UINT32       CmdToken2;
+        UINT32       CmdToken3;
+    } field;
+    UINT32           word;
+} M2H_CMD_DONE_STRUC, *PM2H_CMD_DONE_STRUC;
+#endif
+
+
+//NAV_TIME_CFG :NAV
+#ifdef RT_BIG_ENDIAN
+typedef        union   _NAV_TIME_CFG_STRUC     {
+       struct  {
+               USHORT          rsv:6;
+               USHORT          ZeroSifs:1;               // Applied zero SIFS timer after OFDM RX 0: disable
+               USHORT          Eifs:9;               // in unit of 1-us
+               UCHAR       SlotTime;    // in unit of 1-us
+               UCHAR           Sifs;               // in unit of 1-us
+       }       field;
+       UINT32                  word;
+}      NAV_TIME_CFG_STRUC, *PNAV_TIME_CFG_STRUC;
+#else
+typedef        union   _NAV_TIME_CFG_STRUC     {
+       struct  {
+               UCHAR           Sifs;               // in unit of 1-us
+               UCHAR       SlotTime;    // in unit of 1-us
+               USHORT          Eifs:9;               // in unit of 1-us
+               USHORT          ZeroSifs:1;               // Applied zero SIFS timer after OFDM RX 0: disable
+               USHORT          rsv:6;
+       }       field;
+       UINT32                  word;
+}      NAV_TIME_CFG_STRUC, *PNAV_TIME_CFG_STRUC;
+#endif
+
+
+//
+// RX_FILTR_CFG:  /RX configuration register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   RX_FILTR_CFG_STRUC      {
+       struct  {
+               UINT32          :15;
+               UINT32       DropRsvCntlType:1;
+
+               UINT32          DropBAR:1;       //
+               UINT32          DropBA:1;               //
+               UINT32          DropPsPoll:1;           // Drop Ps-Poll
+               UINT32          DropRts:1;              // Drop Ps-Poll
+
+               UINT32          DropCts:1;              // Drop Ps-Poll
+               UINT32          DropAck:1;              // Drop Ps-Poll
+               UINT32          DropCFEnd:1;            // Drop Ps-Poll
+               UINT32          DropCFEndAck:1;         // Drop Ps-Poll
+
+               UINT32          DropDuplicate:1;                // Drop duplicate frame
+               UINT32          DropBcast:1;            // Drop broadcast frames
+               UINT32          DropMcast:1;            // Drop multicast frames
+               UINT32          DropVerErr:1;       // Drop version error frame
+
+               UINT32          DropNotMyBSSID:1;                       // Drop fram ToDs bit is true
+               UINT32          DropNotToMe:1;          // Drop not to me unicast frame
+               UINT32          DropPhyErr:1;           // Drop physical error
+               UINT32          DropCRCErr:1;           // Drop CRC error
+       }       field;
+       UINT32                  word;
+}      RX_FILTR_CFG_STRUC, *PRX_FILTR_CFG_STRUC;
+#else
+typedef        union   _RX_FILTR_CFG_STRUC     {
+       struct  {
+               UINT32          DropCRCErr:1;           // Drop CRC error
+               UINT32          DropPhyErr:1;           // Drop physical error
+               UINT32          DropNotToMe:1;          // Drop not to me unicast frame
+               UINT32          DropNotMyBSSID:1;                       // Drop fram ToDs bit is true
+
+               UINT32          DropVerErr:1;       // Drop version error frame
+               UINT32          DropMcast:1;            // Drop multicast frames
+               UINT32          DropBcast:1;            // Drop broadcast frames
+               UINT32          DropDuplicate:1;                // Drop duplicate frame
+
+               UINT32          DropCFEndAck:1;         // Drop Ps-Poll
+               UINT32          DropCFEnd:1;            // Drop Ps-Poll
+               UINT32          DropAck:1;              // Drop Ps-Poll
+               UINT32          DropCts:1;              // Drop Ps-Poll
+
+               UINT32          DropRts:1;              // Drop Ps-Poll
+               UINT32          DropPsPoll:1;           // Drop Ps-Poll
+               UINT32          DropBA:1;               //
+               UINT32          DropBAR:1;       //
+
+               UINT32          DropRsvCntlType:1;
+               UINT32          :15;
+       }       field;
+       UINT32                  word;
+}      RX_FILTR_CFG_STRUC, *PRX_FILTR_CFG_STRUC;
+#endif
+
+
+
+
+//
+// PHY_CSR4: RF serial control register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _PHY_CSR4_STRUC {
+       struct  {
+               UINT32          Busy:1;                         // 1: ASIC is busy execute RF programming.
+               UINT32          PLL_LD:1;                       // RF PLL_LD status
+               UINT32          IFSelect:1;                     // 1: select IF to program,     0: select RF to program
+               UINT32          NumberOfBits:5;         // Number of bits used in RFRegValue (I:20,     RFMD:22)
+               UINT32          RFRegValue:24;          // Register     value (include register id)     serial out to RF/IF     chip.
+       }       field;
+       UINT32                  word;
+}      PHY_CSR4_STRUC, *PPHY_CSR4_STRUC;
+#else
+typedef        union   _PHY_CSR4_STRUC {
+       struct  {
+               UINT32          RFRegValue:24;          // Register     value (include register id)     serial out to RF/IF     chip.
+               UINT32          NumberOfBits:5;         // Number of bits used in RFRegValue (I:20,     RFMD:22)
+               UINT32          IFSelect:1;                     // 1: select IF to program,     0: select RF to program
+               UINT32          PLL_LD:1;                       // RF PLL_LD status
+               UINT32          Busy:1;                         // 1: ASIC is busy execute RF programming.
+       }       field;
+       UINT32                  word;
+}      PHY_CSR4_STRUC, *PPHY_CSR4_STRUC;
+#endif
+
+
+//
+// SEC_CSR5: shared key table security mode register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _SEC_CSR5_STRUC {
+       struct  {
+        UINT32       :1;
+        UINT32       Bss3Key3CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key2CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key1CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key0CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key3CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key2CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key1CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key0CipherAlg:3;
+       }       field;
+       UINT32                  word;
+}      SEC_CSR5_STRUC, *PSEC_CSR5_STRUC;
+#else
+typedef        union   _SEC_CSR5_STRUC {
+       struct  {
+        UINT32       Bss2Key0CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key1CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key2CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss2Key3CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key0CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key1CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key2CipherAlg:3;
+        UINT32       :1;
+        UINT32       Bss3Key3CipherAlg:3;
+        UINT32       :1;
+       }       field;
+       UINT32                  word;
+}      SEC_CSR5_STRUC, *PSEC_CSR5_STRUC;
+#endif
+
+
+//
+// HOST_CMD_CSR: For HOST to interrupt embedded processor
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _HOST_CMD_CSR_STRUC     {
+       struct  {
+           UINT32   Rsv:24;
+           UINT32   HostCommand:8;
+       }       field;
+       UINT32                  word;
+}      HOST_CMD_CSR_STRUC, *PHOST_CMD_CSR_STRUC;
+#else
+typedef        union   _HOST_CMD_CSR_STRUC     {
+       struct  {
+           UINT32   HostCommand:8;
+           UINT32   Rsv:24;
+       }       field;
+       UINT32                  word;
+}      HOST_CMD_CSR_STRUC, *PHOST_CMD_CSR_STRUC;
+#endif
+
+
+//
+// AIFSN_CSR: AIFSN for each EDCA AC
+//
+
+
+
+//
+// E2PROM_CSR: EEPROM control register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _E2PROM_CSR_STRUC       {
+       struct  {
+               UINT32          Rsvd:25;
+               UINT32       LoadStatus:1;   // 1:loading, 0:done
+               UINT32          Type:1;                 // 1: 93C46, 0:93C66
+               UINT32          EepromDO:1;
+               UINT32          EepromDI:1;
+               UINT32          EepromCS:1;
+               UINT32          EepromSK:1;
+               UINT32          Reload:1;               // Reload EEPROM content, write one to reload, self-cleared.
+       }       field;
+       UINT32                  word;
+}      E2PROM_CSR_STRUC, *PE2PROM_CSR_STRUC;
+#else
+typedef        union   _E2PROM_CSR_STRUC       {
+       struct  {
+               UINT32          Reload:1;               // Reload EEPROM content, write one to reload, self-cleared.
+               UINT32          EepromSK:1;
+               UINT32          EepromCS:1;
+               UINT32          EepromDI:1;
+               UINT32          EepromDO:1;
+               UINT32          Type:1;                 // 1: 93C46, 0:93C66
+               UINT32       LoadStatus:1;   // 1:loading, 0:done
+               UINT32          Rsvd:25;
+       }       field;
+       UINT32                  word;
+}      E2PROM_CSR_STRUC, *PE2PROM_CSR_STRUC;
+#endif
+
+//
+// QOS_CSR0: TXOP holder address0 register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _QOS_CSR0_STRUC {
+       struct  {
+               UCHAR           Byte3;          // MAC address byte 3
+               UCHAR           Byte2;          // MAC address byte 2
+               UCHAR           Byte1;          // MAC address byte 1
+               UCHAR           Byte0;          // MAC address byte 0
+       }       field;
+       UINT32                  word;
+}      QOS_CSR0_STRUC, *PQOS_CSR0_STRUC;
+#else
+typedef        union   _QOS_CSR0_STRUC {
+       struct  {
+               UCHAR           Byte0;          // MAC address byte 0
+               UCHAR           Byte1;          // MAC address byte 1
+               UCHAR           Byte2;          // MAC address byte 2
+               UCHAR           Byte3;          // MAC address byte 3
+       }       field;
+       UINT32                  word;
+}      QOS_CSR0_STRUC, *PQOS_CSR0_STRUC;
+#endif
+
+//
+// QOS_CSR1: TXOP holder address1 register
+//
+#ifdef RT_BIG_ENDIAN
+typedef        union   _QOS_CSR1_STRUC {
+       struct  {
+               UCHAR           Rsvd1;
+               UCHAR           Rsvd0;
+               UCHAR           Byte5;          // MAC address byte 5
+               UCHAR           Byte4;          // MAC address byte 4
+       }       field;
+       UINT32                  word;
+}      QOS_CSR1_STRUC, *PQOS_CSR1_STRUC;
+#else
+typedef        union   _QOS_CSR1_STRUC {
+       struct  {
+               UCHAR           Byte4;          // MAC address byte 4
+               UCHAR           Byte5;          // MAC address byte 5
+               UCHAR           Rsvd0;
+               UCHAR           Rsvd1;
+       }       field;
+       UINT32                  word;
+}      QOS_CSR1_STRUC, *PQOS_CSR1_STRUC;
+#endif
+
+#define        RF_CSR_CFG      0x500
+#ifdef RT_BIG_ENDIAN
+typedef        union   _RF_CSR_CFG_STRUC       {
+       struct  {
+               UINT    Rsvd1:14;                               // Reserved
+               UINT    RF_CSR_KICK:1;                  // kick RF register read/write
+               UINT    RF_CSR_WR:1;                    // 0: read  1: write
+               UINT    Rsvd2:3;                                // Reserved
+               UINT    TESTCSR_RFACC_REGNUM:5; // RF register ID
+               UINT    RF_CSR_DATA:8;                  // DATA
+       }       field;
+       UINT    word;
+}      RF_CSR_CFG_STRUC, *PRF_CSR_CFG_STRUC;
+#else
+typedef        union   _RF_CSR_CFG_STRUC       {
+       struct  {
+               UINT    RF_CSR_DATA:8;                  // DATA
+               UINT    TESTCSR_RFACC_REGNUM:5; // RF register ID
+               UINT    Rsvd2:3;                                // Reserved
+               UINT    RF_CSR_WR:1;                    // 0: read  1: write
+               UINT    RF_CSR_KICK:1;                  // kick RF register read/write
+               UINT    Rsvd1:14;                               // Reserved
+       }       field;
+       UINT    word;
+}      RF_CSR_CFG_STRUC, *PRF_CSR_CFG_STRUC;
+#endif
+
+
+//
+// Other on-chip shared memory space, base = 0x2000
+//
+
+// CIS space - base address = 0x2000
+#define HW_CIS_BASE             0x2000
+
+// Carrier-sense CTS frame base address. It's where mac stores carrier-sense frame for carrier-sense function.
+#define HW_CS_CTS_BASE                 0x7700
+// DFS CTS frame base address. It's where mac stores CTS frame for DFS.
+#define HW_DFS_CTS_BASE                        0x7780
+#define HW_CTS_FRAME_SIZE              0x80
+
+// 2004-11-08 john - since NULL frame won't be that long (256 byte). We steal 16 tail bytes
+// to save debugging settings
+#define HW_DEBUG_SETTING_BASE   0x77f0  // 0x77f0~0x77ff total 16 bytes
+#define HW_DEBUG_SETTING_BASE2   0x7770  // 0x77f0~0x77ff total 16 bytes
+
+// In order to support maximum 8 MBSS and its maximum length is 512 for each beacon
+// Three section discontinue memory segments will be used.
+// 1. The original region for BCN 0~3
+// 2. Extract memory from FCE table for BCN 4~5
+// 3. Extract memory from Pair-wise key table for BCN 6~7
+//       It occupied those memory of wcid 238~253 for BCN 6
+//                                                   and wcid 222~237 for BCN 7
+#define HW_BEACON_MAX_SIZE      0x1000 /* unit: byte */
+#define HW_BEACON_BASE0         0x7800
+#define HW_BEACON_BASE1         0x7A00
+#define HW_BEACON_BASE2         0x7C00
+#define HW_BEACON_BASE3         0x7E00
+#define HW_BEACON_BASE4         0x7200
+#define HW_BEACON_BASE5         0x7400
+#define HW_BEACON_BASE6         0x5DC0
+#define HW_BEACON_BASE7         0x5BC0
+
+#define HW_BEACON_MAX_COUNT     8
+#define HW_BEACON_OFFSET               0x0200
+#define HW_BEACON_CONTENT_LEN  (HW_BEACON_OFFSET - TXWI_SIZE)
+
+// HOST-MCU shared memory - base address = 0x2100
+#define HOST_CMD_CSR           0x404
+#define H2M_MAILBOX_CSR         0x7010
+#define H2M_MAILBOX_CID         0x7014
+#define H2M_MAILBOX_STATUS      0x701c
+#define H2M_INT_SRC             0x7024
+#define H2M_BBP_AGENT           0x7028
+#define M2H_CMD_DONE_CSR        0x000c
+#define MCU_TXOP_ARRAY_BASE     0x000c   // TODO: to be provided by Albert
+#define MCU_TXOP_ENTRY_SIZE     32       // TODO: to be provided by Albert
+#define MAX_NUM_OF_TXOP_ENTRY   16       // TODO: must be same with 8051 firmware
+#define MCU_MBOX_VERSION        0x01     // TODO: to be confirmed by Albert
+#define MCU_MBOX_VERSION_OFFSET 5        // TODO: to be provided by Albert
+
+//
+// Host DMA registers - base address 0x200 .  TX0-3=EDCAQid0-3, TX4=HCCA, TX5=MGMT,
+//
+//
+//  DMA RING DESCRIPTOR
+//
+#define E2PROM_CSR          0x0004
+#define IO_CNTL_CSR         0x77d0
+
+
+
+// ================================================================
+// Tx /        Rx / Mgmt ring descriptor definition
+// ================================================================
+
+// the following PID values are used to mark outgoing frame type in TXD->PID so that
+// proper TX statistics can be collected based on these categories
+// b3-2 of PID field -
+#define PID_MGMT                       0x05
+#define PID_BEACON                     0x0c
+#define PID_DATA_NORMALUCAST           0x02
+#define PID_DATA_AMPDU         0x04
+#define PID_DATA_NO_ACK                0x08
+#define PID_DATA_NOT_NORM_ACK          0x03
+// value domain of pTxD->HostQId (4-bit: 0~15)
+#define QID_AC_BK               1   // meet ACI definition in 802.11e
+#define QID_AC_BE               0   // meet ACI definition in 802.11e
+#define QID_AC_VI               2
+#define QID_AC_VO               3
+#define QID_HCCA                4
+//#define NUM_OF_TX_RING          5
+#define NUM_OF_TX_RING          4
+#define QID_MGMT                13
+#define QID_RX                  14
+#define QID_OTHER               15
+
+#endif // __RTMP_MAC_H__ //
diff --git a/drivers/staging/rt3090/rtmp_mcu.h b/drivers/staging/rt3090/rtmp_mcu.h
new file mode 100644 (file)
index 0000000..e1b2fee
--- /dev/null
@@ -0,0 +1,55 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_mcu.h
+
+       Abstract:
+       Miniport header file for mcu related information
+
+       Revision History:
+       Who         When          What
+       --------    ----------    ----------------------------------------------
+*/
+
+#ifndef __RTMP_MCU_H__
+#define __RTMP_MCU_H__
+
+
+INT RtmpAsicEraseFirmware(
+       IN PRTMP_ADAPTER pAd);
+
+NDIS_STATUS RtmpAsicLoadFirmware(
+       IN PRTMP_ADAPTER pAd);
+
+INT RtmpAsicSendCommandToMcu(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR                 Command,
+       IN UCHAR                 Token,
+       IN UCHAR                 Arg0,
+       IN UCHAR                 Arg1);
+
+#endif // __RTMP_MCU_H__ //
diff --git a/drivers/staging/rt3090/rtmp_os.h b/drivers/staging/rt3090/rtmp_os.h
new file mode 100644 (file)
index 0000000..5646b2d
--- /dev/null
@@ -0,0 +1,93 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rtmp_os.h
+
+    Abstract:
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+ */
+
+
+#ifndef __RTMP_OS_H__
+#define __RTMP_OS_H__
+
+#ifdef LINUX
+#include "rt_linux.h"
+#endif // LINUX //
+
+
+/*
+       This data structure mainly strip some callback function defined in
+       "struct net_device" in kernel source "include/linux/netdevice.h".
+
+       The definition of this data structure may various depends on different
+       OS. Use it carefully.
+*/
+typedef struct _RTMP_OS_NETDEV_OP_HOOK_
+{
+       const struct net_device_ops *netdev_ops;
+       void                    *priv;
+       int                     priv_flags;
+       unsigned char devAddr[6];
+       unsigned char   devName[16];
+       unsigned char   needProtcted;
+}RTMP_OS_NETDEV_OP_HOOK, *PRTMP_OS_NETDEV_OP_HOOK;
+
+
+typedef enum _RTMP_TASK_STATUS_
+{
+       RTMP_TASK_STAT_UNKNOWN = 0,
+       RTMP_TASK_STAT_INITED = 1,
+       RTMP_TASK_STAT_RUNNING = 2,
+       RTMP_TASK_STAT_STOPED = 4,
+}RTMP_TASK_STATUS;
+#define RTMP_TASK_CAN_DO_INSERT                (RTMP_TASK_STAT_INITED |RTMP_TASK_STAT_RUNNING)
+
+#define RTMP_OS_TASK_NAME_LEN  16
+typedef struct _RTMP_OS_TASK_
+{
+       char                                    taskName[RTMP_OS_TASK_NAME_LEN];
+       void                                    *priv;
+       //unsigned long         taskFlags;
+       RTMP_TASK_STATUS        taskStatus;
+#ifndef KTHREAD_SUPPORT
+       RTMP_OS_SEM                     taskSema;
+       RTMP_OS_PID                     taskPID;
+       struct completion               taskComplete;
+#endif
+       unsigned char                   task_killed;
+#ifdef KTHREAD_SUPPORT
+       struct task_struct      *kthread_task;
+       wait_queue_head_t               kthread_q;
+       BOOLEAN                                 kthread_running;
+#endif
+}RTMP_OS_TASK;
+
+#endif // __RMTP_OS_H__ //
diff --git a/drivers/staging/rt3090/rtmp_pci.h b/drivers/staging/rt3090/rtmp_pci.h
new file mode 100644 (file)
index 0000000..c2fed29
--- /dev/null
@@ -0,0 +1,110 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+*/
+
+
+#ifndef __RTMP_PCI_H__
+#define __RTMP_PCI_H__
+
+#define RT28XX_HANDLE_DEV_ASSIGN(handle, dev_p)                                \
+       ((POS_COOKIE)handle)->pci_dev = dev_p;
+
+
+#ifdef LINUX
+// set driver data
+#define RT28XX_DRVDATA_SET(_a)                 pci_set_drvdata(_a, net_dev);
+
+#define RT28XX_PUT_DEVICE(dev_p)
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
+#define SA_SHIRQ IRQF_SHARED
+#endif
+
+#ifdef PCI_MSI_SUPPORT
+#define RTMP_MSI_ENABLE(_pAd) \
+{      POS_COOKIE _pObj = (POS_COOKIE)(_pAd->OS_Cookie); \
+       (_pAd)->HaveMsi =       pci_enable_msi(_pObj->pci_dev) == 0 ? TRUE : FALSE; }
+
+#define RTMP_MSI_DISABLE(_pAd) \
+{      POS_COOKIE _pObj = (POS_COOKIE)(_pAd->OS_Cookie); \
+       if (_pAd->HaveMsi == TRUE) \
+               pci_disable_msi(_pObj->pci_dev); \
+       _pAd->HaveMsi = FALSE;  }
+#else
+#define RTMP_MSI_ENABLE(_pAd)
+#define RTMP_MSI_DISABLE(_pAd)
+#endif // PCI_MSI_SUPPORT //
+
+
+#define RTMP_PCI_DEV_UNMAP()                                                                           \
+{      if (net_dev->base_addr) {                                                               \
+               iounmap((void *)(net_dev->base_addr));                          \
+               release_mem_region(pci_resource_start(dev_p, 0),        \
+                                                       pci_resource_len(dev_p, 0)); }  \
+       if (net_dev->irq) pci_release_regions(dev_p); }
+
+
+#define RTMP_IRQ_REQUEST(net_dev)                                                      \
+{      PRTMP_ADAPTER _pAd = (PRTMP_ADAPTER)(RTMP_OS_NETDEV_GET_PRIV(net_dev)); \
+       POS_COOKIE _pObj = (POS_COOKIE)(_pAd->OS_Cookie);               \
+       RTMP_MSI_ENABLE(_pAd);                                                                  \
+       if ((retval = request_irq(_pObj->pci_dev->irq,          \
+                                                       rt2860_interrupt, SA_SHIRQ,             \
+                                                       (net_dev)->name, (net_dev)))) { \
+               DBGPRINT(RT_DEBUG_ERROR, ("request_irq  error(%d)\n", retval)); \
+       return retval; } }
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,5,0)
+#define RTMP_IRQ_RELEASE(net_dev)                                                              \
+{      PRTMP_ADAPTER _pAd = (PRTMP_ADAPTER)(RTMP_OS_NETDEV_GET_PRIV(net_dev));         \
+       POS_COOKIE _pObj = (POS_COOKIE)(_pAd->OS_Cookie);                       \
+       synchronize_irq(_pObj->pci_dev->irq);                                           \
+       free_irq(_pObj->pci_dev->irq, (net_dev));                                       \
+       RTMP_MSI_DISABLE(_pAd); }
+#else
+#define RTMP_IRQ_RELEASE(net_dev)                                                              \
+{      PRTMP_ADAPTER _pAd = (PRTMP_ADAPTER)(RTMP_OS_NETDEV_GET_PRIV(net_dev));         \
+       POS_COOKIE _pObj = (POS_COOKIE)(_pAd->OS_Cookie);                       \
+       free_irq(_pObj->pci_dev->irq, (net_dev));                                       \
+       RTMP_MSI_DISABLE(_pAd); }
+#endif
+
+#define PCI_REG_READ_WORD(pci_dev, offset, Configuration)   \
+    if (pci_read_config_word(pci_dev, offset, &reg16) == 0)     \
+        Configuration = le2cpu16(reg16);                        \
+    else                                                        \
+        Configuration = 0;
+
+#define PCI_REG_WIRTE_WORD(pci_dev, offset, Configuration)  \
+    reg16 = cpu2le16(Configuration);                        \
+    pci_write_config_word(pci_dev, offset, reg16);          \
+
+#endif // LINUX //
+
+
+
+
+#endif // __RTMP_PCI_H__ //
diff --git a/drivers/staging/rt3090/rtmp_phy.h b/drivers/staging/rt3090/rtmp_phy.h
new file mode 100644 (file)
index 0000000..b9848ca
--- /dev/null
@@ -0,0 +1,631 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_phy.h
+
+       Abstract:
+       Ralink Wireless Chip PHY(BBP/RF) related definition & structures
+
+       Revision History:
+       Who                     When              What
+       --------        ----------        ----------------------------------------------
+*/
+
+#ifndef __RTMP_PHY_H__
+#define __RTMP_PHY_H__
+
+
+/*
+       RF sections
+*/
+#define RF_R00                 0
+#define RF_R01                 1
+#define RF_R02                 2
+#define RF_R03                 3
+#define RF_R04                 4
+#define RF_R05                 5
+#define RF_R06                 6
+#define RF_R07                 7
+#define RF_R08                 8
+#define RF_R09                 9
+#define RF_R10                 10
+#define RF_R11                 11
+#define RF_R12                 12
+#define RF_R13                 13
+#define RF_R14                 14
+#define RF_R15                 15
+#define RF_R16                 16
+#define RF_R17                 17
+#define RF_R18                 18
+#define RF_R19                 19
+#define RF_R20                 20
+#define RF_R21                 21
+#define RF_R22                 22
+#define RF_R23                 23
+#define RF_R24                 24
+#define RF_R25                 25
+#define RF_R26                 26
+#define RF_R27                 27
+#define RF_R28                 28
+#define RF_R29                 29
+#define RF_R30                 30
+#define RF_R31                 31
+
+
+// value domain of pAd->RfIcType
+#define RFIC_2820                   1       // 2.4G 2T3R
+#define RFIC_2850                   2       // 2.4G/5G 2T3R
+#define RFIC_2720                   3       // 2.4G 1T2R
+#define RFIC_2750                   4       // 2.4G/5G 1T2R
+#define RFIC_3020                   5       // 2.4G 1T1R
+#define RFIC_2020                   6       // 2.4G B/G
+#define RFIC_3021                   7       // 2.4G 1T2R
+#define RFIC_3022                   8       // 2.4G 2T2R
+#define RFIC_3052                   9       // 2.4G/5G 2T2R
+
+/*
+       BBP sections
+*/
+#define BBP_R0                 0  // version
+#define BBP_R1                 1  // TSSI
+#define BBP_R2                 2  // TX configure
+#define BBP_R3                 3
+#define BBP_R4                 4
+#define BBP_R5                 5
+#define BBP_R6                 6
+#define BBP_R14                        14 // RX configure
+#define BBP_R16                        16
+#define BBP_R17                        17 // RX sensibility
+#define BBP_R18                        18
+#define BBP_R21                        21
+#define BBP_R22                        22
+#define BBP_R24                        24
+#define BBP_R25                        25
+#define BBP_R26                        26
+#define BBP_R27                        27
+#define BBP_R31                        31
+#define BBP_R49                        49 //TSSI
+#define BBP_R50                        50
+#define BBP_R51                        51
+#define BBP_R52                        52
+#define BBP_R55                        55
+#define BBP_R62                        62 // Rx SQ0 Threshold HIGH
+#define BBP_R63                        63
+#define BBP_R64                        64
+#define BBP_R65                        65
+#define BBP_R66                        66
+#define BBP_R67                        67
+#define BBP_R68                        68
+#define BBP_R69                        69
+#define BBP_R70                        70 // Rx AGC SQ CCK Xcorr threshold
+#define BBP_R73                        73
+#define BBP_R75                        75
+#define BBP_R77                        77
+#define BBP_R78                        78
+#define BBP_R79                        79
+#define BBP_R80                        80
+#define BBP_R81                        81
+#define BBP_R82                        82
+#define BBP_R83                        83
+#define BBP_R84                        84
+#define BBP_R86                        86
+#define BBP_R91                        91
+#define BBP_R92                        92
+#define BBP_R94                        94 // Tx Gain Control
+#define BBP_R103               103
+#define BBP_R105               105
+#define BBP_R106               106
+#define BBP_R113               113
+#define BBP_R114               114
+#define BBP_R115               115
+#define BBP_R116               116
+#define BBP_R117               117
+#define BBP_R118               118
+#define BBP_R119               119
+#define BBP_R120               120
+#define BBP_R121               121
+#define BBP_R122               122
+#define BBP_R123               123
+#ifdef RT30xx
+#define BBP_R138               138 // add by johnli, RF power sequence setup, ADC dynamic on/off control
+#endif // RT30xx //
+
+
+#define BBPR94_DEFAULT 0x06 // Add 1 value will gain 1db
+
+
+#ifdef MERGE_ARCH_TEAM
+       #define MAX_BBP_ID      200
+       #define MAX_BBP_MSG_SIZE        4096
+#else
+#ifdef RT30xx
+       // edit by johnli, RF power sequence setup, add BBP R138 for ADC dynamic on/off control
+       #define MAX_BBP_ID      138
+#endif // RT30xx //
+#ifndef RT30xx
+       #define MAX_BBP_ID      136
+#endif // RT30xx //
+       #define MAX_BBP_MSG_SIZE        2048
+#endif // MERGE_ARCH_TEAM //
+
+
+//
+// BBP & RF are using indirect access. Before write any value into it.
+// We have to make sure there is no outstanding command pending via checking busy bit.
+//
+#define MAX_BUSY_COUNT  100         // Number of retry before failing access BBP & RF indirect register
+
+//#define PHY_TR_SWITCH_TIME          5  // usec
+
+//#define BBP_R17_LOW_SENSIBILITY     0x50
+//#define BBP_R17_MID_SENSIBILITY     0x41
+//#define BBP_R17_DYNAMIC_UP_BOUND    0x40
+
+#define RSSI_FOR_VERY_LOW_SENSIBILITY   -35
+#define RSSI_FOR_LOW_SENSIBILITY               -58
+#define RSSI_FOR_MID_LOW_SENSIBILITY   -80
+#define RSSI_FOR_MID_SENSIBILITY               -90
+
+/*****************************************************************************
+       RF register Read/Write marco definition
+ *****************************************************************************/
+#ifdef RTMP_MAC_PCI
+#define RTMP_RF_IO_WRITE32(_A, _V)                  \
+{                                                                                      \
+       if ((_A)->bPCIclkOff == FALSE)                  \
+       {                                                                                               \
+               PHY_CSR4_STRUC  _value;                          \
+               ULONG           _busyCnt = 0;                    \
+                                                                                       \
+               do {                                            \
+                       RTMP_IO_READ32((_A), RF_CSR_CFG0, &_value.word);  \
+                       if (_value.field.Busy == IDLE)               \
+                               break;                                  \
+                       _busyCnt++;                                  \
+               }while (_busyCnt < MAX_BUSY_COUNT);                     \
+               if(_busyCnt < MAX_BUSY_COUNT)                   \
+               {                                               \
+                       RTMP_IO_WRITE32((_A), RF_CSR_CFG0, (_V));          \
+               }                                               \
+       }                                                               \
+}
+#endif // RTMP_MAC_PCI //
+
+
+
+#ifdef RT30xx
+#define RTMP_RF_IO_READ8_BY_REG_ID(_A, _I, _pV)    RT30xxReadRFRegister(_A, _I, _pV)
+#define RTMP_RF_IO_WRITE8_BY_REG_ID(_A, _I, _V)    RT30xxWriteRFRegister(_A, _I, _V)
+#endif // RT30xx //
+
+
+/*****************************************************************************
+       BBP register Read/Write marco definitions.
+       we read/write the bbp value by register's ID.
+       Generate PER to test BA
+ *****************************************************************************/
+#ifdef RTMP_MAC_PCI
+/*
+       basic marco for BBP read operation.
+       _pAd: the data structure pointer of RTMP_ADAPTER
+       _bbpID : the bbp register ID
+       _pV: data pointer used to save the value of queried bbp register.
+       _bViaMCU: if we need access the bbp via the MCU.
+*/
+#define RTMP_BBP_IO_READ8(_pAd, _bbpID, _pV, _bViaMCU)                 \
+       do{                                                                                                                     \
+               BBP_CSR_CFG_STRUC  BbpCsr;                                                              \
+               int   _busyCnt, _secCnt, _regID;                                                \
+                                                                                                                               \
+               _regID = ((_bViaMCU) == TRUE ? H2M_BBP_AGENT : BBP_CSR_CFG);    \
+               for (_busyCnt=0; _busyCnt<MAX_BUSY_COUNT; _busyCnt++)      \
+               {                                                                                                       \
+                       RTMP_IO_READ32(_pAd, _regID, &BbpCsr.word);             \
+                       if (BbpCsr.field.Busy == BUSY)                  \
+                               continue;                                               \
+                       BbpCsr.word = 0;                                \
+                       BbpCsr.field.fRead = 1;                         \
+                       BbpCsr.field.BBP_RW_MODE = 1;                         \
+                       BbpCsr.field.Busy = 1;                          \
+                       BbpCsr.field.RegNum = _bbpID;                       \
+                       RTMP_IO_WRITE32(_pAd, _regID, BbpCsr.word);     \
+                       if ((_bViaMCU) == TRUE)                                                 \
+                       {                                                                                                       \
+                               AsicSendCommandToMcu(_pAd, 0x80, 0xff, 0x0, 0x0); \
+                               RTMPusecDelay(1000);    \
+                       }                                                       \
+                       for (_secCnt=0; _secCnt<MAX_BUSY_COUNT; _secCnt++)       \
+                       {                                               \
+                               RTMP_IO_READ32(_pAd, _regID, &BbpCsr.word); \
+                               if (BbpCsr.field.Busy == IDLE)              \
+                                       break;                                  \
+                       }                                               \
+                       if ((BbpCsr.field.Busy == IDLE) &&              \
+                               (BbpCsr.field.RegNum == _bbpID))                \
+                       {                                               \
+                               *(_pV) = (UCHAR)BbpCsr.field.Value;         \
+                               break;                                      \
+                       }                                               \
+               }                                                   \
+               if (BbpCsr.field.Busy == BUSY)                      \
+               {                                                   \
+                       DBGPRINT_ERR(("BBP(viaMCU=%d) read R%d fail\n", (_bViaMCU), _bbpID));      \
+                       *(_pV) = (_pAd)->BbpWriteLatch[_bbpID];               \
+                       if ((_bViaMCU) == TRUE)                         \
+                       {                                                                       \
+                               RTMP_IO_READ32(_pAd, _regID, &BbpCsr.word);                             \
+                               BbpCsr.field.Busy = 0;                          \
+                               RTMP_IO_WRITE32(_pAd, _regID, BbpCsr.word);                             \
+                       }                               \
+               }                                                                                                       \
+       }while(0)
+
+/*
+       This marco used for the BBP read operation which didn't need via MCU.
+*/
+#define BBP_IO_READ8_BY_REG_ID(_A, _I, _pV)                    \
+       RTMP_BBP_IO_READ8((_A), (_I), (_pV), FALSE)
+
+/*
+       This marco used for the BBP read operation which need via MCU.
+       But for some chipset which didn't have mcu (e.g., RBUS based chipset), we
+       will use this function too and didn't access the bbp register via the MCU.
+*/
+#ifndef CONFIG_STA_SUPPORT
+#define RTMP_BBP_IO_READ8_BY_REG_ID(_A, _I, _pV)                       \
+       do{                                                                                                             \
+               if ((_A)->bPCIclkOff == FALSE)                                                  \
+               {                                                                                                       \
+                       if ((_A)->infType == RTMP_DEV_INF_RBUS)                 \
+                               RTMP_BBP_IO_READ8((_A), (_I), (_pV), FALSE);    \
+                       else                                                                                            \
+                               RTMP_BBP_IO_READ8((_A), (_I), (_pV), TRUE);     \
+               }                                                                                                       \
+       }while(0)
+#endif // CONFIG_STA_SUPPORT //
+#ifdef CONFIG_STA_SUPPORT
+// Read BBP register by register's ID. Generate PER to test BA
+#define RTMP_BBP_IO_READ8_BY_REG_ID(_A, _I, _pV)                                               \
+{                                                                                                                                              \
+       BBP_CSR_CFG_STRUC       BbpCsr;                                                                                 \
+       int                                     i, k;                   \
+       BOOLEAN                                 brc;                    \
+       BbpCsr.field.Busy = IDLE;                       \
+       if ((IS_RT3090((_A)) || IS_RT3572((_A)) || IS_RT3390((_A))) && ((_A)->StaCfg.PSControl.field.rt30xxPowerMode == 3)      \
+               && ((_A)->StaCfg.PSControl.field.EnableNewPS == TRUE)   \
+               && ((_A)->bPCIclkOff == FALSE)  \
+               && ((_A)->brt30xxBanMcuCmd == FALSE))   \
+       {                                                                                                                                       \
+               for (i=0; i<MAX_BUSY_COUNT; i++)                                                                        \
+               {                                                                                                                                       \
+                       RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                                \
+                       if (BbpCsr.field.Busy == BUSY)                                                                  \
+                       {                                                                                                                               \
+                               continue;                                                                                                       \
+                       }                                                                                                                               \
+                       BbpCsr.word = 0;                                                                                                \
+                       BbpCsr.field.fRead = 1;                                                                                 \
+                       BbpCsr.field.BBP_RW_MODE = 1;                                                                   \
+                       BbpCsr.field.Busy = 1;                                                                                  \
+                       BbpCsr.field.RegNum = _I;                                                                               \
+                       RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                       brc = AsicSendCommandToMcu(_A, 0x80, 0xff, 0x0, 0x0);                                   \
+                       if (brc == TRUE)                                                                                                                                \
+                       {                                                                                                                               \
+                               for (k=0; k<MAX_BUSY_COUNT; k++)                                                                \
+                               {                                                                                                                               \
+                                       RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                        \
+                                       if (BbpCsr.field.Busy == IDLE)                                                          \
+                                               break;                                                                                                  \
+                               }                                                                                                                               \
+                               if ((BbpCsr.field.Busy == IDLE) &&                                                              \
+                                       (BbpCsr.field.RegNum == _I))                                                            \
+                               {                                                                                                                               \
+                                       *(_pV) = (UCHAR)BbpCsr.field.Value;                                                     \
+                                       break;                                                                                                          \
+                               }                                                                                                                               \
+                       }                                                                                                                               \
+                       else                                                                                                                            \
+                       {                                                                                                                               \
+                               BbpCsr.field.Busy = 0;                                                                                  \
+                               RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                       }                                                                                                                               \
+               }                                                                                                                                       \
+       }       \
+       else if (!((IS_RT3090((_A)) || IS_RT3572((_A)) || IS_RT3390((_A))) && ((_A)->StaCfg.PSControl.field.rt30xxPowerMode == 3)       \
+               && ((_A)->StaCfg.PSControl.field.EnableNewPS == TRUE))  \
+               && ((_A)->bPCIclkOff == FALSE)) \
+       {                                                                                                                                       \
+               for (i=0; i<MAX_BUSY_COUNT; i++)                                                                        \
+               {                                                                                                                                       \
+                       RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                                \
+                       if (BbpCsr.field.Busy == BUSY)                                                                  \
+                       {                                                                                                                               \
+                               continue;                                                                                                       \
+                       }                                                                                                                               \
+                       BbpCsr.word = 0;                                                                                                \
+                       BbpCsr.field.fRead = 1;                                                                                 \
+                       BbpCsr.field.BBP_RW_MODE = 1;                                                                   \
+                       BbpCsr.field.Busy = 1;                                                                                  \
+                       BbpCsr.field.RegNum = _I;                                                                               \
+                       RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                       AsicSendCommandToMcu(_A, 0x80, 0xff, 0x0, 0x0);                                 \
+                       for (k=0; k<MAX_BUSY_COUNT; k++)                                                                \
+                       {                                                                                                                               \
+                               RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                        \
+                               if (BbpCsr.field.Busy == IDLE)                                                          \
+                                       break;                                                                                                  \
+                       }                                                                                                                               \
+                       if ((BbpCsr.field.Busy == IDLE) &&                                                              \
+                               (BbpCsr.field.RegNum == _I))                                                            \
+                       {                                                                                                                               \
+                               *(_pV) = (UCHAR)BbpCsr.field.Value;                                                     \
+                               break;                                                                                                          \
+                       }                                                                                                                               \
+               }                                                                                                                                       \
+       }                                                                                                                                       \
+       else                                                                            \
+       {                                                                                                                                       \
+               DBGPRINT_ERR((" , brt30xxBanMcuCmd = %d, Read BBP %d \n", (_A)->brt30xxBanMcuCmd, (_I)));       \
+               *(_pV) = (_A)->BbpWriteLatch[_I];                                                               \
+       }                                                                                                                                       \
+       if ((BbpCsr.field.Busy == BUSY) || ((_A)->bPCIclkOff == TRUE))                                                                          \
+       {                                                                                                                                       \
+               DBGPRINT_ERR(("BBP read R%d=0x%x fail\n", _I, BbpCsr.word));    \
+               *(_pV) = (_A)->BbpWriteLatch[_I];                                                               \
+       }                                                                                                                                       \
+}
+#endif // CONFIG_STA_SUPPORT //
+
+/*
+       basic marco for BBP write operation.
+       _pAd: the data structure pointer of RTMP_ADAPTER
+       _bbpID : the bbp register ID
+       _pV: data used to save the value of queried bbp register.
+       _bViaMCU: if we need access the bbp via the MCU.
+*/
+#define RTMP_BBP_IO_WRITE8(_pAd, _bbpID, _pV, _bViaMCU)                        \
+       do{                                                                                                                     \
+               BBP_CSR_CFG_STRUC  BbpCsr;                             \
+               int             _busyCnt, _regID;                                                       \
+                                                                                                                               \
+               _regID = ((_bViaMCU) == TRUE ? H2M_BBP_AGENT : BBP_CSR_CFG);    \
+               for (_busyCnt=0; _busyCnt<MAX_BUSY_COUNT; _busyCnt++)  \
+               {                                                   \
+                       RTMP_IO_READ32((_pAd), BBP_CSR_CFG, &BbpCsr.word);     \
+                       if (BbpCsr.field.Busy == BUSY)                  \
+                               continue;                                   \
+                       BbpCsr.word = 0;                                \
+                       BbpCsr.field.fRead = 0;                         \
+                       BbpCsr.field.BBP_RW_MODE = 1;                         \
+                       BbpCsr.field.Busy = 1;                          \
+                       BbpCsr.field.Value = _pV;                        \
+                       BbpCsr.field.RegNum = _bbpID;                       \
+                       RTMP_IO_WRITE32((_pAd), BBP_CSR_CFG, BbpCsr.word);     \
+                       if ((_bViaMCU) == TRUE)                                                                 \
+                       {                                                                                                               \
+                               AsicSendCommandToMcu(_pAd, 0x80, 0xff, 0x0, 0x0);               \
+                               if ((_pAd)->OpMode == OPMODE_AP)                                                \
+                                       RTMPusecDelay(1000);                                                    \
+                       }                                                                                                               \
+                       (_pAd)->BbpWriteLatch[_bbpID] = _pV;                                    \
+                       break;                                                                                                  \
+               }                                                                                                               \
+               if (_busyCnt == MAX_BUSY_COUNT)                                                         \
+               {                                                                                                               \
+                       DBGPRINT_ERR(("BBP write R%d fail\n", _bbpID));                         \
+                       if((_bViaMCU) == TRUE)                                                                  \
+                       {                                                                                                               \
+                               RTMP_IO_READ32(_pAd, H2M_BBP_AGENT, &BbpCsr.word);      \
+                               BbpCsr.field.Busy = 0;                                                                  \
+                               RTMP_IO_WRITE32(_pAd, H2M_BBP_AGENT, BbpCsr.word);      \
+                       }                                                                                                               \
+               }                                                                                                               \
+       }while(0)
+
+
+/*
+       This marco used for the BBP write operation which didn't need via MCU.
+*/
+#define BBP_IO_WRITE8_BY_REG_ID(_A, _I, _pV)                   \
+       RTMP_BBP_IO_WRITE8((_A), (_I), (_pV), FALSE)
+
+/*
+       This marco used for the BBP write operation which need via MCU.
+       But for some chipset which didn't have mcu (e.g., RBUS based chipset), we
+       will use this function too and didn't access the bbp register via the MCU.
+*/
+#ifndef CONFIG_STA_SUPPORT
+#define RTMP_BBP_IO_WRITE8_BY_REG_ID(_A, _I, _pV)                      \
+       do{                                                                                                             \
+               if ((_A)->bPCIclkOff == FALSE)                                                  \
+               {                                                                                                       \
+                       if ((_A)->infType == RTMP_DEV_INF_RBUS)                 \
+                               RTMP_BBP_IO_WRITE8((_A), (_I), (_pV), FALSE);   \
+                       else                                                                                            \
+                               RTMP_BBP_IO_WRITE8((_A), (_I), (_pV), TRUE);    \
+               }                                                                                                       \
+       }while(0)
+#endif // CONFIG_STA_SUPPORT //
+#ifdef CONFIG_STA_SUPPORT
+// Write BBP register by register's ID & value
+#define RTMP_BBP_IO_WRITE8_BY_REG_ID(_A, _I, _V)                                               \
+{                                                                                                                                              \
+       BBP_CSR_CFG_STRUC       BbpCsr;                                                                                 \
+       INT                                     BusyCnt = 0;                                                                            \
+       BOOLEAN                                 brc;                    \
+       if (_I < MAX_NUM_OF_BBP_LATCH)                                                                          \
+       {                                                                                                                                       \
+               if ((IS_RT3090((_A)) || IS_RT3572((_A)) || IS_RT3390((_A))) && ((_A)->StaCfg.PSControl.field.rt30xxPowerMode == 3)      \
+                       && ((_A)->StaCfg.PSControl.field.EnableNewPS == TRUE)   \
+                       && ((_A)->bPCIclkOff == FALSE)  \
+                       && ((_A)->brt30xxBanMcuCmd == FALSE))   \
+               {                                                                                                                                       \
+                       if (_A->AccessBBPFailCount > 20)                                                                        \
+                       {                                                                                                                                       \
+                               AsicResetBBPAgent(_A);                          \
+                               _A->AccessBBPFailCount = 0;                                                                                     \
+                       }                                                                                                                                       \
+                       for (BusyCnt=0; BusyCnt<MAX_BUSY_COUNT; BusyCnt++)                                      \
+                       {                                                                                                                                       \
+                               RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                                \
+                               if (BbpCsr.field.Busy == BUSY)                                                                  \
+                                       continue;                                                                                                       \
+                               BbpCsr.word = 0;                                                                                                \
+                               BbpCsr.field.fRead = 0;                                                                                 \
+                               BbpCsr.field.BBP_RW_MODE = 1;                                                                   \
+                               BbpCsr.field.Busy = 1;                                                                                  \
+                               BbpCsr.field.Value = _V;                                                                                \
+                               BbpCsr.field.RegNum = _I;                                                                               \
+                               RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                               brc = AsicSendCommandToMcu(_A, 0x80, 0xff, 0x0, 0x0);                                   \
+                               if (brc == TRUE)                                                                                                                                \
+                               {                                                                                                                               \
+                                       (_A)->BbpWriteLatch[_I] = _V;                                                                   \
+                               }                                                                                                                               \
+                               else                                                                                                                            \
+                               {                                                                                                                               \
+                                       BbpCsr.field.Busy = 0;                                                                                  \
+                                       RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                               }                                                                                                                               \
+                               break;                                                                                                                  \
+                       }                                                                                                                                       \
+               }                                                                                                                                       \
+               else if (!((IS_RT3090((_A)) || IS_RT3572((_A)) || IS_RT3390((_A))) && ((_A)->StaCfg.PSControl.field.rt30xxPowerMode == 3)       \
+                       && ((_A)->StaCfg.PSControl.field.EnableNewPS == TRUE))  \
+                       && ((_A)->bPCIclkOff == FALSE)) \
+               {                                                                                                                                       \
+                       if (_A->AccessBBPFailCount > 20)                                                                        \
+                       {                                                                                                                                       \
+                               AsicResetBBPAgent(_A);                          \
+                               _A->AccessBBPFailCount = 0;                                                                                     \
+                       }                                                                                                                                       \
+                       for (BusyCnt=0; BusyCnt<MAX_BUSY_COUNT; BusyCnt++)                                      \
+                       {                                                                                                                                       \
+                               RTMP_IO_READ32(_A, H2M_BBP_AGENT, &BbpCsr.word);                                \
+                               if (BbpCsr.field.Busy == BUSY)                                                                  \
+                                       continue;                                                                                                       \
+                               BbpCsr.word = 0;                                                                                                \
+                               BbpCsr.field.fRead = 0;                                                                                 \
+                               BbpCsr.field.BBP_RW_MODE = 1;                                                                   \
+                               BbpCsr.field.Busy = 1;                                                                                  \
+                               BbpCsr.field.Value = _V;                                                                                \
+                               BbpCsr.field.RegNum = _I;                                                                               \
+                               RTMP_IO_WRITE32(_A, H2M_BBP_AGENT, BbpCsr.word);                                \
+                               AsicSendCommandToMcu(_A, 0x80, 0xff, 0x0, 0x0);                                 \
+                               (_A)->BbpWriteLatch[_I] = _V;                                                                   \
+                               break;                                                                                                                  \
+                       }                                                                                                                                       \
+               }                                                                                                                                       \
+               else                                                                            \
+               {                                                                                                                                       \
+                       DBGPRINT_ERR(("  brt30xxBanMcuCmd = %d. Write BBP %d \n",  (_A)->brt30xxBanMcuCmd, (_I)));      \
+               }                                                                                                                                       \
+               if ((BusyCnt == MAX_BUSY_COUNT) || ((_A)->bPCIclkOff == TRUE))                  \
+               {                                                                                                                                       \
+                       if (BusyCnt == MAX_BUSY_COUNT)                                  \
+                               (_A)->AccessBBPFailCount++;                                     \
+                       DBGPRINT_ERR(("BBP write R%d=0x%x fail. BusyCnt= %d.bPCIclkOff = %d. \n", _I, BbpCsr.word, BusyCnt, (_A)->bPCIclkOff ));        \
+               }                                                                                                                                       \
+       }                                                                                                                                               \
+       else                                                                                                                                            \
+       {                                                                                                                                               \
+               DBGPRINT_ERR(("****** BBP_Write_Latch Buffer exceeds max boundry ****** \n"));  \
+       }                                                                                                                                               \
+}
+#endif // CONFIG_STA_SUPPORT //
+#endif // RTMP_MAC_PCI //
+
+
+
+#ifdef RT30xx
+//Need to collect each ant's rssi concurrently
+//rssi1 is report to pair2 Ant and rss2 is reprot to pair1 Ant when 4 Ant
+#define COLLECT_RX_ANTENNA_AVERAGE_RSSI(_pAd, _rssi1, _rssi2)                                  \
+{                                                                                                                                                              \
+       SHORT   AvgRssi;                                                                                                                        \
+       UCHAR   UsedAnt;                                                                                                                        \
+       if (_pAd->RxAnt.EvaluatePeriod == 0)                                                                    \
+       {                                                                                                                                               \
+               UsedAnt = _pAd->RxAnt.Pair1PrimaryRxAnt;                                                        \
+               AvgRssi = _pAd->RxAnt.Pair1AvgRssi[UsedAnt];                                            \
+               if (AvgRssi < 0)                                                                                                        \
+                       AvgRssi = AvgRssi - (AvgRssi >> 3) + _rssi1;                                    \
+               else                                                                                                                            \
+                       AvgRssi = _rssi1 << 3;                                                                                  \
+               _pAd->RxAnt.Pair1AvgRssi[UsedAnt] = AvgRssi;                                            \
+       }                                                                                                                                               \
+       else                                                                                                                                    \
+       {                                                                                                                                               \
+               UsedAnt = _pAd->RxAnt.Pair1SecondaryRxAnt;                                                      \
+               AvgRssi = _pAd->RxAnt.Pair1AvgRssi[UsedAnt];                                            \
+               if ((AvgRssi < 0) && (_pAd->RxAnt.FirstPktArrivedWhenEvaluate))         \
+                       AvgRssi = AvgRssi - (AvgRssi >> 3) + _rssi1;                                    \
+               else                                                                                                                            \
+               {                                                                                                                                       \
+                       _pAd->RxAnt.FirstPktArrivedWhenEvaluate = TRUE;                                 \
+                       AvgRssi = _rssi1 << 3;                                                                                  \
+               }                                                                                                                                       \
+               _pAd->RxAnt.Pair1AvgRssi[UsedAnt] = AvgRssi;                                            \
+               _pAd->RxAnt.RcvPktNumWhenEvaluate++;                                                            \
+       }                                                                                                                                               \
+}
+
+#define RTMP_ASIC_MMPS_DISABLE(_pAd)                                                   \
+       do{                                                                                                                     \
+               UCHAR _bbpData;                                                                                 \
+               UINT32 _macData;                                                                                        \
+               /* disable MMPS BBP control register */                                         \
+               RTMP_BBP_IO_READ8_BY_REG_ID(_pAd, BBP_R3, &_bbpData);   \
+               _bbpData &= ~(0x04);    /*bit 2*/                                                               \
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(_pAd, BBP_R3, _bbpData);   \
+                                                                                                                               \
+               /* disable MMPS MAC control register */                                         \
+               RTMP_IO_READ32(_pAd, 0x1210, &_macData);                                \
+               _macData &= ~(0x09);    /*bit 0, 3*/                                                    \
+               RTMP_IO_WRITE32(_pAd, 0x1210, _macData);                                \
+       }while(0)
+
+
+#define RTMP_ASIC_MMPS_ENABLE(_pAd)                                                    \
+       do{                                                                                                                     \
+               UCHAR _bbpData;                                                                                 \
+               UINT32 _macData;                                                                                        \
+               /* enable MMPS BBP control register */                                          \
+               RTMP_BBP_IO_READ8_BY_REG_ID(_pAd, BBP_R3, &_bbpData);   \
+               _bbpData |= (0x04);     /*bit 2*/                                                               \
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(_pAd, BBP_R3, _bbpData);   \
+                                                                                                                               \
+               /* enable MMPS MAC control register */                                          \
+               RTMP_IO_READ32(_pAd, 0x1210, &_macData);                                \
+               _macData |= (0x09);     /*bit 0, 3*/                                                    \
+               RTMP_IO_WRITE32(_pAd, 0x1210, _macData);                                \
+       }while(0)
+
+#endif // RT30xx //
+
+#endif // __RTMP_PHY_H__ //
diff --git a/drivers/staging/rt3090/rtmp_timer.h b/drivers/staging/rt3090/rtmp_timer.h
new file mode 100644 (file)
index 0000000..dfac124
--- /dev/null
@@ -0,0 +1,162 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       rtmp_timer.h
+
+    Abstract:
+       Ralink Wireless Driver timer related data structures and delcarations
+
+    Revision History:
+       Who           When                What
+       --------    ----------      ----------------------------------------------
+       Name          Date                 Modification logs
+       Shiang Tu    Aug-28-2008        init version
+
+*/
+
+#ifndef __RTMP_TIMER_H__
+#define  __RTMP_TIMER_H__
+
+#include "rtmp_os.h"
+
+
+#define DECLARE_TIMER_FUNCTION(_func)                  \
+       void rtmp_timer_##_func(unsigned long data)
+
+#define GET_TIMER_FUNCTION(_func)                              \
+       rtmp_timer_##_func
+
+
+/* ----------------- Timer Related MARCO ---------------*/
+// In some os or chipset, we have a lot of timer functions and will read/write register,
+//   it's not allowed in Linux USB sub-system to do it ( because of sleep issue when
+//  submit to ctrl pipe). So we need a wrapper function to take care it.
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+typedef VOID (*RTMP_TIMER_TASK_HANDLE)(
+       IN  PVOID   SystemSpecific1,
+       IN  PVOID   FunctionContext,
+       IN  PVOID   SystemSpecific2,
+       IN  PVOID   SystemSpecific3);
+#endif // RTMP_TIMER_TASK_SUPPORT //
+
+typedef struct  _RALINK_TIMER_STRUCT    {
+       RTMP_OS_TIMER           TimerObj;       // Ndis Timer object
+       BOOLEAN                         Valid;                  // Set to True when call RTMPInitTimer
+       BOOLEAN                         State;          // True if timer cancelled
+       BOOLEAN                         PeriodicType;   // True if timer is periodic timer
+       BOOLEAN                         Repeat;         // True if periodic timer
+       ULONG                           TimerValue;     // Timer value in milliseconds
+       ULONG                           cookie;                 // os specific object
+#ifdef RTMP_TIMER_TASK_SUPPORT
+       RTMP_TIMER_TASK_HANDLE  handle;
+       void                                    *pAd;
+#endif // RTMP_TIMER_TASK_SUPPORT //
+}RALINK_TIMER_STRUCT, *PRALINK_TIMER_STRUCT;
+
+
+#ifdef RTMP_TIMER_TASK_SUPPORT
+typedef struct _RTMP_TIMER_TASK_ENTRY_
+{
+       RALINK_TIMER_STRUCT                     *pRaTimer;
+       struct _RTMP_TIMER_TASK_ENTRY_  *pNext;
+}RTMP_TIMER_TASK_ENTRY;
+
+
+#define TIMER_QUEUE_SIZE_MAX   128
+typedef struct _RTMP_TIMER_TASK_QUEUE_
+{
+       unsigned int                            status;
+       unsigned char                           *pTimerQPoll;
+       RTMP_TIMER_TASK_ENTRY   *pQPollFreeList;
+       RTMP_TIMER_TASK_ENTRY   *pQHead;
+       RTMP_TIMER_TASK_ENTRY   *pQTail;
+}RTMP_TIMER_TASK_QUEUE;
+
+#define BUILD_TIMER_FUNCTION(_func)                                                                            \
+void rtmp_timer_##_func(unsigned long data)                                                                            \
+{                                                                                                                                                      \
+       PRALINK_TIMER_STRUCT    _pTimer = (PRALINK_TIMER_STRUCT)data;                           \
+       RTMP_TIMER_TASK_ENTRY   *_pQNode;                                                                               \
+       RTMP_ADAPTER                    *_pAd;                                                                                  \
+                                                                                                                                                       \
+       _pTimer->handle = _func;                                                                                                        \
+       _pAd = (RTMP_ADAPTER *)_pTimer->pAd;                                                                            \
+       _pQNode = RtmpTimerQInsert(_pAd, _pTimer);                                                              \
+       if ((_pQNode == NULL) && (_pAd->TimerQ.status & RTMP_TASK_CAN_DO_INSERT))       \
+               RTMP_OS_Add_Timer(&_pTimer->TimerObj, OS_HZ);                                                   \
+}
+#else
+#define BUILD_TIMER_FUNCTION(_func)                                                                            \
+void rtmp_timer_##_func(unsigned long data)                                                                            \
+{                                                                                                                                                      \
+       PRALINK_TIMER_STRUCT    pTimer = (PRALINK_TIMER_STRUCT) data;                           \
+                                                                                                                                                       \
+       _func(NULL, (PVOID) pTimer->cookie, NULL, pTimer);                                                      \
+       if (pTimer->Repeat)                                                                                                             \
+               RTMP_OS_Add_Timer(&pTimer->TimerObj, pTimer->TimerValue);                       \
+}
+#endif // RTMP_TIMER_TASK_SUPPORT //
+
+
+DECLARE_TIMER_FUNCTION(MlmePeriodicExec);
+DECLARE_TIMER_FUNCTION(MlmeRssiReportExec);
+DECLARE_TIMER_FUNCTION(AsicRxAntEvalTimeout);
+DECLARE_TIMER_FUNCTION(APSDPeriodicExec);
+DECLARE_TIMER_FUNCTION(AsicRfTuningExec);
+
+
+#ifdef CONFIG_STA_SUPPORT
+DECLARE_TIMER_FUNCTION(BeaconTimeout);
+DECLARE_TIMER_FUNCTION(ScanTimeout);
+DECLARE_TIMER_FUNCTION(AuthTimeout);
+DECLARE_TIMER_FUNCTION(AssocTimeout);
+DECLARE_TIMER_FUNCTION(ReassocTimeout);
+DECLARE_TIMER_FUNCTION(DisassocTimeout);
+DECLARE_TIMER_FUNCTION(LinkDownExec);
+DECLARE_TIMER_FUNCTION(StaQuickResponeForRateUpExec);
+DECLARE_TIMER_FUNCTION(WpaDisassocApAndBlockAssoc);
+DECLARE_TIMER_FUNCTION(PsPollWakeExec);
+DECLARE_TIMER_FUNCTION(RadioOnExec);
+
+#ifdef QOS_DLS_SUPPORT
+DECLARE_TIMER_FUNCTION(DlsTimeoutAction);
+#endif // QOS_DLS_SUPPORT //
+
+
+#endif // CONFIG_STA_SUPPORT //
+
+
+
+
+#if defined(AP_LED) || defined(STA_LED)
+DECLARE_TIMER_FUNCTION(LedCtrlMain);
+#endif
+
+
+
+#endif // __RTMP_TIMER_H__ //
diff --git a/drivers/staging/rt3090/rtmp_type.h b/drivers/staging/rt3090/rtmp_type.h
new file mode 100644 (file)
index 0000000..d8b571e
--- /dev/null
@@ -0,0 +1,147 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    rtmp_type.h
+
+    Abstract:
+
+    Revision History:
+    Who         When            What
+    --------    ----------      ----------------------------------------------
+    Name        Date            Modification logs
+    Paul Lin    1-2-2004
+*/
+
+#ifndef __RTMP_TYPE_H__
+#define __RTMP_TYPE_H__
+
+
+#define PACKED  __attribute__ ((packed))
+
+#ifdef LINUX
+// Put platform dependent declaration here
+// For example, linux type definition
+typedef unsigned char                  UINT8;
+typedef unsigned short                 UINT16;
+typedef unsigned int                   UINT32;
+typedef unsigned long long             UINT64;
+typedef int                                    INT32;
+typedef long long                              INT64;
+#endif // LINUX //
+
+typedef unsigned char *                PUINT8;
+typedef unsigned short *               PUINT16;
+typedef unsigned int *                 PUINT32;
+typedef unsigned long long *   PUINT64;
+typedef int    *                               PINT32;
+typedef long long *                    PINT64;
+
+// modified for fixing compile warning on Sigma 8634 platform
+typedef char                                   STRING;
+typedef signed char                    CHAR;
+
+typedef signed short                   SHORT;
+typedef signed int                             INT;
+typedef signed long                    LONG;
+typedef signed long long               LONGLONG;
+
+
+#ifdef LINUX
+typedef unsigned char                  UCHAR;
+typedef unsigned short                 USHORT;
+typedef unsigned int                   UINT;
+typedef unsigned long                  ULONG;
+#endif // LINUX //
+typedef unsigned long long             ULONGLONG;
+
+typedef unsigned char                  BOOLEAN;
+#ifdef LINUX
+typedef void                                   VOID;
+#endif // LINUX //
+
+typedef char *                         PSTRING;
+typedef VOID *                         PVOID;
+typedef CHAR *                         PCHAR;
+typedef UCHAR *                                        PUCHAR;
+typedef USHORT *                       PUSHORT;
+typedef LONG *                         PLONG;
+typedef ULONG *                                PULONG;
+typedef UINT *                         PUINT;
+
+typedef unsigned int                   NDIS_MEDIA_STATE;
+
+typedef union _LARGE_INTEGER {
+    struct {
+        UINT LowPart;
+        INT32 HighPart;
+    } u;
+    INT64 QuadPart;
+} LARGE_INTEGER;
+
+
+//
+// Register set pair for initialzation register set definition
+//
+typedef struct  _RTMP_REG_PAIR
+{
+       ULONG   Register;
+       ULONG   Value;
+} RTMP_REG_PAIR, *PRTMP_REG_PAIR;
+
+typedef struct  _REG_PAIR
+{
+       UCHAR   Register;
+       UCHAR   Value;
+} REG_PAIR, *PREG_PAIR;
+
+//
+// Register set pair for initialzation register set definition
+//
+typedef struct  _RTMP_RF_REGS
+{
+       UCHAR   Channel;
+       ULONG   R1;
+       ULONG   R2;
+       ULONG   R3;
+       ULONG   R4;
+} RTMP_RF_REGS, *PRTMP_RF_REGS;
+
+typedef struct _FREQUENCY_ITEM {
+       UCHAR   Channel;
+       UCHAR   N;
+       UCHAR   R;
+       UCHAR   K;
+} FREQUENCY_ITEM, *PFREQUENCY_ITEM;
+
+
+typedef int                            NTSTATUS;
+
+
+#define STATUS_SUCCESS                         0x00
+#define STATUS_UNSUCCESSFUL            0x01
+
+#endif  // __RTMP_TYPE_H__ //
diff --git a/drivers/staging/rt3090/spectrum.h b/drivers/staging/rt3090/spectrum.h
new file mode 100644 (file)
index 0000000..be9bae5
--- /dev/null
@@ -0,0 +1,234 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+ */
+
+#ifndef __SPECTRUM_H__
+#define __SPECTRUM_H__
+
+#include "rtmp_type.h"
+#include "spectrum_def.h"
+
+
+CHAR RTMP_GetTxPwr(
+       IN PRTMP_ADAPTER pAd,
+       IN HTTRANSMIT_SETTING HTTxMode);
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Measurement request action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID MakeMeasurementReqFrame(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pOutBuffer,
+       OUT PULONG pFrameLen,
+       IN UINT8 TotalLen,
+       IN UINT8 Category,
+       IN UINT8 Action,
+       IN UINT8 MeasureToken,
+       IN UINT8 MeasureReqMode,
+       IN UINT8 MeasureReqType,
+       IN UINT8 NumOfRepetitions);
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Measurement report action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueMeasurementRep(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 DialogToken,
+       IN UINT8 MeasureToken,
+       IN UINT8 MeasureReqMode,
+       IN UINT8 MeasureReqType,
+       IN UINT8 ReportInfoLen,
+       IN PUINT8 pReportInfo);
+
+/*
+       ==========================================================================
+       Description:
+               Prepare TPC Request action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueTPCReq(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UCHAR DialogToken);
+
+/*
+       ==========================================================================
+       Description:
+               Prepare TPC Report action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueTPCRep(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 DialogToken,
+       IN UINT8 TxPwr,
+       IN UINT8 LinkMargin);
+
+/*
+       ==========================================================================
+       Description:
+               Prepare Channel Switch Announcement action frame and enqueue it into
+               management queue waiting for transmition.
+
+       Parametrs:
+               1. the destination mac address of the frame.
+               2. Channel switch announcement mode.
+               2. a New selected channel.
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID EnqueueChSwAnn(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pDA,
+       IN UINT8 ChSwMode,
+       IN UINT8 NewCh);
+
+/*
+       ==========================================================================
+       Description:
+               Spectrun action frames Handler such as channel switch annoucement,
+               measurement report, measurement request actions frames.
+
+       Parametrs:
+               Elme - MLME message containing the received frame
+
+       Return  : None.
+       ==========================================================================
+ */
+VOID PeerSpectrumAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem);
+
+/*
+       ==========================================================================
+       Description:
+
+       Parametrs:
+
+       Return  : None.
+       ==========================================================================
+ */
+INT Set_MeasureReq_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_TpcReq_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_PwrConstraint(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+
+VOID MeasureReqTabInit(
+       IN PRTMP_ADAPTER pAd);
+
+VOID MeasureReqTabExit(
+       IN PRTMP_ADAPTER pAd);
+
+PMEASURE_REQ_ENTRY MeasureReqLookUp(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken);
+
+PMEASURE_REQ_ENTRY MeasureReqInsert(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken);
+
+VOID MeasureReqDelete(
+       IN PRTMP_ADAPTER        pAd,
+       IN UINT8                        DialogToken);
+
+VOID InsertChannelRepIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN PSTRING pCountry,
+       IN UINT8 RegulatoryClass);
+
+VOID InsertTpcReportIE(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 TxPwr,
+       IN UINT8 LinkMargin);
+
+VOID InsertDialogToken(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN UINT8 DialogToken);
+
+VOID TpcReqTabInit(
+       IN PRTMP_ADAPTER pAd);
+
+VOID TpcReqTabExit(
+       IN PRTMP_ADAPTER pAd);
+
+VOID NotifyChSwAnnToPeerAPs(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pRA,
+       IN PUCHAR pTA,
+       IN UINT8 ChSwMode,
+       IN UINT8 Channel);
+
+VOID RguClass_BuildBcnChList(
+       IN PRTMP_ADAPTER pAd,
+       OUT PUCHAR pBuf,
+       OUT     PULONG pBufLen);
+#endif // __SPECTRUM_H__ //
diff --git a/drivers/staging/rt3090/spectrum_def.h b/drivers/staging/rt3090/spectrum_def.h
new file mode 100644 (file)
index 0000000..0389b09
--- /dev/null
@@ -0,0 +1,257 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       spectrum_def.h
+
+    Abstract:
+    Handle association related requests either from WSTA or from local MLME
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+       Fonchi Wu    2008                  created for 802.11h
+ */
+
+#ifndef __SPECTRUM_DEF_H__
+#define __SPECTRUM_DEF_H__
+
+
+#define MAX_MEASURE_REQ_TAB_SIZE               32
+#define MAX_HASH_MEASURE_REQ_TAB_SIZE  MAX_MEASURE_REQ_TAB_SIZE
+
+#define MAX_TPC_REQ_TAB_SIZE                   32
+#define MAX_HASH_TPC_REQ_TAB_SIZE              MAX_TPC_REQ_TAB_SIZE
+
+#define MIN_RCV_PWR                            100             /* Negative value ((dBm) */
+
+#define TPC_REQ_AGE_OUT                        500             /* ms */
+#define MQ_REQ_AGE_OUT                 500             /* ms */
+
+#define TPC_DIALOGTOKEN_HASH_INDEX(_DialogToken)       ((_DialogToken) % MAX_HASH_TPC_REQ_TAB_SIZE)
+#define MQ_DIALOGTOKEN_HASH_INDEX(_DialogToken)                ((_DialogToken) % MAX_MEASURE_REQ_TAB_SIZE)
+
+typedef struct _MEASURE_REQ_ENTRY
+{
+       struct _MEASURE_REQ_ENTRY *pNext;
+       ULONG lastTime;
+       BOOLEAN Valid;
+       UINT8 DialogToken;
+       UINT8 MeasureDialogToken[3];    // 0:basic measure, 1: CCA measure, 2: RPI_Histogram measure.
+} MEASURE_REQ_ENTRY, *PMEASURE_REQ_ENTRY;
+
+typedef struct _MEASURE_REQ_TAB
+{
+       UCHAR Size;
+       PMEASURE_REQ_ENTRY Hash[MAX_HASH_MEASURE_REQ_TAB_SIZE];
+       MEASURE_REQ_ENTRY Content[MAX_MEASURE_REQ_TAB_SIZE];
+} MEASURE_REQ_TAB, *PMEASURE_REQ_TAB;
+
+typedef struct _TPC_REQ_ENTRY
+{
+       struct _TPC_REQ_ENTRY *pNext;
+       ULONG lastTime;
+       BOOLEAN Valid;
+       UINT8 DialogToken;
+} TPC_REQ_ENTRY, *PTPC_REQ_ENTRY;
+
+typedef struct _TPC_REQ_TAB
+{
+       UCHAR Size;
+       PTPC_REQ_ENTRY Hash[MAX_HASH_TPC_REQ_TAB_SIZE];
+       TPC_REQ_ENTRY Content[MAX_TPC_REQ_TAB_SIZE];
+} TPC_REQ_TAB, *PTPC_REQ_TAB;
+
+
+/* The regulatory information */
+typedef struct _DOT11_CHANNEL_SET
+{
+       UCHAR NumberOfChannels;
+       UINT8 MaxTxPwr;
+       UCHAR ChannelList[16];
+} DOT11_CHANNEL_SET, *PDOT11_CHANNEL_SET;
+
+typedef struct _DOT11_REGULATORY_INFORMATION
+{
+       UCHAR RegulatoryClass;
+       DOT11_CHANNEL_SET ChannelSet;
+} DOT11_REGULATORY_INFORMATION, *PDOT11_REGULATORY_INFORMATION;
+
+
+
+#define RM_TPC_REQ                             0
+#define RM_MEASURE_REQ                 1
+
+#define RM_BASIC                               0
+#define RM_CCA                                 1
+#define RM_RPI_HISTOGRAM               2
+#define RM_CH_LOAD                             3
+#define RM_NOISE_HISTOGRAM             4
+
+
+typedef struct PACKED _TPC_REPORT_INFO
+{
+       UINT8 TxPwr;
+       UINT8 LinkMargin;
+} TPC_REPORT_INFO, *PTPC_REPORT_INFO;
+
+typedef struct PACKED _CH_SW_ANN_INFO
+{
+       UINT8 ChSwMode;
+       UINT8 Channel;
+       UINT8 ChSwCnt;
+} CH_SW_ANN_INFO, *PCH_SW_ANN_INFO;
+
+typedef union PACKED _MEASURE_REQ_MODE
+{
+#ifdef RT_BIG_ENDIAN
+       struct PACKED
+       {
+
+               UINT8 :3;
+               UINT8 DurationMandatory:1;
+               UINT8 Report:1;
+               UINT8 Request:1;
+               UINT8 Enable:1;
+               UINT8 Parallel:1;
+       } field;
+#else
+       struct PACKED
+       {
+               UINT8 Parallel:1;
+               UINT8 Enable:1;
+               UINT8 Request:1;
+               UINT8 Report:1;
+               UINT8 DurationMandatory:1;
+               UINT8 :3;
+       } field;
+#endif // RT_BIG_ENDIAN //
+       UINT8 word;
+} MEASURE_REQ_MODE, *PMEASURE_REQ_MODE;
+
+typedef struct PACKED _MEASURE_REQ
+{
+       UINT8 ChNum;
+       UINT64 MeasureStartTime;
+       UINT16 MeasureDuration;
+} MEASURE_REQ, *PMEASURE_REQ;
+
+typedef struct PACKED _MEASURE_REQ_INFO
+{
+       UINT8 Token;
+       MEASURE_REQ_MODE ReqMode;
+       UINT8 ReqType;
+       UINT8 Oct[0];
+} MEASURE_REQ_INFO, *PMEASURE_REQ_INFO;
+
+typedef union PACKED _MEASURE_BASIC_REPORT_MAP
+{
+#ifdef RT_BIG_ENDIAN
+       struct PACKED
+       {
+               UINT8 Rev:3;
+
+               UINT8 Unmeasure:1;
+               UINT8 Radar:1;
+               UINT8 UnidentifiedSignal:1;
+               UINT8 OfdmPreamble:1;
+               UINT8 BSS:1;
+       } field;
+#else
+       struct PACKED
+       {
+               UINT8 BSS:1;
+
+               UINT8 OfdmPreamble:1;
+               UINT8 UnidentifiedSignal:1;
+               UINT8 Radar:1;
+               UINT8 Unmeasure:1;
+               UINT8 Rev:3;
+       } field;
+#endif // RT_BIG_ENDIAN //
+       UINT8 word;
+} MEASURE_BASIC_REPORT_MAP, *PMEASURE_BASIC_REPORT_MAP;
+
+typedef struct PACKED _MEASURE_BASIC_REPORT
+{
+       UINT8 ChNum;
+       UINT64 MeasureStartTime;
+       UINT16 MeasureDuration;
+       MEASURE_BASIC_REPORT_MAP Map;
+} MEASURE_BASIC_REPORT, *PMEASURE_BASIC_REPORT;
+
+typedef struct PACKED _MEASURE_CCA_REPORT
+{
+       UINT8 ChNum;
+       UINT64 MeasureStartTime;
+       UINT16 MeasureDuration;
+       UINT8 CCA_Busy_Fraction;
+} MEASURE_CCA_REPORT, *PMEASURE_CCA_REPORT;
+
+typedef struct PACKED _MEASURE_RPI_REPORT
+{
+       UINT8 ChNum;
+       UINT64 MeasureStartTime;
+       UINT16 MeasureDuration;
+       UINT8 RPI_Density[8];
+} MEASURE_RPI_REPORT, *PMEASURE_RPI_REPORT;
+
+typedef union PACKED _MEASURE_REPORT_MODE
+{
+       struct PACKED
+       {
+#ifdef RT_BIG_ENDIAN
+               UINT8 Rev:5;
+               UINT8 Refused:1;
+               UINT8 Incapable:1;
+               UINT8 Late:1;
+#else
+               UINT8 Late:1;
+               UINT8 Incapable:1;
+               UINT8 Refused:1;
+               UINT8 Rev:5;
+#endif // RT_BIG_ENDIAN //
+       } field;
+       UINT8 word;
+} MEASURE_REPORT_MODE, *PMEASURE_REPORT_MODE;
+
+typedef struct PACKED _MEASURE_REPORT_INFO
+{
+       UINT8 Token;
+       UINT8 ReportMode;
+       UINT8 ReportType;
+       UINT8 Octect[0];
+} MEASURE_REPORT_INFO, *PMEASURE_REPORT_INFO;
+
+typedef struct PACKED _QUIET_INFO
+{
+       UINT8 QuietCnt;
+       UINT8 QuietPeriod;
+       UINT16 QuietDuration;
+       UINT16 QuietOffset;
+} QUIET_INFO, *PQUIET_INFO;
+
+#endif // __SPECTRUM_DEF_H__ //
diff --git a/drivers/staging/rt3090/sta/assoc.c b/drivers/staging/rt3090/sta/assoc.c
new file mode 100644 (file)
index 0000000..012ed2b
--- /dev/null
@@ -0,0 +1,1673 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       assoc.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John            2004-9-3                porting from RT2500
+*/
+
+#include "../rt_config.h"
+
+
+UCHAR  CipherWpaTemplate[] = {
+               0xdd,                                   // WPA IE
+               0x16,                                   // Length
+               0x00, 0x50, 0xf2, 0x01, // oui
+               0x01, 0x00,                             // Version
+               0x00, 0x50, 0xf2, 0x02, // Multicast
+               0x01, 0x00,                             // Number of unicast
+               0x00, 0x50, 0xf2, 0x02, // unicast
+               0x01, 0x00,                             // number of authentication method
+               0x00, 0x50, 0xf2, 0x01  // authentication
+               };
+
+UCHAR  CipherWpa2Template[] = {
+               0x30,                                   // RSN IE
+               0x14,                                   // Length
+               0x01, 0x00,                             // Version
+               0x00, 0x0f, 0xac, 0x02, // group cipher, TKIP
+               0x01, 0x00,                             // number of pairwise
+               0x00, 0x0f, 0xac, 0x02, // unicast
+               0x01, 0x00,                             // number of authentication method
+               0x00, 0x0f, 0xac, 0x02, // authentication
+               0x00, 0x00,                             // RSN capability
+               };
+
+UCHAR  Ccx2IeInfo[] = { 0x00, 0x40, 0x96, 0x03, 0x02};
+
+/*
+       ==========================================================================
+       Description:
+               association state machine init, including state transition and timer init
+       Parameters:
+               S - pointer to the association state machine
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+ */
+VOID AssocStateMachineInit(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  STATE_MACHINE *S,
+       OUT STATE_MACHINE_FUNC Trans[])
+{
+       StateMachineInit(S, Trans, MAX_ASSOC_STATE, MAX_ASSOC_MSG, (STATE_MACHINE_FUNC)Drop, ASSOC_IDLE, ASSOC_MACHINE_BASE);
+
+       // first column
+       StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)MlmeAssocReqAction);
+       StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)MlmeReassocReqAction);
+       StateMachineSetAction(S, ASSOC_IDLE, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)MlmeDisassocReqAction);
+       StateMachineSetAction(S, ASSOC_IDLE, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
+
+       // second column
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
+       //
+       // Patch 3Com AP MOde:3CRWE454G72
+       // We send Assoc request frame to this AP, it always send Reassoc Rsp not Associate Rsp.
+       //
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerAssocRspAction);
+       StateMachineSetAction(S, ASSOC_WAIT_RSP, MT2_ASSOC_TIMEOUT, (STATE_MACHINE_FUNC)AssocTimeoutAction);
+
+       // third column
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_REASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
+       //
+       // Patch, AP doesn't send Reassociate Rsp frame to Station.
+       //
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_PEER_ASSOC_RSP, (STATE_MACHINE_FUNC)PeerReassocRspAction);
+       StateMachineSetAction(S, REASSOC_WAIT_RSP, MT2_REASSOC_TIMEOUT, (STATE_MACHINE_FUNC)ReassocTimeoutAction);
+
+       // fourth column
+       StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_ASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAssoc);
+       StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_REASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenReassoc);
+       StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_MLME_DISASSOC_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenDisassociate);
+       StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_PEER_DISASSOC_REQ, (STATE_MACHINE_FUNC)PeerDisassocAction);
+       StateMachineSetAction(S, DISASSOC_WAIT_RSP, MT2_DISASSOC_TIMEOUT, (STATE_MACHINE_FUNC)DisassocTimeoutAction);
+
+       // initialize the timer
+       RTMPInitTimer(pAd, &pAd->MlmeAux.AssocTimer, GET_TIMER_FUNCTION(AssocTimeout), pAd, FALSE);
+       RTMPInitTimer(pAd, &pAd->MlmeAux.ReassocTimer, GET_TIMER_FUNCTION(ReassocTimeout), pAd, FALSE);
+       RTMPInitTimer(pAd, &pAd->MlmeAux.DisassocTimer, GET_TIMER_FUNCTION(DisassocTimeout), pAd, FALSE);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Association timeout procedure. After association timeout, this function
+               will be called and it will put a message into the MLME queue
+       Parameters:
+               Standard timer parameters
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AssocTimeout(IN PVOID SystemSpecific1,
+                                IN PVOID FunctionContext,
+                                IN PVOID SystemSpecific2,
+                                IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_ASSOC_TIMEOUT, 0, NULL);
+       RTMP_MLME_HANDLER(pAd);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Reassociation timeout procedure. After reassociation timeout, this
+               function will be called and put a message into the MLME queue
+       Parameters:
+               Standard timer parameters
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID ReassocTimeout(IN PVOID SystemSpecific1,
+                                       IN PVOID FunctionContext,
+                                       IN PVOID SystemSpecific2,
+                                       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_REASSOC_TIMEOUT, 0, NULL);
+       RTMP_MLME_HANDLER(pAd);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Disassociation timeout procedure. After disassociation timeout, this
+               function will be called and put a message into the MLME queue
+       Parameters:
+               Standard timer parameters
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID DisassocTimeout(IN PVOID SystemSpecific1,
+                                       IN PVOID FunctionContext,
+                                       IN PVOID SystemSpecific2,
+                                       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_DISASSOC_TIMEOUT, 0, NULL);
+       RTMP_MLME_HANDLER(pAd);
+}
+
+/*
+       ==========================================================================
+       Description:
+               mlme assoc req handling procedure
+       Parameters:
+               Adapter - Adapter pointer
+               Elem - MLME Queue Element
+       Pre:
+               the station has been authenticated and the following information is stored in the config
+                       -# SSID
+                       -# supported rates and their length
+                       -# listen interval (Adapter->StaCfg.default_listen_count)
+                       -# Transmit power  (Adapter->StaCfg.tx_power)
+       Post  :
+               -# An association request frame is generated and sent to the air
+               -# Association timer starts
+               -# Association state -> ASSOC_WAIT_RSP
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeAssocReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR                   ApAddr[6];
+       HEADER_802_11   AssocHdr;
+       UCHAR                   WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
+       USHORT                  ListenIntv;
+       ULONG                   Timeout;
+       USHORT                  CapabilityInfo;
+       BOOLEAN                 TimerCancelled;
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       ULONG                   FrameLen = 0;
+       ULONG                   tmp;
+       USHORT                  VarIesOffset;
+       USHORT                  Status;
+
+       // Block all authentication request durning WPA block period
+       if (pAd->StaCfg.bBlockAssoc == TRUE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block Assoc request durning WPA block period!\n"));
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+               Status = MLME_STATE_MACHINE_REJECT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+       }
+       // check sanity first
+       else if (MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
+       {
+               RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
+               COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
+
+               // Get an unused nonpaged memory
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+               if (NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() allocate memory failed \n"));
+                       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                       Status = MLME_FAIL_NO_RESOURCE;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+                       return;
+               }
+
+               // Add by James 03/06/27
+               pAd->StaCfg.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
+               // Association don't need to report MAC address
+               pAd->StaCfg.AssocInfo.AvailableRequestFixedIEs =
+                       NDIS_802_11_AI_REQFI_CAPABILITIES | NDIS_802_11_AI_REQFI_LISTENINTERVAL;
+               pAd->StaCfg.AssocInfo.RequestFixedIEs.Capabilities = CapabilityInfo;
+               pAd->StaCfg.AssocInfo.RequestFixedIEs.ListenInterval = ListenIntv;
+               // Only reassociate need this
+               //COPY_MAC_ADDR(pAd->StaCfg.AssocInfo.RequestFixedIEs.CurrentAPAddress, ApAddr);
+               pAd->StaCfg.AssocInfo.OffsetRequestIEs = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
+
+        NdisZeroMemory(pAd->StaCfg.ReqVarIEs, MAX_VIE_LEN);
+               // First add SSID
+               VarIesOffset = 0;
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SsidIe, 1);
+               VarIesOffset += 1;
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SsidLen, 1);
+               VarIesOffset += 1;
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+               VarIesOffset += pAd->MlmeAux.SsidLen;
+
+               // Second add Supported rates
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &SupRateIe, 1);
+               VarIesOffset += 1;
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->MlmeAux.SupRateLen, 1);
+               VarIesOffset += 1;
+               NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->MlmeAux.SupRate, pAd->MlmeAux.SupRateLen);
+               VarIesOffset += pAd->MlmeAux.SupRateLen;
+               // End Add by James
+
+        if ((pAd->CommonCfg.Channel > 14) &&
+            (pAd->CommonCfg.bIEEE80211H == TRUE))
+            CapabilityInfo |= 0x0100;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send ASSOC request...\n"));
+               MgtMacHeaderInit(pAd, &AssocHdr, SUBTYPE_ASSOC_REQ, 0, ApAddr, ApAddr);
+
+               // Build basic frame first
+               MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                                 sizeof(HEADER_802_11),        &AssocHdr,
+                                                 2,                                            &CapabilityInfo,
+                                                 2,                                            &ListenIntv,
+                                                 1,                                            &SsidIe,
+                                                 1,                                            &pAd->MlmeAux.SsidLen,
+                                                 pAd->MlmeAux.SsidLen,         pAd->MlmeAux.Ssid,
+                                                 1,                                            &SupRateIe,
+                                                 1,                                            &pAd->MlmeAux.SupRateLen,
+                                                 pAd->MlmeAux.SupRateLen,  pAd->MlmeAux.SupRate,
+                                                 END_OF_ARGS);
+
+               if (pAd->MlmeAux.ExtRateLen != 0)
+               {
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,    &tmp,
+                                                         1,                        &ExtRateIe,
+                                                         1,                        &pAd->MlmeAux.ExtRateLen,
+                                                         pAd->MlmeAux.ExtRateLen,  pAd->MlmeAux.ExtRate,
+                                                         END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+
+#ifdef DOT11_N_SUPPORT
+               // HT
+               if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+               {
+                       ULONG TmpLen;
+                       UCHAR HtLen;
+                       UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
+                       if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
+                       {
+                               HtLen = SIZE_HT_CAP_IE + 4;
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                         1,                                &WpaIe,
+                                                         1,                                &HtLen,
+                                                         4,                                &BROADCOM[0],
+                                                        pAd->MlmeAux.HtCapabilityLen,          &pAd->MlmeAux.HtCapability,
+                                                         END_OF_ARGS);
+                       }
+                       else
+                       {
+#ifdef RT_BIG_ENDIAN
+                       HT_CAPABILITY_IE HtCapabilityTmp;
+#endif
+
+#ifndef RT_BIG_ENDIAN
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                         1,                                &HtCapIe,
+                                                         1,                                &pAd->MlmeAux.HtCapabilityLen,
+                                                        pAd->MlmeAux.HtCapabilityLen,          &pAd->MlmeAux.HtCapability,
+                                                         END_OF_ARGS);
+#else
+                NdisZeroMemory(&HtCapabilityTmp, sizeof(HT_CAPABILITY_IE));
+                NdisMoveMemory(&HtCapabilityTmp, &pAd->MlmeAux.HtCapability, pAd->MlmeAux.HtCapabilityLen);
+                       *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+                       *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,         &TmpLen,
+                                                               1,                           &HtCapIe,
+                                                               1,                           &pAd->MlmeAux.HtCapabilityLen,
+                                                               pAd->MlmeAux.HtCapabilityLen,&HtCapabilityTmp,
+                                                               END_OF_ARGS);
+#endif
+                       }
+                       FrameLen += TmpLen;
+               }
+#endif // DOT11_N_SUPPORT //
+
+               // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
+               // Case I: (Aggregation + Piggy-Back)
+               // 1. user enable aggregation, AND
+               // 2. Mac support piggy-back
+               // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
+               // Case II: (Aggregation)
+               // 1. user enable aggregation, AND
+               // 2. AP annouces it's AGGREGATION-capable in BEACON
+               if (pAd->CommonCfg.bAggregationCapable)
+               {
+                       if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
+                       {
+                               ULONG TmpLen;
+                               UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
+                               MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                                 9,                             RalinkIe,
+                                                                 END_OF_ARGS);
+                               FrameLen += TmpLen;
+                       }
+                       else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
+                       {
+                               ULONG TmpLen;
+                               UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
+                               MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                                 9,                             RalinkIe,
+                                                                 END_OF_ARGS);
+                               FrameLen += TmpLen;
+                       }
+               }
+               else
+               {
+                       ULONG TmpLen;
+                       UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x06, 0x00, 0x00, 0x00};
+                       MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                         9,                                             RalinkIe,
+                                                         END_OF_ARGS);
+                       FrameLen += TmpLen;
+               }
+
+               if (pAd->MlmeAux.APEdcaParm.bValid)
+               {
+                       if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
+                       {
+                               QBSS_STA_INFO_PARM QosInfo;
+
+                               NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
+                               QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
+                               QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
+                               QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
+                               QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
+                               QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
+                               WmeIe[8] |= *(PUCHAR)&QosInfo;
+                       }
+                       else
+                       {
+                // The Parameter Set Count is set to ï¿½ï¿½0�� in the association request frames
+                // WmeIe[8] |= (pAd->MlmeAux.APEdcaParm.EdcaUpdateCount & 0x0f);
+                       }
+
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,    &tmp,
+                                                         9,                        &WmeIe[0],
+                                                         END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+               //
+               // Let WPA(#221) Element ID on the end of this association frame.
+               // Otherwise some AP will fail on parsing Element ID and set status fail on Assoc Rsp.
+               // For example: Put Vendor Specific IE on the front of WPA IE.
+               // This happens on AP (Model No:Linksys WRK54G)
+               //
+               if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+            (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
+            (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+            (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
+                       )
+            )
+               {
+                       UCHAR RSNIe = IE_WPA;
+
+                       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
+                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2))
+                       {
+                               RSNIe = IE_WPA2;
+                       }
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+#ifdef SIOCSIWGENIE
+                       if ((pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_ENABLE) &&
+                               (pAd->StaCfg.bRSN_IE_FromWpaSupplicant == FALSE))
+#endif // SIOCSIWGENIE //
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+            RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, BSS0);
+
+            // Check for WPA PMK cache list
+                       if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2)
+                       {
+                           INT     idx;
+                BOOLEAN FoundPMK = FALSE;
+                               // Search chched PMKID, append it if existed
+                               for (idx = 0; idx < PMKID_NO; idx++)
+                               {
+                                       if (NdisEqualMemory(ApAddr, &pAd->StaCfg.SavedPMK[idx].BSSID, 6))
+                                       {
+                                               FoundPMK = TRUE;
+                                               break;
+                                       }
+                               }
+
+                               if (FoundPMK)
+                               {
+                                       // Set PMK number
+                                       *(PUSHORT) &pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len] = 1;
+                                       NdisMoveMemory(&pAd->StaCfg.RSN_IE[pAd->StaCfg.RSNIE_Len + 2], &pAd->StaCfg.SavedPMK[idx].PMKID, 16);
+                    pAd->StaCfg.RSNIE_Len += 18;
+                               }
+                       }
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+#ifdef SIOCSIWGENIE
+                       if ((pAd->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_ENABLE) &&
+                               (pAd->StaCfg.bRSN_IE_FromWpaSupplicant == TRUE))
+                       {
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,                &tmp,
+                                               pAd->StaCfg.RSNIE_Len,                  pAd->StaCfg.RSN_IE,
+                                               END_OF_ARGS);
+                       }
+                       else
+#endif
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+                       {
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,                &tmp,
+                                               1,                              &RSNIe,
+                                       1,                              &pAd->StaCfg.RSNIE_Len,
+                                       pAd->StaCfg.RSNIE_Len,                  pAd->StaCfg.RSN_IE,
+                                       END_OF_ARGS);
+                       }
+
+                       FrameLen += tmp;
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+#ifdef SIOCSIWGENIE
+                       if ((pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_ENABLE) ||
+                               (pAd->StaCfg.bRSN_IE_FromWpaSupplicant == FALSE))
+#endif
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+                       {
+            // Append Variable IE
+            NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &RSNIe, 1);
+            VarIesOffset += 1;
+            NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, &pAd->StaCfg.RSNIE_Len, 1);
+            VarIesOffset += 1;
+                       }
+                       NdisMoveMemory(pAd->StaCfg.ReqVarIEs + VarIesOffset, pAd->StaCfg.RSN_IE, pAd->StaCfg.RSNIE_Len);
+                       VarIesOffset += pAd->StaCfg.RSNIE_Len;
+
+                       // Set Variable IEs Length
+                       pAd->StaCfg.ReqVarIELen = VarIesOffset;
+               }
+
+
+               MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer);
+
+               RTMPSetTimer(&pAd->MlmeAux.AssocTimer, Timeout);
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_WAIT_RSP;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeAssocReqAction() sanity check failed. BUG!!!!!! \n"));
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+               Status = MLME_INVALID_FORMAT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+       }
+
+}
+
+/*
+       ==========================================================================
+       Description:
+               mlme reassoc req handling procedure
+       Parameters:
+               Elem -
+       Pre:
+               -# SSID  (Adapter->StaCfg.ssid[])
+               -# BSSID (AP address, Adapter->StaCfg.bssid)
+               -# Supported rates (Adapter->StaCfg.supported_rates[])
+               -# Supported rates length (Adapter->StaCfg.supported_rates_len)
+               -# Tx power (Adapter->StaCfg.tx_power)
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeReassocReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR                   ApAddr[6];
+       HEADER_802_11   ReassocHdr;
+       UCHAR                   WmeIe[9] = {IE_VENDOR_SPECIFIC, 0x07, 0x00, 0x50, 0xf2, 0x02, 0x00, 0x01, 0x00};
+       USHORT                  CapabilityInfo, ListenIntv;
+       ULONG                   Timeout;
+       ULONG                   FrameLen = 0;
+       BOOLEAN                 TimerCancelled;
+       NDIS_STATUS             NStatus;
+       ULONG                   tmp;
+       PUCHAR                  pOutBuffer = NULL;
+       USHORT                  Status;
+
+       // Block all authentication request durning WPA block period
+       if (pAd->StaCfg.bBlockAssoc == TRUE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Block ReAssoc request durning WPA block period!\n"));
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+               Status = MLME_STATE_MACHINE_REJECT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+       }
+       // the parameters are the same as the association
+       else if(MlmeAssocReqSanity(pAd, Elem->Msg, Elem->MsgLen, ApAddr, &CapabilityInfo, &Timeout, &ListenIntv))
+       {
+               RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
+
+               NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+               if(NStatus != NDIS_STATUS_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() allocate memory failed \n"));
+                       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                       Status = MLME_FAIL_NO_RESOURCE;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+                       return;
+               }
+
+               COPY_MAC_ADDR(pAd->MlmeAux.Bssid, ApAddr);
+
+               // make frame, use bssid as the AP address??
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send RE-ASSOC request...\n"));
+               MgtMacHeaderInit(pAd, &ReassocHdr, SUBTYPE_REASSOC_REQ, 0, ApAddr, ApAddr);
+               MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                                 sizeof(HEADER_802_11),    &ReassocHdr,
+                                                 2,                        &CapabilityInfo,
+                                                 2,                        &ListenIntv,
+                                                 MAC_ADDR_LEN,             ApAddr,
+                                                 1,                        &SsidIe,
+                                                 1,                        &pAd->MlmeAux.SsidLen,
+                                                 pAd->MlmeAux.SsidLen,     pAd->MlmeAux.Ssid,
+                                                 1,                        &SupRateIe,
+                                                 1,                                            &pAd->MlmeAux.SupRateLen,
+                                                 pAd->MlmeAux.SupRateLen,  pAd->MlmeAux.SupRate,
+                                                 END_OF_ARGS);
+
+               if (pAd->MlmeAux.ExtRateLen != 0)
+               {
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                         1,                            &ExtRateIe,
+                                                         1,                            &pAd->MlmeAux.ExtRateLen,
+                                                         pAd->MlmeAux.ExtRateLen,          pAd->MlmeAux.ExtRate,
+                                                         END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+
+               if (pAd->MlmeAux.APEdcaParm.bValid)
+               {
+                       if (pAd->CommonCfg.bAPSDCapable && pAd->MlmeAux.APEdcaParm.bAPSDCapable)
+                       {
+                               QBSS_STA_INFO_PARM QosInfo;
+
+                               NdisZeroMemory(&QosInfo, sizeof(QBSS_STA_INFO_PARM));
+                               QosInfo.UAPSD_AC_BE = pAd->CommonCfg.bAPSDAC_BE;
+                               QosInfo.UAPSD_AC_BK = pAd->CommonCfg.bAPSDAC_BK;
+                               QosInfo.UAPSD_AC_VI = pAd->CommonCfg.bAPSDAC_VI;
+                               QosInfo.UAPSD_AC_VO = pAd->CommonCfg.bAPSDAC_VO;
+                               QosInfo.MaxSPLength = pAd->CommonCfg.MaxSPLength;
+                               WmeIe[8] |= *(PUCHAR)&QosInfo;
+                       }
+
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,    &tmp,
+                                                         9,                        &WmeIe[0],
+                                                         END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+#ifdef DOT11_N_SUPPORT
+               // HT
+               if ((pAd->MlmeAux.HtCapabilityLen > 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+               {
+                       ULONG TmpLen;
+                       UCHAR HtLen;
+                       UCHAR BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
+                       if (pAd->StaActive.SupportedPhyInfo.bPreNHt == TRUE)
+                       {
+                               HtLen = SIZE_HT_CAP_IE + 4;
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                         1,                                &WpaIe,
+                                                         1,                                &HtLen,
+                                                         4,                                &BROADCOM[0],
+                                                        pAd->MlmeAux.HtCapabilityLen,          &pAd->MlmeAux.HtCapability,
+                                                         END_OF_ARGS);
+                       }
+                       else
+                       {
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                         1,                                &HtCapIe,
+                                                         1,                                &pAd->MlmeAux.HtCapabilityLen,
+                                                        pAd->MlmeAux.HtCapabilityLen,          &pAd->MlmeAux.HtCapability,
+                                                         END_OF_ARGS);
+                       }
+                       FrameLen += TmpLen;
+               }
+#endif // DOT11_N_SUPPORT //
+
+               // add Ralink proprietary IE to inform AP this STA is going to use AGGREGATION or PIGGY-BACK+AGGREGATION
+               // Case I: (Aggregation + Piggy-Back)
+               // 1. user enable aggregation, AND
+               // 2. Mac support piggy-back
+               // 3. AP annouces it's PIGGY-BACK+AGGREGATION-capable in BEACON
+               // Case II: (Aggregation)
+               // 1. user enable aggregation, AND
+               // 2. AP annouces it's AGGREGATION-capable in BEACON
+               if (pAd->CommonCfg.bAggregationCapable)
+               {
+                       if ((pAd->CommonCfg.bPiggyBackCapable) && ((pAd->MlmeAux.APRalinkIe & 0x00000003) == 3))
+                       {
+                               ULONG TmpLen;
+                               UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x03, 0x00, 0x00, 0x00};
+                               MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                                 9,                             RalinkIe,
+                                                                 END_OF_ARGS);
+                               FrameLen += TmpLen;
+                       }
+                       else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
+                       {
+                               ULONG TmpLen;
+                               UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x01, 0x00, 0x00, 0x00};
+                               MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                                 9,                             RalinkIe,
+                                                                 END_OF_ARGS);
+                               FrameLen += TmpLen;
+                       }
+               }
+               else
+               {
+                       ULONG TmpLen;
+                       UCHAR RalinkIe[9] = {IE_VENDOR_SPECIFIC, 7, 0x00, 0x0c, 0x43, 0x04, 0x00, 0x00, 0x00};
+                       MakeOutgoingFrame(pOutBuffer+FrameLen,           &TmpLen,
+                                                         9,                                             RalinkIe,
+                                                         END_OF_ARGS);
+                       FrameLen += TmpLen;
+               }
+
+               MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer);
+
+               RTMPSetTimer(&pAd->MlmeAux.ReassocTimer, Timeout); /* in mSec */
+               pAd->Mlme.AssocMachine.CurrState = REASSOC_WAIT_RSP;
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("ASSOC - MlmeReassocReqAction() sanity check failed. BUG!!!! \n"));
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+               Status = MLME_INVALID_FORMAT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               Upper layer issues disassoc request
+       Parameters:
+               Elem -
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+ */
+VOID MlmeDisassocReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PMLME_DISASSOC_REQ_STRUCT pDisassocReq;
+       HEADER_802_11         DisassocHdr;
+       PHEADER_802_11        pDisassocHdr;
+       PUCHAR                pOutBuffer = NULL;
+       ULONG                 FrameLen = 0;
+       NDIS_STATUS           NStatus;
+       BOOLEAN               TimerCancelled;
+       ULONG                 Timeout = 500;
+       USHORT                Status;
+
+#ifdef QOS_DLS_SUPPORT
+       // send DLS-TEAR_DOWN message,
+       if (pAd->CommonCfg.bDLSCapable)
+       {
+               UCHAR i;
+
+               // tear down local dls table entry
+               for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                       {
+                               RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                               pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                       }
+               }
+
+               // tear down peer dls table entry
+               for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                       {
+                               RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                               pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                       }
+               }
+       }
+#endif // QOS_DLS_SUPPORT //
+
+       // skip sanity check
+       pDisassocReq = (PMLME_DISASSOC_REQ_STRUCT)(Elem->Msg);
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - MlmeDisassocReqAction() allocate memory failed\n"));
+               pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+               Status = MLME_FAIL_NO_RESOURCE;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
+               return;
+       }
+
+
+
+
+       RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer, &TimerCancelled);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Send DISASSOC request[BSSID::%02x:%02x:%02x:%02x:%02x:%02x (Reason=%d)\n",
+                               pDisassocReq->Addr[0], pDisassocReq->Addr[1], pDisassocReq->Addr[2],
+                               pDisassocReq->Addr[3], pDisassocReq->Addr[4], pDisassocReq->Addr[5], pDisassocReq->Reason));
+       MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pDisassocReq->Addr, pDisassocReq->Addr);       // patch peap ttls switching issue
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                                         sizeof(HEADER_802_11),&DisassocHdr,
+                                         2,                    &pDisassocReq->Reason,
+                                         END_OF_ARGS);
+       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+
+       // To patch Instance and Buffalo(N) AP
+       // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
+       // Therefore, we send both of them.
+       pDisassocHdr = (PHEADER_802_11)pOutBuffer;
+       pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
+       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       pAd->StaCfg.DisassocReason = REASON_DISASSOC_STA_LEAVING;
+       COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pDisassocReq->Addr);
+
+       RTMPSetTimer(&pAd->MlmeAux.DisassocTimer, Timeout); /* in mSec */
+       pAd->Mlme.AssocMachine.CurrState = DISASSOC_WAIT_RSP;
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+       if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
+       {
+               //send disassociate event to wpa_supplicant
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0);
+       }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+       RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+}
+
+/*
+       ==========================================================================
+       Description:
+               peer sends assoc rsp back
+       Parameters:
+               Elme - MLME message containing the received frame
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID PeerAssocRspAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT        CapabilityInfo, Status, Aid;
+       UCHAR         SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
+       UCHAR         ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
+       UCHAR         Addr2[MAC_ADDR_LEN];
+       BOOLEAN       TimerCancelled;
+       UCHAR         CkipFlag;
+       EDCA_PARM     EdcaParm;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                   HtCapabilityLen;
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChannelOffset = 0xff;
+
+       if (PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
+               &HtCapability,&AddHtInfo, &HtCapabilityLen,&AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
+       {
+               // The frame is for me ?
+               if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():ASSOC - receive ASSOC_RSP to me (status=%d)\n", Status));
+#ifdef DOT11_N_SUPPORT
+                       DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspAction():MacTable [%d].AMsduSize = %d. ClientStatusFlags = 0x%lx \n",Elem->Wcid, pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
+#endif // DOT11_N_SUPPORT //
+                       RTMPCancelTimer(&pAd->MlmeAux.AssocTimer, &TimerCancelled);
+
+
+                       if(Status == MLME_SUCCESS)
+                       {
+                               UCHAR                   MaxSupportedRateIn500Kbps = 0;
+                               UCHAR                   idx;
+
+                               // supported rates array may not be sorted. sort it and find the maximum rate
+                           for (idx=0; idx<SupRateLen; idx++)
+                           {
+                               if (MaxSupportedRateIn500Kbps < (SupRate[idx] & 0x7f))
+                                   MaxSupportedRateIn500Kbps = SupRate[idx] & 0x7f;
+                           }
+
+                               for (idx=0; idx<ExtRateLen; idx++)
+                           {
+                               if (MaxSupportedRateIn500Kbps < (ExtRate[idx] & 0x7f))
+                                   MaxSupportedRateIn500Kbps = ExtRate[idx] & 0x7f;
+                           }
+                               // go to procedure listed on page 376
+                               AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
+                                       &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
+
+                               StaAddMacTableEntry(pAd,
+                                                                       &pAd->MacTab.Content[BSSID_WCID],
+                                                                       MaxSupportedRateIn500Kbps,
+                                                                       &HtCapability,
+                                                                       HtCapabilityLen,
+                                                                       &AddHtInfo,
+                                                                       AddHtInfoLen,
+                                                                       CapabilityInfo);
+                       }
+                       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+               }
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerAssocRspAction() sanity check fail\n"));
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               peer sends reassoc rsp
+       Parametrs:
+               Elem - MLME message cntaining the received frame
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID PeerReassocRspAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT      CapabilityInfo;
+       USHORT      Status;
+       USHORT      Aid;
+       UCHAR       SupRate[MAX_LEN_OF_SUPPORTED_RATES], SupRateLen;
+       UCHAR       ExtRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRateLen;
+       UCHAR       Addr2[MAC_ADDR_LEN];
+       UCHAR       CkipFlag;
+       BOOLEAN     TimerCancelled;
+       EDCA_PARM   EdcaParm;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                   HtCapabilityLen;
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChannelOffset = 0xff;
+
+       if(PeerAssocRspSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &CapabilityInfo, &Status, &Aid, SupRate, &SupRateLen, ExtRate, &ExtRateLen,
+                                                               &HtCapability,  &AddHtInfo, &HtCapabilityLen, &AddHtInfoLen,&NewExtChannelOffset, &EdcaParm, &CkipFlag))
+       {
+               if(MAC_ADDR_EQUAL(Addr2, pAd->MlmeAux.Bssid)) // The frame is for me ?
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - receive REASSOC_RSP to me (status=%d)\n", Status));
+                       RTMPCancelTimer(&pAd->MlmeAux.ReassocTimer, &TimerCancelled);
+
+                       if(Status == MLME_SUCCESS)
+                       {
+                               // go to procedure listed on page 376
+                               AssocPostProc(pAd, Addr2, CapabilityInfo, Aid, SupRate, SupRateLen, ExtRate, ExtRateLen,
+                                        &EdcaParm, &HtCapability, HtCapabilityLen, &AddHtInfo);
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+                if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
+                       {
+                               SendAssocIEsToWpaSupplicant(pAd);
+                               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_ASSOC_EVENT_FLAG, NULL, NULL, 0);
+                       }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+                {
+                    wext_notify_event_assoc(pAd);
+                    RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, &pAd->MlmeAux.Bssid[0], NULL, 0);
+                }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+                       }
+
+                       // CkipFlag is no use for reassociate
+                       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+               }
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerReassocRspAction() sanity check fail\n"));
+       }
+
+}
+
+/*
+       ==========================================================================
+       Description:
+               procedures on IEEE 802.11/1999 p.376
+       Parametrs:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AssocPostProc(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR pAddr2,
+       IN USHORT CapabilityInfo,
+       IN USHORT Aid,
+       IN UCHAR SupRate[],
+       IN UCHAR SupRateLen,
+       IN UCHAR ExtRate[],
+       IN UCHAR ExtRateLen,
+       IN PEDCA_PARM pEdcaParm,
+       IN HT_CAPABILITY_IE             *pHtCapability,
+       IN UCHAR HtCapabilityLen,
+       IN ADD_HT_INFO_IE               *pAddHtInfo)    // AP might use this additional ht info IE
+{
+       ULONG Idx;
+
+       pAd->MlmeAux.BssType = BSS_INFRA;
+       COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pAddr2);
+       pAd->MlmeAux.Aid = Aid;
+       pAd->MlmeAux.CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO;
+
+#ifdef DOT11_N_SUPPORT
+       // Some HT AP might lost WMM IE. We add WMM ourselves. beacuase HT requires QoS on.
+       if ((HtCapabilityLen > 0) && (pEdcaParm->bValid == FALSE))
+       {
+               pEdcaParm->bValid = TRUE;
+               pEdcaParm->Aifsn[0] = 3;
+               pEdcaParm->Aifsn[1] = 7;
+               pEdcaParm->Aifsn[2] = 2;
+               pEdcaParm->Aifsn[3] = 2;
+
+               pEdcaParm->Cwmin[0] = 4;
+               pEdcaParm->Cwmin[1] = 4;
+               pEdcaParm->Cwmin[2] = 3;
+               pEdcaParm->Cwmin[3] = 2;
+
+               pEdcaParm->Cwmax[0] = 10;
+               pEdcaParm->Cwmax[1] = 10;
+               pEdcaParm->Cwmax[2] = 4;
+               pEdcaParm->Cwmax[3] = 3;
+
+               pEdcaParm->Txop[0]  = 0;
+               pEdcaParm->Txop[1]  = 0;
+               pEdcaParm->Txop[2]  = 96;
+               pEdcaParm->Txop[3]  = 48;
+
+       }
+#endif // DOT11_N_SUPPORT //
+
+       NdisMoveMemory(&pAd->MlmeAux.APEdcaParm, pEdcaParm, sizeof(EDCA_PARM));
+
+       // filter out un-supported rates
+       pAd->MlmeAux.SupRateLen = SupRateLen;
+       NdisMoveMemory(pAd->MlmeAux.SupRate, SupRate, SupRateLen);
+       RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
+
+       // filter out un-supported rates
+       pAd->MlmeAux.ExtRateLen = ExtRateLen;
+       NdisMoveMemory(pAd->MlmeAux.ExtRate, ExtRate, ExtRateLen);
+       RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
+
+#ifdef DOT11_N_SUPPORT
+       if (HtCapabilityLen > 0)
+       {
+               RTMPCheckHt(pAd, BSSID_WCID, pHtCapability, pAddHtInfo);
+       }
+       DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===>  AP.AMsduSize = %d. ClientStatusFlags = 0x%lx \n", pAd->MacTab.Content[BSSID_WCID].AMsduSize, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
+
+       DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===>    (Mmps=%d, AmsduSize=%d, )\n",
+               pAd->MacTab.Content[BSSID_WCID].MmpsMode, pAd->MacTab.Content[BSSID_WCID].AMsduSize));
+#endif // DOT11_N_SUPPORT //
+
+       // Set New WPA information
+       Idx = BssTableSearch(&pAd->ScanTab, pAddr2, pAd->MlmeAux.Channel);
+       if (Idx == BSS_NOT_FOUND)
+       {
+               DBGPRINT_ERR(("ASSOC - Can't find BSS after receiving Assoc response\n"));
+       }
+       else
+       {
+               // Init variable
+               pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = 0;
+               NdisZeroMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, MAX_LEN_OF_RSNIE);
+
+               // Store appropriate RSN_IE for WPA SM negotiation later
+               if ((pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) && (pAd->ScanTab.BssEntry[Idx].VarIELen != 0))
+               {
+                       PUCHAR              pVIE;
+                       USHORT              len;
+                       PEID_STRUCT         pEid;
+
+                       pVIE = pAd->ScanTab.BssEntry[Idx].VarIEs;
+                       len      = pAd->ScanTab.BssEntry[Idx].VarIELen;
+                       //KH need to check again
+                       // Don't allow to go to sleep mode if authmode is WPA-related.
+                       //This can make Authentication process more smoothly.
+                       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+
+                       while (len > 0)
+                       {
+                               pEid = (PEID_STRUCT) pVIE;
+                               // For WPA/WPAPSK
+                               if ((pEid->Eid == IE_WPA) && (NdisEqualMemory(pEid->Octet, WPA_OUI, 4))
+                                       && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+                               {
+                                       NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
+                                       pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA SM negotiation \n"));
+                               }
+                               // For WPA2/WPA2PSK
+                               else if ((pEid->Eid == IE_RSN) && (NdisEqualMemory(pEid->Octet + 2, RSN_OUI, 3))
+                                       && (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2 || pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+                               {
+                                       NdisMoveMemory(pAd->MacTab.Content[BSSID_WCID].RSN_IE, pVIE, (pEid->Len + 2));
+                                       pAd->MacTab.Content[BSSID_WCID].RSNIE_Len = (pEid->Len + 2);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> Store RSN_IE for WPA2 SM negotiation \n"));
+                               }
+
+                               pVIE += (pEid->Len + 2);
+                               len  -= (pEid->Len + 2);
+                       }
+
+
+               }
+
+               if (pAd->MacTab.Content[BSSID_WCID].RSNIE_Len == 0)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("AssocPostProc===> no RSN_IE \n"));
+               }
+               else
+               {
+                       hex_dump("RSN_IE", pAd->MacTab.Content[BSSID_WCID].RSN_IE, pAd->MacTab.Content[BSSID_WCID].RSNIE_Len);
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               left part of IEEE 802.11/1999 p.374
+       Parameters:
+               Elem - MLME message containing the received frame
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID PeerDisassocAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR         Addr2[MAC_ADDR_LEN];
+       USHORT        Reason;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction()\n"));
+       if(PeerDisassocSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() Reason = %d\n", Reason));
+               if (INFRA_ON(pAd) && MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, Addr2))
+               {
+
+                       if (pAd->CommonCfg.bWirelessEvent)
+                       {
+                               RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+                       }
+
+
+                       LinkDown(pAd, TRUE);
+                       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+            if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
+                       {
+                               //send disassociate event to wpa_supplicant
+                               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0);
+                       }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+                       RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+               }
+       }
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - PeerDisassocAction() sanity check fail\n"));
+       }
+
+}
+
+/*
+       ==========================================================================
+       Description:
+               what the state machine will do after assoc timeout
+       Parameters:
+               Elme -
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID AssocTimeoutAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT  Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - AssocTimeoutAction\n"));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_REJ_TIMEOUT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+               what the state machine will do after reassoc timeout
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID ReassocTimeoutAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT  Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - ReassocTimeoutAction\n"));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_REJ_TIMEOUT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+               what the state machine will do after disassoc timeout
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID DisassocTimeoutAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT  Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - DisassocTimeoutAction\n"));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_SUCCESS;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
+}
+
+VOID InvalidStateWhenAssoc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT  Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenAssoc(state=%ld), reset ASSOC state machine\n",
+               pAd->Mlme.AssocMachine.CurrState));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_ASSOC_CONF, 2, &Status);
+}
+
+VOID InvalidStateWhenReassoc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenReassoc(state=%ld), reset ASSOC state machine\n",
+               pAd->Mlme.AssocMachine.CurrState));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_REASSOC_CONF, 2, &Status);
+}
+
+VOID InvalidStateWhenDisassociate(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - InvalidStateWhenDisassoc(state=%ld), reset ASSOC state machine\n",
+               pAd->Mlme.AssocMachine.CurrState));
+       pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DISASSOC_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+               right part of IEEE 802.11/1999 page 374
+       Note:
+               This event should never cause ASSOC state machine perform state
+               transition, and has no relationship with CNTL machine. So we separate
+               this routine as a service outside of ASSOC state transition table.
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID Cls3errAction(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR        pAddr)
+{
+       HEADER_802_11         DisassocHdr;
+       PHEADER_802_11        pDisassocHdr;
+       PUCHAR                pOutBuffer = NULL;
+       ULONG                 FrameLen = 0;
+       NDIS_STATUS           NStatus;
+       USHORT                Reason = REASON_CLS3ERR;
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("ASSOC - Class 3 Error, Send DISASSOC frame\n"));
+       MgtMacHeaderInit(pAd, &DisassocHdr, SUBTYPE_DISASSOC, 0, pAddr, pAd->CommonCfg.Bssid);  // patch peap ttls switching issue
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                                         sizeof(HEADER_802_11),&DisassocHdr,
+                                         2,                    &Reason,
+                                         END_OF_ARGS);
+       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+
+       // To patch Instance and Buffalo(N) AP
+       // Driver has to send deauth to Instance AP, but Buffalo(N) needs to send disassoc to reset Authenticator's state machine
+       // Therefore, we send both of them.
+       pDisassocHdr = (PHEADER_802_11)pOutBuffer;
+       pDisassocHdr->FC.SubType = SUBTYPE_DEAUTH;
+       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       pAd->StaCfg.DisassocReason = REASON_CLS3ERR;
+       COPY_MAC_ADDR(pAd->StaCfg.DisassocSta, pAddr);
+}
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+VOID    SendAssocIEsToWpaSupplicant(
+    IN  PRTMP_ADAPTER pAd)
+{
+       STRING custom[IW_CUSTOM_MAX] = {0};
+
+       if ((pAd->StaCfg.ReqVarIELen + 17) <= IW_CUSTOM_MAX)
+       {
+               sprintf(custom, "ASSOCINFO_ReqIEs=");
+               NdisMoveMemory(custom+17, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_REQIE_EVENT_FLAG, NULL, (PUCHAR)custom, pAd->StaCfg.ReqVarIELen + 17);
+
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_ASSOCINFO_EVENT_FLAG, NULL, NULL, 0);
+       }
+       else
+               DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen + 17 > MAX_CUSTOM_LEN\n"));
+
+       return;
+}
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+int wext_notify_event_assoc(
+       IN  RTMP_ADAPTER *pAd)
+{
+       char custom[IW_CUSTOM_MAX] = {0};
+
+#if WIRELESS_EXT > 17
+       if (pAd->StaCfg.ReqVarIELen <= IW_CUSTOM_MAX)
+       {
+               NdisMoveMemory(custom, pAd->StaCfg.ReqVarIEs, pAd->StaCfg.ReqVarIELen);
+               RtmpOSWrielessEventSend(pAd, IWEVASSOCREQIE, -1, NULL, custom, pAd->StaCfg.ReqVarIELen);
+       }
+       else
+           DBGPRINT(RT_DEBUG_TRACE, ("pAd->StaCfg.ReqVarIELen > MAX_CUSTOM_LEN\n"));
+#else
+       int len;
+
+       len = (pAd->StaCfg.ReqVarIELen*2) + 17;
+       if (len <= IW_CUSTOM_MAX)
+       {
+               UCHAR   idx;
+               sprintf(custom, "ASSOCINFO(ReqIEs=");
+               for (idx=0; idx<pAd->StaCfg.ReqVarIELen; idx++)
+                       sprintf(custom, "%s%02x", custom, pAd->StaCfg.ReqVarIEs[idx]);
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, -1, NULL, custom, len);
+       }
+       else
+               DBGPRINT(RT_DEBUG_TRACE, ("len(%d) > MAX_CUSTOM_LEN\n", len));
+#endif
+
+       return 0;
+
+}
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+
+BOOLEAN StaAddMacTableEntry(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PMAC_TABLE_ENTRY    pEntry,
+       IN  UCHAR                               MaxSupportedRateIn500Kbps,
+       IN  HT_CAPABILITY_IE    *pHtCapability,
+       IN  UCHAR                               HtCapabilityLen,
+       IN  ADD_HT_INFO_IE              *pAddHtInfo,
+       IN  UCHAR                               AddHtInfoLen,
+       IN  USHORT                      CapabilityInfo)
+{
+       UCHAR            MaxSupportedRate = RATE_11;
+
+       if (ADHOC_ON(pAd))
+               CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
+
+       switch (MaxSupportedRateIn500Kbps)
+    {
+        case 108: MaxSupportedRate = RATE_54;   break;
+        case 96:  MaxSupportedRate = RATE_48;   break;
+        case 72:  MaxSupportedRate = RATE_36;   break;
+        case 48:  MaxSupportedRate = RATE_24;   break;
+        case 36:  MaxSupportedRate = RATE_18;   break;
+        case 24:  MaxSupportedRate = RATE_12;   break;
+        case 18:  MaxSupportedRate = RATE_9;    break;
+        case 12:  MaxSupportedRate = RATE_6;    break;
+        case 22:  MaxSupportedRate = RATE_11;   break;
+        case 11:  MaxSupportedRate = RATE_5_5;  break;
+        case 4:   MaxSupportedRate = RATE_2;    break;
+        case 2:   MaxSupportedRate = RATE_1;    break;
+        default:  MaxSupportedRate = RATE_11;   break;
+    }
+
+    if ((pAd->CommonCfg.PhyMode == PHY_11G) && (MaxSupportedRate < RATE_FIRST_OFDM_RATE))
+        return FALSE;
+
+#ifdef DOT11_N_SUPPORT
+       // 11n only
+       if (((pAd->CommonCfg.PhyMode == PHY_11N_2_4G) || (pAd->CommonCfg.PhyMode == PHY_11N_5G))&& (HtCapabilityLen == 0))
+               return FALSE;
+#endif // DOT11_N_SUPPORT //
+
+       if (!pEntry)
+        return FALSE;
+
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+       if (pEntry)
+       {
+               pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+               if ((MaxSupportedRate < RATE_FIRST_OFDM_RATE) ||
+                       (pAd->CommonCfg.PhyMode == PHY_11B))
+               {
+                       pEntry->RateLen = 4;
+                       if (MaxSupportedRate >= RATE_FIRST_OFDM_RATE)
+                               MaxSupportedRate = RATE_11;
+               }
+               else
+                       pEntry->RateLen = 12;
+
+               pEntry->MaxHTPhyMode.word = 0;
+               pEntry->MinHTPhyMode.word = 0;
+               pEntry->HTPhyMode.word = 0;
+               pEntry->MaxSupportedRate = MaxSupportedRate;
+               if (pEntry->MaxSupportedRate < RATE_FIRST_OFDM_RATE)
+               {
+                       pEntry->MaxHTPhyMode.field.MODE = MODE_CCK;
+                       pEntry->MaxHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                       pEntry->MinHTPhyMode.field.MODE = MODE_CCK;
+                       pEntry->MinHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                       pEntry->HTPhyMode.field.MODE = MODE_CCK;
+                       pEntry->HTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+               }
+               else
+               {
+                       pEntry->MaxHTPhyMode.field.MODE = MODE_OFDM;
+                       pEntry->MaxHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                       pEntry->MinHTPhyMode.field.MODE = MODE_OFDM;
+                       pEntry->MinHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                       pEntry->HTPhyMode.field.MODE = MODE_OFDM;
+                       pEntry->HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+               }
+               pEntry->CapabilityInfo = CapabilityInfo;
+               CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_AGGREGATION_CAPABLE);
+               CLIENT_STATUS_CLEAR_FLAG(pEntry, fCLIENT_STATUS_PIGGYBACK_CAPABLE);
+       }
+
+#ifdef DOT11_N_SUPPORT
+       NdisZeroMemory(&pEntry->HTCapability, sizeof(pEntry->HTCapability));
+       // If this Entry supports 802.11n, upgrade to HT rate.
+       if ((HtCapabilityLen != 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+       {
+               UCHAR   j, bitmask; //k,bitmask;
+               CHAR    i;
+
+               if (ADHOC_ON(pAd))
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
+               if ((pHtCapability->HtCapInfo.GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
+               {
+                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTGREENFIELD;
+               }
+               else
+               {
+                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                       pAd->MacTab.fAnyStationNonGF = TRUE;
+                       pAd->CommonCfg.AddHTInfo.AddHtInfo2.NonGfPresent = 1;
+               }
+
+               if ((pHtCapability->HtCapInfo.ChannelWidth) &&
+                       (pAd->CommonCfg.DesiredHtPhy.ChannelWidth) &&
+                       ((pAd->StaCfg.BssType == BSS_INFRA) || ((pAd->StaCfg.BssType == BSS_ADHOC) && (pAddHtInfo->AddHtInfo.ExtChanOffset == pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset))))
+               {
+                       pEntry->MaxHTPhyMode.field.BW= BW_40;
+                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor40)&(pHtCapability->HtCapInfo.ShortGIfor40));
+               }
+               else
+               {
+                       pEntry->MaxHTPhyMode.field.BW = BW_20;
+                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor20)&(pHtCapability->HtCapInfo.ShortGIfor20));
+                       pAd->MacTab.fAnyStation20Only = TRUE;
+               }
+
+               // 3*3
+               if (pAd->MACVersion >= RALINK_2883_VERSION && pAd->MACVersion < RALINK_3070_VERSION)
+                       pEntry->MaxHTPhyMode.field.TxBF = pAd->CommonCfg.RegTransmitSetting.field.TxBF;
+
+               // find max fixed rate
+               for (i=23; i>=0; i--) // 3*3
+               {
+                       j = i/8;
+                       bitmask = (1<<(i-(j*8)));
+                       if ((pAd->StaCfg.DesiredHtPhyInfo.MCSSet[j] & bitmask) && (pHtCapability->MCSSet[j] & bitmask))
+                       {
+                               pEntry->MaxHTPhyMode.field.MCS = i;
+                               break;
+                       }
+                       if (i==0)
+                               break;
+               }
+
+
+               if (pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO)
+               {
+                       if (pAd->StaCfg.DesiredTransmitSetting.field.MCS == 32)
+                       {
+                               // Fix MCS as HT Duplicated Mode
+                               pEntry->MaxHTPhyMode.field.BW = 1;
+                               pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                               pEntry->MaxHTPhyMode.field.STBC = 0;
+                               pEntry->MaxHTPhyMode.field.ShortGI = 0;
+                               pEntry->MaxHTPhyMode.field.MCS = 32;
+                       }
+                       else if (pEntry->MaxHTPhyMode.field.MCS > pAd->StaCfg.HTPhyMode.field.MCS)
+                       {
+                               // STA supports fixed MCS
+                               pEntry->MaxHTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
+                       }
+               }
+
+               pEntry->MaxHTPhyMode.field.STBC = (pHtCapability->HtCapInfo.RxSTBC & (pAd->CommonCfg.DesiredHtPhy.TxSTBC));
+               pEntry->MpduDensity = pHtCapability->HtCapParm.MpduDensity;
+               pEntry->MaxRAmpduFactor = pHtCapability->HtCapParm.MaxRAmpduFactor;
+               pEntry->MmpsMode = (UCHAR)pHtCapability->HtCapInfo.MimoPs;
+               pEntry->AMsduSize = (UCHAR)pHtCapability->HtCapInfo.AMsduSize;
+               pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+
+               if (pAd->CommonCfg.DesiredHtPhy.AmsduEnable && (pAd->CommonCfg.REGBACapability.field.AutoBA == FALSE))
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_AMSDU_INUSED);
+               if (pHtCapability->HtCapInfo.ShortGIfor20)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE);
+               if (pHtCapability->HtCapInfo.ShortGIfor40)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE);
+               if (pHtCapability->HtCapInfo.TxSTBC)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_TxSTBC_CAPABLE);
+               if (pHtCapability->HtCapInfo.RxSTBC)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RxSTBC_CAPABLE);
+               if (pHtCapability->ExtHtCapInfo.PlusHTC)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_HTC_CAPABLE);
+               if (pAd->CommonCfg.bRdg && pHtCapability->ExtHtCapInfo.RDGSupport)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RDG_CAPABLE);
+               if (pHtCapability->ExtHtCapInfo.MCSFeedback == 0x03)
+                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_MCSFEEDBACK_CAPABLE);
+               NdisMoveMemory(&pEntry->HTCapability, pHtCapability, HtCapabilityLen);
+       }
+       else
+       {
+               pAd->MacTab.fAnyStationIsLegacy = TRUE;
+       }
+#endif // DOT11_N_SUPPORT //
+
+       pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+       pEntry->CurrTxRate = pEntry->MaxSupportedRate;
+
+       // Set asic auto fall back
+       if (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
+       {
+               PUCHAR                                  pTable;
+               UCHAR                                   TableSize = 0;
+
+               MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &pEntry->CurrTxRateIndex);
+               pEntry->bAutoTxRateSwitch = TRUE;
+       }
+       else
+       {
+               pEntry->HTPhyMode.field.MODE    = pAd->StaCfg.HTPhyMode.field.MODE;
+               pEntry->HTPhyMode.field.MCS     = pAd->StaCfg.HTPhyMode.field.MCS;
+               pEntry->bAutoTxRateSwitch = FALSE;
+
+               // If the legacy mode is set, overwrite the transmit setting of this entry.
+               RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
+       }
+
+       pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+       pEntry->Sst = SST_ASSOC;
+       pEntry->AuthState = AS_AUTH_OPEN;
+       pEntry->AuthMode = pAd->StaCfg.AuthMode;
+       pEntry->WepStatus = pAd->StaCfg.WepStatus;
+
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+    if (pAd->StaCfg.WpaSupplicantUP)
+    {
+        union iwreq_data    wrqu;
+
+        SendAssocIEsToWpaSupplicant(pAd);
+        memset(&wrqu, 0, sizeof(wrqu));
+        wrqu.data.flags = RT_ASSOC_EVENT_FLAG;
+        wireless_send_event(pAd->net_dev, IWEVCUSTOM, &wrqu, NULL);
+    }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+    {
+        union iwreq_data    wrqu;
+        wext_notify_event_assoc(pAd);
+
+        memset(wrqu.ap_addr.sa_data, 0, MAC_ADDR_LEN);
+        memcpy(wrqu.ap_addr.sa_data, pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
+        wireless_send_event(pAd->net_dev, SIOCGIWAP, &wrqu, NULL);
+
+    }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/sta/auth.c b/drivers/staging/rt3090/sta/auth.c
new file mode 100644 (file)
index 0000000..157e299
--- /dev/null
@@ -0,0 +1,491 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       auth.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John            2004-9-3                porting from RT2500
+*/
+
+#include "../rt_config.h"
+
+
+/*
+    ==========================================================================
+    Description:
+        authenticate state machine init, including state transition and timer init
+    Parameters:
+        Sm - pointer to the auth state machine
+    Note:
+        The state machine looks like this
+
+                        AUTH_REQ_IDLE           AUTH_WAIT_SEQ2                   AUTH_WAIT_SEQ4
+    MT2_MLME_AUTH_REQ   mlme_auth_req_action    invalid_state_when_auth          invalid_state_when_auth
+    MT2_PEER_AUTH_EVEN  drop                    peer_auth_even_at_seq2_action    peer_auth_even_at_seq4_action
+    MT2_AUTH_TIMEOUT    Drop                    auth_timeout_action              auth_timeout_action
+
+       IRQL = PASSIVE_LEVEL
+
+    ==========================================================================
+ */
+
+void AuthStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[])
+{
+    StateMachineInit(Sm, Trans, MAX_AUTH_STATE, MAX_AUTH_MSG, (STATE_MACHINE_FUNC)Drop, AUTH_REQ_IDLE, AUTH_MACHINE_BASE);
+
+    // the first column
+    StateMachineSetAction(Sm, AUTH_REQ_IDLE, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)MlmeAuthReqAction);
+
+    // the second column
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAuth);
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_PEER_AUTH_EVEN, (STATE_MACHINE_FUNC)PeerAuthRspAtSeq2Action);
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ2, MT2_AUTH_TIMEOUT, (STATE_MACHINE_FUNC)AuthTimeoutAction);
+
+    // the third column
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_MLME_AUTH_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenAuth);
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_PEER_AUTH_EVEN, (STATE_MACHINE_FUNC)PeerAuthRspAtSeq4Action);
+    StateMachineSetAction(Sm, AUTH_WAIT_SEQ4, MT2_AUTH_TIMEOUT, (STATE_MACHINE_FUNC)AuthTimeoutAction);
+
+       RTMPInitTimer(pAd, &pAd->MlmeAux.AuthTimer, GET_TIMER_FUNCTION(AuthTimeout), pAd, FALSE);
+}
+
+/*
+    ==========================================================================
+    Description:
+        function to be executed at timer thread when auth timer expires
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID AuthTimeout(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3)
+{
+    RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+    DBGPRINT(RT_DEBUG_TRACE,("AUTH - AuthTimeout\n"));
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS | fRTMP_ADAPTER_NIC_NOT_EXIST))
+               return;
+
+       // send a de-auth to reset AP's state machine (Patch AP-Dir635)
+       if (pAd->Mlme.AuthMachine.CurrState == AUTH_WAIT_SEQ2)
+               Cls2errAction(pAd, pAd->MlmeAux.Bssid);
+
+
+    MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_AUTH_TIMEOUT, 0, NULL);
+    RTMP_MLME_HANDLER(pAd);
+}
+
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID MlmeAuthReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       if (AUTH_ReqSend(pAd, Elem, &pAd->MlmeAux.AuthTimer, "AUTH", 1, NULL, 0))
+        pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ2;
+    else
+    {
+               USHORT Status;
+
+        pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+        Status = MLME_INVALID_FORMAT;
+        MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID PeerAuthRspAtSeq2Action(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+    UCHAR         Addr2[MAC_ADDR_LEN];
+    USHORT        Seq, Status, RemoteStatus, Alg;
+    UCHAR         ChlgText[CIPHER_TEXT_LEN];
+    UCHAR         CyperChlgText[CIPHER_TEXT_LEN + 8 + 8];
+    UCHAR         Element[2];
+    HEADER_802_11 AuthHdr;
+    BOOLEAN       TimerCancelled;
+    PUCHAR        pOutBuffer = NULL;
+    NDIS_STATUS   NStatus;
+    ULONG         FrameLen = 0;
+    USHORT        Status2;
+
+    if (PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, (PCHAR)ChlgText))
+    {
+        if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 2)
+        {
+            DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#2 to me (Alg=%d, Status=%d)\n", Alg, Status));
+            RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
+
+            if (Status == MLME_SUCCESS)
+            {
+                // Authentication Mode "LEAP" has allow for CCX 1.X
+                if (pAd->MlmeAux.Alg == Ndis802_11AuthModeOpen)
+                {
+                    pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+                    MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+                }
+                else
+                {
+                    // 2. shared key, need to be challenged
+                    Seq++;
+                    RemoteStatus = MLME_SUCCESS;
+
+                                       // Get an unused nonpaged memory
+                    NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+                    if(NStatus != NDIS_STATUS_SUCCESS)
+                    {
+                        DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq2Action() allocate memory fail\n"));
+                        pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+                        Status2 = MLME_FAIL_NO_RESOURCE;
+                        MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status2);
+                        return;
+                    }
+
+                    DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send AUTH request seq#3...\n"));
+                    MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr2, pAd->MlmeAux.Bssid);
+                    AuthHdr.FC.Wep = 1;
+                    // Encrypt challenge text & auth information
+                    RTMPInitWepEngine(
+                       pAd,
+                       pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key,
+                       pAd->StaCfg.DefaultKeyId,
+                       pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen,
+                       CyperChlgText);
+
+                                       Alg = cpu2le16(*(USHORT *)&Alg);
+                                       Seq = cpu2le16(*(USHORT *)&Seq);
+                                       RemoteStatus= cpu2le16(*(USHORT *)&RemoteStatus);
+
+                                       RTMPEncryptData(pAd, (PUCHAR) &Alg, CyperChlgText + 4, 2);
+                                       RTMPEncryptData(pAd, (PUCHAR) &Seq, CyperChlgText + 6, 2);
+                                       RTMPEncryptData(pAd, (PUCHAR) &RemoteStatus, CyperChlgText + 8, 2);
+                                       Element[0] = 16;
+                                       Element[1] = 128;
+                                       RTMPEncryptData(pAd, Element, CyperChlgText + 10, 2);
+                                       RTMPEncryptData(pAd, ChlgText, CyperChlgText + 12, 128);
+                                       RTMPSetICV(pAd, CyperChlgText + 140);
+                    MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                      sizeof(HEADER_802_11),    &AuthHdr,
+                                      CIPHER_TEXT_LEN + 16,     CyperChlgText,
+                                      END_OF_ARGS);
+                    MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+                       MlmeFreeMemory(pAd, pOutBuffer);
+
+                    RTMPSetTimer(&pAd->MlmeAux.AuthTimer, AUTH_TIMEOUT);
+                    pAd->Mlme.AuthMachine.CurrState = AUTH_WAIT_SEQ4;
+                }
+            }
+            else
+            {
+                pAd->StaCfg.AuthFailReason = Status;
+                COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
+                pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+                MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+            }
+        }
+    }
+    else
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthSanity() sanity check fail\n"));
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID PeerAuthRspAtSeq4Action(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+    UCHAR         Addr2[MAC_ADDR_LEN];
+    USHORT        Alg, Seq, Status;
+    CHAR          ChlgText[CIPHER_TEXT_LEN];
+    BOOLEAN       TimerCancelled;
+
+    if(PeerAuthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Alg, &Seq, &Status, ChlgText))
+    {
+        if(MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Addr2) && Seq == 4)
+        {
+            DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Receive AUTH_RSP seq#4 to me\n"));
+            RTMPCancelTimer(&pAd->MlmeAux.AuthTimer, &TimerCancelled);
+
+            if (Status != MLME_SUCCESS)
+            {
+                pAd->StaCfg.AuthFailReason = Status;
+                COPY_MAC_ADDR(pAd->StaCfg.AuthFailSta, Addr2);
+            }
+
+            pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+            MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+        }
+    }
+    else
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("AUTH - PeerAuthRspAtSeq4Action() sanity check fail\n"));
+    }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID MlmeDeauthReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+    MLME_DEAUTH_REQ_STRUCT *pInfo;
+    HEADER_802_11 DeauthHdr;
+    PUCHAR        pOutBuffer = NULL;
+    NDIS_STATUS   NStatus;
+    ULONG         FrameLen = 0;
+    USHORT        Status;
+
+    pInfo = (MLME_DEAUTH_REQ_STRUCT *)Elem->Msg;
+
+    NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+    if (NStatus != NDIS_STATUS_SUCCESS)
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("AUTH - MlmeDeauthReqAction() allocate memory fail\n"));
+        pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+        Status = MLME_FAIL_NO_RESOURCE;
+        MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
+        return;
+    }
+
+
+    DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Send DE-AUTH request (Reason=%d)...\n", pInfo->Reason));
+    MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pInfo->Addr, pAd->MlmeAux.Bssid);
+    MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                      sizeof(HEADER_802_11),&DeauthHdr,
+                      2,                    &pInfo->Reason,
+                      END_OF_ARGS);
+    MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+    pAd->StaCfg.DeauthReason = pInfo->Reason;
+    COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pInfo->Addr);
+    pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+    Status = MLME_SUCCESS;
+    MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_DEAUTH_CONF, 2, &Status);
+
+       // send wireless event - for deauthentication
+       if (pAd->CommonCfg.bWirelessEvent)
+               RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID AuthTimeoutAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+    USHORT Status;
+    DBGPRINT(RT_DEBUG_TRACE, ("AUTH - AuthTimeoutAction\n"));
+    pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+    Status = MLME_REJ_TIMEOUT;
+    MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID InvalidStateWhenAuth(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+    USHORT Status;
+    DBGPRINT(RT_DEBUG_TRACE, ("AUTH - InvalidStateWhenAuth (state=%ld), reset AUTH state machine\n", pAd->Mlme.AuthMachine.CurrState));
+    pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+    Status = MLME_STATE_MACHINE_REJECT;
+    MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+}
+
+/*
+    ==========================================================================
+    Description:
+        Some STA/AP
+    Note:
+        This action should never trigger AUTH state transition, therefore we
+        separate it from AUTH state machine, and make it as a standalone service
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID Cls2errAction(
+    IN PRTMP_ADAPTER pAd,
+    IN PUCHAR pAddr)
+{
+    HEADER_802_11 DeauthHdr;
+    PUCHAR        pOutBuffer = NULL;
+    NDIS_STATUS   NStatus;
+    ULONG         FrameLen = 0;
+    USHORT        Reason = REASON_CLS2ERR;
+
+    NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+    if (NStatus != NDIS_STATUS_SUCCESS)
+        return;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("AUTH - Class 2 error, Send DEAUTH frame...\n"));
+    MgtMacHeaderInit(pAd, &DeauthHdr, SUBTYPE_DEAUTH, 0, pAddr, pAd->MlmeAux.Bssid);
+    MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                      sizeof(HEADER_802_11),&DeauthHdr,
+                      2,                    &Reason,
+                      END_OF_ARGS);
+    MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+    pAd->StaCfg.DeauthReason = Reason;
+    COPY_MAC_ADDR(pAd->StaCfg.DeauthSta, pAddr);
+}
+
+BOOLEAN        AUTH_ReqSend(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PMLME_QUEUE_ELEM    pElem,
+       IN  PRALINK_TIMER_STRUCT pAuthTimer,
+       IN  PSTRING                             pSMName,
+       IN  USHORT                              SeqNo,
+       IN  PUCHAR                              pNewElement,
+       IN  ULONG                               ElementLen)
+{
+       USHORT             Alg, Seq, Status;
+       UCHAR              Addr[6];
+    ULONG              Timeout;
+    HEADER_802_11      AuthHdr;
+    BOOLEAN            TimerCancelled;
+    NDIS_STATUS        NStatus;
+    PUCHAR             pOutBuffer = NULL;
+    ULONG              FrameLen = 0, tmp = 0;
+
+       // Block all authentication request durning WPA block period
+       if (pAd->StaCfg.bBlockAssoc == TRUE)
+       {
+        DBGPRINT(RT_DEBUG_TRACE, ("%s - Block Auth request durning WPA block period!\n", pSMName));
+        pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+        Status = MLME_STATE_MACHINE_REJECT;
+        MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+       }
+    else if(MlmeAuthReqSanity(pAd, pElem->Msg, pElem->MsgLen, Addr, &Timeout, &Alg))
+    {
+       /* reset timer */
+               RTMPCancelTimer(pAuthTimer, &TimerCancelled);
+
+        COPY_MAC_ADDR(pAd->MlmeAux.Bssid, Addr);
+        pAd->MlmeAux.Alg  = Alg;
+        Seq = SeqNo;
+        Status = MLME_SUCCESS;
+
+        NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+        if(NStatus != NDIS_STATUS_SUCCESS)
+        {
+            DBGPRINT(RT_DEBUG_TRACE, ("%s - MlmeAuthReqAction(Alg:%d) allocate memory failed\n", pSMName, Alg));
+            pAd->Mlme.AuthMachine.CurrState = AUTH_REQ_IDLE;
+            Status = MLME_FAIL_NO_RESOURCE;
+            MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_AUTH_CONF, 2, &Status);
+            return FALSE;
+        }
+
+        DBGPRINT(RT_DEBUG_TRACE, ("%s - Send AUTH request seq#1 (Alg=%d)...\n", pSMName, Alg));
+        MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, Addr, pAd->MlmeAux.Bssid);
+        MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                          sizeof(HEADER_802_11),&AuthHdr,
+                          2,                    &Alg,
+                          2,                    &Seq,
+                          2,                    &Status,
+                          END_OF_ARGS);
+
+               if (pNewElement && ElementLen)
+               {
+                       MakeOutgoingFrame(pOutBuffer+FrameLen,  &tmp,
+                                                         ElementLen,                   pNewElement,
+                                 END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+        MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+               RTMPSetTimer(pAuthTimer, Timeout);
+               return TRUE;
+    }
+    else
+    {
+        DBGPRINT_ERR(("%s - MlmeAuthReqAction() sanity check failed\n", pSMName));
+               return FALSE;
+    }
+
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/sta/auth_rsp.c b/drivers/staging/rt3090/sta/auth_rsp.c
new file mode 100644 (file)
index 0000000..207bfea
--- /dev/null
@@ -0,0 +1,151 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       auth_rsp.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John            2004-10-1               copy from RT2560
+*/
+
+#include "../rt_config.h"
+
+
+/*
+    ==========================================================================
+    Description:
+        authentication state machine init procedure
+    Parameters:
+        Sm - the state machine
+
+       IRQL = PASSIVE_LEVEL
+
+    ==========================================================================
+ */
+VOID AuthRspStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN PSTATE_MACHINE Sm,
+    IN STATE_MACHINE_FUNC Trans[])
+{
+    StateMachineInit(Sm, Trans, MAX_AUTH_RSP_STATE, MAX_AUTH_RSP_MSG, (STATE_MACHINE_FUNC)Drop, AUTH_RSP_IDLE, AUTH_RSP_MACHINE_BASE);
+
+    // column 1
+    StateMachineSetAction(Sm, AUTH_RSP_IDLE, MT2_PEER_DEAUTH, (STATE_MACHINE_FUNC)PeerDeauthAction);
+
+    // column 2
+    StateMachineSetAction(Sm, AUTH_RSP_WAIT_CHAL, MT2_PEER_DEAUTH, (STATE_MACHINE_FUNC)PeerDeauthAction);
+
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+*/
+VOID PeerAuthSimpleRspGenAndSend(
+    IN PRTMP_ADAPTER pAd,
+    IN PHEADER_802_11 pHdr80211,
+    IN USHORT Alg,
+    IN USHORT Seq,
+    IN USHORT Reason,
+    IN USHORT Status)
+{
+    HEADER_802_11     AuthHdr;
+    ULONG             FrameLen = 0;
+    PUCHAR            pOutBuffer = NULL;
+    NDIS_STATUS       NStatus;
+
+    if (Reason != MLME_SUCCESS)
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("Peer AUTH fail...\n"));
+        return;
+    }
+
+       //Get an unused nonpaged memory
+    NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+    if (NStatus != NDIS_STATUS_SUCCESS)
+        return;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Send AUTH response (seq#2)...\n"));
+    MgtMacHeaderInit(pAd, &AuthHdr, SUBTYPE_AUTH, 0, pHdr80211->Addr2, pAd->MlmeAux.Bssid);
+    MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                      sizeof(HEADER_802_11),    &AuthHdr,
+                      2,                        &Alg,
+                      2,                        &Seq,
+                      2,                        &Reason,
+                      END_OF_ARGS);
+    MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+*/
+VOID PeerDeauthAction(
+    IN PRTMP_ADAPTER pAd,
+    IN PMLME_QUEUE_ELEM Elem)
+{
+    UCHAR       Addr2[MAC_ADDR_LEN];
+    USHORT      Reason;
+
+    if (PeerDeauthSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, &Reason))
+    {
+        if (INFRA_ON(pAd)
+                       && MAC_ADDR_EQUAL(Addr2, pAd->CommonCfg.Bssid)
+                       )
+        {
+            DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - receive DE-AUTH from our AP (Reason=%d)\n", Reason));
+
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+               RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+
+                       // send wireless event - for deauthentication
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_DEAUTH_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+
+            LinkDown(pAd, TRUE);
+        }
+    }
+    else
+    {
+        DBGPRINT(RT_DEBUG_TRACE,("AUTH_RSP - PeerDeauthAction() sanity check fail\n"));
+    }
+}
diff --git a/drivers/staging/rt3090/sta/connect.c b/drivers/staging/rt3090/sta/connect.c
new file mode 100644 (file)
index 0000000..4aa35ee
--- /dev/null
@@ -0,0 +1,2759 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       connect.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John                    2004-08-08                      Major modification from RT2560
+*/
+
+#include "../rt_config.h"
+
+
+UCHAR  CipherSuiteWpaNoneTkip[] = {
+               0x00, 0x50, 0xf2, 0x01, // oui
+               0x01, 0x00,                             // Version
+               0x00, 0x50, 0xf2, 0x02, // Multicast
+               0x01, 0x00,                             // Number of unicast
+               0x00, 0x50, 0xf2, 0x02, // unicast
+               0x01, 0x00,                             // number of authentication method
+               0x00, 0x50, 0xf2, 0x00  // authentication
+               };
+UCHAR  CipherSuiteWpaNoneTkipLen = (sizeof(CipherSuiteWpaNoneTkip) / sizeof(UCHAR));
+
+UCHAR  CipherSuiteWpaNoneAes[] = {
+               0x00, 0x50, 0xf2, 0x01, // oui
+               0x01, 0x00,                             // Version
+               0x00, 0x50, 0xf2, 0x04, // Multicast
+               0x01, 0x00,                             // Number of unicast
+               0x00, 0x50, 0xf2, 0x04, // unicast
+               0x01, 0x00,                             // number of authentication method
+               0x00, 0x50, 0xf2, 0x00  // authentication
+               };
+UCHAR  CipherSuiteWpaNoneAesLen = (sizeof(CipherSuiteWpaNoneAes) / sizeof(UCHAR));
+
+// The following MACRO is called after 1. starting an new IBSS, 2. succesfully JOIN an IBSS,
+// or 3. succesfully ASSOCIATE to a BSS, 4. successfully RE_ASSOCIATE to a BSS
+// All settings successfuly negotiated furing MLME state machines become final settings
+// and are copied to pAd->StaActive
+#define COPY_SETTINGS_FROM_MLME_AUX_TO_ACTIVE_CFG(_pAd)                                 \
+{                                                                                       \
+       NdisZeroMemory((_pAd)->CommonCfg.Ssid, MAX_LEN_OF_SSID);                                                        \
+       (_pAd)->CommonCfg.SsidLen = (_pAd)->MlmeAux.SsidLen;                                \
+       NdisMoveMemory((_pAd)->CommonCfg.Ssid, (_pAd)->MlmeAux.Ssid, (_pAd)->MlmeAux.SsidLen); \
+       COPY_MAC_ADDR((_pAd)->CommonCfg.Bssid, (_pAd)->MlmeAux.Bssid);                      \
+       (_pAd)->CommonCfg.Channel = (_pAd)->MlmeAux.Channel;                                \
+       (_pAd)->CommonCfg.CentralChannel = (_pAd)->MlmeAux.CentralChannel;                  \
+       (_pAd)->StaActive.Aid = (_pAd)->MlmeAux.Aid;                                        \
+       (_pAd)->StaActive.AtimWin = (_pAd)->MlmeAux.AtimWin;                                \
+       (_pAd)->StaActive.CapabilityInfo = (_pAd)->MlmeAux.CapabilityInfo;                  \
+       (_pAd)->CommonCfg.BeaconPeriod = (_pAd)->MlmeAux.BeaconPeriod;                      \
+       (_pAd)->StaActive.CfpMaxDuration = (_pAd)->MlmeAux.CfpMaxDuration;                  \
+       (_pAd)->StaActive.CfpPeriod = (_pAd)->MlmeAux.CfpPeriod;                            \
+       (_pAd)->StaActive.SupRateLen = (_pAd)->MlmeAux.SupRateLen;                          \
+       NdisMoveMemory((_pAd)->StaActive.SupRate, (_pAd)->MlmeAux.SupRate, (_pAd)->MlmeAux.SupRateLen);\
+       (_pAd)->StaActive.ExtRateLen = (_pAd)->MlmeAux.ExtRateLen;                          \
+       NdisMoveMemory((_pAd)->StaActive.ExtRate, (_pAd)->MlmeAux.ExtRate, (_pAd)->MlmeAux.ExtRateLen);\
+       NdisMoveMemory(&(_pAd)->CommonCfg.APEdcaParm, &(_pAd)->MlmeAux.APEdcaParm, sizeof(EDCA_PARM));\
+       NdisMoveMemory(&(_pAd)->CommonCfg.APQosCapability, &(_pAd)->MlmeAux.APQosCapability, sizeof(QOS_CAPABILITY_PARM));\
+       NdisMoveMemory(&(_pAd)->CommonCfg.APQbssLoad, &(_pAd)->MlmeAux.APQbssLoad, sizeof(QBSS_LOAD_PARM));\
+       COPY_MAC_ADDR((_pAd)->MacTab.Content[BSSID_WCID].Addr, (_pAd)->MlmeAux.Bssid);      \
+       (_pAd)->MacTab.Content[BSSID_WCID].Aid = (_pAd)->MlmeAux.Aid;                       \
+       (_pAd)->MacTab.Content[BSSID_WCID].PairwiseKey.CipherAlg = (_pAd)->StaCfg.PairCipher;\
+       COPY_MAC_ADDR((_pAd)->MacTab.Content[BSSID_WCID].PairwiseKey.BssId, (_pAd)->MlmeAux.Bssid);\
+       (_pAd)->MacTab.Content[BSSID_WCID].RateLen = (_pAd)->StaActive.SupRateLen + (_pAd)->StaActive.ExtRateLen;\
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = PASSIVE_LEVEL
+
+       ==========================================================================
+*/
+VOID MlmeCntlInit(
+       IN PRTMP_ADAPTER pAd,
+       IN STATE_MACHINE *S,
+       OUT STATE_MACHINE_FUNC Trans[])
+{
+       // Control state machine differs from other state machines, the interface
+       // follows the standard interface
+       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID MlmeCntlMachinePerformAction(
+       IN PRTMP_ADAPTER pAd,
+       IN STATE_MACHINE *S,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       switch(pAd->Mlme.CntlMachine.CurrState)
+       {
+               case CNTL_IDLE:
+                       CntlIdleProc(pAd, Elem);
+                       break;
+               case CNTL_WAIT_DISASSOC:
+                       CntlWaitDisassocProc(pAd, Elem);
+                       break;
+               case CNTL_WAIT_JOIN:
+                       CntlWaitJoinProc(pAd, Elem);
+                       break;
+
+               // CNTL_WAIT_REASSOC is the only state in CNTL machine that does
+               // not triggered directly or indirectly by "RTMPSetInformation(OID_xxx)".
+               // Therefore not protected by NDIS's "only one outstanding OID request"
+               // rule. Which means NDIS may SET OID in the middle of ROAMing attempts.
+               // Current approach is to block new SET request at RTMPSetInformation()
+               // when CntlMachine.CurrState is not CNTL_IDLE
+               case CNTL_WAIT_REASSOC:
+                       CntlWaitReassocProc(pAd, Elem);
+                       break;
+
+               case CNTL_WAIT_START:
+                       CntlWaitStartProc(pAd, Elem);
+                       break;
+               case CNTL_WAIT_AUTH:
+                       CntlWaitAuthProc(pAd, Elem);
+                       break;
+               case CNTL_WAIT_AUTH2:
+                       CntlWaitAuthProc2(pAd, Elem);
+                       break;
+               case CNTL_WAIT_ASSOC:
+                       CntlWaitAssocProc(pAd, Elem);
+                       break;
+
+               case CNTL_WAIT_OID_LIST_SCAN:
+                       if(Elem->MsgType == MT2_SCAN_CONF)
+                       {
+                               // Resume TxRing after SCANING complete. We hope the out-of-service time
+                               // won't be too long to let upper layer time-out the waiting frames
+                               RTMPResumeMsduTransmission(pAd);
+
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+
+                //
+                               // Set LED status to previous status.
+                               //
+                               if (pAd->bLedOnScanning)
+                               {
+                                       pAd->bLedOnScanning = FALSE;
+                                       RTMPSetLED(pAd, pAd->LedStatus);
+                               }
+#ifdef DOT11N_DRAFT3
+                               // AP sent a 2040Coexistence mgmt frame, then station perform a scan, and then send back the respone.
+                               if (pAd->CommonCfg.BSSCoexist2040.field.InfoReq == 1)
+                               {
+                                       Update2040CoexistFrameAndNotify(pAd, BSSID_WCID, TRUE);
+                               }
+#endif // DOT11N_DRAFT3 //
+                       }
+                       break;
+
+               case CNTL_WAIT_OID_DISASSOC:
+                       if (Elem->MsgType == MT2_DISASSOC_CONF)
+                       {
+                               LinkDown(pAd, FALSE);
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                       }
+                       break;
+               default:
+                       DBGPRINT_ERR(("!ERROR! CNTL - Illegal message type(=%ld)", Elem->MsgType));
+                       break;
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlIdleProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       MLME_DISASSOC_REQ_STRUCT   DisassocReq;
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
+               return;
+
+       switch(Elem->MsgType)
+       {
+               case OID_802_11_SSID:
+                       CntlOidSsidProc(pAd, Elem);
+                       break;
+
+               case OID_802_11_BSSID:
+                       CntlOidRTBssidProc(pAd,Elem);
+                       break;
+
+               case OID_802_11_BSSID_LIST_SCAN:
+                       CntlOidScanProc(pAd,Elem);
+                       break;
+
+               case OID_802_11_DISASSOCIATE:
+                       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+                       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ, sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_DISASSOC;
+#ifdef WPA_SUPPLICANT_SUPPORT
+            if (pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_ENABLE_WITH_WEB_UI)
+#endif // WPA_SUPPLICANT_SUPPORT //
+            {
+                       // Set the AutoReconnectSsid to prevent it reconnect to old SSID
+                       // Since calling this indicate user don't want to connect to that SSID anymore.
+                       pAd->MlmeAux.AutoReconnectSsidLen= 32;
+                       NdisZeroMemory(pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.AutoReconnectSsidLen);
+            }
+                       break;
+
+               case MT2_MLME_ROAMING_REQ:
+                       CntlMlmeRoamingProc(pAd, Elem);
+                       break;
+
+        case OID_802_11_MIC_FAILURE_REPORT_FRAME:
+            WpaMicFailureReportFrame(pAd, Elem);
+            break;
+
+#ifdef QOS_DLS_SUPPORT
+               case RT_OID_802_11_SET_DLS_PARAM:
+                       CntlOidDLSSetupProc(pAd, Elem);
+                       break;
+#endif // QOS_DLS_SUPPORT //
+
+               default:
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Illegal message in CntlIdleProc(MsgType=%ld)\n",Elem->MsgType));
+                       break;
+       }
+}
+
+VOID CntlOidScanProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       MLME_SCAN_REQ_STRUCT       ScanReq;
+       ULONG                      BssIdx = BSS_NOT_FOUND;
+       BSS_ENTRY                  CurrBss;
+
+#ifdef RALINK_ATE
+/* Disable scanning when ATE is running. */
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+
+       // record current BSS if network is connected.
+       // 2003-2-13 do not include current IBSS if this is the only STA in this IBSS.
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+       {
+               BssIdx = BssSsidTableSearch(&pAd->ScanTab, pAd->CommonCfg.Bssid, (PUCHAR)pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen, pAd->CommonCfg.Channel);
+               if (BssIdx != BSS_NOT_FOUND)
+               {
+                       NdisMoveMemory(&CurrBss, &pAd->ScanTab.BssEntry[BssIdx], sizeof(BSS_ENTRY));
+               }
+       }
+
+       // clean up previous SCAN result, add current BSS back to table if any
+       BssTableInit(&pAd->ScanTab);
+       if (BssIdx != BSS_NOT_FOUND)
+       {
+               // DDK Note: If the NIC is associated with a particular BSSID and SSID
+               //    that are not contained in the list of BSSIDs generated by this scan, the
+               //    BSSID description of the currently associated BSSID and SSID should be
+               //    appended to the list of BSSIDs in the NIC's database.
+               // To ensure this, we append this BSS as the first entry in SCAN result
+               NdisMoveMemory(&pAd->ScanTab.BssEntry[0], &CurrBss, sizeof(BSS_ENTRY));
+               pAd->ScanTab.BssNr = 1;
+       }
+
+       ScanParmFill(pAd, &ScanReq, (PSTRING) Elem->Msg, Elem->MsgLen, BSS_ANY, SCAN_ACTIVE);
+       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_SCAN_REQ,
+               sizeof(MLME_SCAN_REQ_STRUCT), &ScanReq);
+       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_LIST_SCAN;
+}
+
+/*
+       ==========================================================================
+       Description:
+               Before calling this routine, user desired SSID should already been
+               recorded in CommonCfg.Ssid[]
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlOidSsidProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM * Elem)
+{
+       PNDIS_802_11_SSID          pOidSsid = (NDIS_802_11_SSID *)Elem->Msg;
+       MLME_DISASSOC_REQ_STRUCT   DisassocReq;
+       ULONG                                      Now;
+
+
+       // Step 1. record the desired user settings to MlmeAux
+       NdisZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID);
+       NdisMoveMemory(pAd->MlmeAux.Ssid, pOidSsid->Ssid, pOidSsid->SsidLength);
+       pAd->MlmeAux.SsidLen = (UCHAR)pOidSsid->SsidLength;
+       NdisZeroMemory(pAd->MlmeAux.Bssid, MAC_ADDR_LEN);
+       pAd->MlmeAux.BssType = pAd->StaCfg.BssType;
+
+       pAd->StaCfg.bAutoConnectByBssid = FALSE;
+
+       //
+       // Update Reconnect Ssid, that user desired to connect.
+       //
+       NdisZeroMemory(pAd->MlmeAux.AutoReconnectSsid, MAX_LEN_OF_SSID);
+       NdisMoveMemory(pAd->MlmeAux.AutoReconnectSsid, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+       pAd->MlmeAux.AutoReconnectSsidLen = pAd->MlmeAux.SsidLen;
+
+       // step 2. find all matching BSS in the lastest SCAN result (inBssTab)
+       //    & log them into MlmeAux.SsidBssTab for later-on iteration. Sort by RSSI order
+       BssTableSsidSort(pAd, &pAd->MlmeAux.SsidBssTab, (PCHAR)pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - %d BSS of %d BSS match the desire (%d)SSID - %s\n",
+                       pAd->MlmeAux.SsidBssTab.BssNr, pAd->ScanTab.BssNr, pAd->MlmeAux.SsidLen, pAd->MlmeAux.Ssid));
+       NdisGetSystemUpTime(&Now);
+
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED) &&
+               (pAd->CommonCfg.SsidLen == pAd->MlmeAux.SsidBssTab.BssEntry[0].SsidLen) &&
+               NdisEqualMemory(pAd->CommonCfg.Ssid, pAd->MlmeAux.SsidBssTab.BssEntry[0].Ssid, pAd->CommonCfg.SsidLen) &&
+               MAC_ADDR_EQUAL(pAd->CommonCfg.Bssid, pAd->MlmeAux.SsidBssTab.BssEntry[0].Bssid))
+       {
+               // Case 1. already connected with an AP who has the desired SSID
+               //         with highest RSSI
+
+               // Add checking Mode "LEAP" for CCX 1.0
+               if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+                        (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                        (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) ||
+                        (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
+                        ) &&
+                       (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+               {
+                       // case 1.1 For WPA, WPA-PSK, if the 1x port is not secured, we have to redo
+                       //          connection process
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - disassociate with current AP...\n"));
+                       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+                       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ,
+                                               sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+               }
+               else if (pAd->bConfigChanged == TRUE)
+               {
+                       // case 1.2 Important Config has changed, we have to reconnect to the same AP
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - disassociate with current AP Because config changed...\n"));
+                       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+                       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ,
+                                               sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+               }
+               else
+               {
+                       // case 1.3. already connected to the SSID with highest RSSI.
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - already with this BSSID. ignore this SET_SSID request\n"));
+                       //
+                       // (HCT 12.1) 1c_wlan_mediaevents required
+                       // media connect events are indicated when associating with the same AP
+                       //
+                       if (INFRA_ON(pAd))
+                       {
+                               //
+                               // Since MediaState already is NdisMediaStateConnected
+                               // We just indicate the connect event again to meet the WHQL required.
+                               //
+                               pAd->IndicateMediaState = NdisMediaStateConnected;
+                               RTMP_IndicateMediaState(pAd);
+                pAd->ExtraInfo = GENERAL_LINK_UP;   // Update extra information to link is up
+                       }
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+                       RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, &pAd->MlmeAux.Bssid[0], NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+               }
+       }
+       else if (INFRA_ON(pAd))
+       {
+               //
+               // For RT61
+               // [88888] OID_802_11_SSID should have returned NDTEST_WEP_AP2(Returned: )
+               // RT61 may lost SSID, and not connect to NDTEST_WEP_AP2 and will connect to NDTEST_WEP_AP2 by Autoreconnect
+               // But media status is connected, so the SSID not report correctly.
+               //
+               if (!SSID_EQUAL(pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen))
+               {
+                       //
+                       // Different SSID means not Roaming case, so we let LinkDown() to Indicate a disconnect event.
+                       //
+                       pAd->MlmeAux.CurrReqIsFromNdis = TRUE;
+               }
+               // case 2. active INFRA association existent
+               //    roaming is done within miniport driver, nothing to do with configuration
+               //    utility. so upon a new SET(OID_802_11_SSID) is received, we just
+               //    disassociate with the current associated AP,
+               //    then perform a new association with this new SSID, no matter the
+               //    new/old SSID are the same or not.
+               DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - disassociate with current AP...\n"));
+               DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+               MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ,
+                                       sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+       }
+       else
+       {
+               if (ADHOC_ON(pAd))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - drop current ADHOC\n"));
+                       LinkDown(pAd, FALSE);
+                       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                       pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                       RTMP_IndicateMediaState(pAd);
+            pAd->ExtraInfo = GENERAL_LINK_DOWN;
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():NDIS_STATUS_MEDIA_DISCONNECT Event C!\n"));
+               }
+
+               if ((pAd->MlmeAux.SsidBssTab.BssNr == 0) &&
+                       (pAd->StaCfg.bAutoReconnect == TRUE) &&
+                       (pAd->MlmeAux.BssType == BSS_INFRA) &&
+                       (MlmeValidateSSID(pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen) == TRUE)
+                       )
+               {
+                       MLME_SCAN_REQ_STRUCT       ScanReq;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("CntlOidSsidProc():CNTL - No matching BSS, start a new scan\n"));
+                       ScanParmFill(pAd, &ScanReq, (PSTRING) pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen, BSS_ANY, SCAN_ACTIVE);
+                       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_SCAN_REQ, sizeof(MLME_SCAN_REQ_STRUCT), &ScanReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_LIST_SCAN;
+                       // Reset Missed scan number
+                       pAd->StaCfg.LastScanTime = Now;
+               }
+               else
+               {
+
+                       pAd->MlmeAux.BssIdx = 0;
+                       IterateOnBssTab(pAd);
+               }
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlOidRTBssidProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM * Elem)
+{
+       ULONG       BssIdx;
+       PUCHAR      pOidBssid = (PUCHAR)Elem->Msg;
+       MLME_DISASSOC_REQ_STRUCT    DisassocReq;
+       MLME_JOIN_REQ_STRUCT        JoinReq;
+
+#ifdef RALINK_ATE
+/* No need to perform this routine when ATE is running. */
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+
+       // record user desired settings
+       COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pOidBssid);
+       pAd->MlmeAux.BssType = pAd->StaCfg.BssType;
+
+       // find the desired BSS in the latest SCAN result table
+       BssIdx = BssTableSearch(&pAd->ScanTab, pOidBssid, pAd->MlmeAux.Channel);
+       if (BssIdx == BSS_NOT_FOUND)
+       {
+               MLME_SCAN_REQ_STRUCT       ScanReq;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - BSSID not found. reply NDIS_STATUS_NOT_ACCEPTED\n"));
+               //pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - BSSID not found. start a new scan\n"));
+               ScanParmFill(pAd, &ScanReq, (PSTRING) pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen, BSS_ANY, SCAN_ACTIVE);
+               MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_SCAN_REQ, sizeof(MLME_SCAN_REQ_STRUCT), &ScanReq);
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_LIST_SCAN;
+               // Reset Missed scan number
+               NdisGetSystemUpTime(&pAd->StaCfg.LastScanTime);
+               return;
+       }
+
+       //
+       // Update Reconnect Ssid, that user desired to connect.
+       //
+       NdisZeroMemory(pAd->MlmeAux.AutoReconnectSsid, MAX_LEN_OF_SSID);
+       pAd->MlmeAux.AutoReconnectSsidLen = pAd->ScanTab.BssEntry[BssIdx].SsidLen;
+       NdisMoveMemory(pAd->MlmeAux.AutoReconnectSsid, pAd->ScanTab.BssEntry[BssIdx].Ssid, pAd->ScanTab.BssEntry[BssIdx].SsidLen);
+
+       // copy the matched BSS entry from ScanTab to MlmeAux.SsidBssTab. Why?
+       // Because we need this entry to become the JOIN target in later on SYNC state machine
+       pAd->MlmeAux.BssIdx = 0;
+       pAd->MlmeAux.SsidBssTab.BssNr = 1;
+       NdisMoveMemory(&pAd->MlmeAux.SsidBssTab.BssEntry[0], &pAd->ScanTab.BssEntry[BssIdx], sizeof(BSS_ENTRY));
+
+       // Add SSID into MlmeAux for site surey joining hidden SSID
+       pAd->MlmeAux.SsidLen = pAd->ScanTab.BssEntry[BssIdx].SsidLen;
+       NdisMoveMemory(pAd->MlmeAux.Ssid, pAd->ScanTab.BssEntry[BssIdx].Ssid, pAd->MlmeAux.SsidLen);
+
+       {
+               if (INFRA_ON(pAd))
+               {
+                       // disassoc from current AP first
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - disassociate with current AP ...\n"));
+                       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_DISASSOC_STA_LEAVING);
+                       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ,
+                                               sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+               }
+               else
+               {
+                       if (ADHOC_ON(pAd))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - drop current ADHOC\n"));
+                               LinkDown(pAd, FALSE);
+                               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                               pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                               RTMP_IndicateMediaState(pAd);
+                pAd->ExtraInfo = GENERAL_LINK_DOWN;
+                               DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_DISCONNECT Event C!\n"));
+                       }
+
+                       // Change the wepstatus to original wepstatus
+                       pAd->StaCfg.WepStatus   = pAd->StaCfg.OrigWepStatus;
+                       pAd->StaCfg.PairCipher  = pAd->StaCfg.OrigWepStatus;
+                       pAd->StaCfg.GroupCipher = pAd->StaCfg.OrigWepStatus;
+
+                       // Check cipher suite, AP must have more secured cipher than station setting
+                       // Set the Pairwise and Group cipher to match the intended AP setting
+                       // We can only connect to AP with less secured cipher setting
+                       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+                       {
+                               pAd->StaCfg.GroupCipher = pAd->ScanTab.BssEntry[BssIdx].WPA.GroupCipher;
+
+                               if (pAd->StaCfg.WepStatus == pAd->ScanTab.BssEntry[BssIdx].WPA.PairCipher)
+                                       pAd->StaCfg.PairCipher = pAd->ScanTab.BssEntry[BssIdx].WPA.PairCipher;
+                               else if (pAd->ScanTab.BssEntry[BssIdx].WPA.PairCipherAux != Ndis802_11WEPDisabled)
+                                       pAd->StaCfg.PairCipher = pAd->ScanTab.BssEntry[BssIdx].WPA.PairCipherAux;
+                               else    // There is no PairCipher Aux, downgrade our capability to TKIP
+                                       pAd->StaCfg.PairCipher = Ndis802_11Encryption2Enabled;
+                       }
+                       else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+                       {
+                               pAd->StaCfg.GroupCipher = pAd->ScanTab.BssEntry[BssIdx].WPA2.GroupCipher;
+
+                               if (pAd->StaCfg.WepStatus == pAd->ScanTab.BssEntry[BssIdx].WPA2.PairCipher)
+                                       pAd->StaCfg.PairCipher = pAd->ScanTab.BssEntry[BssIdx].WPA2.PairCipher;
+                               else if (pAd->ScanTab.BssEntry[BssIdx].WPA2.PairCipherAux != Ndis802_11WEPDisabled)
+                                       pAd->StaCfg.PairCipher = pAd->ScanTab.BssEntry[BssIdx].WPA2.PairCipherAux;
+                               else    // There is no PairCipher Aux, downgrade our capability to TKIP
+                                       pAd->StaCfg.PairCipher = Ndis802_11Encryption2Enabled;
+
+                               // RSN capability
+                               pAd->StaCfg.RsnCapability = pAd->ScanTab.BssEntry[BssIdx].WPA2.RsnCapability;
+                       }
+
+                       // Set Mix cipher flag
+                       pAd->StaCfg.bMixCipher = (pAd->StaCfg.PairCipher == pAd->StaCfg.GroupCipher) ? FALSE : TRUE;
+                       /*if (pAd->StaCfg.bMixCipher == TRUE)
+                       {
+                               // If mix cipher, re-build RSNIE
+                               RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, 0);
+                       }*/
+                       // No active association, join the BSS immediately
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - joining %02x:%02x:%02x:%02x:%02x:%02x ...\n",
+                               pOidBssid[0],pOidBssid[1],pOidBssid[2],pOidBssid[3],pOidBssid[4],pOidBssid[5]));
+
+                       JoinParmFill(pAd, &JoinReq, pAd->MlmeAux.BssIdx);
+                       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_JOIN_REQ, sizeof(MLME_JOIN_REQ_STRUCT), &JoinReq);
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_JOIN;
+               }
+       }
+}
+
+// Roaming is the only external request triggering CNTL state machine
+// despite of other "SET OID" operation. All "SET OID" related oerations
+// happen in sequence, because no other SET OID will be sent to this device
+// until the the previous SET operation is complete (successful o failed).
+// So, how do we quarantee this ROAMING request won't corrupt other "SET OID"?
+// or been corrupted by other "SET OID"?
+//
+// IRQL = DISPATCH_LEVEL
+VOID CntlMlmeRoamingProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR BBPValue = 0;
+
+       DBGPRINT(RT_DEBUG_TRACE,("CNTL - Roaming in MlmeAux.RoamTab...\n"));
+
+       {
+               //Let BBP register at 20MHz to do (fast) roaming.
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+               BBPValue &= (~0x18);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+
+               NdisMoveMemory(&pAd->MlmeAux.SsidBssTab, &pAd->MlmeAux.RoamTab, sizeof(pAd->MlmeAux.RoamTab));
+               pAd->MlmeAux.SsidBssTab.BssNr = pAd->MlmeAux.RoamTab.BssNr;
+
+               BssTableSortByRssi(&pAd->MlmeAux.SsidBssTab);
+               pAd->MlmeAux.BssIdx = 0;
+               IterateOnBssTab(pAd);
+       }
+}
+
+#ifdef QOS_DLS_SUPPORT
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlOidDLSSetupProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PRT_802_11_DLS          pDLS = (PRT_802_11_DLS)Elem->Msg;
+       MLME_DLS_REQ_STRUCT     MlmeDlsReq;
+       INT                                     i;
+       USHORT                          reason = REASON_UNSPECIFY;
+
+       DBGPRINT(RT_DEBUG_TRACE,("CNTL - (OID set %02x:%02x:%02x:%02x:%02x:%02x with Valid=%d, Status=%d, TimeOut=%d, CountDownTimer=%d)\n",
+               pDLS->MacAddr[0], pDLS->MacAddr[1], pDLS->MacAddr[2], pDLS->MacAddr[3], pDLS->MacAddr[4], pDLS->MacAddr[5],
+               pDLS->Valid, pDLS->Status, pDLS->TimeOut, pDLS->CountDownTimer));
+
+       if (!pAd->CommonCfg.bDLSCapable)
+               return;
+
+       // DLS will not be supported when Adhoc mode
+       if (INFRA_ON(pAd))
+       {
+               for (i = 0; i < MAX_NUM_OF_DLS_ENTRY; i++)
+               {
+                       if (pDLS->Valid && pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH) &&
+                               (pDLS->TimeOut == pAd->StaCfg.DLSEntry[i].TimeOut) && MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               // 1. Same setting, just drop it
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - setting unchanged\n"));
+                               break;
+                       }
+                       else if (!pDLS->Valid && pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH) &&
+                               MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               // 2. Disable DLS link case, just tear down DLS link
+                               reason = REASON_QOS_UNWANTED_MECHANISM;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - start tear down procedure\n"));
+                               break;
+                       }
+                       else if ((i < MAX_NUM_OF_DLS_ENTRY) && pDLS->Valid && !pAd->StaCfg.DLSEntry[i].Valid)
+                       {
+                               // 3. Enable case, start DLS setup procedure
+                               NdisMoveMemory(&pAd->StaCfg.DLSEntry[i], pDLS, sizeof(RT_802_11_DLS_UI));
+
+                               //Update countdown timer
+                               pAd->StaCfg.DLSEntry[i].CountDownTimer = pAd->StaCfg.DLSEntry[i].TimeOut;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_REQ, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - DLS setup case\n"));
+                               break;
+                       }
+                       else if ((i < MAX_NUM_OF_DLS_ENTRY) && pDLS->Valid && pAd->StaCfg.DLSEntry[i].Valid &&
+                               (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH) && !MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               // 4. update mac case, tear down old DLS and setup new DLS
+                               reason = REASON_QOS_UNWANTED_MECHANISM;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               NdisMoveMemory(&pAd->StaCfg.DLSEntry[i], pDLS, sizeof(RT_802_11_DLS_UI));
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_REQ, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - DLS tear down and restart case\n"));
+                               break;
+                       }
+                       else if (pDLS->Valid && pAd->StaCfg.DLSEntry[i].Valid &&
+                               MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr) && (pAd->StaCfg.DLSEntry[i].TimeOut != pDLS->TimeOut))
+                       {
+                               // 5. update timeout case, start DLS setup procedure (no tear down)
+                               pAd->StaCfg.DLSEntry[i].TimeOut = pDLS->TimeOut;
+                               //Update countdown timer
+                               pAd->StaCfg.DLSEntry[i].CountDownTimer = pAd->StaCfg.DLSEntry[i].TimeOut;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_REQ, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - DLS update timeout case\n"));
+                               break;
+                       }
+                       else if (pDLS->Valid && pAd->StaCfg.DLSEntry[i].Valid &&
+                               (pAd->StaCfg.DLSEntry[i].Status != DLS_FINISH) && MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               // 6. re-setup case, start DLS setup procedure (no tear down)
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_REQ, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               DBGPRINT(RT_DEBUG_TRACE,("CNTL - DLS retry setup procedure\n"));
+                               break;
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN,("CNTL - DLS not changed in entry - %d - Valid=%d, Status=%d, TimeOut=%d\n",
+                                       i, pAd->StaCfg.DLSEntry[i].Valid, pAd->StaCfg.DLSEntry[i].Status, pAd->StaCfg.DLSEntry[i].TimeOut));
+                       }
+               }
+       }
+}
+#endif // QOS_DLS_SUPPORT //
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitDisassocProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       MLME_START_REQ_STRUCT     StartReq;
+
+       if (Elem->MsgType == MT2_DISASSOC_CONF)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Dis-associate successful\n"));
+
+           if (pAd->CommonCfg.bWirelessEvent)
+               {
+                       RTMPSendWirelessEvent(pAd, IW_DISASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+               }
+
+               LinkDown(pAd, FALSE);
+
+               // case 1. no matching BSS, and user wants ADHOC, so we just start a new one
+               if ((pAd->MlmeAux.SsidBssTab.BssNr==0) && (pAd->StaCfg.BssType == BSS_ADHOC))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - No matching BSS, start a new ADHOC (Ssid=%s)...\n",pAd->MlmeAux.Ssid));
+                       StartParmFill(pAd, &StartReq, (PCHAR)pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+                       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_START_REQ, sizeof(MLME_START_REQ_STRUCT), &StartReq);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_START;
+               }
+               // case 2. try each matched BSS
+               else
+               {
+                       pAd->MlmeAux.BssIdx = 0;
+
+                       IterateOnBssTab(pAd);
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitJoinProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT                      Reason;
+       MLME_AUTH_REQ_STRUCT        AuthReq;
+
+       if (Elem->MsgType == MT2_JOIN_CONF)
+       {
+               NdisMoveMemory(&Reason, Elem->Msg, sizeof(USHORT));
+               if (Reason == MLME_SUCCESS)
+               {
+                       // 1. joined an IBSS, we are pretty much done here
+                       if (pAd->MlmeAux.BssType == BSS_ADHOC)
+                       {
+                           //
+                               // 5G bands rules of Japan:
+                               // Ad hoc must be disabled in W53(ch52,56,60,64) channels.
+                               //
+                               if ( (pAd->CommonCfg.bIEEE80211H == 1) &&
+                      RadarChannelCheck(pAd, pAd->CommonCfg.Channel)
+                                  )
+                               {
+                                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Channel=%d, Join adhoc on W53(52,56,60,64) Channels are not accepted\n", pAd->CommonCfg.Channel));
+                                       return;
+                               }
+
+                               LinkUp(pAd, BSS_ADHOC);
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - join the IBSS = %02x:%02x:%02x:%02x:%02x:%02x ...\n",
+                               pAd->CommonCfg.Bssid[0],pAd->CommonCfg.Bssid[1],pAd->CommonCfg.Bssid[2],
+                               pAd->CommonCfg.Bssid[3],pAd->CommonCfg.Bssid[4],pAd->CommonCfg.Bssid[5]));
+
+                pAd->IndicateMediaState = NdisMediaStateConnected;
+                pAd->ExtraInfo = GENERAL_LINK_UP;
+                       }
+                       // 2. joined a new INFRA network, start from authentication
+                       else
+                       {
+                               {
+                                       // either Ndis802_11AuthModeShared or Ndis802_11AuthModeAutoSwitch, try shared key first
+                                       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeShared) ||
+                                               (pAd->StaCfg.AuthMode == Ndis802_11AuthModeAutoSwitch))
+                                       {
+                                               AuthParmFill(pAd, &AuthReq, pAd->MlmeAux.Bssid, AUTH_MODE_KEY);
+                                       }
+                                       else
+                                       {
+                                               AuthParmFill(pAd, &AuthReq, pAd->MlmeAux.Bssid, AUTH_MODE_OPEN);
+                                       }
+                                       MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_MLME_AUTH_REQ,
+                                                       sizeof(MLME_AUTH_REQ_STRUCT), &AuthReq);
+                               }
+
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_AUTH;
+                       }
+               }
+               else
+               {
+                       // 3. failed, try next BSS
+                       pAd->MlmeAux.BssIdx++;
+                       IterateOnBssTab(pAd);
+               }
+       }
+}
+
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitStartProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT      Result;
+
+       if (Elem->MsgType == MT2_START_CONF)
+       {
+               NdisMoveMemory(&Result, Elem->Msg, sizeof(USHORT));
+               if (Result == MLME_SUCCESS)
+               {
+                   //
+                       // 5G bands rules of Japan:
+                       // Ad hoc must be disabled in W53(ch52,56,60,64) channels.
+                       //
+                       if ( (pAd->CommonCfg.bIEEE80211H == 1) &&
+                  RadarChannelCheck(pAd, pAd->CommonCfg.Channel)
+                          )
+                       {
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Channel=%d, Start adhoc on W53(52,56,60,64) Channels are not accepted\n", pAd->CommonCfg.Channel));
+                               return;
+                       }
+#ifdef DOT11_N_SUPPORT
+                       NdisZeroMemory(&pAd->StaActive.SupportedPhyInfo.MCSSet[0], 16);
+                       if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+                       {
+                               N_ChannelCheck(pAd);
+                               SetCommonHT(pAd);
+                               NdisMoveMemory(&pAd->MlmeAux.AddHtInfo, &pAd->CommonCfg.AddHTInfo, sizeof(ADD_HT_INFO_IE));
+                               RTMPCheckHt(pAd, BSSID_WCID, &pAd->CommonCfg.HtCapability, &pAd->CommonCfg.AddHTInfo);
+                               pAd->StaActive.SupportedPhyInfo.bHtEnable = TRUE;
+                               NdisMoveMemory(&pAd->StaActive.SupportedPhyInfo.MCSSet[0], &pAd->CommonCfg.HtCapability.MCSSet[0], 16);
+                               COPY_HTSETTINGS_FROM_MLME_AUX_TO_ACTIVE_CFG(pAd);
+
+                               if ((pAd->CommonCfg.HtCapability.HtCapInfo.ChannelWidth  == BW_40) &&
+                                       (pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset == EXTCHA_ABOVE))
+                               {
+                                       pAd->MlmeAux.CentralChannel = pAd->CommonCfg.Channel + 2;
+                               }
+                               else if ((pAd->CommonCfg.HtCapability.HtCapInfo.ChannelWidth  == BW_40) &&
+                                                (pAd->CommonCfg.AddHTInfo.AddHtInfo.ExtChanOffset == EXTCHA_BELOW))
+                               {
+                                       pAd->MlmeAux.CentralChannel = pAd->CommonCfg.Channel - 2;
+                               }
+                       }
+                       else
+#endif // DOT11_N_SUPPORT //
+                       {
+                               pAd->StaActive.SupportedPhyInfo.bHtEnable = FALSE;
+                       }
+                       LinkUp(pAd, BSS_ADHOC);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                       // Before send beacon, driver need do radar detection
+                       if ((pAd->CommonCfg.Channel > 14 )
+                               && (pAd->CommonCfg.bIEEE80211H == 1)
+                               && RadarChannelCheck(pAd, pAd->CommonCfg.Channel))
+                       {
+                               pAd->CommonCfg.RadarDetect.RDMode = RD_SILENCE_MODE;
+                               pAd->CommonCfg.RadarDetect.RDCount = 0;
+#ifdef DFS_SUPPORT
+                               BbpRadarDetectionStart(pAd);
+#endif // DFS_SUPPORT //
+                       }
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - start a new IBSS = %02x:%02x:%02x:%02x:%02x:%02x ...\n",
+                               pAd->CommonCfg.Bssid[0],pAd->CommonCfg.Bssid[1],pAd->CommonCfg.Bssid[2],
+                               pAd->CommonCfg.Bssid[3],pAd->CommonCfg.Bssid[4],pAd->CommonCfg.Bssid[5]));
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Start IBSS fail. BUG!!!!!\n"));
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitAuthProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT                       Reason;
+       MLME_ASSOC_REQ_STRUCT        AssocReq;
+       MLME_AUTH_REQ_STRUCT         AuthReq;
+
+       if (Elem->MsgType == MT2_AUTH_CONF)
+       {
+               NdisMoveMemory(&Reason, Elem->Msg, sizeof(USHORT));
+               if (Reason == MLME_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - AUTH OK\n"));
+                       AssocParmFill(pAd, &AssocReq, pAd->MlmeAux.Bssid, pAd->MlmeAux.CapabilityInfo,
+                                                 ASSOC_TIMEOUT, pAd->StaCfg.DefaultListenCount);
+
+                       {
+                               MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_ASSOC_REQ,
+                                                       sizeof(MLME_ASSOC_REQ_STRUCT), &AssocReq);
+
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_ASSOC;
+                       }
+               }
+               else
+               {
+                       // This fail may because of the AP already keep us in its MAC table without
+                       // ageing-out. The previous authentication attempt must have let it remove us.
+                       // so try Authentication again may help. For D-Link DWL-900AP+ compatibility.
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - AUTH FAIL, try again...\n"));
+                       {
+                               if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeShared) ||
+                                       (pAd->StaCfg.AuthMode == Ndis802_11AuthModeAutoSwitch))
+                               {
+                                       // either Ndis802_11AuthModeShared or Ndis802_11AuthModeAutoSwitch, try shared key first
+                                       AuthParmFill(pAd, &AuthReq, pAd->MlmeAux.Bssid, AUTH_MODE_KEY);
+                               }
+                               else
+                               {
+                                       AuthParmFill(pAd, &AuthReq, pAd->MlmeAux.Bssid, AUTH_MODE_OPEN);
+                               }
+                               MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_MLME_AUTH_REQ,
+                                                       sizeof(MLME_AUTH_REQ_STRUCT), &AuthReq);
+
+                       }
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_AUTH2;
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitAuthProc2(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT                       Reason;
+       MLME_ASSOC_REQ_STRUCT        AssocReq;
+       MLME_AUTH_REQ_STRUCT         AuthReq;
+
+       if (Elem->MsgType == MT2_AUTH_CONF)
+       {
+               NdisMoveMemory(&Reason, Elem->Msg, sizeof(USHORT));
+               if (Reason == MLME_SUCCESS)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - AUTH OK\n"));
+                       AssocParmFill(pAd, &AssocReq, pAd->MlmeAux.Bssid, pAd->MlmeAux.CapabilityInfo,
+                                                         ASSOC_TIMEOUT, pAd->StaCfg.DefaultListenCount);
+                       {
+                               MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_ASSOC_REQ,
+                                                       sizeof(MLME_ASSOC_REQ_STRUCT), &AssocReq);
+
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_ASSOC;
+                       }
+               }
+               else
+               {
+                       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeAutoSwitch) &&
+                                (pAd->MlmeAux.Alg == Ndis802_11AuthModeShared))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - AUTH FAIL, try OPEN system...\n"));
+                               AuthParmFill(pAd, &AuthReq, pAd->MlmeAux.Bssid, Ndis802_11AuthModeOpen);
+                               MlmeEnqueue(pAd, AUTH_STATE_MACHINE, MT2_MLME_AUTH_REQ,
+                                                       sizeof(MLME_AUTH_REQ_STRUCT), &AuthReq);
+
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_AUTH2;
+                       }
+                       else
+                       {
+                               // not success, try next BSS
+                               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - AUTH FAIL, give up; try next BSS\n"));
+                               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE; //???????
+                               pAd->MlmeAux.BssIdx++;
+                               IterateOnBssTab(pAd);
+                       }
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitAssocProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT      Reason;
+
+       if (Elem->MsgType == MT2_ASSOC_CONF)
+       {
+               NdisMoveMemory(&Reason, Elem->Msg, sizeof(USHORT));
+               if (Reason == MLME_SUCCESS)
+               {
+                       if (pAd->CommonCfg.bWirelessEvent)
+                       {
+                               RTMPSendWirelessEvent(pAd, IW_ASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+                       }
+
+                       LinkUp(pAd, BSS_INFRA);
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Association successful on BSS #%ld\n",pAd->MlmeAux.BssIdx));
+               }
+               else
+               {
+                       // not success, try next BSS
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Association fails on BSS #%ld\n",pAd->MlmeAux.BssIdx));
+                       pAd->MlmeAux.BssIdx++;
+                       IterateOnBssTab(pAd);
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID CntlWaitReassocProc(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT      Result;
+
+       if (Elem->MsgType == MT2_REASSOC_CONF)
+       {
+               NdisMoveMemory(&Result, Elem->Msg, sizeof(USHORT));
+               if (Result == MLME_SUCCESS)
+               {
+                       // send wireless event - for association
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_ASSOC_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+
+                       //
+                       // NDIS requires a new Link UP indication but no Link Down for RE-ASSOC
+                       //
+                       LinkUp(pAd, BSS_INFRA);
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Re-assocition successful on BSS #%ld\n", pAd->MlmeAux.RoamIdx));
+               }
+               else
+               {
+                       // reassoc failed, try to pick next BSS in the BSS Table
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - Re-assocition fails on BSS #%ld\n", pAd->MlmeAux.RoamIdx));
+                       {
+                               pAd->MlmeAux.RoamIdx++;
+                               IterateOnBssTab2(pAd);
+                       }
+               }
+       }
+}
+
+
+VOID   AdhocTurnOnQos(
+       IN  PRTMP_ADAPTER pAd)
+{
+#define AC0_DEF_TXOP           0
+#define AC1_DEF_TXOP           0
+#define AC2_DEF_TXOP           94
+#define AC3_DEF_TXOP           47
+
+       // Turn on QOs if use HT rate.
+       if (pAd->CommonCfg.APEdcaParm.bValid == FALSE)
+       {
+               pAd->CommonCfg.APEdcaParm.bValid = TRUE;
+               pAd->CommonCfg.APEdcaParm.Aifsn[0] = 3;
+               pAd->CommonCfg.APEdcaParm.Aifsn[1] = 7;
+               pAd->CommonCfg.APEdcaParm.Aifsn[2] = 1;
+               pAd->CommonCfg.APEdcaParm.Aifsn[3] = 1;
+
+               pAd->CommonCfg.APEdcaParm.Cwmin[0] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmin[1] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmin[2] = 3;
+               pAd->CommonCfg.APEdcaParm.Cwmin[3] = 2;
+
+               pAd->CommonCfg.APEdcaParm.Cwmax[0] = 10;
+               pAd->CommonCfg.APEdcaParm.Cwmax[1] = 6;
+               pAd->CommonCfg.APEdcaParm.Cwmax[2] = 4;
+               pAd->CommonCfg.APEdcaParm.Cwmax[3] = 3;
+
+               pAd->CommonCfg.APEdcaParm.Txop[0]  = 0;
+               pAd->CommonCfg.APEdcaParm.Txop[1]  = 0;
+               pAd->CommonCfg.APEdcaParm.Txop[2]  = AC2_DEF_TXOP;
+               pAd->CommonCfg.APEdcaParm.Txop[3]  = AC3_DEF_TXOP;
+       }
+       AsicSetEdcaParm(pAd, &pAd->CommonCfg.APEdcaParm);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID LinkUp(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR BssType)
+{
+       ULONG   Now;
+       UINT32  Data;
+       BOOLEAN Cancelled;
+       UCHAR   Value = 0, idx = 0, HashIdx = 0;
+       MAC_TABLE_ENTRY *pEntry = NULL, *pCurrEntry = NULL;
+
+       // Init ChannelQuality to prevent DEAD_CQI at initial LinkUp
+       pAd->Mlme.ChannelQuality = 50;
+
+       pEntry = MacTableLookup(pAd, pAd->CommonCfg.Bssid);
+       if (pEntry)
+       {
+               MacTableDeleteEntry(pAd, pEntry->Aid, pEntry->Addr);
+               pEntry = NULL;
+       }
+
+
+       pEntry = &pAd->MacTab.Content[BSSID_WCID];
+
+       //
+       // ASSOC - DisassocTimeoutAction
+       // CNTL - Dis-associate successful
+       // !!! LINK DOWN !!!
+       // [88888] OID_802_11_SSID should have returned NDTEST_WEP_AP2(Returned: )
+       //
+       // To prevent DisassocTimeoutAction to call Link down after we link up,
+       // cancel the DisassocTimer no matter what it start or not.
+       //
+       RTMPCancelTimer(&pAd->MlmeAux.DisassocTimer,  &Cancelled);
+
+       COPY_SETTINGS_FROM_MLME_AUX_TO_ACTIVE_CFG(pAd);
+
+#ifdef DOT11_N_SUPPORT
+       COPY_HTSETTINGS_FROM_MLME_AUX_TO_ACTIVE_CFG(pAd);
+#endif // DOT11_N_SUPPORT //
+
+#ifdef RTMP_MAC_PCI
+       // Before power save before link up function, We will force use 1R.
+       // So after link up, check Rx antenna # again.
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &Value);
+       if(pAd->Antenna.field.RxPath == 3)
+       {
+               Value |= (0x10);
+       }
+       else if(pAd->Antenna.field.RxPath == 2)
+       {
+               Value |= (0x8);
+       }
+       else if(pAd->Antenna.field.RxPath == 1)
+       {
+               Value |= (0x0);
+       }
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, Value);
+       pAd->StaCfg.BBPR3 = Value;
+#endif // RTMP_MAC_PCI //
+
+       if (BssType == BSS_ADHOC)
+       {
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_ADHOC_ON);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_INFRA_ON);
+
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+               // No carrier detection when adhoc
+               // CarrierDetectionStop(pAd);
+               pAd->CommonCfg.CarrierDetect.CD_State = CD_NORMAL;
+#endif // CARRIER_DETECTION_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+               if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+                       AdhocTurnOnQos(pAd);
+#endif // DOT11_N_SUPPORT //
+
+               DBGPRINT(RT_DEBUG_TRACE, ("!!!Adhoc LINK UP !!! \n" ));
+       }
+       else
+       {
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_INFRA_ON);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_ADHOC_ON);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("!!!Infra LINK UP !!! \n" ));
+       }
+
+               // 3*3
+               // reset Tx beamforming bit
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &Value);
+               Value &= (~0x01);
+               Value |= pAd->CommonCfg.RegTransmitSetting.field.TxBF;
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, Value);
+
+#ifdef DOT11_N_SUPPORT
+       // Change to AP channel
+        if ((pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel) && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+       {
+               // Must using 40MHz.
+               pAd->CommonCfg.BBPCurrentBW = BW_40;
+               AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+               AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &Value);
+               Value &= (~0x18);
+               Value |= 0x10;
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, Value);
+
+               //  RX : control channel at lower
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &Value);
+               Value &= (~0x20);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, Value);
+#ifdef RTMP_MAC_PCI
+            pAd->StaCfg.BBPR3 = Value;
+#endif // RTMP_MAC_PCI //
+
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Data);
+               Data &= 0xfffffffe;
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Data);
+
+               if (pAd->MACVersion == 0x28600100)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, 0x1A);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, 0x0A);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, 0x16);
+                DBGPRINT(RT_DEBUG_TRACE, ("!!!rt2860C !!! \n" ));
+               }
+
+               DBGPRINT(RT_DEBUG_TRACE, ("!!!40MHz Lower LINK UP !!! Control Channel at Below. Central = %d \n", pAd->CommonCfg.CentralChannel ));
+       }
+               else if ((pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel) && (pAd->MlmeAux.HtCapability.HtCapInfo.ChannelWidth == BW_40))
+           {
+                   // Must using 40MHz.
+                       pAd->CommonCfg.BBPCurrentBW = BW_40;
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+                   AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &Value);
+               Value &= (~0x18);
+               Value |= 0x10;
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, Value);
+
+               RTMP_IO_READ32(pAd, TX_BAND_CFG, &Data);
+               Data |= 0x1;
+               RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Data);
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &Value);
+                   Value |= (0x20);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, Value);
+#ifdef RTMP_MAC_PCI
+            pAd->StaCfg.BBPR3 = Value;
+#endif // RTMP_MAC_PCI //
+
+               if (pAd->MACVersion == 0x28600100)
+               {
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, 0x1A);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, 0x0A);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, 0x16);
+                           DBGPRINT(RT_DEBUG_TRACE, ("!!!rt2860C !!! \n" ));
+               }
+
+                   DBGPRINT(RT_DEBUG_TRACE, ("!!! 40MHz Upper LINK UP !!! Control Channel at UpperCentral = %d \n", pAd->CommonCfg.CentralChannel ));
+           }
+           else
+#endif // DOT11_N_SUPPORT //
+           {
+                   pAd->CommonCfg.BBPCurrentBW = BW_20;
+               pAd->CommonCfg.CentralChannel = pAd->CommonCfg.Channel;
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &Value);
+                       Value &= (~0x18);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, Value);
+
+                       RTMP_IO_READ32(pAd, TX_BAND_CFG, &Data);
+                       Data &= 0xfffffffe;
+                       RTMP_IO_WRITE32(pAd, TX_BAND_CFG, Data);
+
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R3, &Value);
+                       Value &= (~0x20);
+                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, Value);
+#ifdef RTMP_MAC_PCI
+            pAd->StaCfg.BBPR3 = Value;
+#endif // RTMP_MAC_PCI //
+
+                       if (pAd->MACVersion == 0x28600100)
+                       {
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R69, 0x16);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R70, 0x08);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R73, 0x11);
+                               DBGPRINT(RT_DEBUG_TRACE, ("!!!rt2860C !!! \n" ));
+                       }
+
+                   DBGPRINT(RT_DEBUG_TRACE, ("!!! 20MHz LINK UP !!! \n" ));
+       }
+
+       RTMPSetAGCInitValue(pAd, pAd->CommonCfg.BBPCurrentBW);
+       //
+       // Save BBP_R66 value, it will be used in RTUSBResumeMsduTransmission
+       //
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R66, &pAd->BbpTuning.R66CurrentValue);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK UP !!! (BssType=%d, AID=%d, ssid=%s, Channel=%d, CentralChannel = %d)\n",
+               BssType, pAd->StaActive.Aid, pAd->CommonCfg.Ssid, pAd->CommonCfg.Channel, pAd->CommonCfg.CentralChannel));
+
+#ifdef DOT11_N_SUPPORT
+       DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK UP !!! (Density =%d, )\n", pAd->MacTab.Content[BSSID_WCID].MpduDensity));
+#endif // DOT11_N_SUPPORT //
+
+               AsicSetBssid(pAd, pAd->CommonCfg.Bssid);
+
+       AsicSetSlotTime(pAd, TRUE);
+       AsicSetEdcaParm(pAd, &pAd->CommonCfg.APEdcaParm);
+
+
+       // Call this for RTS protectionfor legacy rate, we will always enable RTS threshold, but normally it will not hit
+       AsicUpdateProtect(pAd, 0, (OFDMSETPROTECT | CCKSETPROTECT), TRUE, FALSE);
+
+#ifdef DOT11_N_SUPPORT
+       if ((pAd->StaActive.SupportedPhyInfo.bHtEnable == TRUE))
+       {
+               // Update HT protectionfor based on AP's operating mode.
+       if (pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent == 1)
+       {
+               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode,  ALLN_SETPROTECT, FALSE, TRUE);
+       }
+       else
+                       AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode,  ALLN_SETPROTECT, FALSE, FALSE);
+       }
+#endif // DOT11_N_SUPPORT //
+
+       NdisZeroMemory(&pAd->DrsCounters, sizeof(COUNTER_DRS));
+
+       NdisGetSystemUpTime(&Now);
+       pAd->StaCfg.LastBeaconRxTime = Now;   // last RX timestamp
+
+       if ((pAd->CommonCfg.TxPreamble != Rt802_11PreambleLong) &&
+               CAP_IS_SHORT_PREAMBLE_ON(pAd->StaActive.CapabilityInfo))
+       {
+               MlmeSetTxPreamble(pAd, Rt802_11PreambleShort);
+       }
+
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED);
+
+       if (pAd->CommonCfg.RadarDetect.RDMode == RD_SILENCE_MODE)
+       {
+#ifdef DFS_SUPPORT
+               RadarDetectionStop(pAd);
+#endif // DFS_SUPPORT //
+       }
+       pAd->CommonCfg.RadarDetect.RDMode = RD_NORMAL_MODE;
+
+       if (BssType == BSS_ADHOC)
+       {
+               MakeIbssBeacon(pAd);
+               if ((pAd->CommonCfg.Channel > 14)
+                       && (pAd->CommonCfg.bIEEE80211H == 1)
+                       && RadarChannelCheck(pAd, pAd->CommonCfg.Channel))
+               {
+                       ; //Do nothing
+               }
+               else
+               {
+                       AsicEnableIbssSync(pAd);
+               }
+
+               // In ad hoc mode, use MAC table from index 1.
+               // p.s ASIC use all 0xff as termination of WCID table search.To prevent it's 0xff-ff-ff-ff-ff-ff, Write 0 here.
+               RTMP_IO_WRITE32(pAd, MAC_WCID_BASE, 0x00);
+               RTMP_IO_WRITE32(pAd, 0x1808, 0x00);
+
+               // If WEP is enabled, add key material and cipherAlg into Asic
+               // Fill in Shared Key Table(offset: 0x6c00) and Shared Key Mode(offset: 0x7000)
+
+               if (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled)
+               {
+                       PUCHAR  Key;
+                       UCHAR   CipherAlg;
+
+                       for (idx=0; idx < SHARE_KEY_NUM; idx++)
+               {
+                               CipherAlg = pAd->SharedKey[BSS0][idx].CipherAlg;
+                       Key = pAd->SharedKey[BSS0][idx].Key;
+
+                               if (pAd->SharedKey[BSS0][idx].KeyLen > 0)
+                               {
+                                       // Set key material and cipherAlg to Asic
+                               AsicAddSharedKeyEntry(pAd, BSS0, idx, CipherAlg, Key, NULL, NULL);
+
+                    if (idx == pAd->StaCfg.DefaultKeyId)
+                                       {
+                                               // Update WCID attribute table and IVEIV table for this group key table
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, idx, CipherAlg, NULL);
+                                       }
+                               }
+
+
+                       }
+               }
+               // If WPANone is enabled, add key material and cipherAlg into Asic
+               // Fill in Shared Key Table(offset: 0x6c00) and Shared Key Mode(offset: 0x7000)
+               else if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+               {
+                       pAd->StaCfg.DefaultKeyId = 0;   // always be zero
+
+            NdisZeroMemory(&pAd->SharedKey[BSS0][0], sizeof(CIPHER_KEY));
+                                                       pAd->SharedKey[BSS0][0].KeyLen = LEN_TKIP_EK;
+                       NdisMoveMemory(pAd->SharedKey[BSS0][0].Key, pAd->StaCfg.PMK, LEN_TKIP_EK);
+
+            if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+            {
+                       NdisMoveMemory(pAd->SharedKey[BSS0][0].RxMic, &pAd->StaCfg.PMK[16], LEN_TKIP_RXMICK);
+                       NdisMoveMemory(pAd->SharedKey[BSS0][0].TxMic, &pAd->StaCfg.PMK[16], LEN_TKIP_TXMICK);
+            }
+
+                       // Decide its ChiperAlg
+                       if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+                               pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_TKIP;
+                       else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+                               pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_AES;
+                       else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Unknow Cipher (=%d), set Cipher to AES\n", pAd->StaCfg.PairCipher));
+                               pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_AES;
+            }
+
+                       // Set key material and cipherAlg to Asic
+                       AsicAddSharedKeyEntry(pAd,
+                                                                 BSS0,
+                                                                 0,
+                                                                 pAd->SharedKey[BSS0][0].CipherAlg,
+                                                                 pAd->SharedKey[BSS0][0].Key,
+                                                                 pAd->SharedKey[BSS0][0].TxMic,
+                                                                 pAd->SharedKey[BSS0][0].RxMic);
+
+            // Update WCID attribute table and IVEIV table for this group key table
+                       RTMPAddWcidAttributeEntry(pAd, BSS0, 0, pAd->SharedKey[BSS0][0].CipherAlg, NULL);
+
+               }
+
+       }
+       else // BSS_INFRA
+       {
+               // Check the new SSID with last SSID
+               while (Cancelled == TRUE)
+               {
+                       if (pAd->CommonCfg.LastSsidLen == pAd->CommonCfg.SsidLen)
+                       {
+                               if (RTMPCompareMemory(pAd->CommonCfg.LastSsid, pAd->CommonCfg.Ssid, pAd->CommonCfg.LastSsidLen) == 0)
+                               {
+                                       // Link to the old one no linkdown is required.
+                                       break;
+                               }
+                       }
+                       // Send link down event before set to link up
+                       pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                       RTMP_IndicateMediaState(pAd);
+            pAd->ExtraInfo = GENERAL_LINK_DOWN;
+                       DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_DISCONNECT Event AA!\n"));
+                       break;
+               }
+
+               //
+               // On WPA mode, Remove All Keys if not connect to the last BSSID
+               // Key will be set after 4-way handshake.
+               //
+               if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+               {
+                       ULONG           IV;
+
+                       // Remove all WPA keys
+                       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+                       RTMPWPARemoveAllKeys(pAd);
+                       pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+                       pAd->StaCfg.PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
+
+                       // Fixed connection failed with Range Maximizer - 515 AP (Marvell Chip) when security is WPAPSK/TKIP
+                       // If IV related values are too large in GroupMsg2, AP would ignore this message.
+                       IV = 1;
+                       IV |= (pAd->StaCfg.DefaultKeyId << 30);
+                       AsicUpdateWCIDIVEIV(pAd, BSSID_WCID, IV, 0);
+                       //RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+               }
+
+               // NOTE:
+               // the decision of using "short slot time" or not may change dynamically due to
+               // new STA association to the AP. so we have to decide that upon parsing BEACON, not here
+
+               // NOTE:
+               // the decision to use "RTC/CTS" or "CTS-to-self" protection or not may change dynamically
+               // due to new STA association to the AP. so we have to decide that upon parsing BEACON, not here
+
+               ComposePsPoll(pAd);
+               ComposeNullFrame(pAd);
+
+                       AsicEnableBssSync(pAd);
+
+               // Add BSSID to WCID search table
+               AsicUpdateRxWCIDTable(pAd, BSSID_WCID, pAd->CommonCfg.Bssid);
+
+               // If WEP is enabled, add paiewise and shared key
+#ifdef WPA_SUPPLICANT_SUPPORT
+        if (((pAd->StaCfg.WpaSupplicantUP)&&
+             (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled)&&
+             (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_SECURED)) ||
+            ((pAd->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_DISABLE)&&
+              (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled)))
+#else
+               if (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled)
+#endif // WPA_SUPPLICANT_SUPPORT //
+               {
+                       PUCHAR  Key;
+                       UCHAR   CipherAlg;
+
+                       for (idx=0; idx < SHARE_KEY_NUM; idx++)
+               {
+                               CipherAlg = pAd->SharedKey[BSS0][idx].CipherAlg;
+                       Key = pAd->SharedKey[BSS0][idx].Key;
+
+                               if (pAd->SharedKey[BSS0][idx].KeyLen > 0)
+                               {
+                                       // Set key material and cipherAlg to Asic
+                               AsicAddSharedKeyEntry(pAd, BSS0, idx, CipherAlg, Key, NULL, NULL);
+
+                                       if (idx == pAd->StaCfg.DefaultKeyId)
+                                       {
+                                               // Assign group key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, idx, CipherAlg, NULL);
+
+                                               pEntry->Aid = BSSID_WCID;
+                                               // Assign pairwise key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, idx, CipherAlg, pEntry);
+                                       }
+                               }
+                       }
+               }
+
+               // only INFRASTRUCTURE mode need to indicate connectivity immediately; ADHOC mode
+               // should wait until at least 2 active nodes in this BSSID.
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+
+        // For GUI ++
+               if (pAd->StaCfg.AuthMode < Ndis802_11AuthModeWPA)
+               {
+                       pAd->IndicateMediaState = NdisMediaStateConnected;
+                       pAd->ExtraInfo = GENERAL_LINK_UP;
+                       RTMP_IndicateMediaState(pAd);
+               }
+               else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+               {
+#ifdef WPA_SUPPLICANT_SUPPORT
+                       if (pAd->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_DISABLE)
+#endif // WPA_SUPPLICANT_SUPPORT //
+                               RTMPSetTimer(&pAd->Mlme.LinkDownTimer, LINK_DOWN_TIMEOUT);
+               }
+        // --
+
+               // Add BSSID in my MAC Table.
+        NdisAcquireSpinLock(&pAd->MacTabLock);
+               // add this MAC entry into HASH table
+               if (pEntry)
+               {
+                       HashIdx = MAC_ADDR_HASH_INDEX(pAd->CommonCfg.Bssid);
+                       if (pAd->MacTab.Hash[HashIdx] == NULL)
+                       {
+                               pAd->MacTab.Hash[HashIdx] = pEntry;
+                       }
+                       else
+                       {
+                               pCurrEntry = pAd->MacTab.Hash[HashIdx];
+                               while (pCurrEntry->pNext != NULL)
+                               {
+                                       pCurrEntry = pCurrEntry->pNext;
+                               }
+                               pCurrEntry->pNext = pEntry;
+                       }
+               }
+               RTMPMoveMemory(pEntry->Addr, pAd->CommonCfg.Bssid, MAC_ADDR_LEN);
+               pEntry->Aid = BSSID_WCID;
+               pEntry->pAd = pAd;
+               pEntry->ValidAsCLI = TRUE;      //Although this is bssid..still set ValidAsCl
+               pAd->MacTab.Size = 1;   // infra mode always set MACtab size =1.
+               pEntry->Sst = SST_ASSOC;
+               pEntry->AuthState = SST_ASSOC;
+               pEntry->AuthMode = pAd->StaCfg.AuthMode;
+               pEntry->WepStatus = pAd->StaCfg.WepStatus;
+               if (pEntry->AuthMode < Ndis802_11AuthModeWPA)
+               {
+                       pEntry->WpaState = AS_NOTUSE;
+                       pEntry->PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+               }
+               else
+               {
+                       pEntry->WpaState = AS_PTKSTART;
+                       pEntry->PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
+               }
+               NdisReleaseSpinLock(&pAd->MacTabLock);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK UP !!!  ClientStatusFlags=%lx)\n",
+                       pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
+
+
+               MlmeUpdateTxRates(pAd, TRUE, BSS0);
+#ifdef DOT11_N_SUPPORT
+               MlmeUpdateHtTxRates(pAd, BSS0);
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK UP !! (StaActive.bHtEnable =%d, )\n", pAd->StaActive.SupportedPhyInfo.bHtEnable));
+#endif // DOT11_N_SUPPORT //
+
+
+               if (pAd->CommonCfg.bAggregationCapable)
+               {
+                       if ((pAd->CommonCfg.bPiggyBackCapable) && (pAd->MlmeAux.APRalinkIe & 0x00000003) == 3)
+                       {
+
+                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_PIGGYBACK_INUSED);
+                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED);
+                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_AGGREGATION_CAPABLE);
+                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_PIGGYBACK_CAPABLE);
+                               RTMPSetPiggyBack(pAd, TRUE);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Turn on Piggy-Back\n"));
+                       }
+                       else if (pAd->MlmeAux.APRalinkIe & 0x00000001)
+                       {
+                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_AGGREGATION_CAPABLE);
+                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED);
+                       }
+               }
+
+               if (pAd->MlmeAux.APRalinkIe != 0x0)
+               {
+#ifdef DOT11_N_SUPPORT
+                       if (CLIENT_STATUS_TEST_FLAG(&pAd->MacTab.Content[BSSID_WCID], fCLIENT_STATUS_RDG_CAPABLE))
+                       {
+                               AsicEnableRDG(pAd);
+                       }
+#endif // DOT11_N_SUPPORT //
+                       OPSTATUS_SET_FLAG(pAd, fCLIENT_STATUS_RALINK_CHIPSET);
+                       CLIENT_STATUS_SET_FLAG(&pAd->MacTab.Content[BSSID_WCID], fCLIENT_STATUS_RALINK_CHIPSET);
+               }
+               else
+               {
+                       OPSTATUS_CLEAR_FLAG(pAd, fCLIENT_STATUS_RALINK_CHIPSET);
+                       CLIENT_STATUS_CLEAR_FLAG(&pAd->MacTab.Content[BSSID_WCID], fCLIENT_STATUS_RALINK_CHIPSET);
+               }
+       }
+
+
+#ifdef DOT11_N_SUPPORT
+       DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_CONNECT Event B!.BACapability = %x. ClientStatusFlags = %lx\n", pAd->CommonCfg.BACapability.word, pAd->MacTab.Content[BSSID_WCID].ClientStatusFlags));
+#endif // DOT11_N_SUPPORT //
+
+       // Set LED
+       RTMPSetLED(pAd, LED_LINK_UP);
+
+       pAd->Mlme.PeriodicRound = 0;
+       pAd->Mlme.OneSecPeriodicRound = 0;
+       pAd->bConfigChanged = FALSE;        // Reset config flag
+       pAd->ExtraInfo = GENERAL_LINK_UP;   // Update extra information to link is up
+
+       // Set asic auto fall back
+       {
+               PUCHAR                                  pTable;
+               UCHAR                                   TableSize = 0;
+
+               MlmeSelectTxRateTable(pAd, &pAd->MacTab.Content[BSSID_WCID], &pTable, &TableSize, &pAd->CommonCfg.TxRateIndex);
+               AsicUpdateAutoFallBackTable(pAd, pTable);
+       }
+
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+    pEntry->HTPhyMode.word = pAd->StaCfg.HTPhyMode.word;
+    pEntry->MaxHTPhyMode.word = pAd->StaCfg.HTPhyMode.word;
+       if (pAd->StaCfg.bAutoTxRateSwitch == FALSE)
+       {
+               pEntry->bAutoTxRateSwitch = FALSE;
+#ifdef DOT11_N_SUPPORT
+               if (pEntry->HTPhyMode.field.MCS == 32)
+                       pEntry->HTPhyMode.field.ShortGI = GI_800;
+
+               if ((pEntry->HTPhyMode.field.MCS > MCS_7) || (pEntry->HTPhyMode.field.MCS == 32))
+                       pEntry->HTPhyMode.field.STBC = STBC_NONE;
+#endif // DOT11_N_SUPPORT //
+               // If the legacy mode is set, overwrite the transmit setting of this entry.
+               if (pEntry->HTPhyMode.field.MODE <= MODE_OFDM)
+                       RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
+       }
+       else
+               pEntry->bAutoTxRateSwitch = TRUE;
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+
+       //  Let Link Status Page display first initial rate.
+       pAd->LastTxRate = (USHORT)(pEntry->HTPhyMode.word);
+       // Select DAC according to HT or Legacy
+       if (pAd->StaActive.SupportedPhyInfo.MCSSet[0] != 0x00)
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &Value);
+               Value &= (~0x18);
+               if (pAd->Antenna.field.TxPath == 2)
+               {
+                   Value |= 0x10;
+               }
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, Value);
+       }
+       else
+       {
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &Value);
+               Value &= (~0x18);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, Value);
+       }
+
+#ifdef DOT11_N_SUPPORT
+       if (pAd->StaActive.SupportedPhyInfo.bHtEnable == FALSE)
+       {
+       }
+       else if (pEntry->MaxRAmpduFactor == 0)
+       {
+           // If HT AP doesn't support MaxRAmpduFactor = 1, we need to set max PSDU to 0.
+           // Because our Init value is 1 at MACRegTable.
+               RTMP_IO_WRITE32(pAd, MAX_LEN_CFG, 0x0fff);
+       }
+#endif // DOT11_N_SUPPORT //
+
+       // Patch for Marvel AP to gain high throughput
+       // Need to set as following,
+       // 1. Set txop in register-EDCA_AC0_CFG as 0x60
+       // 2. Set EnTXWriteBackDDONE in register-WPDMA_GLO_CFG as zero
+       // 3. PBF_MAX_PCNT as 0x1F3FBF9F
+       // 4. kick per two packets when dequeue
+       //
+       // Txop can only be modified when RDG is off, WMM is disable and TxBurst is enable
+       //
+       // if 1. Legacy AP WMM on,  or 2. 11n AP, AMPDU disable.  Force turn off burst no matter what bEnableTxBurst is.
+#ifdef DOT11_N_SUPPORT
+       if (!((pAd->CommonCfg.RxStream == 1)&&(pAd->CommonCfg.TxStream == 1)) &&
+               (pAd->StaCfg.bForceTxBurst == FALSE) &&
+               (((pAd->StaActive.SupportedPhyInfo.bHtEnable == FALSE) && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED))
+               || ((pAd->StaActive.SupportedPhyInfo.bHtEnable == TRUE) && (pAd->CommonCfg.BACapability.field.Policy == BA_NOTUSE))))
+       {
+               RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &Data);
+               Data  &= 0xFFFFFF00;
+               RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Data);
+
+               RTMP_IO_WRITE32(pAd, PBF_MAX_PCNT, 0x1F3F7F9F);
+               DBGPRINT(RT_DEBUG_TRACE, ("Txburst 1\n"));
+       }
+       else
+#endif // DOT11_N_SUPPORT //
+       if (pAd->CommonCfg.bEnableTxBurst)
+       {
+               RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &Data);
+               Data  &= 0xFFFFFF00;
+               Data  |= 0x60;
+               RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Data);
+               pAd->CommonCfg.IOTestParm.bNowAtherosBurstOn = TRUE;
+
+               RTMP_IO_WRITE32(pAd, PBF_MAX_PCNT, 0x1F3FBF9F);
+               DBGPRINT(RT_DEBUG_TRACE, ("Txburst 2\n"));
+       }
+       else
+       {
+               RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &Data);
+               Data  &= 0xFFFFFF00;
+               RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, Data);
+
+               RTMP_IO_WRITE32(pAd, PBF_MAX_PCNT, 0x1F3F7F9F);
+               DBGPRINT(RT_DEBUG_TRACE, ("Txburst 3\n"));
+       }
+
+#ifdef DOT11_N_SUPPORT
+       // Re-check to turn on TX burst or not.
+       if ((pAd->CommonCfg.IOTestParm.bLastAtheros == TRUE) && ((STA_WEP_ON(pAd))||(STA_TKIP_ON(pAd))))
+       {
+               pAd->CommonCfg.IOTestParm.bNextDisableRxBA = TRUE;
+               if (pAd->CommonCfg.bEnableTxBurst)
+               {
+                   UINT32 MACValue = 0;
+                       // Force disable  TXOP value in this case. The same action in MLMEUpdateProtect too.
+                       // I didn't change PBF_MAX_PCNT setting.
+                       RTMP_IO_READ32(pAd, EDCA_AC0_CFG, &MACValue);
+                       MACValue  &= 0xFFFFFF00;
+                       RTMP_IO_WRITE32(pAd, EDCA_AC0_CFG, MACValue);
+                       pAd->CommonCfg.IOTestParm.bNowAtherosBurstOn = FALSE;
+               }
+       }
+       else
+       {
+               pAd->CommonCfg.IOTestParm.bNextDisableRxBA = FALSE;
+       }
+#endif // DOT11_N_SUPPORT //
+
+       pAd->CommonCfg.IOTestParm.bLastAtheros = FALSE;
+       COPY_MAC_ADDR(pAd->CommonCfg.LastBssid, pAd->CommonCfg.Bssid);
+       DBGPRINT(RT_DEBUG_TRACE, ("!!!pAd->bNextDisableRxBA= %d \n", pAd->CommonCfg.IOTestParm.bNextDisableRxBA));
+       // BSSID add in one MAC entry too.  Because in Tx, ASIC need to check Cipher and IV/EIV, BAbitmap
+       // Pther information in MACTab.Content[BSSID_WCID] is not necessary for driver.
+       // Note: As STA, The MACTab.Content[BSSID_WCID]. PairwiseKey and Shared Key for BSS0 are the same.
+
+       if (pAd->StaCfg.WepStatus <= Ndis802_11WEPDisabled)
+       {
+#ifdef WPA_SUPPLICANT_SUPPORT
+               if (pAd->StaCfg.WpaSupplicantUP &&
+                       (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled) &&
+                       (pAd->StaCfg.IEEE8021X == TRUE))
+                       ;
+               else
+#endif // WPA_SUPPLICANT_SUPPORT //
+               {
+                       pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                       pAd->StaCfg.PrivacyFilter = Ndis802_11PrivFilterAcceptAll;
+               }
+       }
+
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+       pEntry->PortSecured = pAd->StaCfg.PortSecured;
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+
+    //
+       // Patch Atheros AP TX will breakdown issue.
+       // AP Model: DLink DWL-8200AP
+       //
+       if (INFRA_ON(pAd) && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED) && STA_TKIP_ON(pAd))
+       {
+               RTMP_IO_WRITE32(pAd, RX_PARSER_CFG, 0x01);
+       }
+       else
+       {
+               RTMP_IO_WRITE32(pAd, RX_PARSER_CFG, 0x00);
+       }
+
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_GO_TO_SLEEP_NOW);
+
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       if ((pAd->CommonCfg.BACapability.field.b2040CoexistScanSup) && (pAd->CommonCfg.Channel <= 11))
+       {
+               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_SCAN_2040);
+               BuildEffectedChannelList(pAd);
+       }
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+}
+
+/*
+       ==========================================================================
+
+       Routine Description:
+               Disconnect current BSSID
+
+       Arguments:
+               pAd                             - Pointer to our adapter
+               IsReqFromAP             - Request from AP
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               We need more information to know it's this requst from AP.
+               If yes! we need to do extra handling, for example, remove the WPA key.
+               Otherwise on 4-way handshaking will faied, since the WPA key didn't be
+               remove while auto reconnect.
+               Disconnect request from AP, it means we will start afresh 4-way handshaking
+               on WPA mode.
+
+       ==========================================================================
+*/
+VOID LinkDown(
+       IN PRTMP_ADAPTER pAd,
+       IN  BOOLEAN      IsReqFromAP)
+{
+       UCHAR                       i, ByteValue = 0;
+
+       BOOLEAN         Cancelled;
+
+       // Do nothing if monitor mode is on
+       if (MONITOR_ON(pAd))
+               return;
+
+#ifdef RALINK_ATE
+       // Nothing to do in ATE mode.
+       if (ATE_ON(pAd))
+               return;
+#endif // RALINK_ATE //
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_GO_TO_SLEEP_NOW);
+       //Comment the codes, beasue the line 2291 call the same function.
+       //RTMPCancelTimer(&pAd->Mlme.PsPollTimer,               &Cancelled);
+       // Not allow go to sleep within linkdown function.
+       RTMP_CLEAR_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+
+    if (pAd->CommonCfg.bWirelessEvent)
+       {
+               RTMPSendWirelessEvent(pAd, IW_STA_LINKDOWN_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK DOWN !!!\n"));
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED);
+
+#ifdef RTMP_MAC_PCI
+    if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+    {
+           BOOLEAN Cancelled;
+        pAd->Mlme.bPsPollTimerRunning = FALSE;
+        RTMPCancelTimer(&pAd->Mlme.PsPollTimer,        &Cancelled);
+    }
+
+       pAd->bPCIclkOff = FALSE;
+#endif // RTMP_MAC_PCI //
+
+    if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE)
+||     RTMP_TEST_PSFLAG(pAd, fRTMP_PS_SET_PCI_CLK_OFF_COMMAND)
+               || RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF))
+    {
+        AUTO_WAKEUP_STRUC AutoWakeupCfg;
+               AsicForceWakeup(pAd, TRUE);
+        AutoWakeupCfg.word = 0;
+           RTMP_IO_WRITE32(pAd, AUTO_WAKEUP_CFG, AutoWakeupCfg.word);
+        OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_DOZE);
+    }
+#ifdef RTMP_MAC_PCI
+       pAd->bPCIclkOff = FALSE;
+#endif // RTMP_MAC_PCI //
+       if (ADHOC_ON(pAd))              // Adhoc mode link down
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK DOWN 1!!!\n"));
+
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_ADHOC_ON);
+                       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                       pAd->IndicateMediaState = NdisMediaStateDisconnected;
+               RTMP_IndicateMediaState(pAd);
+            pAd->ExtraInfo = GENERAL_LINK_DOWN;
+                       BssTableDeleteEntry(&pAd->ScanTab, pAd->CommonCfg.Bssid, pAd->CommonCfg.Channel);
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! MacTab.Size=%d !!!\n", pAd->MacTab.Size));
+       }
+       else                                    // Infra structure mode
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! LINK DOWN 2!!!\n"));
+
+#ifdef QOS_DLS_SUPPORT
+               // DLS tear down frame must be sent before link down
+               // send DLS-TEAR_DOWN message
+               if (pAd->CommonCfg.bDLSCapable)
+               {
+                       // tear down local dls table entry
+                       for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+                       {
+                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                               {
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                               }
+                       }
+
+                       // tear down peer dls table entry
+                       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+                       {
+                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status ==  DLS_FINISH))
+                               {
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                               }
+                       }
+               }
+#endif // QOS_DLS_SUPPORT //
+
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_INFRA_ON);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+
+               // Saved last SSID for linkup comparison
+               pAd->CommonCfg.LastSsidLen = pAd->CommonCfg.SsidLen;
+               NdisMoveMemory(pAd->CommonCfg.LastSsid, pAd->CommonCfg.Ssid, pAd->CommonCfg.LastSsidLen);
+               COPY_MAC_ADDR(pAd->CommonCfg.LastBssid, pAd->CommonCfg.Bssid);
+               if (pAd->MlmeAux.CurrReqIsFromNdis == TRUE)
+               {
+                       pAd->IndicateMediaState = NdisMediaStateDisconnected;
+                       RTMP_IndicateMediaState(pAd);
+            pAd->ExtraInfo = GENERAL_LINK_DOWN;
+                       DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_DISCONNECT Event A!\n"));
+                       pAd->MlmeAux.CurrReqIsFromNdis = FALSE;
+               }
+               else
+               {
+            //
+                       // If disassociation request is from NDIS, then we don't need to delete BSSID from entry.
+                       // Otherwise lost beacon or receive De-Authentication from AP,
+                       // then we should delete BSSID from BssTable.
+                       // If we don't delete from entry, roaming will fail.
+                       //
+                       BssTableDeleteEntry(&pAd->ScanTab, pAd->CommonCfg.Bssid, pAd->CommonCfg.Channel);
+               }
+
+               // restore back to -
+               //      1. long slot (20 us) or short slot (9 us) time
+               //      2. turn on/off RTS/CTS and/or CTS-to-self protection
+               //      3. short preamble
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED);
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+               // Country IE of the AP will be evaluated and will be used.
+               if (pAd->StaCfg.IEEE80211dClientMode != Rt802_11_D_None)
+               {
+                       NdisMoveMemory(&pAd->CommonCfg.CountryCode[0], &pAd->StaCfg.StaOriCountryCode[0], 2);
+                       pAd->CommonCfg.Geography = pAd->StaCfg.StaOriGeography;
+                       BuildChannelListEx(pAd);
+               }
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+       }
+
+
+       for (i=1; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               if (pAd->MacTab.Content[i].ValidAsCLI == TRUE)
+                       MacTableDeleteEntry(pAd, pAd->MacTab.Content[i].Aid, pAd->MacTab.Content[i].Addr);
+       }
+
+       AsicSetSlotTime(pAd, TRUE); //FALSE);
+       AsicSetEdcaParm(pAd, NULL);
+
+       // Set LED
+       RTMPSetLED(pAd, LED_LINK_DOWN);
+    pAd->LedIndicatorStrength = 0xF0;
+    RTMPSetSignalLED(pAd, -100);       // Force signal strength Led to be turned off, firmware is not done it.
+
+               AsicDisableSync(pAd);
+
+       pAd->Mlme.PeriodicRound = 0;
+       pAd->Mlme.OneSecPeriodicRound = 0;
+
+       if (pAd->StaCfg.BssType == BSS_INFRA)
+       {
+       // Remove StaCfg Information after link down
+       NdisZeroMemory(pAd->CommonCfg.Bssid, MAC_ADDR_LEN);
+       NdisZeroMemory(pAd->CommonCfg.Ssid, MAX_LEN_OF_SSID);
+               pAd->CommonCfg.SsidLen = 0;
+       }
+#ifdef DOT11_N_SUPPORT
+       NdisZeroMemory(&pAd->MlmeAux.HtCapability, sizeof(HT_CAPABILITY_IE));
+       NdisZeroMemory(&pAd->MlmeAux.AddHtInfo, sizeof(ADD_HT_INFO_IE));
+       pAd->MlmeAux.HtCapabilityLen = 0;
+       pAd->MlmeAux.NewExtChannelOffset = 0xff;
+#endif // DOT11_N_SUPPORT //
+
+       // Reset WPA-PSK state. Only reset when supplicant enabled
+       if (pAd->StaCfg.WpaState != SS_NOTUSE)
+       {
+               pAd->StaCfg.WpaState = SS_START;
+               // Clear Replay counter
+               NdisZeroMemory(pAd->StaCfg.ReplayCounter, 8);
+
+#ifdef QOS_DLS_SUPPORT
+               if (pAd->CommonCfg.bDLSCapable)
+                       NdisZeroMemory(pAd->StaCfg.DlsReplayCounter, 8);
+#endif // QOS_DLS_SUPPORT //
+       }
+
+       //
+       // if link down come from AP, we need to remove all WPA keys on WPA mode.
+       // otherwise will cause 4-way handshaking failed, since the WPA key not empty.
+       //
+       if ((IsReqFromAP) && (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA))
+       {
+               // Remove all WPA keys
+               RTMPWPARemoveAllKeys(pAd);
+       }
+
+       // 802.1x port control
+#ifdef WPA_SUPPLICANT_SUPPORT
+       // Prevent clear PortSecured here with static WEP
+       // NetworkManger set security policy first then set SSID to connect AP.
+       if (pAd->StaCfg.WpaSupplicantUP &&
+               (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled) &&
+               (pAd->StaCfg.IEEE8021X == FALSE))
+       {
+               pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+       }
+       else
+#endif // WPA_SUPPLICANT_SUPPORT //
+       {
+               pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+               pAd->StaCfg.PrivacyFilter = Ndis802_11PrivFilter8021xWEP;
+       }
+
+       NdisAcquireSpinLock(&pAd->MacTabLock);
+       NdisZeroMemory(&pAd->MacTab, sizeof(MAC_TABLE));
+       pAd->MacTab.Content[BSSID_WCID].PortSecured = pAd->StaCfg.PortSecured;
+       NdisReleaseSpinLock(&pAd->MacTabLock);
+
+       pAd->StaCfg.MicErrCnt = 0;
+
+    pAd->IndicateMediaState = NdisMediaStateDisconnected;
+       // Update extra information to link is up
+       pAd->ExtraInfo = GENERAL_LINK_DOWN;
+
+    pAd->StaActive.SupportedPhyInfo.bHtEnable = FALSE;
+
+
+       // Clean association information
+       NdisZeroMemory(&pAd->StaCfg.AssocInfo, sizeof(NDIS_802_11_ASSOCIATION_INFORMATION));
+       pAd->StaCfg.AssocInfo.Length = sizeof(NDIS_802_11_ASSOCIATION_INFORMATION);
+       pAd->StaCfg.ReqVarIELen = 0;
+       pAd->StaCfg.ResVarIELen = 0;
+
+       //
+       // Reset RSSI value after link down
+       //
+       pAd->StaCfg.RssiSample.AvgRssi0 = 0;
+       pAd->StaCfg.RssiSample.AvgRssi0X8 = 0;
+       pAd->StaCfg.RssiSample.AvgRssi1 = 0;
+       pAd->StaCfg.RssiSample.AvgRssi1X8 = 0;
+       pAd->StaCfg.RssiSample.AvgRssi2 = 0;
+       pAd->StaCfg.RssiSample.AvgRssi2X8 = 0;
+
+       // Restore MlmeRate
+       pAd->CommonCfg.MlmeRate = pAd->CommonCfg.BasicMlmeRate;
+       pAd->CommonCfg.RtsRate = pAd->CommonCfg.BasicMlmeRate;
+
+#ifdef DOT11_N_SUPPORT
+       //
+       // After Link down, reset piggy-back setting in ASIC. Disable RDG.
+       //
+       if (pAd->CommonCfg.BBPCurrentBW == BW_40)
+       {
+               pAd->CommonCfg.BBPCurrentBW = BW_20;
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &ByteValue);
+               ByteValue &= (~0x18);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, ByteValue);
+       }
+#endif // DOT11_N_SUPPORT //
+       // Reset DAC
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R1, &ByteValue);
+       ByteValue &= (~0x18);
+       if (pAd->Antenna.field.TxPath == 2)
+       {
+       ByteValue |= 0x10;
+       }
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R1, ByteValue);
+
+               RTMPSetPiggyBack(pAd,FALSE);
+               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_PIGGYBACK_INUSED);
+
+#ifdef DOT11_N_SUPPORT
+       pAd->CommonCfg.BACapability.word = pAd->CommonCfg.REGBACapability.word;
+#endif // DOT11_N_SUPPORT //
+
+       // Restore all settings in the following.
+       AsicUpdateProtect(pAd, 0, (ALLN_SETPROTECT|CCKSETPROTECT|OFDMSETPROTECT), TRUE, FALSE);
+       AsicDisableRDG(pAd);
+       pAd->CommonCfg.IOTestParm.bCurrentAtheros = FALSE;
+       pAd->CommonCfg.IOTestParm.bNowAtherosBurstOn = FALSE;
+
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+       OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_SCAN_2040);
+       pAd->CommonCfg.BSSCoexist2040.word = 0;
+       TriEventInit(pAd);
+       for (i = 0; i < (pAd->ChannelListNum - 1); i++)
+       {
+               pAd->ChannelList[i].bEffectedChannel = FALSE;
+       }
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+       RTMP_IO_WRITE32(pAd, MAX_LEN_CFG, 0x1fff);
+       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+// Allow go to sleep after linkdown steps.
+       RTMP_SET_PSFLAG(pAd, fRTMP_PS_CAN_GO_SLEEP);
+#ifdef WPA_SUPPLICANT_SUPPORT
+#ifndef NATIVE_WPA_SUPPLICANT_SUPPORT
+       if (pAd->StaCfg.WpaSupplicantUP) {
+               //send disassociate event to wpa_supplicant
+               RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, RT_DISASSOC_EVENT_FLAG, NULL, NULL, 0);
+       }
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+       RtmpOSWrielessEventSend(pAd, SIOCGIWAP, -1, NULL, NULL, 0);
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+
+#ifdef RT30xx
+       if ((IS_RT30xx(pAd) || IS_RT3090(pAd)||IS_RT3390(pAd))
+               &&(pAd->Antenna.field.RxPath>1||pAd->Antenna.field.TxPath>1))
+       {
+               RTMP_ASIC_MMPS_DISABLE(pAd);
+       }
+#endif // RT30xx //
+
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID IterateOnBssTab(
+       IN PRTMP_ADAPTER pAd)
+{
+       MLME_START_REQ_STRUCT   StartReq;
+       MLME_JOIN_REQ_STRUCT    JoinReq;
+       ULONG                   BssIdx;
+
+       // Change the wepstatus to original wepstatus
+       pAd->StaCfg.WepStatus   = pAd->StaCfg.OrigWepStatus;
+       pAd->StaCfg.PairCipher  = pAd->StaCfg.OrigWepStatus;
+       pAd->StaCfg.GroupCipher = pAd->StaCfg.OrigWepStatus;
+
+       BssIdx = pAd->MlmeAux.BssIdx;
+       if (BssIdx < pAd->MlmeAux.SsidBssTab.BssNr)
+       {
+               // Check cipher suite, AP must have more secured cipher than station setting
+               // Set the Pairwise and Group cipher to match the intended AP setting
+               // We can only connect to AP with less secured cipher setting
+               if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+               {
+                       pAd->StaCfg.GroupCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA.GroupCipher;
+
+                       if (pAd->StaCfg.WepStatus == pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA.PairCipher)
+                               pAd->StaCfg.PairCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA.PairCipher;
+                       else if (pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA.PairCipherAux != Ndis802_11WEPDisabled)
+                               pAd->StaCfg.PairCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA.PairCipherAux;
+                       else    // There is no PairCipher Aux, downgrade our capability to TKIP
+                               pAd->StaCfg.PairCipher = Ndis802_11Encryption2Enabled;
+               }
+               else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+               {
+                       pAd->StaCfg.GroupCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.GroupCipher;
+
+                       if (pAd->StaCfg.WepStatus == pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.PairCipher)
+                               pAd->StaCfg.PairCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.PairCipher;
+                       else if (pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.PairCipherAux != Ndis802_11WEPDisabled)
+                               pAd->StaCfg.PairCipher = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.PairCipherAux;
+                       else    // There is no PairCipher Aux, downgrade our capability to TKIP
+                               pAd->StaCfg.PairCipher = Ndis802_11Encryption2Enabled;
+
+                       // RSN capability
+                       pAd->StaCfg.RsnCapability = pAd->MlmeAux.SsidBssTab.BssEntry[BssIdx].WPA2.RsnCapability;
+               }
+
+               // Set Mix cipher flag
+               pAd->StaCfg.bMixCipher = (pAd->StaCfg.PairCipher == pAd->StaCfg.GroupCipher) ? FALSE : TRUE;
+               /*if (pAd->StaCfg.bMixCipher == TRUE)
+               {
+                       // If mix cipher, re-build RSNIE
+                       RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, 0);
+               }*/
+
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - iterate BSS %ld of %d\n", BssIdx, pAd->MlmeAux.SsidBssTab.BssNr));
+               JoinParmFill(pAd, &JoinReq, BssIdx);
+               MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_JOIN_REQ, sizeof(MLME_JOIN_REQ_STRUCT),
+                                       &JoinReq);
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_JOIN;
+       }
+       else if (pAd->StaCfg.BssType == BSS_ADHOC)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - All BSS fail; start a new ADHOC (Ssid=%s)...\n",pAd->MlmeAux.Ssid));
+               StartParmFill(pAd, &StartReq, (PCHAR)pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen);
+               MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_MLME_START_REQ, sizeof(MLME_START_REQ_STRUCT), &StartReq);
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_START;
+       }
+       else // no more BSS
+       {
+
+#ifdef DOT11_N_SUPPORT
+#endif // DOT11_N_SUPPORT //
+               {
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - All roaming failed, restore to channel %d, Total BSS[%02d]\n",pAd->CommonCfg.Channel, pAd->ScanTab.BssNr));
+               }
+
+               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+       }
+}
+
+// for re-association only
+// IRQL = DISPATCH_LEVEL
+VOID IterateOnBssTab2(
+       IN PRTMP_ADAPTER pAd)
+{
+       MLME_REASSOC_REQ_STRUCT ReassocReq;
+       ULONG                   BssIdx;
+       BSS_ENTRY               *pBss;
+
+       BssIdx = pAd->MlmeAux.RoamIdx;
+       pBss = &pAd->MlmeAux.RoamTab.BssEntry[BssIdx];
+
+       if (BssIdx < pAd->MlmeAux.RoamTab.BssNr)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("CNTL - iterate BSS %ld of %d\n", BssIdx, pAd->MlmeAux.RoamTab.BssNr));
+
+               AsicSwitchChannel(pAd, pBss->Channel, FALSE);
+               AsicLockChannel(pAd, pBss->Channel);
+
+               // reassociate message has the same structure as associate message
+               AssocParmFill(pAd, &ReassocReq, pBss->Bssid, pBss->CapabilityInfo,
+                                         ASSOC_TIMEOUT, pAd->StaCfg.DefaultListenCount);
+               MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_REASSOC_REQ,
+                                       sizeof(MLME_REASSOC_REQ_STRUCT), &ReassocReq);
+
+               pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_REASSOC;
+       }
+       else // no more BSS
+       {
+
+#ifdef DOT11_N_SUPPORT
+#endif // DOT11_N_SUPPORT //
+               {
+                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                       DBGPRINT(RT_DEBUG_TRACE, ("CNTL - All roaming failed, restore to channel %d, Total BSS[%02d]\n",pAd->CommonCfg.Channel, pAd->ScanTab.BssNr));
+               }
+
+               pAd->Mlme.CntlMachine.CurrState = CNTL_IDLE;
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID JoinParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_JOIN_REQ_STRUCT *JoinReq,
+       IN ULONG BssIdx)
+{
+       JoinReq->BssIdx = BssIdx;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID ScanParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_SCAN_REQ_STRUCT *ScanReq,
+       IN STRING Ssid[],
+       IN UCHAR SsidLen,
+       IN UCHAR BssType,
+       IN UCHAR ScanType)
+{
+    NdisZeroMemory(ScanReq->Ssid, MAX_LEN_OF_SSID);
+       ScanReq->SsidLen = SsidLen;
+       NdisMoveMemory(ScanReq->Ssid, Ssid, SsidLen);
+       ScanReq->BssType = BssType;
+       ScanReq->ScanType = ScanType;
+}
+
+#ifdef QOS_DLS_SUPPORT
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID DlsParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_DLS_REQ_STRUCT *pDlsReq,
+       IN PRT_802_11_DLS pDls,
+       IN USHORT reason)
+{
+       pDlsReq->pDLS = pDls;
+       pDlsReq->Reason = reason;
+}
+#endif // QOS_DLS_SUPPORT //
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID StartParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_START_REQ_STRUCT *StartReq,
+       IN CHAR Ssid[],
+       IN UCHAR SsidLen)
+{
+       ASSERT(SsidLen <= MAX_LEN_OF_SSID);
+       NdisMoveMemory(StartReq->Ssid, Ssid, SsidLen);
+       StartReq->SsidLen = SsidLen;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+VOID AuthParmFill(
+       IN PRTMP_ADAPTER pAd,
+       IN OUT MLME_AUTH_REQ_STRUCT *AuthReq,
+       IN PUCHAR pAddr,
+       IN USHORT Alg)
+{
+       COPY_MAC_ADDR(AuthReq->Addr, pAddr);
+       AuthReq->Alg = Alg;
+       AuthReq->Timeout = AUTH_TIMEOUT;
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+#ifdef RTMP_MAC_PCI
+VOID ComposePsPoll(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisZeroMemory(&pAd->PsPollFrame, sizeof(PSPOLL_FRAME));
+       pAd->PsPollFrame.FC.Type = BTYPE_CNTL;
+       pAd->PsPollFrame.FC.SubType = SUBTYPE_PS_POLL;
+       pAd->PsPollFrame.Aid = pAd->StaActive.Aid | 0xC000;
+       COPY_MAC_ADDR(pAd->PsPollFrame.Bssid, pAd->CommonCfg.Bssid);
+       COPY_MAC_ADDR(pAd->PsPollFrame.Ta, pAd->CurrentAddress);
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID ComposeNullFrame(
+       IN PRTMP_ADAPTER pAd)
+{
+       NdisZeroMemory(&pAd->NullFrame, sizeof(HEADER_802_11));
+       pAd->NullFrame.FC.Type = BTYPE_DATA;
+       pAd->NullFrame.FC.SubType = SUBTYPE_NULL_FUNC;
+       pAd->NullFrame.FC.ToDs = 1;
+       COPY_MAC_ADDR(pAd->NullFrame.Addr1, pAd->CommonCfg.Bssid);
+       COPY_MAC_ADDR(pAd->NullFrame.Addr2, pAd->CurrentAddress);
+       COPY_MAC_ADDR(pAd->NullFrame.Addr3, pAd->CommonCfg.Bssid);
+}
+#endif // RTMP_MAC_PCI //
+
+
+
+
+/*
+       ==========================================================================
+       Description:
+               Pre-build a BEACON frame in the shared memory
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+*/
+ULONG MakeIbssBeacon(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR         DsLen = 1, IbssLen = 2;
+       UCHAR         LocalErpIe[3] = {IE_ERP, 1, 0x04};
+       HEADER_802_11 BcnHdr;
+       USHORT        CapabilityInfo;
+       LARGE_INTEGER FakeTimestamp;
+       ULONG         FrameLen = 0;
+       PTXWI_STRUC       pTxWI = &pAd->BeaconTxWI;
+       UCHAR         *pBeaconFrame = pAd->BeaconBuf;
+       BOOLEAN       Privacy;
+       UCHAR         SupRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR         SupRateLen = 0;
+       UCHAR         ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR         ExtRateLen = 0;
+       UCHAR         RSNIe = IE_WPA;
+
+       if ((pAd->CommonCfg.PhyMode == PHY_11B) && (pAd->CommonCfg.Channel <= 14))
+       {
+               SupRate[0] = 0x82; // 1 mbps
+               SupRate[1] = 0x84; // 2 mbps
+               SupRate[2] = 0x8b; // 5.5 mbps
+               SupRate[3] = 0x96; // 11 mbps
+               SupRateLen = 4;
+               ExtRateLen = 0;
+       }
+       else if (pAd->CommonCfg.Channel > 14)
+       {
+               SupRate[0]  = 0x8C;    // 6 mbps, in units of 0.5 Mbps, basic rate
+               SupRate[1]  = 0x12;    // 9 mbps, in units of 0.5 Mbps
+               SupRate[2]  = 0x98;    // 12 mbps, in units of 0.5 Mbps, basic rate
+               SupRate[3]  = 0x24;    // 18 mbps, in units of 0.5 Mbps
+               SupRate[4]  = 0xb0;    // 24 mbps, in units of 0.5 Mbps, basic rate
+               SupRate[5]  = 0x48;    // 36 mbps, in units of 0.5 Mbps
+               SupRate[6]  = 0x60;    // 48 mbps, in units of 0.5 Mbps
+               SupRate[7]  = 0x6c;    // 54 mbps, in units of 0.5 Mbps
+               SupRateLen  = 8;
+               ExtRateLen  = 0;
+
+               //
+               // Also Update MlmeRate & RtsRate for G only & A only
+               //
+               pAd->CommonCfg.MlmeRate = RATE_6;
+               pAd->CommonCfg.RtsRate = RATE_6;
+               pAd->CommonCfg.MlmeTransmit.field.MODE = MODE_OFDM;
+               pAd->CommonCfg.MlmeTransmit.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MODE = MODE_OFDM;
+               pAd->MacTab.Content[BSS0Mcast_WCID].HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pAd->CommonCfg.MlmeRate];
+       }
+       else
+       {
+               SupRate[0] = 0x82; // 1 mbps
+               SupRate[1] = 0x84; // 2 mbps
+               SupRate[2] = 0x8b; // 5.5 mbps
+               SupRate[3] = 0x96; // 11 mbps
+               SupRateLen = 4;
+
+               ExtRate[0]  = 0x0C;    // 6 mbps, in units of 0.5 Mbps,
+               ExtRate[1]  = 0x12;    // 9 mbps, in units of 0.5 Mbps
+               ExtRate[2]  = 0x18;    // 12 mbps, in units of 0.5 Mbps,
+               ExtRate[3]  = 0x24;    // 18 mbps, in units of 0.5 Mbps
+               ExtRate[4]  = 0x30;    // 24 mbps, in units of 0.5 Mbps,
+               ExtRate[5]  = 0x48;    // 36 mbps, in units of 0.5 Mbps
+               ExtRate[6]  = 0x60;    // 48 mbps, in units of 0.5 Mbps
+               ExtRate[7]  = 0x6c;    // 54 mbps, in units of 0.5 Mbps
+               ExtRateLen  = 8;
+       }
+
+       pAd->StaActive.SupRateLen = SupRateLen;
+       NdisMoveMemory(pAd->StaActive.SupRate, SupRate, SupRateLen);
+       pAd->StaActive.ExtRateLen = ExtRateLen;
+       NdisMoveMemory(pAd->StaActive.ExtRate, ExtRate, ExtRateLen);
+
+       // compose IBSS beacon frame
+       MgtMacHeaderInit(pAd, &BcnHdr, SUBTYPE_BEACON, 0, BROADCAST_ADDR, pAd->CommonCfg.Bssid);
+       Privacy = (pAd->StaCfg.WepStatus == Ndis802_11Encryption1Enabled) ||
+                         (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) ||
+                         (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled);
+       CapabilityInfo = CAP_GENERATE(0, 1, Privacy, (pAd->CommonCfg.TxPreamble == Rt802_11PreambleShort), 0, 0);
+
+       MakeOutgoingFrame(pBeaconFrame,                &FrameLen,
+                                         sizeof(HEADER_802_11),           &BcnHdr,
+                                         TIMESTAMP_LEN,                   &FakeTimestamp,
+                                         2,                               &pAd->CommonCfg.BeaconPeriod,
+                                         2,                               &CapabilityInfo,
+                                         1,                               &SsidIe,
+                                         1,                               &pAd->CommonCfg.SsidLen,
+                                         pAd->CommonCfg.SsidLen,          pAd->CommonCfg.Ssid,
+                                         1,                               &SupRateIe,
+                                         1,                               &SupRateLen,
+                                         SupRateLen,                      SupRate,
+                                         1,                               &DsIe,
+                                         1,                               &DsLen,
+                                         1,                               &pAd->CommonCfg.Channel,
+                                         1,                               &IbssIe,
+                                         1,                               &IbssLen,
+                                         2,                               &pAd->StaActive.AtimWin,
+                                         END_OF_ARGS);
+
+       // add ERP_IE and EXT_RAE IE of in 802.11g
+       if (ExtRateLen)
+       {
+               ULONG   tmp;
+
+               MakeOutgoingFrame(pBeaconFrame + FrameLen,         &tmp,
+                                                 3,                               LocalErpIe,
+                                                 1,                               &ExtRateIe,
+                                                 1,                               &ExtRateLen,
+                                                 ExtRateLen,                      ExtRate,
+                                                 END_OF_ARGS);
+               FrameLen += tmp;
+       }
+
+       // If adhoc secruity is set for WPA-None, append the cipher suite IE
+       if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+       {
+               ULONG tmp;
+        RTMPMakeRSNIE(pAd, pAd->StaCfg.AuthMode, pAd->StaCfg.WepStatus, BSS0);
+
+               MakeOutgoingFrame(pBeaconFrame + FrameLen,              &tmp,
+                                                 1,                                    &RSNIe,
+                                                 1,                                    &pAd->StaCfg.RSNIE_Len,
+                                                 pAd->StaCfg.RSNIE_Len,                pAd->StaCfg.RSN_IE,
+                                                 END_OF_ARGS);
+               FrameLen += tmp;
+       }
+
+#ifdef DOT11_N_SUPPORT
+       if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+       {
+               ULONG TmpLen;
+               UCHAR HtLen, HtLen1;
+
+#ifdef RT_BIG_ENDIAN
+               HT_CAPABILITY_IE HtCapabilityTmp;
+               ADD_HT_INFO_IE  addHTInfoTmp;
+               USHORT  b2lTmp, b2lTmp2;
+#endif
+
+               // add HT Capability IE
+               HtLen = sizeof(pAd->CommonCfg.HtCapability);
+               HtLen1 = sizeof(pAd->CommonCfg.AddHTInfo);
+#ifndef RT_BIG_ENDIAN
+               MakeOutgoingFrame(pBeaconFrame+FrameLen,        &TmpLen,
+                                                 1,                                            &HtCapIe,
+                                                 1,                                            &HtLen,
+                                                 HtLen,                                        &pAd->CommonCfg.HtCapability,
+                                                 1,                                            &AddHtInfoIe,
+                                                 1,                                            &HtLen1,
+                                                 HtLen1,                                       &pAd->CommonCfg.AddHTInfo,
+                                                 END_OF_ARGS);
+#else
+               NdisMoveMemory(&HtCapabilityTmp, &pAd->CommonCfg.HtCapability, HtLen);
+               *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+               *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+
+               NdisMoveMemory(&addHTInfoTmp, &pAd->CommonCfg.AddHTInfo, HtLen1);
+               *(USHORT *)(&addHTInfoTmp.AddHtInfo2) = SWAP16(*(USHORT *)(&addHTInfoTmp.AddHtInfo2));
+               *(USHORT *)(&addHTInfoTmp.AddHtInfo3) = SWAP16(*(USHORT *)(&addHTInfoTmp.AddHtInfo3));
+
+               MakeOutgoingFrame(pBeaconFrame+FrameLen,        &TmpLen,
+                                                 1,                                            &HtCapIe,
+                                                 1,                                            &HtLen,
+                                                 HtLen,                                        &HtCapabilityTmp,
+                                                 1,                                            &AddHtInfoIe,
+                                                 1,                                            &HtLen1,
+                                                 HtLen1,                                       &addHTInfoTmp,
+                                                 END_OF_ARGS);
+#endif
+               FrameLen += TmpLen;
+       }
+#endif // DOT11_N_SUPPORT //
+
+       //beacon use reserved WCID 0xff
+    if (pAd->CommonCfg.Channel > 14)
+    {
+       RTMPWriteTxWI(pAd, pTxWI, FALSE, FALSE,  TRUE, FALSE, FALSE, TRUE, 0, 0xff, FrameLen,
+               PID_MGMT, PID_BEACON, RATE_1, IFS_HTTXOP, FALSE, &pAd->CommonCfg.MlmeTransmit);
+    }
+    else
+    {
+        // Set to use 1Mbps for Adhoc beacon.
+               HTTRANSMIT_SETTING Transmit;
+        Transmit.word = 0;
+        RTMPWriteTxWI(pAd, pTxWI, FALSE, FALSE,  TRUE, FALSE, FALSE, TRUE, 0, 0xff, FrameLen,
+               PID_MGMT, PID_BEACON, RATE_1, IFS_HTTXOP, FALSE, &Transmit);
+    }
+
+#ifdef RT_BIG_ENDIAN
+       RTMPFrameEndianChange(pAd, pBeaconFrame, DIR_WRITE, FALSE);
+       RTMPWIEndianChange((PUCHAR)pTxWI, TYPE_TXWI);
+#endif
+
+    DBGPRINT(RT_DEBUG_TRACE, ("MakeIbssBeacon (len=%ld), SupRateLen=%d, ExtRateLen=%d, Channel=%d, PhyMode=%d\n",
+                                       FrameLen, SupRateLen, ExtRateLen, pAd->CommonCfg.Channel, pAd->CommonCfg.PhyMode));
+       return FrameLen;
+}
diff --git a/drivers/staging/rt3090/sta/dls.c b/drivers/staging/rt3090/sta/dls.c
new file mode 100644 (file)
index 0000000..306e16f
--- /dev/null
@@ -0,0 +1,2207 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    dls.c
+
+    Abstract:
+    Handle WMM-DLS state machine
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Rory Chen   02-14-2006
+       Arvin Tai       06-03-2008        Modified for RT28xx
+ */
+
+#include "../rt_config.h"
+
+
+/*
+    ==========================================================================
+    Description:
+        dls state machine init, including state transition and timer init
+    Parameters:
+        Sm - pointer to the dls state machine
+    Note:
+        The state machine looks like this
+
+                            DLS_IDLE
+    MT2_MLME_DLS_REQUEST   MlmeDlsReqAction
+    MT2_PEER_DLS_REQUEST   PeerDlsReqAction
+    MT2_PEER_DLS_RESPONSE  PeerDlsRspAction
+    MT2_MLME_DLS_TEARDOWN  MlmeTearDownAction
+    MT2_PEER_DLS_TEARDOWN  PeerTearDownAction
+
+       IRQL = PASSIVE_LEVEL
+
+    ==========================================================================
+ */
+void DlsStateMachineInit(
+    IN PRTMP_ADAPTER pAd,
+    IN STATE_MACHINE *Sm,
+    OUT STATE_MACHINE_FUNC Trans[])
+{
+       UCHAR   i;
+
+    StateMachineInit(Sm, (STATE_MACHINE_FUNC*)Trans, MAX_DLS_STATE, MAX_DLS_MSG, (STATE_MACHINE_FUNC)Drop, DLS_IDLE, DLS_MACHINE_BASE);
+
+    // the first column
+    StateMachineSetAction(Sm, DLS_IDLE, MT2_MLME_DLS_REQ, (STATE_MACHINE_FUNC)MlmeDlsReqAction);
+    StateMachineSetAction(Sm, DLS_IDLE, MT2_PEER_DLS_REQ, (STATE_MACHINE_FUNC)PeerDlsReqAction);
+    StateMachineSetAction(Sm, DLS_IDLE, MT2_PEER_DLS_RSP, (STATE_MACHINE_FUNC)PeerDlsRspAction);
+    StateMachineSetAction(Sm, DLS_IDLE, MT2_MLME_DLS_TEAR_DOWN, (STATE_MACHINE_FUNC)MlmeDlsTearDownAction);
+    StateMachineSetAction(Sm, DLS_IDLE, MT2_PEER_DLS_TEAR_DOWN, (STATE_MACHINE_FUNC)PeerDlsTearDownAction);
+
+       for (i=0; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               pAd->StaCfg.DLSEntry[i].pAd = pAd;
+               RTMPInitTimer(pAd, &pAd->StaCfg.DLSEntry[i].Timer, GET_TIMER_FUNCTION(DlsTimeoutAction), pAd, FALSE);
+       }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID MlmeDlsReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       ULONG                   FrameLen = 0;
+       HEADER_802_11   DlsReqHdr;
+       PRT_802_11_DLS  pDLS = NULL;
+       UCHAR                   Category = CATEGORY_DLS;
+       UCHAR                   Action = ACTION_DLS_REQUEST;
+       ULONG                   tmp;
+       USHORT                  reason;
+       ULONG                   Timeout;
+       BOOLEAN                 TimerCancelled;
+
+       if(!MlmeDlsReqSanity(pAd, Elem->Msg, Elem->MsgLen, &pDLS, &reason))
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - MlmeDlsReqAction() \n"));
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("DLS - MlmeDlsReqAction() allocate memory failed \n"));
+               return;
+       }
+
+       ActHeaderInit(pAd, &DlsReqHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+
+       // Build basic frame first
+       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                       sizeof(HEADER_802_11),          &DlsReqHdr,
+                                       1,                                                      &Category,
+                                       1,                                                      &Action,
+                                       6,                                                      &pDLS->MacAddr,
+                                       6,                                                      pAd->CurrentAddress,
+                                       2,                                                      &pAd->StaActive.CapabilityInfo,
+                                       2,                                                      &pDLS->TimeOut,
+                                       1,                                                      &SupRateIe,
+                                       1,                                                      &pAd->MlmeAux.SupRateLen,
+                                       pAd->MlmeAux.SupRateLen,        pAd->MlmeAux.SupRate,
+                                       END_OF_ARGS);
+
+       if (pAd->MlmeAux.ExtRateLen != 0)
+       {
+               MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                 1,                                            &ExtRateIe,
+                                                 1,                                            &pAd->MlmeAux.ExtRateLen,
+                                                 pAd->MlmeAux.ExtRateLen,      pAd->MlmeAux.ExtRate,
+                                                 END_OF_ARGS);
+               FrameLen += tmp;
+       }
+
+#ifdef DOT11_N_SUPPORT
+       if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+       {
+               UCHAR HtLen;
+
+#ifdef RT_BIG_ENDIAN
+               HT_CAPABILITY_IE HtCapabilityTmp;
+#endif
+
+               // add HT Capability IE
+               HtLen = sizeof(HT_CAPABILITY_IE);
+#ifndef RT_BIG_ENDIAN
+               MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                       1,                                              &HtCapIe,
+                                                       1,                                              &HtLen,
+                                                       HtLen,                                  &pAd->CommonCfg.HtCapability,
+                                                       END_OF_ARGS);
+#else
+               NdisMoveMemory(&HtCapabilityTmp, &pAd->CommonCfg.HtCapability, HtLen);
+                                                       *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+                                                       *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+
+               MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                       1,                                              &HtCapIe,
+                                                       1,                                              &HtLen,
+                                                       HtLen,                                  &HtCapabilityTmp,
+                                                       END_OF_ARGS);
+#endif
+               FrameLen = FrameLen + tmp;
+       }
+#endif // DOT11_N_SUPPORT //
+
+       RTMPCancelTimer(&pDLS->Timer, &TimerCancelled);
+       Timeout = DLS_TIMEOUT;
+       RTMPSetTimer(&pDLS->Timer, Timeout);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID PeerDlsReqAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       ULONG                   FrameLen = 0;
+       USHORT                  StatusCode = MLME_SUCCESS;
+       HEADER_802_11   DlsRspHdr;
+       UCHAR                   Category = CATEGORY_DLS;
+       UCHAR                   Action = ACTION_DLS_RESPONSE;
+       ULONG                   tmp;
+       USHORT                  CapabilityInfo;
+       UCHAR                   DA[MAC_ADDR_LEN], SA[MAC_ADDR_LEN];
+       USHORT                  DLSTimeOut;
+       SHORT                   i;
+       ULONG                   Timeout;
+       BOOLEAN                 TimerCancelled;
+       PRT_802_11_DLS  pDLS = NULL;
+       UCHAR                   MaxSupportedRateIn500Kbps = 0;
+    UCHAR                      SupportedRatesLen;
+    UCHAR                      SupportedRates[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR                   HtCapabilityLen;
+       HT_CAPABILITY_IE        HtCapability;
+
+       if (!PeerDlsReqSanity(pAd, Elem->Msg, Elem->MsgLen, DA, SA, &CapabilityInfo, &DLSTimeOut,
+                                                       &SupportedRatesLen, &SupportedRates[0], &HtCapabilityLen, &HtCapability))
+               return;
+
+    // supported rates array may not be sorted. sort it and find the maximum rate
+    for (i = 0; i < SupportedRatesLen; i++)
+    {
+        if (MaxSupportedRateIn500Kbps < (SupportedRates[i] & 0x7f))
+            MaxSupportedRateIn500Kbps = SupportedRates[i] & 0x7f;
+    }
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsReqAction() from %02x:%02x:%02x:%02x:%02x:%02x\n", SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsReqAction() allocate memory failed \n"));
+               return;
+       }
+
+       if (!INFRA_ON(pAd))
+       {
+               StatusCode = MLME_REQUEST_DECLINED;
+       }
+       else if (!pAd->CommonCfg.bWmmCapable)
+       {
+               StatusCode = MLME_DEST_STA_IS_NOT_A_QSTA;
+       }
+       else if (!pAd->CommonCfg.bDLSCapable)
+       {
+               StatusCode = MLME_REQUEST_DECLINED;
+       }
+       else
+       {
+               // find table to update parameters
+               for (i = (MAX_NUM_OF_DLS_ENTRY-1); i >= 0; i--)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(SA, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_WAIT_KEY;
+                               else
+                               {
+                                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                               }
+
+                               pAd->StaCfg.DLSEntry[i].Sequence = 0;
+                               pAd->StaCfg.DLSEntry[i].TimeOut = DLSTimeOut;
+                               pAd->StaCfg.DLSEntry[i].CountDownTimer = DLSTimeOut;
+                               if (HtCapabilityLen != 0)
+                                       pAd->StaCfg.DLSEntry[i].bHTCap = TRUE;
+                               else
+                                       pAd->StaCfg.DLSEntry[i].bHTCap = FALSE;
+                               pDLS = &pAd->StaCfg.DLSEntry[i];
+                               break;
+                       }
+               }
+
+               // can not find in table, create a new one
+               if (i < 0)
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsReqAction() can not find same entry \n"));
+                       for (i=(MAX_NUM_OF_DLS_ENTRY - 1); i >= MAX_NUM_OF_INIT_DLS_ENTRY; i--)
+                       {
+                               if (!pAd->StaCfg.DLSEntry[i].Valid)
+                               {
+                                       MAC_TABLE_ENTRY *pEntry;
+                                       UCHAR MaxSupportedRate = RATE_11;
+
+                                       if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                                       {
+                                               pAd->StaCfg.DLSEntry[i].Status = DLS_WAIT_KEY;
+                                       }
+                                       else
+                                       {
+                                               RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                                               pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                                       }
+
+                                       pAd->StaCfg.DLSEntry[i].Sequence = 0;
+                                       pAd->StaCfg.DLSEntry[i].Valid = TRUE;
+                                       pAd->StaCfg.DLSEntry[i].TimeOut = DLSTimeOut;
+                                       pAd->StaCfg.DLSEntry[i].CountDownTimer = DLSTimeOut;
+                                       NdisMoveMemory(pAd->StaCfg.DLSEntry[i].MacAddr, SA, MAC_ADDR_LEN);
+                                       if (HtCapabilityLen != 0)
+                                               pAd->StaCfg.DLSEntry[i].bHTCap = TRUE;
+                                       else
+                                               pAd->StaCfg.DLSEntry[i].bHTCap = FALSE;
+                                       pDLS = &pAd->StaCfg.DLSEntry[i];
+                                       pEntry = MacTableInsertDlsEntry(pAd, SA, i);
+
+                                       switch (MaxSupportedRateIn500Kbps)
+                                       {
+                                               case 108: MaxSupportedRate = RATE_54;   break;
+                                               case 96:  MaxSupportedRate = RATE_48;   break;
+                                               case 72:  MaxSupportedRate = RATE_36;   break;
+                                               case 48:  MaxSupportedRate = RATE_24;   break;
+                                               case 36:  MaxSupportedRate = RATE_18;   break;
+                                               case 24:  MaxSupportedRate = RATE_12;   break;
+                                               case 18:  MaxSupportedRate = RATE_9;    break;
+                                               case 12:  MaxSupportedRate = RATE_6;    break;
+                                               case 22:  MaxSupportedRate = RATE_11;   break;
+                                               case 11:  MaxSupportedRate = RATE_5_5;  break;
+                                               case 4:   MaxSupportedRate = RATE_2;    break;
+                                               case 2:   MaxSupportedRate = RATE_1;    break;
+                                               default:  MaxSupportedRate = RATE_11;   break;
+                                       }
+
+                                       pEntry->MaxSupportedRate = min(pAd->CommonCfg.MaxTxRate, MaxSupportedRate);
+
+                                       if (pEntry->MaxSupportedRate < RATE_FIRST_OFDM_RATE)
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->MaxHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                               pEntry->MinHTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->MinHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                               pEntry->HTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->HTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                       }
+                                       else
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->MaxHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                               pEntry->MinHTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->MinHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                               pEntry->HTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                       }
+
+                                       pEntry->MaxHTPhyMode.field.BW = BW_20;
+                                       pEntry->MinHTPhyMode.field.BW = BW_20;
+
+#ifdef DOT11_N_SUPPORT
+                                       pEntry->HTCapability.MCSSet[0] = 0;
+                                       pEntry->HTCapability.MCSSet[1] = 0;
+
+                                       // If this Entry supports 802.11n, upgrade to HT rate.
+                                       if ((HtCapabilityLen != 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+                                       {
+                                               UCHAR   j, bitmask; //k,bitmask;
+                                               CHAR    ii;
+
+                                               DBGPRINT(RT_DEBUG_TRACE, ("DLS - PeerDlsReqAction() Receive Peer HT Capable STA from %02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                                       SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+
+                                               if ((HtCapability.HtCapInfo.GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTGREENFIELD;
+                                               }
+                                               else
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                                       pAd->MacTab.fAnyStationNonGF = TRUE;
+                                                       pAd->CommonCfg.AddHTInfo.AddHtInfo2.NonGfPresent = 1;
+                                               }
+
+                                               if ((HtCapability.HtCapInfo.ChannelWidth) && (pAd->CommonCfg.DesiredHtPhy.ChannelWidth))
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.BW= BW_40;
+                                                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor40)&(HtCapability.HtCapInfo.ShortGIfor40));
+                                               }
+                                               else
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.BW = BW_20;
+                                                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor20)&(HtCapability.HtCapInfo.ShortGIfor20));
+                                                       pAd->MacTab.fAnyStation20Only = TRUE;
+                                               }
+
+                                               // find max fixed rate
+                                               for (ii=15; ii>=0; ii--)
+                                               {
+                                                       j = ii/8;
+                                                       bitmask = (1<<(ii-(j*8)));
+                                                       if ( (pAd->StaCfg.DesiredHtPhyInfo.MCSSet[j]&bitmask) && (HtCapability.MCSSet[j]&bitmask))
+                                                       {
+                                                               pEntry->MaxHTPhyMode.field.MCS = ii;
+                                                               break;
+                                                       }
+                                                       if (ii==0)
+                                                               break;
+                                               }
+
+
+                                               if (pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO)
+                                               {
+
+                                                       DBGPRINT(RT_DEBUG_OFF, ("@@@ pAd->CommonCfg.RegTransmitSetting.field.MCS = %d\n",
+                                                                               pAd->StaCfg.DesiredTransmitSetting.field.MCS));
+                                                       if (pAd->StaCfg.DesiredTransmitSetting.field.MCS == 32)
+                                                       {
+                                                               // Fix MCS as HT Duplicated Mode
+                                                               pEntry->MaxHTPhyMode.field.BW = 1;
+                                                               pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                                               pEntry->MaxHTPhyMode.field.STBC = 0;
+                                                               pEntry->MaxHTPhyMode.field.ShortGI = 0;
+                                                               pEntry->MaxHTPhyMode.field.MCS = 32;
+                                                       }
+                                                       else if (pEntry->MaxHTPhyMode.field.MCS > pAd->StaCfg.HTPhyMode.field.MCS)
+                                                       {
+                                                               // STA supports fixed MCS
+                                                               pEntry->MaxHTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
+                                                       }
+                                               }
+
+                                               pEntry->MaxHTPhyMode.field.STBC = (HtCapability.HtCapInfo.RxSTBC & (pAd->CommonCfg.DesiredHtPhy.TxSTBC));
+                                               pEntry->MpduDensity = HtCapability.HtCapParm.MpduDensity;
+                                               pEntry->MaxRAmpduFactor = HtCapability.HtCapParm.MaxRAmpduFactor;
+                                               pEntry->MmpsMode = (UCHAR)HtCapability.HtCapInfo.MimoPs;
+                                               pEntry->AMsduSize = (UCHAR)HtCapability.HtCapInfo.AMsduSize;
+                                               pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+
+                                               if (HtCapability.HtCapInfo.ShortGIfor20)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE);
+                                               if (HtCapability.HtCapInfo.ShortGIfor40)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE);
+                                               if (HtCapability.HtCapInfo.TxSTBC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_TxSTBC_CAPABLE);
+                                               if (HtCapability.HtCapInfo.RxSTBC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RxSTBC_CAPABLE);
+                                               if (HtCapability.ExtHtCapInfo.PlusHTC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_HTC_CAPABLE);
+                                               if (pAd->CommonCfg.bRdg && HtCapability.ExtHtCapInfo.RDGSupport)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RDG_CAPABLE);
+                                               if (HtCapability.ExtHtCapInfo.MCSFeedback == 0x03)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_MCSFEEDBACK_CAPABLE);
+
+                                               NdisMoveMemory(&pEntry->HTCapability, &HtCapability, sizeof(HT_CAPABILITY_IE));
+                                       }
+#endif // DOT11_N_SUPPORT //
+
+                                       pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+                                       pEntry->CurrTxRate = pEntry->MaxSupportedRate;
+                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
+
+                                       if (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
+                                       {
+                                               PUCHAR pTable;
+                                               UCHAR TableSize = 0;
+
+                                               MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &pEntry->CurrTxRateIndex);
+                                               pEntry->bAutoTxRateSwitch = TRUE;
+                                       }
+                                       else
+                                       {
+                                               pEntry->HTPhyMode.field.MODE    = pAd->StaCfg.HTPhyMode.field.MODE;
+                                               pEntry->HTPhyMode.field.MCS     = pAd->StaCfg.HTPhyMode.field.MCS;
+                                               pEntry->bAutoTxRateSwitch = FALSE;
+
+                                               RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
+                                       }
+                                       pEntry->RateLen = SupportedRatesLen;
+
+                                       break;
+                               }
+                       }
+               }
+               StatusCode = MLME_SUCCESS;
+
+               // can not find in table, create a new one
+               if (i < 0)
+               {
+                       StatusCode = MLME_QOS_UNSPECIFY;
+                       DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsReqAction() DLSEntry table full(only can support %d DLS session) \n", MAX_NUM_OF_DLS_ENTRY - MAX_NUM_OF_INIT_DLS_ENTRY));
+               }
+               else
+               {
+                       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsReqAction() use entry(%d) %02x:%02x:%02x:%02x:%02x:%02x\n",
+                               i, SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+               }
+       }
+
+       ActHeaderInit(pAd, &DlsRspHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+
+       // Build basic frame first
+       if (StatusCode == MLME_SUCCESS)
+       {
+               MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                               sizeof(HEADER_802_11),          &DlsRspHdr,
+                                               1,                                                      &Category,
+                                               1,                                                      &Action,
+                                               2,                                                      &StatusCode,
+                                               6,                                                      SA,
+                                               6,                                                      pAd->CurrentAddress,
+                                               2,                                                      &pAd->StaActive.CapabilityInfo,
+                                               1,                                                      &SupRateIe,
+                                               1,                                                      &pAd->MlmeAux.SupRateLen,
+                                               pAd->MlmeAux.SupRateLen,        pAd->MlmeAux.SupRate,
+                                               END_OF_ARGS);
+
+               if (pAd->MlmeAux.ExtRateLen != 0)
+               {
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                         1,                                            &ExtRateIe,
+                                                         1,                                            &pAd->MlmeAux.ExtRateLen,
+                                                         pAd->MlmeAux.ExtRateLen,      pAd->MlmeAux.ExtRate,
+                                                         END_OF_ARGS);
+                       FrameLen += tmp;
+               }
+
+#ifdef DOT11_N_SUPPORT
+               if ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+               {
+                       UCHAR HtLen;
+
+#ifdef RT_BIG_ENDIAN
+                       HT_CAPABILITY_IE HtCapabilityTmp;
+#endif
+
+                       // add HT Capability IE
+                       HtLen = sizeof(HT_CAPABILITY_IE);
+#ifndef RT_BIG_ENDIAN
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                               1,                                              &HtCapIe,
+                                                               1,                                              &HtLen,
+                                                               HtLen,                                  &pAd->CommonCfg.HtCapability,
+                                                               END_OF_ARGS);
+#else
+                       NdisMoveMemory(&HtCapabilityTmp, &pAd->CommonCfg.HtCapability, HtLen);
+                                                               *(USHORT *)(&HtCapabilityTmp.HtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.HtCapInfo));
+                                                               *(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo) = SWAP16(*(USHORT *)(&HtCapabilityTmp.ExtHtCapInfo));
+
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                               1,                                              &HtCapIe,
+                                                               1,                                              &HtLen,
+                                                               HtLen,                                  &HtCapabilityTmp,
+                                                               END_OF_ARGS);
+#endif
+                       FrameLen = FrameLen + tmp;
+               }
+#endif // DOT11_N_SUPPORT //
+
+               if (pDLS && (pDLS->Status != DLS_FINISH))
+               {
+                       RTMPCancelTimer(&pDLS->Timer, &TimerCancelled);
+                       Timeout = DLS_TIMEOUT;
+                       RTMPSetTimer(&pDLS->Timer, Timeout);
+               }
+       }
+       else
+       {
+               MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                               sizeof(HEADER_802_11),          &DlsRspHdr,
+                                               1,                                                      &Category,
+                                               1,                                                      &Action,
+                                               2,                                                      &StatusCode,
+                                               6,                                                      SA,
+                                               6,                                                      pAd->CurrentAddress,
+                                               END_OF_ARGS);
+       }
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID PeerDlsRspAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT          CapabilityInfo;
+       UCHAR           DA[MAC_ADDR_LEN], SA[MAC_ADDR_LEN];
+       USHORT          StatusCode;
+       SHORT           i;
+       BOOLEAN         TimerCancelled;
+       UCHAR           MaxSupportedRateIn500Kbps = 0;
+    UCHAR              SupportedRatesLen;
+    UCHAR              SupportedRates[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR           HtCapabilityLen;
+       HT_CAPABILITY_IE        HtCapability;
+
+       if (!pAd->CommonCfg.bDLSCapable)
+               return;
+
+       if (!INFRA_ON(pAd))
+               return;
+
+       if (!PeerDlsRspSanity(pAd, Elem->Msg, Elem->MsgLen, DA, SA, &CapabilityInfo, &StatusCode,
+                                                       &SupportedRatesLen, &SupportedRates[0], &HtCapabilityLen, &HtCapability))
+               return;
+
+    // supported rates array may not be sorted. sort it and find the maximum rate
+    for (i=0; i<SupportedRatesLen; i++)
+    {
+        if (MaxSupportedRateIn500Kbps < (SupportedRates[i] & 0x7f))
+            MaxSupportedRateIn500Kbps = SupportedRates[i] & 0x7f;
+    }
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsRspAction() from %02x:%02x:%02x:%02x:%02x:%02x with StatusCode=%d, CapabilityInfo=0x%x\n",
+               SA[0], SA[1], SA[2], SA[3], SA[4], SA[5], StatusCode, CapabilityInfo));
+
+       for (i = 0; i < MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(SA, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       if (StatusCode == MLME_SUCCESS)
+                       {
+                               MAC_TABLE_ENTRY *pEntry;
+                               UCHAR MaxSupportedRate = RATE_11;
+
+                               pEntry = MacTableInsertDlsEntry(pAd, SA, i);
+
+                               switch (MaxSupportedRateIn500Kbps)
+                               {
+                                       case 108: MaxSupportedRate = RATE_54;   break;
+                                       case 96:  MaxSupportedRate = RATE_48;   break;
+                                       case 72:  MaxSupportedRate = RATE_36;   break;
+                                       case 48:  MaxSupportedRate = RATE_24;   break;
+                                       case 36:  MaxSupportedRate = RATE_18;   break;
+                                       case 24:  MaxSupportedRate = RATE_12;   break;
+                                       case 18:  MaxSupportedRate = RATE_9;    break;
+                                       case 12:  MaxSupportedRate = RATE_6;    break;
+                                       case 22:  MaxSupportedRate = RATE_11;   break;
+                                       case 11:  MaxSupportedRate = RATE_5_5;  break;
+                                       case 4:   MaxSupportedRate = RATE_2;    break;
+                                       case 2:   MaxSupportedRate = RATE_1;    break;
+                                       default:  MaxSupportedRate = RATE_11;   break;
+                               }
+
+                               pEntry->MaxSupportedRate = min(pAd->CommonCfg.MaxTxRate, MaxSupportedRate);
+
+                               if (pEntry->MaxSupportedRate < RATE_FIRST_OFDM_RATE)
+                               {
+                                       pEntry->MaxHTPhyMode.field.MODE = MODE_CCK;
+                                       pEntry->MaxHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                       pEntry->MinHTPhyMode.field.MODE = MODE_CCK;
+                                       pEntry->MinHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                       pEntry->HTPhyMode.field.MODE = MODE_CCK;
+                                       pEntry->HTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                               }
+                               else
+                               {
+                                       pEntry->MaxHTPhyMode.field.MODE = MODE_OFDM;
+                                       pEntry->MaxHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                       pEntry->MinHTPhyMode.field.MODE = MODE_OFDM;
+                                       pEntry->MinHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                       pEntry->HTPhyMode.field.MODE = MODE_OFDM;
+                                       pEntry->HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                               }
+
+                               pEntry->MaxHTPhyMode.field.BW = BW_20;
+                               pEntry->MinHTPhyMode.field.BW = BW_20;
+
+#ifdef DOT11_N_SUPPORT
+                               pEntry->HTCapability.MCSSet[0] = 0;
+                               pEntry->HTCapability.MCSSet[1] = 0;
+
+                               // If this Entry supports 802.11n, upgrade to HT rate.
+                               if ((HtCapabilityLen != 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+                               {
+                                       UCHAR   j, bitmask; //k,bitmask;
+                                       CHAR    ii;
+
+                                       DBGPRINT(RT_DEBUG_OFF, ("DLS - PeerDlsRspAction Receive Peer HT Capable STA from %02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                               SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+
+                                       if ((HtCapability.HtCapInfo.GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_HTGREENFIELD;
+                                       }
+                                       else
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                               pAd->MacTab.fAnyStationNonGF = TRUE;
+                                               pAd->CommonCfg.AddHTInfo.AddHtInfo2.NonGfPresent = 1;
+                                       }
+
+                                       if ((HtCapability.HtCapInfo.ChannelWidth) && (pAd->CommonCfg.DesiredHtPhy.ChannelWidth))
+                                       {
+                                               pEntry->MaxHTPhyMode.field.BW= BW_40;
+                                               pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor40)&(HtCapability.HtCapInfo.ShortGIfor40));
+                                       }
+                                       else
+                                       {
+                                               pEntry->MaxHTPhyMode.field.BW = BW_20;
+                                               pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor20)&(HtCapability.HtCapInfo.ShortGIfor20));
+                                               pAd->MacTab.fAnyStation20Only = TRUE;
+                                       }
+
+                                       // find max fixed rate
+                                       for (ii=15; ii>=0; ii--)
+                                       {
+                                               j = ii/8;
+                                               bitmask = (1<<(ii-(j*8)));
+                                               if ( (pAd->StaCfg.DesiredHtPhyInfo.MCSSet[j]&bitmask) && (HtCapability.MCSSet[j]&bitmask))
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.MCS = ii;
+                                                       break;
+                                               }
+                                               if (ii==0)
+                                                       break;
+                                       }
+
+                                       if (pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO)
+                                       {
+                                               if (pAd->StaCfg.DesiredTransmitSetting.field.MCS == 32)
+                                               {
+                                                       // Fix MCS as HT Duplicated Mode
+                                                       pEntry->MaxHTPhyMode.field.BW = 1;
+                                                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                                       pEntry->MaxHTPhyMode.field.STBC = 0;
+                                                       pEntry->MaxHTPhyMode.field.ShortGI = 0;
+                                                       pEntry->MaxHTPhyMode.field.MCS = 32;
+                                               }
+                                               else if (pEntry->MaxHTPhyMode.field.MCS > pAd->StaCfg.HTPhyMode.field.MCS)
+                                               {
+                                                       // STA supports fixed MCS
+                                                       pEntry->MaxHTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
+                                               }
+                                       }
+
+                                       pEntry->MaxHTPhyMode.field.STBC = (HtCapability.HtCapInfo.RxSTBC & (pAd->CommonCfg.DesiredHtPhy.TxSTBC));
+                                       pEntry->MpduDensity = HtCapability.HtCapParm.MpduDensity;
+                                       pEntry->MaxRAmpduFactor = HtCapability.HtCapParm.MaxRAmpduFactor;
+                                       pEntry->MmpsMode = (UCHAR)HtCapability.HtCapInfo.MimoPs;
+                                       pEntry->AMsduSize = (UCHAR)HtCapability.HtCapInfo.AMsduSize;
+                                       pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+
+                                       if (HtCapability.HtCapInfo.ShortGIfor20)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE);
+                                       if (HtCapability.HtCapInfo.ShortGIfor40)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE);
+                                       if (HtCapability.HtCapInfo.TxSTBC)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_TxSTBC_CAPABLE);
+                                       if (HtCapability.HtCapInfo.RxSTBC)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RxSTBC_CAPABLE);
+                                       if (HtCapability.ExtHtCapInfo.PlusHTC)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_HTC_CAPABLE);
+                                       if (pAd->CommonCfg.bRdg && HtCapability.ExtHtCapInfo.RDGSupport)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RDG_CAPABLE);
+                                       if (HtCapability.ExtHtCapInfo.MCSFeedback == 0x03)
+                                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_MCSFEEDBACK_CAPABLE);
+
+                                       NdisMoveMemory(&pEntry->HTCapability, &HtCapability, sizeof(HT_CAPABILITY_IE));
+                               }
+#endif // DOT11_N_SUPPORT //
+                               pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+                               pEntry->CurrTxRate = pEntry->MaxSupportedRate;
+                               CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
+
+                               if (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
+                               {
+                                       PUCHAR pTable;
+                                       UCHAR TableSize = 0;
+
+                                       MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &pEntry->CurrTxRateIndex);
+                                       pEntry->bAutoTxRateSwitch = TRUE;
+                               }
+                               else
+                               {
+                                       pEntry->HTPhyMode.field.MODE    = pAd->StaCfg.HTPhyMode.field.MODE;
+                                       pEntry->HTPhyMode.field.MCS     = pAd->StaCfg.HTPhyMode.field.MCS;
+                                       pEntry->bAutoTxRateSwitch = FALSE;
+
+                                       RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
+                               }
+                               pEntry->RateLen = SupportedRatesLen;
+
+                               if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                               {
+                                       // If support WPA or WPA2, start STAKey hand shake,
+                                       // If failed hand shake, just tear down peer DLS
+                                       if (RTMPSendSTAKeyRequest(pAd, pAd->StaCfg.DLSEntry[i].MacAddr) != NDIS_STATUS_SUCCESS)
+                                       {
+                                               MLME_DLS_REQ_STRUCT     MlmeDlsReq;
+                                               USHORT                          reason = REASON_QOS_CIPHER_NOT_SUPPORT;
+
+                                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                                               pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                               DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsRspAction failed when call RTMPSendSTAKeyRequest \n"));
+                                       }
+                                       else
+                                       {
+                                               pAd->StaCfg.DLSEntry[i].Status = DLS_WAIT_KEY;
+                                               DBGPRINT(RT_DEBUG_TRACE,("DLS - waiting for STAKey handshake procedure\n"));
+                                       }
+                               }
+                               else
+                               {
+                                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                                       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsRspAction() from %02x:%02x:%02x:%02x:%02x:%02x Succeed with WEP or no security\n", SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+                               }
+
+                               //initialize seq no for DLS frames.
+                               pAd->StaCfg.DLSEntry[i].Sequence = 0;
+                               if (HtCapabilityLen != 0)
+                                       pAd->StaCfg.DLSEntry[i].bHTCap = TRUE;
+                               else
+                                       pAd->StaCfg.DLSEntry[i].bHTCap = FALSE;
+                       }
+                       else
+                       {
+                               // DLS setup procedure failed.
+                               pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                               DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsRspAction failed with StatusCode=%d \n", StatusCode));
+                       }
+               }
+       }
+
+       if (i >= MAX_NUM_OF_INIT_DLS_ENTRY)
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsRspAction() update timeout value \n"));
+               for (i=(MAX_NUM_OF_DLS_ENTRY-1); i>=MAX_NUM_OF_INIT_DLS_ENTRY; i--)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(SA, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               if (StatusCode == MLME_SUCCESS)
+                               {
+                                       MAC_TABLE_ENTRY *pEntry;
+                                       UCHAR MaxSupportedRate = RATE_11;
+
+                                       pEntry = MacTableInsertDlsEntry(pAd, SA, i);
+
+                                       switch (MaxSupportedRateIn500Kbps)
+                                       {
+                                               case 108: MaxSupportedRate = RATE_54;   break;
+                                               case 96:  MaxSupportedRate = RATE_48;   break;
+                                               case 72:  MaxSupportedRate = RATE_36;   break;
+                                               case 48:  MaxSupportedRate = RATE_24;   break;
+                                               case 36:  MaxSupportedRate = RATE_18;   break;
+                                               case 24:  MaxSupportedRate = RATE_12;   break;
+                                               case 18:  MaxSupportedRate = RATE_9;    break;
+                                               case 12:  MaxSupportedRate = RATE_6;    break;
+                                               case 22:  MaxSupportedRate = RATE_11;   break;
+                                               case 11:  MaxSupportedRate = RATE_5_5;  break;
+                                               case 4:   MaxSupportedRate = RATE_2;    break;
+                                               case 2:   MaxSupportedRate = RATE_1;    break;
+                                               default:  MaxSupportedRate = RATE_11;   break;
+                                       }
+
+                                       pEntry->MaxSupportedRate = min(pAd->CommonCfg.MaxTxRate, MaxSupportedRate);
+
+                                       if (pEntry->MaxSupportedRate < RATE_FIRST_OFDM_RATE)
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->MaxHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                               pEntry->MinHTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->MinHTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                               pEntry->HTPhyMode.field.MODE = MODE_CCK;
+                                               pEntry->HTPhyMode.field.MCS = pEntry->MaxSupportedRate;
+                                       }
+                                       else
+                                       {
+                                               pEntry->MaxHTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->MaxHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                               pEntry->MinHTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->MinHTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                               pEntry->HTPhyMode.field.MODE = MODE_OFDM;
+                                               pEntry->HTPhyMode.field.MCS = OfdmRateToRxwiMCS[pEntry->MaxSupportedRate];
+                                       }
+
+                                       pEntry->MaxHTPhyMode.field.BW = BW_20;
+                                       pEntry->MinHTPhyMode.field.BW = BW_20;
+
+#ifdef DOT11_N_SUPPORT
+                                       pEntry->HTCapability.MCSSet[0] = 0;
+                                       pEntry->HTCapability.MCSSet[1] = 0;
+
+                                       // If this Entry supports 802.11n, upgrade to HT rate.
+                                       if ((HtCapabilityLen != 0) && (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED))
+                                       {
+                                               UCHAR   j, bitmask; //k,bitmask;
+                                               CHAR    ii;
+
+                                               DBGPRINT(RT_DEBUG_TRACE, ("DLS - PeerDlsRspAction Receive Peer HT Capable STA from %02x:%02x:%02x:%02x:%02x:%02x\n",
+                                                                       SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+
+                                               if ((HtCapability.HtCapInfo.GF) && (pAd->CommonCfg.DesiredHtPhy.GF))
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTGREENFIELD;
+                                               }
+                                               else
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                                       pAd->MacTab.fAnyStationNonGF = TRUE;
+                                                       pAd->CommonCfg.AddHTInfo.AddHtInfo2.NonGfPresent = 1;
+                                               }
+
+                                               if ((HtCapability.HtCapInfo.ChannelWidth) && (pAd->CommonCfg.DesiredHtPhy.ChannelWidth))
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.BW= BW_40;
+                                                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor40)&(HtCapability.HtCapInfo.ShortGIfor40));
+                                               }
+                                               else
+                                               {
+                                                       pEntry->MaxHTPhyMode.field.BW = BW_20;
+                                                       pEntry->MaxHTPhyMode.field.ShortGI = ((pAd->CommonCfg.DesiredHtPhy.ShortGIfor20)&(HtCapability.HtCapInfo.ShortGIfor20));
+                                                       pAd->MacTab.fAnyStation20Only = TRUE;
+                                               }
+
+                                               // find max fixed rate
+                                               for (ii=15; ii>=0; ii--)
+                                               {
+                                                       j = ii/8;
+                                                       bitmask = (1<<(ii-(j*8)));
+                                                       if ( (pAd->StaCfg.DesiredHtPhyInfo.MCSSet[j]&bitmask) && (HtCapability.MCSSet[j]&bitmask))
+                                                       {
+                                                               pEntry->MaxHTPhyMode.field.MCS = ii;
+                                                               break;
+                                                       }
+                                                       if (ii==0)
+                                                               break;
+                                               }
+
+                                               if (pAd->StaCfg.DesiredTransmitSetting.field.MCS != MCS_AUTO)
+                                               {
+                                                       DBGPRINT(RT_DEBUG_OFF, ("@@@ pAd->CommonCfg.RegTransmitSetting.field.MCS = %d\n",
+                                                                                                       pAd->StaCfg.DesiredTransmitSetting.field.MCS));
+                                                       if (pAd->StaCfg.DesiredTransmitSetting.field.MCS == 32)
+                                                       {
+                                                               // Fix MCS as HT Duplicated Mode
+                                                               pEntry->MaxHTPhyMode.field.BW = 1;
+                                                               pEntry->MaxHTPhyMode.field.MODE = MODE_HTMIX;
+                                                               pEntry->MaxHTPhyMode.field.STBC = 0;
+                                                               pEntry->MaxHTPhyMode.field.ShortGI = 0;
+                                                               pEntry->MaxHTPhyMode.field.MCS = 32;
+                                                       }
+                                                       else if (pEntry->MaxHTPhyMode.field.MCS > pAd->StaCfg.HTPhyMode.field.MCS)
+                                                       {
+                                                               // STA supports fixed MCS
+                                                               pEntry->MaxHTPhyMode.field.MCS = pAd->StaCfg.HTPhyMode.field.MCS;
+                                                       }
+                                               }
+
+                                               pEntry->MaxHTPhyMode.field.STBC = (HtCapability.HtCapInfo.RxSTBC & (pAd->CommonCfg.DesiredHtPhy.TxSTBC));
+                                               pEntry->MpduDensity = HtCapability.HtCapParm.MpduDensity;
+                                               pEntry->MaxRAmpduFactor = HtCapability.HtCapParm.MaxRAmpduFactor;
+                                               pEntry->MmpsMode = (UCHAR)HtCapability.HtCapInfo.MimoPs;
+                                               pEntry->AMsduSize = (UCHAR)HtCapability.HtCapInfo.AMsduSize;
+                                               pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+
+                                               if (HtCapability.HtCapInfo.ShortGIfor20)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI20_CAPABLE);
+                                               if (HtCapability.HtCapInfo.ShortGIfor40)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_SGI40_CAPABLE);
+                                               if (HtCapability.HtCapInfo.TxSTBC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_TxSTBC_CAPABLE);
+                                               if (HtCapability.HtCapInfo.RxSTBC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RxSTBC_CAPABLE);
+                                               if (HtCapability.ExtHtCapInfo.PlusHTC)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_HTC_CAPABLE);
+                                               if (pAd->CommonCfg.bRdg && HtCapability.ExtHtCapInfo.RDGSupport)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_RDG_CAPABLE);
+                                               if (HtCapability.ExtHtCapInfo.MCSFeedback == 0x03)
+                                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_MCSFEEDBACK_CAPABLE);
+
+                                               NdisMoveMemory(&pEntry->HTCapability, &HtCapability, sizeof(HT_CAPABILITY_IE));
+                                       }
+#endif // DOT11_N_SUPPORT //
+
+                                       pEntry->HTPhyMode.word = pEntry->MaxHTPhyMode.word;
+                                       pEntry->CurrTxRate = pEntry->MaxSupportedRate;
+                                       CLIENT_STATUS_SET_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE);
+
+                                       if (pAd->StaCfg.bAutoTxRateSwitch == TRUE)
+                                       {
+                                               PUCHAR pTable;
+                                               UCHAR TableSize = 0;
+
+                                               MlmeSelectTxRateTable(pAd, pEntry, &pTable, &TableSize, &pEntry->CurrTxRateIndex);
+                                               pEntry->bAutoTxRateSwitch = TRUE;
+                                       }
+                                       else
+                                       {
+                                               pEntry->HTPhyMode.field.MODE    = pAd->StaCfg.HTPhyMode.field.MODE;
+                                               pEntry->HTPhyMode.field.MCS     = pAd->StaCfg.HTPhyMode.field.MCS;
+                                               pEntry->bAutoTxRateSwitch = FALSE;
+
+                                               RTMPUpdateLegacyTxSetting((UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.FixedTxMode, pEntry);
+                                       }
+                                       pEntry->RateLen = SupportedRatesLen;
+
+                                       if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                                       {
+                                               // If support WPA or WPA2, start STAKey hand shake,
+                                               // If failed hand shake, just tear down peer DLS
+                                               if (RTMPSendSTAKeyRequest(pAd, pAd->StaCfg.DLSEntry[i].MacAddr) != NDIS_STATUS_SUCCESS)
+                                               {
+                                                       MLME_DLS_REQ_STRUCT     MlmeDlsReq;
+                                                       USHORT                          reason = REASON_QOS_CIPHER_NOT_SUPPORT;
+
+                                                       DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                                                       MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                                                       pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                                       DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsRspAction failed when call RTMPSendSTAKeyRequest \n"));
+                                               }
+                                               else
+                                               {
+                                                       pAd->StaCfg.DLSEntry[i].Status = DLS_WAIT_KEY;
+                                                       DBGPRINT(RT_DEBUG_TRACE,("DLS - waiting for STAKey handshake procedure\n"));
+                                               }
+                                       }
+                                       else
+                                       {
+                                               RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                                               pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                                               DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsRspAction() from %02x:%02x:%02x:%02x:%02x:%02x Succeed with WEP or no security\n", SA[0], SA[1], SA[2], SA[3], SA[4], SA[5]));
+                                       }
+                                       pAd->StaCfg.DLSEntry[i].Sequence = 0;
+                                       if (HtCapabilityLen != 0)
+                                               pAd->StaCfg.DLSEntry[i].bHTCap = TRUE;
+                                       else
+                                               pAd->StaCfg.DLSEntry[i].bHTCap = FALSE;
+                               }
+                               else
+                               {
+                                       // DLS setup procedure failed.
+                                       pAd->StaCfg.DLSEntry[i].Status = DLS_NONE;
+                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                                       DBGPRINT(RT_DEBUG_ERROR,("DLS - PeerDlsRspAction failed with StatusCode=%d \n", StatusCode));
+                               }
+                       }
+               }
+       }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID MlmeDlsTearDownAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       ULONG                   FrameLen = 0;
+       UCHAR                   Category = CATEGORY_DLS;
+       UCHAR                   Action = ACTION_DLS_TEARDOWN;
+       USHORT                  ReasonCode = REASON_QOS_UNSPECIFY;
+       HEADER_802_11   DlsTearDownHdr;
+       PRT_802_11_DLS  pDLS;
+       BOOLEAN                 TimerCancelled;
+       UCHAR                   i;
+
+       if(!MlmeDlsReqSanity(pAd, Elem->Msg, Elem->MsgLen, &pDLS, &ReasonCode))
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - MlmeDlsTearDownAction() with ReasonCode=%d \n", ReasonCode));
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("DLS - MlmeDlsTearDownAction() allocate memory failed \n"));
+               return;
+       }
+
+       ActHeaderInit(pAd, &DlsTearDownHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+
+       // Build basic frame first
+       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                       sizeof(HEADER_802_11),          &DlsTearDownHdr,
+                                       1,                                                      &Category,
+                                       1,                                                      &Action,
+                                       6,                                                      &pDLS->MacAddr,
+                                       6,                                                      pAd->CurrentAddress,
+                                       2,                                                      &ReasonCode,
+                                       END_OF_ARGS);
+
+       MiniportMMRequest(pAd, QID_AC_BE, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+       RTMPCancelTimer(&pDLS->Timer, &TimerCancelled);
+
+       // Remove key in local dls table entry
+       for (i = 0; i < MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if (MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+
+       // clear peer dls table entry
+       for (i = MAX_NUM_OF_INIT_DLS_ENTRY; i < MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if (MAC_ADDR_EQUAL(pDLS->MacAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID PeerDlsTearDownAction(
+    IN PRTMP_ADAPTER pAd,
+    IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR                   DA[MAC_ADDR_LEN], SA[MAC_ADDR_LEN];
+       USHORT                  ReasonCode;
+       UINT                    i;
+       BOOLEAN                 TimerCancelled;
+
+       if (!pAd->CommonCfg.bDLSCapable)
+               return;
+
+       if (!INFRA_ON(pAd))
+               return;
+
+       if (!PeerDlsTearDownSanity(pAd, Elem->Msg, Elem->MsgLen, DA, SA, &ReasonCode))
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - PeerDlsTearDownAction() from %02x:%02x:%02x:%02x:%02x:%02x with ReasonCode=%d\n", SA[0], SA[1], SA[2], SA[3], SA[4], SA[5], ReasonCode));
+
+       // clear local dls table entry
+       for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(SA, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                       //AsicDelWcidTab(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID);
+                       //AsicRemovePairwiseKeyEntry(pAd, BSS0, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID);
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+
+       // clear peer dls table entry
+       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(SA, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                       RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+                       //AsicDelWcidTab(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID);
+                       //AsicRemovePairwiseKeyEntry(pAd, BSS0, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID);
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID RTMPCheckDLSTimeOut(
+       IN PRTMP_ADAPTER        pAd)
+{
+       ULONG                           i;
+       MLME_DLS_REQ_STRUCT     MlmeDlsReq;
+       USHORT                          reason = REASON_QOS_UNSPECIFY;
+
+       if (! pAd->CommonCfg.bDLSCapable)
+               return;
+
+       if (! INFRA_ON(pAd))
+               return;
+
+       // If timeout value is equaled to zero, it means always not be timeout.
+
+       // update local dls table entry
+       for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if ((pAd->StaCfg.DLSEntry[i].Valid) && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                       && (pAd->StaCfg.DLSEntry[i].TimeOut != 0))
+               {
+                       pAd->StaCfg.DLSEntry[i].CountDownTimer --;
+
+                       if (pAd->StaCfg.DLSEntry[i].CountDownTimer == 0)
+                       {
+                               reason = REASON_QOS_REQUEST_TIMEOUT;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                       }
+               }
+       }
+
+       // update peer dls table entry
+       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if ((pAd->StaCfg.DLSEntry[i].Valid) && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                       && (pAd->StaCfg.DLSEntry[i].TimeOut != 0))
+               {
+                       pAd->StaCfg.DLSEntry[i].CountDownTimer --;
+
+                       if (pAd->StaCfg.DLSEntry[i].CountDownTimer == 0)
+                       {
+                               reason = REASON_QOS_REQUEST_TIMEOUT;
+                               pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                               pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                               DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                       }
+               }
+       }
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN RTMPRcvFrameDLSCheck(
+       IN PRTMP_ADAPTER        pAd,
+       IN PHEADER_802_11       pHeader,
+       IN ULONG                        Len,
+       IN PRT28XX_RXD_STRUC    pRxD)
+{
+       ULONG                   i;
+       BOOLEAN                 bFindEntry = FALSE;
+       BOOLEAN                 bSTAKeyFrame = FALSE;
+       PEAPOL_PACKET   pEap;
+       PUCHAR                  pProto, pAddr = NULL;
+       PUCHAR                  pSTAKey = NULL;
+       UCHAR                   ZeroReplay[LEN_KEY_DESC_REPLAY];
+       UCHAR                   Mic[16], OldMic[16];
+       UCHAR                   digest[80];
+       UCHAR                   DlsPTK[80];
+       UCHAR                   temp[64];
+       BOOLEAN                 TimerCancelled;
+       CIPHER_KEY              PairwiseKey;
+
+
+       if (! pAd->CommonCfg.bDLSCapable)
+               return bSTAKeyFrame;
+
+       if (! INFRA_ON(pAd))
+               return bSTAKeyFrame;
+
+       if (Len < LENGTH_802_11 + 6 + 2) /* LENGTH_802_11 + LLC + EAPOL protocol type */
+               return bSTAKeyFrame;
+
+       pProto  = (PUCHAR)pHeader + LENGTH_802_11;
+
+       if ((pHeader->FC.SubType & 0x08))
+               pProto  += 2;   /* QOS Control field */
+
+     /* Skip 4-bytes for HTC */
+     if (pHeader->FC.Order && (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED)))
+     {
+          pProto += 4;
+     }
+
+       /* L2PAD bit on will pad 2 bytes at LLC */
+       if (pRxD->L2PAD)
+       {
+               pProto += 2;
+       }
+
+       pProto  += 6;   /* 0xAA 0xAA 0xAA 0x00 0x00 0x00 */
+
+       if ((!(pHeader->FC.SubType & 0x08)) && (!RTMPEqualMemory(EAPOL, pProto, 2)))
+               return bSTAKeyFrame;
+
+       pAddr   = pHeader->Addr2;
+
+       if (RTMPEqualMemory(EAPOL, pProto, 2) && (pAd->StaCfg.AuthMode >=  Ndis802_11AuthModeWPA))
+       {
+               pEap = (PEAPOL_PACKET) (pProto + 2);
+
+               DBGPRINT(RT_DEBUG_TRACE,("DLS - Sniff Len=%ld, DataLen=%d, KeyMic=%d, Install=%d, KeyAck=%d, Secure=%d, EKD_DL=%d, Error=%d, Request=%d\n", Len,
+                                                                                    (LENGTH_802_11 + 6 + 2 + 2 + sizeof(EAPOL_PACKET) - MAX_LEN_OF_RSNIE + 16),
+                                                                                    pEap->KeyDesc.KeyInfo.KeyMic,
+                                                                                    pEap->KeyDesc.KeyInfo.Install,
+                                                                                    pEap->KeyDesc.KeyInfo.KeyAck,
+                                                                                    pEap->KeyDesc.KeyInfo.Secure,
+                                                                                    pEap->KeyDesc.KeyInfo.EKD_DL,
+                                                                                    pEap->KeyDesc.KeyInfo.Error,
+                                                                                    pEap->KeyDesc.KeyInfo.Request));
+
+               if ((Len >= (LENGTH_802_11 + 6 + 2 + 2 + sizeof(EAPOL_PACKET) - MAX_LEN_OF_RSNIE + 16)) && pEap->KeyDesc.KeyInfo.KeyMic
+                       && pEap->KeyDesc.KeyInfo.Install && pEap->KeyDesc.KeyInfo.KeyAck && pEap->KeyDesc.KeyInfo.Secure
+                       && pEap->KeyDesc.KeyInfo.EKD_DL && !pEap->KeyDesc.KeyInfo.Error && !pEap->KeyDesc.KeyInfo.Request)
+               {
+                       // First validate replay counter, only accept message with larger replay counter
+                       // Let equal pass, some AP start with all zero replay counter
+                       NdisZeroMemory(ZeroReplay, LEN_KEY_DESC_REPLAY);
+                       if ((RTMPCompareMemory(pEap->KeyDesc.ReplayCounter, pAd->StaCfg.ReplayCounter, LEN_KEY_DESC_REPLAY) != 1) &&
+                               (RTMPCompareMemory(pEap->KeyDesc.ReplayCounter, ZeroReplay, LEN_KEY_DESC_REPLAY) != 0))
+                               return bSTAKeyFrame;
+
+                       //RTMPMoveMemory(pAd->StaCfg.ReplayCounter, pEap->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+                       RTMPMoveMemory(pAd->StaCfg.DlsReplayCounter, pEap->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+                       DBGPRINT(RT_DEBUG_TRACE,("DLS - Sniff replay counter (%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x) Len=%ld, KeyDataLen=%d\n",
+                               pAd->StaCfg.ReplayCounter[0], pAd->StaCfg.ReplayCounter[1], pAd->StaCfg.ReplayCounter[2],
+                               pAd->StaCfg.ReplayCounter[3], pAd->StaCfg.ReplayCounter[4],     pAd->StaCfg.ReplayCounter[5],
+                               pAd->StaCfg.ReplayCounter[6], pAd->StaCfg.ReplayCounter[7], Len, pEap->KeyDesc.KeyData[1]));
+
+                       // put these code segment to get the replay counter
+                       if (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED)
+                               return bSTAKeyFrame;
+
+                       // Check MIC value
+                       // Save the MIC and replace with zero
+                       // use proprietary PTK
+                       NdisZeroMemory(temp, 64);
+                       NdisMoveMemory(temp, "IEEE802.11 WIRELESS ACCESS POINT", 32);
+                       WpaDerivePTK(pAd, temp, temp, pAd->CommonCfg.Bssid, temp, pAd->CurrentAddress, DlsPTK, LEN_PTK);
+
+                       NdisMoveMemory(OldMic, pEap->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
+                       NdisZeroMemory(pEap->KeyDesc.KeyMic, LEN_KEY_DESC_MIC);
+                       if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
+                       {
+                               // AES
+                               HMAC_SHA1(DlsPTK, LEN_EAP_MICK, (PUCHAR) pEap, pEap->Body_Len[1] + 4, digest, SHA1_DIGEST_SIZE);
+                               NdisMoveMemory(Mic,     digest, LEN_KEY_DESC_MIC);
+                       }
+                       else
+                       {
+                               HMAC_MD5(DlsPTK, LEN_EAP_MICK, (PUCHAR) pEap, pEap->Body_Len[1] + 4, Mic, MD5_DIGEST_SIZE);
+                       }
+
+                       if (!NdisEqualMemory(OldMic, Mic, LEN_KEY_DESC_MIC))
+                       {
+                               DBGPRINT(RT_DEBUG_ERROR, ("MIC Different in Msg1 of STAKey handshake! \n"));
+                               return bSTAKeyFrame;
+                       }
+                       else
+                               DBGPRINT(RT_DEBUG_TRACE, ("MIC VALID in Msg1 of STAKey handshake! \n"));
+                       if ((pEap->KeyDesc.KeyData[0] == 0xDD) && (pEap->KeyDesc.KeyData[2] == 0x00) && (pEap->KeyDesc.KeyData[3] == 0x0C)
+                               && (pEap->KeyDesc.KeyData[4] == 0x43) && (pEap->KeyDesc.KeyData[5] == 0x02))
+                       {
+                               pAddr                   = pEap->KeyDesc.KeyData + 8;            // Tpe(1), Len(1), OUI(3), DataType(1), Reserved(2)
+                               pSTAKey                 = pEap->KeyDesc.KeyData + 14;   // Tpe(1), Len(1), OUI(3), DataType(1), Reserved(2), STAKey_Mac_Addr(6)
+
+                               DBGPRINT(RT_DEBUG_TRACE,("DLS - Receive STAKey Message-1 from %02x:%02x:%02x:%02x:%02x:%02x Len=%ld, KeyDataLen=%d\n",
+                                       pAddr[0], pAddr[1], pAddr[2], pAddr[3], pAddr[4], pAddr[5], Len, pEap->KeyDesc.KeyData[1]));
+
+                               bSTAKeyFrame = TRUE;
+                       }
+
+               }
+               else if (Len >= (LENGTH_802_11 + 6 + 2 + 2 + sizeof(EAPOL_PACKET) - MAX_LEN_OF_RSNIE))
+               {
+                       RTMPMoveMemory(pAd->StaCfg.DlsReplayCounter, pEap->KeyDesc.ReplayCounter, LEN_KEY_DESC_REPLAY);
+                       DBGPRINT(RT_DEBUG_TRACE,("DLS - Sniff replay counter 2(%02x-%02x-%02x-%02x-%02x-%02x-%02x-%02x) Len=%ld, KeyDataLen=%d\n",
+                               pAd->StaCfg.ReplayCounter[0], pAd->StaCfg.ReplayCounter[1], pAd->StaCfg.ReplayCounter[2],
+                               pAd->StaCfg.ReplayCounter[3], pAd->StaCfg.ReplayCounter[4],     pAd->StaCfg.ReplayCounter[5],
+                               pAd->StaCfg.ReplayCounter[6], pAd->StaCfg.ReplayCounter[7], Len, pEap->KeyDesc.KeyData[1]));
+               }
+       }
+
+       // If timeout value is equaled to zero, it means always not be timeout.
+       // update local dls table entry
+       for (i= 0; i < MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(pAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       if (bSTAKeyFrame)
+                       {
+                               PMAC_TABLE_ENTRY pEntry;
+
+                               // STAKey frame, add pairwise key table
+                               pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                               RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+
+                               PairwiseKey.KeyLen = LEN_TKIP_EK;
+                               NdisMoveMemory(PairwiseKey.Key, &pSTAKey[0], LEN_TKIP_EK);
+                               NdisMoveMemory(PairwiseKey.TxMic, &pSTAKey[16], LEN_TKIP_RXMICK);
+                               NdisMoveMemory(PairwiseKey.RxMic, &pSTAKey[24], LEN_TKIP_TXMICK);
+
+                               //PairwiseKey.CipherAlg = pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg;
+                               if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+                                       PairwiseKey.CipherAlg = CIPHER_TKIP;
+                               else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+                                       PairwiseKey.CipherAlg = CIPHER_AES;
+
+                               pEntry = DlsEntryTableLookup(pAd, pAd->StaCfg.DLSEntry[i].MacAddr, TRUE);
+                               //AsicAddKeyEntry(pAd, (USHORT)(i + 2), BSS0, 0, &PairwiseKey, TRUE, TRUE);     // reserve 0 for multicast, 1 for unicast
+                               //AsicUpdateRxWCIDTable(pAd, (USHORT)(i + 2), pAddr);
+                               // Add Pair-wise key to Asic
+#ifdef RTMP_MAC_PCI
+                               AsicAddPairwiseKeyEntry(pAd,
+                                                                               pAd->StaCfg.DLSEntry[i].MacAddr,
+                                                                               (UCHAR)pAd->StaCfg.DLSEntry[i].MacTabMatchWCID,
+                                                                               &PairwiseKey);
+
+                               RTMPAddWcidAttributeEntry(pAd,
+                                                                                 BSS0,
+                                                                                 0,
+                                                                                 PairwiseKey.CipherAlg,
+                                                                                 pEntry);
+
+#endif // RTMP_MAC_PCI //
+                               NdisMoveMemory(&pEntry->PairwiseKey, &PairwiseKey, sizeof(CIPHER_KEY));
+                               DBGPRINT(RT_DEBUG_TRACE,("DLS - Receive STAKey Message-1 (Peer STA MAC Address STAKey) \n"));
+
+                               RTMPSendSTAKeyHandShake(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+
+                               DBGPRINT(RT_DEBUG_TRACE,("DLS - Finish STAKey handshake procedure (Initiator side)\n"));
+                       }
+                       else
+                       {
+                               // Data frame, update timeout value
+                               if (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                               {
+                                       pAd->StaCfg.DLSEntry[i].CountDownTimer = pAd->StaCfg.DLSEntry[i].TimeOut;
+                                       //AsicUpdateRxWCIDTable(pAd, (USHORT)(i + 2), pAddr);
+                               }
+                       }
+
+                       bFindEntry = TRUE;
+               }
+       }
+
+       // update peer dls table entry
+       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && MAC_ADDR_EQUAL(pAddr, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       if (bSTAKeyFrame)
+                       {
+                               PMAC_TABLE_ENTRY pEntry = NULL;
+
+                               // STAKey frame, add pairwise key table, and send STAkey Msg-2
+                               pAd->StaCfg.DLSEntry[i].Status = DLS_FINISH;
+                               RTMPCancelTimer(&pAd->StaCfg.DLSEntry[i].Timer, &TimerCancelled);
+
+                               PairwiseKey.KeyLen = LEN_TKIP_EK;
+                               NdisMoveMemory(PairwiseKey.Key, &pSTAKey[0], LEN_TKIP_EK);
+                               NdisMoveMemory(PairwiseKey.TxMic, &pSTAKey[16], LEN_TKIP_RXMICK);
+                               NdisMoveMemory(PairwiseKey.RxMic, &pSTAKey[24], LEN_TKIP_TXMICK);
+
+                               //PairwiseKey.CipherAlg = pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg;
+                               if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+                                       PairwiseKey.CipherAlg = CIPHER_TKIP;
+                               else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+                                       PairwiseKey.CipherAlg = CIPHER_AES;
+
+                               pEntry = DlsEntryTableLookup(pAd, pAd->StaCfg.DLSEntry[i].MacAddr, TRUE);
+                               //AsicAddKeyEntry(pAd, (USHORT)(i + 2), BSS0, 0, &PairwiseKey, TRUE, TRUE);     // reserve 0 for multicast, 1 for unicast
+                               //AsicUpdateRxWCIDTable(pAd, (USHORT)(i + 2), pAddr);
+                               // Add Pair-wise key to Asic
+#ifdef RTMP_MAC_PCI
+               AsicAddPairwiseKeyEntry(pAd,
+                                                                               pAd->StaCfg.DLSEntry[i].MacAddr,
+                                                                               (UCHAR)pAd->StaCfg.DLSEntry[i].MacTabMatchWCID,
+                                                                               &PairwiseKey);
+
+                               RTMPAddWcidAttributeEntry(pAd,
+                                                                                 BSS0,
+                                                                                 0,
+                                                                                 PairwiseKey.CipherAlg,
+                                                                                 pEntry);
+#endif // RTMP_MAC_PCI //
+                               NdisMoveMemory(&pEntry->PairwiseKey, &PairwiseKey, sizeof(CIPHER_KEY));
+                               DBGPRINT(RT_DEBUG_TRACE,("DLS - Receive STAKey Message-1 (Initiator STA MAC Address STAKey)\n"));
+
+                               // If support WPA or WPA2, start STAKey hand shake,
+                               // If failed hand shake, just tear down peer DLS
+                               if (RTMPSendSTAKeyHandShake(pAd, pAddr) != NDIS_STATUS_SUCCESS)
+                               {
+                                       MLME_DLS_REQ_STRUCT     MlmeDlsReq;
+                                       USHORT                          reason = REASON_QOS_CIPHER_NOT_SUPPORT;
+
+                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                                       DlsParmFill(pAd, &MlmeDlsReq, &pAd->StaCfg.DLSEntry[i], reason);
+                                       MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+                               }
+                               else
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE,("DLS - Finish STAKey handshake procedure (Peer side)\n"));
+                               }
+                       }
+                       else
+                       {
+                               // Data frame, update timeout value
+                               if (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                               {
+                                       pAd->StaCfg.DLSEntry[i].CountDownTimer = pAd->StaCfg.DLSEntry[i].TimeOut;
+                               }
+                       }
+
+                       bFindEntry = TRUE;
+               }
+       }
+
+
+       return bSTAKeyFrame;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Check if the frame can be sent through DLS direct link interface
+
+       Arguments:
+               pAd             Pointer to adapter
+
+       Return Value:
+               DLS entry index
+
+       Note:
+
+       ========================================================================
+*/
+INT    RTMPCheckDLSFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDA)
+{
+       INT rval = -1;
+       INT     i;
+
+       if (!pAd->CommonCfg.bDLSCapable)
+               return rval;
+
+       if (!INFRA_ON(pAd))
+               return rval;
+
+       do{
+               // check local dls table entry
+               for (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH) &&
+                               MAC_ADDR_EQUAL(pDA, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               rval = i;
+                               break;
+                       }
+               }
+
+               // check peer dls table entry
+               for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+               {
+                       if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH) &&
+                               MAC_ADDR_EQUAL(pDA, pAd->StaCfg.DLSEntry[i].MacAddr))
+                       {
+                               rval = i;
+                               break;
+                       }
+               }
+       } while (FALSE);
+
+       return rval;
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+VOID RTMPSendDLSTearDownFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN  PUCHAR          pDA)
+{
+       PUCHAR                  pOutBuffer = NULL;
+       NDIS_STATUS             NStatus;
+       HEADER_802_11   DlsTearDownHdr;
+       ULONG                   FrameLen = 0;
+       USHORT                  Reason = REASON_QOS_QSTA_LEAVING_QBSS;
+       UCHAR                   Category = CATEGORY_DLS;
+       UCHAR                   Action = ACTION_DLS_TEARDOWN;
+       UCHAR                   i = 0;
+
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS) ||
+               RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))
+               return;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Send DLS TearDown Frame \n"));
+
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NStatus != NDIS_STATUS_SUCCESS)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("ASSOC - RTMPSendDLSTearDownFrame() allocate memory failed \n"));
+               return;
+       }
+
+       ActHeaderInit(pAd, &DlsTearDownHdr, pAd->CommonCfg.Bssid, pAd->CurrentAddress, pAd->CommonCfg.Bssid);
+       MakeOutgoingFrame(pOutBuffer,                           &FrameLen,
+                                       sizeof(HEADER_802_11),          &DlsTearDownHdr,
+                                       1,                                                      &Category,
+                                       1,                                                      &Action,
+                                       6,                                                      pDA,
+                                       6,                                                      pAd->CurrentAddress,
+                                       2,                                                      &Reason,
+                                       END_OF_ARGS);
+
+       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       // Remove key in local dls table entry
+       for (i = 0; i < MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                       && MAC_ADDR_EQUAL(pDA, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+
+       // Remove key in peer dls table entry
+       for (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH)
+                       && MAC_ADDR_EQUAL(pDA, pAd->StaCfg.DLSEntry[i].MacAddr))
+               {
+                       MacTableDeleteDlsEntry(pAd, pAd->StaCfg.DLSEntry[i].MacTabMatchWCID, pAd->StaCfg.DLSEntry[i].MacAddr);
+               }
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Send DLS TearDown Frame and remove key in (i=%d) \n", i));
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+NDIS_STATUS RTMPSendSTAKeyRequest(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA)
+{
+       UCHAR                           Header802_3[14];
+       NDIS_STATUS                     NStatus;
+       ULONG                           FrameLen = 0;
+       EAPOL_PACKET            Packet;
+       UCHAR                           Mic[16];
+       UCHAR                           digest[80];
+       PUCHAR                          pOutBuffer = NULL;
+       PNDIS_PACKET            pNdisPacket;
+       UCHAR                           temp[64];
+       UCHAR                           DlsPTK[80];
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - RTMPSendSTAKeyRequest() to %02x:%02x:%02x:%02x:%02x:%02x\n", pDA[0], pDA[1], pDA[2], pDA[3], pDA[4], pDA[5]));
+
+       pAd->Sequence ++;
+       MAKE_802_3_HEADER(Header802_3, pAd->CommonCfg.Bssid, pAd->CurrentAddress, EAPOL);
+
+       // Zero message body
+       NdisZeroMemory(&Packet, sizeof(Packet));
+       Packet.ProVer = EAPOL_VER;
+       Packet.ProType    = EAPOLKey;
+       Packet.Body_Len[1]  = sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE + 6 + MAC_ADDR_LEN;             // data field contain KDE andPeer MAC address
+
+       // STAKey Message is as EAPOL-Key(1,1,0,0,G/0,0,0, MIC, 0,Peer MAC KDE)
+       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+    {
+        Packet.KeyDesc.Type = WPA1_KEY_DESC;
+    }
+    else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+    {
+        Packet.KeyDesc.Type = WPA2_KEY_DESC;
+    }
+
+       // Key descriptor version
+       Packet.KeyDesc.KeyInfo.KeyDescVer =
+               (((pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled) || (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)) ? (DESC_TYPE_AES) : (DESC_TYPE_TKIP));
+
+       Packet.KeyDesc.KeyInfo.KeyMic   = 1;
+       Packet.KeyDesc.KeyInfo.Secure   = 1;
+       Packet.KeyDesc.KeyInfo.Request  = 1;
+
+       Packet.KeyDesc.KeyDataLen[1]    = 12;
+
+       // use our own OUI to distinguish proprietary with standard.
+       Packet.KeyDesc.KeyData[0]               = 0xDD;
+       Packet.KeyDesc.KeyData[1]               = 0x0A;
+       Packet.KeyDesc.KeyData[2]               = 0x00;
+       Packet.KeyDesc.KeyData[3]               = 0x0C;
+       Packet.KeyDesc.KeyData[4]               = 0x43;
+       Packet.KeyDesc.KeyData[5]               = 0x03;
+       NdisMoveMemory(&Packet.KeyDesc.KeyData[6], pDA, MAC_ADDR_LEN);
+
+       NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pAd->StaCfg.DlsReplayCounter, LEN_KEY_DESC_REPLAY);
+
+       // Allocate buffer for transmitting message
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+       if (NStatus     != NDIS_STATUS_SUCCESS)
+               return NStatus;
+
+       // Prepare EAPOL frame for MIC calculation
+       // Be careful, only EAPOL frame is counted for MIC calculation
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                             Packet.Body_Len[1] + 4,    &Packet,
+                             END_OF_ARGS);
+
+       // use proprietary PTK
+       NdisZeroMemory(temp, 64);
+       NdisMoveMemory(temp, "IEEE802.11 WIRELESS ACCESS POINT", 32);
+       WpaDerivePTK(pAd, temp, temp, pAd->CommonCfg.Bssid, temp, pAd->CurrentAddress, DlsPTK, LEN_PTK);
+
+       // calculate MIC
+       if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
+       {
+               // AES
+               NdisZeroMemory(digest,  sizeof(digest));
+               HMAC_SHA1(DlsPTK, LEN_EAP_MICK, pOutBuffer, FrameLen, digest, SHA1_DIGEST_SIZE);
+               NdisMoveMemory(Packet.KeyDesc.KeyMic, digest, LEN_KEY_DESC_MIC);
+       }
+       else
+       {
+               NdisZeroMemory(Mic,     sizeof(Mic));
+               HMAC_MD5(DlsPTK, LEN_EAP_MICK, pOutBuffer, FrameLen, Mic, MD5_DIGEST_SIZE);
+               NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
+       }
+
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                         sizeof(Header802_3),  Header802_3,
+                             Packet.Body_Len[1] + 4,   &Packet,
+                             END_OF_ARGS);
+
+       NStatus = RTMPAllocateNdisPacket(pAd, &pNdisPacket, NULL, 0, pOutBuffer, FrameLen);
+       if (NStatus == NDIS_STATUS_SUCCESS)
+       {
+               RTMP_SET_PACKET_WCID(pNdisPacket, BSSID_WCID);
+               STASendPacket(pAd, pNdisPacket);
+               RTMPDeQueuePacket(pAd, FALSE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+       }
+
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSendSTAKeyRequest- Send STAKey request (NStatus=%x, FrameLen=%ld)\n", NStatus, FrameLen));
+
+       return NStatus;
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+NDIS_STATUS RTMPSendSTAKeyHandShake(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA)
+{
+       UCHAR                           Header802_3[14];
+       NDIS_STATUS                     NStatus;
+       ULONG                           FrameLen = 0;
+       EAPOL_PACKET            Packet;
+       UCHAR                           Mic[16];
+       UCHAR                           digest[80];
+       PUCHAR                          pOutBuffer = NULL;
+       PNDIS_PACKET            pNdisPacket;
+       UCHAR                           temp[64];
+       UCHAR                           DlsPTK[80];                     // Due to dirver can not get PTK, use proprietary PTK
+
+       DBGPRINT(RT_DEBUG_TRACE,("DLS - RTMPSendSTAKeyHandShake() to %02x:%02x:%02x:%02x:%02x:%02x\n", pDA[0], pDA[1], pDA[2], pDA[3], pDA[4], pDA[5]));
+
+       pAd->Sequence ++;
+       MAKE_802_3_HEADER(Header802_3, pAd->CommonCfg.Bssid, pAd->CurrentAddress, EAPOL);
+
+       // Zero message body
+       NdisZeroMemory(&Packet, sizeof(Packet));
+       Packet.ProVer = EAPOL_VER;
+       Packet.ProType    = EAPOLKey;
+       Packet.Body_Len[1]  = sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE + 6 + MAC_ADDR_LEN;             // data field contain KDE and Peer MAC address
+
+       // STAKey Message is as EAPOL-Key(1,1,0,0,G/0,0,0, MIC, 0,Peer MAC KDE)
+       if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK))
+    {
+        Packet.KeyDesc.Type = WPA1_KEY_DESC;
+    }
+    else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) || (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK))
+    {
+        Packet.KeyDesc.Type = WPA2_KEY_DESC;
+    }
+
+       // Key descriptor version
+       Packet.KeyDesc.KeyInfo.KeyDescVer =
+               (((pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled) || (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)) ? (DESC_TYPE_AES) : (DESC_TYPE_TKIP));
+
+       Packet.KeyDesc.KeyInfo.KeyMic   = 1;
+       Packet.KeyDesc.KeyInfo.Secure   = 1;
+
+       Packet.KeyDesc.KeyDataLen[1]    = 12;
+
+       // use our own OUI to distinguish proprietary with standard.
+       Packet.KeyDesc.KeyData[0]               = 0xDD;
+       Packet.KeyDesc.KeyData[1]               = 0x0A;
+       Packet.KeyDesc.KeyData[2]               = 0x00;
+       Packet.KeyDesc.KeyData[3]               = 0x0C;
+       Packet.KeyDesc.KeyData[4]               = 0x43;
+       Packet.KeyDesc.KeyData[5]               = 0x03;
+       NdisMoveMemory(&Packet.KeyDesc.KeyData[6], pDA, MAC_ADDR_LEN);
+
+       NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pAd->StaCfg.DlsReplayCounter, LEN_KEY_DESC_REPLAY);
+
+       // Allocate buffer for transmitting message
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+       if (NStatus     != NDIS_STATUS_SUCCESS)
+               return NStatus;
+
+       // Prepare EAPOL frame for MIC calculation
+       // Be careful, only EAPOL frame is counted for MIC calculation
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                             Packet.Body_Len[1] + 4,    &Packet,
+                             END_OF_ARGS);
+
+       // use proprietary PTK
+       NdisZeroMemory(temp, 64);
+       NdisMoveMemory(temp, "IEEE802.11 WIRELESS ACCESS POINT", 32);
+       WpaDerivePTK(pAd, temp, temp, pAd->CommonCfg.Bssid, temp, pAd->CurrentAddress, DlsPTK, LEN_PTK);
+
+       // calculate MIC
+       if (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled)
+       {
+               // AES
+               NdisZeroMemory(digest,  sizeof(digest));
+               HMAC_SHA1(DlsPTK, LEN_EAP_MICK, pOutBuffer, FrameLen, digest, SHA1_DIGEST_SIZE);
+               NdisMoveMemory(Packet.KeyDesc.KeyMic, digest, LEN_KEY_DESC_MIC);
+       }
+       else
+       {
+               NdisZeroMemory(Mic,     sizeof(Mic));
+               HMAC_MD5(DlsPTK, LEN_EAP_MICK, pOutBuffer, FrameLen, Mic, MD5_DIGEST_SIZE);
+               NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
+       }
+
+       MakeOutgoingFrame(pOutBuffer,           &FrameLen,
+                         sizeof(Header802_3),  Header802_3,
+                             Packet.Body_Len[1] + 4,   &Packet,
+                             END_OF_ARGS);
+
+       NStatus = RTMPAllocateNdisPacket(pAd, &pNdisPacket, NULL, 0, pOutBuffer, FrameLen);
+       if (NStatus == NDIS_STATUS_SUCCESS)
+       {
+               RTMP_SET_PACKET_WCID(pNdisPacket, BSSID_WCID);
+               STASendPacket(pAd, pNdisPacket);
+               RTMPDeQueuePacket(pAd, FALSE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+       }
+
+       MlmeFreeMemory(pAd, pOutBuffer);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPSendSTAKeyHandShake- Send STAKey Message-2 (NStatus=%x, FrameLen=%ld)\n", NStatus, FrameLen));
+
+       return NStatus;
+}
+
+VOID DlsTimeoutAction(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       MLME_DLS_REQ_STRUCT             MlmeDlsReq;
+       USHORT                                  reason;
+       PRT_802_11_DLS                  pDLS = (PRT_802_11_DLS)FunctionContext;
+       PRTMP_ADAPTER                   pAd = pDLS->pAd;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("DlsTimeout - Tear down DLS links (%02x:%02x:%02x:%02x:%02x:%02x)\n",
+               pDLS->MacAddr[0], pDLS->MacAddr[1], pDLS->MacAddr[2], pDLS->MacAddr[3], pDLS->MacAddr[4], pDLS->MacAddr[5]));
+
+       if ((pDLS) && (pDLS->Valid))
+       {
+               reason                  = REASON_QOS_REQUEST_TIMEOUT;
+               pDLS->Valid             = FALSE;
+               pDLS->Status    = DLS_NONE;
+               DlsParmFill(pAd, &MlmeDlsReq, pDLS, reason);
+               MlmeEnqueue(pAd, DLS_STATE_MACHINE, MT2_MLME_DLS_TEAR_DOWN, sizeof(MLME_DLS_REQ_STRUCT), &MlmeDlsReq);
+               RTMP_MLME_HANDLER(pAd);
+       }
+}
+
+/*
+================================================================
+Description : because DLS and CLI share the same WCID table in ASIC.
+Mesh entry also insert to pAd->MacTab.content[].  Such is marked as ValidAsDls = TRUE.
+Also fills the pairwise key.
+Because front MAX_AID_BA entries have direct mapping to BAEntry, which is only used as CLI. So we insert Dls
+from index MAX_AID_BA.
+================================================================
+*/
+MAC_TABLE_ENTRY *MacTableInsertDlsEntry(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  PUCHAR      pAddr,
+       IN  UINT        DlsEntryIdx)
+{
+       PMAC_TABLE_ENTRY pEntry = NULL;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("====> MacTableInsertDlsEntry\n"));
+       // if FULL, return
+       if (pAd->MacTab.Size >= MAX_LEN_OF_MAC_TABLE)
+               return NULL;
+
+       do
+       {
+               if((pEntry = DlsEntryTableLookup(pAd, pAddr, TRUE)) != NULL)
+                       break;
+
+               // allocate one MAC entry
+               pEntry = MacTableInsertEntry(pAd, pAddr, DlsEntryIdx + MIN_NET_DEVICE_FOR_DLS, TRUE);
+               if (pEntry)
+               {
+                       pAd->StaCfg.DLSEntry[DlsEntryIdx].MacTabMatchWCID = pEntry->Aid;
+                       pEntry->MatchDlsEntryIdx = DlsEntryIdx;
+                       pEntry->AuthMode = pAd->StaCfg.AuthMode;
+                       pEntry->WepStatus = pAd->StaCfg.WepStatus;
+                       pEntry->PortSecured = WPA_802_1X_PORT_SECURED;
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("MacTableInsertDlsEntry - allocate entry #%d, Total= %d\n",pEntry->Aid, pAd->MacTab.Size));
+
+                       // If legacy WEP is used, set pair-wise cipherAlg into WCID attribute table for this entry
+                       if ((pEntry->ValidAsDls) && (pAd->StaCfg.WepStatus == Ndis802_11WEPEnabled))
+                       {
+                               UCHAR KeyIdx = 0;
+                               UCHAR CipherAlg = 0;
+
+                               KeyIdx  = pAd->StaCfg.DefaultKeyId;
+
+                               CipherAlg       = pAd->SharedKey[BSS0][KeyIdx].CipherAlg;
+
+                               RTMPAddWcidAttributeEntry(pAd,
+                                                                                       BSS0,
+                                                                                       pAd->StaCfg.DefaultKeyId,
+                                                                                       pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg,
+                                                                                       pEntry);
+                       }
+
+                       break;
+               }
+       } while(FALSE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==== MacTableInsertDlsEntry\n"));
+
+       return pEntry;
+}
+
+
+/*
+       ==========================================================================
+       Description:
+               Delete all Mesh Entry in pAd->MacTab
+       ==========================================================================
+ */
+BOOLEAN MacTableDeleteDlsEntry(
+       IN PRTMP_ADAPTER pAd,
+       IN USHORT wcid,
+       IN PUCHAR pAddr)
+{
+       DBGPRINT(RT_DEBUG_TRACE, ("====> MacTableDeleteDlsEntry\n"));
+
+       if (!VALID_WCID(wcid))
+               return FALSE;
+
+       MacTableDeleteEntry(pAd, wcid, pAddr);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==== MacTableDeleteDlsEntry\n"));
+
+       return TRUE;
+}
+
+MAC_TABLE_ENTRY *DlsEntryTableLookup(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR       pAddr,
+       IN BOOLEAN      bResetIdelCount)
+{
+       ULONG HashIdx;
+       MAC_TABLE_ENTRY *pEntry = NULL;
+
+       RTMP_SEM_LOCK(&pAd->MacTabLock);
+       HashIdx = MAC_ADDR_HASH_INDEX(pAddr);
+       pEntry = pAd->MacTab.Hash[HashIdx];
+
+       while (pEntry)
+       {
+               if ((pEntry->ValidAsDls == TRUE)
+                       && MAC_ADDR_EQUAL(pEntry->Addr, pAddr))
+               {
+                       if(bResetIdelCount)
+                               pEntry->NoDataIdleCount = 0;
+                       break;
+               }
+               else
+                       pEntry = pEntry->pNext;
+       }
+
+       RTMP_SEM_UNLOCK(&pAd->MacTabLock);
+       return pEntry;
+}
+
+MAC_TABLE_ENTRY *DlsEntryTableLookupByWcid(
+       IN PRTMP_ADAPTER pAd,
+       IN UCHAR        wcid,
+       IN PUCHAR       pAddr,
+       IN BOOLEAN      bResetIdelCount)
+{
+       ULONG DLsIndex;
+       PMAC_TABLE_ENTRY pCurEntry = NULL;
+       PMAC_TABLE_ENTRY pEntry = NULL;
+
+       if (!VALID_WCID(wcid))
+               return NULL;
+
+       RTMP_SEM_LOCK(&pAd->MacTabLock);
+
+       do
+       {
+               pCurEntry = &pAd->MacTab.Content[wcid];
+
+               DLsIndex = 0xff;
+               if ((pCurEntry) && (pCurEntry->ValidAsDls== TRUE))
+               {
+                       DLsIndex = pCurEntry->MatchDlsEntryIdx;
+               }
+
+               if (DLsIndex == 0xff)
+                       break;
+
+               if (MAC_ADDR_EQUAL(pCurEntry->Addr, pAddr))
+               {
+                       if(bResetIdelCount)
+                               pCurEntry->NoDataIdleCount = 0;
+                       pEntry = pCurEntry;
+                       break;
+               }
+       } while(FALSE);
+
+       RTMP_SEM_UNLOCK(&pAd->MacTabLock);
+
+       return pEntry;
+}
+
+INT Set_DlsEntryInfo_Display_Proc(
+       IN PRTMP_ADAPTER pAd,
+       IN PUCHAR arg)
+{
+       INT i;
+
+       DBGPRINT(RT_DEBUG_OFF, ("\n%-19s%-8s\n", "MAC", "TIMEOUT\n"));
+       for (i=0; i<MAX_NUM_OF_DLS_ENTRY; i++)
+       {
+               if ((pAd->StaCfg.DLSEntry[i].Valid) && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+               {
+                       PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[pAd->StaCfg.DLSEntry[i].MacTabMatchWCID];
+
+                       DBGPRINT(RT_DEBUG_OFF, ("%02x:%02x:%02x:%02x:%02x:%02x  ",
+                               pAd->StaCfg.DLSEntry[i].MacAddr[0], pAd->StaCfg.DLSEntry[i].MacAddr[1], pAd->StaCfg.DLSEntry[i].MacAddr[2],
+                               pAd->StaCfg.DLSEntry[i].MacAddr[3], pAd->StaCfg.DLSEntry[i].MacAddr[4], pAd->StaCfg.DLSEntry[i].MacAddr[5]));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-8d\n", pAd->StaCfg.DLSEntry[i].TimeOut));
+
+                       DBGPRINT(RT_DEBUG_OFF, ("\n"));
+                       DBGPRINT(RT_DEBUG_OFF, ("\n%-19s%-4s%-4s%-4s%-4s%-7s%-7s%-7s","MAC", "AID", "BSS", "PSM", "WMM", "RSSI0", "RSSI1", "RSSI2"));
+#ifdef DOT11_N_SUPPORT
+                       DBGPRINT(RT_DEBUG_OFF, ("%-8s%-10s%-6s%-6s%-6s%-6s", "MIMOPS", "PhMd", "BW", "MCS", "SGI", "STBC"));
+#endif // DOT11_N_SUPPORT //
+                       DBGPRINT(RT_DEBUG_OFF, ("\n%02X:%02X:%02X:%02X:%02X:%02X  ",
+                               pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
+                               pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5]));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-4d", (int)pEntry->Aid));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-4d", (int)pEntry->apidx));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-4d", (int)pEntry->PsMode));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-4d", (int)CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE)));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-7d", pEntry->RssiSample.AvgRssi0));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-7d", pEntry->RssiSample.AvgRssi1));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-7d", pEntry->RssiSample.AvgRssi2));
+#ifdef DOT11_N_SUPPORT
+                       DBGPRINT(RT_DEBUG_OFF, ("%-8d", (int)pEntry->MmpsMode));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-10s", GetPhyMode(pEntry->HTPhyMode.field.MODE)));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-6s", GetBW(pEntry->HTPhyMode.field.BW)));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-6d", pEntry->HTPhyMode.field.MCS));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-6d", pEntry->HTPhyMode.field.ShortGI));
+                       DBGPRINT(RT_DEBUG_OFF, ("%-6d", pEntry->HTPhyMode.field.STBC));
+#endif // DOT11_N_SUPPORT //
+                       DBGPRINT(RT_DEBUG_OFF, ("%-10d, %d, %d%%\n", pEntry->DebugFIFOCount, pEntry->DebugTxCount,
+                                               (pEntry->DebugTxCount) ? ((pEntry->DebugTxCount-pEntry->DebugFIFOCount)*100/pEntry->DebugTxCount) : 0));
+                       DBGPRINT(RT_DEBUG_OFF, ("\n"));
+
+               }
+       }
+
+       return TRUE;
+}
+
+INT    Set_DlsAddEntry_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+    UCHAR      mac[MAC_ADDR_LEN];
+       USHORT  Timeout;
+       PSTRING token;
+       STRING sepValue[] = ":", DASH = '-';
+       INT i;
+    RT_802_11_DLS      Dls;
+
+    if(strlen(arg) < 19)  //Mac address acceptable format 01:02:03:04:05:06 length 17 plus the "-" and timeout value in decimal format.
+               return FALSE;
+
+       token = strchr(arg, DASH);
+       if ((token != NULL) && (strlen(token)>1))
+       {
+               Timeout = (USHORT) simple_strtol((token+1), 0, 10);
+
+               *token = '\0';
+               for (i = 0, token = rstrtok(arg, &sepValue[0]); token; token = rstrtok(NULL, &sepValue[0]), i++)
+               {
+                       if((strlen(token) != 2) || (!isxdigit(*token)) || (!isxdigit(*(token+1))))
+                               return FALSE;
+                       AtoH(token, (&mac[i]), 1);
+               }
+               if(i != 6)
+                       return FALSE;
+
+           DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x-%d", mac[0], mac[1],
+                  mac[2], mac[3], mac[4], mac[5], (int)Timeout));
+
+               NdisZeroMemory(&Dls, sizeof(RT_802_11_DLS));
+               Dls.TimeOut = Timeout;
+               COPY_MAC_ADDR(Dls.MacAddr, mac);
+               Dls.Valid = 1;
+
+               MlmeEnqueue(pAd,
+                                       MLME_CNTL_STATE_MACHINE,
+                                       RT_OID_802_11_SET_DLS_PARAM,
+                                       sizeof(RT_802_11_DLS),
+                                       &Dls);
+
+               return TRUE;
+       }
+
+       return FALSE;
+
+}
+
+INT    Set_DlsTearDownEntry_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       UCHAR                   macAddr[MAC_ADDR_LEN];
+       PSTRING                 value;
+       INT                             i;
+       RT_802_11_DLS   Dls;
+
+       if(strlen(arg) != 17)  //Mac address acceptable format 01:02:03:04:05:06 length 17
+               return FALSE;
+
+       for (i=0, value = rstrtok(arg,":"); value; value = rstrtok(NULL,":"))
+       {
+               if((strlen(value) != 2) || (!isxdigit(*value)) || (!isxdigit(*(value+1))) )
+                       return FALSE;  //Invalid
+
+               AtoH(value, &macAddr[i++], 2);
+       }
+
+       DBGPRINT(RT_DEBUG_OFF, ("\n%02x:%02x:%02x:%02x:%02x:%02x", macAddr[0], macAddr[1],
+                  macAddr[2], macAddr[3], macAddr[4], macAddr[5]));
+
+       NdisZeroMemory(&Dls, sizeof(RT_802_11_DLS));
+       COPY_MAC_ADDR(Dls.MacAddr, macAddr);
+       Dls.Valid = 0;
+
+       MlmeEnqueue(pAd,
+                               MLME_CNTL_STATE_MACHINE,
+                               RT_OID_802_11_SET_DLS_PARAM,
+                               sizeof(RT_802_11_DLS),
+                               &Dls);
+
+       return TRUE;
+}
diff --git a/drivers/staging/rt3090/sta/rtmp_ckipmic.c b/drivers/staging/rt3090/sta/rtmp_ckipmic.c
new file mode 100644 (file)
index 0000000..5f6dbd7
--- /dev/null
@@ -0,0 +1,579 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_ckipmic.c
+
+       Abstract:
+       Data path subroutines
+
+       Revision History:
+       Who             When                    What
+       --------        ----------              ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+#include "../rtmp_ckipmic.h"
+
+
+#define MIC_ACCUM(v)            pContext->accum += (ULONGLONG)v * RTMPMicGetCoefficient(pContext)
+#define GB(p,i,s)               ( ((ULONG) *((UCHAR*)(p)+i) ) << (s) )
+#define GETBIG32(p)             GB(p,0,24)|GB(p,1,16)|GB(p,2,8)|GB(p,3,0)
+
+/*****************************/
+/******** SBOX Table *********/
+/*****************************/
+
+UCHAR SboxTable[256] =
+{
+    0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5,
+    0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76,
+    0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0,
+    0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0,
+    0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc,
+    0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15,
+    0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a,
+    0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75,
+    0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0,
+    0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84,
+    0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b,
+    0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf,
+    0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85,
+    0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8,
+    0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5,
+    0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2,
+    0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17,
+    0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73,
+    0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88,
+    0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb,
+    0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c,
+    0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79,
+    0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9,
+    0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08,
+    0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6,
+    0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a,
+    0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e,
+    0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e,
+    0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94,
+    0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf,
+    0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68,
+    0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16
+};
+
+/*===========================================================================*/
+/*=================== CKIP KEY PERMUTATION ==================================*/
+/*===========================================================================*/
+
+/* 2-byte by 2-byte subset of the full AES table */
+static const USHORT Sbox[256] =
+{
+    0xC6A5,0xF884,0xEE99,0xF68D,0xFF0D,0xD6BD,0xDEB1,0x9154,
+    0x6050,0x0203,0xCEA9,0x567D,0xE719,0xB562,0x4DE6,0xEC9A,
+    0x8F45,0x1F9D,0x8940,0xFA87,0xEF15,0xB2EB,0x8EC9,0xFB0B,
+    0x41EC,0xB367,0x5FFD,0x45EA,0x23BF,0x53F7,0xE496,0x9B5B,
+    0x75C2,0xE11C,0x3DAE,0x4C6A,0x6C5A,0x7E41,0xF502,0x834F,
+    0x685C,0x51F4,0xD134,0xF908,0xE293,0xAB73,0x6253,0x2A3F,
+    0x080C,0x9552,0x4665,0x9D5E,0x3028,0x37A1,0x0A0F,0x2FB5,
+    0x0E09,0x2436,0x1B9B,0xDF3D,0xCD26,0x4E69,0x7FCD,0xEA9F,
+    0x121B,0x1D9E,0x5874,0x342E,0x362D,0xDCB2,0xB4EE,0x5BFB,
+    0xA4F6,0x764D,0xB761,0x7DCE,0x527B,0xDD3E,0x5E71,0x1397,
+    0xA6F5,0xB968,0x0000,0xC12C,0x4060,0xE31F,0x79C8,0xB6ED,
+    0xD4BE,0x8D46,0x67D9,0x724B,0x94DE,0x98D4,0xB0E8,0x854A,
+    0xBB6B,0xC52A,0x4FE5,0xED16,0x86C5,0x9AD7,0x6655,0x1194,
+    0x8ACF,0xE910,0x0406,0xFE81,0xA0F0,0x7844,0x25BA,0x4BE3,
+    0xA2F3,0x5DFE,0x80C0,0x058A,0x3FAD,0x21BC,0x7048,0xF104,
+    0x63DF,0x77C1,0xAF75,0x4263,0x2030,0xE51A,0xFD0E,0xBF6D,
+    0x814C,0x1814,0x2635,0xC32F,0xBEE1,0x35A2,0x88CC,0x2E39,
+    0x9357,0x55F2,0xFC82,0x7A47,0xC8AC,0xBAE7,0x322B,0xE695,
+    0xC0A0,0x1998,0x9ED1,0xA37F,0x4466,0x547E,0x3BAB,0x0B83,
+    0x8CCA,0xC729,0x6BD3,0x283C,0xA779,0xBCE2,0x161D,0xAD76,
+    0xDB3B,0x6456,0x744E,0x141E,0x92DB,0x0C0A,0x486C,0xB8E4,
+    0x9F5D,0xBD6E,0x43EF,0xC4A6,0x39A8,0x31A4,0xD337,0xF28B,
+    0xD532,0x8B43,0x6E59,0xDAB7,0x018C,0xB164,0x9CD2,0x49E0,
+    0xD8B4,0xACFA,0xF307,0xCF25,0xCAAF,0xF48E,0x47E9,0x1018,
+    0x6FD5,0xF088,0x4A6F,0x5C72,0x3824,0x57F1,0x73C7,0x9751,
+    0xCB23,0xA17C,0xE89C,0x3E21,0x96DD,0x61DC,0x0D86,0x0F85,
+    0xE090,0x7C42,0x71C4,0xCCAA,0x90D8,0x0605,0xF701,0x1C12,
+    0xC2A3,0x6A5F,0xAEF9,0x69D0,0x1791,0x9958,0x3A27,0x27B9,
+    0xD938,0xEB13,0x2BB3,0x2233,0xD2BB,0xA970,0x0789,0x33A7,
+    0x2DB6,0x3C22,0x1592,0xC920,0x8749,0xAAFF,0x5078,0xA57A,
+    0x038F,0x59F8,0x0980,0x1A17,0x65DA,0xD731,0x84C6,0xD0B8,
+    0x82C3,0x29B0,0x5A77,0x1E11,0x7BCB,0xA8FC,0x6DD6,0x2C3A
+    };
+
+#define Lo8(v16)     ((v16)       & 0xFF)
+#define Hi8(v16)    (((v16) >> 8) & 0xFF)
+#define u16Swap(i)  ( (((i) >> 8) & 0xFF) | (((i) << 8) & 0xFF00) )
+#define _S_(i)      (Sbox[Lo8(i)] ^ u16Swap(Sbox[Hi8(i)]))
+
+#define rotLeft_1(x) ((((x) << 1) | ((x) >> 15)) & 0xFFFF)
+VOID CKIP_key_permute
+    (
+     OUT UCHAR  *PK,           /* output permuted key */
+     IN UCHAR *CK,           /* input CKIP key */
+     IN UCHAR  toDsFromDs,    /* input toDs/FromDs bits */
+     IN UCHAR *piv           /* input pointer to IV */
+     )
+{
+    int i;
+    USHORT H[2], tmp;          /* H=32-bits of per-packet hash value */
+    USHORT L[8], R[8];         /* L=u16 array of CK, R=u16 array of PK */
+
+    /* build L from input key */
+    memset(L, 0, sizeof(L));
+    for (i=0; i<16; i++) {
+        L[i>>1] |= ( ((USHORT)(CK[i])) << ( i & 1 ? 8 : 0) );
+    }
+
+    H[0] = (((USHORT)piv[0]) << 8) + piv[1];
+    H[1] = ( ((USHORT)toDsFromDs) << 8) | piv[2];
+
+    for (i=0; i<8; i++) {
+        H[0] ^= L[i];           /* 16-bits of key material */
+        tmp   = _S_(H[0]);      /* 16x16 permutation */
+        H[0]  = tmp ^ H[1];     /* set up for next round */
+        H[1]  = tmp;
+        R[i]  = H[0];           /* store into key array  */
+    }
+
+    /* sweep in the other direction */
+    tmp=L[0];
+    for (i=7; i>0; i--) {
+        R[i] = tmp = rotLeft_1(tmp) + R[i];
+    }
+
+    /* IV of the permuted key is unchanged */
+    PK[0] = piv[0];
+    PK[1] = piv[1];
+    PK[2] = piv[2];
+
+    /* key portion of the permuted key is changed */
+    for (i=3; i<16; i++) {
+        PK[i] = (UCHAR) (R[i>>1] >> (i & 1 ? 8 : 0));
+    }
+}
+
+/* prepare for calculation of a new mic */
+VOID RTMPCkipMicInit(
+    IN  PMIC_CONTEXT        pContext,
+    IN  PUCHAR              CK)
+{
+    /* prepare for new mic calculation */
+    NdisMoveMemory(pContext->CK, CK, sizeof(pContext->CK));
+    pContext->accum = 0;
+    pContext->position = 0;
+}
+
+/* add some bytes to the mic calculation */
+VOID RTMPMicUpdate(
+    IN  PMIC_CONTEXT        pContext,
+    IN  PUCHAR              pOctets,
+    IN  INT                 len)
+{
+    INT     byte_position;
+    ULONG   val;
+
+    byte_position = (pContext->position & 3);
+    while (len > 0) {
+        /* build a 32-bit word for MIC multiply accumulate */
+        do {
+            if (len == 0) return;
+            pContext->part[byte_position++] = *pOctets++;
+            pContext->position++;
+            len--;
+        } while (byte_position < 4);
+        /* have a full 32-bit word to process */
+        val = GETBIG32(&pContext->part[0]);
+        MIC_ACCUM(val);
+        byte_position = 0;
+    }
+}
+
+ULONG RTMPMicGetCoefficient(
+    IN  PMIC_CONTEXT         pContext)
+{
+    UCHAR   aes_counter[16];
+    INT     coeff_position;
+    UCHAR   *p;
+
+    coeff_position = (pContext->position - 1) >> 2;
+    if ( (coeff_position & 3) == 0) {
+        /* fetching the first coefficient -- get new 16-byte aes counter output */
+        u32 counter = (coeff_position >> 2);
+
+        /* new counter value */
+        memset(&aes_counter[0], 0, sizeof(aes_counter));
+        aes_counter[15] = (UINT8)(counter >> 0);
+        aes_counter[14] = (UINT8)(counter >> 8);
+        aes_counter[13] = (UINT8)(counter >> 16);
+        aes_counter[12] = (UINT8)(counter >> 24);
+
+        RTMPAesEncrypt(&pContext->CK[0], &aes_counter[0], pContext->coefficient);
+    }
+    p = &(pContext->coefficient[ (coeff_position & 3) << 2 ]);
+    return GETBIG32(p);
+}
+
+/****************************************/
+/* aes128k128d()                        */
+/* Performs a 128 bit AES encrypt with  */
+/* 128 bit data.                        */
+/****************************************/
+VOID xor_128(
+    IN  PUCHAR  a,
+    IN  PUCHAR  b,
+    OUT PUCHAR  out)
+{
+    INT i;
+
+    for (i=0;i<16; i++)
+    {
+        out[i] = a[i] ^ b[i];
+    }
+}
+
+UCHAR RTMPCkipSbox(
+    IN  UCHAR   a)
+{
+    return SboxTable[(int)a];
+}
+
+VOID xor_32(
+    IN  PUCHAR  a,
+    IN  PUCHAR  b,
+    OUT PUCHAR  out)
+{
+    INT i;
+
+    for (i=0;i<4; i++)
+    {
+        out[i] = a[i] ^ b[i];
+    }
+}
+
+VOID next_key(
+    IN  PUCHAR  key,
+    IN  INT     round)
+{
+    UCHAR       rcon;
+    UCHAR       sbox_key[4];
+    UCHAR       rcon_table[12] =
+    {
+        0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80,
+        0x1b, 0x36, 0x36, 0x36
+    };
+
+    sbox_key[0] = RTMPCkipSbox(key[13]);
+    sbox_key[1] = RTMPCkipSbox(key[14]);
+    sbox_key[2] = RTMPCkipSbox(key[15]);
+    sbox_key[3] = RTMPCkipSbox(key[12]);
+
+    rcon = rcon_table[round];
+
+    xor_32(&key[0], sbox_key, &key[0]);
+    key[0] = key[0] ^ rcon;
+
+    xor_32(&key[4], &key[0], &key[4]);
+    xor_32(&key[8], &key[4], &key[8]);
+    xor_32(&key[12], &key[8], &key[12]);
+}
+
+VOID byte_sub(
+    IN  PUCHAR  in,
+    OUT PUCHAR  out)
+{
+    INT i;
+
+    for (i=0; i< 16; i++)
+    {
+        out[i] = RTMPCkipSbox(in[i]);
+    }
+}
+
+VOID shift_row(
+    IN  PUCHAR  in,
+    OUT PUCHAR  out)
+{
+    out[0] =  in[0];
+    out[1] =  in[5];
+    out[2] =  in[10];
+    out[3] =  in[15];
+    out[4] =  in[4];
+    out[5] =  in[9];
+    out[6] =  in[14];
+    out[7] =  in[3];
+    out[8] =  in[8];
+    out[9] =  in[13];
+    out[10] = in[2];
+    out[11] = in[7];
+    out[12] = in[12];
+    out[13] = in[1];
+    out[14] = in[6];
+    out[15] = in[11];
+}
+
+VOID mix_column(
+    IN  PUCHAR  in,
+    OUT PUCHAR  out)
+{
+    INT         i;
+    UCHAR       add1b[4];
+    UCHAR       add1bf7[4];
+    UCHAR       rotl[4];
+    UCHAR       swap_halfs[4];
+    UCHAR       andf7[4];
+    UCHAR       rotr[4];
+    UCHAR       temp[4];
+    UCHAR       tempb[4];
+
+    for (i=0 ; i<4; i++)
+    {
+        if ((in[i] & 0x80)== 0x80)
+            add1b[i] = 0x1b;
+        else
+            add1b[i] = 0x00;
+    }
+
+    swap_halfs[0] = in[2];    /* Swap halfs */
+    swap_halfs[1] = in[3];
+    swap_halfs[2] = in[0];
+    swap_halfs[3] = in[1];
+
+    rotl[0] = in[3];        /* Rotate left 8 bits */
+    rotl[1] = in[0];
+    rotl[2] = in[1];
+    rotl[3] = in[2];
+
+    andf7[0] = in[0] & 0x7f;
+    andf7[1] = in[1] & 0x7f;
+    andf7[2] = in[2] & 0x7f;
+    andf7[3] = in[3] & 0x7f;
+
+    for (i = 3; i>0; i--)    /* logical shift left 1 bit */
+    {
+        andf7[i] = andf7[i] << 1;
+        if ((andf7[i-1] & 0x80) == 0x80)
+        {
+            andf7[i] = (andf7[i] | 0x01);
+        }
+    }
+    andf7[0] = andf7[0] << 1;
+    andf7[0] = andf7[0] & 0xfe;
+
+    xor_32(add1b, andf7, add1bf7);
+
+    xor_32(in, add1bf7, rotr);
+
+    temp[0] = rotr[0];         /* Rotate right 8 bits */
+    rotr[0] = rotr[1];
+    rotr[1] = rotr[2];
+    rotr[2] = rotr[3];
+    rotr[3] = temp[0];
+
+    xor_32(add1bf7, rotr, temp);
+    xor_32(swap_halfs, rotl,tempb);
+    xor_32(temp, tempb, out);
+}
+
+VOID RTMPAesEncrypt(
+    IN  PUCHAR  key,
+    IN  PUCHAR  data,
+    IN  PUCHAR  ciphertext)
+{
+    INT             round;
+    INT             i;
+    UCHAR           intermediatea[16];
+    UCHAR           intermediateb[16];
+    UCHAR           round_key[16];
+
+    for(i=0; i<16; i++) round_key[i] = key[i];
+
+    for (round = 0; round < 11; round++)
+    {
+        if (round == 0)
+        {
+            xor_128(round_key, data, ciphertext);
+            next_key(round_key, round);
+        }
+        else if (round == 10)
+        {
+            byte_sub(ciphertext, intermediatea);
+            shift_row(intermediatea, intermediateb);
+            xor_128(intermediateb, round_key, ciphertext);
+        }
+        else    /* 1 - 9 */
+        {
+            byte_sub(ciphertext, intermediatea);
+            shift_row(intermediatea, intermediateb);
+            mix_column(&intermediateb[0], &intermediatea[0]);
+            mix_column(&intermediateb[4], &intermediatea[4]);
+            mix_column(&intermediateb[8], &intermediatea[8]);
+            mix_column(&intermediateb[12], &intermediatea[12]);
+            xor_128(intermediatea, round_key, ciphertext);
+            next_key(round_key, round);
+        }
+    }
+
+}
+
+/* calculate the mic */
+VOID RTMPMicFinal(
+    IN  PMIC_CONTEXT    pContext,
+    OUT UCHAR           digest[4])
+{
+    INT             byte_position;
+    ULONG           val;
+    ULONGLONG       sum, utmp;
+    LONGLONG        stmp;
+
+    /* deal with partial 32-bit word left over from last update */
+    if ( (byte_position = (pContext->position & 3)) != 0) {
+        /* have a partial word in part to deal with -- zero unused bytes */
+        do {
+            pContext->part[byte_position++] = 0;
+            pContext->position++;
+        } while (byte_position < 4);
+        val = GETBIG32(&pContext->part[0]);
+        MIC_ACCUM(val);
+    }
+
+    /* reduce the accumulated u64 to a 32-bit MIC */
+    sum = pContext->accum;
+    stmp = (sum  & 0xffffffffL) - ((sum >> 32)  * 15);
+    utmp = (stmp & 0xffffffffL) - ((stmp >> 32) * 15);
+    sum = utmp & 0xffffffffL;
+    if (utmp > 0x10000000fL)
+        sum -= 15;
+
+    val = (ULONG)sum;
+    digest[0] = (UCHAR)((val>>24) & 0xFF);
+    digest[1] = (UCHAR) ((val>>16) & 0xFF);
+    digest[2] = (UCHAR) ((val>>8) & 0xFF);
+    digest[3] = (UCHAR)((val>>0) & 0xFF);
+}
+
+VOID RTMPCkipInsertCMIC(
+    IN  PRTMP_ADAPTER   pAd,
+    OUT PUCHAR          pMIC,
+    IN  PUCHAR          p80211hdr,
+    IN  PNDIS_PACKET    pPacket,
+    IN  PCIPHER_KEY     pKey,
+    IN  PUCHAR          mic_snap)
+{
+       PACKET_INFO             PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       ULONG                   SrcBufLen;
+    PUCHAR          pDA, pSA, pProto;
+    UCHAR           bigethlen[2];
+       UCHAR                   ckip_ck[16];
+    MIC_CONTEXT     mic_ctx;
+    USHORT          payloadlen;
+       UCHAR                   i;
+
+       if (pKey == NULL)
+       {
+               DBGPRINT_ERR(("RTMPCkipInsertCMIC, Before to form the CKIP key (CK), pKey can't be NULL\n"));
+               return;
+       }
+
+    switch (*(p80211hdr+1) & 3)
+    {
+        case 0: /* FromDs=0, ToDs=0 */
+            pDA = p80211hdr+4;
+            pSA = p80211hdr+10;
+            break;
+        case 1: /* FromDs=0, ToDs=1 */
+            pDA = p80211hdr+16;
+            pSA = p80211hdr+10;
+            break;
+        case 2: /* FromDs=1, ToDs=0 */
+            pDA = p80211hdr+4;
+            pSA = p80211hdr+16;
+            break;
+        case 3: /* FromDs=1, ToDs=1 */
+            pDA = p80211hdr+16;
+            pSA = p80211hdr+24;
+            break;
+    }
+
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+
+    if (SrcBufLen < LENGTH_802_3)
+        return;
+
+    pProto = pSrcBufVA + 12;
+    payloadlen = PacketInfo.TotalPacketLength - LENGTH_802_3 + 18; // CKIP_LLC(8)+CMIC(4)+TxSEQ(4)+PROTO(2)=18
+
+    bigethlen[0] = (unsigned char)(payloadlen >> 8);
+    bigethlen[1] = (unsigned char)payloadlen;
+
+       //
+       // Encryption Key expansion to form the CKIP Key (CKIP_CK).
+       //
+       if (pKey->KeyLen < 16)
+       {
+               for(i = 0; i < (16 / pKey->KeyLen); i++)
+               {
+                       NdisMoveMemory(ckip_ck + i * pKey->KeyLen,
+                                                       pKey->Key,
+                                                       pKey->KeyLen);
+               }
+               NdisMoveMemory(ckip_ck + i * pKey->KeyLen,
+                                               pKey->Key,
+                                               16 - (i * pKey->KeyLen));
+       }
+       else
+       {
+               NdisMoveMemory(ckip_ck, pKey->Key, pKey->KeyLen);
+       }
+    RTMPCkipMicInit(&mic_ctx, ckip_ck);
+    RTMPMicUpdate(&mic_ctx, pDA, MAC_ADDR_LEN);            // MIC <-- DA
+    RTMPMicUpdate(&mic_ctx, pSA, MAC_ADDR_LEN);            // MIC <-- SA
+    RTMPMicUpdate(&mic_ctx, bigethlen, 2);                 // MIC <-- payload length starting from CKIP SNAP
+    RTMPMicUpdate(&mic_ctx, mic_snap, 8);                  // MIC <-- snap header
+    RTMPMicUpdate(&mic_ctx, pAd->StaCfg.TxSEQ, 4);   // MIC <-- TxSEQ
+    RTMPMicUpdate(&mic_ctx, pProto, 2);                    // MIC <-- Protocol
+
+    pSrcBufVA += LENGTH_802_3;
+    SrcBufLen -= LENGTH_802_3;
+
+    // Mic <-- original payload. loop until all payload processed
+    do
+    {
+        if (SrcBufLen > 0)
+            RTMPMicUpdate(&mic_ctx, pSrcBufVA, SrcBufLen);
+
+               NdisGetNextBuffer(PacketInfo.pFirstBuffer, &PacketInfo.pFirstBuffer);
+        if (PacketInfo.pFirstBuffer)
+        {
+            NDIS_QUERY_BUFFER(PacketInfo.pFirstBuffer, &pSrcBufVA, &SrcBufLen);
+        }
+        else
+            break;
+    } while (TRUE);
+
+    RTMPMicFinal(&mic_ctx, pMIC);                          // update MIC
+}
diff --git a/drivers/staging/rt3090/sta/rtmp_data.c b/drivers/staging/rt3090/sta/rtmp_data.c
new file mode 100644 (file)
index 0000000..5591364
--- /dev/null
@@ -0,0 +1,2661 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       rtmp_data.c
+
+       Abstract:
+       Data path subroutines
+
+       Revision History:
+       Who             When                    What
+       --------        ----------              ----------------------------------------------
+*/
+
+#include "../rt_config.h"
+
+
+VOID STARxEAPOLFrameIndicate(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       PRT28XX_RXD_STRUC       pRxD = &(pRxBlk->RxD);
+       PRXWI_STRUC             pRxWI = pRxBlk->pRxWI;
+       UCHAR                   *pTmpBuf;
+
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+       if (pAd->StaCfg.WpaSupplicantUP)
+       {
+               // All EAPoL frames have to pass to upper layer (ex. WPA_SUPPLICANT daemon)
+               // TBD : process fragmented EAPol frames
+               {
+                       // In 802.1x mode, if the received frame is EAP-SUCCESS packet, turn on the PortSecured variable
+                       if ( pAd->StaCfg.IEEE8021X == TRUE &&
+                                (EAP_CODE_SUCCESS == WpaCheckEapCode(pAd, pRxBlk->pData, pRxBlk->DataSize, LENGTH_802_1_H)))
+                       {
+                               PUCHAR  Key;
+                               UCHAR   CipherAlg;
+                               int     idx = 0;
+
+                               DBGPRINT_RAW(RT_DEBUG_TRACE, ("Receive EAP-SUCCESS Packet\n"));
+                               //pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                               STA_PORT_SECURED(pAd);
+
+                if (pAd->StaCfg.IEEE8021x_required_keys == FALSE)
+                {
+                    idx = pAd->StaCfg.DesireSharedKeyId;
+                    CipherAlg = pAd->StaCfg.DesireSharedKey[idx].CipherAlg;
+                                       Key = pAd->StaCfg.DesireSharedKey[idx].Key;
+
+                    if (pAd->StaCfg.DesireSharedKey[idx].KeyLen > 0)
+                               {
+#ifdef RTMP_MAC_PCI
+                                               MAC_TABLE_ENTRY *pEntry = &pAd->MacTab.Content[BSSID_WCID];
+
+                                               // Set key material and cipherAlg to Asic
+                                               AsicAddSharedKeyEntry(pAd, BSS0, idx, CipherAlg, Key, NULL, NULL);
+
+                                               // Assign group key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, idx, CipherAlg, NULL);
+
+                                               // Assign pairwise key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, idx, CipherAlg, pEntry);
+
+                        pAd->IndicateMediaState = NdisMediaStateConnected;
+                        pAd->ExtraInfo = GENERAL_LINK_UP;
+#endif // RTMP_MAC_PCI //
+                                               // For Preventing ShardKey Table is cleared by remove key procedure.
+                                       pAd->SharedKey[BSS0][idx].CipherAlg = CipherAlg;
+                                               pAd->SharedKey[BSS0][idx].KeyLen = pAd->StaCfg.DesireSharedKey[idx].KeyLen;
+                                               NdisMoveMemory(pAd->SharedKey[BSS0][idx].Key,
+                                                                          pAd->StaCfg.DesireSharedKey[idx].Key,
+                                                                          pAd->StaCfg.DesireSharedKey[idx].KeyLen);
+                               }
+                               }
+                       }
+
+                       Indicate_Legacy_Packet(pAd, pRxBlk, FromWhichBSSID);
+                       return;
+               }
+       }
+       else
+#endif // WPA_SUPPLICANT_SUPPORT //
+       {
+               // Special DATA frame that has to pass to MLME
+               //       1. Cisco Aironet frames for CCX2. We need pass it to MLME for special process
+               //       2. EAPOL handshaking frames when driver supplicant enabled, pass to MLME for special process
+               {
+                       pTmpBuf = pRxBlk->pData - LENGTH_802_11;
+                       NdisMoveMemory(pTmpBuf, pRxBlk->pHeader, LENGTH_802_11);
+                       REPORT_MGMT_FRAME_TO_MLME(pAd, pRxWI->WirelessCliID, pTmpBuf, pRxBlk->DataSize + LENGTH_802_11, pRxWI->RSSI0, pRxWI->RSSI1, pRxWI->RSSI2, pRxD->PlcpSignal);
+                       DBGPRINT_RAW(RT_DEBUG_TRACE, ("!!! report EAPOL/AIRONET DATA to MLME (len=%d) !!!\n", pRxBlk->DataSize));
+               }
+       }
+
+       RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+       return;
+
+}
+
+VOID STARxDataFrameAnnounce(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk,
+       IN      UCHAR                   FromWhichBSSID)
+{
+
+       // non-EAP frame
+       if (!RTMPCheckWPAframe(pAd, pEntry, pRxBlk->pData, pRxBlk->DataSize, FromWhichBSSID))
+       {
+
+               {
+                       // drop all non-EAP DATA frame before
+                       // this client's Port-Access-Control is secured
+                       if (pRxBlk->pHeader->FC.Wep)
+                       {
+                               // unsupported cipher suite
+                               if (pAd->StaCfg.WepStatus == Ndis802_11EncryptionDisabled)
+                               {
+                                       // release packet
+                                       RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+                                       return;
+                               }
+                       }
+                       else
+                       {
+                               // encryption in-use but receive a non-EAPOL clear text frame, drop it
+                               if ((pAd->StaCfg.WepStatus != Ndis802_11EncryptionDisabled) &&
+                                       (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+                               {
+                                       // release packet
+                                       RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+                                       return;
+                               }
+                       }
+               }
+               RX_BLK_CLEAR_FLAG(pRxBlk, fRX_EAP);
+
+
+               if (!RX_BLK_TEST_FLAG(pRxBlk, fRX_ARALINK))
+               {
+                       // Normal legacy, AMPDU or AMSDU
+                       CmmRxnonRalinkFrameIndicate(pAd, pRxBlk, FromWhichBSSID);
+
+               }
+               else
+               {
+                       // ARALINK
+                       CmmRxRalinkFrameIndicate(pAd, pEntry, pRxBlk, FromWhichBSSID);
+               }
+#ifdef QOS_DLS_SUPPORT
+               RX_BLK_CLEAR_FLAG(pRxBlk, fRX_DLS);
+#endif // QOS_DLS_SUPPORT //
+       }
+       else
+       {
+               RX_BLK_SET_FLAG(pRxBlk, fRX_EAP);
+#ifdef DOT11_N_SUPPORT
+               if (RX_BLK_TEST_FLAG(pRxBlk, fRX_AMPDU) && (pAd->CommonCfg.bDisableReordering == 0))
+               {
+                       Indicate_AMPDU_Packet(pAd, pRxBlk, FromWhichBSSID);
+               }
+               else
+#endif // DOT11_N_SUPPORT //
+               {
+                       // Determin the destination of the EAP frame
+                       //  to WPA state machine or upper layer
+                       STARxEAPOLFrameIndicate(pAd, pEntry, pRxBlk, FromWhichBSSID);
+               }
+       }
+}
+
+
+// For TKIP frame, calculate the MIC value
+BOOLEAN STACheckTkipMICValue(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      MAC_TABLE_ENTRY *pEntry,
+       IN      RX_BLK                  *pRxBlk)
+{
+       PHEADER_802_11  pHeader = pRxBlk->pHeader;
+       UCHAR                   *pData = pRxBlk->pData;
+       USHORT                  DataSize = pRxBlk->DataSize;
+       UCHAR                   UserPriority = pRxBlk->UserPriority;
+       PCIPHER_KEY             pWpaKey;
+       UCHAR                   *pDA, *pSA;
+
+       pWpaKey = &pAd->SharedKey[BSS0][pRxBlk->pRxWI->KeyIndex];
+
+       pDA = pHeader->Addr1;
+       if (RX_BLK_TEST_FLAG(pRxBlk, fRX_INFRA))
+       {
+               pSA = pHeader->Addr3;
+       }
+       else
+       {
+               pSA = pHeader->Addr2;
+       }
+
+       if (RTMPTkipCompareMICValue(pAd,
+                                                               pData,
+                                                               pDA,
+                                                               pSA,
+                                                               pWpaKey->RxMic,
+                                                               UserPriority,
+                                                               DataSize) == FALSE)
+       {
+               DBGPRINT_RAW(RT_DEBUG_ERROR,("Rx MIC Value error 2\n"));
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+               if (pAd->StaCfg.WpaSupplicantUP)
+               {
+                       WpaSendMicFailureToWpaSupplicant(pAd, (pWpaKey->Type == PAIRWISEKEY) ? TRUE : FALSE);
+               }
+               else
+#endif // WPA_SUPPLICANT_SUPPORT //
+               {
+                       RTMPReportMicError(pAd, pWpaKey);
+               }
+
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pRxBlk->pRxPacket, NDIS_STATUS_FAILURE);
+               return FALSE;
+       }
+
+       return TRUE;
+}
+
+
+//
+// All Rx routines use RX_BLK structure to hande rx events
+// It is very important to build pRxBlk attributes
+//  1. pHeader pointer to 802.11 Header
+//  2. pData pointer to payload including LLC (just skip Header)
+//  3. set payload size including LLC to DataSize
+//  4. set some flags with RX_BLK_SET_FLAG()
+//
+VOID STAHandleRxDataFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk)
+{
+       PRT28XX_RXD_STRUC                               pRxD = &(pRxBlk->RxD);
+       PRXWI_STRUC                                             pRxWI = pRxBlk->pRxWI;
+       PHEADER_802_11                                  pHeader = pRxBlk->pHeader;
+       PNDIS_PACKET                                    pRxPacket = pRxBlk->pRxPacket;
+       BOOLEAN                                                 bFragment = FALSE;
+       MAC_TABLE_ENTRY                         *pEntry = NULL;
+       UCHAR                                                   FromWhichBSSID = BSS0;
+       UCHAR                           UserPriority = 0;
+
+       {
+               // before LINK UP, all DATA frames are rejected
+               if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+               {
+                       // release packet
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                       return;
+               }
+
+#ifdef QOS_DLS_SUPPORT
+               //if ((pHeader->FC.FrDs == 0) && (pHeader->FC.ToDs == 0))
+               if (RTMPRcvFrameDLSCheck(pAd, pHeader, pRxWI->MPDUtotalByteCount, pRxD))
+               {
+                       return;
+               }
+#endif // QOS_DLS_SUPPORT //
+
+               // Drop not my BSS frames
+               if (pRxD->MyBss == 0)
+               {
+                       {
+                               // release packet
+                               RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                               return;
+                       }
+               }
+
+               pAd->RalinkCounters.RxCountSinceLastNULL++;
+               if (pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable && (pHeader->FC.SubType & 0x08))
+               {
+                       UCHAR *pData;
+                       DBGPRINT(RT_DEBUG_INFO,("bAPSDCapable\n"));
+
+                       // Qos bit 4
+                       pData = (PUCHAR)pHeader + LENGTH_802_11;
+                       if ((*pData >> 4) & 0x01)
+                       {
+                               DBGPRINT(RT_DEBUG_INFO,("RxDone- Rcv EOSP frame, driver may fall into sleep\n"));
+                               pAd->CommonCfg.bInServicePeriod = FALSE;
+
+                               // Force driver to fall into sleep mode when rcv EOSP frame
+                               if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+                               {
+                                       USHORT  TbttNumToNextWakeUp;
+                                       USHORT  NextDtim = pAd->StaCfg.DtimPeriod;
+                                       ULONG   Now;
+
+                                       NdisGetSystemUpTime(&Now);
+                                       NextDtim -= (USHORT)(Now - pAd->StaCfg.LastBeaconRxTime)/pAd->CommonCfg.BeaconPeriod;
+
+                                       TbttNumToNextWakeUp = pAd->StaCfg.DefaultListenCount;
+                                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM) && (TbttNumToNextWakeUp > NextDtim))
+                                               TbttNumToNextWakeUp = NextDtim;
+
+                                       RTMP_SET_PSM_BIT(pAd, PWR_SAVE);
+                                       // if WMM-APSD is failed, try to disable following line
+                                       AsicSleepThenAutoWakeup(pAd, TbttNumToNextWakeUp);
+                               }
+                       }
+
+                       if ((pHeader->FC.MoreData) && (pAd->CommonCfg.bInServicePeriod))
+                       {
+                               DBGPRINT(RT_DEBUG_TRACE,("Sending another trigger frame when More Data bit is set to 1\n"));
+                       }
+               }
+
+               // Drop NULL, CF-ACK(no data), CF-POLL(no data), and CF-ACK+CF-POLL(no data) data frame
+               if ((pHeader->FC.SubType & 0x04)) // bit 2 : no DATA
+               {
+                       // release packet
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                       return;
+               }
+
+           // Drop not my BSS frame (we can not only check the MyBss bit in RxD)
+#ifdef QOS_DLS_SUPPORT
+           if (!pAd->CommonCfg.bDLSCapable)
+           {
+#endif // QOS_DLS_SUPPORT //
+               if (INFRA_ON(pAd))
+               {
+                       // Infrastructure mode, check address 2 for BSSID
+                       if (!RTMPEqualMemory(&pHeader->Addr2, &pAd->CommonCfg.Bssid, 6))
+                       {
+                               // Receive frame not my BSSID
+                   // release packet
+                   RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                               return;
+                       }
+               }
+               else    // Ad-Hoc mode or Not associated
+               {
+                       // Ad-Hoc mode, check address 3 for BSSID
+                       if (!RTMPEqualMemory(&pHeader->Addr3, &pAd->CommonCfg.Bssid, 6))
+                       {
+                               // Receive frame not my BSSID
+                   // release packet
+                   RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                               return;
+                       }
+               }
+#ifdef QOS_DLS_SUPPORT
+           }
+#endif // QOS_DLS_SUPPORT //
+
+               //
+               // find pEntry
+               //
+               if (pRxWI->WirelessCliID < MAX_LEN_OF_MAC_TABLE)
+               {
+                       pEntry = &pAd->MacTab.Content[pRxWI->WirelessCliID];
+
+               }
+               else
+               {
+                       // 1. release packet if infra mode
+                       // 2. new a pEntry if ad-hoc mode
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                       return;
+               }
+
+               // infra or ad-hoc
+               if (INFRA_ON(pAd))
+               {
+                       RX_BLK_SET_FLAG(pRxBlk, fRX_INFRA);
+#ifdef QOS_DLS_SUPPORT
+                       if ((pHeader->FC.FrDs == 0) && (pHeader->FC.ToDs == 0))
+                               RX_BLK_SET_FLAG(pRxBlk, fRX_DLS);
+                       else
+#endif // QOS_DLS_SUPPORT //
+                       ASSERT(pRxWI->WirelessCliID == BSSID_WCID);
+               }
+
+               // check Atheros Client
+               if ((pEntry->bIAmBadAtheros == FALSE) &&  (pRxD->AMPDU == 1) && (pHeader->FC.Retry ))
+               {
+                       pEntry->bIAmBadAtheros = TRUE;
+                       pAd->CommonCfg.IOTestParm.bCurrentAtheros = TRUE;
+                       pAd->CommonCfg.IOTestParm.bLastAtheros = TRUE;
+                       if (!STA_AES_ON(pAd))
+                       {
+                               AsicUpdateProtect(pAd, 8, ALLN_SETPROTECT, TRUE, FALSE);
+                       }
+               }
+       }
+
+       pRxBlk->pData = (UCHAR *)pHeader;
+
+       //
+       // update RxBlk->pData, DataSize
+       // 802.11 Header, QOS, HTC, Hw Padding
+       //
+
+       // 1. skip 802.11 HEADER
+       {
+               pRxBlk->pData += LENGTH_802_11;
+               pRxBlk->DataSize -= LENGTH_802_11;
+       }
+
+       // 2. QOS
+       if (pHeader->FC.SubType & 0x08)
+       {
+               RX_BLK_SET_FLAG(pRxBlk, fRX_QOS);
+               UserPriority = *(pRxBlk->pData) & 0x0f;
+               // bit 7 in QoS Control field signals the HT A-MSDU format
+               if ((*pRxBlk->pData) & 0x80)
+               {
+                       RX_BLK_SET_FLAG(pRxBlk, fRX_AMSDU);
+               }
+
+               // skip QOS contorl field
+               pRxBlk->pData += 2;
+               pRxBlk->DataSize -=2;
+       }
+       pRxBlk->UserPriority = UserPriority;
+
+       /* check if need to resend PS Poll when received packet with MoreData = 1 */
+       if ((pAd->StaCfg.Psm == PWR_SAVE) && (pHeader->FC.MoreData == 1))
+       {
+               if ((((UserPriority == 0) || (UserPriority == 3)) &&
+                       pAd->CommonCfg.bAPSDAC_BE == 0) ||
+                       (((UserPriority == 1) || (UserPriority == 2)) &&
+                       pAd->CommonCfg.bAPSDAC_BK == 0) ||
+                       (((UserPriority == 4) || (UserPriority == 5)) &&
+                       pAd->CommonCfg.bAPSDAC_VI == 0) ||
+                       (((UserPriority == 6) || (UserPriority == 7)) &&
+                       pAd->CommonCfg.bAPSDAC_VO == 0))
+               {
+                       /* non-UAPSD delivery-enabled AC */
+                       RTMP_PS_POLL_ENQUEUE(pAd);
+               }
+       }
+
+       // 3. Order bit: A-Ralink or HTC+
+       if (pHeader->FC.Order)
+       {
+#ifdef AGGREGATION_SUPPORT
+               if ((pRxWI->PHYMODE <= MODE_OFDM) && (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED)))
+               {
+                       RX_BLK_SET_FLAG(pRxBlk, fRX_ARALINK);
+               }
+               else
+#endif // AGGREGATION_SUPPORT //
+               {
+#ifdef DOT11_N_SUPPORT
+                       RX_BLK_SET_FLAG(pRxBlk, fRX_HTC);
+                       // skip HTC contorl field
+                       pRxBlk->pData += 4;
+                       pRxBlk->DataSize -= 4;
+#endif // DOT11_N_SUPPORT //
+               }
+       }
+
+       // 4. skip HW padding
+       if (pRxD->L2PAD)
+       {
+               // just move pData pointer
+               // because DataSize excluding HW padding
+               RX_BLK_SET_FLAG(pRxBlk, fRX_PAD);
+               pRxBlk->pData += 2;
+       }
+
+#ifdef DOT11_N_SUPPORT
+       if (pRxD->BA)
+       {
+               RX_BLK_SET_FLAG(pRxBlk, fRX_AMPDU);
+       }
+#endif // DOT11_N_SUPPORT //
+
+
+       //
+       // Case I  Process Broadcast & Multicast data frame
+       //
+       if (pRxD->Bcast || pRxD->Mcast)
+       {
+               INC_COUNTER64(pAd->WlanCounters.MulticastReceivedFrameCount);
+
+               // Drop Mcast/Bcast frame with fragment bit on
+               if (pHeader->FC.MoreFrag)
+               {
+                       // release packet
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                       return;
+               }
+
+               // Filter out Bcast frame which AP relayed for us
+               if (pHeader->FC.FrDs && MAC_ADDR_EQUAL(pHeader->Addr3, pAd->CurrentAddress))
+               {
+                       // release packet
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                       return;
+               }
+
+               Indicate_Legacy_Packet(pAd, pRxBlk, FromWhichBSSID);
+               return;
+       }
+       else if (pRxD->U2M)
+       {
+               pAd->LastRxRate = (USHORT)((pRxWI->MCS) + (pRxWI->BW <<7) + (pRxWI->ShortGI <<8)+ (pRxWI->PHYMODE <<14)) ;
+
+
+#ifdef QOS_DLS_SUPPORT
+        if (RX_BLK_TEST_FLAG(pRxBlk, fRX_DLS))
+               {
+                       MAC_TABLE_ENTRY *pDlsEntry = NULL;
+
+                       pDlsEntry = DlsEntryTableLookupByWcid(pAd, pRxWI->WirelessCliID, pHeader->Addr2, TRUE);
+                                                                                                       if(pDlsEntry)
+                       Update_Rssi_Sample(pAd, &pDlsEntry->RssiSample, pRxWI);
+               }
+               else
+#endif // QOS_DLS_SUPPORT //
+               if (ADHOC_ON(pAd))
+               {
+                       pEntry = MacTableLookup(pAd, pHeader->Addr2);
+                       if (pEntry)
+                               Update_Rssi_Sample(pAd, &pEntry->RssiSample, pRxWI);
+               }
+
+
+               Update_Rssi_Sample(pAd, &pAd->StaCfg.RssiSample, pRxWI);
+
+               pAd->StaCfg.LastSNR0 = (UCHAR)(pRxWI->SNR0);
+               pAd->StaCfg.LastSNR1 = (UCHAR)(pRxWI->SNR1);
+
+               pAd->RalinkCounters.OneSecRxOkDataCnt++;
+
+
+       if (!((pHeader->Frag == 0) && (pHeader->FC.MoreFrag == 0)))
+       {
+               // re-assemble the fragmented packets
+               // return complete frame (pRxPacket) or NULL
+               bFragment = TRUE;
+               pRxPacket = RTMPDeFragmentDataFrame(pAd, pRxBlk);
+       }
+
+       if (pRxPacket)
+       {
+               pEntry = &pAd->MacTab.Content[pRxWI->WirelessCliID];
+
+               // process complete frame
+               if (bFragment && (pRxD->Decrypted) && (pEntry->WepStatus == Ndis802_11Encryption2Enabled))
+               {
+                       // Minus MIC length
+                       pRxBlk->DataSize -= 8;
+
+                       // For TKIP frame, calculate the MIC value
+                       if (STACheckTkipMICValue(pAd, pEntry, pRxBlk) == FALSE)
+                       {
+                               return;
+                       }
+               }
+
+               STARxDataFrameAnnounce(pAd, pEntry, pRxBlk, FromWhichBSSID);
+                       return;
+       }
+       else
+       {
+               // just return
+               // because RTMPDeFragmentDataFrame() will release rx packet,
+               // if packet is fragmented
+               return;
+       }
+       }
+
+       ASSERT(0);
+       // release packet
+       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+}
+
+VOID STAHandleRxMgmtFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk)
+{
+       PRT28XX_RXD_STRUC       pRxD = &(pRxBlk->RxD);
+       PRXWI_STRUC             pRxWI = pRxBlk->pRxWI;
+       PHEADER_802_11  pHeader = pRxBlk->pHeader;
+       PNDIS_PACKET    pRxPacket = pRxBlk->pRxPacket;
+
+       do
+       {
+
+
+               /* check if need to resend PS Poll when received packet with MoreData = 1 */
+               if ((pAd->StaCfg.Psm == PWR_SAVE) && (pHeader->FC.MoreData == 1))
+               {
+                       /* for UAPSD, all management frames will be VO priority */
+                       if (pAd->CommonCfg.bAPSDAC_VO == 0)
+                       {
+                               /* non-UAPSD delivery-enabled AC */
+                               RTMP_PS_POLL_ENQUEUE(pAd);
+                       }
+               }
+
+               /* TODO: if MoreData == 0, station can go to sleep */
+
+
+               // We should collect RSSI not only U2M data but also my beacon
+               if ((pHeader->FC.SubType == SUBTYPE_BEACON) && (MAC_ADDR_EQUAL(&pAd->CommonCfg.Bssid, &pHeader->Addr2))
+                       && (pAd->RxAnt.EvaluatePeriod == 0))
+               {
+                       Update_Rssi_Sample(pAd, &pAd->StaCfg.RssiSample, pRxWI);
+
+                       pAd->StaCfg.LastSNR0 = (UCHAR)(pRxWI->SNR0);
+                       pAd->StaCfg.LastSNR1 = (UCHAR)(pRxWI->SNR1);
+               }
+
+#ifdef RT30xx
+#ifdef ANT_DIVERSITY_SUPPORT
+               // collect rssi information for antenna diversity
+               if ((pAd->NicConfig2.field.AntDiversity) &&
+                       (pAd->CommonCfg.bRxAntDiversity != ANT_DIVERSITY_DISABLE))
+               {
+                       if ((pRxD->U2M) || ((pHeader->FC.SubType == SUBTYPE_BEACON) && (MAC_ADDR_EQUAL(&pAd->CommonCfg.Bssid, &pHeader->Addr2))))
+                       {
+                                       COLLECT_RX_ANTENNA_AVERAGE_RSSI(pAd, ConvertToRssi(pAd, (UCHAR)pRxWI->RSSI0, RSSI_0), 0); //Note: RSSI2 not used on RT73
+                                       pAd->StaCfg.NumOfAvgRssiSample ++;
+                       }
+               }
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+
+               // First check the size, it MUST not exceed the mlme queue size
+               if (pRxWI->MPDUtotalByteCount > MGMT_DMA_BUFFER_SIZE)
+               {
+                       DBGPRINT_ERR(("STAHandleRxMgmtFrame: frame too large, size = %d \n", pRxWI->MPDUtotalByteCount));
+                       break;
+               }
+
+               REPORT_MGMT_FRAME_TO_MLME(pAd, pRxWI->WirelessCliID, pHeader, pRxWI->MPDUtotalByteCount,
+                                                                       pRxWI->RSSI0, pRxWI->RSSI1, pRxWI->RSSI2, pRxD->PlcpSignal);
+       } while (FALSE);
+
+       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_SUCCESS);
+}
+
+VOID STAHandleRxControlFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      RX_BLK                  *pRxBlk)
+{
+#ifdef DOT11_N_SUPPORT
+       PRXWI_STRUC             pRxWI = pRxBlk->pRxWI;
+#endif // DOT11_N_SUPPORT //
+       PHEADER_802_11  pHeader = pRxBlk->pHeader;
+       PNDIS_PACKET    pRxPacket = pRxBlk->pRxPacket;
+
+       switch (pHeader->FC.SubType)
+       {
+               case SUBTYPE_BLOCK_ACK_REQ:
+#ifdef DOT11_N_SUPPORT
+                       {
+                               CntlEnqueueForRecv(pAd, pRxWI->WirelessCliID, (pRxWI->MPDUtotalByteCount), (PFRAME_BA_REQ)pHeader);
+                       }
+                       break;
+#endif // DOT11_N_SUPPORT //
+               case SUBTYPE_BLOCK_ACK:
+               case SUBTYPE_ACK:
+               default:
+                       break;
+       }
+
+       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process RxDone interrupt, running in DPC level
+
+       Arguments:
+               pAd Pointer to our adapter
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+               This routine has to maintain Rx ring read pointer.
+               Need to consider QOS DATA format when converting to 802.3
+       ========================================================================
+*/
+BOOLEAN STARxDoneInterruptHandle(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      BOOLEAN                 argc)
+{
+       NDIS_STATUS                     Status;
+       UINT32                  RxProcessed, RxPending;
+       BOOLEAN                 bReschedule = FALSE;
+       RT28XX_RXD_STRUC        *pRxD;
+       UCHAR                   *pData;
+       PRXWI_STRUC             pRxWI;
+       PNDIS_PACKET    pRxPacket;
+       PHEADER_802_11  pHeader;
+       RX_BLK                  RxCell;
+
+       RxProcessed = RxPending = 0;
+
+       // process whole rx ring
+       while (1)
+       {
+
+               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF |
+                                                               fRTMP_ADAPTER_RESET_IN_PROGRESS |
+                                                               fRTMP_ADAPTER_HALT_IN_PROGRESS |
+                                                               fRTMP_ADAPTER_NIC_NOT_EXIST) ||
+                       !RTMP_TEST_FLAG(pAd,fRTMP_ADAPTER_START_UP))
+               {
+                       break;
+               }
+
+#ifdef RTMP_MAC_PCI
+               if (RxProcessed++ > MAX_RX_PROCESS_CNT)
+               {
+                       // need to reschedule rx handle
+                       bReschedule = TRUE;
+                       break;
+               }
+#endif // RTMP_MAC_PCI //
+
+               RxProcessed ++; // test
+
+               // 1. allocate a new data packet into rx ring to replace received packet
+               //    then processing the received packet
+               // 2. the callee must take charge of release of packet
+               // 3. As far as driver is concerned ,
+               //    the rx packet must
+               //      a. be indicated to upper layer or
+               //      b. be released if it is discarded
+               pRxPacket = GetPacketFromRxRing(pAd, &(RxCell.RxD), &bReschedule, &RxPending);
+               if (pRxPacket == NULL)
+               {
+                       // no more packet to process
+                       break;
+               }
+
+               // get rx ring descriptor
+               pRxD = &(RxCell.RxD);
+               // get rx data buffer
+               pData   = GET_OS_PKT_DATAPTR(pRxPacket);
+               pRxWI   = (PRXWI_STRUC) pData;
+               pHeader = (PHEADER_802_11) (pData+RXWI_SIZE) ;
+
+#ifdef RT_BIG_ENDIAN
+           RTMPFrameEndianChange(pAd, (PUCHAR)pHeader, DIR_READ, TRUE);
+               RTMPWIEndianChange((PUCHAR)pRxWI, TYPE_RXWI);
+#endif
+
+               // build RxCell
+               RxCell.pRxWI = pRxWI;
+               RxCell.pHeader = pHeader;
+               RxCell.pRxPacket = pRxPacket;
+               RxCell.pData = (UCHAR *) pHeader;
+               RxCell.DataSize = pRxWI->MPDUtotalByteCount;
+               RxCell.Flags = 0;
+
+               // Increase Total receive byte counter after real data received no mater any error or not
+               pAd->RalinkCounters.ReceivedByteCount +=  pRxWI->MPDUtotalByteCount;
+               pAd->RalinkCounters.OneSecReceivedByteCount +=  pRxWI->MPDUtotalByteCount;
+               pAd->RalinkCounters.RxCount ++;
+
+               INC_COUNTER64(pAd->WlanCounters.ReceivedFragmentCount);
+
+               if (pRxWI->MPDUtotalByteCount < 14)
+                       Status = NDIS_STATUS_FAILURE;
+
+        if (MONITOR_ON(pAd))
+               {
+            send_monitor_packets(pAd, &RxCell);
+                       break;
+               }
+
+               /* STARxDoneInterruptHandle() is called in rtusb_bulk.c */
+#ifdef RALINK_ATE
+               if (ATE_ON(pAd))
+               {
+                       pAd->ate.RxCntPerSec++;
+                       ATESampleRssi(pAd, pRxWI);
+#ifdef RALINK_28xx_QA
+                       if (pAd->ate.bQARxStart == TRUE)
+                       {
+                               /* (*pRxD) has been swapped in GetPacketFromRxRing() */
+                               ATE_QA_Statistics(pAd, pRxWI, pRxD,     pHeader);
+                       }
+#endif // RALINK_28xx_QA //
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_SUCCESS);
+                       continue;
+               }
+#endif // RALINK_ATE //
+
+               // Check for all RxD errors
+               Status = RTMPCheckRxError(pAd, pHeader, pRxWI, pRxD);
+
+               // Handle the received frame
+               if (Status == NDIS_STATUS_SUCCESS)
+               {
+                       switch (pHeader->FC.Type)
+                       {
+                               // CASE I, receive a DATA frame
+                               case BTYPE_DATA:
+                               {
+                                       // process DATA frame
+                                       STAHandleRxDataFrame(pAd, &RxCell);
+                               }
+                               break;
+                               // CASE II, receive a MGMT frame
+                               case BTYPE_MGMT:
+                               {
+                                       STAHandleRxMgmtFrame(pAd, &RxCell);
+                               }
+                               break;
+                               // CASE III. receive a CNTL frame
+                               case BTYPE_CNTL:
+                               {
+                                       STAHandleRxControlFrame(pAd, &RxCell);
+                               }
+                               break;
+                               // discard other type
+                               default:
+                                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+                                       break;
+                       }
+               }
+               else
+               {
+                       pAd->Counters8023.RxErrors++;
+                       // discard this frame
+                       RELEASE_NDIS_PACKET(pAd, pRxPacket, NDIS_STATUS_FAILURE);
+               }
+       }
+
+       return bReschedule;
+}
+
+/*
+       ========================================================================
+
+       Routine Description:
+       Arguments:
+               pAd     Pointer to our adapter
+
+       IRQL = DISPATCH_LEVEL
+
+       ========================================================================
+*/
+VOID   RTMPHandleTwakeupInterrupt(
+       IN PRTMP_ADAPTER pAd)
+{
+       AsicForceWakeup(pAd, FALSE);
+}
+
+/*
+========================================================================
+Routine Description:
+    Early checking and OS-depened parsing for Tx packet send to our STA driver.
+
+Arguments:
+    NDIS_HANDLE                MiniportAdapterContext  Pointer refer to the device handle, i.e., the pAd.
+       PPNDIS_PACKET   ppPacketArray                   The packet array need to do transmission.
+       UINT                    NumberOfPackets                 Number of packet in packet array.
+
+Return Value:
+       NONE
+
+Note:
+       This function do early checking and classification for send-out packet.
+       You only can put OS-depened & STA related code in here.
+========================================================================
+*/
+VOID STASendPackets(
+       IN      NDIS_HANDLE             MiniportAdapterContext,
+       IN      PPNDIS_PACKET   ppPacketArray,
+       IN      UINT                    NumberOfPackets)
+{
+       UINT                    Index;
+       PRTMP_ADAPTER   pAd = (PRTMP_ADAPTER) MiniportAdapterContext;
+       PNDIS_PACKET    pPacket;
+       BOOLEAN                 allowToSend = FALSE;
+
+
+       for (Index = 0; Index < NumberOfPackets; Index++)
+       {
+               pPacket = ppPacketArray[Index];
+
+               do
+               {
+
+                       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RESET_IN_PROGRESS) ||
+                               RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS) ||
+                               RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
+                       {
+                               // Drop send request since hardware is in reset state
+                                       break;
+                       }
+                       else if (!INFRA_ON(pAd) && !ADHOC_ON(pAd))
+                       {
+                               // Drop send request since there are no physical connection yet
+                                       break;
+                       }
+                       else
+                       {
+                               // Record that orignal packet source is from NDIS layer,so that
+                               // later on driver knows how to release this NDIS PACKET
+#ifdef QOS_DLS_SUPPORT
+                               MAC_TABLE_ENTRY *pEntry;
+                               PUCHAR pSrcBufVA = GET_OS_PKT_DATAPTR(pPacket);
+
+                               pEntry = MacTableLookup(pAd, pSrcBufVA);
+                               if (pEntry && (pEntry->ValidAsDls == TRUE))
+                               {
+                                       RTMP_SET_PACKET_WCID(pPacket, pEntry->Aid);
+                               }
+                               else
+#endif // QOS_DLS_SUPPORT //
+                               RTMP_SET_PACKET_WCID(pPacket, 0); // this field is useless when in STA mode
+                               RTMP_SET_PACKET_SOURCE(pPacket, PKTSRC_NDIS);
+                               NDIS_SET_PACKET_STATUS(pPacket, NDIS_STATUS_PENDING);
+                               pAd->RalinkCounters.PendingNdisPacketCount++;
+
+                               allowToSend = TRUE;
+                       }
+               } while(FALSE);
+
+               if (allowToSend == TRUE)
+                       STASendPacket(pAd, pPacket);
+               else
+                       RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+       }
+
+       // Dequeue outgoing frames from TxSwQueue[] and process it
+       RTMPDeQueuePacket(pAd, FALSE, NUM_OF_TX_RING, MAX_TX_PROCESS);
+
+}
+
+
+/*
+========================================================================
+Routine Description:
+       This routine is used to do packet parsing and classification for Tx packet
+       to STA device, and it will en-queue packets to our TxSwQueue depends on AC
+       class.
+
+Arguments:
+       pAd             Pointer to our adapter
+       pPacket         Pointer to send packet
+
+Return Value:
+       NDIS_STATUS_SUCCESS                     If succes to queue the packet into TxSwQueue.
+       NDIS_STATUS_FAILURE                     If failed to do en-queue.
+
+Note:
+       You only can put OS-indepened & STA related code in here.
+========================================================================
+*/
+NDIS_STATUS STASendPacket(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket)
+{
+       PACKET_INFO     PacketInfo;
+       PUCHAR                  pSrcBufVA;
+       UINT                    SrcBufLen;
+       UINT                    AllowFragSize;
+       UCHAR                   NumberOfFrag;
+       UCHAR                   RTSRequired;
+       UCHAR                   QueIdx, UserPriority;
+       MAC_TABLE_ENTRY *pEntry = NULL;
+       unsigned int    IrqFlags;
+       UCHAR                   FlgIsIP = 0;
+       UCHAR                   Rate;
+
+       // Prepare packet information structure for buffer descriptor
+       // chained within a single NDIS packet.
+       RTMP_QueryPacketInfo(pPacket, &PacketInfo, &pSrcBufVA, &SrcBufLen);
+
+       if (pSrcBufVA == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("STASendPacket --> pSrcBufVA == NULL !!!SrcBufLen=%x\n",SrcBufLen));
+               // Resourece is low, system did not allocate virtual address
+               // return NDIS_STATUS_FAILURE directly to upper layer
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+               return NDIS_STATUS_FAILURE;
+       }
+
+
+       if (SrcBufLen < 14)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("STASendPacket --> Ndis Packet buffer error !!!\n"));
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+               return (NDIS_STATUS_FAILURE);
+       }
+
+       // In HT rate adhoc mode, A-MPDU is often used. So need to lookup BA Table and MAC Entry.
+       // Note multicast packets in adhoc also use BSSID_WCID index.
+       {
+               if(INFRA_ON(pAd))
+               {
+#ifdef QOS_DLS_SUPPORT
+                       USHORT  tmpWcid;
+
+                       tmpWcid = RTMP_GET_PACKET_WCID(pPacket);
+                       if (VALID_WCID(tmpWcid) &&
+                               (pAd->MacTab.Content[tmpWcid].ValidAsDls== TRUE))
+                       {
+                               pEntry = &pAd->MacTab.Content[tmpWcid];
+                               Rate = pAd->MacTab.Content[tmpWcid].CurrTxRate;
+                       }
+                       else
+#endif // QOS_DLS_SUPPORT //
+                       {
+                       pEntry = &pAd->MacTab.Content[BSSID_WCID];
+                       RTMP_SET_PACKET_WCID(pPacket, BSSID_WCID);
+                       Rate = pAd->CommonCfg.TxRate;
+               }
+               }
+               else if (ADHOC_ON(pAd))
+               {
+                       if (*pSrcBufVA & 0x01)
+                       {
+                               RTMP_SET_PACKET_WCID(pPacket, MCAST_WCID);
+                               pEntry = &pAd->MacTab.Content[MCAST_WCID];
+                       }
+                       else
+                       {
+                               pEntry = MacTableLookup(pAd, pSrcBufVA);
+                       }
+                       Rate = pAd->CommonCfg.TxRate;
+               }
+       }
+
+       if (!pEntry)
+       {
+               DBGPRINT(RT_DEBUG_ERROR,("STASendPacket->Cannot find pEntry(%2x:%2x:%2x:%2x:%2x:%2x) in MacTab!\n", PRINT_MAC(pSrcBufVA)));
+               // Resourece is low, system did not allocate virtual address
+               // return NDIS_STATUS_FAILURE directly to upper layer
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+               return NDIS_STATUS_FAILURE;
+       }
+
+       if (ADHOC_ON(pAd)
+               )
+       {
+               RTMP_SET_PACKET_WCID(pPacket, (UCHAR)pEntry->Aid);
+       }
+
+       //
+       // Check the Ethernet Frame type of this packet, and set the RTMP_SET_PACKET_SPECIFIC flags.
+       //              Here we set the PACKET_SPECIFIC flags(LLC, VLAN, DHCP/ARP, EAPOL).
+       RTMPCheckEtherType(pAd, pPacket);
+
+
+
+       //
+       // WPA 802.1x secured port control - drop all non-802.1x frame before port secured
+       //
+       if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) ||
+                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
+#ifdef WPA_SUPPLICANT_SUPPORT
+                 || (pAd->StaCfg.IEEE8021X == TRUE)
+#endif // WPA_SUPPLICANT_SUPPORT //
+                 )
+                 && ((pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED) || (pAd->StaCfg.MicErrCnt >= 2))
+                 && (RTMP_GET_PACKET_EAPOL(pPacket)== FALSE)
+                 )
+       {
+               DBGPRINT(RT_DEBUG_TRACE,("STASendPacket --> Drop packet before port secured !!!\n"));
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+
+               return (NDIS_STATUS_FAILURE);
+       }
+
+
+       // STEP 1. Decide number of fragments required to deliver this MSDU.
+       //         The estimation here is not very accurate because difficult to
+       //         take encryption overhead into consideration here. The result
+       //         "NumberOfFrag" is then just used to pre-check if enough free
+       //         TXD are available to hold this MSDU.
+
+
+       if (*pSrcBufVA & 0x01)  // fragmentation not allowed on multicast & broadcast
+               NumberOfFrag = 1;
+       else if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_AGGREGATION_INUSED))
+               NumberOfFrag = 1;       // Aggregation overwhelms fragmentation
+       else if (CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_AMSDU_INUSED))
+               NumberOfFrag = 1;       // Aggregation overwhelms fragmentation
+#ifdef DOT11_N_SUPPORT
+       else if ((pAd->StaCfg.HTPhyMode.field.MODE == MODE_HTMIX) || (pAd->StaCfg.HTPhyMode.field.MODE == MODE_HTGREENFIELD))
+               NumberOfFrag = 1;       // MIMO RATE overwhelms fragmentation
+#endif // DOT11_N_SUPPORT //
+       else
+       {
+               // The calculated "NumberOfFrag" is a rough estimation because of various
+               // encryption/encapsulation overhead not taken into consideration. This number is just
+               // used to make sure enough free TXD are available before fragmentation takes place.
+               // In case the actual required number of fragments of an NDIS packet
+               // excceeds "NumberOfFrag"caculated here and not enough free TXD available, the
+               // last fragment (i.e. last MPDU) will be dropped in RTMPHardTransmit() due to out of
+               // resource, and the NDIS packet will be indicated NDIS_STATUS_FAILURE. This should
+               // rarely happen and the penalty is just like a TX RETRY fail. Affordable.
+
+               AllowFragSize = (pAd->CommonCfg.FragmentThreshold) - LENGTH_802_11 - LENGTH_CRC;
+               NumberOfFrag = ((PacketInfo.TotalPacketLength - LENGTH_802_3 + LENGTH_802_1_H) / AllowFragSize) + 1;
+               // To get accurate number of fragmentation, Minus 1 if the size just match to allowable fragment size
+               if (((PacketInfo.TotalPacketLength - LENGTH_802_3 + LENGTH_802_1_H) % AllowFragSize) == 0)
+               {
+                       NumberOfFrag--;
+               }
+       }
+
+       // Save fragment number to Ndis packet reserved field
+       RTMP_SET_PACKET_FRAGMENTS(pPacket, NumberOfFrag);
+
+
+       // STEP 2. Check the requirement of RTS:
+       //         If multiple fragment required, RTS is required only for the first fragment
+       //         if the fragment size large than RTS threshold
+       //     For RT28xx, Let ASIC send RTS/CTS
+//     RTMP_SET_PACKET_RTS(pPacket, 0);
+       if (NumberOfFrag > 1)
+               RTSRequired = (pAd->CommonCfg.FragmentThreshold > pAd->CommonCfg.RtsThreshold) ? 1 : 0;
+       else
+               RTSRequired = (PacketInfo.TotalPacketLength > pAd->CommonCfg.RtsThreshold) ? 1 : 0;
+
+       // Save RTS requirement to Ndis packet reserved field
+       RTMP_SET_PACKET_RTS(pPacket, RTSRequired);
+       RTMP_SET_PACKET_TXRATE(pPacket, pAd->CommonCfg.TxRate);
+
+       //
+       // STEP 3. Traffic classification. outcome = <UserPriority, QueIdx>
+       //
+       UserPriority = 0;
+       QueIdx           = QID_AC_BE;
+       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED) &&
+               CLIENT_STATUS_TEST_FLAG(pEntry, fCLIENT_STATUS_WMM_CAPABLE))
+       {
+               USHORT Protocol;
+               UCHAR  LlcSnapLen = 0, Byte0, Byte1;
+               do
+               {
+                       // get Ethernet protocol field
+                       Protocol = (USHORT)((pSrcBufVA[12] << 8) + pSrcBufVA[13]);
+                       if (Protocol <= 1500)
+                       {
+                               // get Ethernet protocol field from LLC/SNAP
+                               if (Sniff2BytesFromNdisBuffer(PacketInfo.pFirstBuffer, LENGTH_802_3 + 6, &Byte0, &Byte1) != NDIS_STATUS_SUCCESS)
+                                       break;
+
+                               Protocol = (USHORT)((Byte0 << 8) + Byte1);
+                               LlcSnapLen = 8;
+                       }
+
+                       // always AC_BE for non-IP packet
+                       if (Protocol != 0x0800)
+                               break;
+
+                       // get IP header
+                       if (Sniff2BytesFromNdisBuffer(PacketInfo.pFirstBuffer, LENGTH_802_3 + LlcSnapLen, &Byte0, &Byte1) != NDIS_STATUS_SUCCESS)
+                               break;
+
+                       // return AC_BE if packet is not IPv4
+                       if ((Byte0 & 0xf0) != 0x40)
+                               break;
+
+                       FlgIsIP = 1;
+                       UserPriority = (Byte1 & 0xe0) >> 5;
+                       QueIdx = MapUserPriorityToAccessCategory[UserPriority];
+
+                       // TODO: have to check ACM bit. apply TSPEC if ACM is ON
+                       // TODO: downgrade UP & QueIdx before passing ACM
+                       /*
+                               Under WMM ACM control, we dont need to check the bit;
+                               Or when a TSPEC is built for VO but we will change to issue
+                               BA session for BE here, so we will not use BA to send VO packets.
+                       */
+                       if (pAd->CommonCfg.APEdcaParm.bACM[QueIdx])
+                       {
+                               UserPriority = 0;
+                               QueIdx           = QID_AC_BE;
+                       }
+               } while (FALSE);
+       }
+
+       RTMP_SET_PACKET_UP(pPacket, UserPriority);
+
+
+
+       // Make sure SendTxWait queue resource won't be used by other threads
+       RTMP_IRQ_LOCK(&pAd->irq_lock, IrqFlags);
+       if (pAd->TxSwQueue[QueIdx].Number >= MAX_PACKETS_IN_QUEUE)
+       {
+               RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+#ifdef BLOCK_NET_IF
+               StopNetIfQueue(pAd, QueIdx, pPacket);
+#endif // BLOCK_NET_IF //
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+
+               return NDIS_STATUS_FAILURE;
+       }
+       else
+       {
+               InsertTailQueueAc(pAd, pEntry, &pAd->TxSwQueue[QueIdx], PACKET_TO_QUEUE_ENTRY(pPacket));
+       }
+       RTMP_IRQ_UNLOCK(&pAd->irq_lock, IrqFlags);
+
+#ifdef DOT11_N_SUPPORT
+    if ((pAd->CommonCfg.BACapability.field.AutoBA == TRUE)&&
+        IS_HT_STA(pEntry))
+       {
+           //PMAC_TABLE_ENTRY pMacEntry = &pAd->MacTab.Content[BSSID_WCID];
+               if (((pEntry->TXBAbitmap & (1<<UserPriority)) == 0) &&
+            ((pEntry->BADeclineBitmap & (1<<UserPriority)) == 0) &&
+            (pEntry->PortSecured == WPA_802_1X_PORT_SECURED)
+                        // For IOT compatibility, if
+                        // 1. It is Ralink chip or
+                        // 2. It is OPEN or AES mode,
+                        // then BA session can be bulit.
+                        && ((pEntry->ValidAsCLI && pAd->MlmeAux.APRalinkIe != 0x0) ||
+                                (pEntry->WepStatus != Ndis802_11WEPEnabled && pEntry->WepStatus != Ndis802_11Encryption2Enabled))
+                       )
+               {
+                       BAOriSessionSetUp(pAd, pEntry, UserPriority, 0, 10, FALSE);
+               }
+       }
+#endif // DOT11_N_SUPPORT //
+
+       pAd->RalinkCounters.OneSecOsTxCount[QueIdx]++; // TODO: for debug only. to be removed
+       return NDIS_STATUS_SUCCESS;
+}
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               This subroutine will scan through releative ring descriptor to find
+               out avaliable free ring descriptor and compare with request size.
+
+       Arguments:
+               pAd Pointer to our adapter
+               QueIdx          Selected TX Ring
+
+       Return Value:
+               NDIS_STATUS_FAILURE     Not enough free descriptor
+               NDIS_STATUS_SUCCESS     Enough free descriptor
+
+       IRQL = PASSIVE_LEVEL
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+#ifdef RTMP_MAC_PCI
+NDIS_STATUS RTMPFreeTXDRequest(
+       IN              PRTMP_ADAPTER   pAd,
+       IN              UCHAR                   QueIdx,
+       IN              UCHAR                   NumberRequired,
+       IN              PUCHAR                  FreeNumberIs)
+{
+       ULONG           FreeNumber = 0;
+       NDIS_STATUS     Status = NDIS_STATUS_FAILURE;
+
+       switch (QueIdx)
+       {
+               case QID_AC_BK:
+               case QID_AC_BE:
+               case QID_AC_VI:
+               case QID_AC_VO:
+               /*case QID_HCCA:*/
+                       if (pAd->TxRing[QueIdx].TxSwFreeIdx > pAd->TxRing[QueIdx].TxCpuIdx)
+                               FreeNumber = pAd->TxRing[QueIdx].TxSwFreeIdx - pAd->TxRing[QueIdx].TxCpuIdx - 1;
+                       else
+                               FreeNumber = pAd->TxRing[QueIdx].TxSwFreeIdx + TX_RING_SIZE - pAd->TxRing[QueIdx].TxCpuIdx - 1;
+
+                       if (FreeNumber >= NumberRequired)
+                               Status = NDIS_STATUS_SUCCESS;
+                       break;
+
+               case QID_MGMT:
+                       if (pAd->MgmtRing.TxSwFreeIdx > pAd->MgmtRing.TxCpuIdx)
+                               FreeNumber = pAd->MgmtRing.TxSwFreeIdx - pAd->MgmtRing.TxCpuIdx - 1;
+                       else
+                               FreeNumber = pAd->MgmtRing.TxSwFreeIdx + MGMT_RING_SIZE - pAd->MgmtRing.TxCpuIdx - 1;
+
+                       if (FreeNumber >= NumberRequired)
+                               Status = NDIS_STATUS_SUCCESS;
+                       break;
+
+               default:
+                       DBGPRINT(RT_DEBUG_ERROR,("RTMPFreeTXDRequest::Invalid QueIdx(=%d)\n", QueIdx));
+                       break;
+       }
+       *FreeNumberIs = (UCHAR)FreeNumber;
+
+       return (Status);
+}
+#endif // RTMP_MAC_PCI //
+
+
+
+VOID RTMPSendDisassociationFrame(
+       IN      PRTMP_ADAPTER   pAd)
+{
+}
+
+VOID   RTMPSendNullFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      UCHAR                   TxRate,
+       IN      BOOLEAN                 bQosNull)
+{
+       UCHAR   NullFrame[48];
+       ULONG   Length;
+       PHEADER_802_11  pHeader_802_11;
+
+
+#ifdef RALINK_ATE
+       if(ATE_ON(pAd))
+       {
+               return;
+       }
+#endif // RALINK_ATE //
+
+    // WPA 802.1x secured port control
+    if (((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+         (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+         (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) ||
+         (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
+#ifdef WPA_SUPPLICANT_SUPPORT
+                         || (pAd->StaCfg.IEEE8021X == TRUE)
+#endif
+        ) &&
+       (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+       {
+               return;
+       }
+
+       NdisZeroMemory(NullFrame, 48);
+       Length = sizeof(HEADER_802_11);
+
+       pHeader_802_11 = (PHEADER_802_11) NullFrame;
+
+       pHeader_802_11->FC.Type = BTYPE_DATA;
+       pHeader_802_11->FC.SubType = SUBTYPE_NULL_FUNC;
+       pHeader_802_11->FC.ToDs = 1;
+       COPY_MAC_ADDR(pHeader_802_11->Addr1, pAd->CommonCfg.Bssid);
+       COPY_MAC_ADDR(pHeader_802_11->Addr2, pAd->CurrentAddress);
+       COPY_MAC_ADDR(pHeader_802_11->Addr3, pAd->CommonCfg.Bssid);
+
+       if (pAd->CommonCfg.bAPSDForcePowerSave)
+       {
+               pHeader_802_11->FC.PwrMgmt = PWR_SAVE;
+       }
+       else
+       {
+               pHeader_802_11->FC.PwrMgmt = (pAd->StaCfg.Psm == PWR_SAVE) ? 1: 0;
+       }
+       pHeader_802_11->Duration = pAd->CommonCfg.Dsifs + RTMPCalcDuration(pAd, TxRate, 14);
+
+       pAd->Sequence++;
+       pHeader_802_11->Sequence = pAd->Sequence;
+
+       // Prepare QosNull function frame
+       if (bQosNull)
+       {
+               pHeader_802_11->FC.SubType = SUBTYPE_QOS_NULL;
+
+               // copy QOS control bytes
+               NullFrame[Length]       =  0;
+               NullFrame[Length+1] =  0;
+               Length += 2;// if pad with 2 bytes for alignment, APSD will fail
+       }
+
+       HAL_KickOutNullFrameTx(pAd, 0, NullFrame, Length);
+
+}
+
+// IRQL = DISPATCH_LEVEL
+VOID   RTMPSendRTSFrame(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  pDA,
+       IN      unsigned int    NextMpduSize,
+       IN      UCHAR                   TxRate,
+       IN      UCHAR                   RTSRate,
+       IN      USHORT                  AckDuration,
+       IN      UCHAR                   QueIdx,
+       IN      UCHAR                   FrameGap)
+{
+}
+
+
+
+// --------------------------------------------------------
+//  FIND ENCRYPT KEY AND DECIDE CIPHER ALGORITHM
+//             Find the WPA key, either Group or Pairwise Key
+//             LEAP + TKIP also use WPA key.
+// --------------------------------------------------------
+// Decide WEP bit and cipher suite to be used. Same cipher suite should be used for whole fragment burst
+// In Cisco CCX 2.0 Leap Authentication
+//                WepStatus is Ndis802_11Encryption1Enabled but the key will use PairwiseKey
+//                Instead of the SharedKey, SharedKey Length may be Zero.
+VOID STAFindCipherAlgorithm(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk)
+{
+       NDIS_802_11_ENCRYPTION_STATUS   Cipher;                         // To indicate cipher used for this packet
+       UCHAR                                                   CipherAlg = CIPHER_NONE;                // cipher alogrithm
+       UCHAR                                                   KeyIdx = 0xff;
+       PUCHAR                                                  pSrcBufVA;
+       PCIPHER_KEY                                             pKey = NULL;
+
+       pSrcBufVA = GET_OS_PKT_DATAPTR(pTxBlk->pPacket);
+
+       {
+           // Select Cipher
+           if ((*pSrcBufVA & 0x01) && (ADHOC_ON(pAd)))
+               Cipher = pAd->StaCfg.GroupCipher; // Cipher for Multicast or Broadcast
+           else
+               Cipher = pAd->StaCfg.PairCipher; // Cipher for Unicast
+
+               if (RTMP_GET_PACKET_EAPOL(pTxBlk->pPacket))
+               {
+                       ASSERT(pAd->SharedKey[BSS0][0].CipherAlg <= CIPHER_CKIP128);
+
+                       // 4-way handshaking frame must be clear
+                       if (!(TX_BLK_TEST_FLAG(pTxBlk, fTX_bClearEAPFrame)) && (pAd->SharedKey[BSS0][0].CipherAlg) &&
+                               (pAd->SharedKey[BSS0][0].KeyLen))
+                       {
+                               CipherAlg = pAd->SharedKey[BSS0][0].CipherAlg;
+                               KeyIdx = 0;
+                       }
+               }
+               else if (Cipher == Ndis802_11Encryption1Enabled)
+               {
+                               KeyIdx = pAd->StaCfg.DefaultKeyId;
+               }
+               else if ((Cipher == Ndis802_11Encryption2Enabled) ||
+                                (Cipher == Ndis802_11Encryption3Enabled))
+               {
+                       if ((*pSrcBufVA & 0x01) && (ADHOC_ON(pAd))) // multicast
+                               KeyIdx = pAd->StaCfg.DefaultKeyId;
+                       else if (pAd->SharedKey[BSS0][0].KeyLen)
+                               KeyIdx = 0;
+                       else
+                               KeyIdx = pAd->StaCfg.DefaultKeyId;
+               }
+
+               if (KeyIdx == 0xff)
+                       CipherAlg = CIPHER_NONE;
+               else if ((Cipher == Ndis802_11EncryptionDisabled) || (pAd->SharedKey[BSS0][KeyIdx].KeyLen == 0))
+                       CipherAlg = CIPHER_NONE;
+#ifdef WPA_SUPPLICANT_SUPPORT
+           else if ( pAd->StaCfg.WpaSupplicantUP &&
+                    (Cipher == Ndis802_11Encryption1Enabled) &&
+                    (pAd->StaCfg.IEEE8021X == TRUE) &&
+                    (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+               CipherAlg = CIPHER_NONE;
+#endif // WPA_SUPPLICANT_SUPPORT //
+               else
+               {
+                       //Header_802_11.FC.Wep = 1;
+                       CipherAlg = pAd->SharedKey[BSS0][KeyIdx].CipherAlg;
+                       pKey = &pAd->SharedKey[BSS0][KeyIdx];
+               }
+       }
+
+       pTxBlk->CipherAlg = CipherAlg;
+       pTxBlk->pKey = pKey;
+}
+
+
+VOID STABuildCommon802_11Header(
+       IN  PRTMP_ADAPTER   pAd,
+       IN  TX_BLK          *pTxBlk)
+{
+
+       HEADER_802_11   *pHeader_802_11;
+#ifdef QOS_DLS_SUPPORT
+       BOOLEAN bDLSFrame = FALSE;
+       INT     DlsEntryIndex = 0;
+#endif // QOS_DLS_SUPPORT //
+
+       //
+       // MAKE A COMMON 802.11 HEADER
+       //
+
+       // normal wlan header size : 24 octets
+       pTxBlk->MpduHeaderLen = sizeof(HEADER_802_11);
+
+       pHeader_802_11 = (HEADER_802_11 *) &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+
+       NdisZeroMemory(pHeader_802_11, sizeof(HEADER_802_11));
+
+       pHeader_802_11->FC.FrDs = 0;
+       pHeader_802_11->FC.Type = BTYPE_DATA;
+       pHeader_802_11->FC.SubType = ((TX_BLK_TEST_FLAG(pTxBlk, fTX_bWMM)) ? SUBTYPE_QDATA : SUBTYPE_DATA);
+
+#ifdef QOS_DLS_SUPPORT
+       if (INFRA_ON(pAd))
+       {
+               // Check if the frame can be sent through DLS direct link interface
+               // If packet can be sent through DLS, then force aggregation disable. (Hard to determine peer STA's capability)
+               DlsEntryIndex = RTMPCheckDLSFrame(pAd, pTxBlk->pSrcBufHeader);
+               if (DlsEntryIndex >= 0)
+                       bDLSFrame = TRUE;
+               else
+                       bDLSFrame = FALSE;
+       }
+#endif // QOS_DLS_SUPPORT //
+
+    if (pTxBlk->pMacEntry)
+       {
+               if (TX_BLK_TEST_FLAG(pTxBlk, fTX_bForceNonQoS))
+               {
+                       pHeader_802_11->Sequence = pTxBlk->pMacEntry->NonQosDataSeq;
+                       pTxBlk->pMacEntry->NonQosDataSeq = (pTxBlk->pMacEntry->NonQosDataSeq+1) & MAXSEQ;
+               }
+               else
+               {
+                       {
+           pHeader_802_11->Sequence = pTxBlk->pMacEntry->TxSeq[pTxBlk->UserPriority];
+           pTxBlk->pMacEntry->TxSeq[pTxBlk->UserPriority] = (pTxBlk->pMacEntry->TxSeq[pTxBlk->UserPriority]+1) & MAXSEQ;
+       }
+       }
+       }
+       else
+       {
+               pHeader_802_11->Sequence = pAd->Sequence;
+               pAd->Sequence = (pAd->Sequence+1) & MAXSEQ; // next sequence
+       }
+
+       pHeader_802_11->Frag = 0;
+
+       pHeader_802_11->FC.MoreData = TX_BLK_TEST_FLAG(pTxBlk, fTX_bMoreData);
+
+       {
+               if (INFRA_ON(pAd))
+               {
+#ifdef QOS_DLS_SUPPORT
+                       if (bDLSFrame)
+                       {
+                               COPY_MAC_ADDR(pHeader_802_11->Addr1, pTxBlk->pSrcBufHeader);
+                               COPY_MAC_ADDR(pHeader_802_11->Addr2, pAd->CurrentAddress);
+                               COPY_MAC_ADDR(pHeader_802_11->Addr3, pAd->CommonCfg.Bssid);
+                               pHeader_802_11->FC.ToDs = 0;
+                       }
+                       else
+#endif // QOS_DLS_SUPPORT //
+                       {
+                       COPY_MAC_ADDR(pHeader_802_11->Addr1, pAd->CommonCfg.Bssid);
+                       COPY_MAC_ADDR(pHeader_802_11->Addr2, pAd->CurrentAddress);
+                       COPY_MAC_ADDR(pHeader_802_11->Addr3, pTxBlk->pSrcBufHeader);
+                       pHeader_802_11->FC.ToDs = 1;
+               }
+               }
+               else if (ADHOC_ON(pAd))
+               {
+                       COPY_MAC_ADDR(pHeader_802_11->Addr1, pTxBlk->pSrcBufHeader);
+                       COPY_MAC_ADDR(pHeader_802_11->Addr2, pAd->CurrentAddress);
+                       COPY_MAC_ADDR(pHeader_802_11->Addr3, pAd->CommonCfg.Bssid);
+                       pHeader_802_11->FC.ToDs = 0;
+               }
+       }
+
+       if (pTxBlk->CipherAlg != CIPHER_NONE)
+               pHeader_802_11->FC.Wep = 1;
+
+       // -----------------------------------------------------------------
+       // STEP 2. MAKE A COMMON 802.11 HEADER SHARED BY ENTIRE FRAGMENT BURST. Fill sequence later.
+       // -----------------------------------------------------------------
+       if (pAd->CommonCfg.bAPSDForcePowerSave)
+       pHeader_802_11->FC.PwrMgmt = PWR_SAVE;
+       else
+       pHeader_802_11->FC.PwrMgmt = (pAd->StaCfg.Psm == PWR_SAVE);
+}
+
+#ifdef DOT11_N_SUPPORT
+VOID STABuildCache802_11Header(
+       IN RTMP_ADAPTER         *pAd,
+       IN TX_BLK                       *pTxBlk,
+       IN UCHAR                        *pHeader)
+{
+       MAC_TABLE_ENTRY *pMacEntry;
+       PHEADER_802_11  pHeader80211;
+
+       pHeader80211 = (PHEADER_802_11)pHeader;
+       pMacEntry = pTxBlk->pMacEntry;
+
+       //
+       // Update the cached 802.11 HEADER
+       //
+
+       // normal wlan header size : 24 octets
+       pTxBlk->MpduHeaderLen = sizeof(HEADER_802_11);
+
+       // More Bit
+       pHeader80211->FC.MoreData = TX_BLK_TEST_FLAG(pTxBlk, fTX_bMoreData);
+
+       // Sequence
+       pHeader80211->Sequence = pMacEntry->TxSeq[pTxBlk->UserPriority];
+    pMacEntry->TxSeq[pTxBlk->UserPriority] = (pMacEntry->TxSeq[pTxBlk->UserPriority]+1) & MAXSEQ;
+
+       {
+               // Check if the frame can be sent through DLS direct link interface
+               // If packet can be sent through DLS, then force aggregation disable. (Hard to determine peer STA's capability)
+#ifdef QOS_DLS_SUPPORT
+               BOOLEAN bDLSFrame = FALSE;
+               INT     DlsEntryIndex = 0;
+
+               DlsEntryIndex = RTMPCheckDLSFrame(pAd, pTxBlk->pSrcBufHeader);
+               if (DlsEntryIndex >= 0)
+                       bDLSFrame = TRUE;
+               else
+                       bDLSFrame = FALSE;
+#endif // QOS_DLS_SUPPORT //
+
+               // The addr3 of normal packet send from DS is Dest Mac address.
+#ifdef QOS_DLS_SUPPORT
+               if (bDLSFrame)
+               {
+                       COPY_MAC_ADDR(pHeader80211->Addr1, pTxBlk->pSrcBufHeader);
+                       COPY_MAC_ADDR(pHeader80211->Addr3, pAd->CommonCfg.Bssid);
+                       pHeader80211->FC.ToDs = 0;
+               }
+               else
+#endif // QOS_DLS_SUPPORT //
+               if (ADHOC_ON(pAd))
+                       COPY_MAC_ADDR(pHeader80211->Addr3, pAd->CommonCfg.Bssid);
+               else
+               COPY_MAC_ADDR(pHeader80211->Addr3, pTxBlk->pSrcBufHeader);
+       }
+
+       // -----------------------------------------------------------------
+       // STEP 2. MAKE A COMMON 802.11 HEADER SHARED BY ENTIRE FRAGMENT BURST. Fill sequence later.
+       // -----------------------------------------------------------------
+       if (pAd->CommonCfg.bAPSDForcePowerSave)
+       pHeader80211->FC.PwrMgmt = PWR_SAVE;
+       else
+       pHeader80211->FC.PwrMgmt = (pAd->StaCfg.Psm == PWR_SAVE);
+}
+#endif // DOT11_N_SUPPORT //
+
+static inline PUCHAR STA_Build_ARalink_Frame_Header(
+       IN RTMP_ADAPTER *pAd,
+       IN TX_BLK               *pTxBlk)
+{
+       PUCHAR                  pHeaderBufPtr;
+       HEADER_802_11   *pHeader_802_11;
+       PNDIS_PACKET    pNextPacket;
+       UINT32                  nextBufLen;
+       PQUEUE_ENTRY    pQEntry;
+
+       STAFindCipherAlgorithm(pAd, pTxBlk);
+       STABuildCommon802_11Header(pAd, pTxBlk);
+
+
+       pHeaderBufPtr = &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+       pHeader_802_11 = (HEADER_802_11 *) pHeaderBufPtr;
+
+       // steal "order" bit to mark "aggregation"
+       pHeader_802_11->FC.Order = 1;
+
+       // skip common header
+       pHeaderBufPtr += pTxBlk->MpduHeaderLen;
+
+       if (TX_BLK_TEST_FLAG(pTxBlk, fTX_bWMM))
+       {
+               //
+               // build QOS Control bytes
+               //
+               *pHeaderBufPtr = (pTxBlk->UserPriority & 0x0F);
+
+               *(pHeaderBufPtr+1) = 0;
+               pHeaderBufPtr +=2;
+               pTxBlk->MpduHeaderLen += 2;
+       }
+
+       // padding at front of LLC header. LLC header should at 4-bytes aligment.
+       pTxBlk->HdrPadLen = (ULONG)pHeaderBufPtr;
+       pHeaderBufPtr = (PUCHAR)ROUND_UP(pHeaderBufPtr, 4);
+       pTxBlk->HdrPadLen = (ULONG)(pHeaderBufPtr - pTxBlk->HdrPadLen);
+
+       // For RA Aggregation,
+       // put the 2nd MSDU length(extra 2-byte field) after QOS_CONTROL in little endian format
+       pQEntry = pTxBlk->TxPacketList.Head;
+       pNextPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+       nextBufLen = GET_OS_PKT_LEN(pNextPacket);
+       if (RTMP_GET_PACKET_VLAN(pNextPacket))
+               nextBufLen -= LENGTH_802_1Q;
+
+       *pHeaderBufPtr = (UCHAR)nextBufLen & 0xff;
+       *(pHeaderBufPtr+1) = (UCHAR)(nextBufLen >> 8);
+
+       pHeaderBufPtr += 2;
+       pTxBlk->MpduHeaderLen += 2;
+
+       return pHeaderBufPtr;
+
+}
+
+#ifdef DOT11_N_SUPPORT
+static inline PUCHAR STA_Build_AMSDU_Frame_Header(
+       IN RTMP_ADAPTER *pAd,
+       IN TX_BLK               *pTxBlk)
+{
+       PUCHAR                  pHeaderBufPtr;//, pSaveBufPtr;
+       HEADER_802_11   *pHeader_802_11;
+
+
+       STAFindCipherAlgorithm(pAd, pTxBlk);
+       STABuildCommon802_11Header(pAd, pTxBlk);
+
+       pHeaderBufPtr = &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+       pHeader_802_11 = (HEADER_802_11 *) pHeaderBufPtr;
+
+       // skip common header
+       pHeaderBufPtr += pTxBlk->MpduHeaderLen;
+
+       //
+       // build QOS Control bytes
+       //
+       *pHeaderBufPtr = (pTxBlk->UserPriority & 0x0F);
+
+       //
+       // A-MSDU packet
+       //
+       *pHeaderBufPtr |= 0x80;
+
+       *(pHeaderBufPtr+1) = 0;
+       pHeaderBufPtr +=2;
+       pTxBlk->MpduHeaderLen += 2;
+
+       //pSaveBufPtr = pHeaderBufPtr;
+
+       //
+       // padding at front of LLC header
+       // LLC header should locate at 4-octets aligment
+       //
+       // @@@ MpduHeaderLen excluding padding @@@
+       //
+       pTxBlk->HdrPadLen = (ULONG)pHeaderBufPtr;
+       pHeaderBufPtr = (PUCHAR) ROUND_UP(pHeaderBufPtr, 4);
+       pTxBlk->HdrPadLen = (ULONG)(pHeaderBufPtr - pTxBlk->HdrPadLen);
+
+       return pHeaderBufPtr;
+
+}
+
+
+VOID STA_AMPDU_Frame_Tx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk)
+{
+       HEADER_802_11   *pHeader_802_11;
+       PUCHAR                  pHeaderBufPtr;
+       USHORT                  FreeNumber;
+       MAC_TABLE_ENTRY *pMacEntry;
+       BOOLEAN                 bVLANPkt;
+       PQUEUE_ENTRY    pQEntry;
+
+       ASSERT(pTxBlk);
+
+       while(pTxBlk->TxPacketList.Head)
+       {
+               pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+               pTxBlk->pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+               if ( RTMP_FillTxBlkInfo(pAd, pTxBlk) != TRUE)
+               {
+                       RELEASE_NDIS_PACKET(pAd, pTxBlk->pPacket, NDIS_STATUS_FAILURE);
+                       continue;
+               }
+
+               bVLANPkt = (RTMP_GET_PACKET_VLAN(pTxBlk->pPacket) ? TRUE : FALSE);
+
+               pMacEntry = pTxBlk->pMacEntry;
+               if (pMacEntry->isCached)
+               {
+                       // NOTE: Please make sure the size of pMacEntry->CachedBuf[] is smaller than pTxBlk->HeaderBuf[]!!!!
+                       NdisMoveMemory((PUCHAR)&pTxBlk->HeaderBuf[TXINFO_SIZE], (PUCHAR)&pMacEntry->CachedBuf[0], TXWI_SIZE + sizeof(HEADER_802_11));
+                       pHeaderBufPtr = (PUCHAR)(&pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE]);
+                       STABuildCache802_11Header(pAd, pTxBlk, pHeaderBufPtr);
+               }
+               else
+               {
+                       STAFindCipherAlgorithm(pAd, pTxBlk);
+                       STABuildCommon802_11Header(pAd, pTxBlk);
+
+                       pHeaderBufPtr = &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+               }
+
+
+               pHeader_802_11 = (HEADER_802_11 *) pHeaderBufPtr;
+
+               // skip common header
+               pHeaderBufPtr += pTxBlk->MpduHeaderLen;
+
+               //
+               // build QOS Control bytes
+               //
+               *pHeaderBufPtr = (pTxBlk->UserPriority & 0x0F);
+               *(pHeaderBufPtr+1) = 0;
+               pHeaderBufPtr +=2;
+               pTxBlk->MpduHeaderLen += 2;
+
+               //
+               // build HTC+
+               // HTC control filed following QoS field
+               //
+               if ((pAd->CommonCfg.bRdg == TRUE) && CLIENT_STATUS_TEST_FLAG(pTxBlk->pMacEntry, fCLIENT_STATUS_RDG_CAPABLE))
+               {
+                       if (pMacEntry->isCached == FALSE)
+                       {
+                               // mark HTC bit
+                               pHeader_802_11->FC.Order = 1;
+
+                               NdisZeroMemory(pHeaderBufPtr, 4);
+                               *(pHeaderBufPtr+3) |= 0x80;
+                       }
+                       pHeaderBufPtr += 4;
+                       pTxBlk->MpduHeaderLen += 4;
+               }
+
+               //pTxBlk->MpduHeaderLen = pHeaderBufPtr - pTxBlk->HeaderBuf - TXWI_SIZE - TXINFO_SIZE;
+               ASSERT(pTxBlk->MpduHeaderLen >= 24);
+
+               // skip 802.3 header
+               pTxBlk->pSrcBufData = pTxBlk->pSrcBufHeader + LENGTH_802_3;
+               pTxBlk->SrcBufLen  -= LENGTH_802_3;
+
+               // skip vlan tag
+               if (bVLANPkt)
+               {
+                       pTxBlk->pSrcBufData     += LENGTH_802_1Q;
+                       pTxBlk->SrcBufLen       -= LENGTH_802_1Q;
+               }
+
+               //
+               // padding at front of LLC header
+               // LLC header should locate at 4-octets aligment
+               //
+               // @@@ MpduHeaderLen excluding padding @@@
+               //
+               pTxBlk->HdrPadLen = (ULONG)pHeaderBufPtr;
+               pHeaderBufPtr = (PUCHAR) ROUND_UP(pHeaderBufPtr, 4);
+               pTxBlk->HdrPadLen = (ULONG)(pHeaderBufPtr - pTxBlk->HdrPadLen);
+
+               {
+
+                       //
+                       // Insert LLC-SNAP encapsulation - 8 octets
+                       //
+                       EXTRA_LLCSNAP_ENCAP_FROM_PKT_OFFSET(pTxBlk->pSrcBufData-2, pTxBlk->pExtraLlcSnapEncap);
+                       if (pTxBlk->pExtraLlcSnapEncap)
+                       {
+                               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pExtraLlcSnapEncap, 6);
+                               pHeaderBufPtr += 6;
+                               // get 2 octets (TypeofLen)
+                               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufData-2, 2);
+                               pHeaderBufPtr += 2;
+                               pTxBlk->MpduHeaderLen += LENGTH_802_1_H;
+                       }
+
+               }
+
+               if (pMacEntry->isCached)
+               {
+            RTMPWriteTxWI_Cache(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+               }
+               else
+               {
+                       RTMPWriteTxWI_Data(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+
+                       NdisZeroMemory((PUCHAR)(&pMacEntry->CachedBuf[0]), sizeof(pMacEntry->CachedBuf));
+                       NdisMoveMemory((PUCHAR)(&pMacEntry->CachedBuf[0]), (PUCHAR)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), (pHeaderBufPtr - (PUCHAR)(&pTxBlk->HeaderBuf[TXINFO_SIZE])));
+                       pMacEntry->isCached = TRUE;
+               }
+
+               // calculate Transmitted AMPDU count and ByteCount
+               {
+                       pAd->RalinkCounters.TransmittedMPDUsInAMPDUCount.u.LowPart ++;
+                       pAd->RalinkCounters.TransmittedOctetsInAMPDUCount.QuadPart += pTxBlk->SrcBufLen;
+               }
+
+               //FreeNumber = GET_TXRING_FREENO(pAd, QueIdx);
+
+               HAL_WriteTxResource(pAd, pTxBlk, TRUE, &FreeNumber);
+
+               //
+               // Kick out Tx
+               //
+                if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_DISABLE_TX))
+               HAL_KickOutTx(pAd, pTxBlk, pTxBlk->QueIdx);
+
+               pAd->RalinkCounters.KickTxCount++;
+               pAd->RalinkCounters.OneSecTxDoneCount++;
+       }
+
+}
+
+
+VOID STA_AMSDU_Frame_Tx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk)
+{
+       PUCHAR                  pHeaderBufPtr;
+       USHORT                  FreeNumber;
+       USHORT                  subFramePayloadLen = 0; // AMSDU Subframe length without AMSDU-Header / Padding.
+       USHORT                  totalMPDUSize=0;
+       UCHAR                   *subFrameHeader;
+       UCHAR                   padding = 0;
+       USHORT                  FirstTx = 0, LastTxIdx = 0;
+       BOOLEAN                 bVLANPkt;
+       int                     frameNum = 0;
+       PQUEUE_ENTRY    pQEntry;
+
+
+       ASSERT(pTxBlk);
+
+       ASSERT((pTxBlk->TxPacketList.Number > 1));
+
+       while(pTxBlk->TxPacketList.Head)
+       {
+               pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+               pTxBlk->pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+               if (RTMP_FillTxBlkInfo(pAd, pTxBlk) != TRUE)
+               {
+                       RELEASE_NDIS_PACKET(pAd, pTxBlk->pPacket, NDIS_STATUS_FAILURE);
+                       continue;
+               }
+
+               bVLANPkt = (RTMP_GET_PACKET_VLAN(pTxBlk->pPacket) ? TRUE : FALSE);
+
+               // skip 802.3 header
+               pTxBlk->pSrcBufData = pTxBlk->pSrcBufHeader + LENGTH_802_3;
+               pTxBlk->SrcBufLen  -= LENGTH_802_3;
+
+               // skip vlan tag
+               if (bVLANPkt)
+               {
+                       pTxBlk->pSrcBufData     += LENGTH_802_1Q;
+                       pTxBlk->SrcBufLen       -= LENGTH_802_1Q;
+               }
+
+               if (frameNum == 0)
+               {
+                       pHeaderBufPtr = STA_Build_AMSDU_Frame_Header(pAd, pTxBlk);
+
+                       // NOTE: TxWI->MPDUtotalByteCount will be updated after final frame was handled.
+                       RTMPWriteTxWI_Data(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+               }
+               else
+               {
+                       pHeaderBufPtr = &pTxBlk->HeaderBuf[0];
+                       padding = ROUND_UP(LENGTH_AMSDU_SUBFRAMEHEAD + subFramePayloadLen, 4) - (LENGTH_AMSDU_SUBFRAMEHEAD + subFramePayloadLen);
+                       NdisZeroMemory(pHeaderBufPtr, padding + LENGTH_AMSDU_SUBFRAMEHEAD);
+                       pHeaderBufPtr += padding;
+                       pTxBlk->MpduHeaderLen = padding;
+               }
+
+               //
+               // A-MSDU subframe
+               //   DA(6)+SA(6)+Length(2) + LLC/SNAP Encap
+               //
+               subFrameHeader = pHeaderBufPtr;
+               subFramePayloadLen = pTxBlk->SrcBufLen;
+
+               NdisMoveMemory(subFrameHeader, pTxBlk->pSrcBufHeader, 12);
+
+
+               pHeaderBufPtr += LENGTH_AMSDU_SUBFRAMEHEAD;
+               pTxBlk->MpduHeaderLen += LENGTH_AMSDU_SUBFRAMEHEAD;
+
+
+               //
+               // Insert LLC-SNAP encapsulation - 8 octets
+               //
+               EXTRA_LLCSNAP_ENCAP_FROM_PKT_OFFSET(pTxBlk->pSrcBufData-2, pTxBlk->pExtraLlcSnapEncap);
+
+               subFramePayloadLen = pTxBlk->SrcBufLen;
+
+               if (pTxBlk->pExtraLlcSnapEncap)
+               {
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pExtraLlcSnapEncap, 6);
+                       pHeaderBufPtr += 6;
+                       // get 2 octets (TypeofLen)
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufData-2, 2);
+                       pHeaderBufPtr += 2;
+                       pTxBlk->MpduHeaderLen += LENGTH_802_1_H;
+                       subFramePayloadLen += LENGTH_802_1_H;
+               }
+
+               // update subFrame Length field
+               subFrameHeader[12] = (subFramePayloadLen & 0xFF00) >> 8;
+               subFrameHeader[13] = subFramePayloadLen & 0xFF;
+
+               totalMPDUSize += pTxBlk->MpduHeaderLen + pTxBlk->SrcBufLen;
+
+               if (frameNum ==0)
+                       FirstTx = HAL_WriteMultiTxResource(pAd, pTxBlk, frameNum, &FreeNumber);
+               else
+                       LastTxIdx = HAL_WriteMultiTxResource(pAd, pTxBlk, frameNum, &FreeNumber);
+
+               frameNum++;
+
+               pAd->RalinkCounters.KickTxCount++;
+               pAd->RalinkCounters.OneSecTxDoneCount++;
+
+               // calculate Transmitted AMSDU Count and ByteCount
+               {
+                       pAd->RalinkCounters.TransmittedAMSDUCount.u.LowPart ++;
+                       pAd->RalinkCounters.TransmittedOctetsInAMSDU.QuadPart += totalMPDUSize;
+               }
+
+       }
+
+       HAL_FinalWriteTxResource(pAd, pTxBlk, totalMPDUSize, FirstTx);
+       HAL_LastTxIdx(pAd, pTxBlk->QueIdx, LastTxIdx);
+
+       //
+       // Kick out Tx
+       //
+        if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_DISABLE_TX))
+       HAL_KickOutTx(pAd, pTxBlk, pTxBlk->QueIdx);
+}
+#endif // DOT11_N_SUPPORT //
+
+VOID STA_Legacy_Frame_Tx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk)
+{
+       HEADER_802_11   *pHeader_802_11;
+       PUCHAR                  pHeaderBufPtr;
+       USHORT                  FreeNumber;
+       BOOLEAN                 bVLANPkt;
+       PQUEUE_ENTRY    pQEntry;
+
+       ASSERT(pTxBlk);
+
+
+       pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+       pTxBlk->pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+       if (RTMP_FillTxBlkInfo(pAd, pTxBlk) != TRUE)
+       {
+               RELEASE_NDIS_PACKET(pAd, pTxBlk->pPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+       if (pTxBlk->TxFrameType == TX_MCAST_FRAME)
+       {
+               INC_COUNTER64(pAd->WlanCounters.MulticastTransmittedFrameCount);
+       }
+
+       if (RTMP_GET_PACKET_RTS(pTxBlk->pPacket))
+               TX_BLK_SET_FLAG(pTxBlk, fTX_bRtsRequired);
+       else
+               TX_BLK_CLEAR_FLAG(pTxBlk, fTX_bRtsRequired);
+
+       bVLANPkt = (RTMP_GET_PACKET_VLAN(pTxBlk->pPacket) ? TRUE : FALSE);
+
+       if (pTxBlk->TxRate < pAd->CommonCfg.MinTxRate)
+               pTxBlk->TxRate = pAd->CommonCfg.MinTxRate;
+
+       STAFindCipherAlgorithm(pAd, pTxBlk);
+       STABuildCommon802_11Header(pAd, pTxBlk);
+
+
+       // skip 802.3 header
+       pTxBlk->pSrcBufData = pTxBlk->pSrcBufHeader + LENGTH_802_3;
+       pTxBlk->SrcBufLen  -= LENGTH_802_3;
+
+       // skip vlan tag
+       if (bVLANPkt)
+       {
+               pTxBlk->pSrcBufData     += LENGTH_802_1Q;
+               pTxBlk->SrcBufLen       -= LENGTH_802_1Q;
+       }
+
+       pHeaderBufPtr = &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+       pHeader_802_11 = (HEADER_802_11 *) pHeaderBufPtr;
+
+       // skip common header
+       pHeaderBufPtr += pTxBlk->MpduHeaderLen;
+
+       if (TX_BLK_TEST_FLAG(pTxBlk, fTX_bWMM))
+       {
+               //
+               // build QOS Control bytes
+               //
+               *(pHeaderBufPtr) = ((pTxBlk->UserPriority & 0x0F) | (pAd->CommonCfg.AckPolicy[pTxBlk->QueIdx]<<5));
+               *(pHeaderBufPtr+1) = 0;
+               pHeaderBufPtr +=2;
+               pTxBlk->MpduHeaderLen += 2;
+       }
+
+       // The remaining content of MPDU header should locate at 4-octets aligment
+       pTxBlk->HdrPadLen = (ULONG)pHeaderBufPtr;
+       pHeaderBufPtr = (PUCHAR) ROUND_UP(pHeaderBufPtr, 4);
+       pTxBlk->HdrPadLen = (ULONG)(pHeaderBufPtr - pTxBlk->HdrPadLen);
+
+       {
+
+               //
+               // Insert LLC-SNAP encapsulation - 8 octets
+               //
+               //
+               // if original Ethernet frame contains no LLC/SNAP,
+               // then an extra LLC/SNAP encap is required
+               //
+               EXTRA_LLCSNAP_ENCAP_FROM_PKT_START(pTxBlk->pSrcBufHeader, pTxBlk->pExtraLlcSnapEncap);
+               if (pTxBlk->pExtraLlcSnapEncap)
+               {
+                       UCHAR vlan_size;
+
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pExtraLlcSnapEncap, 6);
+                       pHeaderBufPtr += 6;
+                       // skip vlan tag
+                       vlan_size =  (bVLANPkt) ? LENGTH_802_1Q : 0;
+                       // get 2 octets (TypeofLen)
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufHeader+12+vlan_size, 2);
+                       pHeaderBufPtr += 2;
+                       pTxBlk->MpduHeaderLen += LENGTH_802_1_H;
+               }
+
+       }
+
+       //
+       // prepare for TXWI
+       // use Wcid as Key Index
+       //
+
+       RTMPWriteTxWI_Data(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+
+       //FreeNumber = GET_TXRING_FREENO(pAd, QueIdx);
+
+       HAL_WriteTxResource(pAd, pTxBlk, TRUE, &FreeNumber);
+
+       pAd->RalinkCounters.KickTxCount++;
+       pAd->RalinkCounters.OneSecTxDoneCount++;
+
+       //
+       // Kick out Tx
+       //
+       if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_DISABLE_TX))
+       HAL_KickOutTx(pAd, pTxBlk, pTxBlk->QueIdx);
+}
+
+
+VOID STA_ARalink_Frame_Tx(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      TX_BLK                  *pTxBlk)
+{
+       PUCHAR                  pHeaderBufPtr;
+       USHORT                  FreeNumber;
+       USHORT                  totalMPDUSize=0;
+       USHORT                  FirstTx, LastTxIdx;
+       int                     frameNum = 0;
+       BOOLEAN                 bVLANPkt;
+       PQUEUE_ENTRY    pQEntry;
+
+
+       ASSERT(pTxBlk);
+
+       ASSERT((pTxBlk->TxPacketList.Number== 2));
+
+
+       FirstTx = LastTxIdx = 0;  // Is it ok init they as 0?
+       while(pTxBlk->TxPacketList.Head)
+       {
+               pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+               pTxBlk->pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+
+               if (RTMP_FillTxBlkInfo(pAd, pTxBlk) != TRUE)
+               {
+                       RELEASE_NDIS_PACKET(pAd, pTxBlk->pPacket, NDIS_STATUS_FAILURE);
+                       continue;
+               }
+
+               bVLANPkt = (RTMP_GET_PACKET_VLAN(pTxBlk->pPacket) ? TRUE : FALSE);
+
+               // skip 802.3 header
+               pTxBlk->pSrcBufData = pTxBlk->pSrcBufHeader + LENGTH_802_3;
+               pTxBlk->SrcBufLen  -= LENGTH_802_3;
+
+               // skip vlan tag
+               if (bVLANPkt)
+               {
+                       pTxBlk->pSrcBufData     += LENGTH_802_1Q;
+                       pTxBlk->SrcBufLen       -= LENGTH_802_1Q;
+               }
+
+               if (frameNum == 0)
+               {       // For first frame, we need to create the 802.11 header + padding(optional) + RA-AGG-LEN + SNAP Header
+
+                       pHeaderBufPtr = STA_Build_ARalink_Frame_Header(pAd, pTxBlk);
+
+                       // It's ok write the TxWI here, because the TxWI->MPDUtotalByteCount
+                       //      will be updated after final frame was handled.
+                       RTMPWriteTxWI_Data(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+
+
+                       //
+                       // Insert LLC-SNAP encapsulation - 8 octets
+                       //
+                       EXTRA_LLCSNAP_ENCAP_FROM_PKT_OFFSET(pTxBlk->pSrcBufData-2, pTxBlk->pExtraLlcSnapEncap);
+
+                       if (pTxBlk->pExtraLlcSnapEncap)
+                       {
+                               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pExtraLlcSnapEncap, 6);
+                               pHeaderBufPtr += 6;
+                               // get 2 octets (TypeofLen)
+                               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufData-2, 2);
+                               pHeaderBufPtr += 2;
+                               pTxBlk->MpduHeaderLen += LENGTH_802_1_H;
+                       }
+               }
+               else
+               {       // For second aggregated frame, we need create the 802.3 header to headerBuf, because PCI will copy it to SDPtr0.
+
+                       pHeaderBufPtr = &pTxBlk->HeaderBuf[0];
+                       pTxBlk->MpduHeaderLen = 0;
+
+                       // A-Ralink sub-sequent frame header is the same as 802.3 header.
+                       //   DA(6)+SA(6)+FrameType(2)
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufHeader, 12);
+                       pHeaderBufPtr += 12;
+                       // get 2 octets (TypeofLen)
+                       NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufData-2, 2);
+                       pHeaderBufPtr += 2;
+                       pTxBlk->MpduHeaderLen = LENGTH_ARALINK_SUBFRAMEHEAD;
+               }
+
+               totalMPDUSize += pTxBlk->MpduHeaderLen + pTxBlk->SrcBufLen;
+
+               //FreeNumber = GET_TXRING_FREENO(pAd, QueIdx);
+               if (frameNum ==0)
+                       FirstTx = HAL_WriteMultiTxResource(pAd, pTxBlk, frameNum, &FreeNumber);
+               else
+                       LastTxIdx = HAL_WriteMultiTxResource(pAd, pTxBlk, frameNum, &FreeNumber);
+
+               frameNum++;
+
+               pAd->RalinkCounters.OneSecTxAggregationCount++;
+               pAd->RalinkCounters.KickTxCount++;
+               pAd->RalinkCounters.OneSecTxDoneCount++;
+
+       }
+
+       HAL_FinalWriteTxResource(pAd, pTxBlk, totalMPDUSize, FirstTx);
+       HAL_LastTxIdx(pAd, pTxBlk->QueIdx, LastTxIdx);
+
+       //
+       // Kick out Tx
+       //
+       if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_DISABLE_TX))
+       HAL_KickOutTx(pAd, pTxBlk, pTxBlk->QueIdx);
+
+}
+
+
+VOID STA_Fragment_Frame_Tx(
+       IN RTMP_ADAPTER *pAd,
+       IN TX_BLK               *pTxBlk)
+{
+       HEADER_802_11   *pHeader_802_11;
+       PUCHAR                  pHeaderBufPtr;
+       USHORT                  FreeNumber;
+       UCHAR                   fragNum = 0;
+       PACKET_INFO             PacketInfo;
+       USHORT                  EncryptionOverhead = 0;
+       UINT32                  FreeMpduSize, SrcRemainingBytes;
+       USHORT                  AckDuration;
+       UINT                    NextMpduSize;
+       BOOLEAN                 bVLANPkt;
+       PQUEUE_ENTRY    pQEntry;
+       HTTRANSMIT_SETTING      *pTransmit;
+
+
+       ASSERT(pTxBlk);
+
+       pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+       pTxBlk->pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+       if (RTMP_FillTxBlkInfo(pAd, pTxBlk) != TRUE)
+       {
+               RELEASE_NDIS_PACKET(pAd, pTxBlk->pPacket, NDIS_STATUS_FAILURE);
+               return;
+       }
+
+       ASSERT(TX_BLK_TEST_FLAG(pTxBlk, fTX_bAllowFrag));
+       bVLANPkt = (RTMP_GET_PACKET_VLAN(pTxBlk->pPacket) ? TRUE : FALSE);
+
+       STAFindCipherAlgorithm(pAd, pTxBlk);
+       STABuildCommon802_11Header(pAd, pTxBlk);
+
+       if (pTxBlk->CipherAlg == CIPHER_TKIP)
+       {
+               pTxBlk->pPacket = duplicate_pkt_with_TKIP_MIC(pAd, pTxBlk->pPacket);
+               if (pTxBlk->pPacket == NULL)
+                       return;
+               RTMP_QueryPacketInfo(pTxBlk->pPacket, &PacketInfo, &pTxBlk->pSrcBufHeader, &pTxBlk->SrcBufLen);
+       }
+
+       // skip 802.3 header
+       pTxBlk->pSrcBufData = pTxBlk->pSrcBufHeader + LENGTH_802_3;
+       pTxBlk->SrcBufLen  -= LENGTH_802_3;
+
+
+       // skip vlan tag
+       if (bVLANPkt)
+       {
+               pTxBlk->pSrcBufData     += LENGTH_802_1Q;
+               pTxBlk->SrcBufLen       -= LENGTH_802_1Q;
+       }
+
+       pHeaderBufPtr = &pTxBlk->HeaderBuf[TXINFO_SIZE + TXWI_SIZE];
+       pHeader_802_11 = (HEADER_802_11 *)pHeaderBufPtr;
+
+
+       // skip common header
+       pHeaderBufPtr += pTxBlk->MpduHeaderLen;
+
+       if (TX_BLK_TEST_FLAG(pTxBlk, fTX_bWMM))
+       {
+               //
+               // build QOS Control bytes
+               //
+               *pHeaderBufPtr = (pTxBlk->UserPriority & 0x0F);
+
+               *(pHeaderBufPtr+1) = 0;
+               pHeaderBufPtr +=2;
+               pTxBlk->MpduHeaderLen += 2;
+       }
+
+       //
+       // padding at front of LLC header
+       // LLC header should locate at 4-octets aligment
+       //
+       pTxBlk->HdrPadLen = (ULONG)pHeaderBufPtr;
+       pHeaderBufPtr = (PUCHAR) ROUND_UP(pHeaderBufPtr, 4);
+       pTxBlk->HdrPadLen = (ULONG)(pHeaderBufPtr - pTxBlk->HdrPadLen);
+
+
+
+       //
+       // Insert LLC-SNAP encapsulation - 8 octets
+       //
+       //
+       // if original Ethernet frame contains no LLC/SNAP,
+       // then an extra LLC/SNAP encap is required
+       //
+       EXTRA_LLCSNAP_ENCAP_FROM_PKT_START(pTxBlk->pSrcBufHeader, pTxBlk->pExtraLlcSnapEncap);
+       if (pTxBlk->pExtraLlcSnapEncap)
+       {
+               UCHAR vlan_size;
+
+               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pExtraLlcSnapEncap, 6);
+               pHeaderBufPtr += 6;
+               // skip vlan tag
+               vlan_size =  (bVLANPkt) ? LENGTH_802_1Q : 0;
+               // get 2 octets (TypeofLen)
+               NdisMoveMemory(pHeaderBufPtr, pTxBlk->pSrcBufHeader+12+vlan_size, 2);
+               pHeaderBufPtr += 2;
+               pTxBlk->MpduHeaderLen += LENGTH_802_1_H;
+       }
+
+
+       // If TKIP is used and fragmentation is required. Driver has to
+       //      append TKIP MIC at tail of the scatter buffer
+       //      MAC ASIC will only perform IV/EIV/ICV insertion but no TKIP MIC
+       if (pTxBlk->CipherAlg == CIPHER_TKIP)
+       {
+               RTMPCalculateMICValue(pAd, pTxBlk->pPacket, pTxBlk->pExtraLlcSnapEncap, pTxBlk->pKey, 0);
+
+               // NOTE: DON'T refer the skb->len directly after following copy. Becasue the length is not adjust
+               //                      to correct lenght, refer to pTxBlk->SrcBufLen for the packet length in following progress.
+               NdisMoveMemory(pTxBlk->pSrcBufData + pTxBlk->SrcBufLen, &pAd->PrivateInfo.Tx.MIC[0], 8);
+               //skb_put((RTPKT_TO_OSPKT(pTxBlk->pPacket))->tail, 8);
+               pTxBlk->SrcBufLen += 8;
+               pTxBlk->TotalFrameLen += 8;
+               pTxBlk->CipherAlg = CIPHER_TKIP_NO_MIC;
+       }
+
+       //
+       // calcuate the overhead bytes that encryption algorithm may add. This
+       // affects the calculate of "duration" field
+       //
+       if ((pTxBlk->CipherAlg == CIPHER_WEP64) || (pTxBlk->CipherAlg == CIPHER_WEP128))
+               EncryptionOverhead = 8; //WEP: IV[4] + ICV[4];
+       else if (pTxBlk->CipherAlg == CIPHER_TKIP_NO_MIC)
+               EncryptionOverhead = 12;//TKIP: IV[4] + EIV[4] + ICV[4], MIC will be added to TotalPacketLength
+       else if (pTxBlk->CipherAlg == CIPHER_TKIP)
+               EncryptionOverhead = 20;//TKIP: IV[4] + EIV[4] + ICV[4] + MIC[8]
+       else if (pTxBlk->CipherAlg == CIPHER_AES)
+               EncryptionOverhead = 16;        // AES: IV[4] + EIV[4] + MIC[8]
+       else
+               EncryptionOverhead = 0;
+
+       pTransmit = pTxBlk->pTransmit;
+       // Decide the TX rate
+       if (pTransmit->field.MODE == MODE_CCK)
+               pTxBlk->TxRate = pTransmit->field.MCS;
+       else if (pTransmit->field.MODE == MODE_OFDM)
+               pTxBlk->TxRate = pTransmit->field.MCS + RATE_FIRST_OFDM_RATE;
+       else
+               pTxBlk->TxRate = RATE_6_5;
+
+       // decide how much time an ACK/CTS frame will consume in the air
+       if (pTxBlk->TxRate <= RATE_LAST_OFDM_RATE)
+               AckDuration = RTMPCalcDuration(pAd, pAd->CommonCfg.ExpectedACKRate[pTxBlk->TxRate], 14);
+       else
+               AckDuration = RTMPCalcDuration(pAd, RATE_6_5, 14);
+
+       // Init the total payload length of this frame.
+       SrcRemainingBytes = pTxBlk->SrcBufLen;
+
+       pTxBlk->TotalFragNum = 0xff;
+
+       do {
+
+               FreeMpduSize = pAd->CommonCfg.FragmentThreshold - LENGTH_CRC;
+
+               FreeMpduSize -= pTxBlk->MpduHeaderLen;
+
+               if (SrcRemainingBytes <= FreeMpduSize)
+               {       // this is the last or only fragment
+
+                       pTxBlk->SrcBufLen = SrcRemainingBytes;
+
+                       pHeader_802_11->FC.MoreFrag = 0;
+                       pHeader_802_11->Duration = pAd->CommonCfg.Dsifs + AckDuration;
+
+                       // Indicate the lower layer that this's the last fragment.
+                       pTxBlk->TotalFragNum = fragNum;
+               }
+               else
+               {       // more fragment is required
+
+                       pTxBlk->SrcBufLen = FreeMpduSize;
+
+                       NextMpduSize = min(((UINT)SrcRemainingBytes - pTxBlk->SrcBufLen), ((UINT)pAd->CommonCfg.FragmentThreshold));
+                       pHeader_802_11->FC.MoreFrag = 1;
+                       pHeader_802_11->Duration = (3 * pAd->CommonCfg.Dsifs) + (2 * AckDuration) + RTMPCalcDuration(pAd, pTxBlk->TxRate, NextMpduSize + EncryptionOverhead);
+               }
+
+               if (fragNum == 0)
+                       pTxBlk->FrameGap = IFS_HTTXOP;
+               else
+                       pTxBlk->FrameGap = IFS_SIFS;
+
+               RTMPWriteTxWI_Data(pAd, (PTXWI_STRUC)(&pTxBlk->HeaderBuf[TXINFO_SIZE]), pTxBlk);
+
+               HAL_WriteFragTxResource(pAd, pTxBlk, fragNum, &FreeNumber);
+
+               pAd->RalinkCounters.KickTxCount++;
+               pAd->RalinkCounters.OneSecTxDoneCount++;
+
+               // Update the frame number, remaining size of the NDIS packet payload.
+
+               // space for 802.11 header.
+               if (fragNum == 0 && pTxBlk->pExtraLlcSnapEncap)
+                       pTxBlk->MpduHeaderLen -= LENGTH_802_1_H;
+
+               fragNum++;
+               SrcRemainingBytes -= pTxBlk->SrcBufLen;
+               pTxBlk->pSrcBufData += pTxBlk->SrcBufLen;
+
+               pHeader_802_11->Frag++;  // increase Frag #
+
+       }while(SrcRemainingBytes > 0);
+
+       //
+       // Kick out Tx
+       //
+       if (!RTMP_TEST_PSFLAG(pAd, fRTMP_PS_DISABLE_TX))
+       HAL_KickOutTx(pAd, pTxBlk, pTxBlk->QueIdx);
+}
+
+
+#define RELEASE_FRAMES_OF_TXBLK(_pAd, _pTxBlk, _pQEntry, _Status)                                                                              \
+               while(_pTxBlk->TxPacketList.Head)                                                                                                               \
+               {                                                                                                                                                                               \
+                       _pQEntry = RemoveHeadQueue(&_pTxBlk->TxPacketList);                                                                     \
+                       RELEASE_NDIS_PACKET(_pAd, QUEUE_ENTRY_TO_PACKET(_pQEntry), _Status);    \
+               }
+
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Copy frame from waiting queue into relative ring buffer and set
+       appropriate ASIC register to kick hardware encryption before really
+       sent out to air.
+
+       Arguments:
+               pAd     Pointer to our adapter
+               PNDIS_PACKET    Pointer to outgoing Ndis frame
+               NumberOfFrag    Number of fragment required
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+NDIS_STATUS STAHardTransmit(
+       IN PRTMP_ADAPTER        pAd,
+       IN TX_BLK                       *pTxBlk,
+       IN      UCHAR                   QueIdx)
+{
+       NDIS_PACKET             *pPacket;
+       PQUEUE_ENTRY    pQEntry;
+
+       // ---------------------------------------------
+       // STEP 0. DO SANITY CHECK AND SOME EARLY PREPARATION.
+       // ---------------------------------------------
+       //
+       ASSERT(pTxBlk->TxPacketList.Number);
+       if (pTxBlk->TxPacketList.Head == NULL)
+       {
+               DBGPRINT(RT_DEBUG_ERROR, ("pTxBlk->TotalFrameNum == %ld!\n", pTxBlk->TxPacketList.Number));
+               return NDIS_STATUS_FAILURE;
+       }
+
+       pPacket = QUEUE_ENTRY_TO_PACKET(pTxBlk->TxPacketList.Head);
+
+
+       // ------------------------------------------------------------------
+       // STEP 1. WAKE UP PHY
+       //              outgoing frame always wakeup PHY to prevent frame lost and
+       //              turn off PSM bit to improve performance
+       // ------------------------------------------------------------------
+       // not to change PSM bit, just send this frame out?
+       if ((pAd->StaCfg.Psm == PWR_SAVE) && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+       {
+           DBGPRINT_RAW(RT_DEBUG_INFO, ("AsicForceWakeup At HardTx\n"));
+#ifdef RTMP_MAC_PCI
+               AsicForceWakeup(pAd, TRUE);
+#endif // RTMP_MAC_PCI //
+       }
+
+       // It should not change PSM bit, when APSD turn on.
+       if ((!(pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable) && (pAd->CommonCfg.bAPSDForcePowerSave == FALSE))
+               || (RTMP_GET_PACKET_EAPOL(pTxBlk->pPacket))
+               || (RTMP_GET_PACKET_WAI(pTxBlk->pPacket)))
+       {
+               if ((pAd->StaCfg.Psm == PWR_SAVE) &&
+            (pAd->StaCfg.WindowsPowerMode == Ndis802_11PowerModeFast_PSP))
+                       RTMP_SET_PSM_BIT(pAd, PWR_ACTIVE);
+       }
+
+       switch (pTxBlk->TxFrameType)
+       {
+#ifdef DOT11_N_SUPPORT
+               case TX_AMPDU_FRAME:
+                               STA_AMPDU_Frame_Tx(pAd, pTxBlk);
+                       break;
+               case TX_AMSDU_FRAME:
+                               STA_AMSDU_Frame_Tx(pAd, pTxBlk);
+                       break;
+#endif // DOT11_N_SUPPORT //
+               case TX_LEGACY_FRAME:
+                               STA_Legacy_Frame_Tx(pAd, pTxBlk);
+                       break;
+               case TX_MCAST_FRAME:
+                               STA_Legacy_Frame_Tx(pAd, pTxBlk);
+                       break;
+               case TX_RALINK_FRAME:
+                               STA_ARalink_Frame_Tx(pAd, pTxBlk);
+                       break;
+               case TX_FRAG_FRAME:
+                               STA_Fragment_Frame_Tx(pAd, pTxBlk);
+                       break;
+               default:
+                       {
+                               // It should not happened!
+                               DBGPRINT(RT_DEBUG_ERROR, ("Send a pacekt was not classified!! It should not happen!\n"));
+                               while(pTxBlk->TxPacketList.Number)
+                               {
+                                       pQEntry = RemoveHeadQueue(&pTxBlk->TxPacketList);
+                                       pPacket = QUEUE_ENTRY_TO_PACKET(pQEntry);
+                                       if (pPacket)
+                                               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+                               }
+                       }
+                       break;
+       }
+
+       return (NDIS_STATUS_SUCCESS);
+
+}
+
+ULONG  HashBytesPolynomial(UCHAR *value, unsigned int len)
+{
+   unsigned char *word = value;
+   unsigned int ret = 0;
+   unsigned int i;
+
+   for(i=0; i < len; i++)
+   {
+         int mod = i % 32;
+         ret ^=(unsigned int) (word[i]) << mod;
+         ret ^=(unsigned int) (word[i]) >> (32 - mod);
+   }
+   return ret;
+}
+
+VOID Sta_Announce_or_Forward_802_3_Packet(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PNDIS_PACKET    pPacket,
+       IN      UCHAR                   FromWhichBSSID)
+{
+       if (TRUE
+               )
+       {
+               announce_802_3_packet(pAd, pPacket);
+       }
+       else
+       {
+               // release packet
+               RELEASE_NDIS_PACKET(pAd, pPacket, NDIS_STATUS_FAILURE);
+       }
+}
diff --git a/drivers/staging/rt3090/sta/sanity.c b/drivers/staging/rt3090/sta/sanity.c
new file mode 100644 (file)
index 0000000..aeda15b
--- /dev/null
@@ -0,0 +1,382 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       sanity.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John Chang  2004-09-01      add WMM support
+*/
+
+#include "../rt_config.h"
+
+
+extern UCHAR   CISCO_OUI[];
+
+extern UCHAR   WPA_OUI[];
+extern UCHAR   RSN_OUI[];
+extern UCHAR   WME_INFO_ELEM[];
+extern UCHAR   WME_PARM_ELEM[];
+extern UCHAR   Ccx2QosInfo[];
+extern UCHAR   RALINK_OUI[];
+extern UCHAR   BROADCOM_OUI[];
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+ */
+BOOLEAN MlmeStartReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT CHAR Ssid[],
+    OUT UCHAR *pSsidLen)
+{
+    MLME_START_REQ_STRUCT *Info;
+
+    Info = (MLME_START_REQ_STRUCT *)(Msg);
+
+    if (Info->SsidLen > MAX_LEN_OF_SSID)
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("MlmeStartReqSanity fail - wrong SSID length\n"));
+        return FALSE;
+    }
+
+    *pSsidLen = Info->SsidLen;
+    NdisMoveMemory(Ssid, Info->Ssid, *pSsidLen);
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+    IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerAssocRspSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *pMsg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT USHORT *pCapabilityInfo,
+    OUT USHORT *pStatus,
+    OUT USHORT *pAid,
+    OUT UCHAR SupRate[],
+    OUT UCHAR *pSupRateLen,
+    OUT UCHAR ExtRate[],
+    OUT UCHAR *pExtRateLen,
+    OUT HT_CAPABILITY_IE               *pHtCapability,
+    OUT ADD_HT_INFO_IE         *pAddHtInfo,    // AP might use this additional ht info IE
+    OUT UCHAR                  *pHtCapabilityLen,
+    OUT UCHAR                  *pAddHtInfoLen,
+    OUT UCHAR                  *pNewExtChannelOffset,
+    OUT PEDCA_PARM pEdcaParm,
+    OUT UCHAR *pCkipFlag)
+{
+    CHAR          IeType, *Ptr;
+    PFRAME_802_11 pFrame = (PFRAME_802_11)pMsg;
+    PEID_STRUCT   pEid;
+    ULONG         Length = 0;
+
+       *pNewExtChannelOffset = 0xff;
+       *pHtCapabilityLen = 0;
+       *pAddHtInfoLen = 0;
+    COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+    Ptr = (PCHAR)pFrame->Octet;
+    Length += LENGTH_802_11;
+
+    NdisMoveMemory(pCapabilityInfo, &pFrame->Octet[0], 2);
+    Length += 2;
+    NdisMoveMemory(pStatus,         &pFrame->Octet[2], 2);
+    Length += 2;
+    *pCkipFlag = 0;
+    *pExtRateLen = 0;
+    pEdcaParm->bValid = FALSE;
+
+    if (*pStatus != MLME_SUCCESS)
+        return TRUE;
+
+    NdisMoveMemory(pAid, &pFrame->Octet[4], 2);
+    Length += 2;
+
+    // Aid already swaped byte order in RTMPFrameEndianChange() for big endian platform
+    *pAid = (*pAid) & 0x3fff; // AID is low 14-bit
+
+    // -- get supported rates from payload and advance the pointer
+    IeType = pFrame->Octet[6];
+    *pSupRateLen = pFrame->Octet[7];
+    if ((IeType != IE_SUPP_RATES) || (*pSupRateLen > MAX_LEN_OF_SUPPORTED_RATES))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspSanity fail - wrong SupportedRates IE\n"));
+        return FALSE;
+    }
+    else
+        NdisMoveMemory(SupRate, &pFrame->Octet[8], *pSupRateLen);
+
+
+    Length = Length + 2 + *pSupRateLen;
+
+    // many AP implement proprietary IEs in non-standard order, we'd better
+    // tolerate mis-ordered IEs to get best compatibility
+    pEid = (PEID_STRUCT) &pFrame->Octet[8 + (*pSupRateLen)];
+
+    // get variable fields from payload and advance the pointer
+    while ((Length + 2 + pEid->Len) <= MsgLen)
+    {
+        switch (pEid->Eid)
+        {
+            case IE_EXT_SUPP_RATES:
+                if (pEid->Len <= MAX_LEN_OF_SUPPORTED_RATES)
+                {
+                    NdisMoveMemory(ExtRate, pEid->Octet, pEid->Len);
+                    *pExtRateLen = pEid->Len;
+                }
+                break;
+
+             case IE_HT_CAP:
+            case IE_HT_CAP2:
+                       if (pEid->Len >= SIZE_HT_CAP_IE)  //Note: allow extension.!!
+                       {
+                               NdisMoveMemory(pHtCapability, pEid->Octet, SIZE_HT_CAP_IE);
+
+                               *(USHORT *)(&pHtCapability->HtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->HtCapInfo));
+                               *(USHORT *)(&pHtCapability->ExtHtCapInfo) = cpu2le16(*(USHORT *)(&pHtCapability->ExtHtCapInfo));
+
+                               *pHtCapabilityLen = SIZE_HT_CAP_IE;
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerAssocRspSanity - wrong IE_HT_CAP. \n"));
+                       }
+
+               break;
+#ifdef DOT11_N_SUPPORT
+            case IE_ADD_HT:
+            case IE_ADD_HT2:
+                       if (pEid->Len >= sizeof(ADD_HT_INFO_IE))
+                       {
+                               // This IE allows extension, but we can ignore extra bytes beyond our knowledge , so only
+                               // copy first sizeof(ADD_HT_INFO_IE)
+                               NdisMoveMemory(pAddHtInfo, pEid->Octet, sizeof(ADD_HT_INFO_IE));
+
+                               *(USHORT *)(&pAddHtInfo->AddHtInfo2) = cpu2le16(*(USHORT *)(&pAddHtInfo->AddHtInfo2));
+                               *(USHORT *)(&pAddHtInfo->AddHtInfo3) = cpu2le16(*(USHORT *)(&pAddHtInfo->AddHtInfo3));
+
+                               *pAddHtInfoLen = SIZE_ADD_HT_INFO_IE;
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerAssocRspSanity - wrong IE_ADD_HT. \n"));
+                       }
+
+               break;
+            case IE_SECONDARY_CH_OFFSET:
+                       if (pEid->Len == 1)
+                       {
+                               *pNewExtChannelOffset = pEid->Octet[0];
+                       }
+                       else
+                       {
+                               DBGPRINT(RT_DEBUG_WARN, ("PeerAssocRspSanity - wrong IE_SECONDARY_CH_OFFSET. \n"));
+                       }
+#endif // DOT11_N_SUPPORT //
+               break;
+
+            case IE_VENDOR_SPECIFIC:
+                // handle WME PARAMTER ELEMENT
+                if (NdisEqualMemory(pEid->Octet, WME_PARM_ELEM, 6) && (pEid->Len == 24))
+                {
+                    PUCHAR ptr;
+                    int i;
+
+                    // parsing EDCA parameters
+                    pEdcaParm->bValid          = TRUE;
+                    pEdcaParm->bQAck           = FALSE; // pEid->Octet[0] & 0x10;
+                    pEdcaParm->bQueueRequest   = FALSE; // pEid->Octet[0] & 0x20;
+                    pEdcaParm->bTxopRequest    = FALSE; // pEid->Octet[0] & 0x40;
+                    //pEdcaParm->bMoreDataAck    = FALSE; // pEid->Octet[0] & 0x80;
+                    pEdcaParm->EdcaUpdateCount = pEid->Octet[6] & 0x0f;
+                    pEdcaParm->bAPSDCapable    = (pEid->Octet[6] & 0x80) ? 1 : 0;
+                    ptr = (PUCHAR)&pEid->Octet[8];
+                    for (i=0; i<4; i++)
+                    {
+                        UCHAR aci = (*ptr & 0x60) >> 5; // b5~6 is AC INDEX
+                        pEdcaParm->bACM[aci]  = (((*ptr) & 0x10) == 0x10);   // b5 is ACM
+                        pEdcaParm->Aifsn[aci] = (*ptr) & 0x0f;               // b0~3 is AIFSN
+                        pEdcaParm->Cwmin[aci] = *(ptr+1) & 0x0f;             // b0~4 is Cwmin
+                        pEdcaParm->Cwmax[aci] = *(ptr+1) >> 4;               // b5~8 is Cwmax
+                        pEdcaParm->Txop[aci]  = *(ptr+2) + 256 * (*(ptr+3)); // in unit of 32-us
+                        ptr += 4; // point to next AC
+                    }
+                }
+                break;
+            default:
+                DBGPRINT(RT_DEBUG_TRACE, ("PeerAssocRspSanity - ignore unrecognized EID = %d\n", pEid->Eid));
+                break;
+        }
+
+        Length = Length + 2 + pEid->Len;
+        pEid = (PEID_STRUCT)((UCHAR*)pEid + 2 + pEid->Len);
+    }
+
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        MLME message sanity check
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN PeerProbeReqSanity(
+    IN PRTMP_ADAPTER pAd,
+    IN VOID *Msg,
+    IN ULONG MsgLen,
+    OUT PUCHAR pAddr2,
+    OUT CHAR Ssid[],
+    OUT UCHAR *pSsidLen)
+{
+    UCHAR         Idx;
+    UCHAR            RateLen;
+    CHAR          IeType;
+    PFRAME_802_11 pFrame = (PFRAME_802_11)Msg;
+
+    COPY_MAC_ADDR(pAddr2, pFrame->Hdr.Addr2);
+
+    if ((pFrame->Octet[0] != IE_SSID) || (pFrame->Octet[1] > MAX_LEN_OF_SSID))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("PeerProbeReqSanity fail - wrong SSID IE(Type=%d,Len=%d)\n",pFrame->Octet[0],pFrame->Octet[1]));
+        return FALSE;
+    }
+
+    *pSsidLen = pFrame->Octet[1];
+    NdisMoveMemory(Ssid, &pFrame->Octet[2], *pSsidLen);
+
+    Idx = *pSsidLen + 2;
+
+    // -- get supported rates from payload and advance the pointer
+    IeType = pFrame->Octet[Idx];
+    RateLen = pFrame->Octet[Idx + 1];
+    if (IeType != IE_SUPP_RATES)
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("PeerProbeReqSanity fail - wrong SupportRates IE(Type=%d,Len=%d)\n",pFrame->Octet[Idx],pFrame->Octet[Idx+1]));
+        return FALSE;
+    }
+    else
+    {
+        if ((pAd->CommonCfg.PhyMode == PHY_11G) && (RateLen < 8))
+            return (FALSE);
+    }
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+
+       IRQL = DISPATCH_LEVEL
+
+    ==========================================================================
+ */
+BOOLEAN GetTimBit(
+    IN CHAR *Ptr,
+    IN USHORT Aid,
+    OUT UCHAR *TimLen,
+    OUT UCHAR *BcastFlag,
+    OUT UCHAR *DtimCount,
+    OUT UCHAR *DtimPeriod,
+    OUT UCHAR *MessageToMe)
+{
+    UCHAR          BitCntl, N1, N2, MyByte, MyBit;
+    CHAR          *IdxPtr;
+
+    IdxPtr = Ptr;
+
+    IdxPtr ++;
+    *TimLen = *IdxPtr;
+
+    // get DTIM Count from TIM element
+    IdxPtr ++;
+    *DtimCount = *IdxPtr;
+
+    // get DTIM Period from TIM element
+    IdxPtr++;
+    *DtimPeriod = *IdxPtr;
+
+    // get Bitmap Control from TIM element
+    IdxPtr++;
+    BitCntl = *IdxPtr;
+
+    if ((*DtimCount == 0) && (BitCntl & 0x01))
+        *BcastFlag = TRUE;
+    else
+        *BcastFlag = FALSE;
+
+    // Parse Partial Virtual Bitmap from TIM element
+    N1 = BitCntl & 0xfe;    // N1 is the first bitmap byte#
+    N2 = *TimLen - 4 + N1;  // N2 is the last bitmap byte#
+
+    if ((Aid < (N1 << 3)) || (Aid >= ((N2 + 1) << 3)))
+        *MessageToMe = FALSE;
+    else
+    {
+        MyByte = (Aid >> 3) - N1;                       // my byte position in the bitmap byte-stream
+        MyBit = Aid % 16 - ((MyByte & 0x01)? 8:0);
+
+        IdxPtr += (MyByte + 1);
+
+        //if (*IdxPtr)
+        //    DBGPRINT(RT_DEBUG_WARN, ("TIM bitmap = 0x%02x\n", *IdxPtr));
+
+        if (*IdxPtr & (0x01 << MyBit))
+            *MessageToMe = TRUE;
+        else
+            *MessageToMe = FALSE;
+    }
+
+    return TRUE;
+}
diff --git a/drivers/staging/rt3090/sta/sync.c b/drivers/staging/rt3090/sta/sync.c
new file mode 100644 (file)
index 0000000..2520e03
--- /dev/null
@@ -0,0 +1,1840 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       sync.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       John Chang      2004-09-01      modified for rt2561/2661
+       Jan Lee         2006-08-01      modified for rt2860 for 802.11n
+*/
+
+#include "../rt_config.h"
+
+
+#define ADHOC_ENTRY_BEACON_LOST_TIME   (2*OS_HZ)       // 2 sec
+
+/*
+       ==========================================================================
+       Description:
+               The sync state machine,
+       Parameters:
+               Sm - pointer to the state machine
+       Note:
+               the state machine looks like the following
+
+       ==========================================================================
+ */
+VOID SyncStateMachineInit(
+       IN PRTMP_ADAPTER pAd,
+       IN STATE_MACHINE *Sm,
+       OUT STATE_MACHINE_FUNC Trans[])
+{
+       StateMachineInit(Sm, Trans, MAX_SYNC_STATE, MAX_SYNC_MSG, (STATE_MACHINE_FUNC)Drop, SYNC_IDLE, SYNC_MACHINE_BASE);
+
+       // column 1
+       StateMachineSetAction(Sm, SYNC_IDLE, MT2_MLME_SCAN_REQ, (STATE_MACHINE_FUNC)MlmeScanReqAction);
+       StateMachineSetAction(Sm, SYNC_IDLE, MT2_MLME_JOIN_REQ, (STATE_MACHINE_FUNC)MlmeJoinReqAction);
+       StateMachineSetAction(Sm, SYNC_IDLE, MT2_MLME_START_REQ, (STATE_MACHINE_FUNC)MlmeStartReqAction);
+       StateMachineSetAction(Sm, SYNC_IDLE, MT2_PEER_BEACON, (STATE_MACHINE_FUNC)PeerBeacon);
+       StateMachineSetAction(Sm, SYNC_IDLE, MT2_PEER_PROBE_REQ, (STATE_MACHINE_FUNC)PeerProbeReqAction);
+
+       //column 2
+       StateMachineSetAction(Sm, JOIN_WAIT_BEACON, MT2_MLME_SCAN_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenScan);
+       StateMachineSetAction(Sm, JOIN_WAIT_BEACON, MT2_MLME_JOIN_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenJoin);
+       StateMachineSetAction(Sm, JOIN_WAIT_BEACON, MT2_MLME_START_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenStart);
+       StateMachineSetAction(Sm, JOIN_WAIT_BEACON, MT2_PEER_BEACON, (STATE_MACHINE_FUNC)PeerBeaconAtJoinAction);
+       StateMachineSetAction(Sm, JOIN_WAIT_BEACON, MT2_BEACON_TIMEOUT, (STATE_MACHINE_FUNC)BeaconTimeoutAtJoinAction);
+
+       // column 3
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_MLME_SCAN_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenScan);
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_MLME_JOIN_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenJoin);
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_MLME_START_REQ, (STATE_MACHINE_FUNC)InvalidStateWhenStart);
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_PEER_BEACON, (STATE_MACHINE_FUNC)PeerBeaconAtScanAction);
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_PEER_PROBE_RSP, (STATE_MACHINE_FUNC)PeerBeaconAtScanAction);
+       StateMachineSetAction(Sm, SCAN_LISTEN, MT2_SCAN_TIMEOUT, (STATE_MACHINE_FUNC)ScanTimeoutAction);
+
+       // timer init
+       RTMPInitTimer(pAd, &pAd->MlmeAux.BeaconTimer, GET_TIMER_FUNCTION(BeaconTimeout), pAd, FALSE);
+       RTMPInitTimer(pAd, &pAd->MlmeAux.ScanTimer, GET_TIMER_FUNCTION(ScanTimeout), pAd, FALSE);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Beacon timeout handler, executed in timer thread
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID BeaconTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+       DBGPRINT(RT_DEBUG_TRACE,("SYNC - BeaconTimeout\n"));
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))
+               return;
+
+#ifdef DOT11_N_SUPPORT
+       if ((pAd->CommonCfg.BBPCurrentBW == BW_40)
+               )
+       {
+               UCHAR        BBPValue = 0;
+               AsicSwitchChannel(pAd, pAd->CommonCfg.CentralChannel, FALSE);
+               AsicLockChannel(pAd, pAd->CommonCfg.CentralChannel);
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+               BBPValue &= (~0x18);
+               BBPValue |= 0x10;
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+               DBGPRINT(RT_DEBUG_TRACE, ("SYNC - End of SCAN, restore to 40MHz channel %d, Total BSS[%02d]\n",pAd->CommonCfg.CentralChannel, pAd->ScanTab.BssNr));
+       }
+#endif // DOT11_N_SUPPORT //
+
+       MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_BEACON_TIMEOUT, 0, NULL);
+       RTMP_MLME_HANDLER(pAd);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Scan timeout handler, executed in timer thread
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID ScanTimeout(
+       IN PVOID SystemSpecific1,
+       IN PVOID FunctionContext,
+       IN PVOID SystemSpecific2,
+       IN PVOID SystemSpecific3)
+{
+       RTMP_ADAPTER *pAd = (RTMP_ADAPTER *)FunctionContext;
+
+
+       // Do nothing if the driver is starting halt state.
+       // This might happen when timer already been fired before cancel timer with mlmehalt
+       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_HALT_IN_PROGRESS))
+               return;
+
+       if (MlmeEnqueue(pAd, SYNC_STATE_MACHINE, MT2_SCAN_TIMEOUT, 0, NULL))
+       {
+       RTMP_MLME_HANDLER(pAd);
+}
+       else
+       {
+               // To prevent SyncMachine.CurrState is SCAN_LISTEN forever.
+               pAd->MlmeAux.Channel = 0;
+               ScanNextChannel(pAd);
+               if (pAd->CommonCfg.bWirelessEvent)
+               {
+                       RTMPSendWirelessEvent(pAd, IW_SCAN_ENQUEUE_FAIL_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+               }
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               MLME SCAN req state machine procedure
+       ==========================================================================
+ */
+VOID MlmeScanReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR          Ssid[MAX_LEN_OF_SSID], SsidLen, ScanType, BssType, BBPValue = 0;
+       BOOLEAN        TimerCancelled;
+       ULONG              Now;
+       USHORT         Status;
+       PHEADER_802_11 pHdr80211;
+       PUCHAR         pOutBuffer = NULL;
+       NDIS_STATUS    NStatus;
+
+       // Check the total scan tries for one single OID command
+       // If this is the CCX 2.0 Case, skip that!
+       if ( !RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_START_UP))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("SYNC - MlmeScanReqAction before Startup\n"));
+               return;
+       }
+
+       // Increase the scan retry counters.
+       pAd->StaCfg.ScanCnt++;
+
+#ifdef RTMP_MAC_PCI
+    if ((OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)) &&
+        (IDLE_ON(pAd)) &&
+               (pAd->StaCfg.bRadio == TRUE) &&
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF)))
+       {
+               if (pAd->StaCfg.PSControl.field.EnableNewPS == FALSE)
+               {
+                       AsicSendCommandToMcu(pAd, 0x31, PowerWakeCID, 0x00, 0x02);
+                       AsicCheckCommanOk(pAd, PowerWakeCID);
+                       RTMP_CLEAR_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF);
+                       DBGPRINT(RT_DEBUG_TRACE, ("PSM - Issue Wake up command \n"));
+               }
+               else
+               {
+               RT28xxPciAsicRadioOn(pAd, GUI_IDLE_POWER_SAVE);
+       }
+       }
+#endif // RTMP_MAC_PCI //
+
+       // first check the parameter sanity
+       if (MlmeScanReqSanity(pAd,
+                                                 Elem->Msg,
+                                                 Elem->MsgLen,
+                                                 &BssType,
+                                                 (PCHAR)Ssid,
+                                                 &SsidLen,
+                                                 &ScanType))
+       {
+
+               // Check for channel load and noise hist request
+               // Suspend MSDU only at scan request, not the last two mentioned
+               // Suspend MSDU transmission here
+               RTMPSuspendMsduTransmission(pAd);
+
+               //
+               // To prevent data lost.
+               // Send an NULL data with turned PSM bit on to current associated AP before SCAN progress.
+               // And should send an NULL data with turned PSM bit off to AP, when scan progress done
+               //
+               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED) && (INFRA_ON(pAd)))
+               {
+                       NStatus = MlmeAllocateMemory(pAd, (PVOID)&pOutBuffer);
+                       if (NStatus     == NDIS_STATUS_SUCCESS)
+                       {
+                               pHdr80211 = (PHEADER_802_11) pOutBuffer;
+                               MgtMacHeaderInit(pAd, pHdr80211, SUBTYPE_NULL_FUNC, 1, pAd->CommonCfg.Bssid, pAd->CommonCfg.Bssid);
+                               pHdr80211->Duration = 0;
+                               pHdr80211->FC.Type = BTYPE_DATA;
+                               pHdr80211->FC.PwrMgmt = PWR_SAVE;
+
+                               // Send using priority queue
+                               MiniportMMRequest(pAd, 0, pOutBuffer, sizeof(HEADER_802_11));
+                               DBGPRINT(RT_DEBUG_TRACE, ("MlmeScanReqAction -- Send PSM Data frame for off channel RM\n"));
+                               MlmeFreeMemory(pAd, pOutBuffer);
+                               RTMPusecDelay(5000);
+                       }
+               }
+
+               NdisGetSystemUpTime(&Now);
+               pAd->StaCfg.LastScanTime = Now;
+               // reset all the timers
+               RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer, &TimerCancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.ScanTimer, &TimerCancelled);
+
+               // record desired BSS parameters
+               pAd->MlmeAux.BssType = BssType;
+               pAd->MlmeAux.ScanType = ScanType;
+               pAd->MlmeAux.SsidLen = SsidLen;
+        NdisZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID);
+               NdisMoveMemory(pAd->MlmeAux.Ssid, Ssid, SsidLen);
+
+               // start from the first channel
+               pAd->MlmeAux.Channel = FirstChannel(pAd);
+
+               // Let BBP register at 20MHz to do scan
+               RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+               BBPValue &= (~0x18);
+               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+               DBGPRINT(RT_DEBUG_TRACE, ("SYNC - BBP R4 to 20MHz.l\n"));
+               ScanNextChannel(pAd);
+       }
+       else
+       {
+               DBGPRINT_ERR(("SYNC - MlmeScanReqAction() sanity check fail\n"));
+               pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+               Status = MLME_INVALID_FORMAT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_SCAN_CONF, 2, &Status);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               MLME JOIN req state machine procedure
+       ==========================================================================
+ */
+VOID MlmeJoinReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR        BBPValue = 0;
+       BSS_ENTRY    *pBss;
+       BOOLEAN       TimerCancelled;
+       HEADER_802_11 Hdr80211;
+       NDIS_STATUS   NStatus;
+       ULONG         FrameLen = 0;
+       PUCHAR        pOutBuffer = NULL;
+       PUCHAR        pSupRate = NULL;
+       UCHAR         SupRateLen;
+       PUCHAR        pExtRate = NULL;
+       UCHAR         ExtRateLen;
+       UCHAR         ASupRate[] = {0x8C, 0x12, 0x98, 0x24, 0xb0, 0x48, 0x60, 0x6C};
+       UCHAR         ASupRateLen = sizeof(ASupRate)/sizeof(UCHAR);
+       MLME_JOIN_REQ_STRUCT *pInfo = (MLME_JOIN_REQ_STRUCT *)(Elem->Msg);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - MlmeJoinReqAction(BSS #%ld)\n", pInfo->BssIdx));
+
+#ifdef RTMP_MAC_PCI
+    if ((OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE)) &&
+        (IDLE_ON(pAd)) &&
+               (pAd->StaCfg.bRadio == TRUE) &&
+               (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_IDLE_RADIO_OFF)))
+       {
+               RT28xxPciAsicRadioOn(pAd, GUI_IDLE_POWER_SAVE);
+       }
+#endif // RTMP_MAC_PCI //
+
+       // reset all the timers
+       RTMPCancelTimer(&pAd->MlmeAux.ScanTimer, &TimerCancelled);
+       RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer, &TimerCancelled);
+
+       pBss = &pAd->MlmeAux.SsidBssTab.BssEntry[pInfo->BssIdx];
+
+       // record the desired SSID & BSSID we're waiting for
+       COPY_MAC_ADDR(pAd->MlmeAux.Bssid, pBss->Bssid);
+
+       // If AP's SSID is not hidden, it is OK for updating ssid to MlmeAux again.
+       if (pBss->Hidden == 0)
+       {
+               RTMPZeroMemory(pAd->MlmeAux.Ssid, MAX_LEN_OF_SSID);
+               NdisMoveMemory(pAd->MlmeAux.Ssid, pBss->Ssid, pBss->SsidLen);
+       pAd->MlmeAux.SsidLen = pBss->SsidLen;
+       }
+
+       pAd->MlmeAux.BssType = pBss->BssType;
+       pAd->MlmeAux.Channel = pBss->Channel;
+       pAd->MlmeAux.CentralChannel = pBss->CentralChannel;
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+       // Country IE of the AP will be evaluated and will be used.
+       if ((pAd->StaCfg.IEEE80211dClientMode != Rt802_11_D_None) &&
+               (pBss->bHasCountryIE == TRUE))
+       {
+               NdisMoveMemory(&pAd->CommonCfg.CountryCode[0], &pBss->CountryString[0], 2);
+               if (pBss->CountryString[2] == 'I')
+                       pAd->CommonCfg.Geography = IDOR;
+               else if (pBss->CountryString[2] == 'O')
+                       pAd->CommonCfg.Geography = ODOR;
+               else
+                       pAd->CommonCfg.Geography = BOTH;
+               BuildChannelListEx(pAd);
+       }
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+       // Let BBP register at 20MHz to do scan
+       RTMP_BBP_IO_READ8_BY_REG_ID(pAd, BBP_R4, &BBPValue);
+       BBPValue &= (~0x18);
+       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R4, BBPValue);
+       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - BBP R4 to 20MHz.l\n"));
+
+       // switch channel and waiting for beacon timer
+       AsicSwitchChannel(pAd, pAd->MlmeAux.Channel, FALSE);
+       AsicLockChannel(pAd, pAd->MlmeAux.Channel);
+
+
+       RTMPSetTimer(&pAd->MlmeAux.BeaconTimer, JOIN_TIMEOUT);
+
+    do
+       {
+               if (((pAd->CommonCfg.bIEEE80211H == 1) &&
+            (pAd->MlmeAux.Channel > 14) &&
+             RadarChannelCheck(pAd, pAd->MlmeAux.Channel))
+#ifdef CARRIER_DETECTION_SUPPORT // Roger sync Carrier
+             || (pAd->CommonCfg.CarrierDetect.Enable == TRUE)
+#endif // CARRIER_DETECTION_SUPPORT //
+            )
+               {
+                       //
+                       // We can't send any Probe request frame to meet 802.11h.
+                       //
+                       if (pBss->Hidden == 0)
+                       break;
+               }
+
+       //
+       // send probe request
+       //
+       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);
+       if (NStatus == NDIS_STATUS_SUCCESS)
+       {
+               if (pAd->MlmeAux.Channel <= 14)
+               {
+                       pSupRate = pAd->CommonCfg.SupRate;
+                       SupRateLen = pAd->CommonCfg.SupRateLen;
+                       pExtRate = pAd->CommonCfg.ExtRate;
+                       ExtRateLen = pAd->CommonCfg.ExtRateLen;
+               }
+               else
+               {
+                       //
+                       // Overwrite Support Rate, CCK rate are not allowed
+                       //
+                       pSupRate = ASupRate;
+                       SupRateLen = ASupRateLen;
+                       ExtRateLen = 0;
+               }
+
+               if (pAd->MlmeAux.BssType == BSS_INFRA)
+                       MgtMacHeaderInit(pAd, &Hdr80211, SUBTYPE_PROBE_REQ, 0, pAd->MlmeAux.Bssid, pAd->MlmeAux.Bssid);
+               else
+                       MgtMacHeaderInit(pAd, &Hdr80211, SUBTYPE_PROBE_REQ, 0, BROADCAST_ADDR, BROADCAST_ADDR);
+
+               MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                                                 sizeof(HEADER_802_11),    &Hdr80211,
+                                                 1,                        &SsidIe,
+                                                 1,                        &pAd->MlmeAux.SsidLen,
+                                                 pAd->MlmeAux.SsidLen,     pAd->MlmeAux.Ssid,
+                                                 1,                        &SupRateIe,
+                                                 1,                        &SupRateLen,
+                                                 SupRateLen,               pSupRate,
+                                                 END_OF_ARGS);
+
+               if (ExtRateLen)
+               {
+                       ULONG Tmp;
+                       MakeOutgoingFrame(pOutBuffer + FrameLen,            &Tmp,
+                                                         1,                                &ExtRateIe,
+                                                         1,                                &ExtRateLen,
+                                                         ExtRateLen,                       pExtRate,
+                                                         END_OF_ARGS);
+                       FrameLen += Tmp;
+               }
+
+
+               MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer);
+       }
+    } while (FALSE);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - Switch to ch %d, Wait BEACON from %02x:%02x:%02x:%02x:%02x:%02x\n",
+               pBss->Channel, pBss->Bssid[0], pBss->Bssid[1], pBss->Bssid[2], pBss->Bssid[3], pBss->Bssid[4], pBss->Bssid[5]));
+
+       pAd->Mlme.SyncMachine.CurrState = JOIN_WAIT_BEACON;
+}
+
+/*
+       ==========================================================================
+       Description:
+               MLME START Request state machine procedure, starting an IBSS
+       ==========================================================================
+ */
+VOID MlmeStartReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR         Ssid[MAX_LEN_OF_SSID], SsidLen;
+       BOOLEAN       TimerCancelled;
+
+       // New for WPA security suites
+       UCHAR                                           VarIE[MAX_VIE_LEN];     // Total VIE length = MAX_VIE_LEN - -5
+       NDIS_802_11_VARIABLE_IEs        *pVIE = NULL;
+       LARGE_INTEGER                           TimeStamp;
+       BOOLEAN Privacy;
+       USHORT Status;
+
+       // Init Variable IE structure
+       pVIE = (PNDIS_802_11_VARIABLE_IEs) VarIE;
+       pVIE->Length = 0;
+       TimeStamp.u.LowPart  = 0;
+       TimeStamp.u.HighPart = 0;
+
+       if (MlmeStartReqSanity(pAd, Elem->Msg, Elem->MsgLen, (PCHAR)Ssid, &SsidLen))
+       {
+               // reset all the timers
+               RTMPCancelTimer(&pAd->MlmeAux.ScanTimer, &TimerCancelled);
+               RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer, &TimerCancelled);
+
+               //
+               // Start a new IBSS. All IBSS parameters are decided now....
+               //
+               DBGPRINT(RT_DEBUG_TRACE, ("MlmeStartReqAction - Start a new IBSS. All IBSS parameters are decided now.... \n"));
+               pAd->MlmeAux.BssType           = BSS_ADHOC;
+               NdisMoveMemory(pAd->MlmeAux.Ssid, Ssid, SsidLen);
+               pAd->MlmeAux.SsidLen           = SsidLen;
+
+               // generate a radom number as BSSID
+               MacAddrRandomBssid(pAd, pAd->MlmeAux.Bssid);
+               DBGPRINT(RT_DEBUG_TRACE, ("MlmeStartReqAction - generate a radom number as BSSID \n"));
+
+               Privacy = (pAd->StaCfg.WepStatus == Ndis802_11Encryption1Enabled) ||
+                                 (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) ||
+                                 (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled);
+               pAd->MlmeAux.CapabilityInfo    = CAP_GENERATE(0,1,Privacy, (pAd->CommonCfg.TxPreamble == Rt802_11PreambleShort), 1, 0);
+               pAd->MlmeAux.BeaconPeriod      = pAd->CommonCfg.BeaconPeriod;
+               pAd->MlmeAux.AtimWin           = pAd->StaCfg.AtimWin;
+               pAd->MlmeAux.Channel           = pAd->CommonCfg.Channel;
+
+               pAd->CommonCfg.CentralChannel  = pAd->CommonCfg.Channel;
+               pAd->MlmeAux.CentralChannel    = pAd->CommonCfg.CentralChannel;
+
+               pAd->MlmeAux.SupRateLen= pAd->CommonCfg.SupRateLen;
+               NdisMoveMemory(pAd->MlmeAux.SupRate, pAd->CommonCfg.SupRate, MAX_LEN_OF_SUPPORTED_RATES);
+               RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
+               pAd->MlmeAux.ExtRateLen = pAd->CommonCfg.ExtRateLen;
+               NdisMoveMemory(pAd->MlmeAux.ExtRate, pAd->CommonCfg.ExtRate, MAX_LEN_OF_SUPPORTED_RATES);
+               RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
+#ifdef DOT11_N_SUPPORT
+               if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+               {
+                       RTMPUpdateHTIE(&pAd->CommonCfg.DesiredHtPhy, &pAd->StaCfg.DesiredHtPhyInfo.MCSSet[0], &pAd->MlmeAux.HtCapability, &pAd->MlmeAux.AddHtInfo);
+                       pAd->MlmeAux.HtCapabilityLen = sizeof(HT_CAPABILITY_IE);
+                       // Not turn pAd->StaActive.SupportedHtPhy.bHtEnable = TRUE here.
+                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC -pAd->StaActive.SupportedHtPhy.bHtEnable = TRUE\n"));
+               }
+               else
+#endif // DOT11_N_SUPPORT //
+               {
+                       pAd->MlmeAux.HtCapabilityLen = 0;
+                       pAd->StaActive.SupportedPhyInfo.bHtEnable = FALSE;
+                       NdisZeroMemory(&pAd->StaActive.SupportedPhyInfo.MCSSet[0], 16);
+               }
+               // temporarily not support QOS in IBSS
+               NdisZeroMemory(&pAd->MlmeAux.APEdcaParm, sizeof(EDCA_PARM));
+               NdisZeroMemory(&pAd->MlmeAux.APQbssLoad, sizeof(QBSS_LOAD_PARM));
+               NdisZeroMemory(&pAd->MlmeAux.APQosCapability, sizeof(QOS_CAPABILITY_PARM));
+
+               AsicSwitchChannel(pAd, pAd->MlmeAux.Channel, FALSE);
+               AsicLockChannel(pAd, pAd->MlmeAux.Channel);
+
+               DBGPRINT(RT_DEBUG_TRACE, ("SYNC - MlmeStartReqAction(ch= %d,sup rates= %d, ext rates=%d)\n",
+                       pAd->MlmeAux.Channel, pAd->MlmeAux.SupRateLen, pAd->MlmeAux.ExtRateLen));
+
+               pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+               Status = MLME_SUCCESS;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_START_CONF, 2, &Status);
+       }
+       else
+       {
+               DBGPRINT_ERR(("SYNC - MlmeStartReqAction() sanity check fail.\n"));
+               pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+               Status = MLME_INVALID_FORMAT;
+               MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_START_CONF, 2, &Status);
+       }
+}
+
+/*
+       ==========================================================================
+       Description:
+               peer sends beacon back when scanning
+       ==========================================================================
+ */
+VOID PeerBeaconAtScanAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR           Bssid[MAC_ADDR_LEN], Addr2[MAC_ADDR_LEN];
+       UCHAR           Ssid[MAX_LEN_OF_SSID], BssType, Channel, NewChannel,
+                                       SsidLen, DtimCount, DtimPeriod, BcastFlag, MessageToMe;
+       CF_PARM         CfParm;
+       USHORT          BeaconPeriod, AtimWin, CapabilityInfo;
+       PFRAME_802_11   pFrame;
+       LARGE_INTEGER   TimeStamp;
+       UCHAR           Erp;
+       UCHAR           SupRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR                   SupRateLen, ExtRateLen;
+       USHORT                  LenVIE;
+       UCHAR                   CkipFlag;
+       UCHAR                   AironetCellPowerLimit;
+       EDCA_PARM       EdcaParm;
+       QBSS_LOAD_PARM  QbssLoad;
+       QOS_CAPABILITY_PARM QosCapability;
+       ULONG                                           RalinkIe;
+       UCHAR                                           VarIE[MAX_VIE_LEN];             // Total VIE length = MAX_VIE_LEN - -5
+       NDIS_802_11_VARIABLE_IEs        *pVIE = NULL;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                   HtCapabilityLen = 0, PreNHtCapabilityLen = 0;
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChannelOffset = 0xff;
+
+
+       // NdisFillMemory(Ssid, MAX_LEN_OF_SSID, 0x00);
+       pFrame = (PFRAME_802_11) Elem->Msg;
+       // Init Variable IE structure
+       pVIE = (PNDIS_802_11_VARIABLE_IEs) VarIE;
+       pVIE->Length = 0;
+#ifdef DOT11_N_SUPPORT
+    RTMPZeroMemory(&HtCapability, sizeof(HtCapability));
+       RTMPZeroMemory(&AddHtInfo, sizeof(ADD_HT_INFO_IE));
+#endif // DOT11_N_SUPPORT //
+
+       if (PeerBeaconAndProbeRspSanity(pAd,
+                                                               Elem->Msg,
+                                                               Elem->MsgLen,
+                                                               Elem->Channel,
+                                                               Addr2,
+                                                               Bssid,
+                                                               (PCHAR)Ssid,
+                                                               &SsidLen,
+                                                               &BssType,
+                                                               &BeaconPeriod,
+                                                               &Channel,
+                                                               &NewChannel,
+                                                               &TimeStamp,
+                                                               &CfParm,
+                                                               &AtimWin,
+                                                               &CapabilityInfo,
+                                                               &Erp,
+                                                               &DtimCount,
+                                                               &DtimPeriod,
+                                                               &BcastFlag,
+                                                               &MessageToMe,
+                                                               SupRate,
+                                                               &SupRateLen,
+                                                               ExtRate,
+                                                               &ExtRateLen,
+                                                               &CkipFlag,
+                                                               &AironetCellPowerLimit,
+                                                               &EdcaParm,
+                                                               &QbssLoad,
+                                                               &QosCapability,
+                                                               &RalinkIe,
+                                                               &HtCapabilityLen,
+                                                               &PreNHtCapabilityLen,
+                                                               &HtCapability,
+                                                               &AddHtInfoLen,
+                                                               &AddHtInfo,
+                                                               &NewExtChannelOffset,
+                                                               &LenVIE,
+                                                               pVIE))
+       {
+               ULONG Idx;
+               CHAR Rssi = 0;
+
+               Idx = BssTableSearch(&pAd->ScanTab, Bssid, Channel);
+               if (Idx != BSS_NOT_FOUND)
+                       Rssi = pAd->ScanTab.BssEntry[Idx].Rssi;
+
+               Rssi = RTMPMaxRssi(pAd, ConvertToRssi(pAd, Elem->Rssi0, RSSI_0), ConvertToRssi(pAd, Elem->Rssi1, RSSI_1), ConvertToRssi(pAd, Elem->Rssi2, RSSI_2));
+
+
+#ifdef DOT11_N_SUPPORT
+               if ((HtCapabilityLen > 0) || (PreNHtCapabilityLen > 0))
+                       HtCapabilityLen = SIZE_HT_CAP_IE;
+#endif // DOT11_N_SUPPORT //
+
+               Idx = BssTableSetEntry(pAd, &pAd->ScanTab, Bssid, (PCHAR)Ssid, SsidLen, BssType, BeaconPeriod,
+                                         &CfParm, AtimWin, CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,  &HtCapability,
+                                        &AddHtInfo, HtCapabilityLen, AddHtInfoLen, NewExtChannelOffset, Channel, Rssi, TimeStamp, CkipFlag,
+                                        &EdcaParm, &QosCapability, &QbssLoad, LenVIE, pVIE);
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+               if (pAd->ChannelList[pAd->CommonCfg.ChannelListIdx].bEffectedChannel == TRUE)
+               {
+                       UCHAR           RegClass;
+                       PeerBeaconAndProbeRspSanity2(pAd, Elem->Msg, Elem->MsgLen, &RegClass);
+                       TriEventTableSetEntry(pAd, &pAd->CommonCfg.TriggerEventTab, Bssid, &HtCapability, HtCapabilityLen, RegClass, Channel);
+               }
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+               if (Idx != BSS_NOT_FOUND)
+               {
+                       NdisMoveMemory(pAd->ScanTab.BssEntry[Idx].PTSF, &Elem->Msg[24], 4);
+                       NdisMoveMemory(&pAd->ScanTab.BssEntry[Idx].TTSF[0], &Elem->TimeStamp.u.LowPart, 4);
+                       NdisMoveMemory(&pAd->ScanTab.BssEntry[Idx].TTSF[4], &Elem->TimeStamp.u.LowPart, 4);
+               }
+
+       }
+       // sanity check fail, ignored
+}
+
+/*
+       ==========================================================================
+       Description:
+               When waiting joining the (I)BSS, beacon received from external
+       ==========================================================================
+ */
+VOID PeerBeaconAtJoinAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR         Bssid[MAC_ADDR_LEN], Addr2[MAC_ADDR_LEN];
+       UCHAR         Ssid[MAX_LEN_OF_SSID], SsidLen, BssType, Channel, MessageToMe,
+                                 DtimCount, DtimPeriod, BcastFlag, NewChannel;
+       LARGE_INTEGER TimeStamp;
+       USHORT        BeaconPeriod, AtimWin, CapabilityInfo;
+       CF_PARM       Cf;
+       BOOLEAN       TimerCancelled;
+       UCHAR         Erp;
+       UCHAR         SupRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR             SupRateLen, ExtRateLen;
+       UCHAR         CkipFlag;
+       USHORT            LenVIE;
+       UCHAR             AironetCellPowerLimit;
+       EDCA_PARM       EdcaParm;
+       QBSS_LOAD_PARM  QbssLoad;
+       QOS_CAPABILITY_PARM QosCapability;
+       USHORT        Status;
+       UCHAR                                           VarIE[MAX_VIE_LEN];             // Total VIE length = MAX_VIE_LEN - -5
+       NDIS_802_11_VARIABLE_IEs        *pVIE = NULL;
+       ULONG           RalinkIe;
+       ULONG         Idx;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                           HtCapabilityLen = 0, PreNHtCapabilityLen = 0;
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChannelOffset = 0xff;
+#ifdef DOT11_N_SUPPORT
+       UCHAR                   CentralChannel;
+       BOOLEAN                 bAllowNrate = FALSE;
+#endif // DOT11_N_SUPPORT //
+
+       // Init Variable IE structure
+       pVIE = (PNDIS_802_11_VARIABLE_IEs) VarIE;
+       pVIE->Length = 0;
+    RTMPZeroMemory(&HtCapability, sizeof(HtCapability));
+       RTMPZeroMemory(&AddHtInfo, sizeof(ADD_HT_INFO_IE));
+
+
+       if (PeerBeaconAndProbeRspSanity(pAd,
+                                                               Elem->Msg,
+                                                               Elem->MsgLen,
+                                                               Elem->Channel,
+                                                               Addr2,
+                                                               Bssid,
+                                                               (PCHAR)Ssid,
+                                                               &SsidLen,
+                                                               &BssType,
+                                                               &BeaconPeriod,
+                                                               &Channel,
+                                                               &NewChannel,
+                                                               &TimeStamp,
+                                                               &Cf,
+                                                               &AtimWin,
+                                                               &CapabilityInfo,
+                                                               &Erp,
+                                                               &DtimCount,
+                                                               &DtimPeriod,
+                                                               &BcastFlag,
+                                                               &MessageToMe,
+                                                               SupRate,
+                                                               &SupRateLen,
+                                                               ExtRate,
+                                                               &ExtRateLen,
+                                                               &CkipFlag,
+                                                               &AironetCellPowerLimit,
+                                                               &EdcaParm,
+                                                               &QbssLoad,
+                                                               &QosCapability,
+                                                               &RalinkIe,
+                                                               &HtCapabilityLen,
+                                                               &PreNHtCapabilityLen,
+                                                               &HtCapability,
+                                                               &AddHtInfoLen,
+                                                               &AddHtInfo,
+                                                               &NewExtChannelOffset,
+                                                               &LenVIE,
+                                                               pVIE))
+       {
+               // Disqualify 11b only adhoc when we are in 11g only adhoc mode
+               if ((BssType == BSS_ADHOC) && (pAd->CommonCfg.PhyMode == PHY_11G) && ((SupRateLen+ExtRateLen)< 12))
+                       return;
+
+               // BEACON from desired BSS/IBSS found. We should be able to decide most
+               // BSS parameters here.
+               // Q. But what happen if this JOIN doesn't conclude a successful ASSOCIATEION?
+               //    Do we need to receover back all parameters belonging to previous BSS?
+               // A. Should be not. There's no back-door recover to previous AP. It still need
+               //    a new JOIN-AUTH-ASSOC sequence.
+               if (MAC_ADDR_EQUAL(pAd->MlmeAux.Bssid, Bssid))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - receive desired BEACON at JoinWaitBeacon... Channel = %d\n", Channel));
+                       RTMPCancelTimer(&pAd->MlmeAux.BeaconTimer, &TimerCancelled);
+
+                       // Update RSSI to prevent No signal display when cards first initialized
+                       pAd->StaCfg.RssiSample.LastRssi0        = ConvertToRssi(pAd, Elem->Rssi0, RSSI_0);
+                       pAd->StaCfg.RssiSample.LastRssi1        = ConvertToRssi(pAd, Elem->Rssi1, RSSI_1);
+                       pAd->StaCfg.RssiSample.LastRssi2        = ConvertToRssi(pAd, Elem->Rssi2, RSSI_2);
+                       pAd->StaCfg.RssiSample.AvgRssi0 = pAd->StaCfg.RssiSample.LastRssi0;
+                       pAd->StaCfg.RssiSample.AvgRssi0X8       = pAd->StaCfg.RssiSample.AvgRssi0 << 3;
+                       pAd->StaCfg.RssiSample.AvgRssi1 = pAd->StaCfg.RssiSample.LastRssi1;
+                       pAd->StaCfg.RssiSample.AvgRssi1X8       = pAd->StaCfg.RssiSample.AvgRssi1 << 3;
+                       pAd->StaCfg.RssiSample.AvgRssi2 = pAd->StaCfg.RssiSample.LastRssi2;
+                       pAd->StaCfg.RssiSample.AvgRssi2X8       = pAd->StaCfg.RssiSample.AvgRssi2 << 3;
+
+                       //
+                       // We need to check if SSID only set to any, then we can record the current SSID.
+                       // Otherwise will cause hidden SSID association failed.
+                       //
+                       if (pAd->MlmeAux.SsidLen == 0)
+                       {
+                               NdisMoveMemory(pAd->MlmeAux.Ssid, Ssid, SsidLen);
+                               pAd->MlmeAux.SsidLen = SsidLen;
+                       }
+                       else
+                       {
+                               Idx = BssSsidTableSearch(&pAd->ScanTab, Bssid, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen, Channel);
+
+                               if (Idx == BSS_NOT_FOUND)
+                               {
+                                       CHAR Rssi = 0;
+                                       Rssi = RTMPMaxRssi(pAd, ConvertToRssi(pAd, Elem->Rssi0, RSSI_0), ConvertToRssi(pAd, Elem->Rssi1, RSSI_1), ConvertToRssi(pAd, Elem->Rssi2, RSSI_2));
+                                       Idx = BssTableSetEntry(pAd, &pAd->ScanTab, Bssid, (CHAR *) Ssid, SsidLen, BssType, BeaconPeriod,
+                                                                               &Cf, AtimWin, CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,  &HtCapability,
+                                                                               &AddHtInfo, HtCapabilityLen, AddHtInfoLen, NewExtChannelOffset, Channel, Rssi, TimeStamp, CkipFlag,
+                                                                               &EdcaParm, &QosCapability, &QbssLoad, LenVIE, pVIE);
+                                       if (Idx != BSS_NOT_FOUND)
+                                       {
+                                               NdisMoveMemory(pAd->ScanTab.BssEntry[Idx].PTSF, &Elem->Msg[24], 4);
+                                               NdisMoveMemory(&pAd->ScanTab.BssEntry[Idx].TTSF[0], &Elem->TimeStamp.u.LowPart, 4);
+                                               NdisMoveMemory(&pAd->ScanTab.BssEntry[Idx].TTSF[4], &Elem->TimeStamp.u.LowPart, 4);
+                                               CapabilityInfo = pAd->ScanTab.BssEntry[Idx].CapabilityInfo;
+                                       }
+                               }
+                               else
+                               {
+                                       //
+                                       // Multiple SSID case, used correct CapabilityInfo
+                                       //
+                                       CapabilityInfo = pAd->ScanTab.BssEntry[Idx].CapabilityInfo;
+                               }
+                       }
+                       NdisMoveMemory(pAd->MlmeAux.Bssid, Bssid, MAC_ADDR_LEN);
+                       pAd->MlmeAux.CapabilityInfo = CapabilityInfo & SUPPORTED_CAPABILITY_INFO;
+                       pAd->MlmeAux.BssType = BssType;
+                       pAd->MlmeAux.BeaconPeriod = BeaconPeriod;
+                       pAd->MlmeAux.Channel = Channel;
+                       pAd->MlmeAux.AtimWin = AtimWin;
+                       pAd->MlmeAux.CfpPeriod = Cf.CfpPeriod;
+                       pAd->MlmeAux.CfpMaxDuration = Cf.CfpMaxDuration;
+                       pAd->MlmeAux.APRalinkIe = RalinkIe;
+
+                       // Copy AP's supported rate to MlmeAux for creating assoication request
+                       // Also filter out not supported rate
+                       pAd->MlmeAux.SupRateLen = SupRateLen;
+                       NdisMoveMemory(pAd->MlmeAux.SupRate, SupRate, SupRateLen);
+                       RTMPCheckRates(pAd, pAd->MlmeAux.SupRate, &pAd->MlmeAux.SupRateLen);
+                       pAd->MlmeAux.ExtRateLen = ExtRateLen;
+                       NdisMoveMemory(pAd->MlmeAux.ExtRate, ExtRate, ExtRateLen);
+                       RTMPCheckRates(pAd, pAd->MlmeAux.ExtRate, &pAd->MlmeAux.ExtRateLen);
+
+            NdisZeroMemory(pAd->StaActive.SupportedPhyInfo.MCSSet, 16);
+
+
+#ifdef DOT11_N_SUPPORT
+                       if (((pAd->StaCfg.WepStatus != Ndis802_11WEPEnabled) && (pAd->StaCfg.WepStatus != Ndis802_11Encryption2Enabled))
+                               || (pAd->CommonCfg.HT_DisallowTKIP == FALSE))
+                       {
+                               bAllowNrate = TRUE;
+                       }
+
+                       pAd->MlmeAux.NewExtChannelOffset = NewExtChannelOffset;
+                       pAd->MlmeAux.HtCapabilityLen = HtCapabilityLen;
+
+                       RTMPZeroMemory(&pAd->MlmeAux.HtCapability, SIZE_HT_CAP_IE);
+                       // filter out un-supported ht rates
+                       if (((HtCapabilityLen > 0) || (PreNHtCapabilityLen > 0)) &&
+                               ((pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED) && (bAllowNrate)))
+                       {
+                               RTMPMoveMemory(&pAd->MlmeAux.AddHtInfo, &AddHtInfo, SIZE_ADD_HT_INFO_IE);
+
+                               // StaActive.SupportedHtPhy.MCSSet stores Peer AP's 11n Rx capability
+                               NdisMoveMemory(pAd->StaActive.SupportedPhyInfo.MCSSet, HtCapability.MCSSet, 16);
+                               pAd->MlmeAux.NewExtChannelOffset = NewExtChannelOffset;
+                               pAd->MlmeAux.HtCapabilityLen = SIZE_HT_CAP_IE;
+                               pAd->StaActive.SupportedPhyInfo.bHtEnable = TRUE;
+                               if (PreNHtCapabilityLen > 0)
+                                       pAd->StaActive.SupportedPhyInfo.bPreNHt = TRUE;
+                               RTMPCheckHt(pAd, BSSID_WCID, &HtCapability, &AddHtInfo);
+                               // Copy AP Parameter to StaActive.  This is also in LinkUp.
+                               DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAtJoinAction! (MpduDensity=%d, MaxRAmpduFactor=%d, BW=%d)\n",
+                                       pAd->StaActive.SupportedHtPhy.MpduDensity, pAd->StaActive.SupportedHtPhy.MaxRAmpduFactor, HtCapability.HtCapInfo.ChannelWidth));
+
+                               if (AddHtInfoLen > 0)
+                               {
+                                       CentralChannel = AddHtInfo.ControlChan;
+                                       // Check again the Bandwidth capability of this AP.
+                                       if ((AddHtInfo.ControlChan > 2)&& (AddHtInfo.AddHtInfo.ExtChanOffset == EXTCHA_BELOW) && (HtCapability.HtCapInfo.ChannelWidth == BW_40))
+                                       {
+                                               CentralChannel = AddHtInfo.ControlChan - 2;
+                                       }
+                                       else if ((AddHtInfo.AddHtInfo.ExtChanOffset == EXTCHA_ABOVE) && (HtCapability.HtCapInfo.ChannelWidth == BW_40))
+                                       {
+                                               CentralChannel = AddHtInfo.ControlChan + 2;
+                                       }
+
+                    // Check Error .
+                                       if (pAd->MlmeAux.CentralChannel != CentralChannel)
+                                               DBGPRINT(RT_DEBUG_ERROR, ("PeerBeaconAtJoinAction HT===>Beacon Central Channel = %d, Control Channel = %d. Mlmeaux CentralChannel = %d\n", CentralChannel, AddHtInfo.ControlChan, pAd->MlmeAux.CentralChannel));
+
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerBeaconAtJoinAction HT===>Central Channel = %d, Control Channel = %d,  .\n", CentralChannel, AddHtInfo.ControlChan));
+
+                               }
+
+                       }
+                       else
+#endif // DOT11_N_SUPPORT //
+                       {
+                               // To prevent error, let legacy AP must have same CentralChannel and Channel.
+                               if ((HtCapabilityLen == 0) && (PreNHtCapabilityLen == 0))
+                                       pAd->MlmeAux.CentralChannel = pAd->MlmeAux.Channel;
+
+                               pAd->StaActive.SupportedPhyInfo.bHtEnable = FALSE;
+                               pAd->MlmeAux.NewExtChannelOffset = 0xff;
+                               RTMPZeroMemory(&pAd->MlmeAux.HtCapability, SIZE_HT_CAP_IE);
+                               pAd->MlmeAux.HtCapabilityLen = 0;
+                               RTMPZeroMemory(&pAd->MlmeAux.AddHtInfo, SIZE_ADD_HT_INFO_IE);
+                       }
+
+                       RTMPUpdateMlmeRate(pAd);
+
+                       // copy QOS related information
+                       if ((pAd->CommonCfg.bWmmCapable)
+#ifdef DOT11_N_SUPPORT
+                                || (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+#endif // DOT11_N_SUPPORT //
+                               )
+                       {
+                               NdisMoveMemory(&pAd->MlmeAux.APEdcaParm, &EdcaParm, sizeof(EDCA_PARM));
+                               NdisMoveMemory(&pAd->MlmeAux.APQbssLoad, &QbssLoad, sizeof(QBSS_LOAD_PARM));
+                               NdisMoveMemory(&pAd->MlmeAux.APQosCapability, &QosCapability, sizeof(QOS_CAPABILITY_PARM));
+                       }
+                       else
+                       {
+                               NdisZeroMemory(&pAd->MlmeAux.APEdcaParm, sizeof(EDCA_PARM));
+                               NdisZeroMemory(&pAd->MlmeAux.APQbssLoad, sizeof(QBSS_LOAD_PARM));
+                               NdisZeroMemory(&pAd->MlmeAux.APQosCapability, sizeof(QOS_CAPABILITY_PARM));
+                       }
+
+                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - after JOIN, SupRateLen=%d, ExtRateLen=%d\n",
+                               pAd->MlmeAux.SupRateLen, pAd->MlmeAux.ExtRateLen));
+
+                       if (AironetCellPowerLimit != 0xFF)
+                       {
+                               //We need to change our TxPower for CCX 2.0 AP Control of Client Transmit Power
+                               ChangeToCellPowerLimit(pAd, AironetCellPowerLimit);
+                       }
+                       else  //Used the default TX Power Percentage.
+                               pAd->CommonCfg.TxPowerPercentage = pAd->CommonCfg.TxPowerDefault;
+
+                       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+                       Status = MLME_SUCCESS;
+                       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_JOIN_CONF, 2, &Status);
+               }
+               // not to me BEACON, ignored
+       }
+       // sanity check fail, ignore this frame
+}
+
+/*
+       ==========================================================================
+       Description:
+               receive BEACON from peer
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID PeerBeacon(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR         Bssid[MAC_ADDR_LEN], Addr2[MAC_ADDR_LEN];
+       CHAR          Ssid[MAX_LEN_OF_SSID];
+       CF_PARM       CfParm;
+       UCHAR         SsidLen, MessageToMe=0, BssType, Channel, NewChannel, index=0;
+       UCHAR         DtimCount=0, DtimPeriod=0, BcastFlag=0;
+       USHORT        CapabilityInfo, AtimWin, BeaconPeriod;
+       LARGE_INTEGER TimeStamp;
+       USHORT        TbttNumToNextWakeUp;
+       UCHAR         Erp;
+       UCHAR         SupRate[MAX_LEN_OF_SUPPORTED_RATES], ExtRate[MAX_LEN_OF_SUPPORTED_RATES];
+       UCHAR             SupRateLen, ExtRateLen;
+       UCHAR             CkipFlag;
+       USHORT        LenVIE;
+       UCHAR             AironetCellPowerLimit;
+       EDCA_PARM       EdcaParm;
+       QBSS_LOAD_PARM  QbssLoad;
+       QOS_CAPABILITY_PARM QosCapability;
+       ULONG           RalinkIe;
+       // New for WPA security suites
+       UCHAR                                           VarIE[MAX_VIE_LEN];             // Total VIE length = MAX_VIE_LEN - -5
+       NDIS_802_11_VARIABLE_IEs        *pVIE = NULL;
+       HT_CAPABILITY_IE                HtCapability;
+       ADD_HT_INFO_IE          AddHtInfo;      // AP might use this additional ht info IE
+       UCHAR                   HtCapabilityLen, PreNHtCapabilityLen;
+       UCHAR                   AddHtInfoLen;
+       UCHAR                   NewExtChannelOffset = 0xff;
+
+
+#ifdef RALINK_ATE
+    if (ATE_ON(pAd))
+    {
+               return;
+    }
+#endif // RALINK_ATE //
+
+       if (!(INFRA_ON(pAd) || ADHOC_ON(pAd)
+               ))
+               return;
+
+       // Init Variable IE structure
+       pVIE = (PNDIS_802_11_VARIABLE_IEs) VarIE;
+       pVIE->Length = 0;
+    RTMPZeroMemory(&HtCapability, sizeof(HtCapability));
+       RTMPZeroMemory(&AddHtInfo, sizeof(ADD_HT_INFO_IE));
+
+       if (PeerBeaconAndProbeRspSanity(pAd,
+                                                               Elem->Msg,
+                                                               Elem->MsgLen,
+                                                               Elem->Channel,
+                                                               Addr2,
+                                                               Bssid,
+                                                               Ssid,
+                                                               &SsidLen,
+                                                               &BssType,
+                                                               &BeaconPeriod,
+                                                               &Channel,
+                                                               &NewChannel,
+                                                               &TimeStamp,
+                                                               &CfParm,
+                                                               &AtimWin,
+                                                               &CapabilityInfo,
+                                                               &Erp,
+                                                               &DtimCount,
+                                                               &DtimPeriod,
+                                                               &BcastFlag,
+                                                               &MessageToMe,
+                                                               SupRate,
+                                                               &SupRateLen,
+                                                               ExtRate,
+                                                               &ExtRateLen,
+                                                               &CkipFlag,
+                                                               &AironetCellPowerLimit,
+                                                               &EdcaParm,
+                                                               &QbssLoad,
+                                                               &QosCapability,
+                                                               &RalinkIe,
+                                                               &HtCapabilityLen,
+                                                               &PreNHtCapabilityLen,
+                                                               &HtCapability,
+                                                               &AddHtInfoLen,
+                                                               &AddHtInfo,
+                                                               &NewExtChannelOffset,
+                                                               &LenVIE,
+                                                               pVIE))
+       {
+               BOOLEAN is_my_bssid, is_my_ssid;
+               ULONG   Bssidx, Now;
+               BSS_ENTRY *pBss;
+               CHAR            RealRssi = RTMPMaxRssi(pAd, ConvertToRssi(pAd, Elem->Rssi0, RSSI_0), ConvertToRssi(pAd, Elem->Rssi1, RSSI_1), ConvertToRssi(pAd, Elem->Rssi2, RSSI_2));
+
+               is_my_bssid = MAC_ADDR_EQUAL(Bssid, pAd->CommonCfg.Bssid)? TRUE : FALSE;
+               is_my_ssid = SSID_EQUAL(Ssid, SsidLen, pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen)? TRUE:FALSE;
+
+
+               // ignore BEACON not for my SSID
+               if ((! is_my_ssid) && (! is_my_bssid))
+                       return;
+
+               // It means STA waits disassoc completely from this AP, ignores this beacon.
+               if (pAd->Mlme.CntlMachine.CurrState == CNTL_WAIT_DISASSOC)
+                       return;
+
+#ifdef DOT11_N_SUPPORT
+               // Copy Control channel for this BSSID.
+               if (AddHtInfoLen != 0)
+                       Channel = AddHtInfo.ControlChan;
+
+               if ((HtCapabilityLen > 0) || (PreNHtCapabilityLen > 0))
+                       HtCapabilityLen = SIZE_HT_CAP_IE;
+#endif // DOT11_N_SUPPORT //
+
+               //
+               // Housekeeping "SsidBssTab" table for later-on ROAMing usage.
+               //
+               Bssidx = BssTableSearch(&pAd->ScanTab, Bssid, Channel);
+               if (Bssidx == BSS_NOT_FOUND)
+               {
+                       // discover new AP of this network, create BSS entry
+                       Bssidx = BssTableSetEntry(pAd, &pAd->ScanTab, Bssid, Ssid, SsidLen, BssType, BeaconPeriod,
+                                                &CfParm, AtimWin, CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen,
+                                               &HtCapability, &AddHtInfo,HtCapabilityLen,AddHtInfoLen,NewExtChannelOffset, Channel,
+                                               RealRssi, TimeStamp, CkipFlag, &EdcaParm, &QosCapability,
+                                               &QbssLoad, LenVIE, pVIE);
+                       if (Bssidx == BSS_NOT_FOUND) // return if BSS table full
+                               return;
+
+                       NdisMoveMemory(pAd->ScanTab.BssEntry[Bssidx].PTSF, &Elem->Msg[24], 4);
+                       NdisMoveMemory(&pAd->ScanTab.BssEntry[Bssidx].TTSF[0], &Elem->TimeStamp.u.LowPart, 4);
+                       NdisMoveMemory(&pAd->ScanTab.BssEntry[Bssidx].TTSF[4], &Elem->TimeStamp.u.LowPart, 4);
+
+
+
+               }
+
+               if ((pAd->CommonCfg.bIEEE80211H == 1) && (NewChannel != 0) && (Channel != NewChannel))
+               {
+                       // Switching to channel 1 can prevent from rescanning the current channel immediately (by auto reconnection).
+                       // In addition, clear the MLME queue and the scan table to discard the RX packets and previous scanning results.
+                       AsicSwitchChannel(pAd, 1, FALSE);
+                       AsicLockChannel(pAd, 1);
+                   LinkDown(pAd, FALSE);
+                       MlmeQueueInit(&pAd->Mlme.Queue);
+                       BssTableInit(&pAd->ScanTab);
+                   RTMPusecDelay(1000000);             // use delay to prevent STA do reassoc
+
+                       // channel sanity check
+                       for (index = 0 ; index < pAd->ChannelListNum; index++)
+                       {
+                               if (pAd->ChannelList[index].Channel == NewChannel)
+                               {
+                                       pAd->ScanTab.BssEntry[Bssidx].Channel = NewChannel;
+                                       pAd->CommonCfg.Channel = NewChannel;
+                                       AsicSwitchChannel(pAd, pAd->CommonCfg.Channel, FALSE);
+                                       AsicLockChannel(pAd, pAd->CommonCfg.Channel);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("PeerBeacon - STA receive channel switch announcement IE (New Channel =%d)\n", NewChannel));
+                                       break;
+                               }
+                       }
+
+                       if (index >= pAd->ChannelListNum)
+                       {
+                               DBGPRINT_ERR(("PeerBeacon(can not find New Channel=%d in ChannelList[%d]\n", pAd->CommonCfg.Channel, pAd->ChannelListNum));
+                       }
+               }
+
+               // if the ssid matched & bssid unmatched, we should select the bssid with large value.
+               // This might happened when two STA start at the same time
+               if ((! is_my_bssid) && ADHOC_ON(pAd))
+               {
+                       INT     i;
+
+                       // Add the safeguard against the mismatch of adhoc wep status
+                       if (pAd->StaCfg.WepStatus != pAd->ScanTab.BssEntry[Bssidx].WepStatus)
+                       {
+                               return;
+                       }
+
+                       // collapse into the ADHOC network which has bigger BSSID value.
+                       for (i = 0; i < 6; i++)
+                       {
+                               if (Bssid[i] > pAd->CommonCfg.Bssid[i])
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - merge to the IBSS with bigger BSSID=%02x:%02x:%02x:%02x:%02x:%02x\n",
+                                               Bssid[0], Bssid[1], Bssid[2], Bssid[3], Bssid[4], Bssid[5]));
+                                       AsicDisableSync(pAd);
+                                       COPY_MAC_ADDR(pAd->CommonCfg.Bssid, Bssid);
+                                       AsicSetBssid(pAd, pAd->CommonCfg.Bssid);
+                                       MakeIbssBeacon(pAd);        // re-build BEACON frame
+                                       AsicEnableIbssSync(pAd);    // copy BEACON frame to on-chip memory
+                                       is_my_bssid = TRUE;
+                                       break;
+                               }
+                               else if (Bssid[i] < pAd->CommonCfg.Bssid[i])
+                                       break;
+                       }
+               }
+
+
+               NdisGetSystemUpTime(&Now);
+               pBss = &pAd->ScanTab.BssEntry[Bssidx];
+               pBss->Rssi = RealRssi;       // lastest RSSI
+               pBss->LastBeaconRxTime = Now;   // last RX timestamp
+
+               //
+               // BEACON from my BSSID - either IBSS or INFRA network
+               //
+               if (is_my_bssid)
+               {
+                       RXWI_STRUC      RxWI;
+
+                       pAd->StaCfg.DtimCount = DtimCount;
+                       pAd->StaCfg.DtimPeriod = DtimPeriod;
+                       pAd->StaCfg.LastBeaconRxTime = Now;
+
+
+                       RxWI.RSSI0 = Elem->Rssi0;
+                       RxWI.RSSI1 = Elem->Rssi1;
+                       RxWI.RSSI2 = Elem->Rssi2;
+
+                       Update_Rssi_Sample(pAd, &pAd->StaCfg.RssiSample, &RxWI);
+                       if (AironetCellPowerLimit != 0xFF)
+                       {
+                               //
+                               // We get the Cisco (ccx) "TxPower Limit" required
+                               // Changed to appropriate TxPower Limit for Ciso Compatible Extensions
+                               //
+                               ChangeToCellPowerLimit(pAd, AironetCellPowerLimit);
+                       }
+                       else
+                       {
+                               //
+                               // AironetCellPowerLimit equal to 0xFF means the Cisco (ccx) "TxPower Limit" not exist.
+                               // Used the default TX Power Percentage, that set from UI.
+                               //
+                               pAd->CommonCfg.TxPowerPercentage = pAd->CommonCfg.TxPowerDefault;
+                       }
+
+                       if (ADHOC_ON(pAd) && (CAP_IS_IBSS_ON(CapabilityInfo)))
+                       {
+                               UCHAR                   MaxSupportedRateIn500Kbps = 0;
+                               UCHAR                   idx;
+                               MAC_TABLE_ENTRY *pEntry;
+
+                               // supported rates array may not be sorted. sort it and find the maximum rate
+                           for (idx=0; idx<SupRateLen; idx++)
+                               {
+                               if (MaxSupportedRateIn500Kbps < (SupRate[idx] & 0x7f))
+                                   MaxSupportedRateIn500Kbps = SupRate[idx] & 0x7f;
+                                               }
+
+                               for (idx=0; idx<ExtRateLen; idx++)
+                           {
+                               if (MaxSupportedRateIn500Kbps < (ExtRate[idx] & 0x7f))
+                                   MaxSupportedRateIn500Kbps = ExtRate[idx] & 0x7f;
+                                       }
+
+                               // look up the existing table
+                               pEntry = MacTableLookup(pAd, Addr2);
+
+                               // Ad-hoc mode is using MAC address as BA session. So we need to continuously find newly joined adhoc station by receiving beacon.
+                               // To prevent always check this, we use wcid == RESERVED_WCID to recognize it as newly joined adhoc station.
+                               if ((ADHOC_ON(pAd) && (Elem->Wcid == RESERVED_WCID)) ||
+                                       (pEntry && ((pEntry->LastBeaconRxTime + ADHOC_ENTRY_BEACON_LOST_TIME) < Now)))
+                                               {
+                                       if (pEntry == NULL)
+                                               // Another adhoc joining, add to our MAC table.
+                                               pEntry = MacTableInsertEntry(pAd, Addr2, BSS0, FALSE);
+
+                                       if (StaAddMacTableEntry(pAd,
+                                                                                       pEntry,
+                                                                                       MaxSupportedRateIn500Kbps,
+                                                                                       &HtCapability,
+                                                                                       HtCapabilityLen,
+                                                                                       &AddHtInfo,
+                                                                                       AddHtInfoLen,
+                                                                                       CapabilityInfo) == FALSE)
+                                       {
+                                               DBGPRINT(RT_DEBUG_TRACE, ("ADHOC - Add Entry failed.\n"));
+                                               return;
+                                       }
+
+                                       if (pEntry &&
+                                               (Elem->Wcid == RESERVED_WCID))
+                               {
+                                               idx = pAd->StaCfg.DefaultKeyId;
+                                               RTMP_STA_SECURITY_INFO_ADD(pAd, BSS0, idx, pEntry);
+                               }
+                               }
+
+                               if (pEntry && pEntry->ValidAsCLI)
+                                       pEntry->LastBeaconRxTime = Now;
+
+                               // At least another peer in this IBSS, declare MediaState as CONNECTED
+                               if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED))
+                               {
+                                       OPSTATUS_SET_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED);
+
+                                       pAd->IndicateMediaState = NdisMediaStateConnected;
+                                       RTMP_IndicateMediaState(pAd);
+                       pAd->ExtraInfo = GENERAL_LINK_UP;
+                                       AsicSetBssid(pAd, pAd->CommonCfg.Bssid);
+
+                                       // 2003/03/12 - john
+                                       // Make sure this entry in "ScanTab" table, thus complies to Microsoft's policy that
+                                       // "site survey" result should always include the current connected network.
+                                       //
+                                       Bssidx = BssTableSearch(&pAd->ScanTab, Bssid, Channel);
+                                       if (Bssidx == BSS_NOT_FOUND)
+                                       {
+                                               Bssidx = BssTableSetEntry(pAd, &pAd->ScanTab, Bssid, Ssid, SsidLen, BssType, BeaconPeriod,
+                                                                       &CfParm, AtimWin, CapabilityInfo, SupRate, SupRateLen, ExtRate, ExtRateLen, &HtCapability,
+                                                                       &AddHtInfo, HtCapabilityLen, AddHtInfoLen, NewExtChannelOffset, Channel, RealRssi, TimeStamp, 0,
+                                                                       &EdcaParm, &QosCapability, &QbssLoad, LenVIE, pVIE);
+                                       }
+                                       DBGPRINT(RT_DEBUG_TRACE, ("ADHOC  fOP_STATUS_MEDIA_STATE_CONNECTED.\n"));
+                               }
+                       }
+
+                       if (INFRA_ON(pAd))
+                       {
+                               BOOLEAN bUseShortSlot, bUseBGProtection;
+
+                               // decide to use/change to -
+                               //      1. long slot (20 us) or short slot (9 us) time
+                               //      2. turn on/off RTS/CTS and/or CTS-to-self protection
+                               //      3. short preamble
+
+                               //bUseShortSlot = pAd->CommonCfg.bUseShortSlotTime && CAP_IS_SHORT_SLOT(CapabilityInfo);
+                               bUseShortSlot = CAP_IS_SHORT_SLOT(CapabilityInfo);
+                               if (bUseShortSlot != OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SHORT_SLOT_INUSED))
+                                       AsicSetSlotTime(pAd, bUseShortSlot);
+
+                               bUseBGProtection = (pAd->CommonCfg.UseBGProtection == 1) ||    // always use
+                                                                  ((pAd->CommonCfg.UseBGProtection == 0) && ERP_IS_USE_PROTECTION(Erp));
+
+                               if (pAd->CommonCfg.Channel > 14) // always no BG protection in A-band. falsely happened when switching A/G band to a dual-band AP
+                                       bUseBGProtection = FALSE;
+
+                               if (bUseBGProtection != OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED))
+                               {
+                                       if (bUseBGProtection)
+                                       {
+                                               OPSTATUS_SET_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED);
+                                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, (OFDMSETPROTECT|CCKSETPROTECT|ALLN_SETPROTECT),FALSE,(pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent == 1));
+                                       }
+                                       else
+                                       {
+                                               OPSTATUS_CLEAR_FLAG(pAd, fOP_STATUS_BG_PROTECTION_INUSED);
+                                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, (OFDMSETPROTECT|CCKSETPROTECT|ALLN_SETPROTECT),TRUE,(pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent == 1));
+                                       }
+
+                                       DBGPRINT(RT_DEBUG_WARN, ("SYNC - AP changed B/G protection to %d\n", bUseBGProtection));
+                               }
+
+#ifdef DOT11_N_SUPPORT
+                               // check Ht protection mode. and adhere to the Non-GF device indication by AP.
+                               if ((AddHtInfoLen != 0) &&
+                                       ((AddHtInfo.AddHtInfo2.OperaionMode != pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode) ||
+                                       (AddHtInfo.AddHtInfo2.NonGfPresent != pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent)))
+                               {
+                                       pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent = AddHtInfo.AddHtInfo2.NonGfPresent;
+                                       pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode = AddHtInfo.AddHtInfo2.OperaionMode;
+                                       if (pAd->MlmeAux.AddHtInfo.AddHtInfo2.NonGfPresent == 1)
+                               {
+                                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, ALLN_SETPROTECT, FALSE, TRUE);
+                                       }
+                                       else
+                                               AsicUpdateProtect(pAd, pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode, ALLN_SETPROTECT, FALSE, FALSE);
+
+                                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - AP changed N OperaionMode to %d\n", pAd->MlmeAux.AddHtInfo.AddHtInfo2.OperaionMode));
+                               }
+#endif // DOT11_N_SUPPORT //
+
+                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_SHORT_PREAMBLE_INUSED) &&
+                                       ERP_IS_USE_BARKER_PREAMBLE(Erp))
+                               {
+                                       MlmeSetTxPreamble(pAd, Rt802_11PreambleLong);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - AP forced to use LONG preamble\n"));
+                               }
+
+                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_WMM_INUSED)    &&
+                                       (EdcaParm.bValid == TRUE)                          &&
+                                       (EdcaParm.EdcaUpdateCount != pAd->CommonCfg.APEdcaParm.EdcaUpdateCount))
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - AP change EDCA parameters(from %d to %d)\n",
+                                               pAd->CommonCfg.APEdcaParm.EdcaUpdateCount,
+                                               EdcaParm.EdcaUpdateCount));
+                                       AsicSetEdcaParm(pAd, &EdcaParm);
+                               }
+
+                               // copy QOS related information
+                               NdisMoveMemory(&pAd->CommonCfg.APQbssLoad, &QbssLoad, sizeof(QBSS_LOAD_PARM));
+                               NdisMoveMemory(&pAd->CommonCfg.APQosCapability, &QosCapability, sizeof(QOS_CAPABILITY_PARM));
+                       }
+
+                       // only INFRASTRUCTURE mode support power-saving feature
+                       if ((INFRA_ON(pAd) && (pAd->StaCfg.Psm == PWR_SAVE)) || (pAd->CommonCfg.bAPSDForcePowerSave))
+                       {
+                               UCHAR FreeNumber;
+                               //  1. AP has backlogged unicast-to-me frame, stay AWAKE, send PSPOLL
+                               //  2. AP has backlogged broadcast/multicast frame and we want those frames, stay AWAKE
+                               //  3. we have outgoing frames in TxRing or MgmtRing, better stay AWAKE
+                               //  4. Psm change to PWR_SAVE, but AP not been informed yet, we better stay AWAKE
+                               //  5. otherwise, put PHY back to sleep to save battery.
+                               if (MessageToMe)
+                               {
+#ifdef RTMP_MAC_PCI
+                                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+                                       {
+                                               // Restore to correct BBP R3 value
+                                               if (pAd->Antenna.field.RxPath > 1)
+                                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, pAd->StaCfg.BBPR3);
+                                               // Turn clk to 80Mhz.
+                                       }
+#endif // RTMP_MAC_PCI //
+                                       if (pAd->CommonCfg.bAPSDCapable && pAd->CommonCfg.APEdcaParm.bAPSDCapable &&
+                                               pAd->CommonCfg.bAPSDAC_BE && pAd->CommonCfg.bAPSDAC_BK && pAd->CommonCfg.bAPSDAC_VI && pAd->CommonCfg.bAPSDAC_VO)
+                                       {
+                                               pAd->CommonCfg.bNeedSendTriggerFrame = TRUE;
+                                       }
+                                       else
+                                               RTMP_PS_POLL_ENQUEUE(pAd);
+                               }
+                               else if (BcastFlag && (DtimCount == 0) && OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM))
+                               {
+#ifdef RTMP_MAC_PCI
+                                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+                                       {
+                                               if (pAd->Antenna.field.RxPath > 1)
+                                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, pAd->StaCfg.BBPR3);
+                                       }
+#endif // RTMP_MAC_PCI //
+                               }
+                               else if ((pAd->TxSwQueue[QID_AC_BK].Number != 0)                                                                                                        ||
+                                               (pAd->TxSwQueue[QID_AC_BE].Number != 0)                                                                                                         ||
+                                               (pAd->TxSwQueue[QID_AC_VI].Number != 0)                                                                                                         ||
+                                               (pAd->TxSwQueue[QID_AC_VO].Number != 0)                                                                                                         ||
+                                               (RTMPFreeTXDRequest(pAd, QID_AC_BK, TX_RING_SIZE - 1, &FreeNumber) != NDIS_STATUS_SUCCESS)      ||
+                                               (RTMPFreeTXDRequest(pAd, QID_AC_BE, TX_RING_SIZE - 1, &FreeNumber) != NDIS_STATUS_SUCCESS)      ||
+                                               (RTMPFreeTXDRequest(pAd, QID_AC_VI, TX_RING_SIZE - 1, &FreeNumber) != NDIS_STATUS_SUCCESS)      ||
+                                               (RTMPFreeTXDRequest(pAd, QID_AC_VO, TX_RING_SIZE - 1, &FreeNumber) != NDIS_STATUS_SUCCESS)      ||
+                                               (RTMPFreeTXDRequest(pAd, QID_MGMT, MGMT_RING_SIZE - 1, &FreeNumber) != NDIS_STATUS_SUCCESS))
+                               {
+                                       // TODO: consider scheduled HCCA. might not be proper to use traditional DTIM-based power-saving scheme
+                                       // can we cheat here (i.e. just check MGMT & AC_BE) for better performance?
+#ifdef RTMP_MAC_PCI
+                                       if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_PCIE_DEVICE))
+                                       {
+                                               if (pAd->Antenna.field.RxPath > 1)
+                                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAd, BBP_R3, pAd->StaCfg.BBPR3);
+                                       }
+#endif // RTMP_MAC_PCI //
+                               }
+                               else
+                               {
+                                       if ((pAd->CommonCfg.bACMAPSDTr[QID_AC_VO]) ||
+                                               (pAd->CommonCfg.bACMAPSDTr[QID_AC_VI]) ||
+                                               (pAd->CommonCfg.bACMAPSDTr[QID_AC_BK]) ||
+                                               (pAd->CommonCfg.bACMAPSDTr[QID_AC_BE]))
+                                       {
+                                               /*
+                                                       WMM Spec v1.0 3.6.2.4,
+                                                       The WMM STA shall remain awake until it receives a
+                                                       QoS Data or Null frame addressed to it, with the
+                                                       EOSP subfield in QoS Control field set to 1.
+
+                                                       So we can not sleep here or we will suffer a case:
+
+                                                       PS Management Frame -->
+                                                       Trigger frame -->
+                                                       Beacon (TIM=0) (Beacon is closer to Trig frame) -->
+                                                       Station goes to sleep -->
+                                                       AP delivery queued UAPSD packets -->
+                                                       Station can NOT receive the reply
+
+                                                       Maybe we need a timeout timer to avoid that we do
+                                                       NOT receive the EOSP frame.
+
+                                                       We can not use More Data to check if SP is ended
+                                                       due to MaxSPLength.
+                                               */
+                                       }
+                                       else
+                                       {
+                                               USHORT NextDtim = DtimCount;
+
+
+                                               if (NextDtim == 0)
+                                                       NextDtim = DtimPeriod;
+
+                                               TbttNumToNextWakeUp = pAd->StaCfg.DefaultListenCount;
+                                               if (OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_RECEIVE_DTIM) && (TbttNumToNextWakeUp > NextDtim))
+                                                       TbttNumToNextWakeUp = NextDtim;
+
+                                               if (!OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_DOZE))
+                                               {
+                                                       // Set a flag to go to sleep . Then after parse this RxDoneInterrupt, will go to sleep mode.
+                                                       pAd->ThisTbttNumToNextWakeUp = TbttNumToNextWakeUp;
+                                                       AsicSleepThenAutoWakeup(pAd, pAd->ThisTbttNumToNextWakeUp);
+
+                                               }
+                                       }
+                               }
+                       }
+               }
+               // not my BSSID, ignore it
+       }
+       // sanity check fail, ignore this frame
+}
+
+/*
+       ==========================================================================
+       Description:
+               Receive PROBE REQ from remote peer when operating in IBSS mode
+       ==========================================================================
+ */
+VOID PeerProbeReqAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       UCHAR         Addr2[MAC_ADDR_LEN];
+       CHAR          Ssid[MAX_LEN_OF_SSID];
+       UCHAR         SsidLen;
+#ifdef DOT11_N_SUPPORT
+       UCHAR             HtLen, AddHtLen, NewExtLen;
+#endif // DOT11_N_SUPPORT //
+       HEADER_802_11 ProbeRspHdr;
+       NDIS_STATUS   NStatus;
+       PUCHAR        pOutBuffer = NULL;
+       ULONG         FrameLen = 0;
+       LARGE_INTEGER FakeTimestamp;
+       UCHAR         DsLen = 1, IbssLen = 2;
+       UCHAR         LocalErpIe[3] = {IE_ERP, 1, 0};
+       BOOLEAN       Privacy;
+       USHORT        CapabilityInfo;
+       UCHAR             RSNIe = IE_WPA;
+
+       if (! ADHOC_ON(pAd))
+               return;
+
+       if (PeerProbeReqSanity(pAd, Elem->Msg, Elem->MsgLen, Addr2, Ssid, &SsidLen))
+       {
+               if ((SsidLen == 0) || SSID_EQUAL(Ssid, SsidLen, pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen))
+               {
+                       // allocate and send out ProbeRsp frame
+                       NStatus = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+                       if (NStatus != NDIS_STATUS_SUCCESS)
+                               return;
+
+                       //pAd->StaCfg.AtimWin = 0;  // ??????
+
+                       Privacy = (pAd->StaCfg.WepStatus == Ndis802_11Encryption1Enabled) ||
+                                         (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) ||
+                                         (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled);
+                       CapabilityInfo = CAP_GENERATE(0, 1, Privacy, (pAd->CommonCfg.TxPreamble == Rt802_11PreambleShort), 0, 0);
+
+                       MakeOutgoingFrame(pOutBuffer,                   &FrameLen,
+                                                         sizeof(HEADER_802_11),        &ProbeRspHdr,
+                                                         TIMESTAMP_LEN,                &FakeTimestamp,
+                                                         2,                            &pAd->CommonCfg.BeaconPeriod,
+                                                         2,                            &CapabilityInfo,
+                                                         1,                            &SsidIe,
+                                                         1,                            &pAd->CommonCfg.SsidLen,
+                                                         pAd->CommonCfg.SsidLen,       pAd->CommonCfg.Ssid,
+                                                         1,                            &SupRateIe,
+                                                         1,                            &pAd->StaActive.SupRateLen,
+                                                         pAd->StaActive.SupRateLen,    pAd->StaActive.SupRate,
+                                                         1,                            &DsIe,
+                                                         1,                            &DsLen,
+                                                         1,                            &pAd->CommonCfg.Channel,
+                                                         1,                            &IbssIe,
+                                                         1,                            &IbssLen,
+                                                         2,                            &pAd->StaActive.AtimWin,
+                                                         END_OF_ARGS);
+
+                       if (pAd->StaActive.ExtRateLen)
+                       {
+                               ULONG tmp;
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,        &tmp,
+                                                                 3,                            LocalErpIe,
+                                                                 1,                            &ExtRateIe,
+                                                                 1,                            &pAd->StaActive.ExtRateLen,
+                                                                 pAd->StaActive.ExtRateLen,    &pAd->StaActive.ExtRate,
+                                                                 END_OF_ARGS);
+                               FrameLen += tmp;
+                       }
+
+                       // If adhoc secruity is set for WPA-None, append the cipher suite IE
+                       if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+                       {
+                               ULONG tmp;
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,                &tmp,
+                                                                       1,                              &RSNIe,
+                                                                       1,                              &pAd->StaCfg.RSNIE_Len,
+                                                                       pAd->StaCfg.RSNIE_Len,          pAd->StaCfg.RSN_IE,
+                                                                       END_OF_ARGS);
+                               FrameLen += tmp;
+                       }
+#ifdef DOT11_N_SUPPORT
+                       if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED)
+                       {
+                               ULONG TmpLen;
+                               UCHAR   BROADCOM[4] = {0x0, 0x90, 0x4c, 0x33};
+                               HtLen = sizeof(pAd->CommonCfg.HtCapability);
+                               AddHtLen = sizeof(pAd->CommonCfg.AddHTInfo);
+                               NewExtLen = 1;
+                               //New extension channel offset IE is included in Beacon, Probe Rsp or channel Switch Announcement Frame
+                               if (pAd->bBroadComHT == TRUE)
+                               {
+                                       MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                                 1,                                &WpaIe,
+                                                                 4,                                &BROADCOM[0],
+                                                                pAd->MlmeAux.HtCapabilityLen,          &pAd->MlmeAux.HtCapability,
+                                                                 END_OF_ARGS);
+                               }
+                               else
+                               {
+                               MakeOutgoingFrame(pOutBuffer + FrameLen,            &TmpLen,
+                                                                 1,                                &HtCapIe,
+                                                                 1,                                &HtLen,
+                                                                sizeof(HT_CAPABILITY_IE),          &pAd->CommonCfg.HtCapability,
+                                                                 1,                                &AddHtInfoIe,
+                                                                 1,                                &AddHtLen,
+                                                                sizeof(ADD_HT_INFO_IE),          &pAd->CommonCfg.AddHTInfo,
+                                                                 1,                                &NewExtChanIe,
+                                                                 1,                                &NewExtLen,
+                                                                sizeof(NEW_EXT_CHAN_IE),          &pAd->CommonCfg.NewExtChanOffset,
+                                                                 END_OF_ARGS);
+                               }
+                               FrameLen += TmpLen;
+                       }
+#endif // DOT11_N_SUPPORT //
+                       MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+                       MlmeFreeMemory(pAd, pOutBuffer);
+               }
+       }
+}
+
+VOID BeaconTimeoutAtJoinAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("SYNC - BeaconTimeoutAtJoinAction\n"));
+       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+       Status = MLME_REJ_TIMEOUT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_JOIN_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+               Scan timeout procedure. basically add channel index by 1 and rescan
+       ==========================================================================
+ */
+VOID ScanTimeoutAction(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       pAd->MlmeAux.Channel = NextChannel(pAd, pAd->MlmeAux.Channel);
+
+       // Only one channel scanned for CISCO beacon request
+       if ((pAd->MlmeAux.ScanType == SCAN_CISCO_ACTIVE) ||
+               (pAd->MlmeAux.ScanType == SCAN_CISCO_PASSIVE) ||
+               (pAd->MlmeAux.ScanType == SCAN_CISCO_NOISE) ||
+               (pAd->MlmeAux.ScanType == SCAN_CISCO_CHANNEL_LOAD))
+               pAd->MlmeAux.Channel = 0;
+
+       // this routine will stop if pAd->MlmeAux.Channel == 0
+       ScanNextChannel(pAd);
+}
+
+/*
+       ==========================================================================
+       Description:
+       ==========================================================================
+ */
+VOID InvalidStateWhenScan(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("AYNC - InvalidStateWhenScan(state=%ld). Reset SYNC machine\n", pAd->Mlme.SyncMachine.CurrState));
+       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_SCAN_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+       ==========================================================================
+ */
+VOID InvalidStateWhenJoin(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("InvalidStateWhenJoin(state=%ld). Reset SYNC machine\n", pAd->Mlme.SyncMachine.CurrState));
+       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_JOIN_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+       ==========================================================================
+ */
+VOID InvalidStateWhenStart(
+       IN PRTMP_ADAPTER pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       USHORT Status;
+       DBGPRINT(RT_DEBUG_TRACE, ("InvalidStateWhenStart(state=%ld). Reset SYNC machine\n", pAd->Mlme.SyncMachine.CurrState));
+       pAd->Mlme.SyncMachine.CurrState = SYNC_IDLE;
+       Status = MLME_STATE_MACHINE_REJECT;
+       MlmeEnqueue(pAd, MLME_CNTL_STATE_MACHINE, MT2_START_CONF, 2, &Status);
+}
+
+/*
+       ==========================================================================
+       Description:
+
+       IRQL = DISPATCH_LEVEL
+
+       ==========================================================================
+ */
+VOID EnqueuePsPoll(
+       IN PRTMP_ADAPTER pAd)
+{
+#ifdef RALINK_ATE
+    if (ATE_ON(pAd))
+    {
+               return;
+    }
+#endif // RALINK_ATE //
+
+
+       if (pAd->StaCfg.WindowsPowerMode == Ndis802_11PowerModeLegacy_PSP)
+       pAd->PsPollFrame.FC.PwrMgmt = PWR_SAVE;
+       MiniportMMRequest(pAd, 0, (PUCHAR)&pAd->PsPollFrame, sizeof(PSPOLL_FRAME));
+}
+
+
+/*
+       ==========================================================================
+       Description:
+       ==========================================================================
+ */
+VOID EnqueueProbeRequest(
+       IN PRTMP_ADAPTER pAd)
+{
+       NDIS_STATUS     NState;
+       PUCHAR          pOutBuffer;
+       ULONG           FrameLen = 0;
+       HEADER_802_11   Hdr80211;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("force out a ProbeRequest ...\n"));
+
+       NState = MlmeAllocateMemory(pAd, &pOutBuffer);  //Get an unused nonpaged memory
+       if (NState == NDIS_STATUS_SUCCESS)
+       {
+               MgtMacHeaderInit(pAd, &Hdr80211, SUBTYPE_PROBE_REQ, 0, BROADCAST_ADDR, BROADCAST_ADDR);
+
+               // this ProbeRequest explicitly specify SSID to reduce unwanted ProbeResponse
+               MakeOutgoingFrame(pOutBuffer,                     &FrameLen,
+                                                 sizeof(HEADER_802_11),          &Hdr80211,
+                                                 1,                              &SsidIe,
+                                                 1,                              &pAd->CommonCfg.SsidLen,
+                                                 pAd->CommonCfg.SsidLen,                 pAd->CommonCfg.Ssid,
+                                                 1,                              &SupRateIe,
+                                                 1,                              &pAd->StaActive.SupRateLen,
+                                                 pAd->StaActive.SupRateLen,      pAd->StaActive.SupRate,
+                                                 END_OF_ARGS);
+               MiniportMMRequest(pAd, 0, pOutBuffer, FrameLen);
+               MlmeFreeMemory(pAd, pOutBuffer);
+       }
+
+}
+
+#ifdef DOT11_N_SUPPORT
+#ifdef DOT11N_DRAFT3
+VOID BuildEffectedChannelList(
+       IN PRTMP_ADAPTER pAd)
+{
+       UCHAR           EChannel[11];
+       UCHAR           i, j, k;
+       UCHAR           UpperChannel = 0, LowerChannel = 0;
+
+       RTMPZeroMemory(EChannel, 11);
+       i = 0;
+       // Find upper channel and lower channel.
+       if (pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel)
+       {
+               UpperChannel = pAd->CommonCfg.Channel;
+               LowerChannel = pAd->CommonCfg.CentralChannel;
+       }
+       else if (pAd->CommonCfg.CentralChannel > pAd->CommonCfg.Channel)
+       {
+               UpperChannel = pAd->CommonCfg.CentralChannel;
+               LowerChannel = pAd->CommonCfg.Channel;
+       }
+       else
+       {
+               return;
+       }
+
+       // Record channels that is below lower channel..
+       if (LowerChannel > 1)
+       {
+               EChannel[0] = LowerChannel - 1;
+               i = 1;
+               if (LowerChannel > 2)
+               {
+                       EChannel[1] = LowerChannel - 2;
+                       i = 2;
+                       if (LowerChannel > 3)
+                       {
+                               EChannel[2] = LowerChannel - 3;
+                               i = 3;
+                       }
+               }
+       }
+       // Record channels that is between  lower channel and upper channel.
+       for (k = LowerChannel;k < UpperChannel;k++)
+       {
+               EChannel[i] = k;
+               i++;
+       }
+       // Record channels that is above upper channel..
+       if (LowerChannel < 11)
+       {
+               EChannel[i] = UpperChannel + 1;
+               i++;
+               if (LowerChannel < 10)
+               {
+                       EChannel[i] = LowerChannel + 2;
+                       i++;
+                       if (LowerChannel < 9)
+                       {
+                               EChannel[i] = LowerChannel + 3;
+                               i++;
+                       }
+               }
+       }
+       //
+       for (j = 0;j < i;j++)
+       {
+               for (k = 0;k < pAd->ChannelListNum;k++)
+               {
+                       if (pAd->ChannelList[k].Channel == EChannel[j])
+                       {
+                               pAd->ChannelList[k].bEffectedChannel = TRUE;
+                               DBGPRINT(RT_DEBUG_TRACE,(" EffectedChannel( =%d)\n", EChannel[j]));
+                               break;
+                       }
+               }
+       }
+}
+#endif // DOT11N_DRAFT3 //
+#endif // DOT11_N_SUPPORT //
+
+BOOLEAN ScanRunning(
+               IN PRTMP_ADAPTER pAd)
+{
+       return (pAd->Mlme.SyncMachine.CurrState == SCAN_LISTEN) ? TRUE : FALSE;
+}
diff --git a/drivers/staging/rt3090/sta/wpa.c b/drivers/staging/rt3090/sta/wpa.c
new file mode 100644 (file)
index 0000000..2dbdba5
--- /dev/null
@@ -0,0 +1,396 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       wpa.c
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Jan     Lee             03-07-22                Initial
+       Paul Lin        03-11-28                Modify for supplicant
+*/
+
+#include "../rt_config.h"
+
+
+void inc_byte_array(UCHAR *counter, int len);
+
+/*
+       ========================================================================
+
+       Routine Description:
+               Process MIC error indication and record MIC error timer.
+
+       Arguments:
+               pAd     Pointer to our adapter
+               pWpaKey                 Pointer to the WPA key structure
+
+       Return Value:
+               None
+
+       IRQL = DISPATCH_LEVEL
+
+       Note:
+
+       ========================================================================
+*/
+VOID   RTMPReportMicError(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PCIPHER_KEY     pWpaKey)
+{
+       ULONG   Now;
+    UCHAR   unicastKey = (pWpaKey->Type == PAIRWISE_KEY ? 1:0);
+
+       // Record Last MIC error time and count
+       NdisGetSystemUpTime(&Now);
+       if (pAd->StaCfg.MicErrCnt == 0)
+       {
+               pAd->StaCfg.MicErrCnt++;
+               pAd->StaCfg.LastMicErrorTime = Now;
+        NdisZeroMemory(pAd->StaCfg.ReplayCounter, 8);
+       }
+       else if (pAd->StaCfg.MicErrCnt == 1)
+       {
+               if ((pAd->StaCfg.LastMicErrorTime + (60 * OS_HZ)) < Now)
+               {
+                       // Update Last MIC error time, this did not violate two MIC errors within 60 seconds
+                       pAd->StaCfg.LastMicErrorTime = Now;
+               }
+               else
+               {
+
+                       if (pAd->CommonCfg.bWirelessEvent)
+                               RTMPSendWirelessEvent(pAd, IW_COUNTER_MEASURES_EVENT_FLAG, pAd->MacTab.Content[BSSID_WCID].Addr, BSS0, 0);
+
+                       pAd->StaCfg.LastMicErrorTime = Now;
+                       // Violate MIC error counts, MIC countermeasures kicks in
+                       pAd->StaCfg.MicErrCnt++;
+                       // We shall block all reception
+                       // We shall clean all Tx ring and disassoicate from AP after next EAPOL frame
+                       //
+                       // No necessary to clean all Tx ring, on RTMPHardTransmit will stop sending non-802.1X EAPOL packets
+                       // if pAd->StaCfg.MicErrCnt greater than 2.
+                       //
+                       // RTMPRingCleanUp(pAd, QID_AC_BK);
+                       // RTMPRingCleanUp(pAd, QID_AC_BE);
+                       // RTMPRingCleanUp(pAd, QID_AC_VI);
+                       // RTMPRingCleanUp(pAd, QID_AC_VO);
+                       // RTMPRingCleanUp(pAd, QID_HCCA);
+               }
+       }
+       else
+       {
+               // MIC error count >= 2
+               // This should not happen
+               ;
+       }
+    MlmeEnqueue(pAd,
+                               MLME_CNTL_STATE_MACHINE,
+                               OID_802_11_MIC_FAILURE_REPORT_FRAME,
+                               1,
+                               &unicastKey);
+
+    if (pAd->StaCfg.MicErrCnt == 2)
+    {
+        RTMPSetTimer(&pAd->StaCfg.WpaDisassocAndBlockAssocTimer, 100);
+    }
+}
+
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+#define        LENGTH_EAP_H    4
+// If the received frame is EAP-Packet ,find out its EAP-Code (Request(0x01), Response(0x02), Success(0x03), Failure(0x04)).
+INT        WpaCheckEapCode(
+       IN  PRTMP_ADAPTER               pAd,
+       IN  PUCHAR                              pFrame,
+       IN  USHORT                              FrameLen,
+       IN  USHORT                              OffSet)
+{
+
+       PUCHAR  pData;
+       INT     result = 0;
+
+       if( FrameLen < OffSet + LENGTH_EAPOL_H + LENGTH_EAP_H )
+               return result;
+
+       pData = pFrame + OffSet; // skip offset bytes
+
+       if(*(pData+1) == EAPPacket)     // 802.1x header - Packet Type
+       {
+                result = *(pData+4);           // EAP header - Code
+       }
+
+       return result;
+}
+
+VOID    WpaSendMicFailureToWpaSupplicant(
+    IN  PRTMP_ADAPTER    pAd,
+    IN  BOOLEAN          bUnicast)
+{
+       char custom[IW_CUSTOM_MAX] = {0};
+
+       sprintf(custom, "MLME-MICHAELMICFAILURE.indication");
+       if(bUnicast)
+               sprintf(custom, "%s unicast", custom);
+
+       RtmpOSWrielessEventSend(pAd, IWEVCUSTOM, -1, NULL, (PUCHAR)custom, strlen(custom));
+
+       return;
+}
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+VOID   WpaMicFailureReportFrame(
+       IN  PRTMP_ADAPTER   pAd,
+       IN MLME_QUEUE_ELEM *Elem)
+{
+       PUCHAR              pOutBuffer = NULL;
+       UCHAR               Header802_3[14];
+       ULONG               FrameLen = 0;
+       EAPOL_PACKET        Packet;
+       UCHAR               Mic[16];
+    BOOLEAN             bUnicast;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("WpaMicFailureReportFrame ----->\n"));
+
+    bUnicast = (Elem->Msg[0] == 1 ? TRUE:FALSE);
+       pAd->Sequence = ((pAd->Sequence) + 1) & (MAX_SEQ_NUMBER);
+
+       // init 802.3 header and Fill Packet
+       MAKE_802_3_HEADER(Header802_3, pAd->CommonCfg.Bssid, pAd->CurrentAddress, EAPOL);
+
+       NdisZeroMemory(&Packet, sizeof(Packet));
+       Packet.ProVer   = EAPOL_VER;
+       Packet.ProType  = EAPOLKey;
+
+       Packet.KeyDesc.Type = WPA1_KEY_DESC;
+
+    // Request field presented
+    Packet.KeyDesc.KeyInfo.Request = 1;
+
+       if(pAd->StaCfg.WepStatus  == Ndis802_11Encryption3Enabled)
+       {
+               Packet.KeyDesc.KeyInfo.KeyDescVer = 2;
+       }
+       else      // TKIP
+       {
+               Packet.KeyDesc.KeyInfo.KeyDescVer = 1;
+       }
+
+    Packet.KeyDesc.KeyInfo.KeyType = (bUnicast ? PAIRWISEKEY : GROUPKEY);
+
+       // KeyMic field presented
+       Packet.KeyDesc.KeyInfo.KeyMic  = 1;
+
+    // Error field presented
+       Packet.KeyDesc.KeyInfo.Error  = 1;
+
+       // Update packet length after decide Key data payload
+       SET_UINT16_TO_ARRARY(Packet.Body_Len, LEN_EAPOL_KEY_MSG)
+
+       // Key Replay Count
+       NdisMoveMemory(Packet.KeyDesc.ReplayCounter, pAd->StaCfg.ReplayCounter, LEN_KEY_DESC_REPLAY);
+    inc_byte_array(pAd->StaCfg.ReplayCounter, 8);
+
+       // Convert to little-endian format.
+       *((USHORT *)&Packet.KeyDesc.KeyInfo) = cpu2le16(*((USHORT *)&Packet.KeyDesc.KeyInfo));
+
+
+       MlmeAllocateMemory(pAd, (PUCHAR *)&pOutBuffer);  // allocate memory
+       if(pOutBuffer == NULL)
+       {
+               return;
+       }
+
+       // Prepare EAPOL frame for MIC calculation
+       // Be careful, only EAPOL frame is counted for MIC calculation
+       MakeOutgoingFrame(pOutBuffer,               &FrameLen,
+                             CONV_ARRARY_TO_UINT16(Packet.Body_Len) + 4,   &Packet,
+                             END_OF_ARGS);
+
+       // Prepare and Fill MIC value
+       NdisZeroMemory(Mic, sizeof(Mic));
+       if(pAd->StaCfg.WepStatus  == Ndis802_11Encryption3Enabled)
+       {       // AES
+        UCHAR digest[20] = {0};
+               HMAC_SHA1(pAd->StaCfg.PTK, LEN_EAP_MICK, pOutBuffer, FrameLen, digest, SHA1_DIGEST_SIZE);
+               NdisMoveMemory(Mic, digest, LEN_KEY_DESC_MIC);
+       }
+       else
+       {       // TKIP
+               HMAC_MD5(pAd->StaCfg.PTK,  LEN_EAP_MICK, pOutBuffer, FrameLen, Mic, MD5_DIGEST_SIZE);
+       }
+       NdisMoveMemory(Packet.KeyDesc.KeyMic, Mic, LEN_KEY_DESC_MIC);
+
+       // copy frame to Tx ring and send MIC failure report frame to authenticator
+       RTMPToWirelessSta(pAd, &pAd->MacTab.Content[BSSID_WCID],
+                                         Header802_3, LENGTH_802_3,
+                                         (PUCHAR)&Packet,
+                                         CONV_ARRARY_TO_UINT16(Packet.Body_Len) + 4, FALSE);
+
+       MlmeFreeMemory(pAd, (PUCHAR)pOutBuffer);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("WpaMicFailureReportFrame <-----\n"));
+}
+
+/** from wpa_supplicant
+ * inc_byte_array - Increment arbitrary length byte array by one
+ * @counter: Pointer to byte array
+ * @len: Length of the counter in bytes
+ *
+ * This function increments the last byte of the counter by one and continues
+ * rolling over to more significant bytes if the byte was incremented from
+ * 0xff to 0x00.
+ */
+void inc_byte_array(UCHAR *counter, int len)
+{
+       int pos = len - 1;
+       while (pos >= 0) {
+               counter[pos]++;
+               if (counter[pos] != 0)
+                       break;
+               pos--;
+       }
+}
+
+VOID WpaDisassocApAndBlockAssoc(
+    IN PVOID SystemSpecific1,
+    IN PVOID FunctionContext,
+    IN PVOID SystemSpecific2,
+    IN PVOID SystemSpecific3)
+{
+    RTMP_ADAPTER                *pAd = (PRTMP_ADAPTER)FunctionContext;
+    MLME_DISASSOC_REQ_STRUCT    DisassocReq;
+
+       // disassoc from current AP first
+       DBGPRINT(RT_DEBUG_TRACE, ("RTMPReportMicError - disassociate with current AP after sending second continuous EAPOL frame\n"));
+       DisassocParmFill(pAd, &DisassocReq, pAd->CommonCfg.Bssid, REASON_MIC_FAILURE);
+       MlmeEnqueue(pAd, ASSOC_STATE_MACHINE, MT2_MLME_DISASSOC_REQ, sizeof(MLME_DISASSOC_REQ_STRUCT), &DisassocReq);
+
+       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_DISASSOC;
+       pAd->StaCfg.bBlockAssoc = TRUE;
+}
+
+VOID WpaStaPairwiseKeySetting(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       PCIPHER_KEY pSharedKey;
+       PMAC_TABLE_ENTRY pEntry;
+
+       pEntry = &pAd->MacTab.Content[BSSID_WCID];
+
+       // Pairwise key shall use key#0
+       pSharedKey = &pAd->SharedKey[BSS0][0];
+
+       NdisMoveMemory(pAd->StaCfg.PTK, pEntry->PTK, LEN_PTK);
+
+       // Prepare pair-wise key information into shared key table
+       NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
+       pSharedKey->KeyLen = LEN_TKIP_EK;
+    NdisMoveMemory(pSharedKey->Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
+       NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
+       NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
+
+       // Decide its ChiperAlg
+       if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+               pSharedKey->CipherAlg = CIPHER_TKIP;
+       else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+               pSharedKey->CipherAlg = CIPHER_AES;
+       else
+               pSharedKey->CipherAlg = CIPHER_NONE;
+
+       // Update these related information to MAC_TABLE_ENTRY
+       NdisMoveMemory(pEntry->PairwiseKey.Key, &pAd->StaCfg.PTK[32], LEN_TKIP_EK);
+       NdisMoveMemory(pEntry->PairwiseKey.RxMic, &pAd->StaCfg.PTK[48], LEN_TKIP_RXMICK);
+       NdisMoveMemory(pEntry->PairwiseKey.TxMic, &pAd->StaCfg.PTK[48+LEN_TKIP_RXMICK], LEN_TKIP_TXMICK);
+       pEntry->PairwiseKey.CipherAlg = pSharedKey->CipherAlg;
+
+       // Update pairwise key information to ASIC Shared Key Table
+       AsicAddSharedKeyEntry(pAd,
+                                                 BSS0,
+                                                 0,
+                                                 pSharedKey->CipherAlg,
+                                                 pSharedKey->Key,
+                                                 pSharedKey->TxMic,
+                                                 pSharedKey->RxMic);
+
+       // Update ASIC WCID attribute table and IVEIV table
+       RTMPAddWcidAttributeEntry(pAd,
+                                                         BSS0,
+                                                         0,
+                                                         pSharedKey->CipherAlg,
+                                                         pEntry);
+       STA_PORT_SECURED(pAd);
+       pAd->IndicateMediaState = NdisMediaStateConnected;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("%s : AID(%d) port secured\n", __FUNCTION__, pEntry->Aid));
+
+}
+
+VOID WpaStaGroupKeySetting(
+       IN      PRTMP_ADAPTER   pAd)
+{
+       PCIPHER_KEY             pSharedKey;
+
+       pSharedKey = &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId];
+
+       // Prepare pair-wise key information into shared key table
+       NdisZeroMemory(pSharedKey, sizeof(CIPHER_KEY));
+       pSharedKey->KeyLen = LEN_TKIP_EK;
+       NdisMoveMemory(pSharedKey->Key, pAd->StaCfg.GTK, LEN_TKIP_EK);
+       NdisMoveMemory(pSharedKey->RxMic, &pAd->StaCfg.GTK[16], LEN_TKIP_RXMICK);
+       NdisMoveMemory(pSharedKey->TxMic, &pAd->StaCfg.GTK[24], LEN_TKIP_TXMICK);
+
+       // Update Shared Key CipherAlg
+       pSharedKey->CipherAlg = CIPHER_NONE;
+       if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
+               pSharedKey->CipherAlg = CIPHER_TKIP;
+       else if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)
+               pSharedKey->CipherAlg = CIPHER_AES;
+       else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP40Enabled)
+               pSharedKey->CipherAlg = CIPHER_WEP64;
+       else if (pAd->StaCfg.GroupCipher == Ndis802_11GroupWEP104Enabled)
+               pSharedKey->CipherAlg = CIPHER_WEP128;
+
+       // Update group key information to ASIC Shared Key Table
+       AsicAddSharedKeyEntry(pAd,
+                                                 BSS0,
+                                                 pAd->StaCfg.DefaultKeyId,
+                                                 pSharedKey->CipherAlg,
+                                                 pSharedKey->Key,
+                                                 pSharedKey->TxMic,
+                                                 pSharedKey->RxMic);
+
+       // Update ASIC WCID attribute table and IVEIV table
+       RTMPAddWcidAttributeEntry(pAd,
+                                                         BSS0,
+                                                         pAd->StaCfg.DefaultKeyId,
+                                                         pSharedKey->CipherAlg,
+                                                         NULL);
+
+}
diff --git a/drivers/staging/rt3090/sta_ioctl.c b/drivers/staging/rt3090/sta_ioctl.c
new file mode 100644 (file)
index 0000000..93efd7f
--- /dev/null
@@ -0,0 +1,7559 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+    sta_ioctl.c
+
+    Abstract:
+    IOCTL related subroutines
+
+    Revision History:
+    Who         When          What
+    --------    ----------    ----------------------------------------------
+    Rory Chen   01-03-2003    created
+       Rory Chen   02-14-2005    modify to support RT61
+*/
+
+#include       "rt_config.h"
+
+#ifdef DBG
+extern ULONG    RTDebugLevel;
+#endif
+
+#define NR_WEP_KEYS                            4
+#define WEP_SMALL_KEY_LEN                      (40/8)
+#define WEP_LARGE_KEY_LEN                      (104/8)
+
+#define GROUP_KEY_NO                4
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,27)
+#define IWE_STREAM_ADD_EVENT(_A, _B, _C, _D, _E)               iwe_stream_add_event(_A, _B, _C, _D, _E)
+#define IWE_STREAM_ADD_POINT(_A, _B, _C, _D, _E)               iwe_stream_add_point(_A, _B, _C, _D, _E)
+#define IWE_STREAM_ADD_VALUE(_A, _B, _C, _D, _E, _F)   iwe_stream_add_value(_A, _B, _C, _D, _E, _F)
+#else
+#define IWE_STREAM_ADD_EVENT(_A, _B, _C, _D, _E)               iwe_stream_add_event(_B, _C, _D, _E)
+#define IWE_STREAM_ADD_POINT(_A, _B, _C, _D, _E)               iwe_stream_add_point(_B, _C, _D, _E)
+#define IWE_STREAM_ADD_VALUE(_A, _B, _C, _D, _E, _F)   iwe_stream_add_value(_B, _C, _D, _E, _F)
+#endif
+
+extern UCHAR    CipherWpa2Template[];
+
+typedef struct PACKED _RT_VERSION_INFO{
+    UCHAR       DriverVersionW;
+    UCHAR       DriverVersionX;
+    UCHAR       DriverVersionY;
+    UCHAR       DriverVersionZ;
+    UINT        DriverBuildYear;
+    UINT        DriverBuildMonth;
+    UINT        DriverBuildDay;
+} RT_VERSION_INFO, *PRT_VERSION_INFO;
+
+struct iw_priv_args privtab[] = {
+{ RTPRIV_IOCTL_SET,
+  IW_PRIV_TYPE_CHAR | 1024, 0,
+  "set"},
+
+{ RTPRIV_IOCTL_SHOW, IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK,
+  ""},
+/* --- sub-ioctls definitions --- */
+    { SHOW_CONN_STATUS,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "connStatus" },
+       { SHOW_DRVIER_VERION,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "driverVer" },
+    { SHOW_BA_INFO,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "bainfo" },
+       { SHOW_DESC_INFO,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "descinfo" },
+    { RAIO_OFF,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "radio_off" },
+       { RAIO_ON,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "radio_on" },
+#ifdef QOS_DLS_SUPPORT
+       { SHOW_DLS_ENTRY_INFO,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "dlsentryinfo" },
+#endif // QOS_DLS_SUPPORT //
+       { SHOW_CFG_VALUE,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "show" },
+       { SHOW_ADHOC_ENTRY_INFO,
+         IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, "adhocEntry" },
+/* --- sub-ioctls relations --- */
+
+#ifdef DBG
+{ RTPRIV_IOCTL_BBP,
+  IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK,
+  "bbp"},
+{ RTPRIV_IOCTL_MAC,
+  IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | 1024,
+  "mac"},
+#ifdef RTMP_RF_RW_SUPPORT
+{ RTPRIV_IOCTL_RF,
+  IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK,
+  "rf"},
+#endif // RTMP_RF_RW_SUPPORT //
+{ RTPRIV_IOCTL_E2P,
+  IW_PRIV_TYPE_CHAR | 1024, IW_PRIV_TYPE_CHAR | 1024,
+  "e2p"},
+#endif  /* DBG */
+
+{ RTPRIV_IOCTL_STATISTICS,
+  0, IW_PRIV_TYPE_CHAR | IW_PRIV_SIZE_MASK,
+  "stat"},
+{ RTPRIV_IOCTL_GSITESURVEY,
+  0, IW_PRIV_TYPE_CHAR | 1024,
+  "get_site_survey"},
+
+
+};
+
+static __s32 ralinkrate[] =
+       {2,  4,   11,  22, // CCK
+       12, 18,   24,  36, 48, 72, 96, 108, // OFDM
+       13, 26,   39,  52,  78, 104, 117, 130, 26,  52,  78, 104, 156, 208, 234, 260, // 20MHz, 800ns GI, MCS: 0 ~ 15
+       39, 78,  117, 156, 234, 312, 351, 390,                                                                            // 20MHz, 800ns GI, MCS: 16 ~ 23
+       27, 54,   81, 108, 162, 216, 243, 270, 54, 108, 162, 216, 324, 432, 486, 540, // 40MHz, 800ns GI, MCS: 0 ~ 15
+       81, 162, 243, 324, 486, 648, 729, 810,                                                                            // 40MHz, 800ns GI, MCS: 16 ~ 23
+       14, 29,   43,  57,  87, 115, 130, 144, 29, 59,   87, 115, 173, 230, 260, 288, // 20MHz, 400ns GI, MCS: 0 ~ 15
+       43, 87,  130, 173, 260, 317, 390, 433,                                                                            // 20MHz, 400ns GI, MCS: 16 ~ 23
+       30, 60,   90, 120, 180, 240, 270, 300, 60, 120, 180, 240, 360, 480, 540, 600, // 40MHz, 400ns GI, MCS: 0 ~ 15
+       90, 180, 270, 360, 540, 720, 810, 900};
+
+
+
+INT Set_SSID_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+#ifdef WMM_SUPPORT
+INT    Set_WmmCapable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif
+
+INT Set_NetworkType_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_AuthMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_EncrypType_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_DefaultKeyID_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_Key1_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_Key2_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_Key3_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_Key4_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+INT Set_WPAPSK_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+
+INT Set_PSMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+#ifdef RT3090
+INT Set_PCIePSLevel_Proc(
+IN  PRTMP_ADAPTER   pAdapter,
+IN  PUCHAR          arg);
+#endif // RT3090 //
+#ifdef WPA_SUPPLICANT_SUPPORT
+INT Set_Wpa_Support(
+    IN PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef DBG
+
+VOID RTMPIoctlMAC(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq);
+
+VOID RTMPIoctlE2PROM(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  struct iwreq    *wrq);
+#endif // DBG //
+
+
+NDIS_STATUS RTMPWPANoneAddKeyProc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN PVOID                   pBuf);
+
+INT Set_FragTest_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+
+#ifdef DOT11_N_SUPPORT
+INT Set_TGnWifiTest_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING          arg);
+#endif // DOT11_N_SUPPORT //
+
+INT Set_LongRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg);
+
+INT Set_ShortRetryLimit_Proc(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      PSTRING                 arg);
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+INT Set_Ieee80211dClientMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg);
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+#ifdef CARRIER_DETECTION_SUPPORT
+INT Set_CarrierDetect_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING          arg);
+#endif // CARRIER_DETECTION_SUPPORT //
+
+INT    Show_Adhoc_MacTable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 extra);
+
+#ifdef RTMP_RF_RW_SUPPORT
+VOID RTMPIoctlRF(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq);
+#endif // RTMP_RF_RW_SUPPORT //
+
+
+INT Set_BeaconLostTime_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg);
+
+INT Set_AutoRoaming_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg);
+
+INT Set_SiteSurvey_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg);
+
+INT Set_ForceTxBurst_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg);
+
+#ifdef ANT_DIVERSITY_SUPPORT
+INT    Set_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  arg);
+#endif // ANT_DIVERSITY_SUPPORT //
+
+static struct {
+       PSTRING name;
+       INT (*set_proc)(PRTMP_ADAPTER pAdapter, PSTRING arg);
+} *PRTMP_PRIVATE_SET_PROC, RTMP_PRIVATE_SUPPORT_PROC[] = {
+       {"DriverVersion",                               Set_DriverVersion_Proc},
+       {"CountryRegion",                               Set_CountryRegion_Proc},
+       {"CountryRegionABand",                  Set_CountryRegionABand_Proc},
+       {"SSID",                                                Set_SSID_Proc},
+       {"WirelessMode",                                Set_WirelessMode_Proc},
+       {"TxBurst",                                     Set_TxBurst_Proc},
+       {"TxPreamble",                          Set_TxPreamble_Proc},
+       {"TxPower",                                     Set_TxPower_Proc},
+       {"Channel",                                     Set_Channel_Proc},
+       {"BGProtection",                                Set_BGProtection_Proc},
+       {"RTSThreshold",                                Set_RTSThreshold_Proc},
+       {"FragThreshold",                               Set_FragThreshold_Proc},
+#ifdef DOT11_N_SUPPORT
+       {"HtBw",                                Set_HtBw_Proc},
+       {"HtMcs",                               Set_HtMcs_Proc},
+       {"HtGi",                                Set_HtGi_Proc},
+       {"HtOpMode",                        Set_HtOpMode_Proc},
+       {"HtExtcha",                        Set_HtExtcha_Proc},
+       {"HtMpduDensity",                       Set_HtMpduDensity_Proc},
+       {"HtBaWinSize",                         Set_HtBaWinSize_Proc},
+       {"HtRdg",                                       Set_HtRdg_Proc},
+       {"HtAmsdu",                                     Set_HtAmsdu_Proc},
+       {"HtAutoBa",                            Set_HtAutoBa_Proc},
+       {"HtBaDecline",                                 Set_BADecline_Proc},
+       {"HtProtect",                           Set_HtProtect_Proc},
+       {"HtMimoPs",                            Set_HtMimoPs_Proc},
+       {"HtDisallowTKIP",                              Set_HtDisallowTKIP_Proc},
+#endif // DOT11_N_SUPPORT //
+
+#ifdef AGGREGATION_SUPPORT
+       {"PktAggregate",                                Set_PktAggregate_Proc},
+#endif // AGGREGATION_SUPPORT //
+
+#ifdef WMM_SUPPORT
+       {"WmmCapable",                                  Set_WmmCapable_Proc},
+#endif
+       {"IEEE80211H",                                  Set_IEEE80211H_Proc},
+    {"NetworkType",                 Set_NetworkType_Proc},
+       {"AuthMode",                                    Set_AuthMode_Proc},
+       {"EncrypType",                                  Set_EncrypType_Proc},
+       {"DefaultKeyID",                                Set_DefaultKeyID_Proc},
+       {"Key1",                                                Set_Key1_Proc},
+       {"Key2",                                                Set_Key2_Proc},
+       {"Key3",                                                Set_Key3_Proc},
+       {"Key4",                                                Set_Key4_Proc},
+       {"WPAPSK",                                              Set_WPAPSK_Proc},
+       {"ResetCounter",                                Set_ResetStatCounter_Proc},
+       {"PSMode",                      Set_PSMode_Proc},
+#ifdef DBG
+       {"Debug",                                               Set_Debug_Proc},
+#endif // DBG //
+
+#ifdef RALINK_ATE
+       {"ATE",                                                 Set_ATE_Proc},
+       {"ATEDA",                                               Set_ATE_DA_Proc},
+       {"ATESA",                                               Set_ATE_SA_Proc},
+       {"ATEBSSID",                                    Set_ATE_BSSID_Proc},
+       {"ATECHANNEL",                                  Set_ATE_CHANNEL_Proc},
+       {"ATETXPOW0",                                   Set_ATE_TX_POWER0_Proc},
+       {"ATETXPOW1",                                   Set_ATE_TX_POWER1_Proc},
+       {"ATETXANT",                                    Set_ATE_TX_Antenna_Proc},
+       {"ATERXANT",                                    Set_ATE_RX_Antenna_Proc},
+       {"ATETXFREQOFFSET",                             Set_ATE_TX_FREQOFFSET_Proc},
+       {"ATETXBW",                                             Set_ATE_TX_BW_Proc},
+       {"ATETXLEN",                                    Set_ATE_TX_LENGTH_Proc},
+       {"ATETXCNT",                                    Set_ATE_TX_COUNT_Proc},
+       {"ATETXMCS",                                    Set_ATE_TX_MCS_Proc},
+       {"ATETXMODE",                                   Set_ATE_TX_MODE_Proc},
+       {"ATETXGI",                                             Set_ATE_TX_GI_Proc},
+       {"ATERXFER",                                    Set_ATE_RX_FER_Proc},
+       {"ATERRF",                                              Set_ATE_Read_RF_Proc},
+       {"ATEWRF1",                                             Set_ATE_Write_RF1_Proc},
+       {"ATEWRF2",                                             Set_ATE_Write_RF2_Proc},
+       {"ATEWRF3",                                             Set_ATE_Write_RF3_Proc},
+       {"ATEWRF4",                                             Set_ATE_Write_RF4_Proc},
+       {"ATELDE2P",                                Set_ATE_Load_E2P_Proc},
+       {"ATERE2P",                                             Set_ATE_Read_E2P_Proc},
+       {"ATESHOW",                                             Set_ATE_Show_Proc},
+       {"ATEHELP",                                             Set_ATE_Help_Proc},
+
+#ifdef RALINK_28xx_QA
+       {"TxStop",                                              Set_TxStop_Proc},
+       {"RxStop",                                              Set_RxStop_Proc},
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+    {"WpaSupport",                  Set_Wpa_Support},
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+
+
+
+
+       {"FixedTxMode",                 Set_FixedTxMode_Proc},
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+       {"OpMode",                                              Set_OpMode_Proc},
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+#ifdef DOT11_N_SUPPORT
+    {"TGnWifiTest",                 Set_TGnWifiTest_Proc},
+    {"ForceGF",                                        Set_ForceGF_Proc},
+#endif // DOT11_N_SUPPORT //
+#ifdef QOS_DLS_SUPPORT
+       {"DlsAddEntry",                                 Set_DlsAddEntry_Proc},
+       {"DlsTearDownEntry",                    Set_DlsTearDownEntry_Proc},
+#endif // QOS_DLS_SUPPORT //
+       {"LongRetry",                           Set_LongRetryLimit_Proc},
+       {"ShortRetry",                          Set_ShortRetryLimit_Proc},
+#ifdef EXT_BUILD_CHANNEL_LIST
+       {"11dClientMode",                               Set_Ieee80211dClientMode_Proc},
+#endif // EXT_BUILD_CHANNEL_LIST //
+#ifdef CARRIER_DETECTION_SUPPORT
+       {"CarrierDetect",                               Set_CarrierDetect_Proc},
+#endif // CARRIER_DETECTION_SUPPORT //
+
+
+//2008/09/11:KH add to support efuse<--
+#ifdef RT30xx
+#ifdef RTMP_EFUSE_SUPPORT
+       {"efuseFreeNumber",                             set_eFuseGetFreeBlockCount_Proc},
+       {"efuseDump",                                   set_eFusedump_Proc},
+       {"efuseLoadFromBin",                            set_eFuseLoadFromBin_Proc},
+       {"efuseBufferModeWriteBack",            set_eFuseBufferModeWriteBack_Proc},
+#endif // RTMP_EFUSE_SUPPORT //
+#ifdef ANT_DIVERSITY_SUPPORT
+       {"ant",                                 Set_Antenna_Proc},
+#endif // ANT_DIVERSITY_SUPPORT //
+#endif // RT30xx //
+//2008/09/11:KH add to support efuse-->
+
+       {"BeaconLostTime",                              Set_BeaconLostTime_Proc},
+       {"AutoRoaming",                                 Set_AutoRoaming_Proc},
+       {"SiteSurvey",                                  Set_SiteSurvey_Proc},
+       {"ForceTxBurst",                                Set_ForceTxBurst_Proc},
+
+       {NULL,}
+};
+
+
+VOID RTMPAddKey(
+       IN      PRTMP_ADAPTER       pAd,
+       IN      PNDIS_802_11_KEY    pKey)
+{
+       ULONG                           KeyIdx;
+       MAC_TABLE_ENTRY         *pEntry;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("RTMPAddKey ------>\n"));
+
+       if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+       {
+               if (pKey->KeyIndex & 0x80000000)
+               {
+                   if (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+            {
+                NdisZeroMemory(pAd->StaCfg.PMK, 32);
+                NdisMoveMemory(pAd->StaCfg.PMK, pKey->KeyMaterial, pKey->KeyLength);
+                goto end;
+            }
+                   // Update PTK
+                   NdisZeroMemory(&pAd->SharedKey[BSS0][0], sizeof(CIPHER_KEY));
+            pAd->SharedKey[BSS0][0].KeyLen = LEN_TKIP_EK;
+            NdisMoveMemory(pAd->SharedKey[BSS0][0].Key, pKey->KeyMaterial, LEN_TKIP_EK);
+#ifdef WPA_SUPPLICANT_SUPPORT
+            if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+            {
+                NdisMoveMemory(pAd->SharedKey[BSS0][0].RxMic, pKey->KeyMaterial + LEN_TKIP_EK, LEN_TKIP_TXMICK);
+                NdisMoveMemory(pAd->SharedKey[BSS0][0].TxMic, pKey->KeyMaterial + LEN_TKIP_EK + LEN_TKIP_TXMICK, LEN_TKIP_RXMICK);
+            }
+            else
+#endif // WPA_SUPPLICANT_SUPPORT //
+            {
+               NdisMoveMemory(pAd->SharedKey[BSS0][0].TxMic, pKey->KeyMaterial + LEN_TKIP_EK, LEN_TKIP_TXMICK);
+                NdisMoveMemory(pAd->SharedKey[BSS0][0].RxMic, pKey->KeyMaterial + LEN_TKIP_EK + LEN_TKIP_TXMICK, LEN_TKIP_RXMICK);
+            }
+
+            // Decide its ChiperAlg
+               if (pAd->StaCfg.PairCipher == Ndis802_11Encryption2Enabled)
+                       pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_TKIP;
+               else if (pAd->StaCfg.PairCipher == Ndis802_11Encryption3Enabled)
+                       pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_AES;
+               else
+                       pAd->SharedKey[BSS0][0].CipherAlg = CIPHER_NONE;
+
+            // Update these related information to MAC_TABLE_ENTRY
+               pEntry = &pAd->MacTab.Content[BSSID_WCID];
+            NdisMoveMemory(pEntry->PairwiseKey.Key, pAd->SharedKey[BSS0][0].Key, LEN_TKIP_EK);
+               NdisMoveMemory(pEntry->PairwiseKey.RxMic, pAd->SharedKey[BSS0][0].RxMic, LEN_TKIP_RXMICK);
+               NdisMoveMemory(pEntry->PairwiseKey.TxMic, pAd->SharedKey[BSS0][0].TxMic, LEN_TKIP_TXMICK);
+               pEntry->PairwiseKey.CipherAlg = pAd->SharedKey[BSS0][0].CipherAlg;
+
+               // Update pairwise key information to ASIC Shared Key Table
+               AsicAddSharedKeyEntry(pAd,
+                                                         BSS0,
+                                                         0,
+                                                         pAd->SharedKey[BSS0][0].CipherAlg,
+                                                         pAd->SharedKey[BSS0][0].Key,
+                                                         pAd->SharedKey[BSS0][0].TxMic,
+                                                         pAd->SharedKey[BSS0][0].RxMic);
+
+               // Update ASIC WCID attribute table and IVEIV table
+               RTMPAddWcidAttributeEntry(pAd,
+                                                                 BSS0,
+                                                                 0,
+                                                                 pAd->SharedKey[BSS0][0].CipherAlg,
+                                                                 pEntry);
+
+            if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA2)
+            {
+                // set 802.1x port control
+                   //pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                               STA_PORT_SECURED(pAd);
+
+                // Indicate Connected for GUI
+                pAd->IndicateMediaState = NdisMediaStateConnected;
+            }
+               }
+        else
+        {
+            // Update GTK
+            pAd->StaCfg.DefaultKeyId = (pKey->KeyIndex & 0xFF);
+            NdisZeroMemory(&pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId], sizeof(CIPHER_KEY));
+            pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen = LEN_TKIP_EK;
+            NdisMoveMemory(pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key, pKey->KeyMaterial, LEN_TKIP_EK);
+#ifdef WPA_SUPPLICANT_SUPPORT
+            if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
+            {
+                NdisMoveMemory(pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].RxMic, pKey->KeyMaterial + LEN_TKIP_EK, LEN_TKIP_TXMICK);
+                NdisMoveMemory(pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].TxMic, pKey->KeyMaterial + LEN_TKIP_EK + LEN_TKIP_TXMICK, LEN_TKIP_RXMICK);
+            }
+            else
+#endif // WPA_SUPPLICANT_SUPPORT //
+            {
+               NdisMoveMemory(pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].TxMic, pKey->KeyMaterial + LEN_TKIP_EK, LEN_TKIP_TXMICK);
+                NdisMoveMemory(pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].RxMic, pKey->KeyMaterial + LEN_TKIP_EK + LEN_TKIP_TXMICK, LEN_TKIP_RXMICK);
+            }
+
+            // Update Shared Key CipherAlg
+               pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg = CIPHER_NONE;
+               if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption2Enabled)
+                       pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg = CIPHER_TKIP;
+               else if (pAd->StaCfg.GroupCipher == Ndis802_11Encryption3Enabled)
+                       pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg = CIPHER_AES;
+
+            // Update group key information to ASIC Shared Key Table
+               AsicAddSharedKeyEntry(pAd,
+                                                         BSS0,
+                                                         pAd->StaCfg.DefaultKeyId,
+                                                         pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg,
+                                                         pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key,
+                                                         pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].TxMic,
+                                                         pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].RxMic);
+
+               // Update ASIC WCID attribute table and IVEIV table
+               RTMPAddWcidAttributeEntry(pAd,
+                                                                 BSS0,
+                                                                 pAd->StaCfg.DefaultKeyId,
+                                                                 pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].CipherAlg,
+                                                                 NULL);
+
+            // set 802.1x port control
+               //pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                       STA_PORT_SECURED(pAd);
+
+            // Indicate Connected for GUI
+            pAd->IndicateMediaState = NdisMediaStateConnected;
+        }
+       }
+       else    // dynamic WEP from wpa_supplicant
+       {
+               UCHAR   CipherAlg;
+       PUCHAR  Key;
+
+               if(pKey->KeyLength == 32)
+                       goto end;
+
+               KeyIdx = pKey->KeyIndex & 0x0fffffff;
+
+               if (KeyIdx < 4)
+               {
+                       // it is a default shared key, for Pairwise key setting
+                       if (pKey->KeyIndex & 0x80000000)
+                       {
+                               pEntry = MacTableLookup(pAd, pKey->BSSID);
+
+                               if (pEntry)
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("RTMPAddKey: Set Pair-wise Key\n"));
+
+                                       // set key material and key length
+                                       pEntry->PairwiseKey.KeyLen = (UCHAR)pKey->KeyLength;
+                                       NdisMoveMemory(pEntry->PairwiseKey.Key, &pKey->KeyMaterial, pKey->KeyLength);
+
+                                       // set Cipher type
+                                       if (pKey->KeyLength == 5)
+                                               pEntry->PairwiseKey.CipherAlg = CIPHER_WEP64;
+                                       else
+                                               pEntry->PairwiseKey.CipherAlg = CIPHER_WEP128;
+
+                                       // Add Pair-wise key to Asic
+                                       AsicAddPairwiseKeyEntry(
+                                               pAd,
+                                               pEntry->Addr,
+                                               (UCHAR)pEntry->Aid,
+                               &pEntry->PairwiseKey);
+
+                                       // update WCID attribute table and IVEIV table for this entry
+                                       RTMPAddWcidAttributeEntry(
+                                               pAd,
+                                               BSS0,
+                                               KeyIdx, // The value may be not zero
+                                               pEntry->PairwiseKey.CipherAlg,
+                                               pEntry);
+
+                               }
+                       }
+                       else
+            {
+                               // Default key for tx (shared key)
+                               pAd->StaCfg.DefaultKeyId = (UCHAR) KeyIdx;
+
+                               // set key material and key length
+                               pAd->SharedKey[BSS0][KeyIdx].KeyLen = (UCHAR) pKey->KeyLength;
+                               NdisMoveMemory(pAd->SharedKey[BSS0][KeyIdx].Key, &pKey->KeyMaterial, pKey->KeyLength);
+
+                               // Set Ciper type
+                               if (pKey->KeyLength == 5)
+                                       pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CIPHER_WEP64;
+                               else
+                                       pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CIPHER_WEP128;
+
+                       CipherAlg = pAd->SharedKey[BSS0][KeyIdx].CipherAlg;
+                       Key = pAd->SharedKey[BSS0][KeyIdx].Key;
+
+                               // Set Group key material to Asic
+                       AsicAddSharedKeyEntry(pAd, BSS0, KeyIdx, CipherAlg, Key, NULL, NULL);
+
+                               // Update WCID attribute table and IVEIV table for this group key table
+                               RTMPAddWcidAttributeEntry(pAd, BSS0, KeyIdx, CipherAlg, NULL);
+
+                       }
+               }
+       }
+end:
+       return;
+}
+
+char * rtstrchr(const char * s, int c)
+{
+    for(; *s != (char) c; ++s)
+        if (*s == '\0')
+            return NULL;
+    return (char *) s;
+}
+
+/*
+This is required for LinEX2004/kernel2.6.7 to provide iwlist scanning function
+*/
+
+int
+rt_ioctl_giwname(struct net_device *dev,
+                  struct iw_request_info *info,
+                  char *name, char *extra)
+{
+
+#ifdef RTMP_MAC_PCI
+    strncpy(name, "RT2860 Wireless", IFNAMSIZ);
+#endif // RTMP_MAC_PCI //
+       return 0;
+}
+
+int rt_ioctl_siwfreq(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_freq *freq, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       int     chan = -1;
+
+    //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+        return -ENETDOWN;
+    }
+
+
+       if (freq->e > 1)
+               return -EINVAL;
+
+       if((freq->e == 0) && (freq->m <= 1000))
+               chan = freq->m; // Setting by channel number
+       else
+               MAP_KHZ_TO_CHANNEL_ID( (freq->m /100) , chan); // Setting by frequency - search the table , like 2.412G, 2.422G,
+
+    if (ChannelSanity(pAdapter, chan) == TRUE)
+    {
+       pAdapter->CommonCfg.Channel = chan;
+       DBGPRINT(RT_DEBUG_ERROR, ("==>rt_ioctl_siwfreq::SIOCSIWFREQ[cmd=0x%x] (Channel=%d)\n", SIOCSIWFREQ, pAdapter->CommonCfg.Channel));
+    }
+    else
+        return -EINVAL;
+
+       return 0;
+}
+
+
+int rt_ioctl_giwfreq(struct net_device *dev,
+                  struct iw_request_info *info,
+                  struct iw_freq *freq, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = NULL;
+       UCHAR ch;
+       ULONG   m = 2412000;
+
+       pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+               ch = pAdapter->CommonCfg.Channel;
+
+       DBGPRINT(RT_DEBUG_TRACE,("==>rt_ioctl_giwfreq  %d\n", ch));
+
+       MAP_CHANNEL_ID_TO_KHZ(ch, m);
+       freq->m = m * 100;
+       freq->e = 1;
+       return 0;
+}
+
+
+int rt_ioctl_siwmode(struct net_device *dev,
+                  struct iw_request_info *info,
+                  __u32 *mode, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+       DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+    }
+
+       switch (*mode)
+       {
+               case IW_MODE_ADHOC:
+                       Set_NetworkType_Proc(pAdapter, "Adhoc");
+                       break;
+               case IW_MODE_INFRA:
+                       Set_NetworkType_Proc(pAdapter, "Infra");
+                       break;
+#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,4,20))
+        case IW_MODE_MONITOR:
+                       Set_NetworkType_Proc(pAdapter, "Monitor");
+                       break;
+#endif
+               default:
+                       DBGPRINT(RT_DEBUG_TRACE, ("===>rt_ioctl_siwmode::SIOCSIWMODE (unknown %d)\n", *mode));
+                       return -EINVAL;
+       }
+
+       // Reset Ralink supplicant to not use, it will be set to start when UI set PMK key
+       pAdapter->StaCfg.WpaState = SS_NOTUSE;
+
+       return 0;
+}
+
+
+int rt_ioctl_giwmode(struct net_device *dev,
+                  struct iw_request_info *info,
+                  __u32 *mode, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       if (ADHOC_ON(pAdapter))
+               *mode = IW_MODE_ADHOC;
+    else if (INFRA_ON(pAdapter))
+               *mode = IW_MODE_INFRA;
+#if (LINUX_VERSION_CODE > KERNEL_VERSION(2,4,20))
+    else if (MONITOR_ON(pAdapter))
+    {
+        *mode = IW_MODE_MONITOR;
+    }
+#endif
+    else
+        *mode = IW_MODE_AUTO;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("==>rt_ioctl_giwmode(mode=%d)\n", *mode));
+       return 0;
+}
+
+int rt_ioctl_siwsens(struct net_device *dev,
+                  struct iw_request_info *info,
+                  char *name, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       return 0;
+}
+
+int rt_ioctl_giwsens(struct net_device *dev,
+                  struct iw_request_info *info,
+                  char *name, char *extra)
+{
+       return 0;
+}
+
+int rt_ioctl_giwrange(struct net_device *dev,
+                  struct iw_request_info *info,
+                  struct iw_point *data, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_range *range = (struct iw_range *) extra;
+       u16 val;
+       int i;
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE ,("===>rt_ioctl_giwrange\n"));
+       data->length = sizeof(struct iw_range);
+       memset(range, 0, sizeof(struct iw_range));
+
+       range->txpower_capa = IW_TXPOW_DBM;
+
+       if (INFRA_ON(pAdapter)||ADHOC_ON(pAdapter))
+       {
+               range->min_pmp = 1 * 1024;
+               range->max_pmp = 65535 * 1024;
+               range->min_pmt = 1 * 1024;
+               range->max_pmt = 1000 * 1024;
+               range->pmp_flags = IW_POWER_PERIOD;
+               range->pmt_flags = IW_POWER_TIMEOUT;
+               range->pm_capa = IW_POWER_PERIOD | IW_POWER_TIMEOUT |
+                       IW_POWER_UNICAST_R | IW_POWER_ALL_R;
+       }
+
+       range->we_version_compiled = WIRELESS_EXT;
+       range->we_version_source = 14;
+
+       range->retry_capa = IW_RETRY_LIMIT;
+       range->retry_flags = IW_RETRY_LIMIT;
+       range->min_retry = 0;
+       range->max_retry = 255;
+
+       range->num_channels =  pAdapter->ChannelListNum;
+
+       val = 0;
+       for (i = 1; i <= range->num_channels; i++)
+       {
+               u32 m = 2412000;
+               range->freq[val].i = pAdapter->ChannelList[i-1].Channel;
+               MAP_CHANNEL_ID_TO_KHZ(pAdapter->ChannelList[i-1].Channel, m);
+               range->freq[val].m = m * 100; /* OS_HZ */
+
+               range->freq[val].e = 1;
+               val++;
+               if (val == IW_MAX_FREQUENCIES)
+                       break;
+       }
+       range->num_frequency = val;
+
+       range->max_qual.qual = 100; /* what is correct max? This was not
+                                       * documented exactly. At least
+                                       * 69 has been observed. */
+       range->max_qual.level = 0; /* dB */
+       range->max_qual.noise = 0; /* dB */
+
+       /* What would be suitable values for "average/typical" qual? */
+       range->avg_qual.qual = 20;
+       range->avg_qual.level = -60;
+       range->avg_qual.noise = -95;
+       range->sensitivity = 3;
+
+       range->max_encoding_tokens = NR_WEP_KEYS;
+       range->num_encoding_sizes = 2;
+       range->encoding_size[0] = 5;
+       range->encoding_size[1] = 13;
+
+       range->min_rts = 0;
+       range->max_rts = 2347;
+       range->min_frag = 256;
+       range->max_frag = 2346;
+
+#if WIRELESS_EXT > 17
+       /* IW_ENC_CAPA_* bit field */
+       range->enc_capa = IW_ENC_CAPA_WPA | IW_ENC_CAPA_WPA2 |
+                                       IW_ENC_CAPA_CIPHER_TKIP | IW_ENC_CAPA_CIPHER_CCMP;
+#endif
+
+       return 0;
+}
+
+int rt_ioctl_siwap(struct net_device *dev,
+                     struct iw_request_info *info,
+                     struct sockaddr *ap_addr, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+    NDIS_802_11_MAC_ADDRESS Bssid;
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+       DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+    }
+
+       if (pAdapter->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+    {
+        RTMP_MLME_RESET_STATE_MACHINE(pAdapter);
+        DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+    }
+
+    // tell CNTL state machine to call NdisMSetInformationComplete() after completing
+    // this request, because this request is initiated by NDIS.
+    pAdapter->MlmeAux.CurrReqIsFromNdis = FALSE;
+       // Prevent to connect AP again in STAMlmePeriodicExec
+       pAdapter->MlmeAux.AutoReconnectSsidLen= 32;
+
+    memset(Bssid, 0, MAC_ADDR_LEN);
+    memcpy(Bssid, ap_addr->sa_data, MAC_ADDR_LEN);
+    MlmeEnqueue(pAdapter,
+                MLME_CNTL_STATE_MACHINE,
+                OID_802_11_BSSID,
+                sizeof(NDIS_802_11_MAC_ADDRESS),
+                (VOID *)&Bssid);
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IOCTL::SIOCSIWAP %02x:%02x:%02x:%02x:%02x:%02x\n",
+        Bssid[0], Bssid[1], Bssid[2], Bssid[3], Bssid[4], Bssid[5]));
+
+       return 0;
+}
+
+int rt_ioctl_giwap(struct net_device *dev,
+                     struct iw_request_info *info,
+                     struct sockaddr *ap_addr, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       if (INFRA_ON(pAdapter) || ADHOC_ON(pAdapter))
+       {
+               ap_addr->sa_family = ARPHRD_ETHER;
+               memcpy(ap_addr->sa_data, &pAdapter->CommonCfg.Bssid, ETH_ALEN);
+       }
+#ifdef WPA_SUPPLICANT_SUPPORT
+    // Add for RT2870
+    else if (pAdapter->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE)
+    {
+        ap_addr->sa_family = ARPHRD_ETHER;
+        memcpy(ap_addr->sa_data, &pAdapter->MlmeAux.Bssid, ETH_ALEN);
+    }
+#endif // WPA_SUPPLICANT_SUPPORT //
+       else
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("IOCTL::SIOCGIWAP(=EMPTY)\n"));
+               return -ENOTCONN;
+       }
+
+       return 0;
+}
+
+/*
+ * Units are in db above the noise floor. That means the
+ * rssi values reported in the tx/rx descriptors in the
+ * driver are the SNR expressed in db.
+ *
+ * If you assume that the noise floor is -95, which is an
+ * excellent assumption 99.5 % of the time, then you can
+ * derive the absolute signal level (i.e. -95 + rssi).
+ * There are some other slight factors to take into account
+ * depending on whether the rssi measurement is from 11b,
+ * 11g, or 11a.   These differences are at most 2db and
+ * can be documented.
+ *
+ * NB: various calculations are based on the orinoco/wavelan
+ *     drivers for compatibility
+ */
+static void set_quality(PRTMP_ADAPTER pAdapter,
+                        struct iw_quality *iq,
+                        signed char rssi)
+{
+       __u8 ChannelQuality;
+
+       // Normalize Rssi
+       if (rssi >= -50)
+        ChannelQuality = 100;
+       else if (rssi >= -80) // between -50 ~ -80dbm
+               ChannelQuality = (__u8)(24 + ((rssi + 80) * 26)/10);
+       else if (rssi >= -90)   // between -80 ~ -90dbm
+        ChannelQuality = (__u8)((rssi + 90) * 26)/10;
+       else
+               ChannelQuality = 0;
+
+    iq->qual = (__u8)ChannelQuality;
+
+    iq->level = (__u8)(rssi);
+    iq->noise = (pAdapter->BbpWriteLatch[66] > pAdapter->BbpTuning.FalseCcaUpperThreshold) ? ((__u8)pAdapter->BbpTuning.FalseCcaUpperThreshold) : ((__u8) pAdapter->BbpWriteLatch[66]);                // noise level (dBm)
+    iq->noise += 256 - 143;
+    iq->updated = pAdapter->iw_stats.qual.updated;
+}
+
+int rt_ioctl_iwaplist(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_point *data, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       struct sockaddr addr[IW_MAX_AP];
+       struct iw_quality qual[IW_MAX_AP];
+       int i;
+
+       //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+       DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               data->length = 0;
+               return 0;
+        //return -ENETDOWN;
+       }
+
+       for (i = 0; i <IW_MAX_AP ; i++)
+       {
+               if (i >=  pAdapter->ScanTab.BssNr)
+                       break;
+               addr[i].sa_family = ARPHRD_ETHER;
+                       memcpy(addr[i].sa_data, &pAdapter->ScanTab.BssEntry[i].Bssid, MAC_ADDR_LEN);
+               set_quality(pAdapter, &qual[i], pAdapter->ScanTab.BssEntry[i].Rssi);
+       }
+       data->length = i;
+       memcpy(extra, &addr, i*sizeof(addr[0]));
+       data->flags = 1;                /* signal quality present (sort of) */
+       memcpy(extra + i*sizeof(addr[0]), &qual, i*sizeof(qual[i]));
+
+       return 0;
+}
+
+#ifdef SIOCGIWSCAN
+int rt_ioctl_siwscan(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_point *data, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       ULONG                                                           Now;
+       int Status = NDIS_STATUS_SUCCESS;
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       if (MONITOR_ON(pAdapter))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("!!! Driver is in Monitor Mode now !!!\n"));
+        return -EINVAL;
+    }
+
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+       if (pAdapter->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_ENABLE)
+       {
+               pAdapter->StaCfg.WpaSupplicantScanCount++;
+       }
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+    pAdapter->StaCfg.bScanReqIsFromWebUI = TRUE;
+       if (RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+               return NDIS_STATUS_SUCCESS;
+       do{
+               Now = jiffies;
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+               if ((pAdapter->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_ENABLE) &&
+                       (pAdapter->StaCfg.WpaSupplicantScanCount > 3))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!! WpaSupplicantScanCount > 3\n"));
+                       Status = NDIS_STATUS_SUCCESS;
+                       break;
+               }
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+               if ((OPSTATUS_TEST_FLAG(pAdapter, fOP_STATUS_MEDIA_STATE_CONNECTED)) &&
+                       ((pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+                       (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK)) &&
+                       (pAdapter->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!! Link UP, Port Not Secured! ignore this set::OID_802_11_BSSID_LIST_SCAN\n"));
+                       Status = NDIS_STATUS_SUCCESS;
+                       break;
+               }
+
+               if (pAdapter->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+               {
+                       RTMP_MLME_RESET_STATE_MACHINE(pAdapter);
+                       DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+               }
+
+               // tell CNTL state machine to call NdisMSetInformationComplete() after completing
+               // this request, because this request is initiated by NDIS.
+               pAdapter->MlmeAux.CurrReqIsFromNdis = FALSE;
+               // Reset allowed scan retries
+               pAdapter->StaCfg.ScanCnt = 0;
+               pAdapter->StaCfg.LastScanTime = Now;
+
+               MlmeEnqueue(pAdapter,
+                       MLME_CNTL_STATE_MACHINE,
+                       OID_802_11_BSSID_LIST_SCAN,
+                       0,
+                       NULL);
+
+               Status = NDIS_STATUS_SUCCESS;
+               RTMP_MLME_HANDLER(pAdapter);
+       }while(0);
+       return NDIS_STATUS_SUCCESS;
+}
+
+int rt_ioctl_giwscan(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_point *data, char *extra)
+{
+
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       int i=0;
+       PSTRING current_ev = extra, previous_ev = extra;
+       PSTRING end_buf;
+       PSTRING current_val;
+       STRING custom[MAX_CUSTOM_LEN] = {0};
+#ifndef IWEVGENIE
+       unsigned char idx;
+#endif // IWEVGENIE //
+       struct iw_event iwe;
+
+       if (RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+    {
+               /*
+                * Still scanning, indicate the caller should try again.
+                */
+               return -EAGAIN;
+       }
+
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+       if (pAdapter->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_ENABLE)
+       {
+               pAdapter->StaCfg.WpaSupplicantScanCount = 0;
+       }
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+       if (pAdapter->ScanTab.BssNr == 0)
+       {
+               data->length = 0;
+               return 0;
+       }
+
+#if WIRELESS_EXT >= 17
+    if (data->length > 0)
+        end_buf = extra + data->length;
+    else
+        end_buf = extra + IW_SCAN_MAX_DATA;
+#else
+    end_buf = extra + IW_SCAN_MAX_DATA;
+#endif
+
+       for (i = 0; i < pAdapter->ScanTab.BssNr; i++)
+       {
+               if (current_ev >= end_buf)
+        {
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+        }
+
+               //MAC address
+               //================================
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWAP;
+               iwe.u.ap_addr.sa_family = ARPHRD_ETHER;
+                               memcpy(iwe.u.ap_addr.sa_data, &pAdapter->ScanTab.BssEntry[i].Bssid, ETH_ALEN);
+
+        previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_EVENT(info, current_ev,end_buf, &iwe, IW_EV_ADDR_LEN);
+        if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+               /*
+               Protocol:
+                       it will show scanned AP's WirelessMode .
+                       it might be
+                                       802.11a
+                                       802.11a/n
+                                       802.11g/n
+                                       802.11b/g/n
+                                       802.11g
+                                       802.11b/g
+               */
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWNAME;
+
+
+       {
+               PBSS_ENTRY pBssEntry=&pAdapter->ScanTab.BssEntry[i];
+               BOOLEAN isGonly=FALSE;
+               int rateCnt=0;
+
+               if (pBssEntry->Channel>14)
+               {
+                       if (pBssEntry->HtCapabilityLen!=0)
+                               strcpy(iwe.u.name,"802.11a/n");
+                       else
+                               strcpy(iwe.u.name,"802.11a");
+               }
+               else
+               {
+                       /*
+                               if one of non B mode rate is set supported rate . it mean G only.
+                       */
+                       for (rateCnt=0;rateCnt<pBssEntry->SupRateLen;rateCnt++)
+                       {
+                               /*
+                                       6Mbps(140) 9Mbps(146) and >=12Mbps(152) are supported rate , it mean G only.
+                               */
+                               if (pBssEntry->SupRate[rateCnt]==140 || pBssEntry->SupRate[rateCnt]==146 || pBssEntry->SupRate[rateCnt]>=152)
+                                       isGonly=TRUE;
+                       }
+
+                       for (rateCnt=0;rateCnt<pBssEntry->ExtRateLen;rateCnt++)
+                       {
+                               if (pBssEntry->ExtRate[rateCnt]==140 || pBssEntry->ExtRate[rateCnt]==146 || pBssEntry->ExtRate[rateCnt]>=152)
+                                       isGonly=TRUE;
+                       }
+
+
+                       if (pBssEntry->HtCapabilityLen!=0)
+                       {
+                               if (isGonly==TRUE)
+                                       strcpy(iwe.u.name,"802.11g/n");
+                               else
+                                       strcpy(iwe.u.name,"802.11b/g/n");
+                       }
+                       else
+                       {
+                               if (isGonly==TRUE)
+                                       strcpy(iwe.u.name,"802.11g");
+                               else
+                               {
+                                       if (pBssEntry->SupRateLen==4 && pBssEntry->ExtRateLen==0)
+                                               strcpy(iwe.u.name,"802.11b");
+                                       else
+                                               strcpy(iwe.u.name,"802.11b/g");
+                               }
+                       }
+               }
+       }
+
+               previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_EVENT(info, current_ev,end_buf, &iwe, IW_EV_ADDR_LEN);
+               if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+                       return -E2BIG;
+#else
+                       break;
+#endif
+
+               //ESSID
+               //================================
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWESSID;
+               iwe.u.data.length = pAdapter->ScanTab.BssEntry[i].SsidLen;
+               iwe.u.data.flags = 1;
+
+        previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_POINT(info, current_ev,end_buf, &iwe, (PSTRING) pAdapter->ScanTab.BssEntry[i].Ssid);
+        if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+               //Network Type
+               //================================
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWMODE;
+               if (pAdapter->ScanTab.BssEntry[i].BssType == Ndis802_11IBSS)
+               {
+                       iwe.u.mode = IW_MODE_ADHOC;
+               }
+               else if (pAdapter->ScanTab.BssEntry[i].BssType == Ndis802_11Infrastructure)
+               {
+                       iwe.u.mode = IW_MODE_INFRA;
+               }
+               else
+               {
+                       iwe.u.mode = IW_MODE_AUTO;
+               }
+               iwe.len = IW_EV_UINT_LEN;
+
+        previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_EVENT(info, current_ev, end_buf, &iwe,  IW_EV_UINT_LEN);
+        if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+               //Channel and Frequency
+               //================================
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWFREQ;
+               if (INFRA_ON(pAdapter) || ADHOC_ON(pAdapter))
+                       iwe.u.freq.m = pAdapter->ScanTab.BssEntry[i].Channel;
+               else
+                       iwe.u.freq.m = pAdapter->ScanTab.BssEntry[i].Channel;
+               iwe.u.freq.e = 0;
+               iwe.u.freq.i = 0;
+
+               previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_EVENT(info, current_ev,end_buf, &iwe, IW_EV_FREQ_LEN);
+        if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+        //Add quality statistics
+        //================================
+        memset(&iwe, 0, sizeof(iwe));
+       iwe.cmd = IWEVQUAL;
+       iwe.u.qual.level = 0;
+       iwe.u.qual.noise = 0;
+       set_quality(pAdapter, &iwe.u.qual, pAdapter->ScanTab.BssEntry[i].Rssi);
+       current_ev = IWE_STREAM_ADD_EVENT(info, current_ev, end_buf, &iwe, IW_EV_QUAL_LEN);
+       if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+               //Encyption key
+               //================================
+               memset(&iwe, 0, sizeof(iwe));
+               iwe.cmd = SIOCGIWENCODE;
+               if (CAP_IS_PRIVACY_ON (pAdapter->ScanTab.BssEntry[i].CapabilityInfo ))
+                       iwe.u.data.flags =IW_ENCODE_ENABLED | IW_ENCODE_NOKEY;
+               else
+                       iwe.u.data.flags = IW_ENCODE_DISABLED;
+
+        previous_ev = current_ev;
+        current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf,&iwe, (char *)pAdapter->SharedKey[BSS0][(iwe.u.data.flags & IW_ENCODE_INDEX)-1].Key);
+        if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+            return -E2BIG;
+#else
+                       break;
+#endif
+
+               //Bit Rate
+               //================================
+               if (pAdapter->ScanTab.BssEntry[i].SupRateLen)
+        {
+            UCHAR tmpRate = pAdapter->ScanTab.BssEntry[i].SupRate[pAdapter->ScanTab.BssEntry[i].SupRateLen-1];
+                       memset(&iwe, 0, sizeof(iwe));
+                       iwe.cmd = SIOCGIWRATE;
+               current_val = current_ev + IW_EV_LCP_LEN;
+            if (tmpRate == 0x82)
+                iwe.u.bitrate.value =  1 * 1000000;
+            else if (tmpRate == 0x84)
+                iwe.u.bitrate.value =  2 * 1000000;
+            else if (tmpRate == 0x8B)
+                iwe.u.bitrate.value =  5.5 * 1000000;
+            else if (tmpRate == 0x96)
+                iwe.u.bitrate.value =  11 * 1000000;
+            else
+                   iwe.u.bitrate.value =  (tmpRate/2) * 1000000;
+
+                       if (tmpRate == 0x6c && pAdapter->ScanTab.BssEntry[i].HtCapabilityLen > 0)
+                       {
+                               int rate_count = sizeof(ralinkrate)/sizeof(__s32);
+                               HT_CAP_INFO capInfo = pAdapter->ScanTab.BssEntry[i].HtCapability.HtCapInfo;
+                               int shortGI = capInfo.ChannelWidth ? capInfo.ShortGIfor40 : capInfo.ShortGIfor20;
+                               int maxMCS = pAdapter->ScanTab.BssEntry[i].HtCapability.MCSSet[1] ?  15 : 7;
+                               int rate_index = 12 + ((UCHAR)capInfo.ChannelWidth * 24) + ((UCHAR)shortGI *48) + ((UCHAR)maxMCS);
+                               if (rate_index < 0)
+                                       rate_index = 0;
+                               if (rate_index > rate_count)
+                                       rate_index = rate_count;
+                               iwe.u.bitrate.value     =  ralinkrate[rate_index] * 500000;
+                       }
+
+                       iwe.u.bitrate.disabled = 0;
+                       current_val = IWE_STREAM_ADD_VALUE(info, current_ev,
+                               current_val, end_buf, &iwe,
+                       IW_EV_PARAM_LEN);
+
+               if((current_val-current_ev)>IW_EV_LCP_LEN)
+               current_ev = current_val;
+               else
+#if WIRELESS_EXT >= 17
+                return -E2BIG;
+#else
+                           break;
+#endif
+        }
+
+#ifdef IWEVGENIE
+        //WPA IE
+               if (pAdapter->ScanTab.BssEntry[i].WpaIE.IELen > 0)
+        {
+                       memset(&iwe, 0, sizeof(iwe));
+                       memset(&custom[0], 0, MAX_CUSTOM_LEN);
+                       memcpy(custom, &(pAdapter->ScanTab.BssEntry[i].WpaIE.IE[0]),
+                                                  pAdapter->ScanTab.BssEntry[i].WpaIE.IELen);
+                       iwe.cmd = IWEVGENIE;
+                       iwe.u.data.length = pAdapter->ScanTab.BssEntry[i].WpaIE.IELen;
+                       current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom);
+                       if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+                return -E2BIG;
+#else
+                           break;
+#endif
+               }
+
+               //WPA2 IE
+        if (pAdapter->ScanTab.BssEntry[i].RsnIE.IELen > 0)
+        {
+               memset(&iwe, 0, sizeof(iwe));
+                       memset(&custom[0], 0, MAX_CUSTOM_LEN);
+                       memcpy(custom, &(pAdapter->ScanTab.BssEntry[i].RsnIE.IE[0]),
+                                                  pAdapter->ScanTab.BssEntry[i].RsnIE.IELen);
+                       iwe.cmd = IWEVGENIE;
+                       iwe.u.data.length = pAdapter->ScanTab.BssEntry[i].RsnIE.IELen;
+                       current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe, custom);
+                       if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+                return -E2BIG;
+#else
+                           break;
+#endif
+        }
+#else
+        //WPA IE
+               //================================
+        if (pAdapter->ScanTab.BssEntry[i].WpaIE.IELen > 0)
+        {
+               NdisZeroMemory(&iwe, sizeof(iwe));
+                       memset(&custom[0], 0, MAX_CUSTOM_LEN);
+               iwe.cmd = IWEVCUSTOM;
+            iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].WpaIE.IELen * 2) + 7;
+            NdisMoveMemory(custom, "wpa_ie=", 7);
+            for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].WpaIE.IELen; idx++)
+                sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].WpaIE.IE[idx]);
+            previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe,  custom);
+            if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+                return -E2BIG;
+#else
+                           break;
+#endif
+        }
+
+        //WPA2 IE
+        if (pAdapter->ScanTab.BssEntry[i].RsnIE.IELen > 0)
+        {
+               NdisZeroMemory(&iwe, sizeof(iwe));
+                       memset(&custom[0], 0, MAX_CUSTOM_LEN);
+               iwe.cmd = IWEVCUSTOM;
+            iwe.u.data.length = (pAdapter->ScanTab.BssEntry[i].RsnIE.IELen * 2) + 7;
+            NdisMoveMemory(custom, "rsn_ie=", 7);
+                       for (idx = 0; idx < pAdapter->ScanTab.BssEntry[i].RsnIE.IELen; idx++)
+                sprintf(custom, "%s%02x", custom, pAdapter->ScanTab.BssEntry[i].RsnIE.IE[idx]);
+            previous_ev = current_ev;
+               current_ev = IWE_STREAM_ADD_POINT(info, current_ev, end_buf, &iwe,  custom);
+            if (current_ev == previous_ev)
+#if WIRELESS_EXT >= 17
+                return -E2BIG;
+#else
+                           break;
+#endif
+        }
+#endif // IWEVGENIE //
+       }
+
+       data->length = current_ev - extra;
+    pAdapter->StaCfg.bScanReqIsFromWebUI = FALSE;
+       DBGPRINT(RT_DEBUG_ERROR ,("===>rt_ioctl_giwscan. %d(%d) BSS returned, data->length = %d\n",i , pAdapter->ScanTab.BssNr, data->length));
+       return 0;
+}
+#endif
+
+int rt_ioctl_siwessid(struct net_device *dev,
+                        struct iw_request_info *info,
+                        struct iw_point *data, char *essid)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+       DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+    }
+
+       if (data->flags)
+       {
+               PSTRING pSsidString = NULL;
+
+               // Includes null character.
+               if (data->length > (IW_ESSID_MAX_SIZE + 1))
+                       return -E2BIG;
+
+               pSsidString = kmalloc(MAX_LEN_OF_SSID+1, MEM_ALLOC_FLAG);
+               if (pSsidString)
+        {
+                       NdisZeroMemory(pSsidString, MAX_LEN_OF_SSID+1);
+                       NdisMoveMemory(pSsidString, essid, data->length);
+                       if (Set_SSID_Proc(pAdapter, pSsidString) == FALSE)
+                               return -EINVAL;
+               }
+               else
+                       return -ENOMEM;
+               }
+       else
+    {
+               // ANY ssid
+               if (Set_SSID_Proc(pAdapter, "") == FALSE)
+                       return -EINVAL;
+    }
+       return 0;
+}
+
+int rt_ioctl_giwessid(struct net_device *dev,
+                        struct iw_request_info *info,
+                        struct iw_point *data, char *essid)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       data->flags = 1;
+    if (MONITOR_ON(pAdapter))
+    {
+        data->length  = 0;
+        return 0;
+    }
+
+       if (OPSTATUS_TEST_FLAG(pAdapter, fOP_STATUS_MEDIA_STATE_CONNECTED))
+       {
+               DBGPRINT(RT_DEBUG_TRACE ,("MediaState is connected\n"));
+               data->length = pAdapter->CommonCfg.SsidLen;
+               memcpy(essid, pAdapter->CommonCfg.Ssid, pAdapter->CommonCfg.SsidLen);
+       }
+       else
+       {//the ANY ssid was specified
+               data->length  = 0;
+               DBGPRINT(RT_DEBUG_TRACE ,("MediaState is not connected, ess\n"));
+       }
+
+       return 0;
+
+}
+
+int rt_ioctl_siwnickn(struct net_device *dev,
+                        struct iw_request_info *info,
+                        struct iw_point *data, char *nickname)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+    //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+        DBGPRINT(RT_DEBUG_TRACE ,("INFO::Network is down!\n"));
+        return -ENETDOWN;
+    }
+
+       if (data->length > IW_ESSID_MAX_SIZE)
+               return -EINVAL;
+
+       memset(pAdapter->nickname, 0, IW_ESSID_MAX_SIZE + 1);
+       memcpy(pAdapter->nickname, nickname, data->length);
+
+
+       return 0;
+}
+
+int rt_ioctl_giwnickn(struct net_device *dev,
+                        struct iw_request_info *info,
+                        struct iw_point *data, char *nickname)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       if (data->length > strlen((PSTRING) pAdapter->nickname) + 1)
+               data->length = strlen((PSTRING) pAdapter->nickname) + 1;
+       if (data->length > 0) {
+               memcpy(nickname, pAdapter->nickname, data->length-1);
+               nickname[data->length-1] = '\0';
+       }
+       return 0;
+}
+
+int rt_ioctl_siwrts(struct net_device *dev,
+                      struct iw_request_info *info,
+                      struct iw_param *rts, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       u16 val;
+
+    //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+        return -ENETDOWN;
+    }
+
+       if (rts->disabled)
+               val = MAX_RTS_THRESHOLD;
+       else if (rts->value < 0 || rts->value > MAX_RTS_THRESHOLD)
+               return -EINVAL;
+       else if (rts->value == 0)
+           val = MAX_RTS_THRESHOLD;
+       else
+               val = rts->value;
+
+       if (val != pAdapter->CommonCfg.RtsThreshold)
+               pAdapter->CommonCfg.RtsThreshold = val;
+
+       return 0;
+}
+
+int rt_ioctl_giwrts(struct net_device *dev,
+                      struct iw_request_info *info,
+                      struct iw_param *rts, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       rts->value = pAdapter->CommonCfg.RtsThreshold;
+       rts->disabled = (rts->value == MAX_RTS_THRESHOLD);
+       rts->fixed = 1;
+
+       return 0;
+}
+
+int rt_ioctl_siwfrag(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_param *frag, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       u16 val;
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       if (frag->disabled)
+               val = MAX_FRAG_THRESHOLD;
+       else if (frag->value >= MIN_FRAG_THRESHOLD || frag->value <= MAX_FRAG_THRESHOLD)
+        val = __cpu_to_le16(frag->value & ~0x1); /* even numbers only */
+       else if (frag->value == 0)
+           val = MAX_FRAG_THRESHOLD;
+       else
+               return -EINVAL;
+
+       pAdapter->CommonCfg.FragmentThreshold = val;
+       return 0;
+}
+
+int rt_ioctl_giwfrag(struct net_device *dev,
+                       struct iw_request_info *info,
+                       struct iw_param *frag, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       frag->value = pAdapter->CommonCfg.FragmentThreshold;
+       frag->disabled = (frag->value == MAX_FRAG_THRESHOLD);
+       frag->fixed = 1;
+
+       return 0;
+}
+
+#define MAX_WEP_KEY_SIZE 13
+#define MIN_WEP_KEY_SIZE 5
+int rt_ioctl_siwencode(struct net_device *dev,
+                         struct iw_request_info *info,
+                         struct iw_point *erq, char *extra)
+{
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       if ((erq->length == 0) &&
+        (erq->flags & IW_ENCODE_DISABLED))
+       {
+               pAdapter->StaCfg.PairCipher = Ndis802_11WEPDisabled;
+               pAdapter->StaCfg.GroupCipher = Ndis802_11WEPDisabled;
+               pAdapter->StaCfg.WepStatus = Ndis802_11WEPDisabled;
+        pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+        goto done;
+       }
+       else if (erq->flags & IW_ENCODE_RESTRICTED || erq->flags & IW_ENCODE_OPEN)
+       {
+           //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+               STA_PORT_SECURED(pAdapter);
+               pAdapter->StaCfg.PairCipher = Ndis802_11WEPEnabled;
+               pAdapter->StaCfg.GroupCipher = Ndis802_11WEPEnabled;
+               pAdapter->StaCfg.WepStatus = Ndis802_11WEPEnabled;
+        pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+               if (erq->flags & IW_ENCODE_RESTRICTED)
+                       pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeShared;
+       else
+                       pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+       }
+
+    if (erq->length > 0)
+       {
+               int keyIdx = (erq->flags & IW_ENCODE_INDEX) - 1;
+               /* Check the size of the key */
+               if (erq->length > MAX_WEP_KEY_SIZE)
+               {
+                       return -EINVAL;
+               }
+               /* Check key index */
+               if ((keyIdx < 0) || (keyIdx >= NR_WEP_KEYS))
+        {
+            DBGPRINT(RT_DEBUG_TRACE ,("==>rt_ioctl_siwencode::Wrong keyIdx=%d! Using default key instead (%d)\n",
+                                        keyIdx, pAdapter->StaCfg.DefaultKeyId));
+
+            //Using default key
+                       keyIdx = pAdapter->StaCfg.DefaultKeyId;
+        }
+               else
+                       pAdapter->StaCfg.DefaultKeyId = keyIdx;
+
+        NdisZeroMemory(pAdapter->SharedKey[BSS0][keyIdx].Key,  16);
+
+               if (erq->length == MAX_WEP_KEY_SIZE)
+        {
+                       pAdapter->SharedKey[BSS0][keyIdx].KeyLen = MAX_WEP_KEY_SIZE;
+            pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CIPHER_WEP128;
+               }
+               else if (erq->length == MIN_WEP_KEY_SIZE)
+        {
+            pAdapter->SharedKey[BSS0][keyIdx].KeyLen = MIN_WEP_KEY_SIZE;
+            pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CIPHER_WEP64;
+               }
+               else
+                       /* Disable the key */
+                       pAdapter->SharedKey[BSS0][keyIdx].KeyLen = 0;
+
+               /* Check if the key is not marked as invalid */
+               if(!(erq->flags & IW_ENCODE_NOKEY))
+               {
+                       /* Copy the key in the driver */
+                       NdisMoveMemory(pAdapter->SharedKey[BSS0][keyIdx].Key, extra, erq->length);
+        }
+       }
+    else
+                       {
+               /* Do we want to just set the transmit key index ? */
+               int index = (erq->flags & IW_ENCODE_INDEX) - 1;
+               if ((index >= 0) && (index < 4))
+        {
+                       pAdapter->StaCfg.DefaultKeyId = index;
+            }
+        else
+                       /* Don't complain if only change the mode */
+               if(!erq->flags & IW_ENCODE_MODE)
+               {
+                               return -EINVAL;
+               }
+       }
+
+done:
+    DBGPRINT(RT_DEBUG_TRACE ,("==>rt_ioctl_siwencode::erq->flags=%x\n",erq->flags));
+       DBGPRINT(RT_DEBUG_TRACE ,("==>rt_ioctl_siwencode::AuthMode=%x\n",pAdapter->StaCfg.AuthMode));
+       DBGPRINT(RT_DEBUG_TRACE ,("==>rt_ioctl_siwencode::DefaultKeyId=%x, KeyLen = %d\n",pAdapter->StaCfg.DefaultKeyId , pAdapter->SharedKey[BSS0][pAdapter->StaCfg.DefaultKeyId].KeyLen));
+       DBGPRINT(RT_DEBUG_TRACE ,("==>rt_ioctl_siwencode::WepStatus=%x\n",pAdapter->StaCfg.WepStatus));
+       return 0;
+}
+
+int
+rt_ioctl_giwencode(struct net_device *dev,
+                         struct iw_request_info *info,
+                         struct iw_point *erq, char *key)
+{
+       int kid;
+       PRTMP_ADAPTER pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+       }
+
+       kid = erq->flags & IW_ENCODE_INDEX;
+       DBGPRINT(RT_DEBUG_TRACE, ("===>rt_ioctl_giwencode %d\n", erq->flags & IW_ENCODE_INDEX));
+
+       if (pAdapter->StaCfg.WepStatus == Ndis802_11WEPDisabled)
+       {
+               erq->length = 0;
+               erq->flags = IW_ENCODE_DISABLED;
+       }
+       else if ((kid > 0) && (kid <=4))
+       {
+               // copy wep key
+               erq->flags = kid ;                      /* NB: base 1 */
+               if (erq->length > pAdapter->SharedKey[BSS0][kid-1].KeyLen)
+                       erq->length = pAdapter->SharedKey[BSS0][kid-1].KeyLen;
+               memcpy(key, pAdapter->SharedKey[BSS0][kid-1].Key, erq->length);
+               //if ((kid == pAdapter->PortCfg.DefaultKeyId))
+               //erq->flags |= IW_ENCODE_ENABLED;      /* XXX */
+               if (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeShared)
+                       erq->flags |= IW_ENCODE_RESTRICTED;             /* XXX */
+               else
+                       erq->flags |= IW_ENCODE_OPEN;           /* XXX */
+
+       }
+       else if (kid == 0)
+       {
+               if (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeShared)
+                       erq->flags |= IW_ENCODE_RESTRICTED;             /* XXX */
+               else
+                       erq->flags |= IW_ENCODE_OPEN;           /* XXX */
+               erq->length = pAdapter->SharedKey[BSS0][pAdapter->StaCfg.DefaultKeyId].KeyLen;
+               memcpy(key, pAdapter->SharedKey[BSS0][pAdapter->StaCfg.DefaultKeyId].Key, erq->length);
+               // copy default key ID
+               if (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeShared)
+                       erq->flags |= IW_ENCODE_RESTRICTED;             /* XXX */
+               else
+                       erq->flags |= IW_ENCODE_OPEN;           /* XXX */
+               erq->flags = pAdapter->StaCfg.DefaultKeyId + 1;                 /* NB: base 1 */
+               erq->flags |= IW_ENCODE_ENABLED;        /* XXX */
+       }
+
+       return 0;
+
+}
+
+static int
+rt_ioctl_setparam(struct net_device *dev, struct iw_request_info *info,
+                        void *w, char *extra)
+{
+       PRTMP_ADAPTER pAdapter;
+       POS_COOKIE pObj;
+       PSTRING this_char = extra;
+       PSTRING value;
+       int  Status=0;
+
+       pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       if (pAdapter == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       pObj = (POS_COOKIE) pAdapter->OS_Cookie;
+       {
+               pObj->ioctl_if_type = INT_MAIN;
+        pObj->ioctl_if = MAIN_MBSSID;
+       }
+
+       //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+                       return -ENETDOWN;
+       }
+
+       if (!*this_char)
+               return -EINVAL;
+
+       if ((value = rtstrchr(this_char, '=')) != NULL)
+           *value++ = 0;
+
+       if (!value && (strcmp(this_char, "SiteSurvey") != 0))
+           return -EINVAL;
+       else
+               goto SET_PROC;
+
+       // reject setting nothing besides ANY ssid(ssidLen=0)
+    if (!*value && (strcmp(this_char, "SSID") != 0))
+        return -EINVAL;
+
+SET_PROC:
+       for (PRTMP_PRIVATE_SET_PROC = RTMP_PRIVATE_SUPPORT_PROC; PRTMP_PRIVATE_SET_PROC->name; PRTMP_PRIVATE_SET_PROC++)
+       {
+           if (strcmp(this_char, PRTMP_PRIVATE_SET_PROC->name) == 0)
+           {
+               if(!PRTMP_PRIVATE_SET_PROC->set_proc(pAdapter, value))
+               {       //FALSE:Set private failed then return Invalid argument
+                           Status = -EINVAL;
+               }
+                   break;      //Exit for loop.
+           }
+       }
+
+       if(PRTMP_PRIVATE_SET_PROC->name == NULL)
+       {  //Not found argument
+           Status = -EINVAL;
+           DBGPRINT(RT_DEBUG_TRACE, ("===>rt_ioctl_setparam:: (iwpriv) Not Support Set Command [%s=%s]\n", this_char, value));
+       }
+
+    return Status;
+}
+
+
+static int
+rt_private_get_statistics(struct net_device *dev, struct iw_request_info *info,
+               struct iw_point *wrq, char *extra)
+{
+       INT                             Status = 0;
+    PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+    if (extra == NULL)
+    {
+        wrq->length = 0;
+        return -EIO;
+    }
+
+    memset(extra, 0x00, IW_PRIV_SIZE_MASK);
+    sprintf(extra, "\n\n");
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       {
+           sprintf(extra+strlen(extra), "Tx success                      = %ld\n", (ULONG)pAd->ate.TxDoneCount);
+           //sprintf(extra+strlen(extra), "Tx success without retry        = %ld\n", (ULONG)pAd->ate.TxDoneCount);
+       }
+       else
+#endif // RALINK_ATE //
+       {
+    sprintf(extra+strlen(extra), "Tx success                      = %ld\n", (ULONG)pAd->WlanCounters.TransmittedFragmentCount.QuadPart);
+    sprintf(extra+strlen(extra), "Tx success without retry        = %ld\n", (ULONG)pAd->WlanCounters.TransmittedFragmentCount.QuadPart - (ULONG)pAd->WlanCounters.RetryCount.QuadPart);
+       }
+    sprintf(extra+strlen(extra), "Tx success after retry          = %ld\n", (ULONG)pAd->WlanCounters.RetryCount.QuadPart);
+    sprintf(extra+strlen(extra), "Tx fail to Rcv ACK after retry  = %ld\n", (ULONG)pAd->WlanCounters.FailedCount.QuadPart);
+    sprintf(extra+strlen(extra), "RTS Success Rcv CTS             = %ld\n", (ULONG)pAd->WlanCounters.RTSSuccessCount.QuadPart);
+    sprintf(extra+strlen(extra), "RTS Fail Rcv CTS                = %ld\n", (ULONG)pAd->WlanCounters.RTSFailureCount.QuadPart);
+
+    sprintf(extra+strlen(extra), "Rx success                      = %ld\n", (ULONG)pAd->WlanCounters.ReceivedFragmentCount.QuadPart);
+    sprintf(extra+strlen(extra), "Rx with CRC                     = %ld\n", (ULONG)pAd->WlanCounters.FCSErrorCount.QuadPart);
+    sprintf(extra+strlen(extra), "Rx drop due to out of resource  = %ld\n", (ULONG)pAd->Counters8023.RxNoBuffer);
+    sprintf(extra+strlen(extra), "Rx duplicate frame              = %ld\n", (ULONG)pAd->WlanCounters.FrameDuplicateCount.QuadPart);
+
+    sprintf(extra+strlen(extra), "False CCA (one second)          = %ld\n", (ULONG)pAd->RalinkCounters.OneSecFalseCCACnt);
+
+#ifdef RALINK_ATE
+       if (ATE_ON(pAd))
+       {
+               if (pAd->ate.RxAntennaSel == 0)
+               {
+               sprintf(extra+strlen(extra), "RSSI-A                          = %ld\n", (LONG)(pAd->ate.LastRssi0 - pAd->BbpRssiToDbmDelta));
+                       sprintf(extra+strlen(extra), "RSSI-B (if available)           = %ld\n", (LONG)(pAd->ate.LastRssi1 - pAd->BbpRssiToDbmDelta));
+                       sprintf(extra+strlen(extra), "RSSI-C (if available)           = %ld\n\n", (LONG)(pAd->ate.LastRssi2 - pAd->BbpRssiToDbmDelta));
+               }
+               else
+               {
+               sprintf(extra+strlen(extra), "RSSI                            = %ld\n", (LONG)(pAd->ate.LastRssi0 - pAd->BbpRssiToDbmDelta));
+               }
+       }
+       else
+#endif // RALINK_ATE //
+       {
+       sprintf(extra+strlen(extra), "RSSI-A                          = %ld\n", (LONG)(pAd->StaCfg.RssiSample.LastRssi0 - pAd->BbpRssiToDbmDelta));
+        sprintf(extra+strlen(extra), "RSSI-B (if available)           = %ld\n", (LONG)(pAd->StaCfg.RssiSample.LastRssi1 - pAd->BbpRssiToDbmDelta));
+        sprintf(extra+strlen(extra), "RSSI-C (if available)           = %ld\n\n", (LONG)(pAd->StaCfg.RssiSample.LastRssi2 - pAd->BbpRssiToDbmDelta));
+       }
+#ifdef WPA_SUPPLICANT_SUPPORT
+    sprintf(extra+strlen(extra), "WpaSupplicantUP                 = %d\n\n", pAd->StaCfg.WpaSupplicantUP);
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+
+
+    wrq->length = strlen(extra) + 1; // 1: size of '\0'
+    DBGPRINT(RT_DEBUG_TRACE, ("<== rt_private_get_statistics, wrq->length = %d\n", wrq->length));
+
+    return Status;
+}
+
+#ifdef DOT11_N_SUPPORT
+void   getBaInfo(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 pOutBuf)
+{
+       INT i, j;
+       BA_ORI_ENTRY *pOriBAEntry;
+       BA_REC_ENTRY *pRecBAEntry;
+
+       for (i=0; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[i];
+               if (((pEntry->ValidAsCLI || pEntry->ValidAsApCli) && (pEntry->Sst == SST_ASSOC))
+                       || (pEntry->ValidAsWDS) || (pEntry->ValidAsMesh))
+               {
+                       sprintf(pOutBuf, "%s\n%02X:%02X:%02X:%02X:%02X:%02X (Aid = %d) (AP) -\n",
+                pOutBuf,
+                               pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
+                               pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5], pEntry->Aid);
+
+                       sprintf(pOutBuf, "%s[Recipient]\n", pOutBuf);
+                       for (j=0; j < NUM_OF_TID; j++)
+                       {
+                               if (pEntry->BARecWcidArray[j] != 0)
+                               {
+                                       pRecBAEntry =&pAd->BATable.BARecEntry[pEntry->BARecWcidArray[j]];
+                                       sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, LastIndSeq=%d, ReorderingPkts=%d\n", pOutBuf, j, pRecBAEntry->BAWinSize, pRecBAEntry->LastIndSeq, pRecBAEntry->list.qlen);
+                               }
+                       }
+                       sprintf(pOutBuf, "%s\n", pOutBuf);
+
+                       sprintf(pOutBuf, "%s[Originator]\n", pOutBuf);
+                       for (j=0; j < NUM_OF_TID; j++)
+                       {
+                               if (pEntry->BAOriWcidArray[j] != 0)
+                               {
+                                       pOriBAEntry =&pAd->BATable.BAOriEntry[pEntry->BAOriWcidArray[j]];
+                                       sprintf(pOutBuf, "%sTID=%d, BAWinSize=%d, StartSeq=%d, CurTxSeq=%d\n", pOutBuf, j, pOriBAEntry->BAWinSize, pOriBAEntry->Sequence, pEntry->TxSeq[j]);
+                               }
+                       }
+                       sprintf(pOutBuf, "%s\n\n", pOutBuf);
+               }
+        if (strlen(pOutBuf) > (IW_PRIV_SIZE_MASK - 30))
+                break;
+       }
+
+       return;
+}
+#endif // DOT11_N_SUPPORT //
+
+static int
+rt_private_show(struct net_device *dev, struct iw_request_info *info,
+               struct iw_point *wrq, PSTRING extra)
+{
+       INT                             Status = 0;
+       PRTMP_ADAPTER   pAd;
+       POS_COOKIE              pObj;
+       u32             subcmd = wrq->flags;
+
+       pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+       if (pAd == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+       if (extra == NULL)
+       {
+               wrq->length = 0;
+               return -EIO;
+       }
+       memset(extra, 0x00, IW_PRIV_SIZE_MASK);
+
+       {
+               pObj->ioctl_if_type = INT_MAIN;
+               pObj->ioctl_if = MAIN_MBSSID;
+       }
+
+    switch(subcmd)
+    {
+
+        case SHOW_CONN_STATUS:
+            if (MONITOR_ON(pAd))
+            {
+#ifdef DOT11_N_SUPPORT
+                if (pAd->CommonCfg.PhyMode >= PHY_11ABGN_MIXED &&
+                    pAd->CommonCfg.RegTransmitSetting.field.BW)
+                    sprintf(extra, "Monitor Mode(CentralChannel %d)\n", pAd->CommonCfg.CentralChannel);
+                else
+#endif // DOT11_N_SUPPORT //
+                    sprintf(extra, "Monitor Mode(Channel %d)\n", pAd->CommonCfg.Channel);
+            }
+            else
+            {
+                if (pAd->IndicateMediaState == NdisMediaStateConnected)
+               {
+                   if (INFRA_ON(pAd))
+                    {
+                    sprintf(extra, "Connected(AP: %s[%02X:%02X:%02X:%02X:%02X:%02X])\n",
+                                    pAd->CommonCfg.Ssid,
+                                    pAd->CommonCfg.Bssid[0],
+                                    pAd->CommonCfg.Bssid[1],
+                                    pAd->CommonCfg.Bssid[2],
+                                    pAd->CommonCfg.Bssid[3],
+                                    pAd->CommonCfg.Bssid[4],
+                                    pAd->CommonCfg.Bssid[5]);
+                       DBGPRINT(RT_DEBUG_TRACE ,("Ssid=%s ,Ssidlen = %d\n",pAd->CommonCfg.Ssid, pAd->CommonCfg.SsidLen));
+               }
+                    else if (ADHOC_ON(pAd))
+                        sprintf(extra, "Connected\n");
+               }
+               else
+               {
+                   sprintf(extra, "Disconnected\n");
+                       DBGPRINT(RT_DEBUG_TRACE ,("ConnStatus is not connected\n"));
+               }
+            }
+            wrq->length = strlen(extra) + 1; // 1: size of '\0'
+            break;
+        case SHOW_DRVIER_VERION:
+            sprintf(extra, "Driver version-%s, %s %s\n", STA_DRIVER_VERSION, __DATE__, __TIME__ );
+            wrq->length = strlen(extra) + 1; // 1: size of '\0'
+            break;
+#ifdef DOT11_N_SUPPORT
+        case SHOW_BA_INFO:
+            getBaInfo(pAd, extra);
+            wrq->length = strlen(extra) + 1; // 1: size of '\0'
+            break;
+#endif // DOT11_N_SUPPORT //
+               case SHOW_DESC_INFO:
+                       {
+                               Show_DescInfo_Proc(pAd, NULL);
+                               wrq->length = 0; // 1: size of '\0'
+                       }
+                       break;
+        case RAIO_OFF:
+            if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+            {
+                if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+                       {
+                           RTMP_MLME_RESET_STATE_MACHINE(pAd);
+                           DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+                       }
+            }
+            pAd->StaCfg.bSwRadio = FALSE;
+            if (pAd->StaCfg.bRadio != (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio))
+            {
+                pAd->StaCfg.bRadio = (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio);
+                if (pAd->StaCfg.bRadio == FALSE)
+                {
+                    MlmeRadioOff(pAd);
+                    // Update extra information
+                                       pAd->ExtraInfo = SW_RADIO_OFF;
+                }
+            }
+            sprintf(extra, "Radio Off\n");
+            wrq->length = strlen(extra) + 1; // 1: size of '\0'
+            break;
+        case RAIO_ON:
+            pAd->StaCfg.bSwRadio = TRUE;
+            //if (pAd->StaCfg.bRadio != (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio))
+            {
+                pAd->StaCfg.bRadio = (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio);
+                if (pAd->StaCfg.bRadio == TRUE)
+                {
+                    MlmeRadioOn(pAd);
+                    // Update extra information
+                                       pAd->ExtraInfo = EXTRA_INFO_CLEAR;
+                }
+            }
+            sprintf(extra, "Radio On\n");
+            wrq->length = strlen(extra) + 1; // 1: size of '\0'
+            break;
+
+
+#ifdef QOS_DLS_SUPPORT
+               case SHOW_DLS_ENTRY_INFO:
+                       {
+                               Set_DlsEntryInfo_Display_Proc(pAd, NULL);
+                               wrq->length = 0; // 1: size of '\0'
+                       }
+                       break;
+#endif // QOS_DLS_SUPPORT //
+
+               case SHOW_CFG_VALUE:
+                       {
+                               Status = RTMPShowCfgValue(pAd, (PSTRING) wrq->pointer, extra);
+                               if (Status == 0)
+                                       wrq->length = strlen(extra) + 1; // 1: size of '\0'
+                       }
+                       break;
+               case SHOW_ADHOC_ENTRY_INFO:
+                       Show_Adhoc_MacTable_Proc(pAd, extra);
+                       wrq->length = strlen(extra) + 1; // 1: size of '\0'
+                       break;
+        default:
+            DBGPRINT(RT_DEBUG_TRACE, ("%s - unknow subcmd = %d\n", __FUNCTION__, subcmd));
+            break;
+    }
+
+    return Status;
+}
+
+#ifdef SIOCSIWMLME
+int rt_ioctl_siwmlme(struct net_device *dev,
+                          struct iw_request_info *info,
+                          union iwreq_data *wrqu,
+                          char *extra)
+{
+       PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_mlme *pMlme = (struct iw_mlme *)wrqu->data.pointer;
+       MLME_QUEUE_ELEM                         MsgElem;
+       MLME_DISASSOC_REQ_STRUCT        DisAssocReq;
+       MLME_DEAUTH_REQ_STRUCT      DeAuthReq;
+
+       DBGPRINT(RT_DEBUG_TRACE, ("====> %s\n", __FUNCTION__));
+
+       if (pMlme == NULL)
+               return -EINVAL;
+
+       switch(pMlme->cmd)
+       {
+#ifdef IW_MLME_DEAUTH
+               case IW_MLME_DEAUTH:
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> %s - IW_MLME_DEAUTH\n", __FUNCTION__));
+                       COPY_MAC_ADDR(DeAuthReq.Addr, pAd->CommonCfg.Bssid);
+                       DeAuthReq.Reason = pMlme->reason_code;
+                       MsgElem.MsgLen = sizeof(MLME_DEAUTH_REQ_STRUCT);
+                       NdisMoveMemory(MsgElem.Msg, &DeAuthReq, sizeof(MLME_DEAUTH_REQ_STRUCT));
+                       MlmeDeauthReqAction(pAd, &MsgElem);
+                       if (INFRA_ON(pAd))
+                       {
+                           LinkDown(pAd, FALSE);
+                           pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                       }
+                       break;
+#endif // IW_MLME_DEAUTH //
+#ifdef IW_MLME_DISASSOC
+               case IW_MLME_DISASSOC:
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> %s - IW_MLME_DISASSOC\n", __FUNCTION__));
+                       COPY_MAC_ADDR(DisAssocReq.Addr, pAd->CommonCfg.Bssid);
+                       DisAssocReq.Reason =  pMlme->reason_code;
+
+                       MsgElem.Machine = ASSOC_STATE_MACHINE;
+                       MsgElem.MsgType = MT2_MLME_DISASSOC_REQ;
+                       MsgElem.MsgLen = sizeof(MLME_DISASSOC_REQ_STRUCT);
+                       NdisMoveMemory(MsgElem.Msg, &DisAssocReq, sizeof(MLME_DISASSOC_REQ_STRUCT));
+
+                       pAd->Mlme.CntlMachine.CurrState = CNTL_WAIT_OID_DISASSOC;
+                       MlmeDisassocReqAction(pAd, &MsgElem);
+                       break;
+#endif // IW_MLME_DISASSOC //
+               default:
+                       DBGPRINT(RT_DEBUG_TRACE, ("====> %s - Unknow Command\n", __FUNCTION__));
+                       break;
+       }
+
+       return 0;
+}
+#endif // SIOCSIWMLME //
+
+#if WIRELESS_EXT > 17
+int rt_ioctl_siwauth(struct net_device *dev,
+                         struct iw_request_info *info,
+                         union iwreq_data *wrqu, char *extra)
+{
+       PRTMP_ADAPTER   pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_param *param = &wrqu->param;
+
+    //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+       }
+       switch (param->flags & IW_AUTH_INDEX) {
+       case IW_AUTH_WPA_VERSION:
+            if (param->value == IW_AUTH_WPA_VERSION_WPA)
+            {
+                pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPAPSK;
+                               if (pAdapter->StaCfg.BssType == BSS_ADHOC)
+                                       pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPANone;
+            }
+            else if (param->value == IW_AUTH_WPA_VERSION_WPA2)
+                pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA2PSK;
+
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_WPA_VERSION - param->value = %d!\n", __FUNCTION__, param->value));
+            break;
+       case IW_AUTH_CIPHER_PAIRWISE:
+            if (param->value == IW_AUTH_CIPHER_NONE)
+            {
+                pAdapter->StaCfg.WepStatus = Ndis802_11WEPDisabled;
+                pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+                pAdapter->StaCfg.PairCipher = Ndis802_11WEPDisabled;
+            }
+            else if (param->value == IW_AUTH_CIPHER_WEP40 ||
+                     param->value == IW_AUTH_CIPHER_WEP104)
+            {
+                pAdapter->StaCfg.WepStatus = Ndis802_11WEPEnabled;
+                pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+                pAdapter->StaCfg.PairCipher = Ndis802_11WEPEnabled;
+#ifdef WPA_SUPPLICANT_SUPPORT
+                pAdapter->StaCfg.IEEE8021X = FALSE;
+#endif // WPA_SUPPLICANT_SUPPORT //
+            }
+            else if (param->value == IW_AUTH_CIPHER_TKIP)
+            {
+                pAdapter->StaCfg.WepStatus = Ndis802_11Encryption2Enabled;
+                pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+                pAdapter->StaCfg.PairCipher = Ndis802_11Encryption2Enabled;
+            }
+            else if (param->value == IW_AUTH_CIPHER_CCMP)
+            {
+                pAdapter->StaCfg.WepStatus = Ndis802_11Encryption3Enabled;
+                pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+                pAdapter->StaCfg.PairCipher = Ndis802_11Encryption3Enabled;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_CIPHER_PAIRWISE - param->value = %d!\n", __FUNCTION__, param->value));
+            break;
+       case IW_AUTH_CIPHER_GROUP:
+            if (param->value == IW_AUTH_CIPHER_NONE)
+            {
+                pAdapter->StaCfg.GroupCipher = Ndis802_11WEPDisabled;
+            }
+            else if (param->value == IW_AUTH_CIPHER_WEP40 ||
+                     param->value == IW_AUTH_CIPHER_WEP104)
+            {
+                pAdapter->StaCfg.GroupCipher = Ndis802_11WEPEnabled;
+            }
+            else if (param->value == IW_AUTH_CIPHER_TKIP)
+            {
+                pAdapter->StaCfg.GroupCipher = Ndis802_11Encryption2Enabled;
+            }
+            else if (param->value == IW_AUTH_CIPHER_CCMP)
+            {
+                pAdapter->StaCfg.GroupCipher = Ndis802_11Encryption3Enabled;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_CIPHER_GROUP - param->value = %d!\n", __FUNCTION__, param->value));
+            break;
+       case IW_AUTH_KEY_MGMT:
+            if (param->value == IW_AUTH_KEY_MGMT_802_1X)
+            {
+                if (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK)
+                {
+                    pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA;
+#ifdef WPA_SUPPLICANT_SUPPORT
+                    pAdapter->StaCfg.IEEE8021X = FALSE;
+#endif // WPA_SUPPLICANT_SUPPORT //
+                }
+                else if (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)
+                {
+                    pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA2;
+#ifdef WPA_SUPPLICANT_SUPPORT
+                    pAdapter->StaCfg.IEEE8021X = FALSE;
+#endif // WPA_SUPPLICANT_SUPPORT //
+                }
+#ifdef WPA_SUPPLICANT_SUPPORT
+                else
+                    // WEP 1x
+                    pAdapter->StaCfg.IEEE8021X = TRUE;
+#endif // WPA_SUPPLICANT_SUPPORT //
+            }
+            else if (param->value == 0)
+            {
+                //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                               STA_PORT_SECURED(pAdapter);
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_KEY_MGMT - param->value = %d!\n", __FUNCTION__, param->value));
+            break;
+       case IW_AUTH_RX_UNENCRYPTED_EAPOL:
+            break;
+       case IW_AUTH_PRIVACY_INVOKED:
+            /*if (param->value == 0)
+                       {
+                pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+                pAdapter->StaCfg.WepStatus = Ndis802_11WEPDisabled;
+                pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+                pAdapter->StaCfg.PairCipher = Ndis802_11WEPDisabled;
+                   pAdapter->StaCfg.GroupCipher = Ndis802_11WEPDisabled;
+            }*/
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_PRIVACY_INVOKED - param->value = %d!\n", __FUNCTION__, param->value));
+               break;
+       case IW_AUTH_DROP_UNENCRYPTED:
+            if (param->value != 0)
+                pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+                       else
+                       {
+                //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                               STA_PORT_SECURED(pAdapter);
+                       }
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_WPA_VERSION - param->value = %d!\n", __FUNCTION__, param->value));
+               break;
+       case IW_AUTH_80211_AUTH_ALG:
+                       if (param->value & IW_AUTH_ALG_SHARED_KEY)
+            {
+                               pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeShared;
+                       }
+            else if (param->value & IW_AUTH_ALG_OPEN_SYSTEM)
+            {
+                               pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+                       }
+            else
+                               return -EINVAL;
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_80211_AUTH_ALG - param->value = %d!\n", __FUNCTION__, param->value));
+                       break;
+       case IW_AUTH_WPA_ENABLED:
+               DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_AUTH_WPA_ENABLED - Driver supports WPA!(param->value = %d)\n", __FUNCTION__, param->value));
+               break;
+       default:
+               return -EOPNOTSUPP;
+}
+
+       return 0;
+}
+
+int rt_ioctl_giwauth(struct net_device *dev,
+                              struct iw_request_info *info,
+                              union iwreq_data *wrqu, char *extra)
+{
+       PRTMP_ADAPTER   pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_param *param = &wrqu->param;
+
+    //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+    }
+
+       switch (param->flags & IW_AUTH_INDEX) {
+       case IW_AUTH_DROP_UNENCRYPTED:
+        param->value = (pAdapter->StaCfg.WepStatus == Ndis802_11WEPDisabled) ? 0 : 1;
+               break;
+
+       case IW_AUTH_80211_AUTH_ALG:
+        param->value = (pAdapter->StaCfg.AuthMode == Ndis802_11AuthModeShared) ? IW_AUTH_ALG_SHARED_KEY : IW_AUTH_ALG_OPEN_SYSTEM;
+               break;
+
+       case IW_AUTH_WPA_ENABLED:
+               param->value = (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) ? 1 : 0;
+               break;
+
+       default:
+               return -EOPNOTSUPP;
+       }
+    DBGPRINT(RT_DEBUG_TRACE, ("rt_ioctl_giwauth::param->value = %d!\n", param->value));
+       return 0;
+}
+
+void fnSetCipherKey(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  INT             keyIdx,
+    IN  UCHAR           CipherAlg,
+    IN  BOOLEAN         bGTK,
+    IN  struct iw_encode_ext *ext)
+{
+    NdisZeroMemory(&pAdapter->SharedKey[BSS0][keyIdx], sizeof(CIPHER_KEY));
+    pAdapter->SharedKey[BSS0][keyIdx].KeyLen = LEN_TKIP_EK;
+    NdisMoveMemory(pAdapter->SharedKey[BSS0][keyIdx].Key, ext->key, LEN_TKIP_EK);
+    NdisMoveMemory(pAdapter->SharedKey[BSS0][keyIdx].TxMic, ext->key + LEN_TKIP_EK, LEN_TKIP_TXMICK);
+    NdisMoveMemory(pAdapter->SharedKey[BSS0][keyIdx].RxMic, ext->key + LEN_TKIP_EK + LEN_TKIP_TXMICK, LEN_TKIP_RXMICK);
+    pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CipherAlg;
+
+    // Update group key information to ASIC Shared Key Table
+       AsicAddSharedKeyEntry(pAdapter,
+                                                 BSS0,
+                                                 keyIdx,
+                                                 pAdapter->SharedKey[BSS0][keyIdx].CipherAlg,
+                                                 pAdapter->SharedKey[BSS0][keyIdx].Key,
+                                                 pAdapter->SharedKey[BSS0][keyIdx].TxMic,
+                                                 pAdapter->SharedKey[BSS0][keyIdx].RxMic);
+
+    if (bGTK)
+        // Update ASIC WCID attribute table and IVEIV table
+       RTMPAddWcidAttributeEntry(pAdapter,
+                                                         BSS0,
+                                                         keyIdx,
+                                                         pAdapter->SharedKey[BSS0][keyIdx].CipherAlg,
+                                                         NULL);
+    else
+        // Update ASIC WCID attribute table and IVEIV table
+       RTMPAddWcidAttributeEntry(pAdapter,
+                                                         BSS0,
+                                                         keyIdx,
+                                                         pAdapter->SharedKey[BSS0][keyIdx].CipherAlg,
+                                                         &pAdapter->MacTab.Content[BSSID_WCID]);
+}
+
+int rt_ioctl_siwencodeext(struct net_device *dev,
+                          struct iw_request_info *info,
+                          union iwreq_data *wrqu,
+                          char *extra)
+                       {
+    PRTMP_ADAPTER   pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_point *encoding = &wrqu->encoding;
+       struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
+    int keyIdx, alg = ext->alg;
+
+    //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAdapter, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+       }
+
+    if (encoding->flags & IW_ENCODE_DISABLED)
+       {
+        keyIdx = (encoding->flags & IW_ENCODE_INDEX) - 1;
+        // set BSSID wcid entry of the Pair-wise Key table as no-security mode
+           AsicRemovePairwiseKeyEntry(pAdapter, BSS0, BSSID_WCID);
+        pAdapter->SharedKey[BSS0][keyIdx].KeyLen = 0;
+               pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CIPHER_NONE;
+               AsicRemoveSharedKeyEntry(pAdapter, 0, (UCHAR)keyIdx);
+        NdisZeroMemory(&pAdapter->SharedKey[BSS0][keyIdx], sizeof(CIPHER_KEY));
+        DBGPRINT(RT_DEBUG_TRACE, ("%s::Remove all keys!(encoding->flags = %x)\n", __FUNCTION__, encoding->flags));
+    }
+                                       else
+    {
+        // Get Key Index and convet to our own defined key index
+       keyIdx = (encoding->flags & IW_ENCODE_INDEX) - 1;
+       if((keyIdx < 0) || (keyIdx >= NR_WEP_KEYS))
+               return -EINVAL;
+
+        if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY)
+        {
+            pAdapter->StaCfg.DefaultKeyId = keyIdx;
+            DBGPRINT(RT_DEBUG_TRACE, ("%s::DefaultKeyId = %d\n", __FUNCTION__, pAdapter->StaCfg.DefaultKeyId));
+        }
+
+        switch (alg) {
+               case IW_ENCODE_ALG_NONE:
+                DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_ENCODE_ALG_NONE\n", __FUNCTION__));
+                       break;
+               case IW_ENCODE_ALG_WEP:
+                DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_ENCODE_ALG_WEP - ext->key_len = %d, keyIdx = %d\n", __FUNCTION__, ext->key_len, keyIdx));
+                       if (ext->key_len == MAX_WEP_KEY_SIZE)
+                {
+                               pAdapter->SharedKey[BSS0][keyIdx].KeyLen = MAX_WEP_KEY_SIZE;
+                    pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CIPHER_WEP128;
+                               }
+                       else if (ext->key_len == MIN_WEP_KEY_SIZE)
+                {
+                    pAdapter->SharedKey[BSS0][keyIdx].KeyLen = MIN_WEP_KEY_SIZE;
+                    pAdapter->SharedKey[BSS0][keyIdx].CipherAlg = CIPHER_WEP64;
+                       }
+                       else
+                    return -EINVAL;
+
+                NdisZeroMemory(pAdapter->SharedKey[BSS0][keyIdx].Key,  16);
+                           NdisMoveMemory(pAdapter->SharedKey[BSS0][keyIdx].Key, ext->key, ext->key_len);
+
+                               if (pAdapter->StaCfg.GroupCipher == Ndis802_11GroupWEP40Enabled ||
+                                       pAdapter->StaCfg.GroupCipher == Ndis802_11GroupWEP104Enabled)
+                               {
+                                       // Set Group key material to Asic
+                                       AsicAddSharedKeyEntry(pAdapter, BSS0, keyIdx, pAdapter->SharedKey[BSS0][keyIdx].CipherAlg, pAdapter->SharedKey[BSS0][keyIdx].Key, NULL, NULL);
+                                       // Update WCID attribute table and IVEIV table for this group key table
+                                       RTMPAddWcidAttributeEntry(pAdapter, BSS0, keyIdx, pAdapter->SharedKey[BSS0][keyIdx].CipherAlg, NULL);
+                                       STA_PORT_SECURED(pAdapter);
+                                       // Indicate Connected for GUI
+                                       pAdapter->IndicateMediaState = NdisMediaStateConnected;
+                               }
+                       break;
+            case IW_ENCODE_ALG_TKIP:
+                DBGPRINT(RT_DEBUG_TRACE, ("%s::IW_ENCODE_ALG_TKIP - keyIdx = %d, ext->key_len = %d\n", __FUNCTION__, keyIdx, ext->key_len));
+                if (ext->key_len == 32)
+                {
+                    if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY)
+                    {
+                        fnSetCipherKey(pAdapter, keyIdx, CIPHER_TKIP, FALSE, ext);
+                        if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA2)
+                        {
+                            //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                            STA_PORT_SECURED(pAdapter);
+                            pAdapter->IndicateMediaState = NdisMediaStateConnected;
+                        }
+               }
+                    else if (ext->ext_flags & IW_ENCODE_EXT_GROUP_KEY)
+                    {
+                        fnSetCipherKey(pAdapter, keyIdx, CIPHER_TKIP, TRUE, ext);
+
+                        // set 802.1x port control
+                       //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                       STA_PORT_SECURED(pAdapter);
+                       pAdapter->IndicateMediaState = NdisMediaStateConnected;
+                    }
+                }
+                else
+                    return -EINVAL;
+                break;
+            case IW_ENCODE_ALG_CCMP:
+                if (ext->ext_flags & IW_ENCODE_EXT_SET_TX_KEY)
+               {
+                    fnSetCipherKey(pAdapter, keyIdx, CIPHER_AES, FALSE, ext);
+                    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA2)
+                       //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                       STA_PORT_SECURED(pAdapter);
+                       pAdapter->IndicateMediaState = NdisMediaStateConnected;
+                }
+                else if (ext->ext_flags & IW_ENCODE_EXT_GROUP_KEY)
+                {
+                    fnSetCipherKey(pAdapter, keyIdx, CIPHER_AES, TRUE, ext);
+
+                    // set 802.1x port control
+                       //pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                       STA_PORT_SECURED(pAdapter);
+                       pAdapter->IndicateMediaState = NdisMediaStateConnected;
+                }
+                break;
+               default:
+                       return -EINVAL;
+               }
+    }
+
+    return 0;
+}
+
+int
+rt_ioctl_giwencodeext(struct net_device *dev,
+                         struct iw_request_info *info,
+                         union iwreq_data *wrqu, char *extra)
+{
+       PRTMP_ADAPTER pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+       PCHAR pKey = NULL;
+       struct iw_point *encoding = &wrqu->encoding;
+       struct iw_encode_ext *ext = (struct iw_encode_ext *)extra;
+       int idx, max_key_len;
+
+       DBGPRINT(RT_DEBUG_TRACE ,("===> rt_ioctl_giwencodeext\n"));
+
+       max_key_len = encoding->length - sizeof(*ext);
+       if (max_key_len < 0)
+               return -EINVAL;
+
+       idx = encoding->flags & IW_ENCODE_INDEX;
+       if (idx)
+       {
+               if (idx < 1 || idx > 4)
+                       return -EINVAL;
+               idx--;
+
+               if ((pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled) ||
+                       (pAd->StaCfg.WepStatus == Ndis802_11Encryption3Enabled))
+               {
+                       if (idx != pAd->StaCfg.DefaultKeyId)
+                       {
+                               ext->key_len = 0;
+                               return 0;
+                       }
+               }
+       }
+       else
+               idx = pAd->StaCfg.DefaultKeyId;
+
+       encoding->flags = idx + 1;
+       memset(ext, 0, sizeof(*ext));
+
+       ext->key_len = 0;
+       switch(pAd->StaCfg.WepStatus) {
+               case Ndis802_11WEPDisabled:
+                       ext->alg = IW_ENCODE_ALG_NONE;
+                       encoding->flags |= IW_ENCODE_DISABLED;
+                       break;
+               case Ndis802_11WEPEnabled:
+                       ext->alg = IW_ENCODE_ALG_WEP;
+                       if (pAd->SharedKey[BSS0][idx].KeyLen > max_key_len)
+                               return -E2BIG;
+                       else
+                       {
+                               ext->key_len = pAd->SharedKey[BSS0][idx].KeyLen;
+                               pKey = (PCHAR)&(pAd->SharedKey[BSS0][idx].Key[0]);
+                       }
+                       break;
+               case Ndis802_11Encryption2Enabled:
+               case Ndis802_11Encryption3Enabled:
+                       if (pAd->StaCfg.WepStatus == Ndis802_11Encryption2Enabled)
+                               ext->alg = IW_ENCODE_ALG_TKIP;
+                       else
+                               ext->alg = IW_ENCODE_ALG_CCMP;
+
+                       if (max_key_len < 32)
+                               return -E2BIG;
+                       else
+                       {
+                               ext->key_len = 32;
+                               pKey = (PCHAR)&pAd->StaCfg.PMK[0];
+                       }
+                       break;
+               default:
+                       return -EINVAL;
+       }
+
+       if (ext->key_len && pKey)
+       {
+               encoding->flags |= IW_ENCODE_ENABLED;
+               memcpy(ext->key, pKey, ext->key_len);
+       }
+
+       return 0;
+}
+
+#ifdef SIOCSIWGENIE
+int rt_ioctl_siwgenie(struct net_device *dev,
+                         struct iw_request_info *info,
+                         union iwreq_data *wrqu, char *extra)
+{
+       PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       DBGPRINT(RT_DEBUG_TRACE ,("===> rt_ioctl_siwgenie\n"));
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+       pAd->StaCfg.bRSN_IE_FromWpaSupplicant = FALSE;
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+       if (wrqu->data.length > MAX_LEN_OF_RSNIE ||
+           (wrqu->data.length && extra == NULL))
+               return -EINVAL;
+
+       if (wrqu->data.length)
+       {
+               pAd->StaCfg.RSNIE_Len = wrqu->data.length;
+               NdisMoveMemory(&pAd->StaCfg.RSN_IE[0], extra, pAd->StaCfg.RSNIE_Len);
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+               pAd->StaCfg.bRSN_IE_FromWpaSupplicant = TRUE;
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+       }
+       else
+       {
+               pAd->StaCfg.RSNIE_Len = 0;
+               NdisZeroMemory(&pAd->StaCfg.RSN_IE[0], MAX_LEN_OF_RSNIE);
+       }
+
+       return 0;
+}
+#endif // SIOCSIWGENIE //
+
+int rt_ioctl_giwgenie(struct net_device *dev,
+                              struct iw_request_info *info,
+                              union iwreq_data *wrqu, char *extra)
+{
+       PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+       if ((pAd->StaCfg.RSNIE_Len == 0) ||
+               (pAd->StaCfg.AuthMode < Ndis802_11AuthModeWPA))
+       {
+               wrqu->data.length = 0;
+               return 0;
+       }
+
+#ifdef NATIVE_WPA_SUPPLICANT_SUPPORT
+#ifdef SIOCSIWGENIE
+       if (pAd->StaCfg.WpaSupplicantUP == WPA_SUPPLICANT_ENABLE)
+       {
+       if (wrqu->data.length < pAd->StaCfg.RSNIE_Len)
+               return -E2BIG;
+
+       wrqu->data.length = pAd->StaCfg.RSNIE_Len;
+       memcpy(extra, &pAd->StaCfg.RSN_IE[0], pAd->StaCfg.RSNIE_Len);
+       }
+       else
+#endif // SIOCSIWGENIE //
+#endif // NATIVE_WPA_SUPPLICANT_SUPPORT //
+       {
+               UCHAR RSNIe = IE_WPA;
+
+               if (wrqu->data.length < (pAd->StaCfg.RSNIE_Len + 2)) // ID, Len
+                       return -E2BIG;
+               wrqu->data.length = pAd->StaCfg.RSNIE_Len + 2;
+
+               if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
+            (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2))
+                       RSNIe = IE_RSN;
+
+               extra[0] = (char)RSNIe;
+               extra[1] = pAd->StaCfg.RSNIE_Len;
+               memcpy(extra+2, &pAd->StaCfg.RSN_IE[0], pAd->StaCfg.RSNIE_Len);
+       }
+
+       return 0;
+}
+
+int rt_ioctl_siwpmksa(struct net_device *dev,
+                          struct iw_request_info *info,
+                          union iwreq_data *wrqu,
+                          char *extra)
+{
+       PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+       struct iw_pmksa *pPmksa = (struct iw_pmksa *)wrqu->data.pointer;
+       INT     CachedIdx = 0, idx = 0;
+
+       if (pPmksa == NULL)
+               return -EINVAL;
+
+       DBGPRINT(RT_DEBUG_TRACE ,("===> rt_ioctl_siwpmksa\n"));
+       switch(pPmksa->cmd)
+       {
+               case IW_PMKSA_FLUSH:
+                       NdisZeroMemory(pAd->StaCfg.SavedPMK, sizeof(BSSID_INFO)*PMKID_NO);
+                       DBGPRINT(RT_DEBUG_TRACE ,("rt_ioctl_siwpmksa - IW_PMKSA_FLUSH\n"));
+                       break;
+               case IW_PMKSA_REMOVE:
+                       for (CachedIdx = 0; CachedIdx < pAd->StaCfg.SavedPMKNum; CachedIdx++)
+                       {
+                       // compare the BSSID
+                       if (NdisEqualMemory(pPmksa->bssid.sa_data, pAd->StaCfg.SavedPMK[CachedIdx].BSSID, MAC_ADDR_LEN))
+                       {
+                               NdisZeroMemory(pAd->StaCfg.SavedPMK[CachedIdx].BSSID, MAC_ADDR_LEN);
+                                       NdisZeroMemory(pAd->StaCfg.SavedPMK[CachedIdx].PMKID, 16);
+                                       for (idx = CachedIdx; idx < (pAd->StaCfg.SavedPMKNum - 1); idx++)
+                                       {
+                                               NdisMoveMemory(&pAd->StaCfg.SavedPMK[idx].BSSID[0], &pAd->StaCfg.SavedPMK[idx+1].BSSID[0], MAC_ADDR_LEN);
+                                               NdisMoveMemory(&pAd->StaCfg.SavedPMK[idx].PMKID[0], &pAd->StaCfg.SavedPMK[idx+1].PMKID[0], 16);
+                                       }
+                                       pAd->StaCfg.SavedPMKNum--;
+                               break;
+                       }
+               }
+
+                       DBGPRINT(RT_DEBUG_TRACE ,("rt_ioctl_siwpmksa - IW_PMKSA_REMOVE\n"));
+                       break;
+               case IW_PMKSA_ADD:
+                       for (CachedIdx = 0; CachedIdx < pAd->StaCfg.SavedPMKNum; CachedIdx++)
+                       {
+                       // compare the BSSID
+                       if (NdisEqualMemory(pPmksa->bssid.sa_data, pAd->StaCfg.SavedPMK[CachedIdx].BSSID, MAC_ADDR_LEN))
+                               break;
+               }
+
+               // Found, replace it
+               if (CachedIdx < PMKID_NO)
+               {
+                       DBGPRINT(RT_DEBUG_OFF, ("Update PMKID, idx = %d\n", CachedIdx));
+                       NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx].BSSID[0], pPmksa->bssid.sa_data, MAC_ADDR_LEN);
+                               NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx].PMKID[0], pPmksa->pmkid, 16);
+                       pAd->StaCfg.SavedPMKNum++;
+               }
+               // Not found, replace the last one
+               else
+               {
+                       // Randomly replace one
+                       CachedIdx = (pPmksa->bssid.sa_data[5] % PMKID_NO);
+                       DBGPRINT(RT_DEBUG_OFF, ("Update PMKID, idx = %d\n", CachedIdx));
+                       NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx].BSSID[0], pPmksa->bssid.sa_data, MAC_ADDR_LEN);
+                               NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx].PMKID[0], pPmksa->pmkid, 16);
+               }
+
+                       DBGPRINT(RT_DEBUG_TRACE ,("rt_ioctl_siwpmksa - IW_PMKSA_ADD\n"));
+                       break;
+               default:
+                       DBGPRINT(RT_DEBUG_TRACE ,("rt_ioctl_siwpmksa - Unknow Command!!\n"));
+                       break;
+       }
+
+       return 0;
+}
+#endif // #if WIRELESS_EXT > 17
+
+#ifdef DBG
+static int
+rt_private_ioctl_bbp(struct net_device *dev, struct iw_request_info *info,
+               struct iw_point *wrq, char *extra)
+                       {
+       PSTRING                         this_char;
+       PSTRING                         value = NULL;
+       UCHAR                           regBBP = 0;
+//     CHAR                            arg[255]={0};
+       UINT32                          bbpId;
+       UINT32                          bbpValue;
+       BOOLEAN                         bIsPrintAllBBP = FALSE;
+       INT                                     Status = 0;
+    PRTMP_ADAPTER       pAdapter = RTMP_OS_NETDEV_GET_PRIV(dev);
+
+
+       memset(extra, 0x00, IW_PRIV_SIZE_MASK);
+
+       if (wrq->length > 1) //No parameters.
+                               {
+               sprintf(extra, "\n");
+
+               //Parsing Read or Write
+               this_char = wrq->pointer;
+               DBGPRINT(RT_DEBUG_TRACE, ("this_char=%s\n", this_char));
+               if (!*this_char)
+                       goto next;
+
+               if ((value = rtstrchr(this_char, '=')) != NULL)
+                       *value++ = 0;
+
+               if (!value || !*value)
+               { //Read
+                       DBGPRINT(RT_DEBUG_TRACE, ("this_char=%s, value=%s\n", this_char, value));
+                       if (sscanf(this_char, "%d", &(bbpId)) == 1)
+                       {
+                               if (bbpId <= MAX_BBP_ID)
+                               {
+#ifdef RALINK_ATE
+                                       if (ATE_ON(pAdapter))
+                                       {
+                                               ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                       }
+                                       else
+#endif // RALINK_ATE //
+                                       {
+                                       RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                       }
+                                       sprintf(extra+strlen(extra), "R%02d[0x%02X]:%02X\n", bbpId, bbpId, regBBP);
+                    wrq->length = strlen(extra) + 1; // 1: size of '\0'
+                                       DBGPRINT(RT_DEBUG_TRACE, ("msg=%s\n", extra));
+                               }
+                               else
+                               {//Invalid parametes, so default printk all bbp
+                                       bIsPrintAllBBP = TRUE;
+                                       goto next;
+                               }
+                       }
+                       else
+                       { //Invalid parametes, so default printk all bbp
+                               bIsPrintAllBBP = TRUE;
+                               goto next;
+                       }
+               }
+               else
+               { //Write
+                       if ((sscanf(this_char, "%d", &(bbpId)) == 1) && (sscanf(value, "%x", &(bbpValue)) == 1))
+                       {
+                               if (bbpId <= MAX_BBP_ID)
+                               {
+#ifdef RALINK_ATE
+                                       if (ATE_ON(pAdapter))
+                                       {
+                                               ATE_BBP_IO_WRITE8_BY_REG_ID(pAdapter, bbpId, bbpValue);
+                                               /* read it back for showing */
+                                               ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                       }
+                                       else
+#endif // RALINK_ATE //
+                                       {
+                                           RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, bbpId, bbpValue);
+                                       /* read it back for showing */
+                                       RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                       }
+                                       sprintf(extra+strlen(extra), "R%02d[0x%02X]:%02X\n", bbpId, bbpId, regBBP);
+                    wrq->length = strlen(extra) + 1; // 1: size of '\0'
+                                       DBGPRINT(RT_DEBUG_TRACE, ("msg=%s\n", extra));
+                               }
+                               else
+                               {//Invalid parametes, so default printk all bbp
+                                       bIsPrintAllBBP = TRUE;
+                                       goto next;
+                               }
+                       }
+                       else
+                       { //Invalid parametes, so default printk all bbp
+                               bIsPrintAllBBP = TRUE;
+                               goto next;
+                       }
+               }
+               }
+       else
+               bIsPrintAllBBP = TRUE;
+
+next:
+       if (bIsPrintAllBBP)
+       {
+               memset(extra, 0x00, IW_PRIV_SIZE_MASK);
+               sprintf(extra, "\n");
+               for (bbpId = 0; bbpId <= MAX_BBP_ID; bbpId++)
+               {
+                   if (strlen(extra) >= (IW_PRIV_SIZE_MASK - 20))
+                break;
+#ifdef RALINK_ATE
+                       if (ATE_ON(pAdapter))
+                       {
+                               ATE_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                       }
+                       else
+#endif // RALINK_ATE //
+                       RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                       sprintf(extra+strlen(extra), "R%02d[0x%02X]:%02X    ", bbpId, bbpId, regBBP);
+                       if (bbpId%5 == 4)
+                       sprintf(extra+strlen(extra), "%03d = %02X\n", bbpId, regBBP);  // edit by johnli, change display format
+               }
+
+        wrq->length = strlen(extra) + 1; // 1: size of '\0'
+        DBGPRINT(RT_DEBUG_TRACE, ("wrq->length = %d\n", wrq->length));
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==rt_private_ioctl_bbp\n\n"));
+
+    return Status;
+}
+#endif // DBG //
+
+int rt_ioctl_siwrate(struct net_device *dev,
+                       struct iw_request_info *info,
+                       union iwreq_data *wrqu, char *extra)
+{
+    PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+    UINT32          rate = wrqu->bitrate.value, fixed = wrqu->bitrate.fixed;
+
+    //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("rt_ioctl_siwrate::Network is down!\n"));
+       return -ENETDOWN;
+       }
+
+    DBGPRINT(RT_DEBUG_TRACE, ("rt_ioctl_siwrate::(rate = %d, fixed = %d)\n", rate, fixed));
+    /* rate = -1 => auto rate
+       rate = X, fixed = 1 => (fixed rate X)
+    */
+    if (rate == -1)
+    {
+        //Auto Rate
+        pAd->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+               pAd->StaCfg.bAutoTxRateSwitch = TRUE;
+               if ((pAd->CommonCfg.PhyMode <= PHY_11G) ||
+                   (pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE <= MODE_OFDM))
+            RTMPSetDesiredRates(pAd, -1);
+
+#ifdef DOT11_N_SUPPORT
+            SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+    }
+    else
+    {
+        if (fixed)
+        {
+               pAd->StaCfg.bAutoTxRateSwitch = FALSE;
+            if ((pAd->CommonCfg.PhyMode <= PHY_11G) ||
+                (pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE <= MODE_OFDM))
+                RTMPSetDesiredRates(pAd, rate);
+            else
+            {
+                pAd->StaCfg.DesiredTransmitSetting.field.MCS = MCS_AUTO;
+#ifdef DOT11_N_SUPPORT
+                SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("rt_ioctl_siwrate::(HtMcs=%d)\n",pAd->StaCfg.DesiredTransmitSetting.field.MCS));
+        }
+        else
+        {
+            // TODO: rate = X, fixed = 0 => (rates <= X)
+            return -EOPNOTSUPP;
+        }
+    }
+
+    return 0;
+}
+
+int rt_ioctl_giwrate(struct net_device *dev,
+                              struct iw_request_info *info,
+                              union iwreq_data *wrqu, char *extra)
+{
+    PRTMP_ADAPTER   pAd = RTMP_OS_NETDEV_GET_PRIV(dev);
+    int rate_index = 0, rate_count = 0;
+    HTTRANSMIT_SETTING ht_setting;
+/* Remove to global variable
+    __s32 ralinkrate[] =
+       {2,  4,   11,  22, // CCK
+       12, 18,   24,  36, 48, 72, 96, 108, // OFDM
+       13, 26,   39,  52,  78, 104, 117, 130, 26,  52,  78, 104, 156, 208, 234, 260, // 20MHz, 800ns GI, MCS: 0 ~ 15
+       39, 78,  117, 156, 234, 312, 351, 390,                                                                            // 20MHz, 800ns GI, MCS: 16 ~ 23
+       27, 54,   81, 108, 162, 216, 243, 270, 54, 108, 162, 216, 324, 432, 486, 540, // 40MHz, 800ns GI, MCS: 0 ~ 15
+       81, 162, 243, 324, 486, 648, 729, 810,                                                                            // 40MHz, 800ns GI, MCS: 16 ~ 23
+       14, 29,   43,  57,  87, 115, 130, 144, 29, 59,   87, 115, 173, 230, 260, 288, // 20MHz, 400ns GI, MCS: 0 ~ 15
+       43, 87,  130, 173, 260, 317, 390, 433,                                                                            // 20MHz, 400ns GI, MCS: 16 ~ 23
+       30, 60,   90, 120, 180, 240, 270, 300, 60, 120, 180, 240, 360, 480, 540, 600, // 40MHz, 400ns GI, MCS: 0 ~ 15
+       90, 180, 270, 360, 540, 720, 810, 900};                                                                           // 40MHz, 400ns GI, MCS: 16 ~ 23
+*/
+
+    rate_count = sizeof(ralinkrate)/sizeof(__s32);
+    //check if the interface is down
+       if(!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+       return -ENETDOWN;
+       }
+
+    if ((pAd->StaCfg.bAutoTxRateSwitch == FALSE) &&
+        (INFRA_ON(pAd)) &&
+        ((pAd->CommonCfg.PhyMode <= PHY_11G) || (pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE <= MODE_OFDM)))
+        ht_setting.word = pAd->StaCfg.HTPhyMode.word;
+    else
+        ht_setting.word = pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word;
+
+#ifdef DOT11_N_SUPPORT
+    if (ht_setting.field.MODE >= MODE_HTMIX)
+    {
+//     rate_index = 12 + ((UCHAR)ht_setting.field.BW *16) + ((UCHAR)ht_setting.field.ShortGI *32) + ((UCHAR)ht_setting.field.MCS);
+       rate_index = 12 + ((UCHAR)ht_setting.field.BW *24) + ((UCHAR)ht_setting.field.ShortGI *48) + ((UCHAR)ht_setting.field.MCS);
+    }
+    else
+#endif // DOT11_N_SUPPORT //
+    if (ht_setting.field.MODE == MODE_OFDM)
+       rate_index = (UCHAR)(ht_setting.field.MCS) + 4;
+    else if (ht_setting.field.MODE == MODE_CCK)
+       rate_index = (UCHAR)(ht_setting.field.MCS);
+
+    if (rate_index < 0)
+        rate_index = 0;
+
+    if (rate_index > rate_count)
+        rate_index = rate_count;
+
+    wrqu->bitrate.value = ralinkrate[rate_index] * 500000;
+    wrqu->bitrate.disabled = 0;
+
+    return 0;
+}
+
+static const iw_handler rt_handler[] =
+{
+       (iw_handler) NULL,                                  /* SIOCSIWCOMMIT */
+       (iw_handler) rt_ioctl_giwname,                  /* SIOCGIWNAME   */
+       (iw_handler) NULL,                                  /* SIOCSIWNWID   */
+       (iw_handler) NULL,                                  /* SIOCGIWNWID   */
+       (iw_handler) rt_ioctl_siwfreq,              /* SIOCSIWFREQ   */
+       (iw_handler) rt_ioctl_giwfreq,              /* SIOCGIWFREQ   */
+       (iw_handler) rt_ioctl_siwmode,              /* SIOCSIWMODE   */
+       (iw_handler) rt_ioctl_giwmode,              /* SIOCGIWMODE   */
+       (iw_handler) NULL,                              /* SIOCSIWSENS   */
+       (iw_handler) NULL,                              /* SIOCGIWSENS   */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWRANGE  */
+       (iw_handler) rt_ioctl_giwrange,             /* SIOCGIWRANGE  */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWPRIV   */
+       (iw_handler) NULL /* kernel code */,    /* SIOCGIWPRIV   */
+       (iw_handler) NULL /* not used */,               /* SIOCSIWSTATS  */
+       (iw_handler) rt28xx_get_wireless_stats /* kernel code */,    /* SIOCGIWSTATS  */
+       (iw_handler) NULL,                              /* SIOCSIWSPY    */
+       (iw_handler) NULL,                              /* SIOCGIWSPY    */
+       (iw_handler) NULL,                                      /* SIOCSIWTHRSPY */
+       (iw_handler) NULL,                                      /* SIOCGIWTHRSPY */
+       (iw_handler) rt_ioctl_siwap,            /* SIOCSIWAP     */
+       (iw_handler) rt_ioctl_giwap,                /* SIOCGIWAP     */
+#ifdef SIOCSIWMLME
+       (iw_handler) rt_ioctl_siwmlme,          /* SIOCSIWMLME   */
+#else
+       (iw_handler) NULL,                                      /* SIOCSIWMLME */
+#endif // SIOCSIWMLME //
+       (iw_handler) rt_ioctl_iwaplist,             /* SIOCGIWAPLIST */
+#ifdef SIOCGIWSCAN
+       (iw_handler) rt_ioctl_siwscan,              /* SIOCSIWSCAN   */
+       (iw_handler) rt_ioctl_giwscan,              /* SIOCGIWSCAN   */
+#else
+       (iw_handler) NULL,                                      /* SIOCSIWSCAN   */
+       (iw_handler) NULL,                                      /* SIOCGIWSCAN   */
+#endif /* SIOCGIWSCAN */
+       (iw_handler) rt_ioctl_siwessid,             /* SIOCSIWESSID  */
+       (iw_handler) rt_ioctl_giwessid,             /* SIOCGIWESSID  */
+       (iw_handler) rt_ioctl_siwnickn,             /* SIOCSIWNICKN  */
+       (iw_handler) rt_ioctl_giwnickn,             /* SIOCGIWNICKN  */
+       (iw_handler) NULL,                                      /* -- hole --    */
+       (iw_handler) NULL,                                      /* -- hole --    */
+       (iw_handler) rt_ioctl_siwrate,          /* SIOCSIWRATE   */
+       (iw_handler) rt_ioctl_giwrate,          /* SIOCGIWRATE   */
+       (iw_handler) rt_ioctl_siwrts,               /* SIOCSIWRTS    */
+       (iw_handler) rt_ioctl_giwrts,               /* SIOCGIWRTS    */
+       (iw_handler) rt_ioctl_siwfrag,              /* SIOCSIWFRAG   */
+       (iw_handler) rt_ioctl_giwfrag,              /* SIOCGIWFRAG   */
+       (iw_handler) NULL,                              /* SIOCSIWTXPOW  */
+       (iw_handler) NULL,                              /* SIOCGIWTXPOW  */
+       (iw_handler) NULL,                              /* SIOCSIWRETRY  */
+       (iw_handler) NULL,                              /* SIOCGIWRETRY  */
+       (iw_handler) rt_ioctl_siwencode,                /* SIOCSIWENCODE */
+       (iw_handler) rt_ioctl_giwencode,                /* SIOCGIWENCODE */
+       (iw_handler) NULL,                              /* SIOCSIWPOWER  */
+       (iw_handler) NULL,                              /* SIOCGIWPOWER  */
+       (iw_handler) NULL,                                              /* -- hole -- */
+       (iw_handler) NULL,                                              /* -- hole -- */
+#if WIRELESS_EXT > 17
+    (iw_handler) rt_ioctl_siwgenie,         /* SIOCSIWGENIE  */
+       (iw_handler) rt_ioctl_giwgenie,         /* SIOCGIWGENIE  */
+       (iw_handler) rt_ioctl_siwauth,              /* SIOCSIWAUTH   */
+       (iw_handler) rt_ioctl_giwauth,              /* SIOCGIWAUTH   */
+       (iw_handler) rt_ioctl_siwencodeext,         /* SIOCSIWENCODEEXT */
+       (iw_handler) rt_ioctl_giwencodeext,             /* SIOCGIWENCODEEXT */
+       (iw_handler) rt_ioctl_siwpmksa,         /* SIOCSIWPMKSA  */
+#endif
+};
+
+static const iw_handler rt_priv_handlers[] = {
+       (iw_handler) NULL, /* + 0x00 */
+       (iw_handler) NULL, /* + 0x01 */
+       (iw_handler) rt_ioctl_setparam, /* + 0x02 */
+#ifdef DBG
+       (iw_handler) rt_private_ioctl_bbp, /* + 0x03 */
+#else
+       (iw_handler) NULL, /* + 0x03 */
+#endif
+       (iw_handler) NULL, /* + 0x04 */
+       (iw_handler) NULL, /* + 0x05 */
+       (iw_handler) NULL, /* + 0x06 */
+       (iw_handler) NULL, /* + 0x07 */
+       (iw_handler) NULL, /* + 0x08 */
+       (iw_handler) rt_private_get_statistics, /* + 0x09 */
+       (iw_handler) NULL, /* + 0x0A */
+       (iw_handler) NULL, /* + 0x0B */
+       (iw_handler) NULL, /* + 0x0C */
+       (iw_handler) NULL, /* + 0x0D */
+       (iw_handler) NULL, /* + 0x0E */
+       (iw_handler) NULL, /* + 0x0F */
+       (iw_handler) NULL, /* + 0x10 */
+       (iw_handler) rt_private_show, /* + 0x11 */
+    (iw_handler) NULL, /* + 0x12 */
+       (iw_handler) NULL, /* + 0x13 */
+    (iw_handler) NULL, /* + 0x14 */
+       (iw_handler) NULL, /* + 0x15 */
+    (iw_handler) NULL, /* + 0x16 */
+       (iw_handler) NULL, /* + 0x17 */
+       (iw_handler) NULL, /* + 0x18 */
+};
+
+const struct iw_handler_def rt28xx_iw_handler_def =
+{
+#define        N(a)    (sizeof (a) / sizeof (a[0]))
+       .standard       = (iw_handler *) rt_handler,
+       .num_standard   = sizeof(rt_handler) / sizeof(iw_handler),
+       .private        = (iw_handler *) rt_priv_handlers,
+       .num_private            = N(rt_priv_handlers),
+       .private_args   = (struct iw_priv_args *) privtab,
+       .num_private_args       = N(privtab),
+#if IW_HANDLER_VERSION >= 7
+    .get_wireless_stats = rt28xx_get_wireless_stats,
+#endif
+};
+
+INT RTMPSetInformation(
+    IN  PRTMP_ADAPTER pAd,
+    IN  OUT struct ifreq    *rq,
+    IN  INT                 cmd)
+{
+    struct iwreq                        *wrq = (struct iwreq *) rq;
+    NDIS_802_11_SSID                    Ssid;
+    NDIS_802_11_MAC_ADDRESS             Bssid;
+    RT_802_11_PHY_MODE                  PhyMode;
+    RT_802_11_STA_CONFIG                StaConfig;
+    NDIS_802_11_RATES                   aryRates;
+    RT_802_11_PREAMBLE                  Preamble;
+    NDIS_802_11_WEP_STATUS              WepStatus;
+    NDIS_802_11_AUTHENTICATION_MODE     AuthMode = Ndis802_11AuthModeMax;
+    NDIS_802_11_NETWORK_INFRASTRUCTURE  BssType;
+    NDIS_802_11_RTS_THRESHOLD           RtsThresh;
+    NDIS_802_11_FRAGMENTATION_THRESHOLD FragThresh;
+    NDIS_802_11_POWER_MODE              PowerMode;
+    PNDIS_802_11_KEY                    pKey = NULL;
+    PNDIS_802_11_WEP                           pWepKey =NULL;
+    PNDIS_802_11_REMOVE_KEY             pRemoveKey = NULL;
+    NDIS_802_11_CONFIGURATION           Config, *pConfig = NULL;
+    NDIS_802_11_NETWORK_TYPE            NetType;
+    ULONG                               Now;
+    UINT                                KeyIdx = 0;
+    INT                                 Status = NDIS_STATUS_SUCCESS, MaxPhyMode = PHY_11G;
+    ULONG                               PowerTemp;
+    BOOLEAN                             RadioState;
+    BOOLEAN                             StateMachineTouched = FALSE;
+     PNDIS_802_11_PASSPHRASE                    ppassphrase = NULL;
+#ifdef DOT11_N_SUPPORT
+       OID_SET_HT_PHYMODE                                      HT_PhyMode;     //11n ,kathy
+#endif // DOT11_N_SUPPORT //
+#ifdef WPA_SUPPLICANT_SUPPORT
+    PNDIS_802_11_PMKID                  pPmkId = NULL;
+    BOOLEAN                                            IEEE8021xState = FALSE;
+    BOOLEAN                                            IEEE8021x_required_keys = FALSE;
+    UCHAR                               wpa_supplicant_enable = 0;
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef SNMP_SUPPORT
+       TX_RTY_CFG_STRUC                        tx_rty_cfg;
+       ULONG                                           ShortRetryLimit, LongRetryLimit;
+       UCHAR                                           ctmp;
+#endif // SNMP_SUPPORT //
+
+
+
+
+#ifdef DOT11_N_SUPPORT
+       MaxPhyMode = PHY_11N_5G;
+#endif // DOT11_N_SUPPORT //
+
+       DBGPRINT(RT_DEBUG_TRACE, ("-->RTMPSetInformation(),     0x%08x\n", cmd&0x7FFF));
+       switch(cmd & 0x7FFF) {
+               case RT_OID_802_11_COUNTRY_REGION:
+                       if (wrq->u.data.length < sizeof(UCHAR))
+                               Status = -EINVAL;
+                       // Only avaliable when EEPROM not programming
+            else if (!(pAd->CommonCfg.CountryRegion & 0x80) && !(pAd->CommonCfg.CountryRegionForABand & 0x80))
+                       {
+                               ULONG   Country;
+                               UCHAR   TmpPhy;
+
+                               Status = copy_from_user(&Country, wrq->u.data.pointer, wrq->u.data.length);
+                               pAd->CommonCfg.CountryRegion = (UCHAR)(Country & 0x000000FF);
+                               pAd->CommonCfg.CountryRegionForABand = (UCHAR)((Country >> 8) & 0x000000FF);
+                TmpPhy = pAd->CommonCfg.PhyMode;
+                               pAd->CommonCfg.PhyMode = 0xff;
+                               // Build all corresponding channel information
+                               RTMPSetPhyMode(pAd, TmpPhy);
+#ifdef DOT11_N_SUPPORT
+                               SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_COUNTRY_REGION (A:%d  B/G:%d)\n", pAd->CommonCfg.CountryRegionForABand,
+                                   pAd->CommonCfg.CountryRegion));
+            }
+            break;
+        case OID_802_11_BSSID_LIST_SCAN:
+            Now = jiffies;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_BSSID_LIST_SCAN, TxCnt = %d \n", pAd->RalinkCounters.LastOneSecTotalTxCount));
+
+            if (MONITOR_ON(pAd))
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("!!! Driver is in Monitor Mode now !!!\n"));
+                break;
+            }
+
+                       //Benson add 20080527, when radio off, sta don't need to scan
+                       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_RADIO_OFF))
+                               break;
+
+                       if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+                       {
+                DBGPRINT(RT_DEBUG_TRACE, ("!!! Driver is scanning now !!!\n"));
+                               pAd->StaCfg.bScanReqIsFromWebUI = TRUE;
+                               Status = NDIS_STATUS_SUCCESS;
+                break;
+            }
+
+                       if (pAd->RalinkCounters.LastOneSecTotalTxCount > 100)
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("!!! Link UP, ignore this set::OID_802_11_BSSID_LIST_SCAN\n"));
+                               Status = NDIS_STATUS_SUCCESS;
+                               pAd->StaCfg.ScanCnt = 99;               // Prevent auto scan triggered by this OID
+                               break;
+            }
+
+            if ((OPSTATUS_TEST_FLAG(pAd, fOP_STATUS_MEDIA_STATE_CONNECTED)) &&
+                               ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA) ||
+                               (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                               (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2) ||
+                               (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK)) &&
+                (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_NOT_SECURED))
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("!!! Link UP, Port Not Secured! ignore this set::OID_802_11_BSSID_LIST_SCAN\n"));
+                               Status = NDIS_STATUS_SUCCESS;
+                               pAd->StaCfg.ScanCnt = 99;               // Prevent auto scan triggered by this OID
+                               break;
+            }
+
+
+            if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+            {
+                RTMP_MLME_RESET_STATE_MACHINE(pAd);
+                DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+            }
+
+            // tell CNTL state machine to call NdisMSetInformationComplete() after completing
+            // this request, because this request is initiated by NDIS.
+            pAd->MlmeAux.CurrReqIsFromNdis = FALSE;
+            // Reset allowed scan retries
+            pAd->StaCfg.ScanCnt = 0;
+            pAd->StaCfg.LastScanTime = Now;
+
+                       pAd->StaCfg.bScanReqIsFromWebUI = TRUE;
+            RTMP_SET_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS);
+            MlmeEnqueue(pAd,
+                        MLME_CNTL_STATE_MACHINE,
+                        OID_802_11_BSSID_LIST_SCAN,
+                        0,
+                        NULL);
+
+            Status = NDIS_STATUS_SUCCESS;
+            StateMachineTouched = TRUE;
+            break;
+        case OID_802_11_SSID:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_SSID))
+                Status = -EINVAL;
+            else
+            {
+               PSTRING pSsidString = NULL;
+                Status = copy_from_user(&Ssid, wrq->u.data.pointer, wrq->u.data.length);
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SSID (Len=%d,Ssid=%s)\n", Ssid.SsidLength, Ssid.Ssid));
+                if (Ssid.SsidLength > MAX_LEN_OF_SSID)
+                    Status = -EINVAL;
+                else
+                {
+                       if (Ssid.SsidLength == 0)
+                               {
+                               Set_SSID_Proc(pAd, "");
+                               }
+                                       else
+                    {
+                               pSsidString = (PSTRING)kmalloc(MAX_LEN_OF_SSID+1, MEM_ALLOC_FLAG);
+                                               if (pSsidString)
+                                               {
+                                                       NdisZeroMemory(pSsidString, MAX_LEN_OF_SSID+1);
+                                                       NdisMoveMemory(pSsidString, Ssid.Ssid, Ssid.SsidLength);
+                                                       Set_SSID_Proc(pAd, pSsidString);
+                                                       kfree(pSsidString);
+                                               }
+                                               else
+                                                       Status = -ENOMEM;
+                    }
+                }
+            }
+            break;
+               case OID_802_11_SET_PASSPHRASE:
+           ppassphrase= kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+
+           if(ppassphrase== NULL)
+            {
+               Status = -ENOMEM;
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SET_PASSPHRASE, Failed!!\n"));
+               break;
+            }
+                       else
+               {
+               Status = copy_from_user(ppassphrase, wrq->u.data.pointer, wrq->u.data.length);
+
+                               if (Status)
+               {
+                       Status  = -EINVAL;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SET_PASSPHRASE, Failed (length mismatch)!!\n"));
+                       }
+                       else
+                       {
+                                       if(ppassphrase->KeyLength < 8 || ppassphrase->KeyLength > 64)
+                                       {
+                                               Status  = -EINVAL;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SET_PASSPHRASE, Failed (len less than 8 or greater than 64)!!\n"));
+                                       }
+                                       else
+                                       {
+                                               // set key passphrase and length
+                                               NdisZeroMemory(pAd->StaCfg.WpaPassPhrase, 64);
+                                       NdisMoveMemory(pAd->StaCfg.WpaPassPhrase, &ppassphrase->KeyMaterial, ppassphrase->KeyLength);
+                                               pAd->StaCfg.WpaPassPhraseLen = ppassphrase->KeyLength;
+                                               hex_dump("pAd->StaCfg.WpaPassPhrase", pAd->StaCfg.WpaPassPhrase, 64);
+                                               printk("WpaPassPhrase=%s\n",pAd->StaCfg.WpaPassPhrase);
+                                       }
+                }
+            }
+               kfree(ppassphrase);
+                       break;
+
+        case OID_802_11_BSSID:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_MAC_ADDRESS))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&Bssid, wrq->u.data.pointer, wrq->u.data.length);
+
+                // tell CNTL state machine to call NdisMSetInformationComplete() after completing
+                // this request, because this request is initiated by NDIS.
+                pAd->MlmeAux.CurrReqIsFromNdis = FALSE;
+
+                               // Prevent to connect AP again in STAMlmePeriodicExec
+                               pAd->MlmeAux.AutoReconnectSsidLen= 32;
+
+                // Reset allowed scan retries
+                               pAd->StaCfg.ScanCnt = 0;
+
+                if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+                {
+                    RTMP_MLME_RESET_STATE_MACHINE(pAd);
+                    DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+                }
+                MlmeEnqueue(pAd,
+                            MLME_CNTL_STATE_MACHINE,
+                            OID_802_11_BSSID,
+                            sizeof(NDIS_802_11_MAC_ADDRESS),
+                            (VOID *)&Bssid);
+                Status = NDIS_STATUS_SUCCESS;
+                StateMachineTouched = TRUE;
+
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_BSSID %02x:%02x:%02x:%02x:%02x:%02x\n",
+                                        Bssid[0], Bssid[1], Bssid[2], Bssid[3], Bssid[4], Bssid[5]));
+            }
+            break;
+        case RT_OID_802_11_RADIO:
+            if (wrq->u.data.length != sizeof(BOOLEAN))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&RadioState, wrq->u.data.pointer, wrq->u.data.length);
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_RADIO (=%d)\n", RadioState));
+                if (pAd->StaCfg.bSwRadio != RadioState)
+                {
+                    pAd->StaCfg.bSwRadio = RadioState;
+                    if (pAd->StaCfg.bRadio != (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio))
+                    {
+                        pAd->StaCfg.bRadio = (pAd->StaCfg.bHwRadio && pAd->StaCfg.bSwRadio);
+                        if (pAd->StaCfg.bRadio == TRUE)
+                        {
+                            MlmeRadioOn(pAd);
+                            // Update extra information
+                                                       pAd->ExtraInfo = EXTRA_INFO_CLEAR;
+                        }
+                        else
+                        {
+                               if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+                                           {
+                                               if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+                                                       {
+                                                           RTMP_MLME_RESET_STATE_MACHINE(pAd);
+                                                           DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+                                                       }
+                                           }
+
+                            MlmeRadioOff(pAd);
+                            // Update extra information
+                                                       pAd->ExtraInfo = SW_RADIO_OFF;
+                        }
+                    }
+                }
+            }
+            break;
+        case RT_OID_802_11_PHY_MODE:
+            if (wrq->u.data.length != sizeof(RT_802_11_PHY_MODE))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&PhyMode, wrq->u.data.pointer, wrq->u.data.length);
+                               if (PhyMode <= MaxPhyMode)
+                               {
+                RTMPSetPhyMode(pAd, PhyMode);
+#ifdef DOT11_N_SUPPORT
+                               SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+                               }
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_PHY_MODE (=%d)\n", PhyMode));
+            }
+            break;
+        case RT_OID_802_11_STA_CONFIG:
+            if (wrq->u.data.length != sizeof(RT_802_11_STA_CONFIG))
+                Status  = -EINVAL;
+            else
+            {
+               UINT32  Value;
+
+                Status = copy_from_user(&StaConfig, wrq->u.data.pointer, wrq->u.data.length);
+                pAd->CommonCfg.bEnableTxBurst = StaConfig.EnableTxBurst;
+                pAd->CommonCfg.UseBGProtection = StaConfig.UseBGProtection;
+                pAd->CommonCfg.bUseShortSlotTime = 1; // 2003-10-30 always SHORT SLOT capable
+                if ((pAd->CommonCfg.PhyMode != StaConfig.AdhocMode) &&
+                                       (StaConfig.AdhocMode <= MaxPhyMode))
+                {
+                    // allow dynamic change of "USE OFDM rate or not" in ADHOC mode
+                    // if setting changed, need to reset current TX rate as well as BEACON frame format
+                    if (pAd->StaCfg.BssType == BSS_ADHOC)
+                    {
+                       pAd->CommonCfg.PhyMode = StaConfig.AdhocMode;
+                       RTMPSetPhyMode(pAd, PhyMode);
+                        MlmeUpdateTxRates(pAd, FALSE, 0);
+                        MakeIbssBeacon(pAd);           // re-build BEACON frame
+                        AsicEnableIbssSync(pAd);   // copy to on-chip memory
+                    }
+                }
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_SET_STA_CONFIG (Burst=%d, Protection=%ld,ShortSlot=%d\n",
+                                        pAd->CommonCfg.bEnableTxBurst,
+                                        pAd->CommonCfg.UseBGProtection,
+                                        pAd->CommonCfg.bUseShortSlotTime));
+
+                               if (pAd->CommonCfg.PSPXlink)
+                                       Value = PSPXLINK;
+                               else
+                                       Value = STANORMAL;
+                               RTMP_IO_WRITE32(pAd, RX_FILTR_CFG, Value);
+                               Value = 0;
+                               RTMP_IO_READ32(pAd, MAC_SYS_CTRL, &Value);
+                               Value &= (~0x80);
+                               RTMP_IO_WRITE32(pAd, MAC_SYS_CTRL, Value);
+            }
+            break;
+        case OID_802_11_DESIRED_RATES:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_RATES))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&aryRates, wrq->u.data.pointer, wrq->u.data.length);
+                NdisZeroMemory(pAd->CommonCfg.DesireRate, MAX_LEN_OF_SUPPORTED_RATES);
+                NdisMoveMemory(pAd->CommonCfg.DesireRate, &aryRates, sizeof(NDIS_802_11_RATES));
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_DESIRED_RATES (%02x,%02x,%02x,%02x,%02x,%02x,%02x,%02x)\n",
+                    pAd->CommonCfg.DesireRate[0],pAd->CommonCfg.DesireRate[1],
+                    pAd->CommonCfg.DesireRate[2],pAd->CommonCfg.DesireRate[3],
+                    pAd->CommonCfg.DesireRate[4],pAd->CommonCfg.DesireRate[5],
+                    pAd->CommonCfg.DesireRate[6],pAd->CommonCfg.DesireRate[7] ));
+                // Changing DesiredRate may affect the MAX TX rate we used to TX frames out
+                MlmeUpdateTxRates(pAd, FALSE, 0);
+            }
+            break;
+        case RT_OID_802_11_PREAMBLE:
+            if (wrq->u.data.length != sizeof(RT_802_11_PREAMBLE))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&Preamble, wrq->u.data.pointer, wrq->u.data.length);
+                if (Preamble == Rt802_11PreambleShort)
+                {
+                    pAd->CommonCfg.TxPreamble = Preamble;
+                    MlmeSetTxPreamble(pAd, Rt802_11PreambleShort);
+                }
+                else if ((Preamble == Rt802_11PreambleLong) || (Preamble == Rt802_11PreambleAuto))
+                {
+                    // if user wants AUTO, initialize to LONG here, then change according to AP's
+                    // capability upon association.
+                    pAd->CommonCfg.TxPreamble = Preamble;
+                    MlmeSetTxPreamble(pAd, Rt802_11PreambleLong);
+                }
+                else
+                {
+                    Status = -EINVAL;
+                    break;
+                }
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_PREAMBLE (=%d)\n", Preamble));
+            }
+            break;
+        case OID_802_11_WEP_STATUS:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_WEP_STATUS))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&WepStatus, wrq->u.data.pointer, wrq->u.data.length);
+                // Since TKIP, AES, WEP are all supported. It should not have any invalid setting
+                if (WepStatus <= Ndis802_11Encryption3KeyAbsent)
+                {
+                    if (pAd->StaCfg.WepStatus != WepStatus)
+                    {
+                        // Config has changed
+                        pAd->bConfigChanged = TRUE;
+                    }
+                    pAd->StaCfg.WepStatus     = WepStatus;
+                    pAd->StaCfg.OrigWepStatus = WepStatus;
+                    pAd->StaCfg.PairCipher    = WepStatus;
+                       pAd->StaCfg.GroupCipher   = WepStatus;
+                }
+                else
+                {
+                    Status  = -EINVAL;
+                    break;
+                }
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_WEP_STATUS (=%d)\n",WepStatus));
+            }
+            break;
+        case OID_802_11_AUTHENTICATION_MODE:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_AUTHENTICATION_MODE))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&AuthMode, wrq->u.data.pointer, wrq->u.data.length);
+                if (AuthMode > Ndis802_11AuthModeMax)
+                {
+                    Status  = -EINVAL;
+                    break;
+                }
+                else
+                {
+                    if (pAd->StaCfg.AuthMode != AuthMode)
+                    {
+                        // Config has changed
+                        pAd->bConfigChanged = TRUE;
+                    }
+                    pAd->StaCfg.AuthMode = AuthMode;
+                }
+                pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_AUTHENTICATION_MODE (=%d) \n",pAd->StaCfg.AuthMode));
+            }
+            break;
+        case OID_802_11_INFRASTRUCTURE_MODE:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_NETWORK_INFRASTRUCTURE))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&BssType, wrq->u.data.pointer, wrq->u.data.length);
+
+                               if (BssType == Ndis802_11IBSS)
+                                       Set_NetworkType_Proc(pAd, "Adhoc");
+                               else if (BssType == Ndis802_11Infrastructure)
+                                       Set_NetworkType_Proc(pAd, "Infra");
+                else if (BssType == Ndis802_11Monitor)
+                                       Set_NetworkType_Proc(pAd, "Monitor");
+                else
+                {
+                    Status  = -EINVAL;
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_INFRASTRUCTURE_MODE (unknown)\n"));
+                }
+            }
+            break;
+        case OID_802_11_REMOVE_WEP:
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_WEP\n"));
+            if (wrq->u.data.length != sizeof(NDIS_802_11_KEY_INDEX))
+            {
+                               Status = -EINVAL;
+            }
+            else
+            {
+               KeyIdx = *(NDIS_802_11_KEY_INDEX *) wrq->u.data.pointer;
+
+               if (KeyIdx & 0x80000000)
+               {
+                       // Should never set default bit when remove key
+                       Status = -EINVAL;
+               }
+               else
+               {
+                       KeyIdx = KeyIdx & 0x0fffffff;
+                       if (KeyIdx >= 4){
+                               Status = -EINVAL;
+                       }
+                       else
+                       {
+                                               pAd->SharedKey[BSS0][KeyIdx].KeyLen = 0;
+                                               pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CIPHER_NONE;
+                                               AsicRemoveSharedKeyEntry(pAd, 0, (UCHAR)KeyIdx);
+                       }
+               }
+            }
+            break;
+        case RT_OID_802_11_RESET_COUNTERS:
+            NdisZeroMemory(&pAd->WlanCounters, sizeof(COUNTER_802_11));
+            NdisZeroMemory(&pAd->Counters8023, sizeof(COUNTER_802_3));
+            NdisZeroMemory(&pAd->RalinkCounters, sizeof(COUNTER_RALINK));
+            pAd->Counters8023.RxNoBuffer   = 0;
+                       pAd->Counters8023.GoodReceives = 0;
+                       pAd->Counters8023.RxNoBuffer   = 0;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_RESET_COUNTERS \n"));
+            break;
+        case OID_802_11_RTS_THRESHOLD:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_RTS_THRESHOLD))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&RtsThresh, wrq->u.data.pointer, wrq->u.data.length);
+                if (RtsThresh > MAX_RTS_THRESHOLD)
+                    Status  = -EINVAL;
+                else
+                    pAd->CommonCfg.RtsThreshold = (USHORT)RtsThresh;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_RTS_THRESHOLD (=%ld)\n",RtsThresh));
+            break;
+        case OID_802_11_FRAGMENTATION_THRESHOLD:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_FRAGMENTATION_THRESHOLD))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&FragThresh, wrq->u.data.pointer, wrq->u.data.length);
+                pAd->CommonCfg.bUseZeroToDisableFragment = FALSE;
+                if (FragThresh > MAX_FRAG_THRESHOLD || FragThresh < MIN_FRAG_THRESHOLD)
+                {
+                    if (FragThresh == 0)
+                    {
+                        pAd->CommonCfg.FragmentThreshold = MAX_FRAG_THRESHOLD;
+                        pAd->CommonCfg.bUseZeroToDisableFragment = TRUE;
+                    }
+                    else
+                        Status  = -EINVAL;
+                }
+                else
+                    pAd->CommonCfg.FragmentThreshold = (USHORT)FragThresh;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_FRAGMENTATION_THRESHOLD (=%ld) \n",FragThresh));
+            break;
+        case OID_802_11_POWER_MODE:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_POWER_MODE))
+                Status = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&PowerMode, wrq->u.data.pointer, wrq->u.data.length);
+                if (PowerMode == Ndis802_11PowerModeCAM)
+                       Set_PSMode_Proc(pAd, "CAM");
+                else if (PowerMode == Ndis802_11PowerModeMAX_PSP)
+                       Set_PSMode_Proc(pAd, "Max_PSP");
+                else if (PowerMode == Ndis802_11PowerModeFast_PSP)
+                                       Set_PSMode_Proc(pAd, "Fast_PSP");
+                else if (PowerMode == Ndis802_11PowerModeLegacy_PSP)
+                                       Set_PSMode_Proc(pAd, "Legacy_PSP");
+                else
+                    Status = -EINVAL;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_POWER_MODE (=%d)\n",PowerMode));
+            break;
+         case RT_OID_802_11_TX_POWER_LEVEL_1:
+                       if (wrq->u.data.length  < sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&PowerTemp, wrq->u.data.pointer, wrq->u.data.length);
+                               if (PowerTemp > 100)
+                                       PowerTemp = 0xffffffff;  // AUTO
+                               pAd->CommonCfg.TxPowerDefault = PowerTemp; //keep current setting.
+                               pAd->CommonCfg.TxPowerPercentage = pAd->CommonCfg.TxPowerDefault;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_TX_POWER_LEVEL_1 (=%ld)\n", pAd->CommonCfg.TxPowerPercentage));
+                       }
+               break;
+               case OID_802_11_NETWORK_TYPE_IN_USE:
+                       if (wrq->u.data.length != sizeof(NDIS_802_11_NETWORK_TYPE))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&NetType, wrq->u.data.pointer, wrq->u.data.length);
+
+                               if (NetType == Ndis802_11DS)
+                                       RTMPSetPhyMode(pAd, PHY_11B);
+                               else if (NetType == Ndis802_11OFDM24)
+                                       RTMPSetPhyMode(pAd, PHY_11BG_MIXED);
+                               else if (NetType == Ndis802_11OFDM5)
+                                       RTMPSetPhyMode(pAd, PHY_11A);
+                               else
+                                       Status = -EINVAL;
+#ifdef DOT11_N_SUPPORT
+                               if (Status == NDIS_STATUS_SUCCESS)
+                                       SetCommonHT(pAd);
+#endif // DOT11_N_SUPPORT //
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_NETWORK_TYPE_IN_USE (=%d)\n",NetType));
+                   }
+                       break;
+        // For WPA PSK PMK key
+        case RT_OID_802_11_ADD_WPA:
+            pKey = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+            if(pKey == NULL)
+            {
+                Status = -ENOMEM;
+                break;
+            }
+
+            Status = copy_from_user(pKey, wrq->u.data.pointer, wrq->u.data.length);
+            if (pKey->Length != wrq->u.data.length)
+            {
+                Status  = -EINVAL;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_ADD_WPA, Failed!!\n"));
+            }
+            else
+            {
+                if ((pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPAPSK) &&
+                                   (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPA2PSK) &&
+                                   (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPANone) )
+                {
+                    Status = -EOPNOTSUPP;
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_ADD_WPA, Failed!! [AuthMode != WPAPSK/WPA2PSK/WPANONE]\n"));
+                }
+                else if ((pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPAPSK) ||
+                                                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPA2PSK) ||
+                                                (pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone) )     // Only for WPA PSK mode
+                               {
+                    NdisMoveMemory(pAd->StaCfg.PMK, &pKey->KeyMaterial, pKey->KeyLength);
+                    // Use RaConfig as PSK agent.
+                    // Start STA supplicant state machine
+                    if (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPANone)
+                        pAd->StaCfg.WpaState = SS_START;
+
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_ADD_WPA (id=0x%x, Len=%d-byte)\n", pKey->KeyIndex, pKey->KeyLength));
+                }
+                else
+                {
+                    pAd->StaCfg.WpaState = SS_NOTUSE;
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_ADD_WPA (id=0x%x, Len=%d-byte)\n", pKey->KeyIndex, pKey->KeyLength));
+                }
+            }
+            kfree(pKey);
+            break;
+        case OID_802_11_REMOVE_KEY:
+            pRemoveKey = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+            if(pRemoveKey == NULL)
+            {
+                Status = -ENOMEM;
+                break;
+            }
+
+            Status = copy_from_user(pRemoveKey, wrq->u.data.pointer, wrq->u.data.length);
+            if (pRemoveKey->Length != wrq->u.data.length)
+            {
+                Status  = -EINVAL;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_KEY, Failed!!\n"));
+            }
+            else
+            {
+                if (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+                {
+                    RTMPWPARemoveKeyProc(pAd, pRemoveKey);
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_KEY, Remove WPA Key!!\n"));
+                }
+                else
+                {
+                    KeyIdx = pRemoveKey->KeyIndex;
+
+                    if (KeyIdx & 0x80000000)
+                    {
+                        // Should never set default bit when remove key
+                        Status  = -EINVAL;
+                        DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_KEY, Failed!!(Should never set default bit when remove key)\n"));
+                    }
+                    else
+                    {
+                        KeyIdx = KeyIdx & 0x0fffffff;
+                        if (KeyIdx > 3)
+                        {
+                            Status  = -EINVAL;
+                            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_KEY, Failed!!(KeyId[%d] out of range)\n", KeyIdx));
+                        }
+                        else
+                        {
+                            pAd->SharedKey[BSS0][KeyIdx].KeyLen = 0;
+                            pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CIPHER_NONE;
+                            AsicRemoveSharedKeyEntry(pAd, 0, (UCHAR)KeyIdx);
+                            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_REMOVE_KEY (id=0x%x, Len=%d-byte)\n", pRemoveKey->KeyIndex, pRemoveKey->Length));
+                        }
+                    }
+                }
+            }
+            kfree(pRemoveKey);
+            break;
+        // New for WPA
+        case OID_802_11_ADD_KEY:
+            pKey = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+            if(pKey == NULL)
+            {
+                Status = -ENOMEM;
+                break;
+            }
+            Status = copy_from_user(pKey, wrq->u.data.pointer, wrq->u.data.length);
+            if (pKey->Length != wrq->u.data.length)
+            {
+                Status  = -EINVAL;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_KEY, Failed!!\n"));
+            }
+            else
+            {
+                RTMPAddKey(pAd, pKey);
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_KEY (id=0x%x, Len=%d-byte)\n", pKey->KeyIndex, pKey->KeyLength));
+            }
+            kfree(pKey);
+            break;
+        case OID_802_11_CONFIGURATION:
+            if (wrq->u.data.length != sizeof(NDIS_802_11_CONFIGURATION))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&Config, wrq->u.data.pointer, wrq->u.data.length);
+                pConfig = &Config;
+
+                if ((pConfig->BeaconPeriod >= 20) && (pConfig->BeaconPeriod <=400))
+                     pAd->CommonCfg.BeaconPeriod = (USHORT) pConfig->BeaconPeriod;
+
+                pAd->StaActive.AtimWin = (USHORT) pConfig->ATIMWindow;
+                MAP_KHZ_TO_CHANNEL_ID(pConfig->DSConfig, pAd->CommonCfg.Channel);
+                //
+                               // Save the channel on MlmeAux for CntlOidRTBssidProc used.
+                               //
+                               pAd->MlmeAux.Channel = pAd->CommonCfg.Channel;
+
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_CONFIGURATION (BeacnPeriod=%ld,AtimW=%ld,Ch=%d)\n",
+                    pConfig->BeaconPeriod, pConfig->ATIMWindow, pAd->CommonCfg.Channel));
+                // Config has changed
+                pAd->bConfigChanged = TRUE;
+            }
+            break;
+#ifdef DOT11_N_SUPPORT
+               case RT_OID_802_11_SET_HT_PHYMODE:
+                       if (wrq->u.data.length  != sizeof(OID_SET_HT_PHYMODE))
+                               Status = -EINVAL;
+                       else
+                       {
+                           POID_SET_HT_PHYMODE pHTPhyMode = &HT_PhyMode;
+
+                               Status = copy_from_user(&HT_PhyMode, wrq->u.data.pointer, wrq->u.data.length);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::pHTPhyMode      (PhyMode = %d,TransmitNo = %d, HtMode = %d,     ExtOffset =     %d , MCS = %d, BW =     %d,     STBC = %d, SHORTGI = %d) \n",
+                               pHTPhyMode->PhyMode, pHTPhyMode->TransmitNo,pHTPhyMode->HtMode,pHTPhyMode->ExtOffset,
+                               pHTPhyMode->MCS, pHTPhyMode->BW, pHTPhyMode->STBC,      pHTPhyMode->SHORTGI));
+                               if (pAd->CommonCfg.PhyMode      >= PHY_11ABGN_MIXED)
+                                       RTMPSetHT(pAd,  pHTPhyMode);
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_SET_HT_PHYMODE(MCS=%d,BW=%d,SGI=%d,STBC=%d)\n",
+                               pAd->StaCfg.HTPhyMode.field.MCS, pAd->StaCfg.HTPhyMode.field.BW, pAd->StaCfg.HTPhyMode.field.ShortGI,
+                               pAd->StaCfg.HTPhyMode.field.STBC));
+                       break;
+#endif // DOT11_N_SUPPORT //
+               case RT_OID_802_11_SET_APSD_SETTING:
+                       if (wrq->u.data.length != sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               ULONG apsd ;
+                               Status = copy_from_user(&apsd, wrq->u.data.pointer,     wrq->u.data.length);
+
+                               /*-------------------------------------------------------------------
+                               |B31~B7 |       B6~B5    |       B4      |       B3      |      B2       |      B1       |         B0           |
+                               ---------------------------------------------------------------------
+                               | Rsvd  | Max SP Len | AC_VO | AC_VI | AC_BK | AC_BE | APSD     Capable |
+                               ---------------------------------------------------------------------*/
+                               pAd->CommonCfg.bAPSDCapable = (apsd & 0x00000001) ? TRUE :      FALSE;
+                               pAd->CommonCfg.bAPSDAC_BE = ((apsd      & 0x00000002) >> 1)     ? TRUE : FALSE;
+                               pAd->CommonCfg.bAPSDAC_BK = ((apsd      & 0x00000004) >> 2)     ? TRUE : FALSE;
+                               pAd->CommonCfg.bAPSDAC_VI = ((apsd      & 0x00000008) >> 3)     ? TRUE : FALSE;
+                               pAd->CommonCfg.bAPSDAC_VO = ((apsd      & 0x00000010) >> 4)     ? TRUE : FALSE;
+                               pAd->CommonCfg.MaxSPLength      = (UCHAR)((apsd & 0x00000060) >> 5);
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_SET_APSD_SETTING (apsd=0x%lx, APSDCap=%d, [BE,BK,VI,VO]=[%d/%d/%d/%d],    MaxSPLen=%d)\n", apsd, pAd->CommonCfg.bAPSDCapable,
+                                       pAd->CommonCfg.bAPSDAC_BE,      pAd->CommonCfg.bAPSDAC_BK,      pAd->CommonCfg.bAPSDAC_VI,      pAd->CommonCfg.bAPSDAC_VO,      pAd->CommonCfg.MaxSPLength));
+                       }
+                       break;
+
+               case RT_OID_802_11_SET_APSD_PSM:
+                       if (wrq->u.data.length  != sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               // Driver needs to notify AP when PSM changes
+                               Status = copy_from_user(&pAd->CommonCfg.bAPSDForcePowerSave, wrq->u.data.pointer, wrq->u.data.length);
+                               if (pAd->CommonCfg.bAPSDForcePowerSave  != pAd->StaCfg.Psm)
+                               {
+                                       RTMP_SET_PSM_BIT(pAd,   pAd->CommonCfg.bAPSDForcePowerSave);
+                                       RTMPSendNullFrame(pAd,  pAd->CommonCfg.TxRate,  TRUE);
+                               }
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_SET_APSD_PSM (bAPSDForcePowerSave:%d)\n", pAd->CommonCfg.bAPSDForcePowerSave));
+                       }
+                       break;
+#ifdef QOS_DLS_SUPPORT
+               case RT_OID_802_11_SET_DLS:
+                       if (wrq->u.data.length != sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               BOOLEAN oldvalue = pAd->CommonCfg.bDLSCapable;
+                               Status = copy_from_user(&pAd->CommonCfg.bDLSCapable, wrq->u.data.pointer, wrq->u.data.length);
+                               if (oldvalue && !pAd->CommonCfg.bDLSCapable)
+                               {
+                                       int     i;
+                                       // tear down local dls table entry
+                                       for     (i=0; i<MAX_NUM_OF_INIT_DLS_ENTRY; i++)
+                                       {
+                                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                                               {
+                                                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                                               }
+                                       }
+
+                                       // tear down peer dls table     entry
+                                       for     (i=MAX_NUM_OF_INIT_DLS_ENTRY; i<MAX_NUM_OF_DLS_ENTRY; i++)
+                                       {
+                                               if (pAd->StaCfg.DLSEntry[i].Valid && (pAd->StaCfg.DLSEntry[i].Status == DLS_FINISH))
+                                               {
+                                                       pAd->StaCfg.DLSEntry[i].Status  = DLS_NONE;
+                                                       pAd->StaCfg.DLSEntry[i].Valid   = FALSE;
+                                                       RTMPSendDLSTearDownFrame(pAd, pAd->StaCfg.DLSEntry[i].MacAddr);
+                                               }
+                                       }
+                               }
+
+                               DBGPRINT(RT_DEBUG_TRACE,("Set::RT_OID_802_11_SET_DLS (=%d)\n", pAd->CommonCfg.bDLSCapable));
+                       }
+                       break;
+
+               case RT_OID_802_11_SET_DLS_PARAM:
+                       if (wrq->u.data.length  != sizeof(RT_802_11_DLS_UI))
+                               Status = -EINVAL;
+                       else
+                       {
+                               RT_802_11_DLS   Dls;
+
+                               NdisZeroMemory(&Dls, sizeof(RT_802_11_DLS));
+                               RTMPMoveMemory(&Dls, wrq->u.data.pointer, sizeof(RT_802_11_DLS_UI));
+                               MlmeEnqueue(pAd,
+                                                       MLME_CNTL_STATE_MACHINE,
+                                                       RT_OID_802_11_SET_DLS_PARAM,
+                                                       sizeof(RT_802_11_DLS),
+                                                       &Dls);
+                               DBGPRINT(RT_DEBUG_TRACE,("Set::RT_OID_802_11_SET_DLS_PARAM \n"));
+                       }
+                       break;
+#endif // QOS_DLS_SUPPORT //
+               case RT_OID_802_11_SET_WMM:
+                       if (wrq->u.data.length  != sizeof(BOOLEAN))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&pAd->CommonCfg.bWmmCapable, wrq->u.data.pointer, wrq->u.data.length);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_SET_WMM (=%d)     \n", pAd->CommonCfg.bWmmCapable));
+                       }
+                       break;
+
+               case OID_802_11_DISASSOCIATE:
+                       //
+                       // Set NdisRadioStateOff to     TRUE, instead of called MlmeRadioOff.
+                       // Later on, NDIS_802_11_BSSID_LIST_EX->NumberOfItems should be 0
+                       // when query OID_802_11_BSSID_LIST.
+                       //
+                       // TRUE:  NumberOfItems will set to     0.
+                       // FALSE: NumberOfItems no change.
+                       //
+                       pAd->CommonCfg.NdisRadioStateOff =      TRUE;
+                       // Set to immediately send the media disconnect event
+                       pAd->MlmeAux.CurrReqIsFromNdis  = TRUE;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_DISASSOCIATE \n"));
+
+
+                       if (INFRA_ON(pAd))
+                       {
+                               if (pAd->Mlme.CntlMachine.CurrState !=  CNTL_IDLE)
+                               {
+                                       RTMP_MLME_RESET_STATE_MACHINE(pAd);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME     busy, reset     MLME state machine !!!\n"));
+                               }
+
+                               MlmeEnqueue(pAd,
+                                       MLME_CNTL_STATE_MACHINE,
+                                       OID_802_11_DISASSOCIATE,
+                                       0,
+                                       NULL);
+
+                               StateMachineTouched     = TRUE;
+                       }
+                       break;
+
+#ifdef DOT11_N_SUPPORT
+               case RT_OID_802_11_SET_IMME_BA_CAP:
+                               if (wrq->u.data.length != sizeof(OID_BACAP_STRUC))
+                                       Status = -EINVAL;
+                               else
+                               {
+                                       OID_BACAP_STRUC Orde ;
+                                       Status = copy_from_user(&Orde, wrq->u.data.pointer, wrq->u.data.length);
+                                       if (Orde.Policy > BA_NOTUSE)
+                                       {
+                                               Status = NDIS_STATUS_INVALID_DATA;
+                                       }
+                                       else if (Orde.Policy == BA_NOTUSE)
+                                       {
+                                               pAd->CommonCfg.BACapability.field.Policy = BA_NOTUSE;
+                                               pAd->CommonCfg.BACapability.field.MpduDensity = Orde.MpduDensity;
+                                               pAd->CommonCfg.DesiredHtPhy.MpduDensity = Orde.MpduDensity;
+                                               pAd->CommonCfg.DesiredHtPhy.AmsduEnable = Orde.AmsduEnable;
+                                               pAd->CommonCfg.DesiredHtPhy.AmsduSize= Orde.AmsduSize;
+                                               pAd->CommonCfg.DesiredHtPhy.MimoPs= Orde.MMPSmode;
+                                               pAd->CommonCfg.BACapability.field.MMPSmode = Orde.MMPSmode;
+                                               // UPdata to HT IE
+                                               pAd->CommonCfg.HtCapability.HtCapInfo.MimoPs = Orde.MMPSmode;
+                                               pAd->CommonCfg.HtCapability.HtCapInfo.AMsduSize = Orde.AmsduSize;
+                                               pAd->CommonCfg.HtCapability.HtCapParm.MpduDensity = Orde.MpduDensity;
+                                       }
+                                       else
+                                       {
+                        pAd->CommonCfg.BACapability.field.AutoBA = Orde.AutoBA;
+                                               pAd->CommonCfg.BACapability.field.Policy = IMMED_BA; // we only support immediate BA.
+                                               pAd->CommonCfg.BACapability.field.MpduDensity = Orde.MpduDensity;
+                                               pAd->CommonCfg.DesiredHtPhy.MpduDensity = Orde.MpduDensity;
+                                               pAd->CommonCfg.DesiredHtPhy.AmsduEnable = Orde.AmsduEnable;
+                                               pAd->CommonCfg.DesiredHtPhy.AmsduSize= Orde.AmsduSize;
+                                               pAd->CommonCfg.DesiredHtPhy.MimoPs = Orde.MMPSmode;
+                                               pAd->CommonCfg.BACapability.field.MMPSmode = Orde.MMPSmode;
+
+                                               // UPdata to HT IE
+                                               pAd->CommonCfg.HtCapability.HtCapInfo.MimoPs = Orde.MMPSmode;
+                                               pAd->CommonCfg.HtCapability.HtCapInfo.AMsduSize = Orde.AmsduSize;
+                                               pAd->CommonCfg.HtCapability.HtCapParm.MpduDensity = Orde.MpduDensity;
+
+                                               if (pAd->CommonCfg.BACapability.field.RxBAWinLimit > MAX_RX_REORDERBUF)
+                                                       pAd->CommonCfg.BACapability.field.RxBAWinLimit = MAX_RX_REORDERBUF;
+
+                                       }
+
+                                       pAd->CommonCfg.REGBACapability.word = pAd->CommonCfg.BACapability.word;
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set::(Orde.AutoBA = %d) (Policy=%d)(ReBAWinLimit=%d)(TxBAWinLimit=%d)(AutoMode=%d)\n",Orde.AutoBA, pAd->CommonCfg.BACapability.field.Policy,
+                                               pAd->CommonCfg.BACapability.field.RxBAWinLimit,pAd->CommonCfg.BACapability.field.TxBAWinLimit, pAd->CommonCfg.BACapability.field.AutoBA));
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set::(MimoPs = %d)(AmsduEnable = %d) (AmsduSize=%d)(MpduDensity=%d)\n",pAd->CommonCfg.DesiredHtPhy.MimoPs, pAd->CommonCfg.DesiredHtPhy.AmsduEnable,
+                                               pAd->CommonCfg.DesiredHtPhy.AmsduSize, pAd->CommonCfg.DesiredHtPhy.MpduDensity));
+                               }
+
+                               break;
+               case RT_OID_802_11_ADD_IMME_BA:
+                       DBGPRINT(RT_DEBUG_TRACE, (" Set :: RT_OID_802_11_ADD_IMME_BA \n"));
+                       if (wrq->u.data.length != sizeof(OID_ADD_BA_ENTRY))
+                                       Status = -EINVAL;
+                       else
+                       {
+                               UCHAR                   index;
+                               OID_ADD_BA_ENTRY    BA;
+                               MAC_TABLE_ENTRY     *pEntry;
+
+                               Status = copy_from_user(&BA, wrq->u.data.pointer, wrq->u.data.length);
+                               if (BA.TID > 15)
+                               {
+                                       Status = NDIS_STATUS_INVALID_DATA;
+                                       break;
+                               }
+                               else
+                               {
+                                       //BATableInsertEntry
+                                       //As ad-hoc mode, BA pair is not limited to only BSSID. so add via OID.
+                                       index = BA.TID;
+                                       // in ad hoc mode, when adding BA pair, we should insert this entry into MACEntry too
+                                       pEntry = MacTableLookup(pAd, BA.MACAddr);
+                                       if (!pEntry)
+                                       {
+                                               DBGPRINT(RT_DEBUG_TRACE, ("RT_OID_802_11_ADD_IMME_BA. break on no connection.----:%x:%x\n", BA.MACAddr[4], BA.MACAddr[5]));
+                                               break;
+                                       }
+                                       if (BA.IsRecipient == FALSE)
+                                       {
+                                           if (pEntry->bIAmBadAtheros == TRUE)
+                                                       pAd->CommonCfg.BACapability.field.RxBAWinLimit = 0x10;
+
+                                               BAOriSessionSetUp(pAd, pEntry, index, 0, 100, TRUE);
+                                       }
+                                       else
+                                       {
+                                               //BATableInsertEntry(pAd, pEntry->Aid, BA.MACAddr, 0, 0xffff, BA.TID, BA.nMSDU, BA.IsRecipient);
+                                       }
+
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_802_11_ADD_IMME_BA. Rec = %d. Mac = %x:%x:%x:%x:%x:%x . \n",
+                                               BA.IsRecipient, BA.MACAddr[0], BA.MACAddr[1], BA.MACAddr[2], BA.MACAddr[2]
+                                               , BA.MACAddr[4], BA.MACAddr[5]));
+                               }
+                       }
+                       break;
+
+               case RT_OID_802_11_TEAR_IMME_BA:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set :: RT_OID_802_11_TEAR_IMME_BA \n"));
+                       if (wrq->u.data.length != sizeof(OID_ADD_BA_ENTRY))
+                                       Status = -EINVAL;
+                       else
+                       {
+                               POID_ADD_BA_ENTRY       pBA;
+                               MAC_TABLE_ENTRY *pEntry;
+
+                               pBA = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+
+                               if (pBA == NULL)
+                               {
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set :: RT_OID_802_11_TEAR_IMME_BA kmalloc() can't allocate enough memory\n"));
+                                       Status = NDIS_STATUS_FAILURE;
+                               }
+                               else
+                               {
+                                       Status = copy_from_user(pBA, wrq->u.data.pointer, wrq->u.data.length);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set :: RT_OID_802_11_TEAR_IMME_BA(TID=%d, bAllTid=%d)\n", pBA->TID, pBA->bAllTid));
+
+                                       if (!pBA->bAllTid && (pBA->TID > NUM_OF_TID))
+                                       {
+                                               Status = NDIS_STATUS_INVALID_DATA;
+                                               break;
+                                       }
+
+                                       if (pBA->IsRecipient == FALSE)
+                                       {
+                                               pEntry = MacTableLookup(pAd, pBA->MACAddr);
+                                               DBGPRINT(RT_DEBUG_TRACE, (" pBA->IsRecipient == FALSE\n"));
+                                               if (pEntry)
+                                               {
+                                                       DBGPRINT(RT_DEBUG_TRACE, (" pBA->pEntry\n"));
+                                                       BAOriSessionTearDown(pAd, pEntry->Aid, pBA->TID, FALSE, TRUE);
+                                               }
+                                               else
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("Set :: Not found pEntry \n"));
+                                       }
+                                       else
+                                       {
+                                               pEntry = MacTableLookup(pAd, pBA->MACAddr);
+                                               if (pEntry)
+                                               {
+                                                       BARecSessionTearDown( pAd, (UCHAR)pEntry->Aid, pBA->TID, TRUE);
+                                               }
+                                               else
+                                                       DBGPRINT(RT_DEBUG_TRACE, ("Set :: Not found pEntry \n"));
+                                       }
+                                       kfree(pBA);
+                               }
+            }
+            break;
+#endif // DOT11_N_SUPPORT //
+
+        // For WPA_SUPPLICANT to set static wep key
+       case OID_802_11_ADD_WEP:
+           pWepKey = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+
+           if(pWepKey == NULL)
+            {
+                Status = -ENOMEM;
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_WEP, Failed!!\n"));
+                break;
+            }
+            Status = copy_from_user(pWepKey, wrq->u.data.pointer, wrq->u.data.length);
+            if (Status)
+            {
+                Status  = -EINVAL;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_WEP, Failed (length mismatch)!!\n"));
+            }
+            else
+            {
+                       KeyIdx = pWepKey->KeyIndex & 0x0fffffff;
+                // KeyIdx must be 0 ~ 3
+                if (KeyIdx > 4)
+                       {
+                    Status  = -EINVAL;
+                    DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_WEP, Failed (KeyIdx must be smaller than 4)!!\n"));
+                }
+                else
+                {
+                    UCHAR CipherAlg = 0;
+                    PUCHAR Key;
+
+                    // set key material and key length
+                    NdisZeroMemory(pAd->SharedKey[BSS0][KeyIdx].Key, 16);
+                    pAd->SharedKey[BSS0][KeyIdx].KeyLen = (UCHAR) pWepKey->KeyLength;
+                    NdisMoveMemory(pAd->SharedKey[BSS0][KeyIdx].Key, &pWepKey->KeyMaterial, pWepKey->KeyLength);
+
+                    switch(pWepKey->KeyLength)
+                    {
+                        case 5:
+                            CipherAlg = CIPHER_WEP64;
+                            break;
+                        case 13:
+                            CipherAlg = CIPHER_WEP128;
+                            break;
+                        default:
+                            DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_WEP, only support CIPHER_WEP64(len:5) & CIPHER_WEP128(len:13)!!\n"));
+                            Status = -EINVAL;
+                            break;
+                    }
+                    pAd->SharedKey[BSS0][KeyIdx].CipherAlg = CipherAlg;
+
+                    // Default key for tx (shared key)
+                    if (pWepKey->KeyIndex & 0x80000000)
+                    {
+#ifdef WPA_SUPPLICANT_SUPPORT
+                        // set key material and key length
+                        NdisZeroMemory(pAd->StaCfg.DesireSharedKey[KeyIdx].Key, 16);
+                        pAd->StaCfg.DesireSharedKey[KeyIdx].KeyLen = (UCHAR) pWepKey->KeyLength;
+                        NdisMoveMemory(pAd->StaCfg.DesireSharedKey[KeyIdx].Key, &pWepKey->KeyMaterial, pWepKey->KeyLength);
+                        pAd->StaCfg.DesireSharedKeyId = KeyIdx;
+                        pAd->StaCfg.DesireSharedKey[KeyIdx].CipherAlg = CipherAlg;
+#endif // WPA_SUPPLICANT_SUPPORT //
+                        pAd->StaCfg.DefaultKeyId = (UCHAR) KeyIdx;
+                    }
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+                                       if ((pAd->StaCfg.WpaSupplicantUP != WPA_SUPPLICANT_DISABLE) &&
+                                               (pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA))
+                                       {
+                                               Key = pWepKey->KeyMaterial;
+
+                                               // Set Group key material to Asic
+                                       AsicAddSharedKeyEntry(pAd, BSS0, KeyIdx, CipherAlg, Key, NULL, NULL);
+
+                                               // Update WCID attribute table and IVEIV table for this group key table
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, KeyIdx, CipherAlg, NULL);
+
+                                               STA_PORT_SECURED(pAd);
+
+                                       // Indicate Connected for GUI
+                                       pAd->IndicateMediaState = NdisMediaStateConnected;
+                                       }
+                    else if (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_SECURED)
+#endif // WPA_SUPPLICANT_SUPPORT
+                    {
+                        Key = pAd->SharedKey[BSS0][KeyIdx].Key;
+
+                        // Set key material and cipherAlg to Asic
+                                       AsicAddSharedKeyEntry(pAd, BSS0, KeyIdx, CipherAlg, Key, NULL, NULL);
+
+                        if (pWepKey->KeyIndex & 0x80000000)
+                        {
+                            PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[BSSID_WCID];
+                            // Assign group key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, KeyIdx, CipherAlg, NULL);
+                                               // Assign pairwise key info
+                                               RTMPAddWcidAttributeEntry(pAd, BSS0, KeyIdx, CipherAlg, pEntry);
+                        }
+                    }
+                                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_ADD_WEP (id=0x%x, Len=%d-byte), %s\n", pWepKey->KeyIndex, pWepKey->KeyLength, (pAd->StaCfg.PortSecured == WPA_802_1X_PORT_SECURED) ? "Port Secured":"Port NOT Secured"));
+                               }
+            }
+            kfree(pWepKey);
+            break;
+#ifdef WPA_SUPPLICANT_SUPPORT
+           case OID_SET_COUNTERMEASURES:
+            if (wrq->u.data.length != sizeof(int))
+                Status  = -EINVAL;
+            else
+            {
+                int enabled = 0;
+                Status = copy_from_user(&enabled, wrq->u.data.pointer, wrq->u.data.length);
+                if (enabled == 1)
+                    pAd->StaCfg.bBlockAssoc = TRUE;
+                else
+                    // WPA MIC error should block association attempt for 60 seconds
+                    pAd->StaCfg.bBlockAssoc = FALSE;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_SET_COUNTERMEASURES bBlockAssoc=%s\n", pAd->StaCfg.bBlockAssoc ? "TRUE":"FALSE"));
+            }
+               break;
+        case RT_OID_WPA_SUPPLICANT_SUPPORT:
+                       if (wrq->u.data.length != sizeof(UCHAR))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&wpa_supplicant_enable, wrq->u.data.pointer, wrq->u.data.length);
+                       pAd->StaCfg.WpaSupplicantUP = wpa_supplicant_enable;
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::RT_OID_WPA_SUPPLICANT_SUPPORT (=%d)\n", pAd->StaCfg.WpaSupplicantUP));
+                       }
+            break;
+        case OID_802_11_DEAUTHENTICATION:
+            if (wrq->u.data.length != sizeof(MLME_DEAUTH_REQ_STRUCT))
+                Status  = -EINVAL;
+            else
+            {
+                MLME_DEAUTH_REQ_STRUCT      *pInfo;
+               MLME_QUEUE_ELEM *MsgElem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+                if (MsgElem == NULL)
+                {
+                       DBGPRINT(RT_DEBUG_ERROR, ("%s():alloc memory failed!\n", __FUNCTION__));
+                        return -EINVAL;
+                }
+
+                pInfo = (MLME_DEAUTH_REQ_STRUCT *) MsgElem->Msg;
+                Status = copy_from_user(pInfo, wrq->u.data.pointer, wrq->u.data.length);
+                MlmeDeauthReqAction(pAd, MsgElem);
+                               kfree(MsgElem);
+
+                if (INFRA_ON(pAd))
+                {
+                    LinkDown(pAd, FALSE);
+                    pAd->Mlme.AssocMachine.CurrState = ASSOC_IDLE;
+                }
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_DEAUTHENTICATION (Reason=%d)\n", pInfo->Reason));
+            }
+            break;
+        case OID_802_11_DROP_UNENCRYPTED:
+            if (wrq->u.data.length != sizeof(int))
+                Status  = -EINVAL;
+            else
+            {
+                int enabled = 0;
+                Status = copy_from_user(&enabled, wrq->u.data.pointer, wrq->u.data.length);
+                if (enabled == 1)
+                    pAd->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+                else
+                    pAd->StaCfg.PortSecured = WPA_802_1X_PORT_SECURED;
+                               NdisAcquireSpinLock(&pAd->MacTabLock);
+                               pAd->MacTab.Content[BSSID_WCID].PortSecured = pAd->StaCfg.PortSecured;
+                               NdisReleaseSpinLock(&pAd->MacTabLock);
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_DROP_UNENCRYPTED (=%d)\n", enabled));
+            }
+            break;
+        case OID_802_11_SET_IEEE8021X:
+            if (wrq->u.data.length != sizeof(BOOLEAN))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&IEEE8021xState, wrq->u.data.pointer, wrq->u.data.length);
+                       pAd->StaCfg.IEEE8021X = IEEE8021xState;
+                DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SET_IEEE8021X (=%d)\n", IEEE8021xState));
+            }
+            break;
+        case OID_802_11_SET_IEEE8021X_REQUIRE_KEY:
+                       if (wrq->u.data.length != sizeof(BOOLEAN))
+                                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&IEEE8021x_required_keys, wrq->u.data.pointer, wrq->u.data.length);
+                               pAd->StaCfg.IEEE8021x_required_keys = IEEE8021x_required_keys;
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SET_IEEE8021X_REQUIRE_KEY (%d)\n", IEEE8021x_required_keys));
+                       }
+                       break;
+        case OID_802_11_PMKID:
+               pPmkId = kmalloc(wrq->u.data.length, MEM_ALLOC_FLAG);
+
+               if(pPmkId == NULL) {
+                Status = -ENOMEM;
+                break;
+            }
+            Status = copy_from_user(pPmkId, wrq->u.data.pointer, wrq->u.data.length);
+
+               // check the PMKID information
+               if (pPmkId->BSSIDInfoCount == 0)
+                NdisZeroMemory(pAd->StaCfg.SavedPMK, sizeof(BSSID_INFO)*PMKID_NO);
+               else
+               {
+                       PBSSID_INFO     pBssIdInfo;
+                       UINT            BssIdx;
+                       UINT            CachedIdx;
+
+                       for (BssIdx = 0; BssIdx < pPmkId->BSSIDInfoCount; BssIdx++)
+                       {
+                               // point to the indexed BSSID_INFO structure
+                               pBssIdInfo = (PBSSID_INFO) ((PUCHAR) pPmkId + 2 * sizeof(UINT) + BssIdx * sizeof(BSSID_INFO));
+                               // Find the entry in the saved data base.
+                               for (CachedIdx = 0; CachedIdx < pAd->StaCfg.SavedPMKNum; CachedIdx++)
+                               {
+                                       // compare the BSSID
+                                       if (NdisEqualMemory(pBssIdInfo->BSSID, pAd->StaCfg.SavedPMK[CachedIdx].BSSID, sizeof(NDIS_802_11_MAC_ADDRESS)))
+                                               break;
+                               }
+
+                               // Found, replace it
+                               if (CachedIdx < PMKID_NO)
+                               {
+                                       DBGPRINT(RT_DEBUG_OFF, ("Update OID_802_11_PMKID, idx = %d\n", CachedIdx));
+                                       NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx], pBssIdInfo, sizeof(BSSID_INFO));
+                                       pAd->StaCfg.SavedPMKNum++;
+                               }
+                               // Not found, replace the last one
+                               else
+                               {
+                                       // Randomly replace one
+                                       CachedIdx = (pBssIdInfo->BSSID[5] % PMKID_NO);
+                                       DBGPRINT(RT_DEBUG_OFF, ("Update OID_802_11_PMKID, idx = %d\n", CachedIdx));
+                                       NdisMoveMemory(&pAd->StaCfg.SavedPMK[CachedIdx], pBssIdInfo, sizeof(BSSID_INFO));
+                               }
+                       }
+                       }
+                       if(pPmkId)
+                               kfree(pPmkId);
+               break;
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+
+
+#ifdef SNMP_SUPPORT
+               case OID_802_11_SHORTRETRYLIMIT:
+                       if (wrq->u.data.length != sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&ShortRetryLimit, wrq->u.data.pointer, wrq->u.data.length);
+                               RTMP_IO_READ32(pAd, TX_RTY_CFG, &tx_rty_cfg.word);
+                               tx_rty_cfg.field.ShortRtyLimit = ShortRetryLimit;
+                               RTMP_IO_WRITE32(pAd, TX_RTY_CFG, tx_rty_cfg.word);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_SHORTRETRYLIMIT (tx_rty_cfg.field.ShortRetryLimit=%d, ShortRetryLimit=%ld)\n", tx_rty_cfg.field.ShortRtyLimit, ShortRetryLimit));
+                       }
+                       break;
+
+               case OID_802_11_LONGRETRYLIMIT:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_LONGRETRYLIMIT \n"));
+                       if (wrq->u.data.length != sizeof(ULONG))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&LongRetryLimit, wrq->u.data.pointer, wrq->u.data.length);
+                               RTMP_IO_READ32(pAd, TX_RTY_CFG, &tx_rty_cfg.word);
+                               tx_rty_cfg.field.LongRtyLimit = LongRetryLimit;
+                               RTMP_IO_WRITE32(pAd, TX_RTY_CFG, tx_rty_cfg.word);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_LONGRETRYLIMIT (tx_rty_cfg.field.LongRetryLimit= %d,LongRetryLimit=%ld)\n", tx_rty_cfg.field.LongRtyLimit, LongRetryLimit));
+                       }
+                       break;
+
+               case OID_802_11_WEPDEFAULTKEYVALUE:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_WEPDEFAULTKEYVALUE\n"));
+                       pKey = kmalloc(wrq->u.data.length, GFP_KERNEL);
+                       Status = copy_from_user(pKey, wrq->u.data.pointer, wrq->u.data.length);
+                       //pKey = &WepKey;
+
+                       if ( pKey->Length != wrq->u.data.length)
+                       {
+                               Status = -EINVAL;
+                               DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_WEPDEFAULTKEYVALUE, Failed!!\n"));
+                       }
+                       KeyIdx = pKey->KeyIndex & 0x0fffffff;
+                       DBGPRINT(RT_DEBUG_TRACE,("pKey->KeyIndex =%d, pKey->KeyLength=%d\n", pKey->KeyIndex, pKey->KeyLength));
+
+                       // it is a shared key
+                       if (KeyIdx > 4)
+                               Status = -EINVAL;
+                       else
+                       {
+                               pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen = (UCHAR) pKey->KeyLength;
+                               NdisMoveMemory(&pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key, &pKey->KeyMaterial, pKey->KeyLength);
+                               if (pKey->KeyIndex & 0x80000000)
+                               {
+                                       // Default key for tx (shared key)
+                                       pAd->StaCfg.DefaultKeyId = (UCHAR) KeyIdx;
+                               }
+                               //RestartAPIsRequired = TRUE;
+                       }
+                       break;
+
+
+               case OID_802_11_WEPDEFAULTKEYID:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_WEPDEFAULTKEYID \n"));
+
+                       if (wrq->u.data.length != sizeof(UCHAR))
+                               Status = -EINVAL;
+                       else
+                               Status = copy_from_user(&pAd->StaCfg.DefaultKeyId, wrq->u.data.pointer, wrq->u.data.length);
+
+                       break;
+
+
+               case OID_802_11_CURRENTCHANNEL:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Set::OID_802_11_CURRENTCHANNEL \n"));
+                       if (wrq->u.data.length != sizeof(UCHAR))
+                               Status = -EINVAL;
+                       else
+                       {
+                               Status = copy_from_user(&ctmp, wrq->u.data.pointer, wrq->u.data.length);
+                               sprintf((PSTRING)&ctmp,"%d", ctmp);
+                               Set_Channel_Proc(pAd, (PSTRING)&ctmp);
+                       }
+                       break;
+#endif
+
+
+
+               case RT_OID_802_11_SET_PSPXLINK_MODE:
+                       if (wrq->u.data.length != sizeof(BOOLEAN))
+                Status  = -EINVAL;
+            else
+            {
+                Status = copy_from_user(&pAd->CommonCfg.PSPXlink, wrq->u.data.pointer, wrq->u.data.length);
+                               /*if (pAd->CommonCfg.PSPXlink)
+                                       RX_FILTER_SET_FLAG(pAd, fRX_FILTER_ACCEPT_PROMISCUOUS)*/
+                               DBGPRINT(RT_DEBUG_TRACE,("Set::RT_OID_802_11_SET_PSPXLINK_MODE(=%d) \n", pAd->CommonCfg.PSPXlink));
+            }
+                       break;
+
+
+        default:
+            DBGPRINT(RT_DEBUG_TRACE, ("Set::unknown IOCTL's subcmd = 0x%08x\n", cmd));
+            Status = -EOPNOTSUPP;
+            break;
+    }
+
+
+    return Status;
+}
+
+INT RTMPQueryInformation(
+    IN  PRTMP_ADAPTER pAd,
+    IN  OUT struct ifreq    *rq,
+    IN  INT                 cmd)
+{
+    struct iwreq                        *wrq = (struct iwreq *) rq;
+    NDIS_802_11_BSSID_LIST_EX           *pBssidList = NULL;
+    PNDIS_WLAN_BSSID_EX                 pBss;
+    NDIS_802_11_SSID                    Ssid;
+    NDIS_802_11_CONFIGURATION           *pConfiguration = NULL;
+    RT_802_11_LINK_STATUS               *pLinkStatus = NULL;
+    RT_802_11_STA_CONFIG                *pStaConfig = NULL;
+    NDIS_802_11_STATISTICS              *pStatistics = NULL;
+    NDIS_802_11_RTS_THRESHOLD           RtsThresh;
+    NDIS_802_11_FRAGMENTATION_THRESHOLD FragThresh;
+    NDIS_802_11_POWER_MODE              PowerMode;
+    NDIS_802_11_NETWORK_INFRASTRUCTURE  BssType;
+    RT_802_11_PREAMBLE                  PreamType;
+    NDIS_802_11_AUTHENTICATION_MODE     AuthMode;
+    NDIS_802_11_WEP_STATUS              WepStatus;
+    NDIS_MEDIA_STATE                    MediaState;
+    ULONG                               BssBufSize, ulInfo=0, NetworkTypeList[4], apsd = 0;
+    USHORT                              BssLen = 0;
+    PUCHAR                              pBuf = NULL, pPtr;
+    INT                                 Status = NDIS_STATUS_SUCCESS;
+    UINT                                we_version_compiled;
+    UCHAR                               i, Padding = 0;
+    BOOLEAN                             RadioState;
+       STRING                                                          driverVersion[8];
+    OID_SET_HT_PHYMODE                         *pHTPhyMode = NULL;
+
+
+#ifdef SNMP_SUPPORT
+       //for snmp, kathy
+       DefaultKeyIdxValue                      *pKeyIdxValue;
+       INT                                                     valueLen;
+       TX_RTY_CFG_STRUC                        tx_rty_cfg;
+       ULONG                                           ShortRetryLimit, LongRetryLimit;
+       UCHAR                                           tmp[64];
+#endif //SNMP
+
+    switch(cmd)
+    {
+        case RT_OID_DEVICE_NAME:
+            wrq->u.data.length = sizeof(pAd->nickname);
+            Status = copy_to_user(wrq->u.data.pointer, pAd->nickname, wrq->u.data.length);
+            break;
+        case RT_OID_VERSION_INFO:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_VERSION_INFO \n"));
+                       wrq->u.data.length = 8*sizeof(CHAR);
+                       sprintf(&driverVersion[0], "%s", STA_DRIVER_VERSION);
+                       driverVersion[7] = '\0';
+                       if (copy_to_user(wrq->u.data.pointer, &driverVersion[0], wrq->u.data.length))
+            {
+                               Status = -EFAULT;
+            }
+            break;
+
+        case OID_802_11_BSSID_LIST:
+            if (RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_BSS_SCAN_IN_PROGRESS))
+            {
+               /*
+                * Still scanning, indicate the caller should try again.
+                */
+               DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_BSSID_LIST (Still scanning)\n"));
+                               return -EAGAIN;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_BSSID_LIST (%d BSS returned)\n",pAd->ScanTab.BssNr));
+                       pAd->StaCfg.bScanReqIsFromWebUI = FALSE;
+            // Claculate total buffer size required
+            BssBufSize = sizeof(ULONG);
+
+            for (i = 0; i < pAd->ScanTab.BssNr; i++)
+            {
+                // Align pointer to 4 bytes boundary.
+                //Padding = 4 - (pAdapter->ScanTab.BssEntry[i].VarIELen & 0x0003);
+                //if (Padding == 4)
+                //    Padding = 0;
+                BssBufSize += (sizeof(NDIS_WLAN_BSSID_EX) - 1 + sizeof(NDIS_802_11_FIXED_IEs) + pAd->ScanTab.BssEntry[i].VarIELen + Padding);
+            }
+
+            // For safety issue, we add 256 bytes just in case
+            BssBufSize += 256;
+            // Allocate the same size as passed from higher layer
+            pBuf = kmalloc(BssBufSize, MEM_ALLOC_FLAG);
+            if(pBuf == NULL)
+            {
+                Status = -ENOMEM;
+                break;
+            }
+            // Init 802_11_BSSID_LIST_EX structure
+            NdisZeroMemory(pBuf, BssBufSize);
+            pBssidList = (PNDIS_802_11_BSSID_LIST_EX) pBuf;
+            pBssidList->NumberOfItems = pAd->ScanTab.BssNr;
+
+            // Calculate total buffer length
+            BssLen = 4; // Consist of NumberOfItems
+            // Point to start of NDIS_WLAN_BSSID_EX
+            // pPtr = pBuf + sizeof(ULONG);
+            pPtr = (PUCHAR) &pBssidList->Bssid[0];
+            for (i = 0; i < pAd->ScanTab.BssNr; i++)
+            {
+                pBss = (PNDIS_WLAN_BSSID_EX) pPtr;
+                NdisMoveMemory(&pBss->MacAddress, &pAd->ScanTab.BssEntry[i].Bssid, MAC_ADDR_LEN);
+                if ((pAd->ScanTab.BssEntry[i].Hidden == 1) && (pAd->StaCfg.bShowHiddenSSID == FALSE))
+                {
+                    //
+                                       // We must return this SSID during 4way handshaking, otherwise Aegis will failed to parse WPA infomation
+                                       // and then failed to send EAPOl farame.
+                                       //
+                                       if ((pAd->StaCfg.AuthMode >= Ndis802_11AuthModeWPA) && (pAd->StaCfg.PortSecured != WPA_802_1X_PORT_SECURED))
+                                       {
+                                               pBss->Ssid.SsidLength = pAd->ScanTab.BssEntry[i].SsidLen;
+                                               NdisMoveMemory(pBss->Ssid.Ssid, pAd->ScanTab.BssEntry[i].Ssid, pAd->ScanTab.BssEntry[i].SsidLen);
+                                       }
+                                       else
+                       pBss->Ssid.SsidLength = 0;
+                }
+                else
+                {
+                    pBss->Ssid.SsidLength = pAd->ScanTab.BssEntry[i].SsidLen;
+                    NdisMoveMemory(pBss->Ssid.Ssid, pAd->ScanTab.BssEntry[i].Ssid, pAd->ScanTab.BssEntry[i].SsidLen);
+                }
+                pBss->Privacy = pAd->ScanTab.BssEntry[i].Privacy;
+                pBss->Rssi = pAd->ScanTab.BssEntry[i].Rssi - pAd->BbpRssiToDbmDelta;
+                pBss->NetworkTypeInUse = NetworkTypeInUseSanity(&pAd->ScanTab.BssEntry[i]);
+                pBss->Configuration.Length = sizeof(NDIS_802_11_CONFIGURATION);
+                pBss->Configuration.BeaconPeriod = pAd->ScanTab.BssEntry[i].BeaconPeriod;
+                pBss->Configuration.ATIMWindow = pAd->ScanTab.BssEntry[i].AtimWin;
+
+                MAP_CHANNEL_ID_TO_KHZ(pAd->ScanTab.BssEntry[i].Channel, pBss->Configuration.DSConfig);
+
+                if (pAd->ScanTab.BssEntry[i].BssType == BSS_INFRA)
+                    pBss->InfrastructureMode = Ndis802_11Infrastructure;
+                else
+                    pBss->InfrastructureMode = Ndis802_11IBSS;
+
+                NdisMoveMemory(pBss->SupportedRates, pAd->ScanTab.BssEntry[i].SupRate, pAd->ScanTab.BssEntry[i].SupRateLen);
+                NdisMoveMemory(pBss->SupportedRates + pAd->ScanTab.BssEntry[i].SupRateLen,
+                               pAd->ScanTab.BssEntry[i].ExtRate,
+                               pAd->ScanTab.BssEntry[i].ExtRateLen);
+
+                if (pAd->ScanTab.BssEntry[i].VarIELen == 0)
+                {
+                    pBss->IELength = sizeof(NDIS_802_11_FIXED_IEs);
+                    NdisMoveMemory(pBss->IEs, &pAd->ScanTab.BssEntry[i].FixIEs, sizeof(NDIS_802_11_FIXED_IEs));
+                    pPtr = pPtr + sizeof(NDIS_WLAN_BSSID_EX) - 1 + sizeof(NDIS_802_11_FIXED_IEs);
+                }
+                else
+                {
+                    pBss->IELength = (ULONG)(sizeof(NDIS_802_11_FIXED_IEs) + pAd->ScanTab.BssEntry[i].VarIELen);
+                    pPtr = pPtr + sizeof(NDIS_WLAN_BSSID_EX) - 1 + sizeof(NDIS_802_11_FIXED_IEs);
+                    NdisMoveMemory(pBss->IEs, &pAd->ScanTab.BssEntry[i].FixIEs, sizeof(NDIS_802_11_FIXED_IEs));
+                    NdisMoveMemory(pBss->IEs + sizeof(NDIS_802_11_FIXED_IEs), pAd->ScanTab.BssEntry[i].VarIEs, pAd->ScanTab.BssEntry[i].VarIELen);
+                    pPtr += pAd->ScanTab.BssEntry[i].VarIELen;
+                }
+                pBss->Length = (ULONG)(sizeof(NDIS_WLAN_BSSID_EX) - 1 + sizeof(NDIS_802_11_FIXED_IEs) + pAd->ScanTab.BssEntry[i].VarIELen + Padding);
+
+#if WIRELESS_EXT < 17
+                if ((BssLen + pBss->Length) < wrq->u.data.length)
+                BssLen += pBss->Length;
+                else
+                {
+                    pBssidList->NumberOfItems = i;
+                    break;
+                }
+#else
+                BssLen += pBss->Length;
+#endif
+            }
+
+#if WIRELESS_EXT < 17
+            wrq->u.data.length = BssLen;
+#else
+            if (BssLen > wrq->u.data.length)
+            {
+                kfree(pBssidList);
+                return -E2BIG;
+            }
+            else
+                wrq->u.data.length = BssLen;
+#endif
+            Status = copy_to_user(wrq->u.data.pointer, pBssidList, BssLen);
+            kfree(pBssidList);
+            break;
+        case OID_802_3_CURRENT_ADDRESS:
+            wrq->u.data.length = MAC_ADDR_LEN;
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->CurrentAddress, wrq->u.data.length);
+            break;
+        case OID_GEN_MEDIA_CONNECT_STATUS:
+            if (pAd->IndicateMediaState == NdisMediaStateConnected)
+                MediaState = NdisMediaStateConnected;
+            else
+                MediaState = NdisMediaStateDisconnected;
+
+            wrq->u.data.length = sizeof(NDIS_MEDIA_STATE);
+            Status = copy_to_user(wrq->u.data.pointer, &MediaState, wrq->u.data.length);
+            break;
+        case OID_802_11_BSSID:
+            if (INFRA_ON(pAd) || ADHOC_ON(pAd))
+            {
+                Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.Bssid, sizeof(NDIS_802_11_MAC_ADDRESS));
+
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_BSSID(=EMPTY)\n"));
+                Status = -ENOTCONN;
+            }
+            break;
+        case OID_802_11_SSID:
+                       NdisZeroMemory(&Ssid, sizeof(NDIS_802_11_SSID));
+                       NdisZeroMemory(Ssid.Ssid, MAX_LEN_OF_SSID);
+            Ssid.SsidLength = pAd->CommonCfg.SsidLen;
+                       memcpy(Ssid.Ssid, pAd->CommonCfg.Ssid,  Ssid.SsidLength);
+            wrq->u.data.length = sizeof(NDIS_802_11_SSID);
+            Status = copy_to_user(wrq->u.data.pointer, &Ssid, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_SSID (Len=%d, ssid=%s)\n", Ssid.SsidLength,Ssid.Ssid));
+            break;
+        case RT_OID_802_11_QUERY_LINK_STATUS:
+            pLinkStatus = (RT_802_11_LINK_STATUS *) kmalloc(sizeof(RT_802_11_LINK_STATUS), MEM_ALLOC_FLAG);
+            if (pLinkStatus)
+            {
+                pLinkStatus->CurrTxRate = RateIdTo500Kbps[pAd->CommonCfg.TxRate];   // unit : 500 kbps
+                pLinkStatus->ChannelQuality = pAd->Mlme.ChannelQuality;
+                pLinkStatus->RxByteCount = pAd->RalinkCounters.ReceivedByteCount;
+                pLinkStatus->TxByteCount = pAd->RalinkCounters.TransmittedByteCount;
+                       pLinkStatus->CentralChannel = pAd->CommonCfg.CentralChannel;
+                wrq->u.data.length = sizeof(RT_802_11_LINK_STATUS);
+                Status = copy_to_user(wrq->u.data.pointer, pLinkStatus, wrq->u.data.length);
+                kfree(pLinkStatus);
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_LINK_STATUS\n"));
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_LINK_STATUS(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+        case OID_802_11_CONFIGURATION:
+            pConfiguration = (NDIS_802_11_CONFIGURATION *) kmalloc(sizeof(NDIS_802_11_CONFIGURATION), MEM_ALLOC_FLAG);
+            if (pConfiguration)
+            {
+                pConfiguration->Length = sizeof(NDIS_802_11_CONFIGURATION);
+                pConfiguration->BeaconPeriod = pAd->CommonCfg.BeaconPeriod;
+                pConfiguration->ATIMWindow = pAd->StaActive.AtimWin;
+                MAP_CHANNEL_ID_TO_KHZ(pAd->CommonCfg.Channel, pConfiguration->DSConfig);
+                wrq->u.data.length = sizeof(NDIS_802_11_CONFIGURATION);
+                Status = copy_to_user(wrq->u.data.pointer, pConfiguration, wrq->u.data.length);
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_CONFIGURATION(BeaconPeriod=%ld,AtimW=%ld,Channel=%d) \n",
+                                        pConfiguration->BeaconPeriod, pConfiguration->ATIMWindow, pAd->CommonCfg.Channel));
+                               kfree(pConfiguration);
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_CONFIGURATION(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+               case RT_OID_802_11_SNR_0:
+                       if ((pAd->StaCfg.LastSNR0 > 0))
+                       {
+                               ulInfo = ((0xeb - pAd->StaCfg.LastSNR0) * 3) /  16 ;
+                               wrq->u.data.length = sizeof(ulInfo);
+                               Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_SNR_0(0x=%lx)\n", ulInfo));
+                       }
+            else
+                           Status = -EFAULT;
+                       break;
+               case RT_OID_802_11_SNR_1:
+                       if ((pAd->Antenna.field.RxPath  > 1) &&
+                (pAd->StaCfg.LastSNR1 > 0))
+                       {
+                               ulInfo = ((0xeb - pAd->StaCfg.LastSNR1) * 3) /  16 ;
+                               wrq->u.data.length = sizeof(ulInfo);
+                               Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                               DBGPRINT(RT_DEBUG_TRACE,("Query::RT_OID_802_11_SNR_1(0x=%lx)\n",ulInfo));
+                       }
+                       else
+                               Status = -EFAULT;
+            DBGPRINT(RT_DEBUG_TRACE,("Query::RT_OID_802_11_SNR_1(pAd->StaCfg.LastSNR1=%d)\n",pAd->StaCfg.LastSNR1));
+                       break;
+        case OID_802_11_RSSI_TRIGGER:
+            ulInfo = pAd->StaCfg.RssiSample.LastRssi0 - pAd->BbpRssiToDbmDelta;
+            wrq->u.data.length = sizeof(ulInfo);
+            Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_RSSI_TRIGGER(=%ld)\n", ulInfo));
+            break;
+               case OID_802_11_RSSI:
+        case RT_OID_802_11_RSSI:
+                       ulInfo = pAd->StaCfg.RssiSample.LastRssi0;
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                       break;
+               case RT_OID_802_11_RSSI_1:
+            ulInfo = pAd->StaCfg.RssiSample.LastRssi1;
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                       break;
+        case RT_OID_802_11_RSSI_2:
+            ulInfo = pAd->StaCfg.RssiSample.LastRssi2;
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                       break;
+        case OID_802_11_STATISTICS:
+            pStatistics = (NDIS_802_11_STATISTICS *) kmalloc(sizeof(NDIS_802_11_STATISTICS), MEM_ALLOC_FLAG);
+            if (pStatistics)
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_STATISTICS \n"));
+                // add the most up-to-date h/w raw counters into software counters
+                           NICUpdateRawCounters(pAd);
+
+                // Sanity check for calculation of sucessful count
+                if (pAd->WlanCounters.TransmittedFragmentCount.QuadPart < pAd->WlanCounters.RetryCount.QuadPart)
+                    pAd->WlanCounters.TransmittedFragmentCount.QuadPart = pAd->WlanCounters.RetryCount.QuadPart;
+
+                pStatistics->TransmittedFragmentCount.QuadPart = pAd->WlanCounters.TransmittedFragmentCount.QuadPart;
+                pStatistics->MulticastTransmittedFrameCount.QuadPart = pAd->WlanCounters.MulticastTransmittedFrameCount.QuadPart;
+                pStatistics->FailedCount.QuadPart = pAd->WlanCounters.FailedCount.QuadPart;
+                pStatistics->RetryCount.QuadPart = pAd->WlanCounters.RetryCount.QuadPart;
+                pStatistics->MultipleRetryCount.QuadPart = pAd->WlanCounters.MultipleRetryCount.QuadPart;
+                pStatistics->RTSSuccessCount.QuadPart = pAd->WlanCounters.RTSSuccessCount.QuadPart;
+                pStatistics->RTSFailureCount.QuadPart = pAd->WlanCounters.RTSFailureCount.QuadPart;
+                pStatistics->ACKFailureCount.QuadPart = pAd->WlanCounters.ACKFailureCount.QuadPart;
+                pStatistics->FrameDuplicateCount.QuadPart = pAd->WlanCounters.FrameDuplicateCount.QuadPart;
+                pStatistics->ReceivedFragmentCount.QuadPart = pAd->WlanCounters.ReceivedFragmentCount.QuadPart;
+                pStatistics->MulticastReceivedFrameCount.QuadPart = pAd->WlanCounters.MulticastReceivedFrameCount.QuadPart;
+#ifdef DBG
+                pStatistics->FCSErrorCount = pAd->RalinkCounters.RealFcsErrCount;
+#else
+                pStatistics->FCSErrorCount.QuadPart = pAd->WlanCounters.FCSErrorCount.QuadPart;
+                pStatistics->FrameDuplicateCount.u.LowPart = pAd->WlanCounters.FrameDuplicateCount.u.LowPart / 100;
+#endif
+                wrq->u.data.length = sizeof(NDIS_802_11_STATISTICS);
+                Status = copy_to_user(wrq->u.data.pointer, pStatistics, wrq->u.data.length);
+                kfree(pStatistics);
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_STATISTICS(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+        case OID_GEN_RCV_OK:
+            ulInfo = pAd->Counters8023.GoodReceives;
+            wrq->u.data.length = sizeof(ulInfo);
+            Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+            break;
+        case OID_GEN_RCV_NO_BUFFER:
+            ulInfo = pAd->Counters8023.RxNoBuffer;
+            wrq->u.data.length = sizeof(ulInfo);
+            Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+            break;
+        case RT_OID_802_11_PHY_MODE:
+            ulInfo = (ULONG)pAd->CommonCfg.PhyMode;
+            wrq->u.data.length = sizeof(ulInfo);
+            Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_PHY_MODE (=%ld)\n", ulInfo));
+            break;
+        case RT_OID_802_11_STA_CONFIG:
+            pStaConfig = (RT_802_11_STA_CONFIG *) kmalloc(sizeof(RT_802_11_STA_CONFIG), MEM_ALLOC_FLAG);
+            if (pStaConfig)
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_STA_CONFIG\n"));
+                pStaConfig->EnableTxBurst = pAd->CommonCfg.bEnableTxBurst;
+                pStaConfig->EnableTurboRate = 0;
+                pStaConfig->UseBGProtection = pAd->CommonCfg.UseBGProtection;
+                pStaConfig->UseShortSlotTime = pAd->CommonCfg.bUseShortSlotTime;
+                //pStaConfig->AdhocMode = pAd->StaCfg.AdhocMode;
+                pStaConfig->HwRadioStatus = (pAd->StaCfg.bHwRadio == TRUE) ? 1 : 0;
+                pStaConfig->Rsv1 = 0;
+                pStaConfig->SystemErrorBitmap = pAd->SystemErrorBitmap;
+                wrq->u.data.length = sizeof(RT_802_11_STA_CONFIG);
+                Status = copy_to_user(wrq->u.data.pointer, pStaConfig, wrq->u.data.length);
+                kfree(pStaConfig);
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_STA_CONFIG(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+        case OID_802_11_RTS_THRESHOLD:
+            RtsThresh = pAd->CommonCfg.RtsThreshold;
+            wrq->u.data.length = sizeof(RtsThresh);
+            Status = copy_to_user(wrq->u.data.pointer, &RtsThresh, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_RTS_THRESHOLD(=%ld)\n", RtsThresh));
+            break;
+        case OID_802_11_FRAGMENTATION_THRESHOLD:
+            FragThresh = pAd->CommonCfg.FragmentThreshold;
+            if (pAd->CommonCfg.bUseZeroToDisableFragment == TRUE)
+                FragThresh = 0;
+            wrq->u.data.length = sizeof(FragThresh);
+            Status = copy_to_user(wrq->u.data.pointer, &FragThresh, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_FRAGMENTATION_THRESHOLD(=%ld)\n", FragThresh));
+            break;
+        case OID_802_11_POWER_MODE:
+            PowerMode = pAd->StaCfg.WindowsPowerMode;
+            wrq->u.data.length = sizeof(PowerMode);
+            Status = copy_to_user(wrq->u.data.pointer, &PowerMode, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_POWER_MODE(=%d)\n", PowerMode));
+            break;
+        case RT_OID_802_11_RADIO:
+            RadioState = (BOOLEAN) pAd->StaCfg.bSwRadio;
+            wrq->u.data.length = sizeof(RadioState);
+            Status = copy_to_user(wrq->u.data.pointer, &RadioState, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_RADIO (=%d)\n", RadioState));
+            break;
+        case OID_802_11_INFRASTRUCTURE_MODE:
+            if (pAd->StaCfg.BssType == BSS_ADHOC)
+                BssType = Ndis802_11IBSS;
+            else if (pAd->StaCfg.BssType == BSS_INFRA)
+                BssType = Ndis802_11Infrastructure;
+            else if (pAd->StaCfg.BssType == BSS_MONITOR)
+                BssType = Ndis802_11Monitor;
+            else
+                BssType = Ndis802_11AutoUnknown;
+
+            wrq->u.data.length = sizeof(BssType);
+            Status = copy_to_user(wrq->u.data.pointer, &BssType, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_INFRASTRUCTURE_MODE(=%d)\n", BssType));
+            break;
+        case RT_OID_802_11_PREAMBLE:
+            PreamType = pAd->CommonCfg.TxPreamble;
+            wrq->u.data.length = sizeof(PreamType);
+            Status = copy_to_user(wrq->u.data.pointer, &PreamType, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_PREAMBLE(=%d)\n", PreamType));
+            break;
+        case OID_802_11_AUTHENTICATION_MODE:
+            AuthMode = pAd->StaCfg.AuthMode;
+            wrq->u.data.length = sizeof(AuthMode);
+            Status = copy_to_user(wrq->u.data.pointer, &AuthMode, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_AUTHENTICATION_MODE(=%d)\n", AuthMode));
+            break;
+        case OID_802_11_WEP_STATUS:
+            WepStatus = pAd->StaCfg.WepStatus;
+            wrq->u.data.length = sizeof(WepStatus);
+            Status = copy_to_user(wrq->u.data.pointer, &WepStatus, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_WEP_STATUS(=%d)\n", WepStatus));
+            break;
+        case OID_802_11_TX_POWER_LEVEL:
+                       wrq->u.data.length = sizeof(ULONG);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.TxPower, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_TX_POWER_LEVEL %x\n",pAd->CommonCfg.TxPower));
+                       break;
+        case RT_OID_802_11_TX_POWER_LEVEL_1:
+            wrq->u.data.length = sizeof(ULONG);
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.TxPowerPercentage, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_TX_POWER_LEVEL_1 (=%ld)\n", pAd->CommonCfg.TxPowerPercentage));
+                       break;
+        case OID_802_11_NETWORK_TYPES_SUPPORTED:
+                       if ((pAd->RfIcType      == RFIC_2850) || (pAd->RfIcType ==      RFIC_2750) || (pAd->RfIcType == RFIC_3052))
+                       {
+                               NetworkTypeList[0] = 3;                 // NumberOfItems = 3
+                               NetworkTypeList[1] = Ndis802_11DS;      // NetworkType[1] = 11b
+                               NetworkTypeList[2] = Ndis802_11OFDM24;  // NetworkType[2] = 11g
+                               NetworkTypeList[3] = Ndis802_11OFDM5;   // NetworkType[3] = 11a
+                wrq->u.data.length = 16;
+                               Status = copy_to_user(wrq->u.data.pointer, &NetworkTypeList[0], wrq->u.data.length);
+                       }
+                       else
+                       {
+                               NetworkTypeList[0] = 2;                 // NumberOfItems = 2
+                               NetworkTypeList[1] = Ndis802_11DS;      // NetworkType[1] = 11b
+                               NetworkTypeList[2] = Ndis802_11OFDM24;  // NetworkType[2] = 11g
+                           wrq->u.data.length = 12;
+                               Status = copy_to_user(wrq->u.data.pointer, &NetworkTypeList[0], wrq->u.data.length);
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_NETWORK_TYPES_SUPPORTED\n"));
+                               break;
+           case OID_802_11_NETWORK_TYPE_IN_USE:
+            wrq->u.data.length = sizeof(ULONG);
+                       if (pAd->CommonCfg.PhyMode == PHY_11A)
+                               ulInfo = Ndis802_11OFDM5;
+                       else if ((pAd->CommonCfg.PhyMode == PHY_11BG_MIXED) || (pAd->CommonCfg.PhyMode == PHY_11G))
+                               ulInfo = Ndis802_11OFDM24;
+                       else
+                               ulInfo = Ndis802_11DS;
+            Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+                       break;
+        case RT_OID_802_11_QUERY_LAST_RX_RATE:
+            ulInfo = (ULONG)pAd->LastRxRate;
+            wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_LAST_RX_RATE (=%ld)\n", ulInfo));
+                       break;
+               case RT_OID_802_11_QUERY_LAST_TX_RATE:
+                       //ulInfo = (ULONG)pAd->LastTxRate;
+                       ulInfo = (ULONG)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word;
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo,     wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_LAST_TX_RATE (=%lx)\n", ulInfo));
+                       break;
+        case RT_OID_802_11_QUERY_EEPROM_VERSION:
+            wrq->u.data.length = sizeof(ULONG);
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->EepromVersion, wrq->u.data.length);
+            break;
+        case RT_OID_802_11_QUERY_FIRMWARE_VERSION:
+            wrq->u.data.length = sizeof(ULONG);
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->FirmwareVersion, wrq->u.data.length);
+                       break;
+           case RT_OID_802_11_QUERY_NOISE_LEVEL:
+                       wrq->u.data.length = sizeof(UCHAR);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->BbpWriteLatch[66], wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_NOISE_LEVEL (=%d)\n", pAd->BbpWriteLatch[66]));
+                       break;
+           case RT_OID_802_11_EXTRA_INFO:
+                       wrq->u.data.length = sizeof(ULONG);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->ExtraInfo, wrq->u.data.length);
+               DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_EXTRA_INFO (=%ld)\n", pAd->ExtraInfo));
+               break;
+           case RT_OID_WE_VERSION_COMPILED:
+               wrq->u.data.length = sizeof(UINT);
+               we_version_compiled = WIRELESS_EXT;
+               Status = copy_to_user(wrq->u.data.pointer, &we_version_compiled, wrq->u.data.length);
+               break;
+               case RT_OID_802_11_QUERY_APSD_SETTING:
+                       apsd = (pAd->CommonCfg.bAPSDCapable | (pAd->CommonCfg.bAPSDAC_BE << 1) | (pAd->CommonCfg.bAPSDAC_BK << 2)
+                               | (pAd->CommonCfg.bAPSDAC_VI << 3)      | (pAd->CommonCfg.bAPSDAC_VO << 4)      | (pAd->CommonCfg.MaxSPLength << 5));
+
+                       wrq->u.data.length = sizeof(ULONG);
+                       Status = copy_to_user(wrq->u.data.pointer, &apsd, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_APSD_SETTING (=0x%lx,APSDCap=%d,AC_BE=%d,AC_BK=%d,AC_VI=%d,AC_VO=%d,MAXSPLen=%d)\n",
+                               apsd,pAd->CommonCfg.bAPSDCapable,pAd->CommonCfg.bAPSDAC_BE,pAd->CommonCfg.bAPSDAC_BK,pAd->CommonCfg.bAPSDAC_VI,pAd->CommonCfg.bAPSDAC_VO,pAd->CommonCfg.MaxSPLength));
+                       break;
+               case RT_OID_802_11_QUERY_APSD_PSM:
+                       wrq->u.data.length = sizeof(ULONG);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.bAPSDForcePowerSave, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_APSD_PSM (=%d)\n", pAd->CommonCfg.bAPSDForcePowerSave));
+                       break;
+               case RT_OID_802_11_QUERY_WMM:
+                       wrq->u.data.length = sizeof(BOOLEAN);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.bWmmCapable, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_WMM (=%d)\n",     pAd->CommonCfg.bWmmCapable));
+                       break;
+#ifdef WPA_SUPPLICANT_SUPPORT
+        case RT_OID_NEW_DRIVER:
+            {
+                UCHAR enabled = 1;
+               wrq->u.data.length = sizeof(UCHAR);
+               Status = copy_to_user(wrq->u.data.pointer, &enabled, wrq->u.data.length);
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_NEW_DRIVER (=%d)\n", enabled));
+            }
+               break;
+        case RT_OID_WPA_SUPPLICANT_SUPPORT:
+               wrq->u.data.length = sizeof(UCHAR);
+               Status = copy_to_user(wrq->u.data.pointer, &pAd->StaCfg.WpaSupplicantUP, wrq->u.data.length);
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_WPA_SUPPLICANT_SUPPORT (=%d)\n", pAd->StaCfg.WpaSupplicantUP));
+               break;
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+        case RT_OID_DRIVER_DEVICE_NAME:
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_DRIVER_DEVICE_NAME \n"));
+                       wrq->u.data.length = 16;
+                       if (copy_to_user(wrq->u.data.pointer, pAd->StaCfg.dev_name, wrq->u.data.length))
+                       {
+                               Status = -EFAULT;
+                       }
+            break;
+        case RT_OID_802_11_QUERY_HT_PHYMODE:
+            pHTPhyMode = (OID_SET_HT_PHYMODE *) kmalloc(sizeof(OID_SET_HT_PHYMODE), MEM_ALLOC_FLAG);
+            if (pHTPhyMode)
+            {
+                pHTPhyMode->PhyMode = pAd->CommonCfg.PhyMode;
+                       pHTPhyMode->HtMode = (UCHAR)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MODE;
+                       pHTPhyMode->BW = (UCHAR)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.BW;
+                       pHTPhyMode->MCS= (UCHAR)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.MCS;
+                       pHTPhyMode->SHORTGI= (UCHAR)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.ShortGI;
+                       pHTPhyMode->STBC= (UCHAR)pAd->MacTab.Content[BSSID_WCID].HTPhyMode.field.STBC;
+
+                       pHTPhyMode->ExtOffset = ((pAd->CommonCfg.CentralChannel < pAd->CommonCfg.Channel) ? (EXTCHA_BELOW) : (EXTCHA_ABOVE));
+                wrq->u.data.length = sizeof(OID_SET_HT_PHYMODE);
+                if (copy_to_user(wrq->u.data.pointer, pHTPhyMode, wrq->u.data.length))
+                       {
+                               Status = -EFAULT;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_HT_PHYMODE (PhyMode = %d, MCS =%d, BW = %d, STBC = %d, ExtOffset=%d)\n",
+                               pHTPhyMode->HtMode, pHTPhyMode->MCS, pHTPhyMode->BW, pHTPhyMode->STBC, pHTPhyMode->ExtOffset));
+                       DBGPRINT(RT_DEBUG_TRACE, (" MlmeUpdateTxRates (.word = %x )\n", pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word));
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_STA_CONFIG(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+        case RT_OID_802_11_COUNTRY_REGION:
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_COUNTRY_REGION \n"));
+                       wrq->u.data.length = sizeof(ulInfo);
+            ulInfo = pAd->CommonCfg.CountryRegionForABand;
+            ulInfo = (ulInfo << 8)|(pAd->CommonCfg.CountryRegion);
+                       if (copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length))
+            {
+                               Status = -EFAULT;
+            }
+            break;
+        case RT_OID_802_11_QUERY_DAT_HT_PHYMODE:
+            pHTPhyMode = (OID_SET_HT_PHYMODE *) kmalloc(sizeof(OID_SET_HT_PHYMODE), MEM_ALLOC_FLAG);
+            if (pHTPhyMode)
+            {
+                pHTPhyMode->PhyMode = pAd->CommonCfg.PhyMode;
+                       pHTPhyMode->HtMode = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.HTMODE;
+                       pHTPhyMode->BW = (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.BW;
+                       pHTPhyMode->MCS= (UCHAR)pAd->StaCfg.DesiredTransmitSetting.field.MCS;
+                       pHTPhyMode->SHORTGI= (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.ShortGI;
+                       pHTPhyMode->STBC= (UCHAR)pAd->CommonCfg.RegTransmitSetting.field.STBC;
+
+                wrq->u.data.length = sizeof(OID_SET_HT_PHYMODE);
+                if (copy_to_user(wrq->u.data.pointer, pHTPhyMode, wrq->u.data.length))
+                       {
+                               Status = -EFAULT;
+                       }
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_HT_PHYMODE (PhyMode = %d, MCS =%d, BW = %d, STBC = %d, ExtOffset=%d)\n",
+                               pHTPhyMode->HtMode, pHTPhyMode->MCS, pHTPhyMode->BW, pHTPhyMode->STBC, pHTPhyMode->ExtOffset));
+                       DBGPRINT(RT_DEBUG_TRACE, (" MlmeUpdateTxRates (.word = %x )\n", pAd->MacTab.Content[BSSID_WCID].HTPhyMode.word));
+            }
+            else
+            {
+                DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_STA_CONFIG(kmalloc failed)\n"));
+                Status = -EFAULT;
+            }
+            break;
+        case RT_OID_QUERY_MULTIPLE_CARD_SUPPORT:
+                       wrq->u.data.length = sizeof(UCHAR);
+            i = 0;
+#ifdef MULTIPLE_CARD_SUPPORT
+            i = 1;
+#endif // MULTIPLE_CARD_SUPPORT //
+                       if (copy_to_user(wrq->u.data.pointer, &i, wrq->u.data.length))
+            {
+                               Status = -EFAULT;
+            }
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_QUERY_MULTIPLE_CARD_SUPPORT(=%d) \n", i));
+            break;
+#ifdef SNMP_SUPPORT
+               case RT_OID_802_11_MAC_ADDRESS:
+            wrq->u.data.length = MAC_ADDR_LEN;
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->CurrentAddress, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_MANUFACTUREROUI:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_MANUFACTUREROUI \n"));
+                       wrq->u.data.length = ManufacturerOUI_LEN;
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CurrentAddress, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_MANUFACTURERNAME:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_MANUFACTURERNAME \n"));
+                       wrq->u.data.length = strlen(ManufacturerNAME);
+                       Status = copy_to_user(wrq->u.data.pointer, ManufacturerNAME, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_RESOURCETYPEIDNAME:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_RESOURCETYPEIDNAME \n"));
+                       wrq->u.data.length = strlen(ResourceTypeIdName);
+                       Status = copy_to_user(wrq->u.data.pointer, ResourceTypeIdName, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_PRIVACYOPTIONIMPLEMENTED:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_PRIVACYOPTIONIMPLEMENTED \n"));
+                       ulInfo = 1; // 1 is support wep else 2 is not support.
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_POWERMANAGEMENTMODE:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_POWERMANAGEMENTMODE \n"));
+                       if (pAd->StaCfg.Psm == PSMP_ACTION)
+                               ulInfo = 1; // 1 is power active else 2 is power save.
+                       else
+                               ulInfo = 2;
+
+                       wrq->u.data.length = sizeof(ulInfo);
+                       Status = copy_to_user(wrq->u.data.pointer, &ulInfo, wrq->u.data.length);
+                       break;
+
+               case OID_802_11_WEPDEFAULTKEYVALUE:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_WEPDEFAULTKEYVALUE \n"));
+                       //KeyIdxValue.KeyIdx = pAd->PortCfg.MBSSID[pAd->IoctlIF].DefaultKeyId;
+                       pKeyIdxValue = wrq->u.data.pointer;
+                       DBGPRINT(RT_DEBUG_TRACE,("KeyIdxValue.KeyIdx = %d, \n",pKeyIdxValue->KeyIdx));
+                       valueLen = pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen;
+                       NdisMoveMemory(pKeyIdxValue->Value,
+                                                  &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].Key,
+                                                  valueLen);
+                       pKeyIdxValue->Value[valueLen]='\0';
+
+                       wrq->u.data.length = sizeof(DefaultKeyIdxValue);
+
+                       Status = copy_to_user(wrq->u.data.pointer, pKeyIdxValue, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE,("DefaultKeyId = %d, total len = %d, str len=%d, KeyValue= %02x %02x %02x %02x \n",
+                                                                               pAd->StaCfg.DefaultKeyId,
+                                                                               wrq->u.data.length,
+                                                                               pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen,
+                                                                               pAd->SharedKey[BSS0][0].Key[0],
+                                                                               pAd->SharedKey[BSS0][1].Key[0],
+                                                                               pAd->SharedKey[BSS0][2].Key[0],
+                                                                               pAd->SharedKey[BSS0][3].Key[0]));
+                       break;
+
+               case OID_802_11_WEPDEFAULTKEYID:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_WEPDEFAULTKEYID \n"));
+                       wrq->u.data.length = sizeof(UCHAR);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->StaCfg.DefaultKeyId, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("DefaultKeyId =%d \n", pAd->StaCfg.DefaultKeyId));
+                       break;
+
+               case RT_OID_802_11_WEPKEYMAPPINGLENGTH:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_WEPKEYMAPPINGLENGTH \n"));
+                       wrq->u.data.length = sizeof(UCHAR);
+                       Status = copy_to_user(wrq->u.data.pointer,
+                                                                       &pAd->SharedKey[BSS0][pAd->StaCfg.DefaultKeyId].KeyLen,
+                                                                       wrq->u.data.length);
+                       break;
+
+               case OID_802_11_SHORTRETRYLIMIT:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_SHORTRETRYLIMIT \n"));
+                       wrq->u.data.length = sizeof(ULONG);
+                       RTMP_IO_READ32(pAd, TX_RTY_CFG, &tx_rty_cfg.word);
+                       ShortRetryLimit = tx_rty_cfg.field.ShortRtyLimit;
+                       DBGPRINT(RT_DEBUG_TRACE, ("ShortRetryLimit =%ld,  tx_rty_cfg.field.ShortRetryLimit=%d\n", ShortRetryLimit, tx_rty_cfg.field.ShortRtyLimit));
+                       Status = copy_to_user(wrq->u.data.pointer, &ShortRetryLimit, wrq->u.data.length);
+                       break;
+
+               case OID_802_11_LONGRETRYLIMIT:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_LONGRETRYLIMIT \n"));
+                       wrq->u.data.length = sizeof(ULONG);
+                       RTMP_IO_READ32(pAd, TX_RTY_CFG, &tx_rty_cfg.word);
+                       LongRetryLimit = tx_rty_cfg.field.LongRtyLimit;
+                       DBGPRINT(RT_DEBUG_TRACE, ("LongRetryLimit =%ld,  tx_rty_cfg.field.LongRtyLimit=%d\n", LongRetryLimit, tx_rty_cfg.field.LongRtyLimit));
+                       Status = copy_to_user(wrq->u.data.pointer, &LongRetryLimit, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_PRODUCTID:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_PRODUCTID \n"));
+
+#ifdef RTMP_MAC_PCI
+                       {
+
+                               USHORT  device_id;
+                               if (((POS_COOKIE)pAd->OS_Cookie)->pci_dev != NULL)
+                               pci_read_config_word(((POS_COOKIE)pAd->OS_Cookie)->pci_dev, PCI_DEVICE_ID, &device_id);
+                               else
+                                       DBGPRINT(RT_DEBUG_TRACE, (" pci_dev = NULL\n"));
+                               sprintf((PSTRING)tmp, "%04x %04x\n", NIC_PCI_VENDOR_ID, device_id);
+                       }
+#endif // RTMP_MAC_PCI //
+                       wrq->u.data.length = strlen((PSTRING)tmp);
+                       Status = copy_to_user(wrq->u.data.pointer, tmp, wrq->u.data.length);
+                       break;
+
+               case RT_OID_802_11_MANUFACTUREID:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_MANUFACTUREID \n"));
+                       wrq->u.data.length = strlen(ManufacturerNAME);
+                       Status = copy_to_user(wrq->u.data.pointer, ManufacturerNAME, wrq->u.data.length);
+                       break;
+
+               case OID_802_11_CURRENTCHANNEL:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_CURRENTCHANNEL \n"));
+                       wrq->u.data.length = sizeof(UCHAR);
+                       DBGPRINT(RT_DEBUG_TRACE, ("sizeof UCHAR=%d, channel=%d \n", sizeof(UCHAR), pAd->CommonCfg.Channel));
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.Channel, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Status=%d\n", Status));
+                       break;
+#endif //SNMP_SUPPORT
+
+               case OID_802_11_BUILD_CHANNEL_EX:
+                       {
+                               UCHAR value;
+                               DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_BUILD_CHANNEL_EX \n"));
+                               wrq->u.data.length = sizeof(UCHAR);
+#ifdef EXT_BUILD_CHANNEL_LIST
+                               DBGPRINT(RT_DEBUG_TRACE, ("Support EXT_BUILD_CHANNEL_LIST.\n"));
+                               value = 1;
+#else
+                               DBGPRINT(RT_DEBUG_TRACE, ("Doesn't support EXT_BUILD_CHANNEL_LIST.\n"));
+                               value = 0;
+#endif // EXT_BUILD_CHANNEL_LIST //
+                               Status = copy_to_user(wrq->u.data.pointer, &value, 1);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Status=%d\n", Status));
+                       }
+                       break;
+
+               case OID_802_11_GET_CH_LIST:
+                       {
+                               PRT_CHANNEL_LIST_INFO pChListBuf;
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_GET_CH_LIST \n"));
+                               if (pAd->ChannelListNum == 0)
+                               {
+                                       wrq->u.data.length = 0;
+                                       break;
+                               }
+
+                               pChListBuf = (RT_CHANNEL_LIST_INFO *) kmalloc(sizeof(RT_CHANNEL_LIST_INFO), MEM_ALLOC_FLAG);
+                               if (pChListBuf == NULL)
+                               {
+                                       wrq->u.data.length = 0;
+                                       break;
+                               }
+
+                               pChListBuf->ChannelListNum = pAd->ChannelListNum;
+                               for (i = 0; i < pChListBuf->ChannelListNum; i++)
+                                       pChListBuf->ChannelList[i] = pAd->ChannelList[i].Channel;
+
+                               wrq->u.data.length = sizeof(RT_CHANNEL_LIST_INFO);
+                               Status = copy_to_user(wrq->u.data.pointer, pChListBuf, sizeof(RT_CHANNEL_LIST_INFO));
+                               DBGPRINT(RT_DEBUG_TRACE, ("Status=%d\n", Status));
+
+                               if (pChListBuf)
+                                       kfree(pChListBuf);
+                       }
+                       break;
+
+               case OID_802_11_GET_COUNTRY_CODE:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_GET_COUNTRY_CODE \n"));
+                       wrq->u.data.length = 2;
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.CountryCode, 2);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Status=%d\n", Status));
+                       break;
+
+               case OID_802_11_GET_CHANNEL_GEOGRAPHY:
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_GET_CHANNEL_GEOGRAPHY \n"));
+                       wrq->u.data.length = 1;
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.Geography, 1);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Status=%d\n", Status));
+                       break;
+
+
+#ifdef QOS_DLS_SUPPORT
+               case RT_OID_802_11_QUERY_DLS:
+                       wrq->u.data.length = sizeof(BOOLEAN);
+                       Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.bDLSCapable, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_DLS(=%d)\n", pAd->CommonCfg.bDLSCapable));
+                       break;
+
+               case RT_OID_802_11_QUERY_DLS_PARAM:
+                       {
+                               PRT_802_11_DLS_INFO     pDlsInfo = kmalloc(sizeof(RT_802_11_DLS_INFO), GFP_ATOMIC);
+                               if (pDlsInfo == NULL)
+                                       break;
+
+                               for (i=0; i<MAX_NUM_OF_DLS_ENTRY; i++)
+                               {
+                                       RTMPMoveMemory(&pDlsInfo->Entry[i], &pAd->StaCfg.DLSEntry[i], sizeof(RT_802_11_DLS_UI));
+                               }
+
+                               pDlsInfo->num = MAX_NUM_OF_DLS_ENTRY;
+                               wrq->u.data.length = sizeof(RT_802_11_DLS_INFO);
+                               Status = copy_to_user(wrq->u.data.pointer, pDlsInfo, wrq->u.data.length);
+                               DBGPRINT(RT_DEBUG_TRACE, ("Query::RT_OID_802_11_QUERY_DLS_PARAM\n"));
+
+                               if (pDlsInfo)
+                                       kfree(pDlsInfo);
+                       }
+                       break;
+#endif // QOS_DLS_SUPPORT //
+
+               case OID_802_11_SET_PSPXLINK_MODE:
+                       wrq->u.data.length = sizeof(BOOLEAN);
+            Status = copy_to_user(wrq->u.data.pointer, &pAd->CommonCfg.PSPXlink, wrq->u.data.length);
+                       DBGPRINT(RT_DEBUG_TRACE, ("Query::OID_802_11_SET_PSPXLINK_MODE(=%d)\n", pAd->CommonCfg.PSPXlink));
+                       break;
+
+
+        default:
+            DBGPRINT(RT_DEBUG_TRACE, ("Query::unknown IOCTL's subcmd = 0x%08x\n", cmd));
+            Status = -EOPNOTSUPP;
+            break;
+    }
+    return Status;
+}
+
+INT rt28xx_sta_ioctl(
+       IN      struct net_device       *net_dev,
+       IN      OUT     struct ifreq    *rq,
+       IN      INT                                     cmd)
+{
+       POS_COOKIE                      pObj;
+       RTMP_ADAPTER        *pAd = NULL;
+       struct iwreq        *wrq = (struct iwreq *) rq;
+       BOOLEAN                         StateMachineTouched = FALSE;
+       INT                                     Status = NDIS_STATUS_SUCCESS;
+       USHORT                          subcmd;
+
+
+       pAd = RTMP_OS_NETDEV_GET_PRIV(net_dev);
+       if (pAd == NULL)
+       {
+               /* if 1st open fail, pAd will be free;
+                  So the net_dev->priv will be NULL in 2rd open */
+               return -ENETDOWN;
+       }
+       pObj = (POS_COOKIE) pAd->OS_Cookie;
+
+    //check if the interface is down
+    if(!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+    {
+#ifdef CONFIG_APSTA_MIXED_SUPPORT
+           if (wrq->u.data.pointer == NULL)
+           {
+                   return Status;
+           }
+
+           if (strstr(wrq->u.data.pointer, "OpMode") == NULL)
+#endif // CONFIG_APSTA_MIXED_SUPPORT //
+               {
+            DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+                   return -ENETDOWN;
+        }
+    }
+
+       {       // determine this ioctl command is comming from which interface.
+               pObj->ioctl_if_type = INT_MAIN;
+               pObj->ioctl_if = MAIN_MBSSID;
+       }
+
+       switch(cmd)
+       {
+#ifdef RALINK_ATE
+#ifdef RALINK_28xx_QA
+               case RTPRIV_IOCTL_ATE:
+                       {
+                               RtmpDoAte(pAd, wrq);
+                       }
+                       break;
+#endif // RALINK_28xx_QA //
+#endif // RALINK_ATE //
+        case SIOCGIFHWADDR:
+                       DBGPRINT(RT_DEBUG_TRACE, ("IOCTL::SIOCGIFHWADDR\n"));
+                       memcpy(wrq->u.name, pAd->CurrentAddress, ETH_ALEN);
+                       break;
+               case SIOCGIWNAME:
+        {
+               char *name=&wrq->u.name[0];
+               rt_ioctl_giwname(net_dev, NULL, name, NULL);
+            break;
+               }
+               case SIOCGIWESSID:  //Get ESSID
+        {
+               struct iw_point *essid=&wrq->u.essid;
+               rt_ioctl_giwessid(net_dev, NULL, essid, essid->pointer);
+            break;
+               }
+               case SIOCSIWESSID:  //Set ESSID
+               {
+               struct iw_point *essid=&wrq->u.essid;
+               rt_ioctl_siwessid(net_dev, NULL, essid, essid->pointer);
+            break;
+               }
+               case SIOCSIWNWID:   // set network id (the cell)
+               case SIOCGIWNWID:   // get network id
+                       Status = -EOPNOTSUPP;
+                       break;
+               case SIOCSIWFREQ:   //set channel/frequency (Hz)
+               {
+               struct iw_freq *freq=&wrq->u.freq;
+               rt_ioctl_siwfreq(net_dev, NULL, freq, NULL);
+                       break;
+               }
+               case SIOCGIWFREQ:   // get channel/frequency (Hz)
+               {
+               struct iw_freq *freq=&wrq->u.freq;
+               rt_ioctl_giwfreq(net_dev, NULL, freq, NULL);
+                       break;
+               }
+               case SIOCSIWNICKN: //set node name/nickname
+               {
+               //struct iw_point *data=&wrq->u.data;
+               //rt_ioctl_siwnickn(net_dev, NULL, data, NULL);
+                       break;
+                       }
+               case SIOCGIWNICKN: //get node name/nickname
+        {
+                       struct iw_point *erq = NULL;
+               erq = &wrq->u.data;
+            erq->length = strlen((PSTRING) pAd->nickname);
+            Status = copy_to_user(erq->pointer, pAd->nickname, erq->length);
+                       break;
+               }
+               case SIOCGIWRATE:   //get default bit rate (bps)
+                   rt_ioctl_giwrate(net_dev, NULL, &wrq->u, NULL);
+            break;
+           case SIOCSIWRATE:  //set default bit rate (bps)
+               rt_ioctl_siwrate(net_dev, NULL, &wrq->u, NULL);
+            break;
+        case SIOCGIWRTS:  // get RTS/CTS threshold (bytes)
+               {
+               struct iw_param *rts=&wrq->u.rts;
+               rt_ioctl_giwrts(net_dev, NULL, rts, NULL);
+            break;
+               }
+        case SIOCSIWRTS:  //set RTS/CTS threshold (bytes)
+               {
+               struct iw_param *rts=&wrq->u.rts;
+               rt_ioctl_siwrts(net_dev, NULL, rts, NULL);
+            break;
+               }
+        case SIOCGIWFRAG:  //get fragmentation thr (bytes)
+               {
+               struct iw_param *frag=&wrq->u.frag;
+               rt_ioctl_giwfrag(net_dev, NULL, frag, NULL);
+            break;
+               }
+        case SIOCSIWFRAG:  //set fragmentation thr (bytes)
+               {
+               struct iw_param *frag=&wrq->u.frag;
+               rt_ioctl_siwfrag(net_dev, NULL, frag, NULL);
+            break;
+               }
+        case SIOCGIWENCODE:  //get encoding token & mode
+               {
+               struct iw_point *erq=&wrq->u.encoding;
+               if(erq)
+                       rt_ioctl_giwencode(net_dev, NULL, erq, erq->pointer);
+            break;
+               }
+        case SIOCSIWENCODE:  //set encoding token & mode
+               {
+               struct iw_point *erq=&wrq->u.encoding;
+               if(erq)
+                       rt_ioctl_siwencode(net_dev, NULL, erq, erq->pointer);
+            break;
+               }
+               case SIOCGIWAP:     //get access point MAC addresses
+               {
+               struct sockaddr *ap_addr=&wrq->u.ap_addr;
+               rt_ioctl_giwap(net_dev, NULL, ap_addr, ap_addr->sa_data);
+                       break;
+               }
+           case SIOCSIWAP:  //set access point MAC addresses
+               {
+               struct sockaddr *ap_addr=&wrq->u.ap_addr;
+               rt_ioctl_siwap(net_dev, NULL, ap_addr, ap_addr->sa_data);
+            break;
+               }
+               case SIOCGIWMODE:   //get operation mode
+               {
+               __u32 *mode=&wrq->u.mode;
+               rt_ioctl_giwmode(net_dev, NULL, mode, NULL);
+            break;
+               }
+               case SIOCSIWMODE:   //set operation mode
+               {
+               __u32 *mode=&wrq->u.mode;
+               rt_ioctl_siwmode(net_dev, NULL, mode, NULL);
+            break;
+               }
+               case SIOCGIWSENS:   //get sensitivity (dBm)
+               case SIOCSIWSENS:       //set sensitivity (dBm)
+               case SIOCGIWPOWER:  //get Power Management settings
+               case SIOCSIWPOWER:  //set Power Management settings
+               case SIOCGIWTXPOW:  //get transmit power (dBm)
+               case SIOCSIWTXPOW:  //set transmit power (dBm)
+               case SIOCGIWRANGE:      //Get range of parameters
+               case SIOCGIWRETRY:      //get retry limits and lifetime
+               case SIOCSIWRETRY:      //set retry limits and lifetime
+                       Status = -EOPNOTSUPP;
+                       break;
+               case RT_PRIV_IOCTL:
+        case RT_PRIV_IOCTL_EXT:
+                       subcmd = wrq->u.data.flags;
+                       if( subcmd & OID_GET_SET_TOGGLE)
+                               Status = RTMPSetInformation(pAd, rq, subcmd);
+                       else
+                               Status = RTMPQueryInformation(pAd, rq, subcmd);
+                       break;
+               case SIOCGIWPRIV:
+                       if (wrq->u.data.pointer)
+                       {
+                               if ( access_ok(VERIFY_WRITE, wrq->u.data.pointer, sizeof(privtab)) != TRUE)
+                                       break;
+                               wrq->u.data.length = sizeof(privtab) / sizeof(privtab[0]);
+                               if (copy_to_user(wrq->u.data.pointer, privtab, sizeof(privtab)))
+                                       Status = -EFAULT;
+                       }
+                       break;
+               case RTPRIV_IOCTL_SET:
+                       if(access_ok(VERIFY_READ, wrq->u.data.pointer, wrq->u.data.length) != TRUE)
+                                       break;
+                       rt_ioctl_setparam(net_dev, NULL, NULL, wrq->u.data.pointer);
+                       break;
+               case RTPRIV_IOCTL_GSITESURVEY:
+                       RTMPIoctlGetSiteSurvey(pAd, wrq);
+                   break;
+#ifdef DBG
+               case RTPRIV_IOCTL_MAC:
+                       RTMPIoctlMAC(pAd, wrq);
+                       break;
+               case RTPRIV_IOCTL_E2P:
+                       RTMPIoctlE2PROM(pAd, wrq);
+                       break;
+#ifdef RTMP_RF_RW_SUPPORT
+               case RTPRIV_IOCTL_RF:
+                       RTMPIoctlRF(pAd, wrq);
+                       break;
+#endif // RTMP_RF_RW_SUPPORT //
+#endif // DBG //
+
+        case SIOCETHTOOL:
+                break;
+               default:
+                       DBGPRINT(RT_DEBUG_ERROR, ("IOCTL::unknown IOCTL's cmd = 0x%08x\n", cmd));
+                       Status = -EOPNOTSUPP;
+                       break;
+       }
+
+    if(StateMachineTouched) // Upper layer sent a MLME-related operations
+       RTMP_MLME_HANDLER(pAd);
+
+       return Status;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set SSID
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_SSID_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    NDIS_802_11_SSID                    Ssid, *pSsid=NULL;
+    BOOLEAN                             StateMachineTouched = FALSE;
+    int                                 success = TRUE;
+
+    if( strlen(arg) <= MAX_LEN_OF_SSID)
+    {
+        NdisZeroMemory(&Ssid, sizeof(NDIS_802_11_SSID));
+        if (strlen(arg) != 0)
+        {
+            NdisMoveMemory(Ssid.Ssid, arg, strlen(arg));
+            Ssid.SsidLength = strlen(arg);
+        }
+        else   //ANY ssid
+        {
+            Ssid.SsidLength = 0;
+           memcpy(Ssid.Ssid, "", 0);
+               pAdapter->StaCfg.BssType = BSS_INFRA;
+               pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+        pAdapter->StaCfg.WepStatus  = Ndis802_11EncryptionDisabled;
+       }
+        pSsid = &Ssid;
+
+        if (pAdapter->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+        {
+            RTMP_MLME_RESET_STATE_MACHINE(pAdapter);
+            DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+        }
+
+               if ((pAdapter->StaCfg.WpaPassPhraseLen >= 8) &&
+                       (pAdapter->StaCfg.WpaPassPhraseLen <= 64))
+               {
+                       STRING passphrase_str[65] = {0};
+                       UCHAR keyMaterial[40];
+
+                       RTMPMoveMemory(passphrase_str, pAdapter->StaCfg.WpaPassPhrase, pAdapter->StaCfg.WpaPassPhraseLen);
+                       RTMPZeroMemory(pAdapter->StaCfg.PMK, 32);
+                       if (pAdapter->StaCfg.WpaPassPhraseLen == 64)
+                       {
+                           AtoH((PSTRING) pAdapter->StaCfg.WpaPassPhrase, pAdapter->StaCfg.PMK, 32);
+                       }
+                       else
+                       {
+                           PasswordHash((PSTRING) pAdapter->StaCfg.WpaPassPhrase, Ssid.Ssid, Ssid.SsidLength, keyMaterial);
+                           NdisMoveMemory(pAdapter->StaCfg.PMK, keyMaterial, 32);
+                       }
+               }
+
+        pAdapter->MlmeAux.CurrReqIsFromNdis = TRUE;
+        pAdapter->StaCfg.bScanReqIsFromWebUI = FALSE;
+               pAdapter->bConfigChanged = TRUE;
+
+        MlmeEnqueue(pAdapter,
+                    MLME_CNTL_STATE_MACHINE,
+                    OID_802_11_SSID,
+                    sizeof(NDIS_802_11_SSID),
+                    (VOID *)pSsid);
+
+        StateMachineTouched = TRUE;
+        DBGPRINT(RT_DEBUG_TRACE, ("Set_SSID_Proc::(Len=%d,Ssid=%s)\n", Ssid.SsidLength, Ssid.Ssid));
+    }
+    else
+        success = FALSE;
+
+    if (StateMachineTouched) // Upper layer sent a MLME-related operations
+       RTMP_MLME_HANDLER(pAdapter);
+
+    return success;
+}
+
+#ifdef WMM_SUPPORT
+/*
+    ==========================================================================
+    Description:
+        Set WmmCapable Enable or Disable
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT    Set_WmmCapable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       BOOLEAN bWmmCapable;
+
+       bWmmCapable = simple_strtol(arg, 0, 10);
+
+       if ((bWmmCapable == 1)
+               )
+               pAd->CommonCfg.bWmmCapable = TRUE;
+       else if (bWmmCapable == 0)
+               pAd->CommonCfg.bWmmCapable = FALSE;
+       else
+               return FALSE;  //Invalid argument
+
+       DBGPRINT(RT_DEBUG_TRACE, ("Set_WmmCapable_Proc::(bWmmCapable=%d)\n",
+               pAd->CommonCfg.bWmmCapable));
+
+       return TRUE;
+}
+#endif // WMM_SUPPORT //
+
+/*
+    ==========================================================================
+    Description:
+        Set Network Type(Infrastructure/Adhoc mode)
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_NetworkType_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    UINT32     Value = 0;
+
+    if (strcmp(arg, "Adhoc") == 0)
+       {
+               if (pAdapter->StaCfg.BssType != BSS_ADHOC)
+               {
+                       // Config has changed
+                       pAdapter->bConfigChanged = TRUE;
+            if (MONITOR_ON(pAdapter))
+            {
+                RTMP_IO_WRITE32(pAdapter, RX_FILTR_CFG, STANORMAL);
+                RTMP_IO_READ32(pAdapter, MAC_SYS_CTRL, &Value);
+                               Value &= (~0x80);
+                               RTMP_IO_WRITE32(pAdapter, MAC_SYS_CTRL, Value);
+                OPSTATUS_CLEAR_FLAG(pAdapter, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                pAdapter->StaCfg.bAutoReconnect = TRUE;
+                LinkDown(pAdapter, FALSE);
+            }
+                       if (INFRA_ON(pAdapter))
+                       {
+                               //BOOLEAN Cancelled;
+                               // Set the AutoReconnectSsid to prevent it reconnect to old SSID
+                               // Since calling this indicate user don't want to connect to that SSID anymore.
+                               pAdapter->MlmeAux.AutoReconnectSsidLen= 32;
+                               NdisZeroMemory(pAdapter->MlmeAux.AutoReconnectSsid, pAdapter->MlmeAux.AutoReconnectSsidLen);
+
+                               LinkDown(pAdapter, FALSE);
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("NDIS_STATUS_MEDIA_DISCONNECT Event BB!\n"));
+                       }
+               }
+               pAdapter->StaCfg.BssType = BSS_ADHOC;
+        pAdapter->net_dev->type = pAdapter->StaCfg.OriDevType;
+               DBGPRINT(RT_DEBUG_TRACE, ("===>Set_NetworkType_Proc::(AD-HOC)\n"));
+       }
+    else if (strcmp(arg, "Infra") == 0)
+       {
+               if (pAdapter->StaCfg.BssType != BSS_INFRA)
+               {
+                       // Config has changed
+                       pAdapter->bConfigChanged = TRUE;
+            if (MONITOR_ON(pAdapter))
+            {
+                RTMP_IO_WRITE32(pAdapter, RX_FILTR_CFG, STANORMAL);
+                RTMP_IO_READ32(pAdapter, MAC_SYS_CTRL, &Value);
+                               Value &= (~0x80);
+                               RTMP_IO_WRITE32(pAdapter, MAC_SYS_CTRL, Value);
+                OPSTATUS_CLEAR_FLAG(pAdapter, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                pAdapter->StaCfg.bAutoReconnect = TRUE;
+                LinkDown(pAdapter, FALSE);
+            }
+                       if (ADHOC_ON(pAdapter))
+                       {
+                               // Set the AutoReconnectSsid to prevent it reconnect to old SSID
+                               // Since calling this indicate user don't want to connect to that SSID anymore.
+                               pAdapter->MlmeAux.AutoReconnectSsidLen= 32;
+                               NdisZeroMemory(pAdapter->MlmeAux.AutoReconnectSsid, pAdapter->MlmeAux.AutoReconnectSsidLen);
+
+                               LinkDown(pAdapter, FALSE);
+                       }
+               }
+               pAdapter->StaCfg.BssType = BSS_INFRA;
+        pAdapter->net_dev->type = pAdapter->StaCfg.OriDevType;
+               DBGPRINT(RT_DEBUG_TRACE, ("===>Set_NetworkType_Proc::(INFRA)\n"));
+       }
+    else if (strcmp(arg, "Monitor") == 0)
+    {
+                       UCHAR   bbpValue = 0;
+                       BCN_TIME_CFG_STRUC csr;
+                       OPSTATUS_CLEAR_FLAG(pAdapter, fOP_STATUS_INFRA_ON);
+            OPSTATUS_CLEAR_FLAG(pAdapter, fOP_STATUS_ADHOC_ON);
+                       OPSTATUS_SET_FLAG(pAdapter, fOP_STATUS_MEDIA_STATE_CONNECTED);
+                       // disable all periodic state machine
+                       pAdapter->StaCfg.bAutoReconnect = FALSE;
+                       // reset all mlme state machine
+                       RTMP_MLME_RESET_STATE_MACHINE(pAdapter);
+                       DBGPRINT(RT_DEBUG_TRACE, ("fOP_STATUS_MEDIA_STATE_CONNECTED \n"));
+            if (pAdapter->CommonCfg.CentralChannel == 0)
+            {
+#ifdef DOT11_N_SUPPORT
+                if (pAdapter->CommonCfg.PhyMode == PHY_11AN_MIXED)
+                    pAdapter->CommonCfg.CentralChannel = 36;
+                else
+#endif // DOT11_N_SUPPORT //
+                    pAdapter->CommonCfg.CentralChannel = 6;
+            }
+#ifdef DOT11_N_SUPPORT
+            else
+                N_ChannelCheck(pAdapter);
+#endif // DOT11_N_SUPPORT //
+
+#ifdef DOT11_N_SUPPORT
+                       if (pAdapter->CommonCfg.PhyMode >= PHY_11ABGN_MIXED &&
+                pAdapter->CommonCfg.RegTransmitSetting.field.BW == BW_40 &&
+                pAdapter->CommonCfg.RegTransmitSetting.field.EXTCHA == EXTCHA_ABOVE)
+                       {
+                               // 40MHz ,control channel at lower
+                               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R4, &bbpValue);
+                               bbpValue &= (~0x18);
+                               bbpValue |= 0x10;
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R4, bbpValue);
+                               pAdapter->CommonCfg.BBPCurrentBW = BW_40;
+                               //  RX : control channel at lower
+                               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R3, &bbpValue);
+                               bbpValue &= (~0x20);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R3, bbpValue);
+
+                               RTMP_IO_READ32(pAdapter, TX_BAND_CFG, &Value);
+                               Value &= 0xfffffffe;
+                               RTMP_IO_WRITE32(pAdapter, TX_BAND_CFG, Value);
+                               pAdapter->CommonCfg.CentralChannel = pAdapter->CommonCfg.Channel + 2;
+                AsicSwitchChannel(pAdapter, pAdapter->CommonCfg.CentralChannel, FALSE);
+                           AsicLockChannel(pAdapter, pAdapter->CommonCfg.CentralChannel);
+                DBGPRINT(RT_DEBUG_TRACE, ("BW_40 ,control_channel(%d), CentralChannel(%d) \n",
+                                           pAdapter->CommonCfg.Channel,
+                                           pAdapter->CommonCfg.CentralChannel));
+                       }
+                       else if (pAdapter->CommonCfg.PhyMode >= PHY_11ABGN_MIXED &&
+                     pAdapter->CommonCfg.RegTransmitSetting.field.BW == BW_40 &&
+                     pAdapter->CommonCfg.RegTransmitSetting.field.EXTCHA == EXTCHA_BELOW)
+                       {
+                               // 40MHz ,control channel at upper
+                               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R4, &bbpValue);
+                               bbpValue &= (~0x18);
+                               bbpValue |= 0x10;
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R4, bbpValue);
+                               pAdapter->CommonCfg.BBPCurrentBW = BW_40;
+                               RTMP_IO_READ32(pAdapter, TX_BAND_CFG, &Value);
+                               Value |= 0x1;
+                               RTMP_IO_WRITE32(pAdapter, TX_BAND_CFG, Value);
+
+                               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R3, &bbpValue);
+                               bbpValue |= (0x20);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R3, bbpValue);
+                               pAdapter->CommonCfg.CentralChannel = pAdapter->CommonCfg.Channel - 2;
+                AsicSwitchChannel(pAdapter, pAdapter->CommonCfg.CentralChannel, FALSE);
+                           AsicLockChannel(pAdapter, pAdapter->CommonCfg.CentralChannel);
+                DBGPRINT(RT_DEBUG_TRACE, ("BW_40 ,control_channel(%d), CentralChannel(%d) \n",
+                                           pAdapter->CommonCfg.Channel,
+                                           pAdapter->CommonCfg.CentralChannel));
+                       }
+                       else
+#endif // DOT11_N_SUPPORT //
+                       {
+                               // 20MHz
+                               RTMP_BBP_IO_READ8_BY_REG_ID(pAdapter, BBP_R4, &bbpValue);
+                               bbpValue &= (~0x18);
+                               RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R4, bbpValue);
+                               pAdapter->CommonCfg.BBPCurrentBW = BW_20;
+                AsicSwitchChannel(pAdapter, pAdapter->CommonCfg.Channel, FALSE);
+                           AsicLockChannel(pAdapter, pAdapter->CommonCfg.Channel);
+                               DBGPRINT(RT_DEBUG_TRACE, ("BW_20, Channel(%d)\n", pAdapter->CommonCfg.Channel));
+                       }
+                       // Enable Rx with promiscuous reception
+                       RTMP_IO_WRITE32(pAdapter, RX_FILTR_CFG, 0x3);
+                       // ASIC supporsts sniffer function with replacing RSSI with timestamp.
+                       //RTMP_IO_READ32(pAdapter, MAC_SYS_CTRL, &Value);
+                       //Value |= (0x80);
+                       //RTMP_IO_WRITE32(pAdapter, MAC_SYS_CTRL, Value);
+                       // disable sync
+                       RTMP_IO_READ32(pAdapter, BCN_TIME_CFG, &csr.word);
+                       csr.field.bBeaconGen = 0;
+                       csr.field.bTBTTEnable = 0;
+                       csr.field.TsfSyncMode = 0;
+                       RTMP_IO_WRITE32(pAdapter, BCN_TIME_CFG, csr.word);
+
+                       pAdapter->StaCfg.BssType = BSS_MONITOR;
+            pAdapter->net_dev->type = ARPHRD_IEEE80211_PRISM; //ARPHRD_IEEE80211; // IEEE80211
+                       DBGPRINT(RT_DEBUG_TRACE, ("===>Set_NetworkType_Proc::(MONITOR)\n"));
+    }
+
+    // Reset Ralink supplicant to not use, it will be set to start when UI set PMK key
+    pAdapter->StaCfg.WpaState = SS_NOTUSE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_NetworkType_Proc::(NetworkType=%d)\n", pAdapter->StaCfg.BssType));
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Authentication mode
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_AuthMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    if ((strcmp(arg, "WEPAUTO") == 0) || (strcmp(arg, "wepauto") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeAutoSwitch;
+    else if ((strcmp(arg, "OPEN") == 0) || (strcmp(arg, "open") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeOpen;
+    else if ((strcmp(arg, "SHARED") == 0) || (strcmp(arg, "shared") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeShared;
+    else if ((strcmp(arg, "WPAPSK") == 0) || (strcmp(arg, "wpapsk") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPAPSK;
+    else if ((strcmp(arg, "WPANONE") == 0) || (strcmp(arg, "wpanone") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPANone;
+    else if ((strcmp(arg, "WPA2PSK") == 0) || (strcmp(arg, "wpa2psk") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA2PSK;
+#ifdef WPA_SUPPLICANT_SUPPORT
+    else if ((strcmp(arg, "WPA") == 0) || (strcmp(arg, "wpa") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA;
+    else if ((strcmp(arg, "WPA2") == 0) || (strcmp(arg, "wpa2") == 0))
+        pAdapter->StaCfg.AuthMode = Ndis802_11AuthModeWPA2;
+#endif // WPA_SUPPLICANT_SUPPORT //
+    else
+        return FALSE;
+
+    pAdapter->StaCfg.PortSecured = WPA_802_1X_PORT_NOT_SECURED;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_AuthMode_Proc::(AuthMode=%d)\n", pAdapter->StaCfg.AuthMode));
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Encryption Type
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_EncrypType_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    if ((strcmp(arg, "NONE") == 0) || (strcmp(arg, "none") == 0))
+    {
+        if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+            return TRUE;    // do nothing
+
+        pAdapter->StaCfg.WepStatus     = Ndis802_11WEPDisabled;
+        pAdapter->StaCfg.PairCipher    = Ndis802_11WEPDisabled;
+           pAdapter->StaCfg.GroupCipher   = Ndis802_11WEPDisabled;
+    }
+    else if ((strcmp(arg, "WEP") == 0) || (strcmp(arg, "wep") == 0))
+    {
+        if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+            return TRUE;    // do nothing
+
+        pAdapter->StaCfg.WepStatus     = Ndis802_11WEPEnabled;
+        pAdapter->StaCfg.PairCipher    = Ndis802_11WEPEnabled;
+           pAdapter->StaCfg.GroupCipher   = Ndis802_11WEPEnabled;
+    }
+    else if ((strcmp(arg, "TKIP") == 0) || (strcmp(arg, "tkip") == 0))
+    {
+        if (pAdapter->StaCfg.AuthMode < Ndis802_11AuthModeWPA)
+            return TRUE;    // do nothing
+
+        pAdapter->StaCfg.WepStatus     = Ndis802_11Encryption2Enabled;
+        pAdapter->StaCfg.PairCipher    = Ndis802_11Encryption2Enabled;
+           pAdapter->StaCfg.GroupCipher   = Ndis802_11Encryption2Enabled;
+    }
+    else if ((strcmp(arg, "AES") == 0) || (strcmp(arg, "aes") == 0))
+    {
+        if (pAdapter->StaCfg.AuthMode < Ndis802_11AuthModeWPA)
+            return TRUE;    // do nothing
+
+        pAdapter->StaCfg.WepStatus     = Ndis802_11Encryption3Enabled;
+        pAdapter->StaCfg.PairCipher    = Ndis802_11Encryption3Enabled;
+           pAdapter->StaCfg.GroupCipher   = Ndis802_11Encryption3Enabled;
+    }
+    else
+        return FALSE;
+
+    pAdapter->StaCfg.OrigWepStatus = pAdapter->StaCfg.WepStatus;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_EncrypType_Proc::(EncrypType=%d)\n", pAdapter->StaCfg.WepStatus));
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Default Key ID
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_DefaultKeyID_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    ULONG                               KeyIdx;
+
+    KeyIdx = simple_strtol(arg, 0, 10);
+    if((KeyIdx >= 1 ) && (KeyIdx <= 4))
+        pAdapter->StaCfg.DefaultKeyId = (UCHAR) (KeyIdx - 1 );
+    else
+        return FALSE;  //Invalid argument
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_DefaultKeyID_Proc::(DefaultKeyID=%d)\n", pAdapter->StaCfg.DefaultKeyId));
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set WEP KEY1
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_Key1_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    int                                 KeyLen;
+    int                                 i;
+    UCHAR                               CipherAlg=CIPHER_WEP64;
+
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        return TRUE;    // do nothing
+
+    KeyLen = strlen(arg);
+
+    switch (KeyLen)
+    {
+        case 5: //wep 40 Ascii type
+            pAdapter->SharedKey[BSS0][0].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][0].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key1_Proc::(Key1=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 10: //wep 40 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][0].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][0].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key1_Proc::(Key1=%s and type=%s)\n", arg, "Hex"));
+            break;
+        case 13: //wep 104 Ascii type
+            pAdapter->SharedKey[BSS0][0].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][0].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key1_Proc::(Key1=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 26: //wep 104 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][0].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][0].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key1_Proc::(Key1=%s and type=%s)\n", arg, "Hex"));
+            break;
+        default: //Invalid argument
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key1_Proc::Invalid argument (=%s)\n", arg));
+            return FALSE;
+    }
+
+    pAdapter->SharedKey[BSS0][0].CipherAlg = CipherAlg;
+
+    // Set keys (into ASIC)
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        ;   // not support
+    else    // Old WEP stuff
+    {
+        AsicAddSharedKeyEntry(pAdapter,
+                              0,
+                              0,
+                              pAdapter->SharedKey[BSS0][0].CipherAlg,
+                              pAdapter->SharedKey[BSS0][0].Key,
+                              NULL,
+                              NULL);
+    }
+
+    return TRUE;
+}
+/*
+    ==========================================================================
+
+    Description:
+        Set WEP KEY2
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_Key2_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    int                                 KeyLen;
+    int                                 i;
+    UCHAR                               CipherAlg=CIPHER_WEP64;
+
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        return TRUE;    // do nothing
+
+    KeyLen = strlen(arg);
+
+    switch (KeyLen)
+    {
+        case 5: //wep 40 Ascii type
+            pAdapter->SharedKey[BSS0][1].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][1].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key2_Proc::(Key2=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 10: //wep 40 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][1].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][1].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key2_Proc::(Key2=%s and type=%s)\n", arg, "Hex"));
+            break;
+        case 13: //wep 104 Ascii type
+            pAdapter->SharedKey[BSS0][1].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][1].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key2_Proc::(Key2=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 26: //wep 104 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][1].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][1].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key2_Proc::(Key2=%s and type=%s)\n", arg, "Hex"));
+            break;
+        default: //Invalid argument
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key2_Proc::Invalid argument (=%s)\n", arg));
+            return FALSE;
+    }
+    pAdapter->SharedKey[BSS0][1].CipherAlg = CipherAlg;
+
+    // Set keys (into ASIC)
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        ;   // not support
+    else    // Old WEP stuff
+    {
+        AsicAddSharedKeyEntry(pAdapter,
+                              0,
+                              1,
+                              pAdapter->SharedKey[BSS0][1].CipherAlg,
+                              pAdapter->SharedKey[BSS0][1].Key,
+                              NULL,
+                              NULL);
+    }
+
+    return TRUE;
+}
+/*
+    ==========================================================================
+    Description:
+        Set WEP KEY3
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_Key3_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    int                                 KeyLen;
+    int                                 i;
+    UCHAR                               CipherAlg=CIPHER_WEP64;
+
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        return TRUE;    // do nothing
+
+    KeyLen = strlen(arg);
+
+    switch (KeyLen)
+    {
+        case 5: //wep 40 Ascii type
+            pAdapter->SharedKey[BSS0][2].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][2].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key3_Proc::(Key3=%s and type=Ascii)\n", arg));
+            break;
+        case 10: //wep 40 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][2].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][2].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key3_Proc::(Key3=%s and type=Hex)\n", arg));
+            break;
+        case 13: //wep 104 Ascii type
+            pAdapter->SharedKey[BSS0][2].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][2].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key3_Proc::(Key3=%s and type=Ascii)\n", arg));
+            break;
+        case 26: //wep 104 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][2].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][2].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key3_Proc::(Key3=%s and type=Hex)\n", arg));
+            break;
+        default: //Invalid argument
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key3_Proc::Invalid argument (=%s)\n", arg));
+            return FALSE;
+    }
+    pAdapter->SharedKey[BSS0][2].CipherAlg = CipherAlg;
+
+    // Set keys (into ASIC)
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        ;   // not support
+    else    // Old WEP stuff
+    {
+        AsicAddSharedKeyEntry(pAdapter,
+                              0,
+                              2,
+                              pAdapter->SharedKey[BSS0][2].CipherAlg,
+                              pAdapter->SharedKey[BSS0][2].Key,
+                              NULL,
+                              NULL);
+    }
+
+    return TRUE;
+}
+/*
+    ==========================================================================
+    Description:
+        Set WEP KEY4
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_Key4_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    int                                 KeyLen;
+    int                                 i;
+    UCHAR                               CipherAlg=CIPHER_WEP64;
+
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        return TRUE;    // do nothing
+
+    KeyLen = strlen(arg);
+
+    switch (KeyLen)
+    {
+        case 5: //wep 40 Ascii type
+            pAdapter->SharedKey[BSS0][3].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][3].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key4_Proc::(Key4=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 10: //wep 40 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][3].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][3].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP64;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key4_Proc::(Key4=%s and type=%s)\n", arg, "Hex"));
+            break;
+        case 13: //wep 104 Ascii type
+            pAdapter->SharedKey[BSS0][3].KeyLen = KeyLen;
+            memcpy(pAdapter->SharedKey[BSS0][3].Key, arg, KeyLen);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key4_Proc::(Key4=%s and type=%s)\n", arg, "Ascii"));
+            break;
+        case 26: //wep 104 Hex type
+            for(i=0; i < KeyLen; i++)
+            {
+                if( !isxdigit(*(arg+i)) )
+                    return FALSE;  //Not Hex value;
+            }
+            pAdapter->SharedKey[BSS0][3].KeyLen = KeyLen / 2 ;
+            AtoH(arg, pAdapter->SharedKey[BSS0][3].Key, KeyLen / 2);
+            CipherAlg = CIPHER_WEP128;
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key4_Proc::(Key4=%s and type=%s)\n", arg, "Hex"));
+            break;
+        default: //Invalid argument
+            DBGPRINT(RT_DEBUG_TRACE, ("Set_Key4_Proc::Invalid argument (=%s)\n", arg));
+            return FALSE;
+    }
+    pAdapter->SharedKey[BSS0][3].CipherAlg = CipherAlg;
+
+    // Set keys (into ASIC)
+    if (pAdapter->StaCfg.AuthMode >= Ndis802_11AuthModeWPA)
+        ;   // not support
+    else    // Old WEP stuff
+    {
+        AsicAddSharedKeyEntry(pAdapter,
+                              0,
+                              3,
+                              pAdapter->SharedKey[BSS0][3].CipherAlg,
+                              pAdapter->SharedKey[BSS0][3].Key,
+                              NULL,
+                              NULL);
+    }
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set WPA PSK key
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_WPAPSK_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING          arg)
+{
+    int status;
+
+    if ((pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPAPSK) &&
+        (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPA2PSK) &&
+           (pAd->StaCfg.AuthMode != Ndis802_11AuthModeWPANone)
+               )
+        return TRUE;    // do nothing
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_WPAPSK_Proc::(WPAPSK=%s)\n", arg));
+
+       status = RT_CfgSetWPAPSKKey(pAd, arg, pAd->MlmeAux.Ssid, pAd->MlmeAux.SsidLen, pAd->StaCfg.PMK);
+       if (status == FALSE)
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("Set_WPAPSK_Proc(): Set key failed!\n"));
+               return FALSE;
+       }
+       NdisZeroMemory(pAd->StaCfg.WpaPassPhrase, 64);
+    NdisMoveMemory(pAd->StaCfg.WpaPassPhrase, arg, strlen(arg));
+    pAd->StaCfg.WpaPassPhraseLen = (UINT)strlen(arg);
+
+
+
+    if(pAd->StaCfg.BssType == BSS_ADHOC &&
+       pAd->StaCfg.AuthMode == Ndis802_11AuthModeWPANone)
+    {
+        pAd->StaCfg.WpaState = SS_NOTUSE;
+    }
+    else
+    {
+        // Start STA supplicant state machine
+        pAd->StaCfg.WpaState = SS_START;
+    }
+
+    return TRUE;
+}
+
+/*
+    ==========================================================================
+    Description:
+        Set Power Saving mode
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_PSMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    if (pAdapter->StaCfg.BssType == BSS_INFRA)
+    {
+        if ((strcmp(arg, "Max_PSP") == 0) ||
+                       (strcmp(arg, "max_psp") == 0) ||
+                       (strcmp(arg, "MAX_PSP") == 0))
+        {
+            // do NOT turn on PSM bit here, wait until MlmeCheckPsmChange()
+            // to exclude certain situations.
+            if (pAdapter->StaCfg.bWindowsACCAMEnable == FALSE)
+                pAdapter->StaCfg.WindowsPowerMode = Ndis802_11PowerModeMAX_PSP;
+            pAdapter->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeMAX_PSP;
+            OPSTATUS_SET_FLAG(pAdapter, fOP_STATUS_RECEIVE_DTIM);
+            pAdapter->StaCfg.DefaultListenCount = 5;
+
+        }
+        else if ((strcmp(arg, "Fast_PSP") == 0) ||
+                                (strcmp(arg, "fast_psp") == 0) ||
+                 (strcmp(arg, "FAST_PSP") == 0))
+        {
+            // do NOT turn on PSM bit here, wait until MlmeCheckPsmChange()
+            // to exclude certain situations.
+            OPSTATUS_SET_FLAG(pAdapter, fOP_STATUS_RECEIVE_DTIM);
+            if (pAdapter->StaCfg.bWindowsACCAMEnable == FALSE)
+                pAdapter->StaCfg.WindowsPowerMode = Ndis802_11PowerModeFast_PSP;
+            pAdapter->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeFast_PSP;
+            pAdapter->StaCfg.DefaultListenCount = 3;
+        }
+        else if ((strcmp(arg, "Legacy_PSP") == 0) ||
+                 (strcmp(arg, "legacy_psp") == 0) ||
+                 (strcmp(arg, "LEGACY_PSP") == 0))
+        {
+            // do NOT turn on PSM bit here, wait until MlmeCheckPsmChange()
+            // to exclude certain situations.
+            OPSTATUS_SET_FLAG(pAdapter, fOP_STATUS_RECEIVE_DTIM);
+            if (pAdapter->StaCfg.bWindowsACCAMEnable == FALSE)
+                pAdapter->StaCfg.WindowsPowerMode = Ndis802_11PowerModeLegacy_PSP;
+            pAdapter->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeLegacy_PSP;
+            pAdapter->StaCfg.DefaultListenCount = 3;
+        }
+        else
+        {
+            //Default Ndis802_11PowerModeCAM
+            // clear PSM bit immediately
+            RTMP_SET_PSM_BIT(pAdapter, PWR_ACTIVE);
+            OPSTATUS_SET_FLAG(pAdapter, fOP_STATUS_RECEIVE_DTIM);
+            if (pAdapter->StaCfg.bWindowsACCAMEnable == FALSE)
+                pAdapter->StaCfg.WindowsPowerMode = Ndis802_11PowerModeCAM;
+            pAdapter->StaCfg.WindowsBatteryPowerMode = Ndis802_11PowerModeCAM;
+        }
+
+        DBGPRINT(RT_DEBUG_TRACE, ("Set_PSMode_Proc::(PSMode=%ld)\n", pAdapter->StaCfg.WindowsPowerMode));
+    }
+    else
+        return FALSE;
+
+
+    return TRUE;
+}
+//Add to suport the function which clould dynamicallly enable/disable PCIe Power Saving
+
+#ifdef WPA_SUPPLICANT_SUPPORT
+/*
+    ==========================================================================
+    Description:
+        Set WpaSupport flag.
+    Value:
+        0: Driver ignore wpa_supplicant.
+        1: wpa_supplicant initiates scanning and AP selection.
+        2: driver takes care of scanning, AP selection, and IEEE 802.11 association parameters.
+    Return:
+        TRUE if all parameters are OK, FALSE otherwise
+    ==========================================================================
+*/
+INT Set_Wpa_Support(
+    IN PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+
+    if ( simple_strtol(arg, 0, 10) == 0)
+        pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_DISABLE;
+    else if ( simple_strtol(arg, 0, 10) == 1)
+        pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_ENABLE;
+    else if ( simple_strtol(arg, 0, 10) == 2)
+        pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_ENABLE_WITH_WEB_UI;
+    else
+        pAd->StaCfg.WpaSupplicantUP = WPA_SUPPLICANT_DISABLE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_Wpa_Support::(WpaSupplicantUP=%d)\n", pAd->StaCfg.WpaSupplicantUP));
+
+    return TRUE;
+}
+#endif // WPA_SUPPLICANT_SUPPORT //
+
+#ifdef DBG
+/*
+    ==========================================================================
+    Description:
+        Read / Write MAC
+    Arguments:
+        pAdapter                    Pointer to our adapter
+        wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+               1.) iwpriv ra0 mac 0        ==> read MAC where Addr=0x0
+               2.) iwpriv ra0 mac 0=12     ==> write MAC where Addr=0x0, value=12
+    ==========================================================================
+*/
+VOID RTMPIoctlMAC(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq)
+{
+       PSTRING                         this_char;
+       PSTRING                         value;
+       INT                                     j = 0, k = 0;
+       STRING                          msg[1024];
+       STRING                          arg[255];
+       ULONG                           macAddr = 0;
+       UCHAR                           temp[16];
+       STRING                          temp2[16];
+       UINT32                          macValue = 0;
+       INT                                     Status;
+       BOOLEAN                         bIsPrintAllMAC = FALSE;
+
+
+       memset(msg, 0x00, 1024);
+       if (wrq->u.data.length > 1) //No parameters.
+       {
+           Status = copy_from_user(arg, wrq->u.data.pointer, (wrq->u.data.length > 255) ? 255 : wrq->u.data.length);
+               sprintf(msg, "\n");
+
+               //Parsing Read or Write
+           this_char = arg;
+               if (!*this_char)
+                       goto next;
+
+               if ((value = rtstrchr(this_char, '=')) != NULL)
+                       *value++ = 0;
+
+               if (!value || !*value)
+               { //Read
+                       // Sanity check
+                       if(strlen(this_char) > 4)
+                               goto next;
+
+                       j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               if(this_char[j] > 'f' || this_char[j] < '0')
+                                       return;
+                       }
+
+                       // Mac Addr
+                       k = j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               this_char[4-k+j] = this_char[j];
+                       }
+
+                       while(k < 4)
+                               this_char[3-k++]='0';
+                       this_char[4]='\0';
+
+                       if(strlen(this_char) == 4)
+                       {
+                               AtoH(this_char, temp, 2);
+                               macAddr = *temp*256 + temp[1];
+                               if (macAddr < 0xFFFF)
+                               {
+                                       RTMP_IO_READ32(pAdapter, macAddr, &macValue);
+                                       DBGPRINT(RT_DEBUG_TRACE, ("MacAddr=%lx, MacValue=%x\n", macAddr, macValue));
+                                       sprintf(msg+strlen(msg), "[0x%08lX]:%08X  ", macAddr , macValue);
+                               }
+                               else
+                               {//Invalid parametes, so default printk all mac
+                                       bIsPrintAllMAC = TRUE;
+                                       goto next;
+                               }
+                       }
+               }
+               else
+               { //Write
+                       memcpy(&temp2, value, strlen(value));
+                       temp2[strlen(value)] = '\0';
+
+                       // Sanity check
+                       if((strlen(this_char) > 4) || strlen(temp2) > 8)
+                               goto next;
+
+                       j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               if(this_char[j] > 'f' || this_char[j] < '0')
+                                       return;
+                       }
+
+                       j = strlen(temp2);
+                       while(j-- > 0)
+                       {
+                               if(temp2[j] > 'f' || temp2[j] < '0')
+                                       return;
+                       }
+
+                       //MAC Addr
+                       k = j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               this_char[4-k+j] = this_char[j];
+                       }
+
+                       while(k < 4)
+                               this_char[3-k++]='0';
+                       this_char[4]='\0';
+
+                       //MAC value
+                       k = j = strlen(temp2);
+                       while(j-- > 0)
+                       {
+                               temp2[8-k+j] = temp2[j];
+                       }
+
+                       while(k < 8)
+                               temp2[7-k++]='0';
+                       temp2[8]='\0';
+
+                       {
+                               AtoH(this_char, temp, 2);
+                               macAddr = *temp*256 + temp[1];
+
+                               AtoH(temp2, temp, 4);
+                               macValue = *temp*256*256*256 + temp[1]*256*256 + temp[2]*256 + temp[3];
+
+                               // debug mode
+                               if (macAddr == (HW_DEBUG_SETTING_BASE + 4))
+                               {
+                                       // 0x2bf4: byte0 non-zero: enable R17 tuning, 0: disable R17 tuning
+                    if (macValue & 0x000000ff)
+                    {
+                        pAdapter->BbpTuning.bEnable = TRUE;
+                        DBGPRINT(RT_DEBUG_TRACE,("turn on R17 tuning\n"));
+                    }
+                    else
+                    {
+                        UCHAR R66;
+                        pAdapter->BbpTuning.bEnable = FALSE;
+                        R66 = 0x26 + GET_LNA_GAIN(pAdapter);
+#ifdef RALINK_ATE
+                                               if (ATE_ON(pAdapter))
+                                               {
+                                                       ATE_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R66, (0x26 + GET_LNA_GAIN(pAdapter)));
+                                               }
+                                               else
+#endif // RALINK_ATE //
+
+                                                       RTMP_BBP_IO_WRITE8_BY_REG_ID(pAdapter, BBP_R66, (0x26 + GET_LNA_GAIN(pAdapter)));
+                        DBGPRINT(RT_DEBUG_TRACE,("turn off R17 tuning, restore to 0x%02x\n", R66));
+                    }
+                                       return;
+                               }
+
+                               DBGPRINT(RT_DEBUG_TRACE, ("MacAddr=%02lx, MacValue=0x%x\n", macAddr, macValue));
+
+                               RTMP_IO_WRITE32(pAdapter, macAddr, macValue);
+                               sprintf(msg+strlen(msg), "[0x%08lX]:%08X  ", macAddr, macValue);
+                       }
+               }
+       }
+       else
+               bIsPrintAllMAC = TRUE;
+next:
+       if (bIsPrintAllMAC)
+       {
+               struct file             *file_w;
+               PSTRING                 fileName = "MacDump.txt";
+               mm_segment_t    orig_fs;
+
+               orig_fs = get_fs();
+               set_fs(KERNEL_DS);
+
+               // open file
+               file_w = filp_open(fileName, O_WRONLY|O_CREAT, 0);
+               if (IS_ERR(file_w))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("-->2) %s: Error %ld opening %s\n", __FUNCTION__, -PTR_ERR(file_w), fileName));
+               }
+               else
+               {
+                       if (file_w->f_op && file_w->f_op->write)
+                       {
+                               file_w->f_pos = 0;
+                               macAddr = 0x1000;
+
+                               while (macAddr <= 0x1800)
+                               {
+                                       RTMP_IO_READ32(pAdapter, macAddr, &macValue);
+                                       sprintf(msg, "%08lx = %08X\n", macAddr, macValue);
+
+                                       // write data to file
+                                       file_w->f_op->write(file_w, msg, strlen(msg), &file_w->f_pos);
+
+                                       printk("%s", msg);
+                                       macAddr += 4;
+                               }
+                               sprintf(msg, "\nDump all MAC values to %s\n", fileName);
+                       }
+                       filp_close(file_w, NULL);
+               }
+               set_fs(orig_fs);
+       }
+       if(strlen(msg) == 1)
+               sprintf(msg+strlen(msg), "===>Error command format!");
+
+       // Copy the information into the user buffer
+       wrq->u.data.length = strlen(msg);
+       Status = copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==RTMPIoctlMAC\n\n"));
+}
+
+/*
+    ==========================================================================
+    Description:
+        Read / Write E2PROM
+    Arguments:
+        pAdapter                    Pointer to our adapter
+        wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+               1.) iwpriv ra0 e2p 0            ==> read E2PROM where Addr=0x0
+               2.) iwpriv ra0 e2p 0=1234    ==> write E2PROM where Addr=0x0, value=1234
+    ==========================================================================
+*/
+VOID RTMPIoctlE2PROM(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq)
+{
+       PSTRING                         this_char;
+       PSTRING                         value;
+       INT                                     j = 0, k = 0;
+       STRING                          msg[1024];
+       STRING                          arg[255];
+       USHORT                          eepAddr = 0;
+       UCHAR                           temp[16];
+       STRING                          temp2[16];
+       USHORT                          eepValue;
+       int                                     Status;
+       BOOLEAN                         bIsPrintAllE2P = FALSE;
+
+
+       memset(msg, 0x00, 1024);
+       if (wrq->u.data.length > 1) //No parameters.
+       {
+           Status = copy_from_user(arg, wrq->u.data.pointer, (wrq->u.data.length > 255) ? 255 : wrq->u.data.length);
+               sprintf(msg, "\n");
+
+           //Parsing Read or Write
+               this_char = arg;
+
+
+               if (!*this_char)
+                       goto next;
+
+               if ((value = rtstrchr(this_char, '=')) != NULL)
+                       *value++ = 0;
+
+               if (!value || !*value)
+               { //Read
+
+                       // Sanity check
+                       if(strlen(this_char) > 4)
+                               goto next;
+
+                       j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               if(this_char[j] > 'f' || this_char[j] < '0')
+                                       return;
+                       }
+
+                       // E2PROM addr
+                       k = j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               this_char[4-k+j] = this_char[j];
+                       }
+
+                       while(k < 4)
+                               this_char[3-k++]='0';
+                       this_char[4]='\0';
+
+                       if(strlen(this_char) == 4)
+                       {
+                               AtoH(this_char, temp, 2);
+                               eepAddr = *temp*256 + temp[1];
+                               if (eepAddr < 0xFFFF)
+                               {
+                                       RT28xx_EEPROM_READ16(pAdapter, eepAddr, eepValue);
+                                       sprintf(msg+strlen(msg), "[0x%04X]:0x%04X  ", eepAddr , eepValue);
+                               }
+                               else
+                               {//Invalid parametes, so default printk all bbp
+                                       bIsPrintAllE2P = TRUE;
+                                       goto next;
+                               }
+                       }
+               }
+               else
+               { //Write
+                       memcpy(&temp2, value, strlen(value));
+                       temp2[strlen(value)] = '\0';
+
+                       // Sanity check
+                       if((strlen(this_char) > 4) || strlen(temp2) > 8)
+                               goto next;
+
+                       j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               if(this_char[j] > 'f' || this_char[j] < '0')
+                                       return;
+                       }
+                       j = strlen(temp2);
+                       while(j-- > 0)
+                       {
+                               if(temp2[j] > 'f' || temp2[j] < '0')
+                                       return;
+                       }
+
+                       //MAC Addr
+                       k = j = strlen(this_char);
+                       while(j-- > 0)
+                       {
+                               this_char[4-k+j] = this_char[j];
+                       }
+
+                       while(k < 4)
+                               this_char[3-k++]='0';
+                       this_char[4]='\0';
+
+                       //MAC value
+                       k = j = strlen(temp2);
+                       while(j-- > 0)
+                       {
+                               temp2[4-k+j] = temp2[j];
+                       }
+
+                       while(k < 4)
+                               temp2[3-k++]='0';
+                       temp2[4]='\0';
+
+                       AtoH(this_char, temp, 2);
+                       eepAddr = *temp*256 + temp[1];
+
+                       AtoH(temp2, temp, 2);
+                       eepValue = *temp*256 + temp[1];
+
+                       RT28xx_EEPROM_WRITE16(pAdapter, eepAddr, eepValue);
+                       sprintf(msg+strlen(msg), "[0x%02X]:%02X  ", eepAddr, eepValue);
+               }
+       }
+       else
+               bIsPrintAllE2P = TRUE;
+next:
+       if (bIsPrintAllE2P)
+       {
+               struct file             *file_w;
+               PSTRING                 fileName = "EEPROMDump.txt";
+               mm_segment_t    orig_fs;
+
+               orig_fs = get_fs();
+               set_fs(KERNEL_DS);
+
+               // open file
+               file_w = filp_open(fileName, O_WRONLY|O_CREAT, 0);
+               if (IS_ERR(file_w))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("-->2) %s: Error %ld opening %s\n", __FUNCTION__, -PTR_ERR(file_w), fileName));
+               }
+               else
+               {
+                       if (file_w->f_op && file_w->f_op->write)
+                       {
+                               file_w->f_pos = 0;
+                               eepAddr = 0x00;
+
+                               while (eepAddr <= 0xFE)
+                               {
+                                       RT28xx_EEPROM_READ16(pAdapter, eepAddr, eepValue);
+                                       sprintf(msg, "%08x = %04x\n", eepAddr , eepValue);
+
+                                       // write data to file
+                                       file_w->f_op->write(file_w, msg, strlen(msg), &file_w->f_pos);
+
+                                       printk("%s", msg);
+                                       eepAddr += 2;
+                               }
+                               sprintf(msg, "\nDump all EEPROM values to %s\n", fileName);
+                       }
+                       filp_close(file_w, NULL);
+               }
+               set_fs(orig_fs);
+       }
+       if(strlen(msg) == 1)
+               sprintf(msg+strlen(msg), "===>Error command format!");
+
+
+       // Copy the information into the user buffer
+       wrq->u.data.length = strlen(msg);
+       Status = copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length);
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==RTMPIoctlE2PROM\n"));
+}
+
+
+#ifdef RT30xx
+/*
+    ==========================================================================
+    Description:
+        Read / Write RF register
+Arguments:
+    pAdapter                    Pointer to our adapter
+    wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+               1.) iwpriv ra0 rf                ==> read all RF registers
+               2.) iwpriv ra0 rf 1              ==> read RF where RegID=1
+               3.) iwpriv ra0 rf 1=10              ==> write RF R1=0x10
+    ==========================================================================
+*/
+VOID RTMPIoctlRF(
+       IN      PRTMP_ADAPTER   pAdapter,
+       IN      struct iwreq    *wrq)
+{
+       CHAR                            *this_char;
+       CHAR                            *value;
+       UCHAR                           regRF = 0;
+       STRING                          msg[2048];
+       CHAR                            arg[255];
+       INT                                     rfId;
+       LONG                            rfValue;
+       int                                     Status;
+       BOOLEAN                         bIsPrintAllRF = FALSE;
+
+
+       memset(msg, 0x00, 2048);
+       if (wrq->u.data.length > 1) //No parameters.
+       {
+           Status = copy_from_user(arg, wrq->u.data.pointer, (wrq->u.data.length > 255) ? 255 : wrq->u.data.length);
+               sprintf(msg, "\n");
+
+           //Parsing Read or Write
+               this_char = arg;
+               if (!*this_char)
+                       goto next;
+
+               if ((value = strchr(this_char, '=')) != NULL)
+                       *value++ = 0;
+
+               if (!value || !*value)
+               { //Read
+                       if (sscanf((PSTRING) this_char, "%d", &(rfId)) == 1)
+                       {
+                               if (rfId <= 31)
+                               {
+#ifdef RALINK_ATE
+                                       /*
+                                               In RT2860 ATE mode, we do not load 8051 firmware.
+                           We must access RF directly.
+                                               For RT2870 ATE mode, ATE_RF_IO_WRITE8(/READ8)_BY_REG_ID are redefined.
+                                       */
+                                       if (ATE_ON(pAdapter))
+                                       {
+                                               ATE_RF_IO_READ8_BY_REG_ID(pAdapter, rfId, &regRF);
+                                       }
+                                       else
+#endif // RALINK_ATE //
+                                       // according to Andy, Gary, David require.
+                                       // the command rf shall read rf register directly for dubug.
+                                       // BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                       RT30xxReadRFRegister(pAdapter, rfId, &regRF);
+
+                                       sprintf(msg+strlen(msg), "R%02d[0x%02x]:%02X  ", rfId, rfId, regRF);
+                               }
+                               else
+                               {//Invalid parametes, so default printk all RF
+                                       bIsPrintAllRF = TRUE;
+                                       goto next;
+                               }
+                       }
+                       else
+                       { //Invalid parametes, so default printk all RF
+                               bIsPrintAllRF = TRUE;
+                               goto next;
+                       }
+               }
+               else
+               { //Write
+                       if ((sscanf((PSTRING) this_char, "%d", &(rfId)) == 1) && (sscanf((PSTRING) value, "%lx", &(rfValue)) == 1))
+                       {
+                               if (rfId <= 31)
+                               {
+#ifdef RALINK_ATE
+                                               /*
+                                                       In RT2860 ATE mode, we do not load 8051 firmware.
+                                   We must access RF directly.
+                                                       For RT2870 ATE mode, ATE_RF_IO_WRITE8(/READ8)_BY_REG_ID are redefined.
+                                               */
+                                               if (ATE_ON(pAdapter))
+                                               {
+                                                       ATE_RF_IO_READ8_BY_REG_ID(pAdapter, rfId, &regRF);
+                                                       ATE_RF_IO_WRITE8_BY_REG_ID(pAdapter, (UCHAR)rfId,(UCHAR) rfValue);
+                                                       //Read it back for showing
+                                                       ATE_RF_IO_READ8_BY_REG_ID(pAdapter, rfId, &regRF);
+                                                       sprintf(msg+strlen(msg), "R%02d[0x%02X]:%02X\n", rfId, rfId, regRF);
+                                               }
+                                               else
+#endif // RALINK_ATE //
+                                               {
+                                                       // according to Andy, Gary, David require.
+                                                       // the command RF shall read/write RF register directly for dubug.
+                                                       //BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                                       //BBP_IO_WRITE8_BY_REG_ID(pAdapter, (UCHAR)bbpId,(UCHAR) bbpValue);
+                                                       RT30xxReadRFRegister(pAdapter, rfId, &regRF);
+                                                       RT30xxWriteRFRegister(pAdapter, (UCHAR)rfId,(UCHAR) rfValue);
+                                                       //Read it back for showing
+                                                       //BBP_IO_READ8_BY_REG_ID(pAdapter, bbpId, &regBBP);
+                                                       RT30xxReadRFRegister(pAdapter, rfId, &regRF);
+                                       sprintf(msg+strlen(msg), "R%02d[0x%02X]:%02X\n", rfId, rfId, regRF);
+                                               }
+                               }
+                               else
+                               {//Invalid parametes, so default printk all RF
+                                       bIsPrintAllRF = TRUE;
+                               }
+                       }
+                       else
+                       { //Invalid parametes, so default printk all RF
+                               bIsPrintAllRF = TRUE;
+                       }
+               }
+       }
+       else
+               bIsPrintAllRF = TRUE;
+next:
+       if (bIsPrintAllRF)
+       {
+               memset(msg, 0x00, 2048);
+               sprintf(msg, "\n");
+               for (rfId = 0; rfId <= 31; rfId++)
+               {
+#ifdef RALINK_ATE
+                       /*
+                               In RT2860 ATE mode, we do not load 8051 firmware.
+                We must access RF directly.
+                               For RT2870 ATE mode, ATE_RF_IO_WRITE8(/READ8)_BY_REG_ID are redefined.
+                       */
+                       if (ATE_ON(pAdapter))
+                       {
+                               ATE_RF_IO_READ8_BY_REG_ID(pAdapter, rfId, &regRF);
+                       }
+                       else
+#endif // RALINK_ATE //
+
+                       // according to Andy, Gary, David require.
+                       // the command RF shall read/write RF register directly for dubug.
+                       RT30xxReadRFRegister(pAdapter, rfId, &regRF);
+                       sprintf(msg+strlen(msg), "%03d = %02X\n", rfId, regRF);
+               }
+               // Copy the information into the user buffer
+               DBGPRINT(RT_DEBUG_TRACE, ("strlen(msg)=%d\n", (UINT32)strlen(msg)));
+               wrq->u.data.length = strlen(msg);
+               if (copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length))
+               {
+                       DBGPRINT(RT_DEBUG_TRACE, ("%s: copy_to_user() fail\n", __FUNCTION__));
+               }
+       }
+       else
+       {
+               if(strlen(msg) == 1)
+                       sprintf(msg+strlen(msg), "===>Error command format!");
+
+               DBGPRINT(RT_DEBUG_TRACE, ("copy to user [msg=%s]\n", msg));
+               // Copy the information into the user buffer
+               DBGPRINT(RT_DEBUG_TRACE, ("strlen(msg) =%d\n", (UINT32)strlen(msg)));
+
+               // Copy the information into the user buffer
+               wrq->u.data.length = strlen(msg);
+               Status = copy_to_user(wrq->u.data.pointer, msg, wrq->u.data.length);
+       }
+
+       DBGPRINT(RT_DEBUG_TRACE, ("<==RTMPIoctlRF\n\n"));
+}
+#endif // RT30xx //
+#endif // DBG //
+
+
+
+
+INT Set_TGnWifiTest_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING          arg)
+{
+    if (simple_strtol(arg, 0, 10) == 0)
+        pAd->StaCfg.bTGnWifiTest = FALSE;
+    else
+        pAd->StaCfg.bTGnWifiTest = TRUE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IF Set_TGnWifiTest_Proc::(bTGnWifiTest=%d)\n", pAd->StaCfg.bTGnWifiTest));
+       return TRUE;
+}
+
+#ifdef EXT_BUILD_CHANNEL_LIST
+INT Set_Ieee80211dClientMode_Proc(
+    IN  PRTMP_ADAPTER   pAdapter,
+    IN  PSTRING          arg)
+{
+    if (simple_strtol(arg, 0, 10) == 0)
+        pAdapter->StaCfg.IEEE80211dClientMode = Rt802_11_D_None;
+    else if (simple_strtol(arg, 0, 10) == 1)
+        pAdapter->StaCfg.IEEE80211dClientMode = Rt802_11_D_Flexible;
+    else if (simple_strtol(arg, 0, 10) == 2)
+        pAdapter->StaCfg.IEEE80211dClientMode = Rt802_11_D_Strict;
+    else
+        return FALSE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_Ieee802dMode_Proc::(IEEEE0211dMode=%d)\n", pAdapter->StaCfg.IEEE80211dClientMode));
+    return TRUE;
+}
+#endif // EXT_BUILD_CHANNEL_LIST //
+
+#ifdef CARRIER_DETECTION_SUPPORT
+INT Set_CarrierDetect_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg)
+{
+    if (simple_strtol(arg, 0, 10) == 0)
+        pAd->CommonCfg.CarrierDetect.Enable = FALSE;
+    else
+        pAd->CommonCfg.CarrierDetect.Enable = TRUE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IF Set_CarrierDetect_Proc::(CarrierDetect.Enable=%d)\n", pAd->CommonCfg.CarrierDetect.Enable));
+       return TRUE;
+}
+#endif // CARRIER_DETECTION_SUPPORT //
+
+
+INT    Show_Adhoc_MacTable_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 extra)
+{
+       INT i;
+
+       sprintf(extra, "\n");
+
+#ifdef DOT11_N_SUPPORT
+       sprintf(extra, "%sHT Operating Mode : %d\n", extra, pAd->CommonCfg.AddHTInfo.AddHtInfo2.OperaionMode);
+#endif // DOT11_N_SUPPORT //
+
+       sprintf(extra, "%s\n%-19s%-4s%-4s%-7s%-7s%-7s%-10s%-6s%-6s%-6s%-6s\n", extra,
+                       "MAC", "AID", "BSS", "RSSI0", "RSSI1", "RSSI2", "PhMd", "BW", "MCS", "SGI", "STBC");
+
+       for (i=1; i<MAX_LEN_OF_MAC_TABLE; i++)
+       {
+               PMAC_TABLE_ENTRY pEntry = &pAd->MacTab.Content[i];
+
+               if (strlen(extra) > (IW_PRIV_SIZE_MASK - 30))
+                   break;
+               if ((pEntry->ValidAsCLI || pEntry->ValidAsApCli) && (pEntry->Sst == SST_ASSOC))
+               {
+                       sprintf(extra, "%s%02X:%02X:%02X:%02X:%02X:%02X  ", extra,
+                               pEntry->Addr[0], pEntry->Addr[1], pEntry->Addr[2],
+                               pEntry->Addr[3], pEntry->Addr[4], pEntry->Addr[5]);
+                       sprintf(extra, "%s%-4d", extra, (int)pEntry->Aid);
+                       sprintf(extra, "%s%-4d", extra, (int)pEntry->apidx);
+                       sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi0);
+                       sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi1);
+                       sprintf(extra, "%s%-7d", extra, pEntry->RssiSample.AvgRssi2);
+                       sprintf(extra, "%s%-10s", extra, GetPhyMode(pEntry->HTPhyMode.field.MODE));
+                       sprintf(extra, "%s%-6s", extra, GetBW(pEntry->HTPhyMode.field.BW));
+                       sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.MCS);
+                       sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.ShortGI);
+                       sprintf(extra, "%s%-6d", extra, pEntry->HTPhyMode.field.STBC);
+                       sprintf(extra, "%s%-10d, %d, %d%%\n", extra, pEntry->DebugFIFOCount, pEntry->DebugTxCount,
+                                               (pEntry->DebugTxCount) ? ((pEntry->DebugTxCount-pEntry->DebugFIFOCount)*100/pEntry->DebugTxCount) : 0);
+                       sprintf(extra, "%s\n", extra);
+               }
+       }
+
+       return TRUE;
+}
+
+
+INT Set_BeaconLostTime_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg)
+{
+       ULONG ltmp = (ULONG)simple_strtol(arg, 0, 10);
+
+       if ((ltmp != 0) && (ltmp <= 60))
+               pAd->StaCfg.BeaconLostTime = (ltmp * OS_HZ);
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IF Set_BeaconLostTime_Proc::(BeaconLostTime=%ld)\n", pAd->StaCfg.BeaconLostTime));
+       return TRUE;
+}
+
+INT Set_AutoRoaming_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg)
+{
+    if (simple_strtol(arg, 0, 10) == 0)
+        pAd->StaCfg.bAutoRoaming = FALSE;
+    else
+        pAd->StaCfg.bAutoRoaming = TRUE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IF Set_AutoRoaming_Proc::(bAutoRoaming=%d)\n", pAd->StaCfg.bAutoRoaming));
+       return TRUE;
+}
+
+
+/*
+    ==========================================================================
+    Description:
+        Issue a site survey command to driver
+       Arguments:
+           pAdapter                    Pointer to our adapter
+           wrq                         Pointer to the ioctl argument
+
+    Return Value:
+        None
+
+    Note:
+        Usage:
+               1.) iwpriv ra0 set site_survey
+    ==========================================================================
+*/
+INT Set_SiteSurvey_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PSTRING                 arg)
+{
+       NDIS_802_11_SSID Ssid;
+
+       //check if the interface is down
+       if (!RTMP_TEST_FLAG(pAd, fRTMP_ADAPTER_INTERRUPT_IN_USE))
+       {
+               DBGPRINT(RT_DEBUG_TRACE, ("INFO::Network is down!\n"));
+               return -ENETDOWN;
+       }
+
+       if (MONITOR_ON(pAd))
+    {
+        DBGPRINT(RT_DEBUG_TRACE, ("!!! Driver is in Monitor Mode now !!!\n"));
+        return -EINVAL;
+    }
+
+       RTMPZeroMemory(&Ssid, sizeof(NDIS_802_11_SSID));
+       Ssid.SsidLength = 0;
+       if ((arg != NULL) &&
+               (strlen(arg) <= MAX_LEN_OF_SSID))
+    {
+        RTMPMoveMemory(Ssid.Ssid, arg, strlen(arg));
+        Ssid.SsidLength = strlen(arg);
+       }
+
+       pAd->StaCfg.bScanReqIsFromWebUI = TRUE;
+
+       if (pAd->Mlme.CntlMachine.CurrState != CNTL_IDLE)
+       {
+               RTMP_MLME_RESET_STATE_MACHINE(pAd);
+               DBGPRINT(RT_DEBUG_TRACE, ("!!! MLME busy, reset MLME state machine !!!\n"));
+       }
+
+       // tell CNTL state machine to call NdisMSetInformationComplete() after completing
+       // this request, because this request is initiated by NDIS.
+       pAd->MlmeAux.CurrReqIsFromNdis = FALSE;
+       // Reset allowed scan retries
+       pAd->StaCfg.ScanCnt = 0;
+       NdisGetSystemUpTime(&pAd->StaCfg.LastScanTime);
+
+       MlmeEnqueue(pAd,
+               MLME_CNTL_STATE_MACHINE,
+               OID_802_11_BSSID_LIST_SCAN,
+               Ssid.SsidLength,
+               Ssid.Ssid);
+
+       RTMP_MLME_HANDLER(pAd);
+
+    DBGPRINT(RT_DEBUG_TRACE, ("Set_SiteSurvey_Proc\n"));
+
+    return TRUE;
+}
+
+INT Set_ForceTxBurst_Proc(
+    IN  PRTMP_ADAPTER   pAd,
+    IN  PSTRING         arg)
+{
+    if (simple_strtol(arg, 0, 10) == 0)
+        pAd->StaCfg.bForceTxBurst = FALSE;
+    else
+        pAd->StaCfg.bForceTxBurst = TRUE;
+
+    DBGPRINT(RT_DEBUG_TRACE, ("IF Set_ForceTxBurst_Proc::(bForceTxBurst=%d)\n", pAd->StaCfg.bForceTxBurst));
+       return TRUE;
+}
+
+#ifdef ANT_DIVERSITY_SUPPORT
+INT    Set_Antenna_Proc(
+       IN      PRTMP_ADAPTER   pAd,
+       IN      PUCHAR                  arg)
+{
+    UCHAR UsedAnt;
+       DBGPRINT(RT_DEBUG_TRACE, ("==> Set_Antenna_Proc *******************\n"));
+
+    if(simple_strtol(arg, 0, 10) <= 3)
+        UsedAnt = simple_strtol(arg, 0, 10);
+
+    pAd->CommonCfg.bRxAntDiversity = UsedAnt; // Auto switch
+    if (UsedAnt == ANT_DIVERSITY_ENABLE)
+    {
+            pAd->RxAnt.EvaluateStableCnt = 0;
+            DBGPRINT(RT_DEBUG_TRACE, ("<== Set_Antenna_Proc(Auto Switch Mode), (%d,%d)\n", pAd->RxAnt.Pair1PrimaryRxAnt, pAd->RxAnt.Pair1SecondaryRxAnt));
+    }
+    /* 2: Fix in the PHY Antenna CON1*/
+    if (UsedAnt == ANT_FIX_ANT1)
+    {
+            AsicSetRxAnt(pAd, 0);
+            DBGPRINT(RT_DEBUG_TRACE, ("<== Set_Antenna_Proc(Fix in Ant CON1), (%d,%d)\n", pAd->RxAnt.Pair1PrimaryRxAnt, pAd->RxAnt.Pair1SecondaryRxAnt));
+    }
+    /* 3: Fix in the PHY Antenna CON2*/
+    if (UsedAnt == ANT_FIX_ANT2)
+    {
+            AsicSetRxAnt(pAd, 1);
+            DBGPRINT(RT_DEBUG_TRACE, ("<== Set_Antenna_Proc(Fix in Ant CON2), (%d,%d)\n", pAd->RxAnt.Pair1PrimaryRxAnt, pAd->RxAnt.Pair1SecondaryRxAnt));
+    }
+
+       return TRUE;
+}
+#endif // ANT_DIVERSITY_SUPPORT //
\ No newline at end of file
diff --git a/drivers/staging/rt3090/vr_ikans.h b/drivers/staging/rt3090/vr_ikans.h
new file mode 100644 (file)
index 0000000..16bff3b
--- /dev/null
@@ -0,0 +1,71 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+    Module Name:
+       vr_ikans.h
+
+    Abstract:
+    Handle association related requests either from WSTA or from local MLME
+
+    Revision History:
+    Who          When          What
+    ---------    ----------    ----------------------------------------------
+    Sample Lin 01-28-2008    Created
+ */
+
+#ifndef __VR_IKANS_H__
+#define __VR_IKANS_H__
+
+#ifndef MODULE_IKANOS
+#define IKANOS_EXTERN  extern
+#else
+#define IKANOS_EXTERN
+#endif // MODULE_IKANOS //
+
+#ifdef IKANOS_VX_1X0
+       typedef void (*IkanosWlanTxCbFuncP)(void *, void *);
+
+       struct IKANOS_TX_INFO
+       {
+               struct net_device *netdev;
+               IkanosWlanTxCbFuncP *fp;
+       };
+#endif // IKANOS_VX_1X0 //
+
+
+IKANOS_EXTERN void VR_IKANOS_FP_Init(UINT8 BssNum, UINT8 *pApMac);
+
+IKANOS_EXTERN INT32 IKANOS_DataFramesTx(struct sk_buff *pSkb,
+                                                                               struct net_device *pNetDev);
+
+IKANOS_EXTERN void IKANOS_DataFrameRx(PRTMP_ADAPTER pAd,
+                                                                               void *pRxParam,
+                                                                               struct sk_buff *pSkb,
+                                                                               UINT32 Length);
+
+#endif // __VR_IKANS_H__ //
+
+/* End of vr_ikans.h */
diff --git a/drivers/staging/rt3090/wpa.h b/drivers/staging/rt3090/wpa.h
new file mode 100644 (file)
index 0000000..8baa287
--- /dev/null
@@ -0,0 +1,447 @@
+/*
+ *************************************************************************
+ * Ralink Tech Inc.
+ * 5F., No.36, Taiyuan St., Jhubei City,
+ * Hsinchu County 302,
+ * Taiwan, R.O.C.
+ *
+ * (c) Copyright 2002-2007, Ralink Technology, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify  *
+ * it under the terms of the GNU General Public License as published by  *
+ * the Free Software Foundation; either version 2 of the License, or     *
+ * (at your option) any later version.                                   *
+ *                                                                       *
+ * This program is distributed in the hope that it will be useful,       *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of        *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the         *
+ * GNU General Public License for more details.                          *
+ *                                                                       *
+ * You should have received a copy of the GNU General Public License     *
+ * along with this program; if not, write to the                         *
+ * Free Software Foundation, Inc.,                                       *
+ * 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
+ *                                                                       *
+ *************************************************************************
+
+       Module Name:
+       wpa.h
+
+       Abstract:
+
+       Revision History:
+       Who                     When                    What
+       --------        ----------              ----------------------------------------------
+       Name            Date                    Modification logs
+*/
+
+#ifndef        __WPA_H__
+#define        __WPA_H__
+
+// EAPOL Key descripter frame format related length
+#define LEN_KEY_DESC_NONCE                     32
+#define LEN_KEY_DESC_IV                                16
+#define LEN_KEY_DESC_RSC                       8
+#define LEN_KEY_DESC_ID                                8
+#define LEN_KEY_DESC_REPLAY                    8
+#define LEN_KEY_DESC_MIC                       16
+
+// The length is the EAPoL-Key frame except key data field.
+// Please refer to 802.11i-2004 ,Figure 43u in p.78
+#define LEN_EAPOL_KEY_MSG                      (sizeof(KEY_DESCRIPTER) - MAX_LEN_OF_RSNIE)
+
+// EAP Code Type.
+#define EAP_CODE_REQUEST       1
+#define EAP_CODE_RESPONSE      2
+#define EAP_CODE_SUCCESS    3
+#define EAP_CODE_FAILURE    4
+
+// EAPOL frame Protocol Version
+#define        EAPOL_VER                                       1
+#define        EAPOL_VER2                                      2
+
+// EAPOL-KEY Descriptor Type
+#define        WPA1_KEY_DESC                           0xfe
+#define WPA2_KEY_DESC               0x02
+
+// Key Descriptor Version of Key Information
+#define        DESC_TYPE_TKIP                          1
+#define        DESC_TYPE_AES                           2
+
+#define LEN_MSG1_2WAY               0x7f
+#define MAX_LEN_OF_EAP_HS           256
+
+#define LEN_MASTER_KEY                         32
+
+// EAPOL EK, MK
+#define LEN_EAP_EK                                     16
+#define LEN_EAP_MICK                           16
+#define LEN_EAP_KEY                                    ((LEN_EAP_EK)+(LEN_EAP_MICK))
+// TKIP key related
+#define LEN_PMKID                                      16
+#define LEN_TKIP_EK                                    16
+#define LEN_TKIP_RXMICK                                8
+#define LEN_TKIP_TXMICK                                8
+#define LEN_AES_EK                                     16
+#define LEN_AES_KEY                                    LEN_AES_EK
+#define LEN_TKIP_KEY                           ((LEN_TKIP_EK)+(LEN_TKIP_RXMICK)+(LEN_TKIP_TXMICK))
+#define TKIP_AP_TXMICK_OFFSET          ((LEN_EAP_KEY)+(LEN_TKIP_EK))
+#define TKIP_AP_RXMICK_OFFSET          (TKIP_AP_TXMICK_OFFSET+LEN_TKIP_TXMICK)
+#define TKIP_GTK_LENGTH                                ((LEN_TKIP_EK)+(LEN_TKIP_RXMICK)+(LEN_TKIP_TXMICK))
+#define LEN_PTK                                                ((LEN_EAP_KEY)+(LEN_TKIP_KEY))
+#define MIN_LEN_OF_GTK                         5
+#define LEN_PMK                                                32
+#define LEN_PMK_NAME                           16
+#define LEN_NONCE                                      32
+
+// RSN IE Length definition
+#define MAX_LEN_OF_RSNIE               255
+#define MIN_LEN_OF_RSNIE               8
+
+#define KEY_LIFETIME                           3600
+
+//EAP Packet Type
+#define        EAPPacket               0
+#define        EAPOLStart              1
+#define        EAPOLLogoff             2
+#define        EAPOLKey                3
+#define        EAPOLASFAlert   4
+#define        EAPTtypeMax             5
+
+#define        EAPOL_MSG_INVALID       0
+#define        EAPOL_PAIR_MSG_1        1
+#define        EAPOL_PAIR_MSG_2        2
+#define        EAPOL_PAIR_MSG_3        3
+#define        EAPOL_PAIR_MSG_4        4
+#define        EAPOL_GROUP_MSG_1       5
+#define        EAPOL_GROUP_MSG_2       6
+
+#define PAIRWISEKEY                                    1
+#define GROUPKEY                                       0
+
+// Retry timer counter initial value
+#define PEER_MSG1_RETRY_TIMER_CTR           0
+#define PEER_MSG3_RETRY_TIMER_CTR           10
+#define GROUP_MSG1_RETRY_TIMER_CTR          20
+
+// WPA mechanism retry timer interval
+#define PEER_MSG1_RETRY_EXEC_INTV           1000                       // 1 sec
+#define PEER_MSG3_RETRY_EXEC_INTV           3000                       // 3 sec
+#define GROUP_KEY_UPDATE_EXEC_INTV          1000                               // 1 sec
+#define PEER_GROUP_KEY_UPDATE_INIV                     2000                            // 2 sec
+
+#define ENQUEUE_EAPOL_START_TIMER                      200                                     // 200 ms
+
+// group rekey interval
+#define TIME_REKEY                          0
+#define PKT_REKEY                           1
+#define DISABLE_REKEY                       2
+#define MAX_REKEY                           2
+
+#define MAX_REKEY_INTER                     0x3ffffff
+
+#define GROUP_SUITE                                    0
+#define PAIRWISE_SUITE                         1
+#define AKM_SUITE                                      2
+#define PMKID_LIST                                     3
+
+
+#define EAPOL_START_DISABLE                                    0
+#define EAPOL_START_PSK                                                1
+#define EAPOL_START_1X                                         2
+
+#define MIX_CIPHER_WPA_TKIP_ON(x)       (((x) & 0x08) != 0)
+#define MIX_CIPHER_WPA_AES_ON(x)        (((x) & 0x04) != 0)
+#define MIX_CIPHER_WPA2_TKIP_ON(x)      (((x) & 0x02) != 0)
+#define MIX_CIPHER_WPA2_AES_ON(x)       (((x) & 0x01) != 0)
+
+#ifndef ROUND_UP
+#define ROUND_UP(__x, __y) \
+       (((ULONG)((__x)+((__y)-1))) & ((ULONG)~((__y)-1)))
+#endif
+
+#define        SET_UINT16_TO_ARRARY(_V, _LEN)          \
+{                                                                                      \
+       _V[0] = (_LEN & 0xFF00) >> 8;                   \
+       _V[1] = (_LEN & 0xFF);                                  \
+}
+
+#define        INC_UINT16_TO_ARRARY(_V, _LEN)                  \
+{                                                                                              \
+       UINT16  var_len;                                                        \
+                                                                                               \
+       var_len = (_V[0]<<8) | (_V[1]);                         \
+       var_len += _LEN;                                                        \
+                                                                                               \
+       _V[0] = (var_len & 0xFF00) >> 8;                        \
+       _V[1] = (var_len & 0xFF);                                       \
+}
+
+#define        CONV_ARRARY_TO_UINT16(_V)       ((_V[0]<<8) | (_V[1]))
+
+
+#define        ADD_ONE_To_64BIT_VAR(_V)                \
+{                                                                              \
+       UCHAR   cnt = LEN_KEY_DESC_REPLAY;      \
+       do                                                                      \
+       {                                                                       \
+               cnt--;                                                  \
+               _V[cnt]++;                                              \
+               if (cnt == 0)                                   \
+                       break;                                          \
+       }while (_V[cnt] == 0);                          \
+}
+
+#define IS_WPA_CAPABILITY(a)       (((a) >= Ndis802_11AuthModeWPA) && ((a) <= Ndis802_11AuthModeWPA1PSKWPA2PSK))
+
+// EAPOL Key Information definition within Key descriptor format
+typedef        struct PACKED _KEY_INFO
+{
+#ifdef RT_BIG_ENDIAN
+       UCHAR   KeyAck:1;
+    UCHAR      Install:1;
+    UCHAR      KeyIndex:2;
+    UCHAR      KeyType:1;
+    UCHAR      KeyDescVer:3;
+    UCHAR      Rsvd:3;
+    UCHAR      EKD_DL:1;               // EKD for AP; DL for STA
+    UCHAR      Request:1;
+    UCHAR      Error:1;
+    UCHAR      Secure:1;
+    UCHAR      KeyMic:1;
+#else
+       UCHAR   KeyMic:1;
+       UCHAR   Secure:1;
+       UCHAR   Error:1;
+       UCHAR   Request:1;
+       UCHAR   EKD_DL:1;       // EKD for AP; DL for STA
+       UCHAR   Rsvd:3;
+       UCHAR   KeyDescVer:3;
+       UCHAR   KeyType:1;
+       UCHAR   KeyIndex:2;
+       UCHAR   Install:1;
+       UCHAR   KeyAck:1;
+#endif
+}      KEY_INFO, *PKEY_INFO;
+
+// EAPOL Key descriptor format
+typedef        struct PACKED _KEY_DESCRIPTER
+{
+       UCHAR           Type;
+       KEY_INFO        KeyInfo;
+       UCHAR           KeyLength[2];
+       UCHAR           ReplayCounter[LEN_KEY_DESC_REPLAY];
+       UCHAR           KeyNonce[LEN_KEY_DESC_NONCE];
+       UCHAR           KeyIv[LEN_KEY_DESC_IV];
+       UCHAR           KeyRsc[LEN_KEY_DESC_RSC];
+       UCHAR           KeyId[LEN_KEY_DESC_ID];
+       UCHAR           KeyMic[LEN_KEY_DESC_MIC];
+       UCHAR           KeyDataLen[2];
+       UCHAR           KeyData[MAX_LEN_OF_RSNIE];
+}      KEY_DESCRIPTER, *PKEY_DESCRIPTER;
+
+typedef        struct PACKED _EAPOL_PACKET
+{
+       UCHAR                           ProVer;
+       UCHAR                           ProType;
+       UCHAR                           Body_Len[2];
+       KEY_DESCRIPTER          KeyDesc;
+}      EAPOL_PACKET, *PEAPOL_PACKET;
+
+//802.11i D10 page 83
+typedef struct PACKED _GTK_ENCAP
+{
+#ifndef RT_BIG_ENDIAN
+    UCHAR               Kid:2;
+    UCHAR               tx:1;
+    UCHAR               rsv:5;
+    UCHAR               rsv1;
+#else
+    UCHAR               rsv:5;
+    UCHAR               tx:1;
+    UCHAR               Kid:2;
+    UCHAR               rsv1;
+#endif
+    UCHAR               GTK[TKIP_GTK_LENGTH];
+}   GTK_ENCAP, *PGTK_ENCAP;
+
+typedef struct PACKED _KDE_ENCAP
+{
+    UCHAR               Type;
+    UCHAR               Len;
+    UCHAR               OUI[3];
+    UCHAR               DataType;
+    GTK_ENCAP      GTKEncap;
+}   KDE_ENCAP, *PKDE_ENCAP;
+
+// For WPA1
+typedef struct PACKED _RSNIE {
+    UCHAR   oui[4];
+    USHORT  version;
+    UCHAR   mcast[4];
+    USHORT  ucount;
+    struct PACKED {
+        UCHAR oui[4];
+    }ucast[1];
+} RSNIE, *PRSNIE;
+
+// For WPA2
+typedef struct PACKED _RSNIE2 {
+    USHORT  version;
+    UCHAR   mcast[4];
+    USHORT  ucount;
+    struct PACKED {
+        UCHAR oui[4];
+    }ucast[1];
+} RSNIE2, *PRSNIE2;
+
+// AKM Suite
+typedef struct PACKED _RSNIE_AUTH {
+    USHORT acount;
+    struct PACKED {
+        UCHAR oui[4];
+    }auth[1];
+} RSNIE_AUTH,*PRSNIE_AUTH;
+
+typedef        union PACKED _RSN_CAPABILITIES  {
+       struct  PACKED {
+#ifdef RT_BIG_ENDIAN
+        USHORT         Rsvd:10;
+        USHORT         GTKSA_R_Counter:2;
+        USHORT         PTKSA_R_Counter:2;
+        USHORT         No_Pairwise:1;
+               USHORT          PreAuth:1;
+#else
+        USHORT         PreAuth:1;
+               USHORT          No_Pairwise:1;
+               USHORT          PTKSA_R_Counter:2;
+               USHORT          GTKSA_R_Counter:2;
+               USHORT          Rsvd:10;
+#endif
+       }       field;
+       USHORT                  word;
+}      RSN_CAPABILITIES, *PRSN_CAPABILITIES;
+
+typedef struct PACKED _EAP_HDR {
+    UCHAR   ProVer;
+    UCHAR   ProType;
+    UCHAR   Body_Len[2];
+    UCHAR   code;
+    UCHAR   identifier;
+    UCHAR   length[2]; // including code and identifier, followed by length-2 octets of data
+} EAP_HDR, *PEAP_HDR;
+
+// For supplicant state machine states. 802.11i Draft 4.1, p. 97
+// We simplified it
+typedef        enum    _WpaState
+{
+       SS_NOTUSE,                              // 0
+       SS_START,                               // 1
+       SS_WAIT_MSG_3,                  // 2
+       SS_WAIT_GROUP,                  // 3
+       SS_FINISH,                      // 4
+       SS_KEYUPDATE,                   // 5
+}      WPA_STATE;
+
+//
+//     The definition of the cipher combination
+//
+//      bit3   bit2  bit1   bit0
+//     +------------+------------+
+//     |         WPA    |         WPA2   |
+//     +------+-----+------+-----+
+//     | TKIP | AES | TKIP | AES |
+//     |       0  |  1  |   1  |  0  | -> 0x06
+//     |       0  |  1  |   1  |  1  | -> 0x07
+//     |       1  |  0  |   0  |  1  | -> 0x09
+//     |       1  |  0  |   1  |  1  | -> 0x0B
+//     |       1  |  1  |   0  |  1  | -> 0x0D
+//     |       1  |  1  |   1  |  0  | -> 0x0E
+//     |       1  |  1  |   1  |  1  | -> 0x0F
+//     +------+-----+------+-----+
+//
+typedef        enum    _WpaMixPairCipher
+{
+       MIX_CIPHER_NOTUSE                       = 0x00,
+       WPA_NONE_WPA2_TKIPAES           = 0x03,         // WPA2-TKIPAES
+       WPA_AES_WPA2_TKIP                       = 0x06,
+       WPA_AES_WPA2_TKIPAES            = 0x07,
+       WPA_TKIP_WPA2_AES                       = 0x09,
+       WPA_TKIP_WPA2_TKIPAES           = 0x0B,
+       WPA_TKIPAES_WPA2_NONE           = 0x0C,         // WPA-TKIPAES
+       WPA_TKIPAES_WPA2_AES            = 0x0D,
+       WPA_TKIPAES_WPA2_TKIP           = 0x0E,
+       WPA_TKIPAES_WPA2_TKIPAES        = 0x0F,
+}      WPA_MIX_PAIR_CIPHER;
+
+typedef struct PACKED _RSN_IE_HEADER_STRUCT    {
+       UCHAR           Eid;
+       UCHAR           Length;
+       USHORT          Version;        // Little endian format
+}      RSN_IE_HEADER_STRUCT, *PRSN_IE_HEADER_STRUCT;
+
+// Cipher suite selector types
+typedef struct PACKED _CIPHER_SUITE_STRUCT     {
+       UCHAR           Oui[3];
+       UCHAR           Type;
+}      CIPHER_SUITE_STRUCT, *PCIPHER_SUITE_STRUCT;
+
+// Authentication and Key Management suite selector
+typedef struct PACKED _AKM_SUITE_STRUCT        {
+       UCHAR           Oui[3];
+       UCHAR           Type;
+}      AKM_SUITE_STRUCT, *PAKM_SUITE_STRUCT;
+
+// RSN capability
+typedef struct PACKED _RSN_CAPABILITY  {
+       USHORT          Rsv:10;
+       USHORT          GTKSAReplayCnt:2;
+       USHORT          PTKSAReplayCnt:2;
+       USHORT          NoPairwise:1;
+       USHORT          PreAuth:1;
+}      RSN_CAPABILITY, *PRSN_CAPABILITY;
+
+
+/*========================================
+       The prototype is defined in cmm_wpa.c
+  ========================================*/
+BOOLEAN WpaMsgTypeSubst(
+       IN  UCHAR   EAPType,
+       OUT INT         *MsgType);
+
+VOID    PRF(
+       IN  UCHAR   *key,
+       IN  INT     key_len,
+       IN  UCHAR   *prefix,
+       IN  INT     prefix_len,
+       IN  UCHAR   *data,
+       IN  INT     data_len,
+       OUT UCHAR   *output,
+       IN  INT     len);
+
+int PasswordHash(
+       char *password,
+       unsigned char *ssid,
+       int ssidlength,
+       unsigned char *output);
+
+PUINT8 GetSuiteFromRSNIE(
+               IN      PUINT8  rsnie,
+               IN      UINT    rsnie_len,
+               IN      UINT8   type,
+               OUT     UINT8   *count);
+
+VOID WpaShowAllsuite(
+       IN      PUINT8  rsnie,
+       IN      UINT    rsnie_len);
+
+VOID RTMPInsertRSNIE(
+       IN PUCHAR pFrameBuf,
+       OUT PULONG pFrameLen,
+       IN PUINT8 rsnie_ptr,
+       IN UINT8  rsnie_len,
+       IN PUINT8 pmkid_ptr,
+       IN UINT8  pmkid_len);
+
+
+#endif