1 /*
2 * Driver interaction with Linux nl80211/cfg80211 - Scanning
3 * Copyright(c) 2015 Intel Deutschland GmbH
4 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
6 * Copyright (c) 2009-2010, Atheros Communications
7 *
8 * This software may be distributed under the terms of the BSD license.
9 * See README for more details.
10 */
11
12 #include "includes.h"
13 #include <time.h>
14 #include <netlink/genl/genl.h>
15
16 #include "utils/common.h"
17 #include "utils/eloop.h"
18 #include "common/ieee802_11_defs.h"
19 #include "common/ieee802_11_common.h"
20 #include "common/qca-vendor.h"
21 #include "driver_nl80211.h"
22
23
24 #define MAX_NL80211_NOISE_FREQS 50
25
26 struct nl80211_noise_info {
27 u32 freq[MAX_NL80211_NOISE_FREQS];
28 s8 noise[MAX_NL80211_NOISE_FREQS];
29 unsigned int count;
30 };
31
get_noise_for_scan_results(struct nl_msg * msg,void * arg)32 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
33 {
34 struct nlattr *tb[NL80211_ATTR_MAX + 1];
35 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
36 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
37 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
38 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
39 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
40 };
41 struct nl80211_noise_info *info = arg;
42
43 if (info->count >= MAX_NL80211_NOISE_FREQS)
44 return NL_STOP;
45
46 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
47 genlmsg_attrlen(gnlh, 0), NULL);
48
49 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
50 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
51 return NL_SKIP;
52 }
53
54 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
55 tb[NL80211_ATTR_SURVEY_INFO],
56 survey_policy)) {
57 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
58 "attributes");
59 return NL_SKIP;
60 }
61
62 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
63 return NL_SKIP;
64
65 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
66 return NL_SKIP;
67
68 info->freq[info->count] =
69 nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
70 info->noise[info->count] =
71 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
72 info->count++;
73
74 return NL_SKIP;
75 }
76
77
nl80211_get_noise_for_scan_results(struct wpa_driver_nl80211_data * drv,struct nl80211_noise_info * info)78 static int nl80211_get_noise_for_scan_results(
79 struct wpa_driver_nl80211_data *drv, struct nl80211_noise_info *info)
80 {
81 struct nl_msg *msg;
82
83 os_memset(info, 0, sizeof(*info));
84 msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
85 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, info);
86 }
87
88
nl80211_abort_scan(struct i802_bss * bss)89 static int nl80211_abort_scan(struct i802_bss *bss)
90 {
91 int ret;
92 struct nl_msg *msg;
93 struct wpa_driver_nl80211_data *drv = bss->drv;
94
95 wpa_printf(MSG_DEBUG, "nl80211: Abort scan");
96 msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ABORT_SCAN);
97 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
98 if (ret) {
99 wpa_printf(MSG_DEBUG, "nl80211: Abort scan failed: ret=%d (%s)",
100 ret, strerror(-ret));
101 }
102 return ret;
103 }
104
105
106 #ifdef CONFIG_DRIVER_NL80211_QCA
nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data * drv,u64 scan_cookie)107 static int nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data *drv,
108 u64 scan_cookie)
109 {
110 struct nl_msg *msg;
111 struct nlattr *params;
112 int ret;
113
114 wpa_printf(MSG_DEBUG, "nl80211: Abort vendor scan with cookie 0x%llx",
115 (long long unsigned int) scan_cookie);
116
117 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
118 if (!msg ||
119 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
120 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
121 QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN) ||
122 !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
123 nla_put_u64(msg, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, scan_cookie))
124 goto fail;
125
126 nla_nest_end(msg, params);
127
128 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
129 msg = NULL;
130 if (ret) {
131 wpa_printf(MSG_INFO,
132 "nl80211: Aborting vendor scan with cookie 0x%llx failed: ret=%d (%s)",
133 (long long unsigned int) scan_cookie, ret,
134 strerror(-ret));
135 goto fail;
136 }
137 return 0;
138 fail:
139 nlmsg_free(msg);
140 return -1;
141 }
142 #endif /* CONFIG_DRIVER_NL80211_QCA */
143
144
145 /**
146 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
147 * @eloop_ctx: Driver private data
148 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
149 *
150 * This function can be used as registered timeout when starting a scan to
151 * generate a scan completed event if the driver does not report this.
152 */
wpa_driver_nl80211_scan_timeout(void * eloop_ctx,void * timeout_ctx)153 void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
154 {
155 struct wpa_driver_nl80211_data *drv = eloop_ctx;
156
157 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout - try to abort it");
158 #ifdef CONFIG_DRIVER_NL80211_QCA
159 if (drv->vendor_scan_cookie &&
160 nl80211_abort_vendor_scan(drv, drv->vendor_scan_cookie) == 0)
161 return;
162 #endif /* CONFIG_DRIVER_NL80211_QCA */
163 if (!drv->vendor_scan_cookie &&
164 nl80211_abort_scan(drv->first_bss) == 0)
165 return;
166
167 wpa_printf(MSG_DEBUG, "nl80211: Failed to abort scan");
168
169 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED)
170 nl80211_restore_ap_mode(drv->first_bss);
171
172 wpa_printf(MSG_DEBUG, "nl80211: Try to get scan results");
173 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
174 }
175
176
177 static struct nl_msg *
nl80211_scan_common(struct i802_bss * bss,u8 cmd,struct wpa_driver_scan_params * params)178 nl80211_scan_common(struct i802_bss *bss, u8 cmd,
179 struct wpa_driver_scan_params *params)
180 {
181 struct wpa_driver_nl80211_data *drv = bss->drv;
182 struct nl_msg *msg;
183 size_t i;
184 u32 scan_flags = 0;
185
186 msg = nl80211_cmd_msg(bss, 0, cmd);
187 if (!msg)
188 return NULL;
189
190 if (params->num_ssids) {
191 struct nlattr *ssids;
192
193 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
194 if (ssids == NULL)
195 goto fail;
196 for (i = 0; i < params->num_ssids; i++) {
197 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
198 wpa_ssid_txt(params->ssids[i].ssid,
199 params->ssids[i].ssid_len));
200 if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
201 params->ssids[i].ssid))
202 goto fail;
203 }
204 nla_nest_end(msg, ssids);
205 } else {
206 wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
207 }
208
209 if (params->extra_ies) {
210 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
211 params->extra_ies, params->extra_ies_len);
212 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
213 params->extra_ies))
214 goto fail;
215 }
216
217 if (params->freqs) {
218 struct nlattr *freqs;
219 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
220 if (freqs == NULL)
221 goto fail;
222 for (i = 0; params->freqs[i]; i++) {
223 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
224 "MHz", params->freqs[i]);
225 if (nla_put_u32(msg, i + 1, params->freqs[i]))
226 goto fail;
227 }
228 nla_nest_end(msg, freqs);
229 }
230
231 os_free(drv->filter_ssids);
232 drv->filter_ssids = params->filter_ssids;
233 params->filter_ssids = NULL;
234 drv->num_filter_ssids = params->num_filter_ssids;
235
236 if (!drv->hostapd && is_ap_interface(drv->nlmode)) {
237 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_AP");
238 scan_flags |= NL80211_SCAN_FLAG_AP;
239 }
240
241 if (params->only_new_results) {
242 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
243 scan_flags |= NL80211_SCAN_FLAG_FLUSH;
244 }
245
246 if (params->low_priority && drv->have_low_prio_scan) {
247 wpa_printf(MSG_DEBUG,
248 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
249 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
250 }
251
252 if (params->mac_addr_rand) {
253 wpa_printf(MSG_DEBUG,
254 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
255 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
256
257 if (params->mac_addr) {
258 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
259 MAC2STR(params->mac_addr));
260 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
261 params->mac_addr))
262 goto fail;
263 }
264
265 if (params->mac_addr_mask) {
266 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
267 MACSTR, MAC2STR(params->mac_addr_mask));
268 if (nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
269 params->mac_addr_mask))
270 goto fail;
271 }
272 }
273
274 if (params->duration) {
275 if (!(drv->capa.rrm_flags &
276 WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) ||
277 nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION,
278 params->duration))
279 goto fail;
280
281 if (params->duration_mandatory &&
282 nla_put_flag(msg,
283 NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY))
284 goto fail;
285 }
286
287 if (params->oce_scan) {
288 wpa_printf(MSG_DEBUG,
289 "nl80211: Add NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME");
290 wpa_printf(MSG_DEBUG,
291 "nl80211: Add NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP");
292 wpa_printf(MSG_DEBUG,
293 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_MIN_TX_RATE");
294 wpa_printf(MSG_DEBUG,
295 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION");
296 scan_flags |= NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME |
297 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP |
298 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE |
299 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION;
300 }
301
302 if (scan_flags &&
303 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags))
304 goto fail;
305
306 return msg;
307
308 fail:
309 nlmsg_free(msg);
310 return NULL;
311 }
312
313
314 /**
315 * wpa_driver_nl80211_scan - Request the driver to initiate scan
316 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
317 * @params: Scan parameters
318 * Returns: 0 on success, -1 on failure
319 */
wpa_driver_nl80211_scan(struct i802_bss * bss,struct wpa_driver_scan_params * params)320 int wpa_driver_nl80211_scan(struct i802_bss *bss,
321 struct wpa_driver_scan_params *params)
322 {
323 struct wpa_driver_nl80211_data *drv = bss->drv;
324 int ret = -1, timeout;
325 struct nl_msg *msg = NULL;
326
327 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
328 drv->scan_for_auth = 0;
329
330 if (TEST_FAIL())
331 return -1;
332
333 msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params);
334 if (!msg)
335 return -1;
336
337 if (params->p2p_probe) {
338 struct nlattr *rates;
339
340 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
341
342 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
343 if (rates == NULL)
344 goto fail;
345
346 /*
347 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
348 * by masking out everything else apart from the OFDM rates 6,
349 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
350 * rates are left enabled.
351 */
352 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
353 "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
354 goto fail;
355 nla_nest_end(msg, rates);
356
357 if (nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE))
358 goto fail;
359 }
360
361 if (params->bssid) {
362 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
363 MACSTR, MAC2STR(params->bssid));
364 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
365 goto fail;
366 }
367
368 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
369 msg = NULL;
370 if (ret) {
371 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
372 "(%s)", ret, strerror(-ret));
373 if (drv->hostapd && is_ap_interface(drv->nlmode)) {
374 enum nl80211_iftype old_mode = drv->nlmode;
375
376 /*
377 * mac80211 does not allow scan requests in AP mode, so
378 * try to do this in station mode.
379 */
380 if (wpa_driver_nl80211_set_mode(
381 bss, NL80211_IFTYPE_STATION))
382 goto fail;
383
384 if (wpa_driver_nl80211_scan(bss, params)) {
385 wpa_driver_nl80211_set_mode(bss, old_mode);
386 goto fail;
387 }
388
389 /* Restore AP mode when processing scan results */
390 drv->ap_scan_as_station = old_mode;
391 ret = 0;
392 } else
393 goto fail;
394 }
395
396 drv->scan_state = SCAN_REQUESTED;
397 /* Not all drivers generate "scan completed" wireless event, so try to
398 * read results after a timeout. */
399 timeout = 10;
400 if (drv->scan_complete_events) {
401 /*
402 * The driver seems to deliver events to notify when scan is
403 * complete, so use longer timeout to avoid race conditions
404 * with scanning and following association request.
405 */
406 timeout = 30;
407 }
408 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
409 "seconds", ret, timeout);
410 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
411 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
412 drv, drv->ctx);
413 drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN;
414
415 fail:
416 nlmsg_free(msg);
417 return ret;
418 }
419
420
421 static int
nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data * drv,struct nl_msg * msg,struct wpa_driver_scan_params * params)422 nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data *drv,
423 struct nl_msg *msg,
424 struct wpa_driver_scan_params *params)
425 {
426 struct nlattr *plans;
427 struct sched_scan_plan *scan_plans = params->sched_scan_plans;
428 unsigned int i;
429
430 plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
431 if (!plans)
432 return -1;
433
434 for (i = 0; i < params->sched_scan_plans_num; i++) {
435 struct nlattr *plan = nla_nest_start(msg, i + 1);
436
437 if (!plan)
438 return -1;
439
440 if (!scan_plans[i].interval ||
441 scan_plans[i].interval >
442 drv->capa.max_sched_scan_plan_interval) {
443 wpa_printf(MSG_DEBUG,
444 "nl80211: sched scan plan no. %u: Invalid interval: %u",
445 i, scan_plans[i].interval);
446 return -1;
447 }
448
449 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
450 scan_plans[i].interval))
451 return -1;
452
453 if (scan_plans[i].iterations >
454 drv->capa.max_sched_scan_plan_iterations) {
455 wpa_printf(MSG_DEBUG,
456 "nl80211: sched scan plan no. %u: Invalid number of iterations: %u",
457 i, scan_plans[i].iterations);
458 return -1;
459 }
460
461 if (scan_plans[i].iterations &&
462 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
463 scan_plans[i].iterations))
464 return -1;
465
466 nla_nest_end(msg, plan);
467
468 /*
469 * All the scan plans must specify the number of iterations
470 * except the last plan, which will run infinitely. So if the
471 * number of iterations is not specified, this ought to be the
472 * last scan plan.
473 */
474 if (!scan_plans[i].iterations)
475 break;
476 }
477
478 if (i != params->sched_scan_plans_num - 1) {
479 wpa_printf(MSG_DEBUG,
480 "nl80211: All sched scan plans but the last must specify number of iterations");
481 return -1;
482 }
483
484 nla_nest_end(msg, plans);
485 return 0;
486 }
487
488
489 /**
490 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
491 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
492 * @params: Scan parameters
493 * Returns: 0 on success, -1 on failure or if not supported
494 */
wpa_driver_nl80211_sched_scan(void * priv,struct wpa_driver_scan_params * params)495 int wpa_driver_nl80211_sched_scan(void *priv,
496 struct wpa_driver_scan_params *params)
497 {
498 struct i802_bss *bss = priv;
499 struct wpa_driver_nl80211_data *drv = bss->drv;
500 int ret = -1;
501 struct nl_msg *msg;
502 size_t i;
503
504 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
505
506 #ifdef ANDROID
507 if (!drv->capa.sched_scan_supported)
508 return android_pno_start(bss, params);
509 #endif /* ANDROID */
510
511 if (!params->sched_scan_plans_num ||
512 params->sched_scan_plans_num > drv->capa.max_sched_scan_plans) {
513 wpa_printf(MSG_ERROR,
514 "nl80211: Invalid number of sched scan plans: %u",
515 params->sched_scan_plans_num);
516 return -1;
517 }
518
519 msg = nl80211_scan_common(bss, NL80211_CMD_START_SCHED_SCAN, params);
520 if (!msg)
521 goto fail;
522
523 if (drv->capa.max_sched_scan_plan_iterations) {
524 if (nl80211_sched_scan_add_scan_plans(drv, msg, params))
525 goto fail;
526 } else {
527 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
528 params->sched_scan_plans[0].interval * 1000))
529 goto fail;
530 }
531
532 if ((drv->num_filter_ssids &&
533 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
534 params->filter_rssi) {
535 struct nlattr *match_sets;
536 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
537 if (match_sets == NULL)
538 goto fail;
539
540 for (i = 0; i < drv->num_filter_ssids; i++) {
541 struct nlattr *match_set_ssid;
542 wpa_printf(MSG_MSGDUMP,
543 "nl80211: Sched scan filter SSID %s",
544 wpa_ssid_txt(drv->filter_ssids[i].ssid,
545 drv->filter_ssids[i].ssid_len));
546
547 match_set_ssid = nla_nest_start(msg, i + 1);
548 if (match_set_ssid == NULL ||
549 nla_put(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
550 drv->filter_ssids[i].ssid_len,
551 drv->filter_ssids[i].ssid) ||
552 (params->filter_rssi &&
553 nla_put_u32(msg,
554 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
555 params->filter_rssi)))
556 goto fail;
557
558 nla_nest_end(msg, match_set_ssid);
559 }
560
561 /*
562 * Due to backward compatibility code, newer kernels treat this
563 * matchset (with only an RSSI filter) as the default for all
564 * other matchsets, unless it's the only one, in which case the
565 * matchset will actually allow all SSIDs above the RSSI.
566 */
567 if (params->filter_rssi) {
568 struct nlattr *match_set_rssi;
569 match_set_rssi = nla_nest_start(msg, 0);
570 if (match_set_rssi == NULL ||
571 nla_put_u32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
572 params->filter_rssi))
573 goto fail;
574 wpa_printf(MSG_MSGDUMP,
575 "nl80211: Sched scan RSSI filter %d dBm",
576 params->filter_rssi);
577 nla_nest_end(msg, match_set_rssi);
578 }
579
580 nla_nest_end(msg, match_sets);
581 }
582
583 if (params->relative_rssi_set) {
584 struct nl80211_bss_select_rssi_adjust rssi_adjust;
585
586 os_memset(&rssi_adjust, 0, sizeof(rssi_adjust));
587 wpa_printf(MSG_DEBUG, "nl80211: Relative RSSI: %d",
588 params->relative_rssi);
589 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
590 params->relative_rssi))
591 goto fail;
592
593 if (params->relative_adjust_rssi) {
594 int pref_band_set = 1;
595
596 switch (params->relative_adjust_band) {
597 case WPA_SETBAND_5G:
598 rssi_adjust.band = NL80211_BAND_5GHZ;
599 break;
600 case WPA_SETBAND_2G:
601 rssi_adjust.band = NL80211_BAND_2GHZ;
602 break;
603 default:
604 pref_band_set = 0;
605 break;
606 }
607 rssi_adjust.delta = params->relative_adjust_rssi;
608
609 if (pref_band_set &&
610 nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
611 sizeof(rssi_adjust), &rssi_adjust))
612 goto fail;
613 }
614 }
615
616 if (params->sched_scan_start_delay &&
617 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY,
618 params->sched_scan_start_delay))
619 goto fail;
620
621 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
622
623 /* TODO: if we get an error here, we should fall back to normal scan */
624
625 msg = NULL;
626 if (ret) {
627 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
628 "ret=%d (%s)", ret, strerror(-ret));
629 goto fail;
630 }
631
632 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d)", ret);
633
634 fail:
635 nlmsg_free(msg);
636 return ret;
637 }
638
639
640 /**
641 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
642 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
643 * Returns: 0 on success, -1 on failure or if not supported
644 */
wpa_driver_nl80211_stop_sched_scan(void * priv)645 int wpa_driver_nl80211_stop_sched_scan(void *priv)
646 {
647 struct i802_bss *bss = priv;
648 struct wpa_driver_nl80211_data *drv = bss->drv;
649 int ret;
650 struct nl_msg *msg;
651
652 #ifdef ANDROID
653 if (!drv->capa.sched_scan_supported)
654 return android_pno_stop(bss);
655 #endif /* ANDROID */
656
657 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_STOP_SCHED_SCAN);
658 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
659 if (ret) {
660 wpa_printf(MSG_DEBUG,
661 "nl80211: Sched scan stop failed: ret=%d (%s)",
662 ret, strerror(-ret));
663 } else {
664 wpa_printf(MSG_DEBUG,
665 "nl80211: Sched scan stop sent");
666 }
667
668 return ret;
669 }
670
671
nl80211_scan_filtered(struct wpa_driver_nl80211_data * drv,const u8 * ie,size_t ie_len)672 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
673 const u8 *ie, size_t ie_len)
674 {
675 const u8 *ssid;
676 size_t i;
677
678 if (drv->filter_ssids == NULL)
679 return 0;
680
681 ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
682 if (ssid == NULL)
683 return 1;
684
685 for (i = 0; i < drv->num_filter_ssids; i++) {
686 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
687 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
688 0)
689 return 0;
690 }
691
692 return 1;
693 }
694
695
696 static struct wpa_scan_res *
nl80211_parse_bss_info(struct wpa_driver_nl80211_data * drv,struct nl_msg * msg)697 nl80211_parse_bss_info(struct wpa_driver_nl80211_data *drv,
698 struct nl_msg *msg)
699 {
700 struct nlattr *tb[NL80211_ATTR_MAX + 1];
701 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
702 struct nlattr *bss[NL80211_BSS_MAX + 1];
703 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
704 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
705 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
706 [NL80211_BSS_TSF] = { .type = NLA_U64 },
707 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
708 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
709 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
710 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
711 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
712 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
713 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
714 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
715 [NL80211_BSS_PARENT_TSF] = { .type = NLA_U64 },
716 [NL80211_BSS_PARENT_BSSID] = { .type = NLA_UNSPEC },
717 [NL80211_BSS_LAST_SEEN_BOOTTIME] = { .type = NLA_U64 },
718 };
719 struct wpa_scan_res *r;
720 const u8 *ie, *beacon_ie;
721 size_t ie_len, beacon_ie_len;
722 u8 *pos;
723
724 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
725 genlmsg_attrlen(gnlh, 0), NULL);
726 if (!tb[NL80211_ATTR_BSS])
727 return NULL;
728 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
729 bss_policy))
730 return NULL;
731 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
732 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
733 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
734 } else {
735 ie = NULL;
736 ie_len = 0;
737 }
738 if (bss[NL80211_BSS_BEACON_IES]) {
739 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
740 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
741 } else {
742 beacon_ie = NULL;
743 beacon_ie_len = 0;
744 }
745
746 if (nl80211_scan_filtered(drv, ie ? ie : beacon_ie,
747 ie ? ie_len : beacon_ie_len))
748 return NULL;
749
750 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
751 if (r == NULL)
752 return NULL;
753 if (bss[NL80211_BSS_BSSID])
754 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
755 ETH_ALEN);
756 if (bss[NL80211_BSS_FREQUENCY])
757 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
758 if (bss[NL80211_BSS_BEACON_INTERVAL])
759 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
760 if (bss[NL80211_BSS_CAPABILITY])
761 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
762 r->flags |= WPA_SCAN_NOISE_INVALID;
763 if (bss[NL80211_BSS_SIGNAL_MBM]) {
764 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
765 r->level /= 100; /* mBm to dBm */
766 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
767 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
768 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
769 r->flags |= WPA_SCAN_QUAL_INVALID;
770 } else
771 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
772 if (bss[NL80211_BSS_TSF])
773 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
774 if (bss[NL80211_BSS_BEACON_TSF]) {
775 u64 tsf = nla_get_u64(bss[NL80211_BSS_BEACON_TSF]);
776 if (tsf > r->tsf)
777 r->tsf = tsf;
778 }
779 if (bss[NL80211_BSS_SEEN_MS_AGO])
780 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
781 if (bss[NL80211_BSS_LAST_SEEN_BOOTTIME]) {
782 u64 boottime;
783 struct timespec ts;
784
785 #ifndef CLOCK_BOOTTIME
786 #define CLOCK_BOOTTIME 7
787 #endif
788 if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) {
789 /* Use more accurate boottime information to update the
790 * scan result age since the driver reports this and
791 * CLOCK_BOOTTIME is available. */
792 boottime = nla_get_u64(
793 bss[NL80211_BSS_LAST_SEEN_BOOTTIME]);
794 r->age = ((u64) ts.tv_sec * 1000000000 +
795 ts.tv_nsec - boottime) / 1000000;
796 }
797 }
798 r->ie_len = ie_len;
799 pos = (u8 *) (r + 1);
800 if (ie) {
801 os_memcpy(pos, ie, ie_len);
802 pos += ie_len;
803 }
804 r->beacon_ie_len = beacon_ie_len;
805 if (beacon_ie)
806 os_memcpy(pos, beacon_ie, beacon_ie_len);
807
808 if (bss[NL80211_BSS_STATUS]) {
809 enum nl80211_bss_status status;
810 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
811 switch (status) {
812 case NL80211_BSS_STATUS_ASSOCIATED:
813 r->flags |= WPA_SCAN_ASSOCIATED;
814 break;
815 default:
816 break;
817 }
818 }
819
820 if (bss[NL80211_BSS_PARENT_TSF] && bss[NL80211_BSS_PARENT_BSSID]) {
821 r->parent_tsf = nla_get_u64(bss[NL80211_BSS_PARENT_TSF]);
822 os_memcpy(r->tsf_bssid, nla_data(bss[NL80211_BSS_PARENT_BSSID]),
823 ETH_ALEN);
824 }
825
826 return r;
827 }
828
829
830 struct nl80211_bss_info_arg {
831 struct wpa_driver_nl80211_data *drv;
832 struct wpa_scan_results *res;
833 };
834
bss_info_handler(struct nl_msg * msg,void * arg)835 static int bss_info_handler(struct nl_msg *msg, void *arg)
836 {
837 struct nl80211_bss_info_arg *_arg = arg;
838 struct wpa_scan_results *res = _arg->res;
839 struct wpa_scan_res **tmp;
840 struct wpa_scan_res *r;
841
842 r = nl80211_parse_bss_info(_arg->drv, msg);
843 if (!r)
844 return NL_SKIP;
845
846 if (!res) {
847 os_free(r);
848 return NL_SKIP;
849 }
850 tmp = os_realloc_array(res->res, res->num + 1,
851 sizeof(struct wpa_scan_res *));
852 if (tmp == NULL) {
853 os_free(r);
854 return NL_SKIP;
855 }
856 tmp[res->num++] = r;
857 res->res = tmp;
858
859 return NL_SKIP;
860 }
861
862
clear_state_mismatch(struct wpa_driver_nl80211_data * drv,const u8 * addr)863 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
864 const u8 *addr)
865 {
866 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
867 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
868 "mismatch (" MACSTR ")", MAC2STR(addr));
869 wpa_driver_nl80211_mlme(drv, addr,
870 NL80211_CMD_DEAUTHENTICATE,
871 WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
872 get_connect_handle(drv->first_bss));
873 }
874 }
875
876
nl80211_check_bss_status(struct wpa_driver_nl80211_data * drv,struct wpa_scan_res * r)877 static void nl80211_check_bss_status(struct wpa_driver_nl80211_data *drv,
878 struct wpa_scan_res *r)
879 {
880 if (!(r->flags & WPA_SCAN_ASSOCIATED))
881 return;
882
883 wpa_printf(MSG_DEBUG, "nl80211: Scan results indicate BSS status with "
884 MACSTR " as associated", MAC2STR(r->bssid));
885 if (is_sta_interface(drv->nlmode) && !drv->associated) {
886 wpa_printf(MSG_DEBUG,
887 "nl80211: Local state (not associated) does not match with BSS state");
888 clear_state_mismatch(drv, r->bssid);
889 } else if (is_sta_interface(drv->nlmode) &&
890 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 0) {
891 wpa_printf(MSG_DEBUG,
892 "nl80211: Local state (associated with " MACSTR
893 ") does not match with BSS state",
894 MAC2STR(drv->bssid));
895 clear_state_mismatch(drv, r->bssid);
896 clear_state_mismatch(drv, drv->bssid);
897 }
898 }
899
900
wpa_driver_nl80211_check_bss_status(struct wpa_driver_nl80211_data * drv,struct wpa_scan_results * res)901 static void wpa_driver_nl80211_check_bss_status(
902 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
903 {
904 size_t i;
905
906 for (i = 0; i < res->num; i++)
907 nl80211_check_bss_status(drv, res->res[i]);
908 }
909
910
nl80211_update_scan_res_noise(struct wpa_scan_res * res,struct nl80211_noise_info * info)911 static void nl80211_update_scan_res_noise(struct wpa_scan_res *res,
912 struct nl80211_noise_info *info)
913 {
914 unsigned int i;
915
916 for (i = 0; res && i < info->count; i++) {
917 if ((int) info->freq[i] != res->freq ||
918 !(res->flags & WPA_SCAN_NOISE_INVALID))
919 continue;
920 res->noise = info->noise[i];
921 res->flags &= ~WPA_SCAN_NOISE_INVALID;
922 }
923 }
924
925
926 static struct wpa_scan_results *
nl80211_get_scan_results(struct wpa_driver_nl80211_data * drv)927 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
928 {
929 struct nl_msg *msg;
930 struct wpa_scan_results *res;
931 int ret;
932 struct nl80211_bss_info_arg arg;
933 int count = 0;
934
935 try_again:
936 res = os_zalloc(sizeof(*res));
937 if (res == NULL)
938 return NULL;
939 if (!(msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP,
940 NL80211_CMD_GET_SCAN))) {
941 wpa_scan_results_free(res);
942 return NULL;
943 }
944
945 arg.drv = drv;
946 arg.res = res;
947 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
948 if (ret == -EAGAIN) {
949 count++;
950 if (count >= 10) {
951 wpa_printf(MSG_INFO,
952 "nl80211: Failed to receive consistent scan result dump");
953 } else {
954 wpa_printf(MSG_DEBUG,
955 "nl80211: Failed to receive consistent scan result dump - try again");
956 wpa_scan_results_free(res);
957 goto try_again;
958 }
959 }
960 if (ret == 0) {
961 struct nl80211_noise_info info;
962
963 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
964 "BSSes)", (unsigned long) res->num);
965 if (nl80211_get_noise_for_scan_results(drv, &info) == 0) {
966 size_t i;
967
968 for (i = 0; i < res->num; ++i)
969 nl80211_update_scan_res_noise(res->res[i],
970 &info);
971 }
972 return res;
973 }
974 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
975 "(%s)", ret, strerror(-ret));
976 wpa_scan_results_free(res);
977 return NULL;
978 }
979
980
981 /**
982 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
983 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
984 * Returns: Scan results on success, -1 on failure
985 */
wpa_driver_nl80211_get_scan_results(void * priv)986 struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv)
987 {
988 struct i802_bss *bss = priv;
989 struct wpa_driver_nl80211_data *drv = bss->drv;
990 struct wpa_scan_results *res;
991
992 res = nl80211_get_scan_results(drv);
993 if (res)
994 wpa_driver_nl80211_check_bss_status(drv, res);
995 return res;
996 }
997
998
999 struct nl80211_dump_scan_ctx {
1000 struct wpa_driver_nl80211_data *drv;
1001 int idx;
1002 };
1003
nl80211_dump_scan_handler(struct nl_msg * msg,void * arg)1004 static int nl80211_dump_scan_handler(struct nl_msg *msg, void *arg)
1005 {
1006 struct nl80211_dump_scan_ctx *ctx = arg;
1007 struct wpa_scan_res *r;
1008
1009 r = nl80211_parse_bss_info(ctx->drv, msg);
1010 if (!r)
1011 return NL_SKIP;
1012 wpa_printf(MSG_DEBUG, "nl80211: %d " MACSTR " %d%s",
1013 ctx->idx, MAC2STR(r->bssid), r->freq,
1014 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
1015 ctx->idx++;
1016 os_free(r);
1017 return NL_SKIP;
1018 }
1019
1020
nl80211_dump_scan(struct wpa_driver_nl80211_data * drv)1021 void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
1022 {
1023 struct nl_msg *msg;
1024 struct nl80211_dump_scan_ctx ctx;
1025
1026 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
1027 ctx.drv = drv;
1028 ctx.idx = 0;
1029 msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1030 if (msg)
1031 send_and_recv_msgs(drv, msg, nl80211_dump_scan_handler, &ctx);
1032 }
1033
1034
wpa_driver_nl80211_abort_scan(void * priv,u64 scan_cookie)1035 int wpa_driver_nl80211_abort_scan(void *priv, u64 scan_cookie)
1036 {
1037 struct i802_bss *bss = priv;
1038 #ifdef CONFIG_DRIVER_NL80211_QCA
1039 struct wpa_driver_nl80211_data *drv = bss->drv;
1040
1041 /*
1042 * If scan_cookie is zero, a normal scan through kernel (cfg80211)
1043 * was triggered, hence abort the cfg80211 scan instead of the vendor
1044 * scan.
1045 */
1046 if (drv->scan_vendor_cmd_avail && scan_cookie)
1047 return nl80211_abort_vendor_scan(drv, scan_cookie);
1048 #endif /* CONFIG_DRIVER_NL80211_QCA */
1049 return nl80211_abort_scan(bss);
1050 }
1051
1052
1053 #ifdef CONFIG_DRIVER_NL80211_QCA
1054
scan_cookie_handler(struct nl_msg * msg,void * arg)1055 static int scan_cookie_handler(struct nl_msg *msg, void *arg)
1056 {
1057 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1058 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1059 u64 *cookie = arg;
1060
1061 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1062 genlmsg_attrlen(gnlh, 0), NULL);
1063
1064 if (tb[NL80211_ATTR_VENDOR_DATA]) {
1065 struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA];
1066 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
1067
1068 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
1069 nla_data(nl_vendor), nla_len(nl_vendor), NULL);
1070
1071 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
1072 *cookie = nla_get_u64(
1073 tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
1074 }
1075
1076 return NL_SKIP;
1077 }
1078
1079
1080 /**
1081 * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan
1082 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
1083 * @params: Scan parameters
1084 * Returns: 0 on success, -1 on failure
1085 */
wpa_driver_nl80211_vendor_scan(struct i802_bss * bss,struct wpa_driver_scan_params * params)1086 int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss,
1087 struct wpa_driver_scan_params *params)
1088 {
1089 struct wpa_driver_nl80211_data *drv = bss->drv;
1090 struct nl_msg *msg = NULL;
1091 struct nlattr *attr;
1092 size_t i;
1093 u32 scan_flags = 0;
1094 int ret = -1;
1095 u64 cookie = 0;
1096
1097 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request");
1098 drv->scan_for_auth = 0;
1099
1100 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1101 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1102 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1103 QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) )
1104 goto fail;
1105
1106 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1107 if (attr == NULL)
1108 goto fail;
1109
1110 if (params->num_ssids) {
1111 struct nlattr *ssids;
1112
1113 ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS);
1114 if (ssids == NULL)
1115 goto fail;
1116 for (i = 0; i < params->num_ssids; i++) {
1117 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
1118 wpa_ssid_txt(params->ssids[i].ssid,
1119 params->ssids[i].ssid_len));
1120 if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
1121 params->ssids[i].ssid))
1122 goto fail;
1123 }
1124 nla_nest_end(msg, ssids);
1125 }
1126
1127 if (params->extra_ies) {
1128 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
1129 params->extra_ies, params->extra_ies_len);
1130 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE,
1131 params->extra_ies_len, params->extra_ies))
1132 goto fail;
1133 }
1134
1135 if (params->freqs) {
1136 struct nlattr *freqs;
1137
1138 freqs = nla_nest_start(msg,
1139 QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES);
1140 if (freqs == NULL)
1141 goto fail;
1142 for (i = 0; params->freqs[i]; i++) {
1143 wpa_printf(MSG_MSGDUMP,
1144 "nl80211: Scan frequency %u MHz",
1145 params->freqs[i]);
1146 if (nla_put_u32(msg, i + 1, params->freqs[i]))
1147 goto fail;
1148 }
1149 nla_nest_end(msg, freqs);
1150 }
1151
1152 os_free(drv->filter_ssids);
1153 drv->filter_ssids = params->filter_ssids;
1154 params->filter_ssids = NULL;
1155 drv->num_filter_ssids = params->num_filter_ssids;
1156
1157 if (params->low_priority && drv->have_low_prio_scan) {
1158 wpa_printf(MSG_DEBUG,
1159 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
1160 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
1161 }
1162
1163 if (params->mac_addr_rand) {
1164 wpa_printf(MSG_DEBUG,
1165 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
1166 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
1167
1168 if (params->mac_addr) {
1169 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
1170 MAC2STR(params->mac_addr));
1171 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC,
1172 ETH_ALEN, params->mac_addr))
1173 goto fail;
1174 }
1175
1176 if (params->mac_addr_mask) {
1177 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
1178 MACSTR, MAC2STR(params->mac_addr_mask));
1179 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK,
1180 ETH_ALEN, params->mac_addr_mask))
1181 goto fail;
1182 }
1183 }
1184
1185 if (scan_flags &&
1186 nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, scan_flags))
1187 goto fail;
1188
1189 if (params->p2p_probe) {
1190 struct nlattr *rates;
1191
1192 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
1193
1194 rates = nla_nest_start(msg,
1195 QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES);
1196 if (rates == NULL)
1197 goto fail;
1198
1199 /*
1200 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
1201 * by masking out everything else apart from the OFDM rates 6,
1202 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
1203 * rates are left enabled.
1204 */
1205 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
1206 "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
1207 goto fail;
1208 nla_nest_end(msg, rates);
1209
1210 if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE))
1211 goto fail;
1212 }
1213
1214 if (params->bssid) {
1215 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
1216 MACSTR, MAC2STR(params->bssid));
1217 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_BSSID, ETH_ALEN,
1218 params->bssid))
1219 goto fail;
1220 }
1221
1222 nla_nest_end(msg, attr);
1223
1224 ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie);
1225 msg = NULL;
1226 if (ret) {
1227 wpa_printf(MSG_DEBUG,
1228 "nl80211: Vendor scan trigger failed: ret=%d (%s)",
1229 ret, strerror(-ret));
1230 goto fail;
1231 }
1232
1233 drv->vendor_scan_cookie = cookie;
1234 drv->scan_state = SCAN_REQUESTED;
1235 /* Pass the cookie to the caller to help distinguish the scans. */
1236 params->scan_cookie = cookie;
1237
1238 wpa_printf(MSG_DEBUG,
1239 "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx",
1240 ret, (long long unsigned int) cookie);
1241 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1242 eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout,
1243 drv, drv->ctx);
1244 drv->last_scan_cmd = NL80211_CMD_VENDOR;
1245
1246 fail:
1247 nlmsg_free(msg);
1248 return ret;
1249 }
1250
1251
1252 /**
1253 * nl80211_set_default_scan_ies - Set the scan default IEs to the driver
1254 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1255 * @ies: Pointer to IEs buffer
1256 * @ies_len: Length of IEs in bytes
1257 * Returns: 0 on success, -1 on failure
1258 */
nl80211_set_default_scan_ies(void * priv,const u8 * ies,size_t ies_len)1259 int nl80211_set_default_scan_ies(void *priv, const u8 *ies, size_t ies_len)
1260 {
1261 struct i802_bss *bss = priv;
1262 struct wpa_driver_nl80211_data *drv = bss->drv;
1263 struct nl_msg *msg = NULL;
1264 struct nlattr *attr;
1265 int ret = -1;
1266
1267 if (!drv->set_wifi_conf_vendor_cmd_avail)
1268 return -1;
1269
1270 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1271 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1272 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1273 QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
1274 goto fail;
1275
1276 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1277 if (attr == NULL)
1278 goto fail;
1279
1280 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan default IEs", ies, ies_len);
1281 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES,
1282 ies_len, ies))
1283 goto fail;
1284
1285 nla_nest_end(msg, attr);
1286
1287 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1288 msg = NULL;
1289 if (ret) {
1290 wpa_printf(MSG_ERROR,
1291 "nl80211: Set scan default IEs failed: ret=%d (%s)",
1292 ret, strerror(-ret));
1293 goto fail;
1294 }
1295
1296 fail:
1297 nlmsg_free(msg);
1298 return ret;
1299 }
1300
1301 #endif /* CONFIG_DRIVER_NL80211_QCA */
1302