1/* 2 * Driver interaction with Linux nl80211/cfg80211 - Scanning 3 * Copyright(c) 2015 Intel Deutschland GmbH 4 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi> 5 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net> 6 * Copyright (c) 2009-2010, Atheros Communications 7 * 8 * This software may be distributed under the terms of the BSD license. 9 * See README for more details. 10 */ 11 12#include "includes.h" 13#include <time.h> 14#include <netlink/genl/genl.h> 15 16#include "utils/common.h" 17#include "utils/eloop.h" 18#include "common/ieee802_11_defs.h" 19#include "common/ieee802_11_common.h" 20#include "common/qca-vendor.h" 21#include "driver_nl80211.h" 22 23 24#define MAX_NL80211_NOISE_FREQS 50 25 26struct nl80211_noise_info { 27 u32 freq[MAX_NL80211_NOISE_FREQS]; 28 s8 noise[MAX_NL80211_NOISE_FREQS]; 29 unsigned int count; 30}; 31 32static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 33{ 34 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 35 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 36 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 37 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 38 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 39 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 40 }; 41 struct nl80211_noise_info *info = arg; 42 43 if (info->count >= MAX_NL80211_NOISE_FREQS) 44 return NL_STOP; 45 46 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 47 genlmsg_attrlen(gnlh, 0), NULL); 48 49 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 50 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 51 return NL_SKIP; 52 } 53 54 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 55 tb[NL80211_ATTR_SURVEY_INFO], 56 survey_policy)) { 57 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 58 "attributes"); 59 return NL_SKIP; 60 } 61 62 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 63 return NL_SKIP; 64 65 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 66 return NL_SKIP; 67 68 info->freq[info->count] = 69 nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 70 info->noise[info->count] = 71 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 72 info->count++; 73 74 return NL_SKIP; 75} 76 77 78static int nl80211_get_noise_for_scan_results( 79 struct wpa_driver_nl80211_data *drv, struct nl80211_noise_info *info) 80{ 81 struct nl_msg *msg; 82 83 os_memset(info, 0, sizeof(*info)); 84 msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 85 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, info, 86 NULL, NULL); 87} 88 89 90static int nl80211_abort_scan(struct i802_bss *bss) 91{ 92 int ret; 93 struct nl_msg *msg; 94 struct wpa_driver_nl80211_data *drv = bss->drv; 95 96 wpa_printf(MSG_DEBUG, "nl80211: Abort scan"); 97 msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ABORT_SCAN); 98 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 99 if (ret) { 100 wpa_printf(MSG_DEBUG, "nl80211: Abort scan failed: ret=%d (%s)", 101 ret, strerror(-ret)); 102 } 103 return ret; 104} 105 106 107#ifdef CONFIG_DRIVER_NL80211_QCA 108static int nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data *drv, 109 u64 scan_cookie) 110{ 111 struct nl_msg *msg; 112 struct nlattr *params; 113 int ret; 114 115 wpa_printf(MSG_DEBUG, "nl80211: Abort vendor scan with cookie 0x%llx", 116 (long long unsigned int) scan_cookie); 117 118 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR); 119 if (!msg || 120 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 121 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 122 QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN) || 123 !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) || 124 nla_put_u64(msg, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, scan_cookie)) 125 goto fail; 126 127 nla_nest_end(msg, params); 128 129 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 130 msg = NULL; 131 if (ret) { 132 wpa_printf(MSG_INFO, 133 "nl80211: Aborting vendor scan with cookie 0x%llx failed: ret=%d (%s)", 134 (long long unsigned int) scan_cookie, ret, 135 strerror(-ret)); 136 goto fail; 137 } 138 return 0; 139fail: 140 nlmsg_free(msg); 141 return -1; 142} 143#endif /* CONFIG_DRIVER_NL80211_QCA */ 144 145 146/** 147 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 148 * @eloop_ctx: Driver private data 149 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 150 * 151 * This function can be used as registered timeout when starting a scan to 152 * generate a scan completed event if the driver does not report this. 153 */ 154void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 155{ 156 struct wpa_driver_nl80211_data *drv = eloop_ctx; 157 158 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout - try to abort it"); 159#ifdef CONFIG_DRIVER_NL80211_QCA 160 if (drv->vendor_scan_cookie && 161 nl80211_abort_vendor_scan(drv, drv->vendor_scan_cookie) == 0) 162 return; 163#endif /* CONFIG_DRIVER_NL80211_QCA */ 164 if (!drv->vendor_scan_cookie && 165 nl80211_abort_scan(drv->first_bss) == 0) 166 return; 167 168 wpa_printf(MSG_DEBUG, "nl80211: Failed to abort scan"); 169 170 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) 171 nl80211_restore_ap_mode(drv->first_bss); 172 173 wpa_printf(MSG_DEBUG, "nl80211: Try to get scan results"); 174 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 175} 176 177 178static struct nl_msg * 179nl80211_scan_common(struct i802_bss *bss, u8 cmd, 180 struct wpa_driver_scan_params *params) 181{ 182 struct wpa_driver_nl80211_data *drv = bss->drv; 183 struct nl_msg *msg; 184 size_t i; 185 u32 scan_flags = 0; 186 187 msg = nl80211_cmd_msg(bss, 0, cmd); 188 if (!msg) 189 return NULL; 190 191 if (params->num_ssids) { 192 struct nlattr *ssids; 193 194 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 195 if (ssids == NULL) 196 goto fail; 197 for (i = 0; i < params->num_ssids; i++) { 198 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s", 199 wpa_ssid_txt(params->ssids[i].ssid, 200 params->ssids[i].ssid_len)); 201 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 202 params->ssids[i].ssid)) 203 goto fail; 204 } 205 nla_nest_end(msg, ssids); 206 } else { 207 wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested"); 208 } 209 210 if (params->extra_ies) { 211 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 212 params->extra_ies, params->extra_ies_len); 213 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 214 params->extra_ies)) 215 goto fail; 216 } 217 218 if (params->freqs) { 219 struct nlattr *freqs; 220 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 221 if (freqs == NULL) 222 goto fail; 223 for (i = 0; params->freqs[i]; i++) { 224 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 225 "MHz", params->freqs[i]); 226 if (nla_put_u32(msg, i + 1, params->freqs[i])) 227 goto fail; 228 } 229 nla_nest_end(msg, freqs); 230 } 231 232 os_free(drv->filter_ssids); 233 drv->filter_ssids = params->filter_ssids; 234 params->filter_ssids = NULL; 235 drv->num_filter_ssids = params->num_filter_ssids; 236 237 if (!drv->hostapd && is_ap_interface(drv->nlmode)) { 238 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_AP"); 239 scan_flags |= NL80211_SCAN_FLAG_AP; 240 } 241 242 if (params->only_new_results) { 243 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 244 scan_flags |= NL80211_SCAN_FLAG_FLUSH; 245 } 246 247 if (params->low_priority && drv->have_low_prio_scan) { 248 wpa_printf(MSG_DEBUG, 249 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 250 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 251 } 252 253 if (params->mac_addr_rand) { 254 wpa_printf(MSG_DEBUG, 255 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR"); 256 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR; 257 258 if (params->mac_addr) { 259 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR, 260 MAC2STR(params->mac_addr)); 261 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 262 params->mac_addr)) 263 goto fail; 264 } 265 266 if (params->mac_addr_mask) { 267 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: " 268 MACSTR, MAC2STR(params->mac_addr_mask)); 269 if (nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN, 270 params->mac_addr_mask)) 271 goto fail; 272 } 273 } 274 275 if (params->duration) { 276 if (!(drv->capa.rrm_flags & 277 WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) || 278 nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION, 279 params->duration)) 280 goto fail; 281 282 if (params->duration_mandatory && 283 nla_put_flag(msg, 284 NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY)) 285 goto fail; 286 } 287 288 if (params->oce_scan) { 289 wpa_printf(MSG_DEBUG, 290 "nl80211: Add NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME"); 291 wpa_printf(MSG_DEBUG, 292 "nl80211: Add NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP"); 293 wpa_printf(MSG_DEBUG, 294 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_MIN_TX_RATE"); 295 wpa_printf(MSG_DEBUG, 296 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION"); 297 scan_flags |= NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME | 298 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP | 299 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE | 300 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION; 301 } 302 303 if (scan_flags && 304 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags)) 305 goto fail; 306 307 return msg; 308 309fail: 310 nlmsg_free(msg); 311 return NULL; 312} 313 314 315/** 316 * wpa_driver_nl80211_scan - Request the driver to initiate scan 317 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 318 * @params: Scan parameters 319 * Returns: 0 on success, -1 on failure 320 */ 321int wpa_driver_nl80211_scan(struct i802_bss *bss, 322 struct wpa_driver_scan_params *params) 323{ 324 struct wpa_driver_nl80211_data *drv = bss->drv; 325 int ret = -1, timeout; 326 struct nl_msg *msg = NULL; 327 328 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 329 drv->scan_for_auth = 0; 330 331 if (TEST_FAIL()) 332 return -1; 333 334 msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params); 335 if (!msg) 336 return -1; 337 338 if (params->p2p_probe) { 339 struct nlattr *rates; 340 341 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 342 343 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 344 if (rates == NULL) 345 goto fail; 346 347 /* 348 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 349 * by masking out everything else apart from the OFDM rates 6, 350 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 351 * rates are left enabled. 352 */ 353 if (nla_put(msg, NL80211_BAND_2GHZ, 8, 354 "\x0c\x12\x18\x24\x30\x48\x60\x6c")) 355 goto fail; 356 nla_nest_end(msg, rates); 357 358 if (nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) 359 goto fail; 360 } 361 362 if (params->bssid) { 363 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: " 364 MACSTR, MAC2STR(params->bssid)); 365 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid)) 366 goto fail; 367 } 368 369 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 370 msg = NULL; 371 if (ret) { 372 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 373 "(%s)", ret, strerror(-ret)); 374 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 375 enum nl80211_iftype old_mode = drv->nlmode; 376 377 /* 378 * mac80211 does not allow scan requests in AP mode, so 379 * try to do this in station mode. 380 */ 381 if (wpa_driver_nl80211_set_mode( 382 bss, NL80211_IFTYPE_STATION)) 383 goto fail; 384 385 if (wpa_driver_nl80211_scan(bss, params)) { 386 wpa_driver_nl80211_set_mode(bss, old_mode); 387 goto fail; 388 } 389 390 /* Restore AP mode when processing scan results */ 391 drv->ap_scan_as_station = old_mode; 392 ret = 0; 393 } else 394 goto fail; 395 } 396 397 drv->scan_state = SCAN_REQUESTED; 398 /* Not all drivers generate "scan completed" wireless event, so try to 399 * read results after a timeout. */ 400 timeout = 10; 401 if (drv->scan_complete_events) { 402 /* 403 * The driver seems to deliver events to notify when scan is 404 * complete, so use longer timeout to avoid race conditions 405 * with scanning and following association request. 406 */ 407 timeout = 30; 408 } 409 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 410 "seconds", ret, timeout); 411 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 412 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 413 drv, drv->ctx); 414 drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN; 415 416fail: 417 nlmsg_free(msg); 418 return ret; 419} 420 421 422static int 423nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data *drv, 424 struct nl_msg *msg, 425 struct wpa_driver_scan_params *params) 426{ 427 struct nlattr *plans; 428 struct sched_scan_plan *scan_plans = params->sched_scan_plans; 429 unsigned int i; 430 431 plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 432 if (!plans) 433 return -1; 434 435 for (i = 0; i < params->sched_scan_plans_num; i++) { 436 struct nlattr *plan = nla_nest_start(msg, i + 1); 437 438 if (!plan) 439 return -1; 440 441 if (!scan_plans[i].interval || 442 scan_plans[i].interval > 443 drv->capa.max_sched_scan_plan_interval) { 444 wpa_printf(MSG_DEBUG, 445 "nl80211: sched scan plan no. %u: Invalid interval: %u", 446 i, scan_plans[i].interval); 447 return -1; 448 } 449 450 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 451 scan_plans[i].interval)) 452 return -1; 453 454 if (scan_plans[i].iterations > 455 drv->capa.max_sched_scan_plan_iterations) { 456 wpa_printf(MSG_DEBUG, 457 "nl80211: sched scan plan no. %u: Invalid number of iterations: %u", 458 i, scan_plans[i].iterations); 459 return -1; 460 } 461 462 if (scan_plans[i].iterations && 463 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 464 scan_plans[i].iterations)) 465 return -1; 466 467 nla_nest_end(msg, plan); 468 469 /* 470 * All the scan plans must specify the number of iterations 471 * except the last plan, which will run infinitely. So if the 472 * number of iterations is not specified, this ought to be the 473 * last scan plan. 474 */ 475 if (!scan_plans[i].iterations) 476 break; 477 } 478 479 if (i != params->sched_scan_plans_num - 1) { 480 wpa_printf(MSG_DEBUG, 481 "nl80211: All sched scan plans but the last must specify number of iterations"); 482 return -1; 483 } 484 485 nla_nest_end(msg, plans); 486 return 0; 487} 488 489 490/** 491 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 492 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 493 * @params: Scan parameters 494 * Returns: 0 on success, -1 on failure or if not supported 495 */ 496int wpa_driver_nl80211_sched_scan(void *priv, 497 struct wpa_driver_scan_params *params) 498{ 499 struct i802_bss *bss = priv; 500 struct wpa_driver_nl80211_data *drv = bss->drv; 501 int ret = -1; 502 struct nl_msg *msg; 503 size_t i; 504 505 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 506 507#ifdef ANDROID 508 if (!drv->capa.sched_scan_supported) 509 return android_pno_start(bss, params); 510#endif /* ANDROID */ 511 512 if (!params->sched_scan_plans_num || 513 params->sched_scan_plans_num > drv->capa.max_sched_scan_plans) { 514 wpa_printf(MSG_ERROR, 515 "nl80211: Invalid number of sched scan plans: %u", 516 params->sched_scan_plans_num); 517 return -1; 518 } 519 520 msg = nl80211_scan_common(bss, NL80211_CMD_START_SCHED_SCAN, params); 521 if (!msg) 522 goto fail; 523 524 if (drv->capa.max_sched_scan_plan_iterations) { 525 if (nl80211_sched_scan_add_scan_plans(drv, msg, params)) 526 goto fail; 527 } else { 528 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 529 params->sched_scan_plans[0].interval * 1000)) 530 goto fail; 531 } 532 533 if ((drv->num_filter_ssids && 534 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 535 params->filter_rssi) { 536 struct nlattr *match_sets; 537 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 538 if (match_sets == NULL) 539 goto fail; 540 541 for (i = 0; i < drv->num_filter_ssids; i++) { 542 struct nlattr *match_set_ssid; 543 wpa_printf(MSG_MSGDUMP, 544 "nl80211: Sched scan filter SSID %s", 545 wpa_ssid_txt(drv->filter_ssids[i].ssid, 546 drv->filter_ssids[i].ssid_len)); 547 548 match_set_ssid = nla_nest_start(msg, i + 1); 549 if (match_set_ssid == NULL || 550 nla_put(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 551 drv->filter_ssids[i].ssid_len, 552 drv->filter_ssids[i].ssid) || 553 (params->filter_rssi && 554 nla_put_u32(msg, 555 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 556 params->filter_rssi))) 557 goto fail; 558 559 nla_nest_end(msg, match_set_ssid); 560 } 561 562 /* 563 * Due to backward compatibility code, newer kernels treat this 564 * matchset (with only an RSSI filter) as the default for all 565 * other matchsets, unless it's the only one, in which case the 566 * matchset will actually allow all SSIDs above the RSSI. 567 */ 568 if (params->filter_rssi) { 569 struct nlattr *match_set_rssi; 570 match_set_rssi = nla_nest_start(msg, 0); 571 if (match_set_rssi == NULL || 572 nla_put_u32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 573 params->filter_rssi)) 574 goto fail; 575 wpa_printf(MSG_MSGDUMP, 576 "nl80211: Sched scan RSSI filter %d dBm", 577 params->filter_rssi); 578 nla_nest_end(msg, match_set_rssi); 579 } 580 581 nla_nest_end(msg, match_sets); 582 } 583 584 if (params->relative_rssi_set) { 585 struct nl80211_bss_select_rssi_adjust rssi_adjust; 586 587 os_memset(&rssi_adjust, 0, sizeof(rssi_adjust)); 588 wpa_printf(MSG_DEBUG, "nl80211: Relative RSSI: %d", 589 params->relative_rssi); 590 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 591 params->relative_rssi)) 592 goto fail; 593 594 if (params->relative_adjust_rssi) { 595 int pref_band_set = 1; 596 597 switch (params->relative_adjust_band) { 598 case WPA_SETBAND_5G: 599 rssi_adjust.band = NL80211_BAND_5GHZ; 600 break; 601 case WPA_SETBAND_2G: 602 rssi_adjust.band = NL80211_BAND_2GHZ; 603 break; 604 default: 605 pref_band_set = 0; 606 break; 607 } 608 rssi_adjust.delta = params->relative_adjust_rssi; 609 610 if (pref_band_set && 611 nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 612 sizeof(rssi_adjust), &rssi_adjust)) 613 goto fail; 614 } 615 } 616 617 if (params->sched_scan_start_delay && 618 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY, 619 params->sched_scan_start_delay)) 620 goto fail; 621 622 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 623 624 /* TODO: if we get an error here, we should fall back to normal scan */ 625 626 msg = NULL; 627 if (ret) { 628 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 629 "ret=%d (%s)", ret, strerror(-ret)); 630 goto fail; 631 } 632 633 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d)", ret); 634 635fail: 636 nlmsg_free(msg); 637 return ret; 638} 639 640 641/** 642 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 643 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 644 * Returns: 0 on success, -1 on failure or if not supported 645 */ 646int wpa_driver_nl80211_stop_sched_scan(void *priv) 647{ 648 struct i802_bss *bss = priv; 649 struct wpa_driver_nl80211_data *drv = bss->drv; 650 int ret; 651 struct nl_msg *msg; 652 653#ifdef ANDROID 654 if (!drv->capa.sched_scan_supported) 655 return android_pno_stop(bss); 656#endif /* ANDROID */ 657 658 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_STOP_SCHED_SCAN); 659 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 660 if (ret) { 661 wpa_printf(MSG_DEBUG, 662 "nl80211: Sched scan stop failed: ret=%d (%s)", 663 ret, strerror(-ret)); 664 } else { 665 wpa_printf(MSG_DEBUG, 666 "nl80211: Sched scan stop sent"); 667 } 668 669 return ret; 670} 671 672 673static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 674 const u8 *ie, size_t ie_len) 675{ 676 const u8 *ssid; 677 size_t i; 678 679 if (drv->filter_ssids == NULL) 680 return 0; 681 682 ssid = get_ie(ie, ie_len, WLAN_EID_SSID); 683 if (ssid == NULL) 684 return 1; 685 686 for (i = 0; i < drv->num_filter_ssids; i++) { 687 if (ssid[1] == drv->filter_ssids[i].ssid_len && 688 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 689 0) 690 return 0; 691 } 692 693 return 1; 694} 695 696 697static struct wpa_scan_res * 698nl80211_parse_bss_info(struct wpa_driver_nl80211_data *drv, 699 struct nl_msg *msg) 700{ 701 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 702 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 703 struct nlattr *bss[NL80211_BSS_MAX + 1]; 704 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 705 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 706 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 707 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 708 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 709 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 710 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 711 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 712 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 713 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 714 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 715 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 716 [NL80211_BSS_PARENT_TSF] = { .type = NLA_U64 }, 717 [NL80211_BSS_PARENT_BSSID] = { .type = NLA_UNSPEC }, 718 [NL80211_BSS_LAST_SEEN_BOOTTIME] = { .type = NLA_U64 }, 719 }; 720 struct wpa_scan_res *r; 721 const u8 *ie, *beacon_ie; 722 size_t ie_len, beacon_ie_len; 723 u8 *pos; 724 725 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 726 genlmsg_attrlen(gnlh, 0), NULL); 727 if (!tb[NL80211_ATTR_BSS]) 728 return NULL; 729 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 730 bss_policy)) 731 return NULL; 732 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 733 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 734 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 735 } else { 736 ie = NULL; 737 ie_len = 0; 738 } 739 if (bss[NL80211_BSS_BEACON_IES]) { 740 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 741 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 742 } else { 743 beacon_ie = NULL; 744 beacon_ie_len = 0; 745 } 746 747 if (nl80211_scan_filtered(drv, ie ? ie : beacon_ie, 748 ie ? ie_len : beacon_ie_len)) 749 return NULL; 750 751 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 752 if (r == NULL) 753 return NULL; 754 if (bss[NL80211_BSS_BSSID]) 755 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 756 ETH_ALEN); 757 if (bss[NL80211_BSS_FREQUENCY]) 758 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 759 if (bss[NL80211_BSS_BEACON_INTERVAL]) 760 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 761 if (bss[NL80211_BSS_CAPABILITY]) 762 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 763 r->flags |= WPA_SCAN_NOISE_INVALID; 764 if (bss[NL80211_BSS_SIGNAL_MBM]) { 765 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 766 r->level /= 100; /* mBm to dBm */ 767 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 768 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 769 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 770 r->flags |= WPA_SCAN_QUAL_INVALID; 771 } else 772 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 773 if (bss[NL80211_BSS_TSF]) 774 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 775 if (bss[NL80211_BSS_BEACON_TSF]) { 776 u64 tsf = nla_get_u64(bss[NL80211_BSS_BEACON_TSF]); 777 if (tsf > r->tsf) 778 r->tsf = tsf; 779 } 780 if (bss[NL80211_BSS_SEEN_MS_AGO]) 781 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 782 if (bss[NL80211_BSS_LAST_SEEN_BOOTTIME]) { 783 u64 boottime; 784 struct timespec ts; 785 786#ifndef CLOCK_BOOTTIME 787#define CLOCK_BOOTTIME 7 788#endif 789 if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) { 790 /* Use more accurate boottime information to update the 791 * scan result age since the driver reports this and 792 * CLOCK_BOOTTIME is available. */ 793 boottime = nla_get_u64( 794 bss[NL80211_BSS_LAST_SEEN_BOOTTIME]); 795 r->age = ((u64) ts.tv_sec * 1000000000 + 796 ts.tv_nsec - boottime) / 1000000; 797 } 798 } 799 r->ie_len = ie_len; 800 pos = (u8 *) (r + 1); 801 if (ie) { 802 os_memcpy(pos, ie, ie_len); 803 pos += ie_len; 804 } 805 r->beacon_ie_len = beacon_ie_len; 806 if (beacon_ie) 807 os_memcpy(pos, beacon_ie, beacon_ie_len); 808 809 if (bss[NL80211_BSS_STATUS]) { 810 enum nl80211_bss_status status; 811 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 812 switch (status) { 813 case NL80211_BSS_STATUS_ASSOCIATED: 814 r->flags |= WPA_SCAN_ASSOCIATED; 815 break; 816 default: 817 break; 818 } 819 } 820 821 if (bss[NL80211_BSS_PARENT_TSF] && bss[NL80211_BSS_PARENT_BSSID]) { 822 r->parent_tsf = nla_get_u64(bss[NL80211_BSS_PARENT_TSF]); 823 os_memcpy(r->tsf_bssid, nla_data(bss[NL80211_BSS_PARENT_BSSID]), 824 ETH_ALEN); 825 } 826 827 return r; 828} 829 830 831struct nl80211_bss_info_arg { 832 struct wpa_driver_nl80211_data *drv; 833 struct wpa_scan_results *res; 834}; 835 836static int bss_info_handler(struct nl_msg *msg, void *arg) 837{ 838 struct nl80211_bss_info_arg *_arg = arg; 839 struct wpa_scan_results *res = _arg->res; 840 struct wpa_scan_res **tmp; 841 struct wpa_scan_res *r; 842 843 r = nl80211_parse_bss_info(_arg->drv, msg); 844 if (!r) 845 return NL_SKIP; 846 847 if (!res) { 848 os_free(r); 849 return NL_SKIP; 850 } 851 tmp = os_realloc_array(res->res, res->num + 1, 852 sizeof(struct wpa_scan_res *)); 853 if (tmp == NULL) { 854 os_free(r); 855 return NL_SKIP; 856 } 857 tmp[res->num++] = r; 858 res->res = tmp; 859 860 return NL_SKIP; 861} 862 863 864static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 865 const u8 *addr) 866{ 867 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 868 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 869 "mismatch (" MACSTR ")", MAC2STR(addr)); 870 wpa_driver_nl80211_mlme(drv, addr, 871 NL80211_CMD_DEAUTHENTICATE, 872 WLAN_REASON_PREV_AUTH_NOT_VALID, 1, 873 drv->first_bss); 874 } 875} 876 877 878static void nl80211_check_bss_status(struct wpa_driver_nl80211_data *drv, 879 struct wpa_scan_res *r) 880{ 881 if (!(r->flags & WPA_SCAN_ASSOCIATED)) 882 return; 883 884 wpa_printf(MSG_DEBUG, "nl80211: Scan results indicate BSS status with " 885 MACSTR " as associated", MAC2STR(r->bssid)); 886 if (is_sta_interface(drv->nlmode) && !drv->associated) { 887 wpa_printf(MSG_DEBUG, 888 "nl80211: Local state (not associated) does not match with BSS state"); 889 clear_state_mismatch(drv, r->bssid); 890 } else if (is_sta_interface(drv->nlmode) && 891 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 0) { 892 wpa_printf(MSG_DEBUG, 893 "nl80211: Local state (associated with " MACSTR 894 ") does not match with BSS state", 895 MAC2STR(drv->bssid)); 896 clear_state_mismatch(drv, r->bssid); 897 clear_state_mismatch(drv, drv->bssid); 898 } 899} 900 901 902static void wpa_driver_nl80211_check_bss_status( 903 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 904{ 905 size_t i; 906 907 for (i = 0; i < res->num; i++) 908 nl80211_check_bss_status(drv, res->res[i]); 909} 910 911 912static void nl80211_update_scan_res_noise(struct wpa_scan_res *res, 913 struct nl80211_noise_info *info) 914{ 915 unsigned int i; 916 917 for (i = 0; res && i < info->count; i++) { 918 if ((int) info->freq[i] != res->freq || 919 !(res->flags & WPA_SCAN_NOISE_INVALID)) 920 continue; 921 res->noise = info->noise[i]; 922 res->flags &= ~WPA_SCAN_NOISE_INVALID; 923 } 924} 925 926 927static struct wpa_scan_results * 928nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 929{ 930 struct nl_msg *msg; 931 struct wpa_scan_results *res; 932 int ret; 933 struct nl80211_bss_info_arg arg; 934 int count = 0; 935 936try_again: 937 res = os_zalloc(sizeof(*res)); 938 if (res == NULL) 939 return NULL; 940 if (!(msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, 941 NL80211_CMD_GET_SCAN))) { 942 wpa_scan_results_free(res); 943 return NULL; 944 } 945 946 arg.drv = drv; 947 arg.res = res; 948 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg, NULL, NULL); 949 if (ret == -EAGAIN) { 950 count++; 951 if (count >= 10) { 952 wpa_printf(MSG_INFO, 953 "nl80211: Failed to receive consistent scan result dump"); 954 } else { 955 wpa_printf(MSG_DEBUG, 956 "nl80211: Failed to receive consistent scan result dump - try again"); 957 wpa_scan_results_free(res); 958 goto try_again; 959 } 960 } 961 if (ret == 0) { 962 struct nl80211_noise_info info; 963 964 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 965 "BSSes)", (unsigned long) res->num); 966 if (nl80211_get_noise_for_scan_results(drv, &info) == 0) { 967 size_t i; 968 969 for (i = 0; i < res->num; ++i) 970 nl80211_update_scan_res_noise(res->res[i], 971 &info); 972 } 973 return res; 974 } 975 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 976 "(%s)", ret, strerror(-ret)); 977 wpa_scan_results_free(res); 978 return NULL; 979} 980 981 982/** 983 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 984 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 985 * Returns: Scan results on success, -1 on failure 986 */ 987struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv) 988{ 989 struct i802_bss *bss = priv; 990 struct wpa_driver_nl80211_data *drv = bss->drv; 991 struct wpa_scan_results *res; 992 993 res = nl80211_get_scan_results(drv); 994 if (res) 995 wpa_driver_nl80211_check_bss_status(drv, res); 996 return res; 997} 998 999 1000struct nl80211_dump_scan_ctx { 1001 struct wpa_driver_nl80211_data *drv; 1002 int idx; 1003}; 1004 1005static int nl80211_dump_scan_handler(struct nl_msg *msg, void *arg) 1006{ 1007 struct nl80211_dump_scan_ctx *ctx = arg; 1008 struct wpa_scan_res *r; 1009 1010 r = nl80211_parse_bss_info(ctx->drv, msg); 1011 if (!r) 1012 return NL_SKIP; 1013 wpa_printf(MSG_DEBUG, "nl80211: %d " MACSTR " %d%s", 1014 ctx->idx, MAC2STR(r->bssid), r->freq, 1015 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 1016 ctx->idx++; 1017 os_free(r); 1018 return NL_SKIP; 1019} 1020 1021 1022void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 1023{ 1024 struct nl_msg *msg; 1025 struct nl80211_dump_scan_ctx ctx; 1026 1027 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 1028 ctx.drv = drv; 1029 ctx.idx = 0; 1030 msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 1031 if (msg) 1032 send_and_recv_msgs(drv, msg, nl80211_dump_scan_handler, &ctx, 1033 NULL, NULL); 1034} 1035 1036 1037int wpa_driver_nl80211_abort_scan(void *priv, u64 scan_cookie) 1038{ 1039 struct i802_bss *bss = priv; 1040#ifdef CONFIG_DRIVER_NL80211_QCA 1041 struct wpa_driver_nl80211_data *drv = bss->drv; 1042 1043 /* 1044 * If scan_cookie is zero, a normal scan through kernel (cfg80211) 1045 * was triggered, hence abort the cfg80211 scan instead of the vendor 1046 * scan. 1047 */ 1048 if (drv->scan_vendor_cmd_avail && scan_cookie) 1049 return nl80211_abort_vendor_scan(drv, scan_cookie); 1050#endif /* CONFIG_DRIVER_NL80211_QCA */ 1051 return nl80211_abort_scan(bss); 1052} 1053 1054 1055#ifdef CONFIG_DRIVER_NL80211_QCA 1056 1057static int scan_cookie_handler(struct nl_msg *msg, void *arg) 1058{ 1059 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1060 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1061 u64 *cookie = arg; 1062 1063 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1064 genlmsg_attrlen(gnlh, 0), NULL); 1065 1066 if (tb[NL80211_ATTR_VENDOR_DATA]) { 1067 struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA]; 1068 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1]; 1069 1070 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX, 1071 nla_data(nl_vendor), nla_len(nl_vendor), NULL); 1072 1073 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]) 1074 *cookie = nla_get_u64( 1075 tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]); 1076 } 1077 1078 return NL_SKIP; 1079} 1080 1081 1082/** 1083 * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan 1084 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 1085 * @params: Scan parameters 1086 * Returns: 0 on success, -1 on failure 1087 */ 1088int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss, 1089 struct wpa_driver_scan_params *params) 1090{ 1091 struct wpa_driver_nl80211_data *drv = bss->drv; 1092 struct nl_msg *msg = NULL; 1093 struct nlattr *attr; 1094 size_t i; 1095 u32 scan_flags = 0; 1096 int ret = -1; 1097 u64 cookie = 0; 1098 1099 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request"); 1100 drv->scan_for_auth = 0; 1101 1102 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) || 1103 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 1104 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 1105 QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) ) 1106 goto fail; 1107 1108 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1109 if (attr == NULL) 1110 goto fail; 1111 1112 if (params->num_ssids) { 1113 struct nlattr *ssids; 1114 1115 ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS); 1116 if (ssids == NULL) 1117 goto fail; 1118 for (i = 0; i < params->num_ssids; i++) { 1119 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s", 1120 wpa_ssid_txt(params->ssids[i].ssid, 1121 params->ssids[i].ssid_len)); 1122 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 1123 params->ssids[i].ssid)) 1124 goto fail; 1125 } 1126 nla_nest_end(msg, ssids); 1127 } 1128 1129 if (params->extra_ies) { 1130 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 1131 params->extra_ies, params->extra_ies_len); 1132 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE, 1133 params->extra_ies_len, params->extra_ies)) 1134 goto fail; 1135 } 1136 1137 if (params->freqs) { 1138 struct nlattr *freqs; 1139 1140 freqs = nla_nest_start(msg, 1141 QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES); 1142 if (freqs == NULL) 1143 goto fail; 1144 for (i = 0; params->freqs[i]; i++) { 1145 wpa_printf(MSG_MSGDUMP, 1146 "nl80211: Scan frequency %u MHz", 1147 params->freqs[i]); 1148 if (nla_put_u32(msg, i + 1, params->freqs[i])) 1149 goto fail; 1150 } 1151 nla_nest_end(msg, freqs); 1152 } 1153 1154 os_free(drv->filter_ssids); 1155 drv->filter_ssids = params->filter_ssids; 1156 params->filter_ssids = NULL; 1157 drv->num_filter_ssids = params->num_filter_ssids; 1158 1159 if (params->low_priority && drv->have_low_prio_scan) { 1160 wpa_printf(MSG_DEBUG, 1161 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 1162 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 1163 } 1164 1165 if (params->mac_addr_rand) { 1166 wpa_printf(MSG_DEBUG, 1167 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR"); 1168 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR; 1169 1170 if (params->mac_addr) { 1171 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR, 1172 MAC2STR(params->mac_addr)); 1173 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC, 1174 ETH_ALEN, params->mac_addr)) 1175 goto fail; 1176 } 1177 1178 if (params->mac_addr_mask) { 1179 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: " 1180 MACSTR, MAC2STR(params->mac_addr_mask)); 1181 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK, 1182 ETH_ALEN, params->mac_addr_mask)) 1183 goto fail; 1184 } 1185 } 1186 1187 if (scan_flags && 1188 nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, scan_flags)) 1189 goto fail; 1190 1191 if (params->p2p_probe) { 1192 struct nlattr *rates; 1193 1194 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 1195 1196 rates = nla_nest_start(msg, 1197 QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES); 1198 if (rates == NULL) 1199 goto fail; 1200 1201 /* 1202 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 1203 * by masking out everything else apart from the OFDM rates 6, 1204 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 1205 * rates are left enabled. 1206 */ 1207 if (nla_put(msg, NL80211_BAND_2GHZ, 8, 1208 "\x0c\x12\x18\x24\x30\x48\x60\x6c")) 1209 goto fail; 1210 nla_nest_end(msg, rates); 1211 1212 if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE)) 1213 goto fail; 1214 } 1215 1216 if (params->bssid) { 1217 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: " 1218 MACSTR, MAC2STR(params->bssid)); 1219 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_BSSID, ETH_ALEN, 1220 params->bssid)) 1221 goto fail; 1222 } 1223 1224 nla_nest_end(msg, attr); 1225 1226 ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie, 1227 NULL, NULL); 1228 msg = NULL; 1229 if (ret) { 1230 wpa_printf(MSG_DEBUG, 1231 "nl80211: Vendor scan trigger failed: ret=%d (%s)", 1232 ret, strerror(-ret)); 1233 goto fail; 1234 } 1235 1236 drv->vendor_scan_cookie = cookie; 1237 drv->scan_state = SCAN_REQUESTED; 1238 /* Pass the cookie to the caller to help distinguish the scans. */ 1239 params->scan_cookie = cookie; 1240 1241 wpa_printf(MSG_DEBUG, 1242 "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx", 1243 ret, (long long unsigned int) cookie); 1244 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1245 eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout, 1246 drv, drv->ctx); 1247 drv->last_scan_cmd = NL80211_CMD_VENDOR; 1248 1249fail: 1250 nlmsg_free(msg); 1251 return ret; 1252} 1253 1254 1255/** 1256 * nl80211_set_default_scan_ies - Set the scan default IEs to the driver 1257 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 1258 * @ies: Pointer to IEs buffer 1259 * @ies_len: Length of IEs in bytes 1260 * Returns: 0 on success, -1 on failure 1261 */ 1262int nl80211_set_default_scan_ies(void *priv, const u8 *ies, size_t ies_len) 1263{ 1264 struct i802_bss *bss = priv; 1265 struct wpa_driver_nl80211_data *drv = bss->drv; 1266 struct nl_msg *msg = NULL; 1267 struct nlattr *attr; 1268 int ret = -1; 1269 1270 if (!drv->set_wifi_conf_vendor_cmd_avail) 1271 return -1; 1272 1273 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) || 1274 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 1275 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 1276 QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION)) 1277 goto fail; 1278 1279 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1280 if (attr == NULL) 1281 goto fail; 1282 1283 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan default IEs", ies, ies_len); 1284 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES, 1285 ies_len, ies)) 1286 goto fail; 1287 1288 nla_nest_end(msg, attr); 1289 1290 ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL); 1291 msg = NULL; 1292 if (ret) { 1293 wpa_printf(MSG_ERROR, 1294 "nl80211: Set scan default IEs failed: ret=%d (%s)", 1295 ret, strerror(-ret)); 1296 goto fail; 1297 } 1298 1299fail: 1300 nlmsg_free(msg); 1301 return ret; 1302} 1303 1304#endif /* CONFIG_DRIVER_NL80211_QCA */ 1305