Home | History | Annotate | Download | only in wpa_supplicant
      1 /*
      2  * BSS table
      3  * Copyright (c) 2009-2012, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "utils/includes.h"
     10 
     11 #include "utils/common.h"
     12 #include "utils/eloop.h"
     13 #include "common/ieee802_11_defs.h"
     14 #include "drivers/driver.h"
     15 #include "wpa_supplicant_i.h"
     16 #include "config.h"
     17 #include "notify.h"
     18 #include "scan.h"
     19 #include "bss.h"
     20 
     21 
     22 /**
     23  * WPA_BSS_EXPIRATION_PERIOD - Period of expiration run in seconds
     24  */
     25 #define WPA_BSS_EXPIRATION_PERIOD 10
     26 
     27 #define WPA_BSS_FREQ_CHANGED_FLAG	BIT(0)
     28 #define WPA_BSS_SIGNAL_CHANGED_FLAG	BIT(1)
     29 #define WPA_BSS_PRIVACY_CHANGED_FLAG	BIT(2)
     30 #define WPA_BSS_MODE_CHANGED_FLAG	BIT(3)
     31 #define WPA_BSS_WPAIE_CHANGED_FLAG	BIT(4)
     32 #define WPA_BSS_RSNIE_CHANGED_FLAG	BIT(5)
     33 #define WPA_BSS_WPS_CHANGED_FLAG	BIT(6)
     34 #define WPA_BSS_RATES_CHANGED_FLAG	BIT(7)
     35 #define WPA_BSS_IES_CHANGED_FLAG	BIT(8)
     36 
     37 
     38 static void wpa_bss_set_hessid(struct wpa_bss *bss)
     39 {
     40 #ifdef CONFIG_INTERWORKING
     41 	const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
     42 	if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
     43 		os_memset(bss->hessid, 0, ETH_ALEN);
     44 		return;
     45 	}
     46 	if (ie[1] == 7)
     47 		os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
     48 	else
     49 		os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
     50 #endif /* CONFIG_INTERWORKING */
     51 }
     52 
     53 
     54 /**
     55  * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
     56  * Returns: Allocated ANQP data structure or %NULL on failure
     57  *
     58  * The allocated ANQP data structure has its users count set to 1. It may be
     59  * shared by multiple BSS entries and each shared entry is freed with
     60  * wpa_bss_anqp_free().
     61  */
     62 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
     63 {
     64 	struct wpa_bss_anqp *anqp;
     65 	anqp = os_zalloc(sizeof(*anqp));
     66 	if (anqp == NULL)
     67 		return NULL;
     68 	anqp->users = 1;
     69 	return anqp;
     70 }
     71 
     72 
     73 /**
     74  * wpa_bss_anqp_clone - Clone an ANQP data structure
     75  * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
     76  * Returns: Cloned ANQP data structure or %NULL on failure
     77  */
     78 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
     79 {
     80 	struct wpa_bss_anqp *n;
     81 
     82 	n = os_zalloc(sizeof(*n));
     83 	if (n == NULL)
     84 		return NULL;
     85 
     86 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
     87 #ifdef CONFIG_INTERWORKING
     88 	ANQP_DUP(venue_name);
     89 	ANQP_DUP(network_auth_type);
     90 	ANQP_DUP(roaming_consortium);
     91 	ANQP_DUP(ip_addr_type_availability);
     92 	ANQP_DUP(nai_realm);
     93 	ANQP_DUP(anqp_3gpp);
     94 	ANQP_DUP(domain_name);
     95 #endif /* CONFIG_INTERWORKING */
     96 #ifdef CONFIG_HS20
     97 	ANQP_DUP(hs20_operator_friendly_name);
     98 	ANQP_DUP(hs20_wan_metrics);
     99 	ANQP_DUP(hs20_connection_capability);
    100 	ANQP_DUP(hs20_operating_class);
    101 #endif /* CONFIG_HS20 */
    102 #undef ANQP_DUP
    103 
    104 	return n;
    105 }
    106 
    107 
    108 /**
    109  * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
    110  * @bss: BSS entry
    111  * Returns: 0 on success, -1 on failure
    112  *
    113  * This function ensures the specific BSS entry has an ANQP data structure that
    114  * is not shared with any other BSS entry.
    115  */
    116 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
    117 {
    118 	struct wpa_bss_anqp *anqp;
    119 
    120 	if (bss->anqp && bss->anqp->users > 1) {
    121 		/* allocated, but shared - clone an unshared copy */
    122 		anqp = wpa_bss_anqp_clone(bss->anqp);
    123 		if (anqp == NULL)
    124 			return -1;
    125 		anqp->users = 1;
    126 		bss->anqp->users--;
    127 		bss->anqp = anqp;
    128 		return 0;
    129 	}
    130 
    131 	if (bss->anqp)
    132 		return 0; /* already allocated and not shared */
    133 
    134 	/* not allocated - allocate a new storage area */
    135 	bss->anqp = wpa_bss_anqp_alloc();
    136 	return bss->anqp ? 0 : -1;
    137 }
    138 
    139 
    140 /**
    141  * wpa_bss_anqp_free - Free an ANQP data structure
    142  * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
    143  */
    144 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
    145 {
    146 	if (anqp == NULL)
    147 		return;
    148 
    149 	anqp->users--;
    150 	if (anqp->users > 0) {
    151 		/* Another BSS entry holds a pointer to this ANQP info */
    152 		return;
    153 	}
    154 
    155 #ifdef CONFIG_INTERWORKING
    156 	wpabuf_free(anqp->venue_name);
    157 	wpabuf_free(anqp->network_auth_type);
    158 	wpabuf_free(anqp->roaming_consortium);
    159 	wpabuf_free(anqp->ip_addr_type_availability);
    160 	wpabuf_free(anqp->nai_realm);
    161 	wpabuf_free(anqp->anqp_3gpp);
    162 	wpabuf_free(anqp->domain_name);
    163 #endif /* CONFIG_INTERWORKING */
    164 #ifdef CONFIG_HS20
    165 	wpabuf_free(anqp->hs20_operator_friendly_name);
    166 	wpabuf_free(anqp->hs20_wan_metrics);
    167 	wpabuf_free(anqp->hs20_connection_capability);
    168 	wpabuf_free(anqp->hs20_operating_class);
    169 #endif /* CONFIG_HS20 */
    170 
    171 	os_free(anqp);
    172 }
    173 
    174 
    175 static void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
    176 			   const char *reason)
    177 {
    178 	if (wpa_s->last_scan_res) {
    179 		unsigned int i;
    180 		for (i = 0; i < wpa_s->last_scan_res_used; i++) {
    181 			if (wpa_s->last_scan_res[i] == bss) {
    182 				os_memmove(&wpa_s->last_scan_res[i],
    183 					   &wpa_s->last_scan_res[i + 1],
    184 					   (wpa_s->last_scan_res_used - i - 1)
    185 					   * sizeof(struct wpa_bss *));
    186 				wpa_s->last_scan_res_used--;
    187 				break;
    188 			}
    189 		}
    190 	}
    191 	dl_list_del(&bss->list);
    192 	dl_list_del(&bss->list_id);
    193 	wpa_s->num_bss--;
    194 	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
    195 		" SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
    196 		wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
    197 	wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
    198 	wpa_bss_anqp_free(bss->anqp);
    199 	os_free(bss);
    200 }
    201 
    202 
    203 /**
    204  * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
    205  * @wpa_s: Pointer to wpa_supplicant data
    206  * @bssid: BSSID
    207  * @ssid: SSID
    208  * @ssid_len: Length of @ssid
    209  * Returns: Pointer to the BSS entry or %NULL if not found
    210  */
    211 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
    212 			     const u8 *ssid, size_t ssid_len)
    213 {
    214 	struct wpa_bss *bss;
    215 	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
    216 		return NULL;
    217 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    218 		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
    219 		    bss->ssid_len == ssid_len &&
    220 		    os_memcmp(bss->ssid, ssid, ssid_len) == 0)
    221 			return bss;
    222 	}
    223 	return NULL;
    224 }
    225 
    226 
    227 static void calculate_update_time(const struct os_time *fetch_time,
    228 				  unsigned int age_ms,
    229 				  struct os_time *update_time)
    230 {
    231 	os_time_t usec;
    232 
    233 	update_time->sec = fetch_time->sec;
    234 	update_time->usec = fetch_time->usec;
    235 	update_time->sec -= age_ms / 1000;
    236 	usec = (age_ms % 1000) * 1000;
    237 	if (update_time->usec < usec) {
    238 		update_time->sec--;
    239 		update_time->usec += 1000000;
    240 	}
    241 	update_time->usec -= usec;
    242 }
    243 
    244 
    245 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
    246 			     struct os_time *fetch_time)
    247 {
    248 	dst->flags = src->flags;
    249 	os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
    250 	dst->freq = src->freq;
    251 	dst->beacon_int = src->beacon_int;
    252 	dst->caps = src->caps;
    253 	dst->qual = src->qual;
    254 	dst->noise = src->noise;
    255 	dst->level = src->level;
    256 	dst->tsf = src->tsf;
    257 
    258 	calculate_update_time(fetch_time, src->age, &dst->last_update);
    259 }
    260 
    261 
    262 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
    263 {
    264 	struct wpa_ssid *ssid;
    265 
    266 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
    267 		if (ssid->ssid == NULL || ssid->ssid_len == 0)
    268 			continue;
    269 		if (ssid->ssid_len == bss->ssid_len &&
    270 		    os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
    271 			return 1;
    272 	}
    273 
    274 	return 0;
    275 }
    276 
    277 
    278 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
    279 {
    280 	return bss == wpa_s->current_bss ||
    281 		os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
    282 		os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0;
    283 }
    284 
    285 
    286 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
    287 {
    288 	struct wpa_bss *bss;
    289 
    290 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    291 		if (!wpa_bss_known(wpa_s, bss)) {
    292 			wpa_bss_remove(wpa_s, bss, __func__);
    293 			return 0;
    294 		}
    295 	}
    296 
    297 	return -1;
    298 }
    299 
    300 
    301 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
    302 {
    303 	struct wpa_bss *bss;
    304 
    305 	/*
    306 	 * Remove the oldest entry that does not match with any configured
    307 	 * network.
    308 	 */
    309 	if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
    310 		return 0;
    311 
    312 	/*
    313 	 * Remove the oldest entry that isn't currently in use.
    314 	 */
    315 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    316 		if (!wpa_bss_in_use(wpa_s, bss)) {
    317 			wpa_bss_remove(wpa_s, bss, __func__);
    318 			return 0;
    319 		}
    320 	}
    321 
    322 	return -1;
    323 }
    324 
    325 
    326 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
    327 				    const u8 *ssid, size_t ssid_len,
    328 				    struct wpa_scan_res *res,
    329 				    struct os_time *fetch_time)
    330 {
    331 	struct wpa_bss *bss;
    332 
    333 	bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
    334 	if (bss == NULL)
    335 		return NULL;
    336 	bss->id = wpa_s->bss_next_id++;
    337 	bss->last_update_idx = wpa_s->bss_update_idx;
    338 	wpa_bss_copy_res(bss, res, fetch_time);
    339 	os_memcpy(bss->ssid, ssid, ssid_len);
    340 	bss->ssid_len = ssid_len;
    341 	bss->ie_len = res->ie_len;
    342 	bss->beacon_ie_len = res->beacon_ie_len;
    343 	os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
    344 	wpa_bss_set_hessid(bss);
    345 
    346 	if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
    347 	    wpa_bss_remove_oldest(wpa_s) != 0) {
    348 		wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
    349 			   "because all BSSes are in use. We should normally "
    350 			   "not get here!", (int) wpa_s->num_bss + 1);
    351 		wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
    352 	}
    353 
    354 	dl_list_add_tail(&wpa_s->bss, &bss->list);
    355 	dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
    356 	wpa_s->num_bss++;
    357 	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
    358 		" SSID '%s'",
    359 		bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len));
    360 	wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
    361 	return bss;
    362 }
    363 
    364 
    365 static int are_ies_equal(const struct wpa_bss *old,
    366 			 const struct wpa_scan_res *new, u32 ie)
    367 {
    368 	const u8 *old_ie, *new_ie;
    369 	struct wpabuf *old_ie_buff = NULL;
    370 	struct wpabuf *new_ie_buff = NULL;
    371 	int new_ie_len, old_ie_len, ret, is_multi;
    372 
    373 	switch (ie) {
    374 	case WPA_IE_VENDOR_TYPE:
    375 		old_ie = wpa_bss_get_vendor_ie(old, ie);
    376 		new_ie = wpa_scan_get_vendor_ie(new, ie);
    377 		is_multi = 0;
    378 		break;
    379 	case WPS_IE_VENDOR_TYPE:
    380 		old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
    381 		new_ie_buff = wpa_scan_get_vendor_ie_multi(new, ie);
    382 		is_multi = 1;
    383 		break;
    384 	case WLAN_EID_RSN:
    385 	case WLAN_EID_SUPP_RATES:
    386 	case WLAN_EID_EXT_SUPP_RATES:
    387 		old_ie = wpa_bss_get_ie(old, ie);
    388 		new_ie = wpa_scan_get_ie(new, ie);
    389 		is_multi = 0;
    390 		break;
    391 	default:
    392 		wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
    393 		return 0;
    394 	}
    395 
    396 	if (is_multi) {
    397 		/* in case of multiple IEs stored in buffer */
    398 		old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
    399 		new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
    400 		old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
    401 		new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
    402 	} else {
    403 		/* in case of single IE */
    404 		old_ie_len = old_ie ? old_ie[1] + 2 : 0;
    405 		new_ie_len = new_ie ? new_ie[1] + 2 : 0;
    406 	}
    407 
    408 	if (!old_ie || !new_ie)
    409 		ret = !old_ie && !new_ie;
    410 	else
    411 		ret = (old_ie_len == new_ie_len &&
    412 		       os_memcmp(old_ie, new_ie, old_ie_len) == 0);
    413 
    414 	wpabuf_free(old_ie_buff);
    415 	wpabuf_free(new_ie_buff);
    416 
    417 	return ret;
    418 }
    419 
    420 
    421 static u32 wpa_bss_compare_res(const struct wpa_bss *old,
    422 			       const struct wpa_scan_res *new)
    423 {
    424 	u32 changes = 0;
    425 	int caps_diff = old->caps ^ new->caps;
    426 
    427 	if (old->freq != new->freq)
    428 		changes |= WPA_BSS_FREQ_CHANGED_FLAG;
    429 
    430 	if (old->level != new->level)
    431 		changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
    432 
    433 	if (caps_diff & IEEE80211_CAP_PRIVACY)
    434 		changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
    435 
    436 	if (caps_diff & IEEE80211_CAP_IBSS)
    437 		changes |= WPA_BSS_MODE_CHANGED_FLAG;
    438 
    439 	if (old->ie_len == new->ie_len &&
    440 	    os_memcmp(old + 1, new + 1, old->ie_len) == 0)
    441 		return changes;
    442 	changes |= WPA_BSS_IES_CHANGED_FLAG;
    443 
    444 	if (!are_ies_equal(old, new, WPA_IE_VENDOR_TYPE))
    445 		changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
    446 
    447 	if (!are_ies_equal(old, new, WLAN_EID_RSN))
    448 		changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
    449 
    450 	if (!are_ies_equal(old, new, WPS_IE_VENDOR_TYPE))
    451 		changes |= WPA_BSS_WPS_CHANGED_FLAG;
    452 
    453 	if (!are_ies_equal(old, new, WLAN_EID_SUPP_RATES) ||
    454 	    !are_ies_equal(old, new, WLAN_EID_EXT_SUPP_RATES))
    455 		changes |= WPA_BSS_RATES_CHANGED_FLAG;
    456 
    457 	return changes;
    458 }
    459 
    460 
    461 static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
    462 			       const struct wpa_bss *bss)
    463 {
    464 	if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
    465 		wpas_notify_bss_freq_changed(wpa_s, bss->id);
    466 
    467 	if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
    468 		wpas_notify_bss_signal_changed(wpa_s, bss->id);
    469 
    470 	if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
    471 		wpas_notify_bss_privacy_changed(wpa_s, bss->id);
    472 
    473 	if (changes & WPA_BSS_MODE_CHANGED_FLAG)
    474 		wpas_notify_bss_mode_changed(wpa_s, bss->id);
    475 
    476 	if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
    477 		wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
    478 
    479 	if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
    480 		wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
    481 
    482 	if (changes & WPA_BSS_WPS_CHANGED_FLAG)
    483 		wpas_notify_bss_wps_changed(wpa_s, bss->id);
    484 
    485 	if (changes & WPA_BSS_IES_CHANGED_FLAG)
    486 		wpas_notify_bss_ies_changed(wpa_s, bss->id);
    487 
    488 	if (changes & WPA_BSS_RATES_CHANGED_FLAG)
    489 		wpas_notify_bss_rates_changed(wpa_s, bss->id);
    490 }
    491 
    492 
    493 static struct wpa_bss *
    494 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
    495 	       struct wpa_scan_res *res, struct os_time *fetch_time)
    496 {
    497 	u32 changes;
    498 
    499 	changes = wpa_bss_compare_res(bss, res);
    500 	bss->scan_miss_count = 0;
    501 	bss->last_update_idx = wpa_s->bss_update_idx;
    502 	wpa_bss_copy_res(bss, res, fetch_time);
    503 	/* Move the entry to the end of the list */
    504 	dl_list_del(&bss->list);
    505 	if (bss->ie_len + bss->beacon_ie_len >=
    506 	    res->ie_len + res->beacon_ie_len) {
    507 		os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
    508 		bss->ie_len = res->ie_len;
    509 		bss->beacon_ie_len = res->beacon_ie_len;
    510 	} else {
    511 		struct wpa_bss *nbss;
    512 		struct dl_list *prev = bss->list_id.prev;
    513 		dl_list_del(&bss->list_id);
    514 		nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
    515 				  res->beacon_ie_len);
    516 		if (nbss) {
    517 			unsigned int i;
    518 			for (i = 0; i < wpa_s->last_scan_res_used; i++) {
    519 				if (wpa_s->last_scan_res[i] == bss) {
    520 					wpa_s->last_scan_res[i] = nbss;
    521 					break;
    522 				}
    523 			}
    524 			if (wpa_s->current_bss == bss)
    525 				wpa_s->current_bss = nbss;
    526 			bss = nbss;
    527 			os_memcpy(bss + 1, res + 1,
    528 				  res->ie_len + res->beacon_ie_len);
    529 			bss->ie_len = res->ie_len;
    530 			bss->beacon_ie_len = res->beacon_ie_len;
    531 		}
    532 		dl_list_add(prev, &bss->list_id);
    533 	}
    534 	if (changes & WPA_BSS_IES_CHANGED_FLAG)
    535 		wpa_bss_set_hessid(bss);
    536 	dl_list_add_tail(&wpa_s->bss, &bss->list);
    537 
    538 	notify_bss_changes(wpa_s, changes, bss);
    539 
    540 	return bss;
    541 }
    542 
    543 
    544 /**
    545  * wpa_bss_update_start - Start a BSS table update from scan results
    546  * @wpa_s: Pointer to wpa_supplicant data
    547  *
    548  * This function is called at the start of each BSS table update round for new
    549  * scan results. The actual scan result entries are indicated with calls to
    550  * wpa_bss_update_scan_res() and the update round is finished with a call to
    551  * wpa_bss_update_end().
    552  */
    553 void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
    554 {
    555 	wpa_s->bss_update_idx++;
    556 	wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
    557 		wpa_s->bss_update_idx);
    558 	wpa_s->last_scan_res_used = 0;
    559 }
    560 
    561 
    562 /**
    563  * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
    564  * @wpa_s: Pointer to wpa_supplicant data
    565  * @res: Scan result
    566  * @fetch_time: Time when the result was fetched from the driver
    567  *
    568  * This function updates a BSS table entry (or adds one) based on a scan result.
    569  * This is called separately for each scan result between the calls to
    570  * wpa_bss_update_start() and wpa_bss_update_end().
    571  */
    572 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
    573 			     struct wpa_scan_res *res,
    574 			     struct os_time *fetch_time)
    575 {
    576 	const u8 *ssid, *p2p;
    577 	struct wpa_bss *bss;
    578 
    579 	if (wpa_s->conf->ignore_old_scan_res) {
    580 		struct os_time update;
    581 		calculate_update_time(fetch_time, res->age, &update);
    582 		if (os_time_before(&update, &wpa_s->scan_trigger_time)) {
    583 			struct os_time age;
    584 			os_time_sub(&wpa_s->scan_trigger_time, &update, &age);
    585 			wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
    586 				"table entry that is %u.%06u seconds older "
    587 				"than our scan trigger",
    588 				(unsigned int) age.sec,
    589 				(unsigned int) age.usec);
    590 			return;
    591 		}
    592 	}
    593 
    594 	ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
    595 	if (ssid == NULL) {
    596 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
    597 			MACSTR, MAC2STR(res->bssid));
    598 		return;
    599 	}
    600 	if (ssid[1] > 32) {
    601 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
    602 			MACSTR, MAC2STR(res->bssid));
    603 		return;
    604 	}
    605 
    606 	p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
    607 #ifdef CONFIG_P2P
    608 	if (p2p == NULL &&
    609 	    wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
    610 		/*
    611 		 * If it's a P2P specific interface, then don't update
    612 		 * the scan result without a P2P IE.
    613 		 */
    614 		wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
    615 			   " update for P2P interface", MAC2STR(res->bssid));
    616 		return;
    617 	}
    618 #endif /* CONFIG_P2P */
    619 	if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
    620 	    os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
    621 		return; /* Skip P2P listen discovery results here */
    622 
    623 	/* TODO: add option for ignoring BSSes we are not interested in
    624 	 * (to save memory) */
    625 	bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
    626 	if (bss == NULL)
    627 		bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
    628 	else
    629 		bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
    630 
    631 	if (bss == NULL)
    632 		return;
    633 	if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
    634 		struct wpa_bss **n;
    635 		unsigned int siz;
    636 		if (wpa_s->last_scan_res_size == 0)
    637 			siz = 32;
    638 		else
    639 			siz = wpa_s->last_scan_res_size * 2;
    640 		n = os_realloc_array(wpa_s->last_scan_res, siz,
    641 				     sizeof(struct wpa_bss *));
    642 		if (n == NULL)
    643 			return;
    644 		wpa_s->last_scan_res = n;
    645 		wpa_s->last_scan_res_size = siz;
    646 	}
    647 
    648 	wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
    649 }
    650 
    651 
    652 static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
    653 				    const struct scan_info *info)
    654 {
    655 	int found;
    656 	size_t i;
    657 
    658 	if (info == NULL)
    659 		return 1;
    660 
    661 	if (info->num_freqs) {
    662 		found = 0;
    663 		for (i = 0; i < info->num_freqs; i++) {
    664 			if (bss->freq == info->freqs[i]) {
    665 				found = 1;
    666 				break;
    667 			}
    668 		}
    669 		if (!found)
    670 			return 0;
    671 	}
    672 
    673 	if (info->num_ssids) {
    674 		found = 0;
    675 		for (i = 0; i < info->num_ssids; i++) {
    676 			const struct wpa_driver_scan_ssid *s = &info->ssids[i];
    677 			if ((s->ssid == NULL || s->ssid_len == 0) ||
    678 			    (s->ssid_len == bss->ssid_len &&
    679 			     os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
    680 			     0)) {
    681 				found = 1;
    682 				break;
    683 			}
    684 		}
    685 		if (!found)
    686 			return 0;
    687 	}
    688 
    689 	return 1;
    690 }
    691 
    692 
    693 /**
    694  * wpa_bss_update_end - End a BSS table update from scan results
    695  * @wpa_s: Pointer to wpa_supplicant data
    696  * @info: Information about scan parameters
    697  * @new_scan: Whether this update round was based on a new scan
    698  *
    699  * This function is called at the end of each BSS table update round for new
    700  * scan results. The start of the update was indicated with a call to
    701  * wpa_bss_update_start().
    702  */
    703 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
    704 			int new_scan)
    705 {
    706 	struct wpa_bss *bss, *n;
    707 
    708 	wpa_s->last_scan_full = 0;
    709 	os_get_time(&wpa_s->last_scan);
    710 	if (!new_scan)
    711 		return; /* do not expire entries without new scan */
    712 
    713 	if (info && !info->aborted && !info->freqs) {
    714 		size_t i;
    715 		if (info->num_ssids == 0) {
    716 			wpa_s->last_scan_full = 1;
    717 		} else {
    718 			for (i = 0; i < info->num_ssids; i++) {
    719 				if (info->ssids[i].ssid == NULL ||
    720 				    info->ssids[i].ssid_len == 0) {
    721 					wpa_s->last_scan_full = 1;
    722 					break;
    723 				}
    724 			}
    725 		}
    726 	}
    727 
    728 	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
    729 		if (wpa_bss_in_use(wpa_s, bss))
    730 			continue;
    731 		if (!wpa_bss_included_in_scan(bss, info))
    732 			continue; /* expire only BSSes that were scanned */
    733 		if (bss->last_update_idx < wpa_s->bss_update_idx)
    734 			bss->scan_miss_count++;
    735 		if (bss->scan_miss_count >=
    736 		    wpa_s->conf->bss_expiration_scan_count) {
    737 			wpa_bss_remove(wpa_s, bss, "no match in scan");
    738 		}
    739 	}
    740 
    741 	wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%u/%u "
    742 		   "last_scan_full=%d",
    743 		   wpa_s->last_scan_res_used, wpa_s->last_scan_res_size,
    744 		   wpa_s->last_scan_full);
    745 }
    746 
    747 
    748 /**
    749  * wpa_bss_flush_by_age - Flush old BSS entries
    750  * @wpa_s: Pointer to wpa_supplicant data
    751  * @age: Maximum entry age in seconds
    752  *
    753  * Remove BSS entries that have not been updated during the last @age seconds.
    754  */
    755 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
    756 {
    757 	struct wpa_bss *bss, *n;
    758 	struct os_time t;
    759 
    760 	if (dl_list_empty(&wpa_s->bss))
    761 		return;
    762 
    763 	os_get_time(&t);
    764 	t.sec -= age;
    765 
    766 	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
    767 		if (wpa_bss_in_use(wpa_s, bss))
    768 			continue;
    769 
    770 		if (os_time_before(&bss->last_update, &t)) {
    771 			wpa_bss_remove(wpa_s, bss, __func__);
    772 		} else
    773 			break;
    774 	}
    775 }
    776 
    777 
    778 static void wpa_bss_timeout(void *eloop_ctx, void *timeout_ctx)
    779 {
    780 	struct wpa_supplicant *wpa_s = eloop_ctx;
    781 
    782 	wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
    783 	eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0,
    784 			       wpa_bss_timeout, wpa_s, NULL);
    785 }
    786 
    787 
    788 /**
    789  * wpa_bss_init - Initialize BSS table
    790  * @wpa_s: Pointer to wpa_supplicant data
    791  * Returns: 0 on success, -1 on failure
    792  *
    793  * This prepares BSS table lists and timer for periodic updates. The BSS table
    794  * is deinitialized with wpa_bss_deinit() once not needed anymore.
    795  */
    796 int wpa_bss_init(struct wpa_supplicant *wpa_s)
    797 {
    798 	dl_list_init(&wpa_s->bss);
    799 	dl_list_init(&wpa_s->bss_id);
    800 	eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0,
    801 			       wpa_bss_timeout, wpa_s, NULL);
    802 	return 0;
    803 }
    804 
    805 
    806 /**
    807  * wpa_bss_flush - Flush all unused BSS entries
    808  * @wpa_s: Pointer to wpa_supplicant data
    809  */
    810 void wpa_bss_flush(struct wpa_supplicant *wpa_s)
    811 {
    812 	struct wpa_bss *bss, *n;
    813 
    814 	if (wpa_s->bss.next == NULL)
    815 		return; /* BSS table not yet initialized */
    816 
    817 	dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
    818 		if (wpa_bss_in_use(wpa_s, bss))
    819 			continue;
    820 		wpa_bss_remove(wpa_s, bss, __func__);
    821 	}
    822 }
    823 
    824 
    825 /**
    826  * wpa_bss_deinit - Deinitialize BSS table
    827  * @wpa_s: Pointer to wpa_supplicant data
    828  */
    829 void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
    830 {
    831 	eloop_cancel_timeout(wpa_bss_timeout, wpa_s, NULL);
    832 	wpa_bss_flush(wpa_s);
    833 }
    834 
    835 
    836 /**
    837  * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
    838  * @wpa_s: Pointer to wpa_supplicant data
    839  * @bssid: BSSID
    840  * Returns: Pointer to the BSS entry or %NULL if not found
    841  */
    842 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
    843 				   const u8 *bssid)
    844 {
    845 	struct wpa_bss *bss;
    846 	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
    847 		return NULL;
    848 	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
    849 		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
    850 			return bss;
    851 	}
    852 	return NULL;
    853 }
    854 
    855 
    856 /**
    857  * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
    858  * @wpa_s: Pointer to wpa_supplicant data
    859  * @bssid: BSSID
    860  * Returns: Pointer to the BSS entry or %NULL if not found
    861  *
    862  * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
    863  * find the entry that has the most recent update. This can help in finding the
    864  * correct entry in cases where the SSID of the AP may have changed recently
    865  * (e.g., in WPS reconfiguration cases).
    866  */
    867 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
    868 					  const u8 *bssid)
    869 {
    870 	struct wpa_bss *bss, *found = NULL;
    871 	if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
    872 		return NULL;
    873 	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
    874 		if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
    875 			continue;
    876 		if (found == NULL ||
    877 		    os_time_before(&found->last_update, &bss->last_update))
    878 			found = bss;
    879 	}
    880 	return found;
    881 }
    882 
    883 
    884 #ifdef CONFIG_P2P
    885 /**
    886  * wpa_bss_get_p2p_dev_addr - Fetch a BSS table entry based on P2P Device Addr
    887  * @wpa_s: Pointer to wpa_supplicant data
    888  * @dev_addr: P2P Device Address of the GO
    889  * Returns: Pointer to the BSS entry or %NULL if not found
    890  */
    891 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
    892 					  const u8 *dev_addr)
    893 {
    894 	struct wpa_bss *bss;
    895 	dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
    896 		u8 addr[ETH_ALEN];
    897 		if (p2p_parse_dev_addr((const u8 *) (bss + 1), bss->ie_len,
    898 				       addr) == 0 &&
    899 		    os_memcmp(addr, dev_addr, ETH_ALEN) == 0)
    900 			return bss;
    901 	}
    902 	return NULL;
    903 }
    904 #endif /* CONFIG_P2P */
    905 
    906 
    907 /**
    908  * wpa_bss_get_id - Fetch a BSS table entry based on identifier
    909  * @wpa_s: Pointer to wpa_supplicant data
    910  * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
    911  * Returns: Pointer to the BSS entry or %NULL if not found
    912  */
    913 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
    914 {
    915 	struct wpa_bss *bss;
    916 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    917 		if (bss->id == id)
    918 			return bss;
    919 	}
    920 	return NULL;
    921 }
    922 
    923 
    924 /**
    925  * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
    926  * @wpa_s: Pointer to wpa_supplicant data
    927  * @idf: Smallest allowed identifier assigned for the entry
    928  * @idf: Largest allowed identifier assigned for the entry
    929  * Returns: Pointer to the BSS entry or %NULL if not found
    930  *
    931  * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
    932  * smallest id value to be fetched within the specified range without the
    933  * caller having to know the exact id.
    934  */
    935 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
    936 				      unsigned int idf, unsigned int idl)
    937 {
    938 	struct wpa_bss *bss;
    939 	dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
    940 		if (bss->id >= idf && bss->id <= idl)
    941 			return bss;
    942 	}
    943 	return NULL;
    944 }
    945 
    946 
    947 /**
    948  * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
    949  * @bss: BSS table entry
    950  * @ie: Information element identitifier (WLAN_EID_*)
    951  * Returns: Pointer to the information element (id field) or %NULL if not found
    952  *
    953  * This function returns the first matching information element in the BSS
    954  * entry.
    955  */
    956 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
    957 {
    958 	const u8 *end, *pos;
    959 
    960 	pos = (const u8 *) (bss + 1);
    961 	end = pos + bss->ie_len;
    962 
    963 	while (pos + 1 < end) {
    964 		if (pos + 2 + pos[1] > end)
    965 			break;
    966 		if (pos[0] == ie)
    967 			return pos;
    968 		pos += 2 + pos[1];
    969 	}
    970 
    971 	return NULL;
    972 }
    973 
    974 
    975 /**
    976  * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
    977  * @bss: BSS table entry
    978  * @vendor_type: Vendor type (four octets starting the IE payload)
    979  * Returns: Pointer to the information element (id field) or %NULL if not found
    980  *
    981  * This function returns the first matching information element in the BSS
    982  * entry.
    983  */
    984 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
    985 {
    986 	const u8 *end, *pos;
    987 
    988 	pos = (const u8 *) (bss + 1);
    989 	end = pos + bss->ie_len;
    990 
    991 	while (pos + 1 < end) {
    992 		if (pos + 2 + pos[1] > end)
    993 			break;
    994 		if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
    995 		    vendor_type == WPA_GET_BE32(&pos[2]))
    996 			return pos;
    997 		pos += 2 + pos[1];
    998 	}
    999 
   1000 	return NULL;
   1001 }
   1002 
   1003 
   1004 /**
   1005  * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
   1006  * @bss: BSS table entry
   1007  * @vendor_type: Vendor type (four octets starting the IE payload)
   1008  * Returns: Pointer to the information element payload or %NULL if not found
   1009  *
   1010  * This function returns concatenated payload of possibly fragmented vendor
   1011  * specific information elements in the BSS entry. The caller is responsible for
   1012  * freeing the returned buffer.
   1013  */
   1014 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
   1015 					    u32 vendor_type)
   1016 {
   1017 	struct wpabuf *buf;
   1018 	const u8 *end, *pos;
   1019 
   1020 	buf = wpabuf_alloc(bss->ie_len);
   1021 	if (buf == NULL)
   1022 		return NULL;
   1023 
   1024 	pos = (const u8 *) (bss + 1);
   1025 	end = pos + bss->ie_len;
   1026 
   1027 	while (pos + 1 < end) {
   1028 		if (pos + 2 + pos[1] > end)
   1029 			break;
   1030 		if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
   1031 		    vendor_type == WPA_GET_BE32(&pos[2]))
   1032 			wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
   1033 		pos += 2 + pos[1];
   1034 	}
   1035 
   1036 	if (wpabuf_len(buf) == 0) {
   1037 		wpabuf_free(buf);
   1038 		buf = NULL;
   1039 	}
   1040 
   1041 	return buf;
   1042 }
   1043 
   1044 
   1045 /**
   1046  * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
   1047  * @bss: BSS table entry
   1048  * @vendor_type: Vendor type (four octets starting the IE payload)
   1049  * Returns: Pointer to the information element payload or %NULL if not found
   1050  *
   1051  * This function returns concatenated payload of possibly fragmented vendor
   1052  * specific information elements in the BSS entry. The caller is responsible for
   1053  * freeing the returned buffer.
   1054  *
   1055  * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
   1056  * from Beacon frames instead of either Beacon or Probe Response frames.
   1057  */
   1058 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
   1059 						   u32 vendor_type)
   1060 {
   1061 	struct wpabuf *buf;
   1062 	const u8 *end, *pos;
   1063 
   1064 	buf = wpabuf_alloc(bss->beacon_ie_len);
   1065 	if (buf == NULL)
   1066 		return NULL;
   1067 
   1068 	pos = (const u8 *) (bss + 1);
   1069 	pos += bss->ie_len;
   1070 	end = pos + bss->beacon_ie_len;
   1071 
   1072 	while (pos + 1 < end) {
   1073 		if (pos + 2 + pos[1] > end)
   1074 			break;
   1075 		if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
   1076 		    vendor_type == WPA_GET_BE32(&pos[2]))
   1077 			wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
   1078 		pos += 2 + pos[1];
   1079 	}
   1080 
   1081 	if (wpabuf_len(buf) == 0) {
   1082 		wpabuf_free(buf);
   1083 		buf = NULL;
   1084 	}
   1085 
   1086 	return buf;
   1087 }
   1088 
   1089 
   1090 /**
   1091  * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
   1092  * @bss: BSS table entry
   1093  * Returns: Maximum legacy rate in units of 500 kbps
   1094  */
   1095 int wpa_bss_get_max_rate(const struct wpa_bss *bss)
   1096 {
   1097 	int rate = 0;
   1098 	const u8 *ie;
   1099 	int i;
   1100 
   1101 	ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
   1102 	for (i = 0; ie && i < ie[1]; i++) {
   1103 		if ((ie[i + 2] & 0x7f) > rate)
   1104 			rate = ie[i + 2] & 0x7f;
   1105 	}
   1106 
   1107 	ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
   1108 	for (i = 0; ie && i < ie[1]; i++) {
   1109 		if ((ie[i + 2] & 0x7f) > rate)
   1110 			rate = ie[i + 2] & 0x7f;
   1111 	}
   1112 
   1113 	return rate;
   1114 }
   1115 
   1116 
   1117 /**
   1118  * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
   1119  * @bss: BSS table entry
   1120  * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
   1121  * Returns: number of legacy TX rates or -1 on failure
   1122  *
   1123  * The caller is responsible for freeing the returned buffer with os_free() in
   1124  * case of success.
   1125  */
   1126 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
   1127 {
   1128 	const u8 *ie, *ie2;
   1129 	int i, j;
   1130 	unsigned int len;
   1131 	u8 *r;
   1132 
   1133 	ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
   1134 	ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
   1135 
   1136 	len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
   1137 
   1138 	r = os_malloc(len);
   1139 	if (!r)
   1140 		return -1;
   1141 
   1142 	for (i = 0; ie && i < ie[1]; i++)
   1143 		r[i] = ie[i + 2] & 0x7f;
   1144 
   1145 	for (j = 0; ie2 && j < ie2[1]; j++)
   1146 		r[i + j] = ie2[j + 2] & 0x7f;
   1147 
   1148 	*rates = r;
   1149 	return len;
   1150 }
   1151