1 /* 2 * Driver interaction with Linux nl80211/cfg80211 - Scanning 3 * Copyright(c) 2015 Intel Deutschland GmbH 4 * Copyright (c) 2002-2014, Jouni Malinen <j (at) w1.fi> 5 * Copyright (c) 2007, Johannes Berg <johannes (at) sipsolutions.net> 6 * Copyright (c) 2009-2010, Atheros Communications 7 * 8 * This software may be distributed under the terms of the BSD license. 9 * See README for more details. 10 */ 11 12 #include "includes.h" 13 #include <netlink/genl/genl.h> 14 15 #include "utils/common.h" 16 #include "utils/eloop.h" 17 #include "common/ieee802_11_defs.h" 18 #include "common/ieee802_11_common.h" 19 #include "common/qca-vendor.h" 20 #include "driver_nl80211.h" 21 22 23 #define MAX_NL80211_NOISE_FREQS 50 24 25 struct nl80211_noise_info { 26 u32 freq[MAX_NL80211_NOISE_FREQS]; 27 s8 noise[MAX_NL80211_NOISE_FREQS]; 28 unsigned int count; 29 }; 30 31 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg) 32 { 33 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 34 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 35 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1]; 36 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = { 37 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 }, 38 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 }, 39 }; 40 struct nl80211_noise_info *info = arg; 41 42 if (info->count >= MAX_NL80211_NOISE_FREQS) 43 return NL_STOP; 44 45 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 46 genlmsg_attrlen(gnlh, 0), NULL); 47 48 if (!tb[NL80211_ATTR_SURVEY_INFO]) { 49 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing"); 50 return NL_SKIP; 51 } 52 53 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX, 54 tb[NL80211_ATTR_SURVEY_INFO], 55 survey_policy)) { 56 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested " 57 "attributes"); 58 return NL_SKIP; 59 } 60 61 if (!sinfo[NL80211_SURVEY_INFO_NOISE]) 62 return NL_SKIP; 63 64 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) 65 return NL_SKIP; 66 67 info->freq[info->count] = 68 nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]); 69 info->noise[info->count] = 70 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]); 71 info->count++; 72 73 return NL_SKIP; 74 } 75 76 77 static int nl80211_get_noise_for_scan_results( 78 struct wpa_driver_nl80211_data *drv, struct nl80211_noise_info *info) 79 { 80 struct nl_msg *msg; 81 82 os_memset(info, 0, sizeof(*info)); 83 msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY); 84 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, info); 85 } 86 87 88 static int nl80211_abort_scan(struct i802_bss *bss) 89 { 90 int ret; 91 struct nl_msg *msg; 92 struct wpa_driver_nl80211_data *drv = bss->drv; 93 94 wpa_printf(MSG_DEBUG, "nl80211: Abort scan"); 95 msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ABORT_SCAN); 96 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 97 if (ret) { 98 wpa_printf(MSG_DEBUG, "nl80211: Abort scan failed: ret=%d (%s)", 99 ret, strerror(-ret)); 100 } 101 return ret; 102 } 103 104 105 #ifdef CONFIG_DRIVER_NL80211_QCA 106 static int nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data *drv, 107 u64 scan_cookie) 108 { 109 struct nl_msg *msg; 110 struct nlattr *params; 111 int ret; 112 113 wpa_printf(MSG_DEBUG, "nl80211: Abort vendor scan with cookie 0x%llx", 114 (long long unsigned int) scan_cookie); 115 116 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR); 117 if (!msg || 118 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 119 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 120 QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN) || 121 !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) || 122 nla_put_u64(msg, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, scan_cookie)) 123 goto fail; 124 125 nla_nest_end(msg, params); 126 127 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 128 msg = NULL; 129 if (ret) { 130 wpa_printf(MSG_INFO, 131 "nl80211: Aborting vendor scan with cookie 0x%llx failed: ret=%d (%s)", 132 (long long unsigned int) scan_cookie, ret, 133 strerror(-ret)); 134 goto fail; 135 } 136 return 0; 137 fail: 138 nlmsg_free(msg); 139 return -1; 140 } 141 #endif /* CONFIG_DRIVER_NL80211_QCA */ 142 143 144 /** 145 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion 146 * @eloop_ctx: Driver private data 147 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init() 148 * 149 * This function can be used as registered timeout when starting a scan to 150 * generate a scan completed event if the driver does not report this. 151 */ 152 void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx) 153 { 154 struct wpa_driver_nl80211_data *drv = eloop_ctx; 155 156 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout - try to abort it"); 157 #ifdef CONFIG_DRIVER_NL80211_QCA 158 if (drv->vendor_scan_cookie && 159 nl80211_abort_vendor_scan(drv, drv->vendor_scan_cookie) == 0) 160 return; 161 #endif /* CONFIG_DRIVER_NL80211_QCA */ 162 if (!drv->vendor_scan_cookie && 163 nl80211_abort_scan(drv->first_bss) == 0) 164 return; 165 166 wpa_printf(MSG_DEBUG, "nl80211: Failed to abort scan"); 167 168 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) { 169 wpa_driver_nl80211_set_mode(drv->first_bss, 170 drv->ap_scan_as_station); 171 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED; 172 } 173 174 wpa_printf(MSG_DEBUG, "nl80211: Try to get scan results"); 175 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL); 176 } 177 178 179 static struct nl_msg * 180 nl80211_scan_common(struct i802_bss *bss, u8 cmd, 181 struct wpa_driver_scan_params *params) 182 { 183 struct wpa_driver_nl80211_data *drv = bss->drv; 184 struct nl_msg *msg; 185 size_t i; 186 u32 scan_flags = 0; 187 188 msg = nl80211_cmd_msg(bss, 0, cmd); 189 if (!msg) 190 return NULL; 191 192 if (params->num_ssids) { 193 struct nlattr *ssids; 194 195 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 196 if (ssids == NULL) 197 goto fail; 198 for (i = 0; i < params->num_ssids; i++) { 199 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 200 params->ssids[i].ssid, 201 params->ssids[i].ssid_len); 202 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 203 params->ssids[i].ssid)) 204 goto fail; 205 } 206 nla_nest_end(msg, ssids); 207 } else { 208 wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested"); 209 } 210 211 if (params->extra_ies) { 212 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 213 params->extra_ies, params->extra_ies_len); 214 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len, 215 params->extra_ies)) 216 goto fail; 217 } 218 219 if (params->freqs) { 220 struct nlattr *freqs; 221 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 222 if (freqs == NULL) 223 goto fail; 224 for (i = 0; params->freqs[i]; i++) { 225 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u " 226 "MHz", params->freqs[i]); 227 if (nla_put_u32(msg, i + 1, params->freqs[i])) 228 goto fail; 229 } 230 nla_nest_end(msg, freqs); 231 } 232 233 os_free(drv->filter_ssids); 234 drv->filter_ssids = params->filter_ssids; 235 params->filter_ssids = NULL; 236 drv->num_filter_ssids = params->num_filter_ssids; 237 238 if (params->only_new_results) { 239 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH"); 240 scan_flags |= NL80211_SCAN_FLAG_FLUSH; 241 } 242 243 if (params->low_priority && drv->have_low_prio_scan) { 244 wpa_printf(MSG_DEBUG, 245 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 246 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 247 } 248 249 if (params->mac_addr_rand) { 250 wpa_printf(MSG_DEBUG, 251 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR"); 252 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR; 253 254 if (params->mac_addr) { 255 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR, 256 MAC2STR(params->mac_addr)); 257 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, 258 params->mac_addr)) 259 goto fail; 260 } 261 262 if (params->mac_addr_mask) { 263 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: " 264 MACSTR, MAC2STR(params->mac_addr_mask)); 265 if (nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN, 266 params->mac_addr_mask)) 267 goto fail; 268 } 269 } 270 271 if (params->duration) { 272 if (!(drv->capa.rrm_flags & 273 WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) || 274 nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION, 275 params->duration)) 276 goto fail; 277 278 if (params->duration_mandatory && 279 nla_put_flag(msg, 280 NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY)) 281 goto fail; 282 } 283 284 if (scan_flags && 285 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags)) 286 goto fail; 287 288 return msg; 289 290 fail: 291 nlmsg_free(msg); 292 return NULL; 293 } 294 295 296 /** 297 * wpa_driver_nl80211_scan - Request the driver to initiate scan 298 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 299 * @params: Scan parameters 300 * Returns: 0 on success, -1 on failure 301 */ 302 int wpa_driver_nl80211_scan(struct i802_bss *bss, 303 struct wpa_driver_scan_params *params) 304 { 305 struct wpa_driver_nl80211_data *drv = bss->drv; 306 int ret = -1, timeout; 307 struct nl_msg *msg = NULL; 308 309 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request"); 310 drv->scan_for_auth = 0; 311 312 if (TEST_FAIL()) 313 return -1; 314 315 msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params); 316 if (!msg) 317 return -1; 318 319 if (params->p2p_probe) { 320 struct nlattr *rates; 321 322 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 323 324 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES); 325 if (rates == NULL) 326 goto fail; 327 328 /* 329 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 330 * by masking out everything else apart from the OFDM rates 6, 331 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 332 * rates are left enabled. 333 */ 334 if (nla_put(msg, NL80211_BAND_2GHZ, 8, 335 "\x0c\x12\x18\x24\x30\x48\x60\x6c")) 336 goto fail; 337 nla_nest_end(msg, rates); 338 339 if (nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) 340 goto fail; 341 } 342 343 if (params->bssid) { 344 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: " 345 MACSTR, MAC2STR(params->bssid)); 346 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid)) 347 goto fail; 348 } 349 350 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 351 msg = NULL; 352 if (ret) { 353 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d " 354 "(%s)", ret, strerror(-ret)); 355 if (drv->hostapd && is_ap_interface(drv->nlmode)) { 356 enum nl80211_iftype old_mode = drv->nlmode; 357 358 /* 359 * mac80211 does not allow scan requests in AP mode, so 360 * try to do this in station mode. 361 */ 362 if (wpa_driver_nl80211_set_mode( 363 bss, NL80211_IFTYPE_STATION)) 364 goto fail; 365 366 if (wpa_driver_nl80211_scan(bss, params)) { 367 wpa_driver_nl80211_set_mode(bss, old_mode); 368 goto fail; 369 } 370 371 /* Restore AP mode when processing scan results */ 372 drv->ap_scan_as_station = old_mode; 373 ret = 0; 374 } else 375 goto fail; 376 } 377 378 drv->scan_state = SCAN_REQUESTED; 379 /* Not all drivers generate "scan completed" wireless event, so try to 380 * read results after a timeout. */ 381 timeout = 10; 382 if (drv->scan_complete_events) { 383 /* 384 * The driver seems to deliver events to notify when scan is 385 * complete, so use longer timeout to avoid race conditions 386 * with scanning and following association request. 387 */ 388 timeout = 30; 389 } 390 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d " 391 "seconds", ret, timeout); 392 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 393 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout, 394 drv, drv->ctx); 395 drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN; 396 397 fail: 398 nlmsg_free(msg); 399 return ret; 400 } 401 402 403 static int 404 nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data *drv, 405 struct nl_msg *msg, 406 struct wpa_driver_scan_params *params) 407 { 408 struct nlattr *plans; 409 struct sched_scan_plan *scan_plans = params->sched_scan_plans; 410 unsigned int i; 411 412 plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS); 413 if (!plans) 414 return -1; 415 416 for (i = 0; i < params->sched_scan_plans_num; i++) { 417 struct nlattr *plan = nla_nest_start(msg, i + 1); 418 419 if (!plan) 420 return -1; 421 422 if (!scan_plans[i].interval || 423 scan_plans[i].interval > 424 drv->capa.max_sched_scan_plan_interval) { 425 wpa_printf(MSG_DEBUG, 426 "nl80211: sched scan plan no. %u: Invalid interval: %u", 427 i, scan_plans[i].interval); 428 return -1; 429 } 430 431 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL, 432 scan_plans[i].interval)) 433 return -1; 434 435 if (scan_plans[i].iterations > 436 drv->capa.max_sched_scan_plan_iterations) { 437 wpa_printf(MSG_DEBUG, 438 "nl80211: sched scan plan no. %u: Invalid number of iterations: %u", 439 i, scan_plans[i].iterations); 440 return -1; 441 } 442 443 if (scan_plans[i].iterations && 444 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS, 445 scan_plans[i].iterations)) 446 return -1; 447 448 nla_nest_end(msg, plan); 449 450 /* 451 * All the scan plans must specify the number of iterations 452 * except the last plan, which will run infinitely. So if the 453 * number of iterations is not specified, this ought to be the 454 * last scan plan. 455 */ 456 if (!scan_plans[i].iterations) 457 break; 458 } 459 460 if (i != params->sched_scan_plans_num - 1) { 461 wpa_printf(MSG_DEBUG, 462 "nl80211: All sched scan plans but the last must specify number of iterations"); 463 return -1; 464 } 465 466 nla_nest_end(msg, plans); 467 return 0; 468 } 469 470 471 /** 472 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan 473 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 474 * @params: Scan parameters 475 * Returns: 0 on success, -1 on failure or if not supported 476 */ 477 int wpa_driver_nl80211_sched_scan(void *priv, 478 struct wpa_driver_scan_params *params) 479 { 480 struct i802_bss *bss = priv; 481 struct wpa_driver_nl80211_data *drv = bss->drv; 482 int ret = -1; 483 struct nl_msg *msg; 484 size_t i; 485 486 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request"); 487 488 #ifdef ANDROID 489 if (!drv->capa.sched_scan_supported) 490 return android_pno_start(bss, params); 491 #endif /* ANDROID */ 492 493 if (!params->sched_scan_plans_num || 494 params->sched_scan_plans_num > drv->capa.max_sched_scan_plans) { 495 wpa_printf(MSG_ERROR, 496 "nl80211: Invalid number of sched scan plans: %u", 497 params->sched_scan_plans_num); 498 return -1; 499 } 500 501 msg = nl80211_scan_common(bss, NL80211_CMD_START_SCHED_SCAN, params); 502 if (!msg) 503 goto fail; 504 505 if (drv->capa.max_sched_scan_plan_iterations) { 506 if (nl80211_sched_scan_add_scan_plans(drv, msg, params)) 507 goto fail; 508 } else { 509 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL, 510 params->sched_scan_plans[0].interval * 1000)) 511 goto fail; 512 } 513 514 if ((drv->num_filter_ssids && 515 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) || 516 params->filter_rssi) { 517 struct nlattr *match_sets; 518 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH); 519 if (match_sets == NULL) 520 goto fail; 521 522 for (i = 0; i < drv->num_filter_ssids; i++) { 523 struct nlattr *match_set_ssid; 524 wpa_hexdump_ascii(MSG_MSGDUMP, 525 "nl80211: Sched scan filter SSID", 526 drv->filter_ssids[i].ssid, 527 drv->filter_ssids[i].ssid_len); 528 529 match_set_ssid = nla_nest_start(msg, i + 1); 530 if (match_set_ssid == NULL || 531 nla_put(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID, 532 drv->filter_ssids[i].ssid_len, 533 drv->filter_ssids[i].ssid) || 534 (params->filter_rssi && 535 nla_put_u32(msg, 536 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 537 params->filter_rssi))) 538 goto fail; 539 540 nla_nest_end(msg, match_set_ssid); 541 } 542 543 /* 544 * Due to backward compatibility code, newer kernels treat this 545 * matchset (with only an RSSI filter) as the default for all 546 * other matchsets, unless it's the only one, in which case the 547 * matchset will actually allow all SSIDs above the RSSI. 548 */ 549 if (params->filter_rssi) { 550 struct nlattr *match_set_rssi; 551 match_set_rssi = nla_nest_start(msg, 0); 552 if (match_set_rssi == NULL || 553 nla_put_u32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI, 554 params->filter_rssi)) 555 goto fail; 556 wpa_printf(MSG_MSGDUMP, 557 "nl80211: Sched scan RSSI filter %d dBm", 558 params->filter_rssi); 559 nla_nest_end(msg, match_set_rssi); 560 } 561 562 nla_nest_end(msg, match_sets); 563 } 564 565 if (params->relative_rssi_set) { 566 struct nl80211_bss_select_rssi_adjust rssi_adjust; 567 568 os_memset(&rssi_adjust, 0, sizeof(rssi_adjust)); 569 wpa_printf(MSG_DEBUG, "nl80211: Relative RSSI: %d", 570 params->relative_rssi); 571 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI, 572 params->relative_rssi)) 573 goto fail; 574 575 if (params->relative_adjust_rssi) { 576 int pref_band_set = 1; 577 578 switch (params->relative_adjust_band) { 579 case WPA_SETBAND_5G: 580 rssi_adjust.band = NL80211_BAND_5GHZ; 581 break; 582 case WPA_SETBAND_2G: 583 rssi_adjust.band = NL80211_BAND_2GHZ; 584 break; 585 default: 586 pref_band_set = 0; 587 break; 588 } 589 rssi_adjust.delta = params->relative_adjust_rssi; 590 591 if (pref_band_set && 592 nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST, 593 sizeof(rssi_adjust), &rssi_adjust)) 594 goto fail; 595 } 596 } 597 598 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 599 600 /* TODO: if we get an error here, we should fall back to normal scan */ 601 602 msg = NULL; 603 if (ret) { 604 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: " 605 "ret=%d (%s)", ret, strerror(-ret)); 606 goto fail; 607 } 608 609 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d)", ret); 610 611 fail: 612 nlmsg_free(msg); 613 return ret; 614 } 615 616 617 /** 618 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan 619 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 620 * Returns: 0 on success, -1 on failure or if not supported 621 */ 622 int wpa_driver_nl80211_stop_sched_scan(void *priv) 623 { 624 struct i802_bss *bss = priv; 625 struct wpa_driver_nl80211_data *drv = bss->drv; 626 int ret; 627 struct nl_msg *msg; 628 629 #ifdef ANDROID 630 if (!drv->capa.sched_scan_supported) 631 return android_pno_stop(bss); 632 #endif /* ANDROID */ 633 634 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_STOP_SCHED_SCAN); 635 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 636 if (ret) { 637 wpa_printf(MSG_DEBUG, 638 "nl80211: Sched scan stop failed: ret=%d (%s)", 639 ret, strerror(-ret)); 640 } else { 641 wpa_printf(MSG_DEBUG, 642 "nl80211: Sched scan stop sent"); 643 } 644 645 return ret; 646 } 647 648 649 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv, 650 const u8 *ie, size_t ie_len) 651 { 652 const u8 *ssid; 653 size_t i; 654 655 if (drv->filter_ssids == NULL) 656 return 0; 657 658 ssid = get_ie(ie, ie_len, WLAN_EID_SSID); 659 if (ssid == NULL) 660 return 1; 661 662 for (i = 0; i < drv->num_filter_ssids; i++) { 663 if (ssid[1] == drv->filter_ssids[i].ssid_len && 664 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) == 665 0) 666 return 0; 667 } 668 669 return 1; 670 } 671 672 673 static struct wpa_scan_res * 674 nl80211_parse_bss_info(struct wpa_driver_nl80211_data *drv, 675 struct nl_msg *msg) 676 { 677 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 678 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 679 struct nlattr *bss[NL80211_BSS_MAX + 1]; 680 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { 681 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC }, 682 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, 683 [NL80211_BSS_TSF] = { .type = NLA_U64 }, 684 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, 685 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, 686 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC }, 687 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, 688 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, 689 [NL80211_BSS_STATUS] = { .type = NLA_U32 }, 690 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, 691 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC }, 692 [NL80211_BSS_PARENT_TSF] = { .type = NLA_U64 }, 693 [NL80211_BSS_PARENT_BSSID] = { .type = NLA_UNSPEC }, 694 }; 695 struct wpa_scan_res *r; 696 const u8 *ie, *beacon_ie; 697 size_t ie_len, beacon_ie_len; 698 u8 *pos; 699 700 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 701 genlmsg_attrlen(gnlh, 0), NULL); 702 if (!tb[NL80211_ATTR_BSS]) 703 return NULL; 704 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS], 705 bss_policy)) 706 return NULL; 707 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) { 708 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 709 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]); 710 } else { 711 ie = NULL; 712 ie_len = 0; 713 } 714 if (bss[NL80211_BSS_BEACON_IES]) { 715 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]); 716 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]); 717 } else { 718 beacon_ie = NULL; 719 beacon_ie_len = 0; 720 } 721 722 if (nl80211_scan_filtered(drv, ie ? ie : beacon_ie, 723 ie ? ie_len : beacon_ie_len)) 724 return NULL; 725 726 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len); 727 if (r == NULL) 728 return NULL; 729 if (bss[NL80211_BSS_BSSID]) 730 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]), 731 ETH_ALEN); 732 if (bss[NL80211_BSS_FREQUENCY]) 733 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]); 734 if (bss[NL80211_BSS_BEACON_INTERVAL]) 735 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]); 736 if (bss[NL80211_BSS_CAPABILITY]) 737 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); 738 r->flags |= WPA_SCAN_NOISE_INVALID; 739 if (bss[NL80211_BSS_SIGNAL_MBM]) { 740 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); 741 r->level /= 100; /* mBm to dBm */ 742 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID; 743 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { 744 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); 745 r->flags |= WPA_SCAN_QUAL_INVALID; 746 } else 747 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID; 748 if (bss[NL80211_BSS_TSF]) 749 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]); 750 if (bss[NL80211_BSS_BEACON_TSF]) { 751 u64 tsf = nla_get_u64(bss[NL80211_BSS_BEACON_TSF]); 752 if (tsf > r->tsf) 753 r->tsf = tsf; 754 } 755 if (bss[NL80211_BSS_SEEN_MS_AGO]) 756 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); 757 r->ie_len = ie_len; 758 pos = (u8 *) (r + 1); 759 if (ie) { 760 os_memcpy(pos, ie, ie_len); 761 pos += ie_len; 762 } 763 r->beacon_ie_len = beacon_ie_len; 764 if (beacon_ie) 765 os_memcpy(pos, beacon_ie, beacon_ie_len); 766 767 if (bss[NL80211_BSS_STATUS]) { 768 enum nl80211_bss_status status; 769 status = nla_get_u32(bss[NL80211_BSS_STATUS]); 770 switch (status) { 771 case NL80211_BSS_STATUS_ASSOCIATED: 772 r->flags |= WPA_SCAN_ASSOCIATED; 773 break; 774 default: 775 break; 776 } 777 } 778 779 if (bss[NL80211_BSS_PARENT_TSF] && bss[NL80211_BSS_PARENT_BSSID]) { 780 r->parent_tsf = nla_get_u64(bss[NL80211_BSS_PARENT_TSF]); 781 os_memcpy(r->tsf_bssid, nla_data(bss[NL80211_BSS_PARENT_BSSID]), 782 ETH_ALEN); 783 } 784 785 return r; 786 } 787 788 789 struct nl80211_bss_info_arg { 790 struct wpa_driver_nl80211_data *drv; 791 struct wpa_scan_results *res; 792 }; 793 794 static int bss_info_handler(struct nl_msg *msg, void *arg) 795 { 796 struct nl80211_bss_info_arg *_arg = arg; 797 struct wpa_scan_results *res = _arg->res; 798 struct wpa_scan_res **tmp; 799 struct wpa_scan_res *r; 800 801 r = nl80211_parse_bss_info(_arg->drv, msg); 802 if (!r) 803 return NL_SKIP; 804 805 if (!res) { 806 os_free(r); 807 return NL_SKIP; 808 } 809 tmp = os_realloc_array(res->res, res->num + 1, 810 sizeof(struct wpa_scan_res *)); 811 if (tmp == NULL) { 812 os_free(r); 813 return NL_SKIP; 814 } 815 tmp[res->num++] = r; 816 res->res = tmp; 817 818 return NL_SKIP; 819 } 820 821 822 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, 823 const u8 *addr) 824 { 825 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) { 826 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state " 827 "mismatch (" MACSTR ")", MAC2STR(addr)); 828 wpa_driver_nl80211_mlme(drv, addr, 829 NL80211_CMD_DEAUTHENTICATE, 830 WLAN_REASON_PREV_AUTH_NOT_VALID, 1); 831 } 832 } 833 834 835 static void nl80211_check_bss_status(struct wpa_driver_nl80211_data *drv, 836 struct wpa_scan_res *r) 837 { 838 if (!(r->flags & WPA_SCAN_ASSOCIATED)) 839 return; 840 841 wpa_printf(MSG_DEBUG, "nl80211: Scan results indicate BSS status with " 842 MACSTR " as associated", MAC2STR(r->bssid)); 843 if (is_sta_interface(drv->nlmode) && !drv->associated) { 844 wpa_printf(MSG_DEBUG, 845 "nl80211: Local state (not associated) does not match with BSS state"); 846 clear_state_mismatch(drv, r->bssid); 847 } else if (is_sta_interface(drv->nlmode) && 848 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 0) { 849 wpa_printf(MSG_DEBUG, 850 "nl80211: Local state (associated with " MACSTR 851 ") does not match with BSS state", 852 MAC2STR(drv->bssid)); 853 clear_state_mismatch(drv, r->bssid); 854 clear_state_mismatch(drv, drv->bssid); 855 } 856 } 857 858 859 static void wpa_driver_nl80211_check_bss_status( 860 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res) 861 { 862 size_t i; 863 864 for (i = 0; i < res->num; i++) 865 nl80211_check_bss_status(drv, res->res[i]); 866 } 867 868 869 static void nl80211_update_scan_res_noise(struct wpa_scan_res *res, 870 struct nl80211_noise_info *info) 871 { 872 unsigned int i; 873 874 for (i = 0; res && i < info->count; i++) { 875 if ((int) info->freq[i] != res->freq || 876 !(res->flags & WPA_SCAN_NOISE_INVALID)) 877 continue; 878 res->noise = info->noise[i]; 879 res->flags &= ~WPA_SCAN_NOISE_INVALID; 880 } 881 } 882 883 884 static struct wpa_scan_results * 885 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv) 886 { 887 struct nl_msg *msg; 888 struct wpa_scan_results *res; 889 int ret; 890 struct nl80211_bss_info_arg arg; 891 892 res = os_zalloc(sizeof(*res)); 893 if (res == NULL) 894 return NULL; 895 if (!(msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, 896 NL80211_CMD_GET_SCAN))) { 897 wpa_scan_results_free(res); 898 return NULL; 899 } 900 901 arg.drv = drv; 902 arg.res = res; 903 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg); 904 if (ret == 0) { 905 struct nl80211_noise_info info; 906 907 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu " 908 "BSSes)", (unsigned long) res->num); 909 if (nl80211_get_noise_for_scan_results(drv, &info) == 0) { 910 size_t i; 911 912 for (i = 0; i < res->num; ++i) 913 nl80211_update_scan_res_noise(res->res[i], 914 &info); 915 } 916 return res; 917 } 918 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d " 919 "(%s)", ret, strerror(-ret)); 920 wpa_scan_results_free(res); 921 return NULL; 922 } 923 924 925 /** 926 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results 927 * @priv: Pointer to private wext data from wpa_driver_nl80211_init() 928 * Returns: Scan results on success, -1 on failure 929 */ 930 struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv) 931 { 932 struct i802_bss *bss = priv; 933 struct wpa_driver_nl80211_data *drv = bss->drv; 934 struct wpa_scan_results *res; 935 936 res = nl80211_get_scan_results(drv); 937 if (res) 938 wpa_driver_nl80211_check_bss_status(drv, res); 939 return res; 940 } 941 942 943 struct nl80211_dump_scan_ctx { 944 struct wpa_driver_nl80211_data *drv; 945 int idx; 946 }; 947 948 static int nl80211_dump_scan_handler(struct nl_msg *msg, void *arg) 949 { 950 struct nl80211_dump_scan_ctx *ctx = arg; 951 struct wpa_scan_res *r; 952 953 r = nl80211_parse_bss_info(ctx->drv, msg); 954 if (!r) 955 return NL_SKIP; 956 wpa_printf(MSG_DEBUG, "nl80211: %d " MACSTR " %d%s", 957 ctx->idx, MAC2STR(r->bssid), r->freq, 958 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : ""); 959 ctx->idx++; 960 os_free(r); 961 return NL_SKIP; 962 } 963 964 965 void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv) 966 { 967 struct nl_msg *msg; 968 struct nl80211_dump_scan_ctx ctx; 969 970 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump"); 971 ctx.drv = drv; 972 ctx.idx = 0; 973 msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, NL80211_CMD_GET_SCAN); 974 if (msg) 975 send_and_recv_msgs(drv, msg, nl80211_dump_scan_handler, &ctx); 976 } 977 978 979 int wpa_driver_nl80211_abort_scan(void *priv, u64 scan_cookie) 980 { 981 struct i802_bss *bss = priv; 982 #ifdef CONFIG_DRIVER_NL80211_QCA 983 struct wpa_driver_nl80211_data *drv = bss->drv; 984 985 /* 986 * If scan_cookie is zero, a normal scan through kernel (cfg80211) 987 * was triggered, hence abort the cfg80211 scan instead of the vendor 988 * scan. 989 */ 990 if (drv->scan_vendor_cmd_avail && scan_cookie) 991 return nl80211_abort_vendor_scan(drv, scan_cookie); 992 #endif /* CONFIG_DRIVER_NL80211_QCA */ 993 return nl80211_abort_scan(bss); 994 } 995 996 997 #ifdef CONFIG_DRIVER_NL80211_QCA 998 999 static int scan_cookie_handler(struct nl_msg *msg, void *arg) 1000 { 1001 struct nlattr *tb[NL80211_ATTR_MAX + 1]; 1002 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); 1003 u64 *cookie = arg; 1004 1005 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), 1006 genlmsg_attrlen(gnlh, 0), NULL); 1007 1008 if (tb[NL80211_ATTR_VENDOR_DATA]) { 1009 struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA]; 1010 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1]; 1011 1012 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX, 1013 nla_data(nl_vendor), nla_len(nl_vendor), NULL); 1014 1015 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]) 1016 *cookie = nla_get_u64( 1017 tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]); 1018 } 1019 1020 return NL_SKIP; 1021 } 1022 1023 1024 /** 1025 * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan 1026 * @bss: Pointer to private driver data from wpa_driver_nl80211_init() 1027 * @params: Scan parameters 1028 * Returns: 0 on success, -1 on failure 1029 */ 1030 int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss, 1031 struct wpa_driver_scan_params *params) 1032 { 1033 struct wpa_driver_nl80211_data *drv = bss->drv; 1034 struct nl_msg *msg = NULL; 1035 struct nlattr *attr; 1036 size_t i; 1037 u32 scan_flags = 0; 1038 int ret = -1; 1039 u64 cookie = 0; 1040 1041 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request"); 1042 drv->scan_for_auth = 0; 1043 1044 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) || 1045 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 1046 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 1047 QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) ) 1048 goto fail; 1049 1050 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1051 if (attr == NULL) 1052 goto fail; 1053 1054 if (params->num_ssids) { 1055 struct nlattr *ssids; 1056 1057 ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS); 1058 if (ssids == NULL) 1059 goto fail; 1060 for (i = 0; i < params->num_ssids; i++) { 1061 wpa_hexdump_ascii(MSG_MSGDUMP, "nl80211: Scan SSID", 1062 params->ssids[i].ssid, 1063 params->ssids[i].ssid_len); 1064 if (nla_put(msg, i + 1, params->ssids[i].ssid_len, 1065 params->ssids[i].ssid)) 1066 goto fail; 1067 } 1068 nla_nest_end(msg, ssids); 1069 } 1070 1071 if (params->extra_ies) { 1072 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs", 1073 params->extra_ies, params->extra_ies_len); 1074 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE, 1075 params->extra_ies_len, params->extra_ies)) 1076 goto fail; 1077 } 1078 1079 if (params->freqs) { 1080 struct nlattr *freqs; 1081 1082 freqs = nla_nest_start(msg, 1083 QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES); 1084 if (freqs == NULL) 1085 goto fail; 1086 for (i = 0; params->freqs[i]; i++) { 1087 wpa_printf(MSG_MSGDUMP, 1088 "nl80211: Scan frequency %u MHz", 1089 params->freqs[i]); 1090 if (nla_put_u32(msg, i + 1, params->freqs[i])) 1091 goto fail; 1092 } 1093 nla_nest_end(msg, freqs); 1094 } 1095 1096 os_free(drv->filter_ssids); 1097 drv->filter_ssids = params->filter_ssids; 1098 params->filter_ssids = NULL; 1099 drv->num_filter_ssids = params->num_filter_ssids; 1100 1101 if (params->low_priority && drv->have_low_prio_scan) { 1102 wpa_printf(MSG_DEBUG, 1103 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY"); 1104 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY; 1105 } 1106 1107 if (params->mac_addr_rand) { 1108 wpa_printf(MSG_DEBUG, 1109 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR"); 1110 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR; 1111 1112 if (params->mac_addr) { 1113 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR, 1114 MAC2STR(params->mac_addr)); 1115 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC, 1116 ETH_ALEN, params->mac_addr)) 1117 goto fail; 1118 } 1119 1120 if (params->mac_addr_mask) { 1121 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: " 1122 MACSTR, MAC2STR(params->mac_addr_mask)); 1123 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK, 1124 ETH_ALEN, params->mac_addr_mask)) 1125 goto fail; 1126 } 1127 } 1128 1129 if (scan_flags && 1130 nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, scan_flags)) 1131 goto fail; 1132 1133 if (params->p2p_probe) { 1134 struct nlattr *rates; 1135 1136 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates"); 1137 1138 rates = nla_nest_start(msg, 1139 QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES); 1140 if (rates == NULL) 1141 goto fail; 1142 1143 /* 1144 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates 1145 * by masking out everything else apart from the OFDM rates 6, 1146 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz 1147 * rates are left enabled. 1148 */ 1149 if (nla_put(msg, NL80211_BAND_2GHZ, 8, 1150 "\x0c\x12\x18\x24\x30\x48\x60\x6c")) 1151 goto fail; 1152 nla_nest_end(msg, rates); 1153 1154 if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE)) 1155 goto fail; 1156 } 1157 1158 if (params->bssid) { 1159 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: " 1160 MACSTR, MAC2STR(params->bssid)); 1161 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_BSSID, ETH_ALEN, 1162 params->bssid)) 1163 goto fail; 1164 } 1165 1166 nla_nest_end(msg, attr); 1167 1168 ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie); 1169 msg = NULL; 1170 if (ret) { 1171 wpa_printf(MSG_DEBUG, 1172 "nl80211: Vendor scan trigger failed: ret=%d (%s)", 1173 ret, strerror(-ret)); 1174 goto fail; 1175 } 1176 1177 drv->vendor_scan_cookie = cookie; 1178 drv->scan_state = SCAN_REQUESTED; 1179 /* Pass the cookie to the caller to help distinguish the scans. */ 1180 params->scan_cookie = cookie; 1181 1182 wpa_printf(MSG_DEBUG, 1183 "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx", 1184 ret, (long long unsigned int) cookie); 1185 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx); 1186 eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout, 1187 drv, drv->ctx); 1188 drv->last_scan_cmd = NL80211_CMD_VENDOR; 1189 1190 fail: 1191 nlmsg_free(msg); 1192 return ret; 1193 } 1194 1195 1196 /** 1197 * nl80211_set_default_scan_ies - Set the scan default IEs to the driver 1198 * @priv: Pointer to private driver data from wpa_driver_nl80211_init() 1199 * @ies: Pointer to IEs buffer 1200 * @ies_len: Length of IEs in bytes 1201 * Returns: 0 on success, -1 on failure 1202 */ 1203 int nl80211_set_default_scan_ies(void *priv, const u8 *ies, size_t ies_len) 1204 { 1205 struct i802_bss *bss = priv; 1206 struct wpa_driver_nl80211_data *drv = bss->drv; 1207 struct nl_msg *msg = NULL; 1208 struct nlattr *attr; 1209 int ret = -1; 1210 1211 if (!drv->set_wifi_conf_vendor_cmd_avail) 1212 return -1; 1213 1214 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) || 1215 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) || 1216 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, 1217 QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION)) 1218 goto fail; 1219 1220 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA); 1221 if (attr == NULL) 1222 goto fail; 1223 1224 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan default IEs", ies, ies_len); 1225 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES, 1226 ies_len, ies)) 1227 goto fail; 1228 1229 nla_nest_end(msg, attr); 1230 1231 ret = send_and_recv_msgs(drv, msg, NULL, NULL); 1232 msg = NULL; 1233 if (ret) { 1234 wpa_printf(MSG_ERROR, 1235 "nl80211: Set scan default IEs failed: ret=%d (%s)", 1236 ret, strerror(-ret)); 1237 goto fail; 1238 } 1239 1240 fail: 1241 nlmsg_free(msg); 1242 return ret; 1243 } 1244 1245 #endif /* CONFIG_DRIVER_NL80211_QCA */ 1246
