contrib/wpa/src/drivers/driver_nl80211_scan.c

   1 /*
   2  * Driver interaction with Linux nl80211/cfg80211 - Scanning
   3  * Copyright(c) 2015 Intel Deutschland GmbH
   4  * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
   5  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
   6  * Copyright (c) 2009-2010, Atheros Communications
   7  *
   8  * This software may be distributed under the terms of the BSD license.
   9  * See README for more details.
  10  */
  11
  12 #include "includes.h"
  13 #include <time.h>
  14 #include <netlink/genl/genl.h>
  15
  16 #include "utils/common.h"
  17 #include "utils/eloop.h"
  18 #include "common/ieee802_11_defs.h"
  19 #include "common/ieee802_11_common.h"
  20 #include "common/qca-vendor.h"
  21 #include "driver_nl80211.h"
  22
  23
  24 #define MAX_NL80211_NOISE_FREQS 50
  25
  26 struct nl80211_noise_info {
  27         u32 freq[MAX_NL80211_NOISE_FREQS];
  28         s8 noise[MAX_NL80211_NOISE_FREQS];
  29         unsigned int count;
  30 };
  31
  32 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
  33 {
  34         struct nlattr *tb[NL80211_ATTR_MAX + 1];
  35         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
  36         struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
  37         static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
  38                 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
  39                 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
  40         };
  41         struct nl80211_noise_info *info = arg;
  42
  43         if (info->count >= MAX_NL80211_NOISE_FREQS)
  44                 return NL_STOP;
  45
  46         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
  47                   genlmsg_attrlen(gnlh, 0), NULL);
  48
  49         if (!tb[NL80211_ATTR_SURVEY_INFO]) {
  50                 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
  51                 return NL_SKIP;
  52         }
  53
  54         if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
  55                              tb[NL80211_ATTR_SURVEY_INFO],
  56                              survey_policy)) {
  57                 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
  58                            "attributes");
  59                 return NL_SKIP;
  60         }
  61
  62         if (!sinfo[NL80211_SURVEY_INFO_NOISE])
  63                 return NL_SKIP;
  64
  65         if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
  66                 return NL_SKIP;
  67
  68         info->freq[info->count] =
  69                 nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
  70         info->noise[info->count] =
  71                 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
  72         info->count++;
  73
  74         return NL_SKIP;
  75 }
  76
  77
  78 static int nl80211_get_noise_for_scan_results(
  79         struct wpa_driver_nl80211_data *drv, struct nl80211_noise_info *info)
  80 {
  81         struct nl_msg *msg;
  82
  83         os_memset(info, 0, sizeof(*info));
  84         msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
  85         return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, info);
  86 }
  87
  88
  89 static int nl80211_abort_scan(struct i802_bss *bss)
  90 {
  91         int ret;
  92         struct nl_msg *msg;
  93         struct wpa_driver_nl80211_data *drv = bss->drv;
  94
  95         wpa_printf(MSG_DEBUG, "nl80211: Abort scan");
  96         msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ABORT_SCAN);
  97         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
  98         if (ret) {
  99                 wpa_printf(MSG_DEBUG, "nl80211: Abort scan failed: ret=%d (%s)",
 100                            ret, strerror(-ret));
 101         }
 102         return ret;
 103 }
 104
 105
 106 #ifdef CONFIG_DRIVER_NL80211_QCA
 107 static int nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data *drv,
 108                                      u64 scan_cookie)
 109 {
 110         struct nl_msg *msg;
 111         struct nlattr *params;
 112         int ret;
 113
 114         wpa_printf(MSG_DEBUG, "nl80211: Abort vendor scan with cookie 0x%llx",
 115                    (long long unsigned int) scan_cookie);
 116
 117         msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
 118         if (!msg ||
 119             nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
 120             nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
 121                         QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN) ||
 122             !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
 123             nla_put_u64(msg, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, scan_cookie))
 124                 goto fail;
 125
 126         nla_nest_end(msg, params);
 127
 128         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
 129         msg = NULL;
 130         if (ret) {
 131                 wpa_printf(MSG_INFO,
 132                            "nl80211: Aborting vendor scan with cookie 0x%llx failed: ret=%d (%s)",
 133                            (long long unsigned int) scan_cookie, ret,
 134                            strerror(-ret));
 135                 goto fail;
 136         }
 137         return 0;
 138 fail:
 139         nlmsg_free(msg);
 140         return -1;
 141 }
 142 #endif /* CONFIG_DRIVER_NL80211_QCA */
 143
 144
 145 /**
 146  * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
 147  * @eloop_ctx: Driver private data
 148  * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
 149  *
 150  * This function can be used as registered timeout when starting a scan to
 151  * generate a scan completed event if the driver does not report this.
 152  */
 153 void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
 154 {
 155         struct wpa_driver_nl80211_data *drv = eloop_ctx;
 156
 157         wpa_printf(MSG_DEBUG, "nl80211: Scan timeout - try to abort it");
 158 #ifdef CONFIG_DRIVER_NL80211_QCA
 159         if (drv->vendor_scan_cookie &&
 160             nl80211_abort_vendor_scan(drv, drv->vendor_scan_cookie) == 0)
 161                 return;
 162 #endif /* CONFIG_DRIVER_NL80211_QCA */
 163         if (!drv->vendor_scan_cookie &&
 164             nl80211_abort_scan(drv->first_bss) == 0)
 165                 return;
 166
 167         wpa_printf(MSG_DEBUG, "nl80211: Failed to abort scan");
 168
 169         if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
 170                 wpa_driver_nl80211_set_mode(drv->first_bss,
 171                                             drv->ap_scan_as_station);
 172                 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
 173         }
 174
 175         wpa_printf(MSG_DEBUG, "nl80211: Try to get scan results");
 176         wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
 177 }
 178
 179
 180 static struct nl_msg *
 181 nl80211_scan_common(struct i802_bss *bss, u8 cmd,
 182                     struct wpa_driver_scan_params *params)
 183 {
 184         struct wpa_driver_nl80211_data *drv = bss->drv;
 185         struct nl_msg *msg;
 186         size_t i;
 187         u32 scan_flags = 0;
 188
 189         msg = nl80211_cmd_msg(bss, 0, cmd);
 190         if (!msg)
 191                 return NULL;
 192
 193         if (params->num_ssids) {
 194                 struct nlattr *ssids;
 195
 196                 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
 197                 if (ssids == NULL)
 198                         goto fail;
 199                 for (i = 0; i < params->num_ssids; i++) {
 200                         wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
 201                                    wpa_ssid_txt(params->ssids[i].ssid,
 202                                                 params->ssids[i].ssid_len));
 203                         if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
 204                                     params->ssids[i].ssid))
 205                                 goto fail;
 206                 }
 207                 nla_nest_end(msg, ssids);
 208         } else {
 209                 wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
 210         }
 211
 212         if (params->extra_ies) {
 213                 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
 214                             params->extra_ies, params->extra_ies_len);
 215                 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
 216                             params->extra_ies))
 217                         goto fail;
 218         }
 219
 220         if (params->freqs) {
 221                 struct nlattr *freqs;
 222                 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
 223                 if (freqs == NULL)
 224                         goto fail;
 225                 for (i = 0; params->freqs[i]; i++) {
 226                         wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
 227                                    "MHz", params->freqs[i]);
 228                         if (nla_put_u32(msg, i + 1, params->freqs[i]))
 229                                 goto fail;
 230                 }
 231                 nla_nest_end(msg, freqs);
 232         }
 233
 234         os_free(drv->filter_ssids);
 235         drv->filter_ssids = params->filter_ssids;
 236         params->filter_ssids = NULL;
 237         drv->num_filter_ssids = params->num_filter_ssids;
 238
 239         if (params->only_new_results) {
 240                 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
 241                 scan_flags |= NL80211_SCAN_FLAG_FLUSH;
 242         }
 243
 244         if (params->low_priority && drv->have_low_prio_scan) {
 245                 wpa_printf(MSG_DEBUG,
 246                            "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
 247                 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
 248         }
 249
 250         if (params->mac_addr_rand) {
 251                 wpa_printf(MSG_DEBUG,
 252                            "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
 253                 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
 254
 255                 if (params->mac_addr) {
 256                         wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
 257                                    MAC2STR(params->mac_addr));
 258                         if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
 259                                     params->mac_addr))
 260                                 goto fail;
 261                 }
 262
 263                 if (params->mac_addr_mask) {
 264                         wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
 265                                    MACSTR, MAC2STR(params->mac_addr_mask));
 266                         if (nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
 267                                     params->mac_addr_mask))
 268                                 goto fail;
 269                 }
 270         }
 271
 272         if (params->duration) {
 273                 if (!(drv->capa.rrm_flags &
 274                       WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) ||
 275                     nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION,
 276                                 params->duration))
 277                         goto fail;
 278
 279                 if (params->duration_mandatory &&
 280                     nla_put_flag(msg,
 281                                  NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY))
 282                         goto fail;
 283         }
 284
 285         if (params->oce_scan) {
 286                 wpa_printf(MSG_DEBUG,
 287                            "nl80211: Add NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME");
 288                 wpa_printf(MSG_DEBUG,
 289                            "nl80211: Add NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP");
 290                 wpa_printf(MSG_DEBUG,
 291                            "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_MIN_TX_RATE");
 292                 wpa_printf(MSG_DEBUG,
 293                            "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION");
 294                 scan_flags |= NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME |
 295                         NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP |
 296                         NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE |
 297                         NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION;
 298         }
 299
 300         if (scan_flags &&
 301             nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags))
 302                 goto fail;
 303
 304         return msg;
 305
 306 fail:
 307         nlmsg_free(msg);
 308         return NULL;
 309 }
 310
 311
 312 /**
 313  * wpa_driver_nl80211_scan - Request the driver to initiate scan
 314  * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
 315  * @params: Scan parameters
 316  * Returns: 0 on success, -1 on failure
 317  */
 318 int wpa_driver_nl80211_scan(struct i802_bss *bss,
 319                             struct wpa_driver_scan_params *params)
 320 {
 321         struct wpa_driver_nl80211_data *drv = bss->drv;
 322         int ret = -1, timeout;
 323         struct nl_msg *msg = NULL;
 324
 325         wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
 326         drv->scan_for_auth = 0;
 327
 328         if (TEST_FAIL())
 329                 return -1;
 330
 331         msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params);
 332         if (!msg)
 333                 return -1;
 334
 335         if (params->p2p_probe) {
 336                 struct nlattr *rates;
 337
 338                 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
 339
 340                 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
 341                 if (rates == NULL)
 342                         goto fail;
 343
 344                 /*
 345                  * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
 346                  * by masking out everything else apart from the OFDM rates 6,
 347                  * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
 348                  * rates are left enabled.
 349                  */
 350                 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
 351                             "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
 352                         goto fail;
 353                 nla_nest_end(msg, rates);
 354
 355                 if (nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE))
 356                         goto fail;
 357         }
 358
 359         if (params->bssid) {
 360                 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
 361                            MACSTR, MAC2STR(params->bssid));
 362                 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
 363                         goto fail;
 364         }
 365
 366         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
 367         msg = NULL;
 368         if (ret) {
 369                 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
 370                            "(%s)", ret, strerror(-ret));
 371                 if (drv->hostapd && is_ap_interface(drv->nlmode)) {
 372                         enum nl80211_iftype old_mode = drv->nlmode;
 373
 374                         /*
 375                          * mac80211 does not allow scan requests in AP mode, so
 376                          * try to do this in station mode.
 377                          */
 378                         if (wpa_driver_nl80211_set_mode(
 379                                     bss, NL80211_IFTYPE_STATION))
 380                                 goto fail;
 381
 382                         if (wpa_driver_nl80211_scan(bss, params)) {
 383                                 wpa_driver_nl80211_set_mode(bss, old_mode);
 384                                 goto fail;
 385                         }
 386
 387                         /* Restore AP mode when processing scan results */
 388                         drv->ap_scan_as_station = old_mode;
 389                         ret = 0;
 390                 } else
 391                         goto fail;
 392         }
 393
 394         drv->scan_state = SCAN_REQUESTED;
 395         /* Not all drivers generate "scan completed" wireless event, so try to
 396          * read results after a timeout. */
 397         timeout = 10;
 398         if (drv->scan_complete_events) {
 399                 /*
 400                  * The driver seems to deliver events to notify when scan is
 401                  * complete, so use longer timeout to avoid race conditions
 402                  * with scanning and following association request.
 403                  */
 404                 timeout = 30;
 405         }
 406         wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
 407                    "seconds", ret, timeout);
 408         eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
 409         eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
 410                                drv, drv->ctx);
 411         drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN;
 412
 413 fail:
 414         nlmsg_free(msg);
 415         return ret;
 416 }
 417
 418
 419 static int
 420 nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data *drv,
 421                                   struct nl_msg *msg,
 422                                   struct wpa_driver_scan_params *params)
 423 {
 424         struct nlattr *plans;
 425         struct sched_scan_plan *scan_plans = params->sched_scan_plans;
 426         unsigned int i;
 427
 428         plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
 429         if (!plans)
 430                 return -1;
 431
 432         for (i = 0; i < params->sched_scan_plans_num; i++) {
 433                 struct nlattr *plan = nla_nest_start(msg, i + 1);
 434
 435                 if (!plan)
 436                         return -1;
 437
 438                 if (!scan_plans[i].interval ||
 439                     scan_plans[i].interval >
 440                     drv->capa.max_sched_scan_plan_interval) {
 441                         wpa_printf(MSG_DEBUG,
 442                                    "nl80211: sched scan plan no. %u: Invalid interval: %u",
 443                                    i, scan_plans[i].interval);
 444                         return -1;
 445                 }
 446
 447                 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
 448                                 scan_plans[i].interval))
 449                         return -1;
 450
 451                 if (scan_plans[i].iterations >
 452                     drv->capa.max_sched_scan_plan_iterations) {
 453                         wpa_printf(MSG_DEBUG,
 454                                    "nl80211: sched scan plan no. %u: Invalid number of iterations: %u",
 455                                    i, scan_plans[i].iterations);
 456                         return -1;
 457                 }
 458
 459                 if (scan_plans[i].iterations &&
 460                     nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
 461                                 scan_plans[i].iterations))
 462                         return -1;
 463
 464                 nla_nest_end(msg, plan);
 465
 466                 /*
 467                  * All the scan plans must specify the number of iterations
 468                  * except the last plan, which will run infinitely. So if the
 469                  * number of iterations is not specified, this ought to be the
 470                  * last scan plan.
 471                  */
 472                 if (!scan_plans[i].iterations)
 473                         break;
 474         }
 475
 476         if (i != params->sched_scan_plans_num - 1) {
 477                 wpa_printf(MSG_DEBUG,
 478                            "nl80211: All sched scan plans but the last must specify number of iterations");
 479                 return -1;
 480         }
 481
 482         nla_nest_end(msg, plans);
 483         return 0;
 484 }
 485
 486
 487 /**
 488  * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
 489  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
 490  * @params: Scan parameters
 491  * Returns: 0 on success, -1 on failure or if not supported
 492  */
 493 int wpa_driver_nl80211_sched_scan(void *priv,
 494                                   struct wpa_driver_scan_params *params)
 495 {
 496         struct i802_bss *bss = priv;
 497         struct wpa_driver_nl80211_data *drv = bss->drv;
 498         int ret = -1;
 499         struct nl_msg *msg;
 500         size_t i;
 501
 502         wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
 503
 504 #ifdef ANDROID
 505         if (!drv->capa.sched_scan_supported)
 506                 return android_pno_start(bss, params);
 507 #endif /* ANDROID */
 508
 509         if (!params->sched_scan_plans_num ||
 510             params->sched_scan_plans_num > drv->capa.max_sched_scan_plans) {
 511                 wpa_printf(MSG_ERROR,
 512                            "nl80211: Invalid number of sched scan plans: %u",
 513                            params->sched_scan_plans_num);
 514                 return -1;
 515         }
 516
 517         msg = nl80211_scan_common(bss, NL80211_CMD_START_SCHED_SCAN, params);
 518         if (!msg)
 519                 goto fail;
 520
 521         if (drv->capa.max_sched_scan_plan_iterations) {
 522                 if (nl80211_sched_scan_add_scan_plans(drv, msg, params))
 523                         goto fail;
 524         } else {
 525                 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
 526                                 params->sched_scan_plans[0].interval * 1000))
 527                         goto fail;
 528         }
 529
 530         if ((drv->num_filter_ssids &&
 531             (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
 532             params->filter_rssi) {
 533                 struct nlattr *match_sets;
 534                 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
 535                 if (match_sets == NULL)
 536                         goto fail;
 537
 538                 for (i = 0; i < drv->num_filter_ssids; i++) {
 539                         struct nlattr *match_set_ssid;
 540                         wpa_printf(MSG_MSGDUMP,
 541                                    "nl80211: Sched scan filter SSID %s",
 542                                    wpa_ssid_txt(drv->filter_ssids[i].ssid,
 543                                                 drv->filter_ssids[i].ssid_len));
 544
 545                         match_set_ssid = nla_nest_start(msg, i + 1);
 546                         if (match_set_ssid == NULL ||
 547                             nla_put(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
 548                                     drv->filter_ssids[i].ssid_len,
 549                                     drv->filter_ssids[i].ssid) ||
 550                             (params->filter_rssi &&
 551                              nla_put_u32(msg,
 552                                          NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
 553                                          params->filter_rssi)))
 554                                 goto fail;
 555
 556                         nla_nest_end(msg, match_set_ssid);
 557                 }
 558
 559                 /*
 560                  * Due to backward compatibility code, newer kernels treat this
 561                  * matchset (with only an RSSI filter) as the default for all
 562                  * other matchsets, unless it's the only one, in which case the
 563                  * matchset will actually allow all SSIDs above the RSSI.
 564                  */
 565                 if (params->filter_rssi) {
 566                         struct nlattr *match_set_rssi;
 567                         match_set_rssi = nla_nest_start(msg, 0);
 568                         if (match_set_rssi == NULL ||
 569                             nla_put_u32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
 570                                         params->filter_rssi))
 571                                 goto fail;
 572                         wpa_printf(MSG_MSGDUMP,
 573                                    "nl80211: Sched scan RSSI filter %d dBm",
 574                                    params->filter_rssi);
 575                         nla_nest_end(msg, match_set_rssi);
 576                 }
 577
 578                 nla_nest_end(msg, match_sets);
 579         }
 580
 581         if (params->relative_rssi_set) {
 582                 struct nl80211_bss_select_rssi_adjust rssi_adjust;
 583
 584                 os_memset(&rssi_adjust, 0, sizeof(rssi_adjust));
 585                 wpa_printf(MSG_DEBUG, "nl80211: Relative RSSI: %d",
 586                            params->relative_rssi);
 587                 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
 588                                 params->relative_rssi))
 589                         goto fail;
 590
 591                 if (params->relative_adjust_rssi) {
 592                         int pref_band_set = 1;
 593
 594                         switch (params->relative_adjust_band) {
 595                         case WPA_SETBAND_5G:
 596                                 rssi_adjust.band = NL80211_BAND_5GHZ;
 597                                 break;
 598                         case WPA_SETBAND_2G:
 599                                 rssi_adjust.band = NL80211_BAND_2GHZ;
 600                                 break;
 601                         default:
 602                                 pref_band_set = 0;
 603                                 break;
 604                         }
 605                         rssi_adjust.delta = params->relative_adjust_rssi;
 606
 607                         if (pref_band_set &&
 608                             nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
 609                                     sizeof(rssi_adjust), &rssi_adjust))
 610                                 goto fail;
 611                 }
 612         }
 613
 614         if (params->sched_scan_start_delay &&
 615             nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY,
 616                         params->sched_scan_start_delay))
 617                 goto fail;
 618
 619         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
 620
 621         /* TODO: if we get an error here, we should fall back to normal scan */
 622
 623         msg = NULL;
 624         if (ret) {
 625                 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
 626                            "ret=%d (%s)", ret, strerror(-ret));
 627                 goto fail;
 628         }
 629
 630         wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d)", ret);
 631
 632 fail:
 633         nlmsg_free(msg);
 634         return ret;
 635 }
 636
 637
 638 /**
 639  * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
 640  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
 641  * Returns: 0 on success, -1 on failure or if not supported
 642  */
 643 int wpa_driver_nl80211_stop_sched_scan(void *priv)
 644 {
 645         struct i802_bss *bss = priv;
 646         struct wpa_driver_nl80211_data *drv = bss->drv;
 647         int ret;
 648         struct nl_msg *msg;
 649
 650 #ifdef ANDROID
 651         if (!drv->capa.sched_scan_supported)
 652                 return android_pno_stop(bss);
 653 #endif /* ANDROID */
 654
 655         msg = nl80211_drv_msg(drv, 0, NL80211_CMD_STOP_SCHED_SCAN);
 656         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
 657         if (ret) {
 658                 wpa_printf(MSG_DEBUG,
 659                            "nl80211: Sched scan stop failed: ret=%d (%s)",
 660                            ret, strerror(-ret));
 661         } else {
 662                 wpa_printf(MSG_DEBUG,
 663                            "nl80211: Sched scan stop sent");
 664         }
 665
 666         return ret;
 667 }
 668
 669
 670 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
 671                                  const u8 *ie, size_t ie_len)
 672 {
 673         const u8 *ssid;
 674         size_t i;
 675
 676         if (drv->filter_ssids == NULL)
 677                 return 0;
 678
 679         ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
 680         if (ssid == NULL)
 681                 return 1;
 682
 683         for (i = 0; i < drv->num_filter_ssids; i++) {
 684                 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
 685                     os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
 686                     0)
 687                         return 0;
 688         }
 689
 690         return 1;
 691 }
 692
 693
 694 static struct wpa_scan_res *
 695 nl80211_parse_bss_info(struct wpa_driver_nl80211_data *drv,
 696                        struct nl_msg *msg)
 697 {
 698         struct nlattr *tb[NL80211_ATTR_MAX + 1];
 699         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
 700         struct nlattr *bss[NL80211_BSS_MAX + 1];
 701         static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
 702                 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
 703                 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
 704                 [NL80211_BSS_TSF] = { .type = NLA_U64 },
 705                 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
 706                 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
 707                 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
 708                 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
 709                 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
 710                 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
 711                 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
 712                 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
 713                 [NL80211_BSS_PARENT_TSF] = { .type = NLA_U64 },
 714                 [NL80211_BSS_PARENT_BSSID] = { .type = NLA_UNSPEC },
 715                 [NL80211_BSS_LAST_SEEN_BOOTTIME] = { .type = NLA_U64 },
 716         };
 717         struct wpa_scan_res *r;
 718         const u8 *ie, *beacon_ie;
 719         size_t ie_len, beacon_ie_len;
 720         u8 *pos;
 721
 722         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
 723                   genlmsg_attrlen(gnlh, 0), NULL);
 724         if (!tb[NL80211_ATTR_BSS])
 725                 return NULL;
 726         if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
 727                              bss_policy))
 728                 return NULL;
 729         if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
 730                 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
 731                 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
 732         } else {
 733                 ie = NULL;
 734                 ie_len = 0;
 735         }
 736         if (bss[NL80211_BSS_BEACON_IES]) {
 737                 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
 738                 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
 739         } else {
 740                 beacon_ie = NULL;
 741                 beacon_ie_len = 0;
 742         }
 743
 744         if (nl80211_scan_filtered(drv, ie ? ie : beacon_ie,
 745                                   ie ? ie_len : beacon_ie_len))
 746                 return NULL;
 747
 748         r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
 749         if (r == NULL)
 750                 return NULL;
 751         if (bss[NL80211_BSS_BSSID])
 752                 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
 753                           ETH_ALEN);
 754         if (bss[NL80211_BSS_FREQUENCY])
 755                 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
 756         if (bss[NL80211_BSS_BEACON_INTERVAL])
 757                 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
 758         if (bss[NL80211_BSS_CAPABILITY])
 759                 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
 760         r->flags |= WPA_SCAN_NOISE_INVALID;
 761         if (bss[NL80211_BSS_SIGNAL_MBM]) {
 762                 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
 763                 r->level /= 100; /* mBm to dBm */
 764                 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
 765         } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
 766                 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
 767                 r->flags |= WPA_SCAN_QUAL_INVALID;
 768         } else
 769                 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
 770         if (bss[NL80211_BSS_TSF])
 771                 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
 772         if (bss[NL80211_BSS_BEACON_TSF]) {
 773                 u64 tsf = nla_get_u64(bss[NL80211_BSS_BEACON_TSF]);
 774                 if (tsf > r->tsf)
 775                         r->tsf = tsf;
 776         }
 777         if (bss[NL80211_BSS_SEEN_MS_AGO])
 778                 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
 779         if (bss[NL80211_BSS_LAST_SEEN_BOOTTIME]) {
 780                 u64 boottime;
 781                 struct timespec ts;
 782
 783 #ifndef CLOCK_BOOTTIME
 784 #define CLOCK_BOOTTIME 7
 785 #endif
 786                 if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) {
 787                         /* Use more accurate boottime information to update the
 788                          * scan result age since the driver reports this and
 789                          * CLOCK_BOOTTIME is available. */
 790                         boottime = nla_get_u64(
 791                                 bss[NL80211_BSS_LAST_SEEN_BOOTTIME]);
 792                         r->age = ((u64) ts.tv_sec * 1000000000 +
 793                                   ts.tv_nsec - boottime) / 1000000;
 794                 }
 795         }
 796         r->ie_len = ie_len;
 797         pos = (u8 *) (r + 1);
 798         if (ie) {
 799                 os_memcpy(pos, ie, ie_len);
 800                 pos += ie_len;
 801         }
 802         r->beacon_ie_len = beacon_ie_len;
 803         if (beacon_ie)
 804                 os_memcpy(pos, beacon_ie, beacon_ie_len);
 805
 806         if (bss[NL80211_BSS_STATUS]) {
 807                 enum nl80211_bss_status status;
 808                 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
 809                 switch (status) {
 810                 case NL80211_BSS_STATUS_ASSOCIATED:
 811                         r->flags |= WPA_SCAN_ASSOCIATED;
 812                         break;
 813                 default:
 814                         break;
 815                 }
 816         }
 817
 818         if (bss[NL80211_BSS_PARENT_TSF] && bss[NL80211_BSS_PARENT_BSSID]) {
 819                 r->parent_tsf = nla_get_u64(bss[NL80211_BSS_PARENT_TSF]);
 820                 os_memcpy(r->tsf_bssid, nla_data(bss[NL80211_BSS_PARENT_BSSID]),
 821                           ETH_ALEN);
 822         }
 823
 824         return r;
 825 }
 826
 827
 828 struct nl80211_bss_info_arg {
 829         struct wpa_driver_nl80211_data *drv;
 830         struct wpa_scan_results *res;
 831 };
 832
 833 static int bss_info_handler(struct nl_msg *msg, void *arg)
 834 {
 835         struct nl80211_bss_info_arg *_arg = arg;
 836         struct wpa_scan_results *res = _arg->res;
 837         struct wpa_scan_res **tmp;
 838         struct wpa_scan_res *r;
 839
 840         r = nl80211_parse_bss_info(_arg->drv, msg);
 841         if (!r)
 842                 return NL_SKIP;
 843
 844         if (!res) {
 845                 os_free(r);
 846                 return NL_SKIP;
 847         }
 848         tmp = os_realloc_array(res->res, res->num + 1,
 849                                sizeof(struct wpa_scan_res *));
 850         if (tmp == NULL) {
 851                 os_free(r);
 852                 return NL_SKIP;
 853         }
 854         tmp[res->num++] = r;
 855         res->res = tmp;
 856
 857         return NL_SKIP;
 858 }
 859
 860
 861 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
 862                                  const u8 *addr)
 863 {
 864         if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
 865                 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
 866                            "mismatch (" MACSTR ")", MAC2STR(addr));
 867                 wpa_driver_nl80211_mlme(drv, addr,
 868                                         NL80211_CMD_DEAUTHENTICATE,
 869                                         WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
 870                                         NULL);
 871         }
 872 }
 873
 874
 875 static void nl80211_check_bss_status(struct wpa_driver_nl80211_data *drv,
 876                                      struct wpa_scan_res *r)
 877 {
 878         if (!(r->flags & WPA_SCAN_ASSOCIATED))
 879                 return;
 880
 881         wpa_printf(MSG_DEBUG, "nl80211: Scan results indicate BSS status with "
 882                    MACSTR " as associated", MAC2STR(r->bssid));
 883         if (is_sta_interface(drv->nlmode) && !drv->associated) {
 884                 wpa_printf(MSG_DEBUG,
 885                            "nl80211: Local state (not associated) does not match with BSS state");
 886                 clear_state_mismatch(drv, r->bssid);
 887         } else if (is_sta_interface(drv->nlmode) &&
 888                    os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 0) {
 889                 wpa_printf(MSG_DEBUG,
 890                            "nl80211: Local state (associated with " MACSTR
 891                            ") does not match with BSS state",
 892                            MAC2STR(drv->bssid));
 893                 clear_state_mismatch(drv, r->bssid);
 894                 clear_state_mismatch(drv, drv->bssid);
 895         }
 896 }
 897
 898
 899 static void wpa_driver_nl80211_check_bss_status(
 900         struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
 901 {
 902         size_t i;
 903
 904         for (i = 0; i < res->num; i++)
 905                 nl80211_check_bss_status(drv, res->res[i]);
 906 }
 907
 908
 909 static void nl80211_update_scan_res_noise(struct wpa_scan_res *res,
 910                                           struct nl80211_noise_info *info)
 911 {
 912         unsigned int i;
 913
 914         for (i = 0; res && i < info->count; i++) {
 915                 if ((int) info->freq[i] != res->freq ||
 916                     !(res->flags & WPA_SCAN_NOISE_INVALID))
 917                         continue;
 918                 res->noise = info->noise[i];
 919                 res->flags &= ~WPA_SCAN_NOISE_INVALID;
 920         }
 921 }
 922
 923
 924 static struct wpa_scan_results *
 925 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
 926 {
 927         struct nl_msg *msg;
 928         struct wpa_scan_results *res;
 929         int ret;
 930         struct nl80211_bss_info_arg arg;
 931
 932         res = os_zalloc(sizeof(*res));
 933         if (res == NULL)
 934                 return NULL;
 935         if (!(msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP,
 936                                     NL80211_CMD_GET_SCAN))) {
 937                 wpa_scan_results_free(res);
 938                 return NULL;
 939         }
 940
 941         arg.drv = drv;
 942         arg.res = res;
 943         ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
 944         if (ret == 0) {
 945                 struct nl80211_noise_info info;
 946
 947                 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
 948                            "BSSes)", (unsigned long) res->num);
 949                 if (nl80211_get_noise_for_scan_results(drv, &info) == 0) {
 950                         size_t i;
 951
 952                         for (i = 0; i < res->num; ++i)
 953                                 nl80211_update_scan_res_noise(res->res[i],
 954                                                               &info);
 955                 }
 956                 return res;
 957         }
 958         wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
 959                    "(%s)", ret, strerror(-ret));
 960         wpa_scan_results_free(res);
 961         return NULL;
 962 }
 963
 964
 965 /**
 966  * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
 967  * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
 968  * Returns: Scan results on success, -1 on failure
 969  */
 970 struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv)
 971 {
 972         struct i802_bss *bss = priv;
 973         struct wpa_driver_nl80211_data *drv = bss->drv;
 974         struct wpa_scan_results *res;
 975
 976         res = nl80211_get_scan_results(drv);
 977         if (res)
 978                 wpa_driver_nl80211_check_bss_status(drv, res);
 979         return res;
 980 }
 981
 982
 983 struct nl80211_dump_scan_ctx {
 984         struct wpa_driver_nl80211_data *drv;
 985         int idx;
 986 };
 987
 988 static int nl80211_dump_scan_handler(struct nl_msg *msg, void *arg)
 989 {
 990         struct nl80211_dump_scan_ctx *ctx = arg;
 991         struct wpa_scan_res *r;
 992
 993         r = nl80211_parse_bss_info(ctx->drv, msg);
 994         if (!r)
 995                 return NL_SKIP;
 996         wpa_printf(MSG_DEBUG, "nl80211: %d " MACSTR " %d%s",
 997                    ctx->idx, MAC2STR(r->bssid), r->freq,
 998                    r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
 999         ctx->idx++;
1000         os_free(r);
1001         return NL_SKIP;
1002 }
1003
1004
1005 void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
1006 {
1007         struct nl_msg *msg;
1008         struct nl80211_dump_scan_ctx ctx;
1009
1010         wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
1011         ctx.drv = drv;
1012         ctx.idx = 0;
1013         msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1014         if (msg)
1015                 send_and_recv_msgs(drv, msg, nl80211_dump_scan_handler, &ctx);
1016 }
1017
1018
1019 int wpa_driver_nl80211_abort_scan(void *priv, u64 scan_cookie)
1020 {
1021         struct i802_bss *bss = priv;
1022 #ifdef CONFIG_DRIVER_NL80211_QCA
1023         struct wpa_driver_nl80211_data *drv = bss->drv;
1024
1025         /*
1026          * If scan_cookie is zero, a normal scan through kernel (cfg80211)
1027          * was triggered, hence abort the cfg80211 scan instead of the vendor
1028          * scan.
1029          */
1030         if (drv->scan_vendor_cmd_avail && scan_cookie)
1031                 return nl80211_abort_vendor_scan(drv, scan_cookie);
1032 #endif /* CONFIG_DRIVER_NL80211_QCA */
1033         return nl80211_abort_scan(bss);
1034 }
1035
1036
1037 #ifdef CONFIG_DRIVER_NL80211_QCA
1038
1039 static int scan_cookie_handler(struct nl_msg *msg, void *arg)
1040 {
1041         struct nlattr *tb[NL80211_ATTR_MAX + 1];
1042         struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1043         u64 *cookie = arg;
1044
1045         nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1046                   genlmsg_attrlen(gnlh, 0), NULL);
1047
1048         if (tb[NL80211_ATTR_VENDOR_DATA]) {
1049                 struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA];
1050                 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
1051
1052                 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
1053                           nla_data(nl_vendor), nla_len(nl_vendor), NULL);
1054
1055                 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
1056                         *cookie = nla_get_u64(
1057                                 tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
1058         }
1059
1060         return NL_SKIP;
1061 }
1062
1063
1064 /**
1065  * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan
1066  * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
1067  * @params: Scan parameters
1068  * Returns: 0 on success, -1 on failure
1069  */
1070 int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss,
1071                                    struct wpa_driver_scan_params *params)
1072 {
1073         struct wpa_driver_nl80211_data *drv = bss->drv;
1074         struct nl_msg *msg = NULL;
1075         struct nlattr *attr;
1076         size_t i;
1077         u32 scan_flags = 0;
1078         int ret = -1;
1079         u64 cookie = 0;
1080
1081         wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request");
1082         drv->scan_for_auth = 0;
1083
1084         if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1085             nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1086             nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1087                         QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) )
1088                 goto fail;
1089
1090         attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1091         if (attr == NULL)
1092                 goto fail;
1093
1094         if (params->num_ssids) {
1095                 struct nlattr *ssids;
1096
1097                 ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS);
1098                 if (ssids == NULL)
1099                         goto fail;
1100                 for (i = 0; i < params->num_ssids; i++) {
1101                         wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
1102                                    wpa_ssid_txt(params->ssids[i].ssid,
1103                                                 params->ssids[i].ssid_len));
1104                         if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
1105                                     params->ssids[i].ssid))
1106                                 goto fail;
1107                 }
1108                 nla_nest_end(msg, ssids);
1109         }
1110
1111         if (params->extra_ies) {
1112                 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
1113                             params->extra_ies, params->extra_ies_len);
1114                 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE,
1115                             params->extra_ies_len, params->extra_ies))
1116                         goto fail;
1117         }
1118
1119         if (params->freqs) {
1120                 struct nlattr *freqs;
1121
1122                 freqs = nla_nest_start(msg,
1123                                        QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES);
1124                 if (freqs == NULL)
1125                         goto fail;
1126                 for (i = 0; params->freqs[i]; i++) {
1127                         wpa_printf(MSG_MSGDUMP,
1128                                    "nl80211: Scan frequency %u MHz",
1129                                    params->freqs[i]);
1130                         if (nla_put_u32(msg, i + 1, params->freqs[i]))
1131                                 goto fail;
1132                 }
1133                 nla_nest_end(msg, freqs);
1134         }
1135
1136         os_free(drv->filter_ssids);
1137         drv->filter_ssids = params->filter_ssids;
1138         params->filter_ssids = NULL;
1139         drv->num_filter_ssids = params->num_filter_ssids;
1140
1141         if (params->low_priority && drv->have_low_prio_scan) {
1142                 wpa_printf(MSG_DEBUG,
1143                            "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
1144                 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
1145         }
1146
1147         if (params->mac_addr_rand) {
1148                 wpa_printf(MSG_DEBUG,
1149                            "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
1150                 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
1151
1152                 if (params->mac_addr) {
1153                         wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
1154                                    MAC2STR(params->mac_addr));
1155                         if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC,
1156                                     ETH_ALEN, params->mac_addr))
1157                                 goto fail;
1158                 }
1159
1160                 if (params->mac_addr_mask) {
1161                         wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
1162                                    MACSTR, MAC2STR(params->mac_addr_mask));
1163                         if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK,
1164                                     ETH_ALEN, params->mac_addr_mask))
1165                                 goto fail;
1166                 }
1167         }
1168
1169         if (scan_flags &&
1170             nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, scan_flags))
1171                 goto fail;
1172
1173         if (params->p2p_probe) {
1174                 struct nlattr *rates;
1175
1176                 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
1177
1178                 rates = nla_nest_start(msg,
1179                                        QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES);
1180                 if (rates == NULL)
1181                         goto fail;
1182
1183                 /*
1184                  * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
1185                  * by masking out everything else apart from the OFDM rates 6,
1186                  * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
1187                  * rates are left enabled.
1188                  */
1189                 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
1190                             "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
1191                         goto fail;
1192                 nla_nest_end(msg, rates);
1193
1194                 if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE))
1195                         goto fail;
1196         }
1197
1198         if (params->bssid) {
1199                 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
1200                            MACSTR, MAC2STR(params->bssid));
1201                 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_BSSID, ETH_ALEN,
1202                             params->bssid))
1203                         goto fail;
1204         }
1205
1206         nla_nest_end(msg, attr);
1207
1208         ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie);
1209         msg = NULL;
1210         if (ret) {
1211                 wpa_printf(MSG_DEBUG,
1212                            "nl80211: Vendor scan trigger failed: ret=%d (%s)",
1213                            ret, strerror(-ret));
1214                 goto fail;
1215         }
1216
1217         drv->vendor_scan_cookie = cookie;
1218         drv->scan_state = SCAN_REQUESTED;
1219         /* Pass the cookie to the caller to help distinguish the scans. */
1220         params->scan_cookie = cookie;
1221
1222         wpa_printf(MSG_DEBUG,
1223                    "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx",
1224                    ret, (long long unsigned int) cookie);
1225         eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1226         eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout,
1227                                drv, drv->ctx);
1228         drv->last_scan_cmd = NL80211_CMD_VENDOR;
1229
1230 fail:
1231         nlmsg_free(msg);
1232         return ret;
1233 }
1234
1235
1236 /**
1237  * nl80211_set_default_scan_ies - Set the scan default IEs to the driver
1238  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1239  * @ies: Pointer to IEs buffer
1240  * @ies_len: Length of IEs in bytes
1241  * Returns: 0 on success, -1 on failure
1242  */
1243 int nl80211_set_default_scan_ies(void *priv, const u8 *ies, size_t ies_len)
1244 {
1245         struct i802_bss *bss = priv;
1246         struct wpa_driver_nl80211_data *drv = bss->drv;
1247         struct nl_msg *msg = NULL;
1248         struct nlattr *attr;
1249         int ret = -1;
1250
1251         if (!drv->set_wifi_conf_vendor_cmd_avail)
1252                 return -1;
1253
1254         if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1255             nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1256             nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1257                         QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
1258                 goto fail;
1259
1260         attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1261         if (attr == NULL)
1262                 goto fail;
1263
1264         wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan default IEs", ies, ies_len);
1265         if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES,
1266                     ies_len, ies))
1267                 goto fail;
1268
1269         nla_nest_end(msg, attr);
1270
1271         ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1272         msg = NULL;
1273         if (ret) {
1274                 wpa_printf(MSG_ERROR,
1275                            "nl80211: Set scan default IEs failed: ret=%d (%s)",
1276                            ret, strerror(-ret));
1277                 goto fail;
1278         }
1279
1280 fail:
1281         nlmsg_free(msg);
1282         return ret;
1283 }
1284
1285 #endif /* CONFIG_DRIVER_NL80211_QCA */