2 * Driver interaction with Linux nl80211/cfg80211 - Scanning
3 * Copyright(c) 2015 Intel Deutschland GmbH
4 * Copyright (c) 2002-2014, Jouni Malinen <j@w1.fi>
5 * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
6 * Copyright (c) 2009-2010, Atheros Communications
8 * This software may be distributed under the terms of the BSD license.
9 * See README for more details.
14 #include <netlink/genl/genl.h>
16 #include "utils/common.h"
17 #include "utils/eloop.h"
18 #include "common/ieee802_11_defs.h"
19 #include "common/ieee802_11_common.h"
20 #include "common/qca-vendor.h"
21 #include "driver_nl80211.h"
24 #define MAX_NL80211_NOISE_FREQS 50
26 struct nl80211_noise_info {
27 u32 freq[MAX_NL80211_NOISE_FREQS];
28 s8 noise[MAX_NL80211_NOISE_FREQS];
32 static int get_noise_for_scan_results(struct nl_msg *msg, void *arg)
34 struct nlattr *tb[NL80211_ATTR_MAX + 1];
35 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
36 struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
37 static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
38 [NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
39 [NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
41 struct nl80211_noise_info *info = arg;
43 if (info->count >= MAX_NL80211_NOISE_FREQS)
46 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
47 genlmsg_attrlen(gnlh, 0), NULL);
49 if (!tb[NL80211_ATTR_SURVEY_INFO]) {
50 wpa_printf(MSG_DEBUG, "nl80211: Survey data missing");
54 if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
55 tb[NL80211_ATTR_SURVEY_INFO],
57 wpa_printf(MSG_DEBUG, "nl80211: Failed to parse nested "
62 if (!sinfo[NL80211_SURVEY_INFO_NOISE])
65 if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
68 info->freq[info->count] =
69 nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
70 info->noise[info->count] =
71 (s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
78 static int nl80211_get_noise_for_scan_results(
79 struct wpa_driver_nl80211_data *drv, struct nl80211_noise_info *info)
83 os_memset(info, 0, sizeof(*info));
84 msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
85 return send_and_recv_msgs(drv, msg, get_noise_for_scan_results, info);
89 static int nl80211_abort_scan(struct i802_bss *bss)
93 struct wpa_driver_nl80211_data *drv = bss->drv;
95 wpa_printf(MSG_DEBUG, "nl80211: Abort scan");
96 msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ABORT_SCAN);
97 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
99 wpa_printf(MSG_DEBUG, "nl80211: Abort scan failed: ret=%d (%s)",
100 ret, strerror(-ret));
106 #ifdef CONFIG_DRIVER_NL80211_QCA
107 static int nl80211_abort_vendor_scan(struct wpa_driver_nl80211_data *drv,
111 struct nlattr *params;
114 wpa_printf(MSG_DEBUG, "nl80211: Abort vendor scan with cookie 0x%llx",
115 (long long unsigned int) scan_cookie);
117 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
119 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
120 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
121 QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN) ||
122 !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
123 nla_put_u64(msg, QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE, scan_cookie))
126 nla_nest_end(msg, params);
128 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
132 "nl80211: Aborting vendor scan with cookie 0x%llx failed: ret=%d (%s)",
133 (long long unsigned int) scan_cookie, ret,
142 #endif /* CONFIG_DRIVER_NL80211_QCA */
146 * wpa_driver_nl80211_scan_timeout - Scan timeout to report scan completion
147 * @eloop_ctx: Driver private data
148 * @timeout_ctx: ctx argument given to wpa_driver_nl80211_init()
150 * This function can be used as registered timeout when starting a scan to
151 * generate a scan completed event if the driver does not report this.
153 void wpa_driver_nl80211_scan_timeout(void *eloop_ctx, void *timeout_ctx)
155 struct wpa_driver_nl80211_data *drv = eloop_ctx;
157 wpa_printf(MSG_DEBUG, "nl80211: Scan timeout - try to abort it");
158 #ifdef CONFIG_DRIVER_NL80211_QCA
159 if (drv->vendor_scan_cookie &&
160 nl80211_abort_vendor_scan(drv, drv->vendor_scan_cookie) == 0)
162 #endif /* CONFIG_DRIVER_NL80211_QCA */
163 if (!drv->vendor_scan_cookie &&
164 nl80211_abort_scan(drv->first_bss) == 0)
167 wpa_printf(MSG_DEBUG, "nl80211: Failed to abort scan");
169 if (drv->ap_scan_as_station != NL80211_IFTYPE_UNSPECIFIED) {
170 wpa_driver_nl80211_set_mode(drv->first_bss,
171 drv->ap_scan_as_station);
172 drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
175 wpa_printf(MSG_DEBUG, "nl80211: Try to get scan results");
176 wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);
180 static struct nl_msg *
181 nl80211_scan_common(struct i802_bss *bss, u8 cmd,
182 struct wpa_driver_scan_params *params)
184 struct wpa_driver_nl80211_data *drv = bss->drv;
189 msg = nl80211_cmd_msg(bss, 0, cmd);
193 if (params->num_ssids) {
194 struct nlattr *ssids;
196 ssids = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
199 for (i = 0; i < params->num_ssids; i++) {
200 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
201 wpa_ssid_txt(params->ssids[i].ssid,
202 params->ssids[i].ssid_len));
203 if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
204 params->ssids[i].ssid))
207 nla_nest_end(msg, ssids);
209 wpa_printf(MSG_DEBUG, "nl80211: Passive scan requested");
212 if (params->extra_ies) {
213 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
214 params->extra_ies, params->extra_ies_len);
215 if (nla_put(msg, NL80211_ATTR_IE, params->extra_ies_len,
221 struct nlattr *freqs;
222 freqs = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
225 for (i = 0; params->freqs[i]; i++) {
226 wpa_printf(MSG_MSGDUMP, "nl80211: Scan frequency %u "
227 "MHz", params->freqs[i]);
228 if (nla_put_u32(msg, i + 1, params->freqs[i]))
231 nla_nest_end(msg, freqs);
234 os_free(drv->filter_ssids);
235 drv->filter_ssids = params->filter_ssids;
236 params->filter_ssids = NULL;
237 drv->num_filter_ssids = params->num_filter_ssids;
239 if (params->only_new_results) {
240 wpa_printf(MSG_DEBUG, "nl80211: Add NL80211_SCAN_FLAG_FLUSH");
241 scan_flags |= NL80211_SCAN_FLAG_FLUSH;
244 if (params->low_priority && drv->have_low_prio_scan) {
245 wpa_printf(MSG_DEBUG,
246 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
247 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
250 if (params->mac_addr_rand) {
251 wpa_printf(MSG_DEBUG,
252 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
253 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
255 if (params->mac_addr) {
256 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
257 MAC2STR(params->mac_addr));
258 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN,
263 if (params->mac_addr_mask) {
264 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
265 MACSTR, MAC2STR(params->mac_addr_mask));
266 if (nla_put(msg, NL80211_ATTR_MAC_MASK, ETH_ALEN,
267 params->mac_addr_mask))
272 if (params->duration) {
273 if (!(drv->capa.rrm_flags &
274 WPA_DRIVER_FLAGS_SUPPORT_SET_SCAN_DWELL) ||
275 nla_put_u16(msg, NL80211_ATTR_MEASUREMENT_DURATION,
279 if (params->duration_mandatory &&
281 NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY))
285 if (params->oce_scan) {
286 wpa_printf(MSG_DEBUG,
287 "nl80211: Add NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME");
288 wpa_printf(MSG_DEBUG,
289 "nl80211: Add NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP");
290 wpa_printf(MSG_DEBUG,
291 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_MIN_TX_RATE");
292 wpa_printf(MSG_DEBUG,
293 "nl80211: Add NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION");
294 scan_flags |= NL80211_SCAN_FLAG_FILS_MAX_CHANNEL_TIME |
295 NL80211_SCAN_FLAG_ACCEPT_BCAST_PROBE_RESP |
296 NL80211_SCAN_FLAG_OCE_PROBE_REQ_HIGH_TX_RATE |
297 NL80211_SCAN_FLAG_OCE_PROBE_REQ_DEFERRAL_SUPPRESSION;
301 nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, scan_flags))
313 * wpa_driver_nl80211_scan - Request the driver to initiate scan
314 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
315 * @params: Scan parameters
316 * Returns: 0 on success, -1 on failure
318 int wpa_driver_nl80211_scan(struct i802_bss *bss,
319 struct wpa_driver_scan_params *params)
321 struct wpa_driver_nl80211_data *drv = bss->drv;
322 int ret = -1, timeout;
323 struct nl_msg *msg = NULL;
325 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: scan request");
326 drv->scan_for_auth = 0;
331 msg = nl80211_scan_common(bss, NL80211_CMD_TRIGGER_SCAN, params);
335 if (params->p2p_probe) {
336 struct nlattr *rates;
338 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
340 rates = nla_nest_start(msg, NL80211_ATTR_SCAN_SUPP_RATES);
345 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
346 * by masking out everything else apart from the OFDM rates 6,
347 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
348 * rates are left enabled.
350 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
351 "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
353 nla_nest_end(msg, rates);
355 if (nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE))
360 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
361 MACSTR, MAC2STR(params->bssid));
362 if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
366 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
369 wpa_printf(MSG_DEBUG, "nl80211: Scan trigger failed: ret=%d "
370 "(%s)", ret, strerror(-ret));
371 if (drv->hostapd && is_ap_interface(drv->nlmode)) {
372 enum nl80211_iftype old_mode = drv->nlmode;
375 * mac80211 does not allow scan requests in AP mode, so
376 * try to do this in station mode.
378 if (wpa_driver_nl80211_set_mode(
379 bss, NL80211_IFTYPE_STATION))
382 if (wpa_driver_nl80211_scan(bss, params)) {
383 wpa_driver_nl80211_set_mode(bss, old_mode);
387 /* Restore AP mode when processing scan results */
388 drv->ap_scan_as_station = old_mode;
394 drv->scan_state = SCAN_REQUESTED;
395 /* Not all drivers generate "scan completed" wireless event, so try to
396 * read results after a timeout. */
398 if (drv->scan_complete_events) {
400 * The driver seems to deliver events to notify when scan is
401 * complete, so use longer timeout to avoid race conditions
402 * with scanning and following association request.
406 wpa_printf(MSG_DEBUG, "Scan requested (ret=%d) - scan timeout %d "
407 "seconds", ret, timeout);
408 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
409 eloop_register_timeout(timeout, 0, wpa_driver_nl80211_scan_timeout,
411 drv->last_scan_cmd = NL80211_CMD_TRIGGER_SCAN;
420 nl80211_sched_scan_add_scan_plans(struct wpa_driver_nl80211_data *drv,
422 struct wpa_driver_scan_params *params)
424 struct nlattr *plans;
425 struct sched_scan_plan *scan_plans = params->sched_scan_plans;
428 plans = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_PLANS);
432 for (i = 0; i < params->sched_scan_plans_num; i++) {
433 struct nlattr *plan = nla_nest_start(msg, i + 1);
438 if (!scan_plans[i].interval ||
439 scan_plans[i].interval >
440 drv->capa.max_sched_scan_plan_interval) {
441 wpa_printf(MSG_DEBUG,
442 "nl80211: sched scan plan no. %u: Invalid interval: %u",
443 i, scan_plans[i].interval);
447 if (nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_INTERVAL,
448 scan_plans[i].interval))
451 if (scan_plans[i].iterations >
452 drv->capa.max_sched_scan_plan_iterations) {
453 wpa_printf(MSG_DEBUG,
454 "nl80211: sched scan plan no. %u: Invalid number of iterations: %u",
455 i, scan_plans[i].iterations);
459 if (scan_plans[i].iterations &&
460 nla_put_u32(msg, NL80211_SCHED_SCAN_PLAN_ITERATIONS,
461 scan_plans[i].iterations))
464 nla_nest_end(msg, plan);
467 * All the scan plans must specify the number of iterations
468 * except the last plan, which will run infinitely. So if the
469 * number of iterations is not specified, this ought to be the
472 if (!scan_plans[i].iterations)
476 if (i != params->sched_scan_plans_num - 1) {
477 wpa_printf(MSG_DEBUG,
478 "nl80211: All sched scan plans but the last must specify number of iterations");
482 nla_nest_end(msg, plans);
488 * wpa_driver_nl80211_sched_scan - Initiate a scheduled scan
489 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
490 * @params: Scan parameters
491 * Returns: 0 on success, -1 on failure or if not supported
493 int wpa_driver_nl80211_sched_scan(void *priv,
494 struct wpa_driver_scan_params *params)
496 struct i802_bss *bss = priv;
497 struct wpa_driver_nl80211_data *drv = bss->drv;
502 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: sched_scan request");
505 if (!drv->capa.sched_scan_supported)
506 return android_pno_start(bss, params);
509 if (!params->sched_scan_plans_num ||
510 params->sched_scan_plans_num > drv->capa.max_sched_scan_plans) {
511 wpa_printf(MSG_ERROR,
512 "nl80211: Invalid number of sched scan plans: %u",
513 params->sched_scan_plans_num);
517 msg = nl80211_scan_common(bss, NL80211_CMD_START_SCHED_SCAN, params);
521 if (drv->capa.max_sched_scan_plan_iterations) {
522 if (nl80211_sched_scan_add_scan_plans(drv, msg, params))
525 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_INTERVAL,
526 params->sched_scan_plans[0].interval * 1000))
530 if ((drv->num_filter_ssids &&
531 (int) drv->num_filter_ssids <= drv->capa.max_match_sets) ||
532 params->filter_rssi) {
533 struct nlattr *match_sets;
534 match_sets = nla_nest_start(msg, NL80211_ATTR_SCHED_SCAN_MATCH);
535 if (match_sets == NULL)
538 for (i = 0; i < drv->num_filter_ssids; i++) {
539 struct nlattr *match_set_ssid;
540 wpa_printf(MSG_MSGDUMP,
541 "nl80211: Sched scan filter SSID %s",
542 wpa_ssid_txt(drv->filter_ssids[i].ssid,
543 drv->filter_ssids[i].ssid_len));
545 match_set_ssid = nla_nest_start(msg, i + 1);
546 if (match_set_ssid == NULL ||
547 nla_put(msg, NL80211_ATTR_SCHED_SCAN_MATCH_SSID,
548 drv->filter_ssids[i].ssid_len,
549 drv->filter_ssids[i].ssid) ||
550 (params->filter_rssi &&
552 NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
553 params->filter_rssi)))
556 nla_nest_end(msg, match_set_ssid);
560 * Due to backward compatibility code, newer kernels treat this
561 * matchset (with only an RSSI filter) as the default for all
562 * other matchsets, unless it's the only one, in which case the
563 * matchset will actually allow all SSIDs above the RSSI.
565 if (params->filter_rssi) {
566 struct nlattr *match_set_rssi;
567 match_set_rssi = nla_nest_start(msg, 0);
568 if (match_set_rssi == NULL ||
569 nla_put_u32(msg, NL80211_SCHED_SCAN_MATCH_ATTR_RSSI,
570 params->filter_rssi))
572 wpa_printf(MSG_MSGDUMP,
573 "nl80211: Sched scan RSSI filter %d dBm",
574 params->filter_rssi);
575 nla_nest_end(msg, match_set_rssi);
578 nla_nest_end(msg, match_sets);
581 if (params->relative_rssi_set) {
582 struct nl80211_bss_select_rssi_adjust rssi_adjust;
584 os_memset(&rssi_adjust, 0, sizeof(rssi_adjust));
585 wpa_printf(MSG_DEBUG, "nl80211: Relative RSSI: %d",
586 params->relative_rssi);
587 if (nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI,
588 params->relative_rssi))
591 if (params->relative_adjust_rssi) {
592 int pref_band_set = 1;
594 switch (params->relative_adjust_band) {
596 rssi_adjust.band = NL80211_BAND_5GHZ;
599 rssi_adjust.band = NL80211_BAND_2GHZ;
605 rssi_adjust.delta = params->relative_adjust_rssi;
608 nla_put(msg, NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST,
609 sizeof(rssi_adjust), &rssi_adjust))
614 if (params->sched_scan_start_delay &&
615 nla_put_u32(msg, NL80211_ATTR_SCHED_SCAN_DELAY,
616 params->sched_scan_start_delay))
619 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
621 /* TODO: if we get an error here, we should fall back to normal scan */
625 wpa_printf(MSG_DEBUG, "nl80211: Sched scan start failed: "
626 "ret=%d (%s)", ret, strerror(-ret));
630 wpa_printf(MSG_DEBUG, "nl80211: Sched scan requested (ret=%d)", ret);
639 * wpa_driver_nl80211_stop_sched_scan - Stop a scheduled scan
640 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
641 * Returns: 0 on success, -1 on failure or if not supported
643 int wpa_driver_nl80211_stop_sched_scan(void *priv)
645 struct i802_bss *bss = priv;
646 struct wpa_driver_nl80211_data *drv = bss->drv;
651 if (!drv->capa.sched_scan_supported)
652 return android_pno_stop(bss);
655 msg = nl80211_drv_msg(drv, 0, NL80211_CMD_STOP_SCHED_SCAN);
656 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
658 wpa_printf(MSG_DEBUG,
659 "nl80211: Sched scan stop failed: ret=%d (%s)",
660 ret, strerror(-ret));
662 wpa_printf(MSG_DEBUG,
663 "nl80211: Sched scan stop sent");
670 static int nl80211_scan_filtered(struct wpa_driver_nl80211_data *drv,
671 const u8 *ie, size_t ie_len)
676 if (drv->filter_ssids == NULL)
679 ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
683 for (i = 0; i < drv->num_filter_ssids; i++) {
684 if (ssid[1] == drv->filter_ssids[i].ssid_len &&
685 os_memcmp(ssid + 2, drv->filter_ssids[i].ssid, ssid[1]) ==
694 static struct wpa_scan_res *
695 nl80211_parse_bss_info(struct wpa_driver_nl80211_data *drv,
698 struct nlattr *tb[NL80211_ATTR_MAX + 1];
699 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
700 struct nlattr *bss[NL80211_BSS_MAX + 1];
701 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
702 [NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
703 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
704 [NL80211_BSS_TSF] = { .type = NLA_U64 },
705 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
706 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
707 [NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
708 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
709 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
710 [NL80211_BSS_STATUS] = { .type = NLA_U32 },
711 [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 },
712 [NL80211_BSS_BEACON_IES] = { .type = NLA_UNSPEC },
713 [NL80211_BSS_PARENT_TSF] = { .type = NLA_U64 },
714 [NL80211_BSS_PARENT_BSSID] = { .type = NLA_UNSPEC },
715 [NL80211_BSS_LAST_SEEN_BOOTTIME] = { .type = NLA_U64 },
717 struct wpa_scan_res *r;
718 const u8 *ie, *beacon_ie;
719 size_t ie_len, beacon_ie_len;
722 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
723 genlmsg_attrlen(gnlh, 0), NULL);
724 if (!tb[NL80211_ATTR_BSS])
726 if (nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
729 if (bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
730 ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
731 ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
736 if (bss[NL80211_BSS_BEACON_IES]) {
737 beacon_ie = nla_data(bss[NL80211_BSS_BEACON_IES]);
738 beacon_ie_len = nla_len(bss[NL80211_BSS_BEACON_IES]);
744 if (nl80211_scan_filtered(drv, ie ? ie : beacon_ie,
745 ie ? ie_len : beacon_ie_len))
748 r = os_zalloc(sizeof(*r) + ie_len + beacon_ie_len);
751 if (bss[NL80211_BSS_BSSID])
752 os_memcpy(r->bssid, nla_data(bss[NL80211_BSS_BSSID]),
754 if (bss[NL80211_BSS_FREQUENCY])
755 r->freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
756 if (bss[NL80211_BSS_BEACON_INTERVAL])
757 r->beacon_int = nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]);
758 if (bss[NL80211_BSS_CAPABILITY])
759 r->caps = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
760 r->flags |= WPA_SCAN_NOISE_INVALID;
761 if (bss[NL80211_BSS_SIGNAL_MBM]) {
762 r->level = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
763 r->level /= 100; /* mBm to dBm */
764 r->flags |= WPA_SCAN_LEVEL_DBM | WPA_SCAN_QUAL_INVALID;
765 } else if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
766 r->level = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
767 r->flags |= WPA_SCAN_QUAL_INVALID;
769 r->flags |= WPA_SCAN_LEVEL_INVALID | WPA_SCAN_QUAL_INVALID;
770 if (bss[NL80211_BSS_TSF])
771 r->tsf = nla_get_u64(bss[NL80211_BSS_TSF]);
772 if (bss[NL80211_BSS_BEACON_TSF]) {
773 u64 tsf = nla_get_u64(bss[NL80211_BSS_BEACON_TSF]);
777 if (bss[NL80211_BSS_SEEN_MS_AGO])
778 r->age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]);
779 if (bss[NL80211_BSS_LAST_SEEN_BOOTTIME]) {
783 #ifndef CLOCK_BOOTTIME
784 #define CLOCK_BOOTTIME 7
786 if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0) {
787 /* Use more accurate boottime information to update the
788 * scan result age since the driver reports this and
789 * CLOCK_BOOTTIME is available. */
790 boottime = nla_get_u64(
791 bss[NL80211_BSS_LAST_SEEN_BOOTTIME]);
792 r->age = ((u64) ts.tv_sec * 1000000000 +
793 ts.tv_nsec - boottime) / 1000000;
797 pos = (u8 *) (r + 1);
799 os_memcpy(pos, ie, ie_len);
802 r->beacon_ie_len = beacon_ie_len;
804 os_memcpy(pos, beacon_ie, beacon_ie_len);
806 if (bss[NL80211_BSS_STATUS]) {
807 enum nl80211_bss_status status;
808 status = nla_get_u32(bss[NL80211_BSS_STATUS]);
810 case NL80211_BSS_STATUS_ASSOCIATED:
811 r->flags |= WPA_SCAN_ASSOCIATED;
818 if (bss[NL80211_BSS_PARENT_TSF] && bss[NL80211_BSS_PARENT_BSSID]) {
819 r->parent_tsf = nla_get_u64(bss[NL80211_BSS_PARENT_TSF]);
820 os_memcpy(r->tsf_bssid, nla_data(bss[NL80211_BSS_PARENT_BSSID]),
828 struct nl80211_bss_info_arg {
829 struct wpa_driver_nl80211_data *drv;
830 struct wpa_scan_results *res;
833 static int bss_info_handler(struct nl_msg *msg, void *arg)
835 struct nl80211_bss_info_arg *_arg = arg;
836 struct wpa_scan_results *res = _arg->res;
837 struct wpa_scan_res **tmp;
838 struct wpa_scan_res *r;
840 r = nl80211_parse_bss_info(_arg->drv, msg);
848 tmp = os_realloc_array(res->res, res->num + 1,
849 sizeof(struct wpa_scan_res *));
861 static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv,
864 if (drv->capa.flags & WPA_DRIVER_FLAGS_SME) {
865 wpa_printf(MSG_DEBUG, "nl80211: Clear possible state "
866 "mismatch (" MACSTR ")", MAC2STR(addr));
867 wpa_driver_nl80211_mlme(drv, addr,
868 NL80211_CMD_DEAUTHENTICATE,
869 WLAN_REASON_PREV_AUTH_NOT_VALID, 1,
875 static void nl80211_check_bss_status(struct wpa_driver_nl80211_data *drv,
876 struct wpa_scan_res *r)
878 if (!(r->flags & WPA_SCAN_ASSOCIATED))
881 wpa_printf(MSG_DEBUG, "nl80211: Scan results indicate BSS status with "
882 MACSTR " as associated", MAC2STR(r->bssid));
883 if (is_sta_interface(drv->nlmode) && !drv->associated) {
884 wpa_printf(MSG_DEBUG,
885 "nl80211: Local state (not associated) does not match with BSS state");
886 clear_state_mismatch(drv, r->bssid);
887 } else if (is_sta_interface(drv->nlmode) &&
888 os_memcmp(drv->bssid, r->bssid, ETH_ALEN) != 0) {
889 wpa_printf(MSG_DEBUG,
890 "nl80211: Local state (associated with " MACSTR
891 ") does not match with BSS state",
892 MAC2STR(drv->bssid));
893 clear_state_mismatch(drv, r->bssid);
894 clear_state_mismatch(drv, drv->bssid);
899 static void wpa_driver_nl80211_check_bss_status(
900 struct wpa_driver_nl80211_data *drv, struct wpa_scan_results *res)
904 for (i = 0; i < res->num; i++)
905 nl80211_check_bss_status(drv, res->res[i]);
909 static void nl80211_update_scan_res_noise(struct wpa_scan_res *res,
910 struct nl80211_noise_info *info)
914 for (i = 0; res && i < info->count; i++) {
915 if ((int) info->freq[i] != res->freq ||
916 !(res->flags & WPA_SCAN_NOISE_INVALID))
918 res->noise = info->noise[i];
919 res->flags &= ~WPA_SCAN_NOISE_INVALID;
924 static struct wpa_scan_results *
925 nl80211_get_scan_results(struct wpa_driver_nl80211_data *drv)
928 struct wpa_scan_results *res;
930 struct nl80211_bss_info_arg arg;
932 res = os_zalloc(sizeof(*res));
935 if (!(msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP,
936 NL80211_CMD_GET_SCAN))) {
937 wpa_scan_results_free(res);
943 ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
945 struct nl80211_noise_info info;
947 wpa_printf(MSG_DEBUG, "nl80211: Received scan results (%lu "
948 "BSSes)", (unsigned long) res->num);
949 if (nl80211_get_noise_for_scan_results(drv, &info) == 0) {
952 for (i = 0; i < res->num; ++i)
953 nl80211_update_scan_res_noise(res->res[i],
958 wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
959 "(%s)", ret, strerror(-ret));
960 wpa_scan_results_free(res);
966 * wpa_driver_nl80211_get_scan_results - Fetch the latest scan results
967 * @priv: Pointer to private wext data from wpa_driver_nl80211_init()
968 * Returns: Scan results on success, -1 on failure
970 struct wpa_scan_results * wpa_driver_nl80211_get_scan_results(void *priv)
972 struct i802_bss *bss = priv;
973 struct wpa_driver_nl80211_data *drv = bss->drv;
974 struct wpa_scan_results *res;
976 res = nl80211_get_scan_results(drv);
978 wpa_driver_nl80211_check_bss_status(drv, res);
983 struct nl80211_dump_scan_ctx {
984 struct wpa_driver_nl80211_data *drv;
988 static int nl80211_dump_scan_handler(struct nl_msg *msg, void *arg)
990 struct nl80211_dump_scan_ctx *ctx = arg;
991 struct wpa_scan_res *r;
993 r = nl80211_parse_bss_info(ctx->drv, msg);
996 wpa_printf(MSG_DEBUG, "nl80211: %d " MACSTR " %d%s",
997 ctx->idx, MAC2STR(r->bssid), r->freq,
998 r->flags & WPA_SCAN_ASSOCIATED ? " [assoc]" : "");
1005 void nl80211_dump_scan(struct wpa_driver_nl80211_data *drv)
1008 struct nl80211_dump_scan_ctx ctx;
1010 wpa_printf(MSG_DEBUG, "nl80211: Scan result dump");
1013 msg = nl80211_cmd_msg(drv->first_bss, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1015 send_and_recv_msgs(drv, msg, nl80211_dump_scan_handler, &ctx);
1019 int wpa_driver_nl80211_abort_scan(void *priv, u64 scan_cookie)
1021 struct i802_bss *bss = priv;
1022 #ifdef CONFIG_DRIVER_NL80211_QCA
1023 struct wpa_driver_nl80211_data *drv = bss->drv;
1026 * If scan_cookie is zero, a normal scan through kernel (cfg80211)
1027 * was triggered, hence abort the cfg80211 scan instead of the vendor
1030 if (drv->scan_vendor_cmd_avail && scan_cookie)
1031 return nl80211_abort_vendor_scan(drv, scan_cookie);
1032 #endif /* CONFIG_DRIVER_NL80211_QCA */
1033 return nl80211_abort_scan(bss);
1037 #ifdef CONFIG_DRIVER_NL80211_QCA
1039 static int scan_cookie_handler(struct nl_msg *msg, void *arg)
1041 struct nlattr *tb[NL80211_ATTR_MAX + 1];
1042 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1045 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1046 genlmsg_attrlen(gnlh, 0), NULL);
1048 if (tb[NL80211_ATTR_VENDOR_DATA]) {
1049 struct nlattr *nl_vendor = tb[NL80211_ATTR_VENDOR_DATA];
1050 struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_MAX + 1];
1052 nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_SCAN_MAX,
1053 nla_data(nl_vendor), nla_len(nl_vendor), NULL);
1055 if (tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE])
1056 *cookie = nla_get_u64(
1057 tb_vendor[QCA_WLAN_VENDOR_ATTR_SCAN_COOKIE]);
1065 * wpa_driver_nl80211_vendor_scan - Request the driver to initiate a vendor scan
1066 * @bss: Pointer to private driver data from wpa_driver_nl80211_init()
1067 * @params: Scan parameters
1068 * Returns: 0 on success, -1 on failure
1070 int wpa_driver_nl80211_vendor_scan(struct i802_bss *bss,
1071 struct wpa_driver_scan_params *params)
1073 struct wpa_driver_nl80211_data *drv = bss->drv;
1074 struct nl_msg *msg = NULL;
1075 struct nlattr *attr;
1081 wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: vendor scan request");
1082 drv->scan_for_auth = 0;
1084 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1085 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1086 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1087 QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN) )
1090 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1094 if (params->num_ssids) {
1095 struct nlattr *ssids;
1097 ssids = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_SCAN_SSIDS);
1100 for (i = 0; i < params->num_ssids; i++) {
1101 wpa_printf(MSG_MSGDUMP, "nl80211: Scan SSID %s",
1102 wpa_ssid_txt(params->ssids[i].ssid,
1103 params->ssids[i].ssid_len));
1104 if (nla_put(msg, i + 1, params->ssids[i].ssid_len,
1105 params->ssids[i].ssid))
1108 nla_nest_end(msg, ssids);
1111 if (params->extra_ies) {
1112 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan extra IEs",
1113 params->extra_ies, params->extra_ies_len);
1114 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_IE,
1115 params->extra_ies_len, params->extra_ies))
1119 if (params->freqs) {
1120 struct nlattr *freqs;
1122 freqs = nla_nest_start(msg,
1123 QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES);
1126 for (i = 0; params->freqs[i]; i++) {
1127 wpa_printf(MSG_MSGDUMP,
1128 "nl80211: Scan frequency %u MHz",
1130 if (nla_put_u32(msg, i + 1, params->freqs[i]))
1133 nla_nest_end(msg, freqs);
1136 os_free(drv->filter_ssids);
1137 drv->filter_ssids = params->filter_ssids;
1138 params->filter_ssids = NULL;
1139 drv->num_filter_ssids = params->num_filter_ssids;
1141 if (params->low_priority && drv->have_low_prio_scan) {
1142 wpa_printf(MSG_DEBUG,
1143 "nl80211: Add NL80211_SCAN_FLAG_LOW_PRIORITY");
1144 scan_flags |= NL80211_SCAN_FLAG_LOW_PRIORITY;
1147 if (params->mac_addr_rand) {
1148 wpa_printf(MSG_DEBUG,
1149 "nl80211: Add NL80211_SCAN_FLAG_RANDOM_ADDR");
1150 scan_flags |= NL80211_SCAN_FLAG_RANDOM_ADDR;
1152 if (params->mac_addr) {
1153 wpa_printf(MSG_DEBUG, "nl80211: MAC address: " MACSTR,
1154 MAC2STR(params->mac_addr));
1155 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC,
1156 ETH_ALEN, params->mac_addr))
1160 if (params->mac_addr_mask) {
1161 wpa_printf(MSG_DEBUG, "nl80211: MAC address mask: "
1162 MACSTR, MAC2STR(params->mac_addr_mask));
1163 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_MAC_MASK,
1164 ETH_ALEN, params->mac_addr_mask))
1170 nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SCAN_FLAGS, scan_flags))
1173 if (params->p2p_probe) {
1174 struct nlattr *rates;
1176 wpa_printf(MSG_DEBUG, "nl80211: P2P probe - mask SuppRates");
1178 rates = nla_nest_start(msg,
1179 QCA_WLAN_VENDOR_ATTR_SCAN_SUPP_RATES);
1184 * Remove 2.4 GHz rates 1, 2, 5.5, 11 Mbps from supported rates
1185 * by masking out everything else apart from the OFDM rates 6,
1186 * 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS rates. All 5 GHz
1187 * rates are left enabled.
1189 if (nla_put(msg, NL80211_BAND_2GHZ, 8,
1190 "\x0c\x12\x18\x24\x30\x48\x60\x6c"))
1192 nla_nest_end(msg, rates);
1194 if (nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_SCAN_TX_NO_CCK_RATE))
1198 if (params->bssid) {
1199 wpa_printf(MSG_DEBUG, "nl80211: Scan for a specific BSSID: "
1200 MACSTR, MAC2STR(params->bssid));
1201 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_SCAN_BSSID, ETH_ALEN,
1206 nla_nest_end(msg, attr);
1208 ret = send_and_recv_msgs(drv, msg, scan_cookie_handler, &cookie);
1211 wpa_printf(MSG_DEBUG,
1212 "nl80211: Vendor scan trigger failed: ret=%d (%s)",
1213 ret, strerror(-ret));
1217 drv->vendor_scan_cookie = cookie;
1218 drv->scan_state = SCAN_REQUESTED;
1219 /* Pass the cookie to the caller to help distinguish the scans. */
1220 params->scan_cookie = cookie;
1222 wpa_printf(MSG_DEBUG,
1223 "nl80211: Vendor scan requested (ret=%d) - scan timeout 30 seconds, scan cookie:0x%llx",
1224 ret, (long long unsigned int) cookie);
1225 eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
1226 eloop_register_timeout(30, 0, wpa_driver_nl80211_scan_timeout,
1228 drv->last_scan_cmd = NL80211_CMD_VENDOR;
1237 * nl80211_set_default_scan_ies - Set the scan default IEs to the driver
1238 * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
1239 * @ies: Pointer to IEs buffer
1240 * @ies_len: Length of IEs in bytes
1241 * Returns: 0 on success, -1 on failure
1243 int nl80211_set_default_scan_ies(void *priv, const u8 *ies, size_t ies_len)
1245 struct i802_bss *bss = priv;
1246 struct wpa_driver_nl80211_data *drv = bss->drv;
1247 struct nl_msg *msg = NULL;
1248 struct nlattr *attr;
1251 if (!drv->set_wifi_conf_vendor_cmd_avail)
1254 if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
1255 nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
1256 nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
1257 QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
1260 attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
1264 wpa_hexdump(MSG_MSGDUMP, "nl80211: Scan default IEs", ies, ies_len);
1265 if (nla_put(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_SCAN_DEFAULT_IES,
1269 nla_nest_end(msg, attr);
1271 ret = send_and_recv_msgs(drv, msg, NULL, NULL);
1274 wpa_printf(MSG_ERROR,
1275 "nl80211: Set scan default IEs failed: ret=%d (%s)",
1276 ret, strerror(-ret));
1285 #endif /* CONFIG_DRIVER_NL80211_QCA */