1 /* 2 * Copyright (c) 2012-2021 The Linux Foundation. All rights reserved. 3 * Copyright (c) 2021-2023 Qualcomm Innovation Center, Inc. All rights reserved. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for 6 * any purpose with or without fee is hereby granted, provided that the 7 * above copyright notice and this permission notice appear in all 8 * copies. 9 * 10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 11 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 12 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 13 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 14 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 15 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 16 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 * PERFORMANCE OF THIS SOFTWARE. 18 */ 19 20 /* 21 * This file lim_process_probe_req_frame.cc contains the code 22 * for processing Probe Request Frame. 23 * Author: Chandra Modumudi 24 * Date: 02/28/02 25 * History:- 26 * Date Modified by Modification Information 27 * -------------------------------------------------------------------- 28 * 29 */ 30 31 #include "wni_cfg.h" 32 #include "ani_global.h" 33 34 #include "utils_api.h" 35 #include "lim_types.h" 36 #include "lim_utils.h" 37 #include "lim_assoc_utils.h" 38 #include "lim_ser_des_utils.h" 39 #include "parser_api.h" 40 #include "lim_ft_defs.h" 41 #include "lim_session.h" 42 #include "wlan_utility.h" 43 44 void 45 46 lim_send_sme_probe_req_ind(struct mac_context *mac, 47 tSirMacAddr peerMacAddr, 48 uint8_t *pProbeReqIE, 49 uint32_t ProbeReqIELen, struct pe_session *pe_session); 50 51 /** 52 * lim_remove_timeout_pbc_sessions() - remove pbc probe req entries. 53 * @mac - Pointer to Global MAC structure 54 * @pbc - The beginning entry in WPS PBC probe request link list 55 * 56 * This function is called to remove the WPS PBC probe request entries from 57 * specific entry to end. 58 * 59 * Return - None 60 */ lim_remove_timeout_pbc_sessions(struct mac_context * mac,tSirWPSPBCSession * pbc)61 static void lim_remove_timeout_pbc_sessions(struct mac_context *mac, 62 tSirWPSPBCSession *pbc) 63 { 64 tSirWPSPBCSession *prev; 65 66 while (pbc) { 67 prev = pbc; 68 pbc = pbc->next; 69 pe_debug("WPS PBC sessions remove"); 70 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG, 71 prev->addr.bytes, QDF_MAC_ADDR_SIZE); 72 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG, 73 prev->uuid_e, SIR_WPS_UUID_LEN); 74 75 qdf_mem_free(prev); 76 } 77 } 78 79 /** 80 * lim_update_pbc_session_entry 81 * 82 ***FUNCTION: 83 * This function is called when probe request with WPS PBC IE is received 84 * 85 ***LOGIC: 86 * This function add the WPS PBC probe request in the WPS PBC probe request link list 87 * The link list is in decreased time order of probe request that is received. 88 * The entry that is more than 120 second is removed. 89 * 90 ***ASSUMPTIONS: 91 * 92 * 93 ***NOTE: 94 * 95 * @param mac Pointer to Global MAC structure 96 * @param addr A pointer to probe request source MAC address 97 * @param uuid_e A pointer to UUIDE element of WPS IE 98 * @param pe_session A pointer to station PE session 99 * 100 * @return None 101 */ 102 lim_update_pbc_session_entry(struct mac_context * mac,uint8_t * addr,uint8_t * uuid_e,struct pe_session * pe_session)103 static void lim_update_pbc_session_entry(struct mac_context *mac, 104 uint8_t *addr, uint8_t *uuid_e, 105 struct pe_session *pe_session) 106 { 107 tSirWPSPBCSession *pbc, *prev = NULL; 108 109 uint32_t curTime; 110 111 curTime = 112 (uint32_t) (qdf_mc_timer_get_system_ticks() / 113 QDF_TICKS_PER_SECOND); 114 115 pe_debug("Receive WPS probe request curTime: %d", curTime); 116 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG, 117 addr, QDF_MAC_ADDR_SIZE); 118 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, QDF_TRACE_LEVEL_DEBUG, 119 uuid_e, SIR_WPS_UUID_LEN); 120 121 pbc = pe_session->pAPWPSPBCSession; 122 123 while (pbc) { 124 if ((!qdf_mem_cmp 125 ((uint8_t *) pbc->addr.bytes, (uint8_t *) addr, 126 QDF_MAC_ADDR_SIZE)) 127 && (!qdf_mem_cmp((uint8_t *) pbc->uuid_e, 128 (uint8_t *) uuid_e, SIR_WPS_UUID_LEN))) { 129 if (prev) 130 prev->next = pbc->next; 131 else 132 pe_session->pAPWPSPBCSession = pbc->next; 133 break; 134 } 135 prev = pbc; 136 pbc = pbc->next; 137 } 138 139 if (!pbc) { 140 pbc = qdf_mem_malloc(sizeof(tSirWPSPBCSession)); 141 if (!pbc) 142 return; 143 qdf_mem_copy((uint8_t *) pbc->addr.bytes, (uint8_t *) addr, 144 QDF_MAC_ADDR_SIZE); 145 146 if (uuid_e) 147 qdf_mem_copy((uint8_t *) pbc->uuid_e, 148 (uint8_t *) uuid_e, SIR_WPS_UUID_LEN); 149 } 150 151 pbc->next = pe_session->pAPWPSPBCSession; 152 pe_session->pAPWPSPBCSession = pbc; 153 pbc->timestamp = curTime; 154 155 /* remove entries that have timed out */ 156 prev = pbc; 157 pbc = pbc->next; 158 159 while (pbc) { 160 if (curTime > pbc->timestamp + SIR_WPS_PBC_WALK_TIME) { 161 prev->next = NULL; 162 lim_remove_timeout_pbc_sessions(mac, pbc); 163 break; 164 } 165 prev = pbc; 166 pbc = pbc->next; 167 } 168 } 169 170 /** 171 * lim_wpspbc_close 172 * 173 ***FUNCTION: 174 * This function is called when BSS is closed 175 * 176 ***LOGIC: 177 * This function remove all the WPS PBC entries 178 * 179 ***ASSUMPTIONS: 180 * 181 * 182 ***NOTE: 183 * 184 * @param mac Pointer to Global MAC structure 185 * @param pe_session A pointer to station PE session 186 * 187 * @return None 188 */ 189 lim_wpspbc_close(struct mac_context * mac,struct pe_session * pe_session)190 void lim_wpspbc_close(struct mac_context *mac, struct pe_session *pe_session) 191 { 192 193 lim_remove_timeout_pbc_sessions(mac, pe_session->pAPWPSPBCSession); 194 195 } 196 197 /** 198 * lim_check11b_rates 199 * 200 ***FUNCTION: 201 * This function is called by lim_process_probe_req_frame() upon 202 * Probe Request frame reception. 203 * 204 ***LOGIC: 205 * This function check 11b rates in supportedRates and extendedRates rates 206 * 207 ***NOTE: 208 * 209 * @param rate 210 * 211 * @return BOOLEAN 212 */ 213 lim_check11b_rates(uint8_t rate)214 static bool lim_check11b_rates(uint8_t rate) 215 { 216 if ((0x02 == (rate)) 217 || (0x04 == (rate)) 218 || (0x0b == (rate)) 219 || (0x16 == (rate)) 220 ) { 221 return true; 222 } 223 return false; 224 } 225 226 #ifdef CONFIG_BAND_6GHZ 227 /** 228 * lim_need_broadcast_probe_rsp: check whether need broadcast probe rsp 229 * @session: a pointer to session entry 230 * @probe_req_da: probe request dst addr 231 * 232 * Return: bool 233 */ lim_need_broadcast_probe_rsp(struct pe_session * session,tSirMacAddr probe_req_da)234 static bool lim_need_broadcast_probe_rsp(struct pe_session *session, 235 tSirMacAddr probe_req_da) 236 { 237 if (WLAN_REG_IS_6GHZ_CHAN_FREQ(session->curr_op_freq) && 238 QDF_IS_ADDR_BROADCAST(probe_req_da)) 239 return true; 240 else 241 return false; 242 } 243 #else lim_need_broadcast_probe_rsp(struct pe_session * session,tSirMacAddr probe_req_da)244 static bool lim_need_broadcast_probe_rsp(struct pe_session *session, 245 tSirMacAddr probe_req_da) 246 { 247 return false; 248 } 249 #endif 250 251 /** 252 * lim_process_probe_req_frame: to process probe req frame 253 * @mac_ctx: Pointer to Global MAC structure 254 * @rx_pkt_info: A pointer to Buffer descriptor + associated PDUs 255 * @session: a pointer to session entry 256 * 257 * This function is called by limProcessMessageQueue() upon 258 * Probe Request frame reception. This function processes received 259 * Probe Request frame and responds with Probe Response. 260 * Only AP or STA in IBSS mode that sent last Beacon will respond to 261 * Probe Request. 262 * ASSUMPTIONS: 263 * 1. AP or STA in IBSS mode that sent last Beacon will always respond 264 * to Probe Request received with broadcast SSID. 265 * NOTE: 266 * 1. Dunno what to do with Rates received in Probe Request frame 267 * 2. Frames with out-of-order fields/IEs are dropped. 268 * 269 * 270 * Return: none 271 */ 272 273 void lim_process_probe_req_frame(struct mac_context * mac_ctx,uint8_t * rx_pkt_info,struct pe_session * session)274 lim_process_probe_req_frame(struct mac_context *mac_ctx, uint8_t *rx_pkt_info, 275 struct pe_session *session) 276 { 277 uint8_t *body_ptr; 278 tpSirMacMgmtHdr mac_hdr; 279 uint32_t frame_len; 280 tpSirProbeReq probe_req = NULL; 281 tAniSSID ssid; 282 uint8_t *uuid; 283 tSirMacAddr dst_mac; 284 285 mac_hdr = WMA_GET_RX_MAC_HEADER(rx_pkt_info); 286 if (LIM_IS_AP_ROLE(session) && 287 session->curr_op_freq == WMA_GET_RX_FREQ(rx_pkt_info)) { 288 frame_len = WMA_GET_RX_PAYLOAD_LEN(rx_pkt_info); 289 290 pe_debug("Received Probe Request: %d bytes from "QDF_MAC_ADDR_FMT, 291 frame_len, QDF_MAC_ADDR_REF(mac_hdr->sa)); 292 /* Get pointer to Probe Request frame body */ 293 body_ptr = WMA_GET_RX_MPDU_DATA(rx_pkt_info); 294 295 /* check for vendor IE presence */ 296 if ((session->access_policy_vendor_ie) && 297 (session->access_policy == 298 LIM_ACCESS_POLICY_RESPOND_IF_IE_IS_PRESENT)) { 299 if (!wlan_get_vendor_ie_ptr_from_oui( 300 &session->access_policy_vendor_ie[2], 301 3, body_ptr, frame_len)) { 302 pe_warn("Vendor IE is not present and access policy is: %x dropping probe request", 303 session->access_policy); 304 return; 305 } 306 } 307 308 probe_req = qdf_mem_malloc(sizeof(tSirProbeReq)); 309 if (!probe_req) 310 return; 311 312 /* Parse Probe Request frame */ 313 if (sir_convert_probe_req_frame2_struct(mac_ctx, body_ptr, 314 frame_len, probe_req) == QDF_STATUS_E_FAILURE) { 315 pe_err("Parse error ProbeReq, length: %d, SA is: " 316 QDF_MAC_ADDR_FMT, frame_len, 317 QDF_MAC_ADDR_REF(mac_hdr->sa)); 318 goto free_and_exit; 319 } 320 if (session->opmode == QDF_P2P_GO_MODE) { 321 uint8_t i = 0, rate_11b = 0, other_rates = 0; 322 /* Check 11b rates in supported rates */ 323 for (i = 0; i < probe_req->supportedRates.numRates; 324 i++) { 325 if (lim_check11b_rates( 326 probe_req->supportedRates.rate[i] & 327 0x7f)) 328 rate_11b++; 329 else 330 other_rates++; 331 } 332 333 /* Check 11b rates in extended rates */ 334 for (i = 0; i < probe_req->extendedRates.numRates; 335 i++) { 336 if (lim_check11b_rates( 337 probe_req->extendedRates.rate[i] & 338 0x7f)) 339 rate_11b++; 340 else 341 other_rates++; 342 } 343 344 if ((rate_11b > 0) && (other_rates == 0)) { 345 pe_debug("Received a probe req frame with only 11b rates, SA: "QDF_MAC_ADDR_FMT, 346 QDF_MAC_ADDR_REF(mac_hdr->sa)); 347 goto free_and_exit; 348 } 349 } 350 if (LIM_IS_AP_ROLE(session) && 351 ((session->APWPSIEs.SirWPSProbeRspIE.FieldPresent 352 & SIR_WPS_PROBRSP_VER_PRESENT) && 353 (probe_req->wscIePresent == 1) && 354 (probe_req->probeReqWscIeInfo.DevicePasswordID.id == 355 WSC_PASSWD_ID_PUSH_BUTTON) && 356 (probe_req->probeReqWscIeInfo.UUID_E.present == 1))) { 357 if (session->fwdWPSPBCProbeReq) { 358 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, 359 QDF_TRACE_LEVEL_DEBUG, 360 mac_hdr->sa, 361 QDF_MAC_ADDR_SIZE); 362 QDF_TRACE_HEX_DUMP(QDF_MODULE_ID_PE, 363 QDF_TRACE_LEVEL_DEBUG, 364 body_ptr, frame_len); 365 lim_send_sme_probe_req_ind(mac_ctx, mac_hdr->sa, 366 body_ptr, frame_len, session); 367 } else { 368 uuid = probe_req->probeReqWscIeInfo.UUID_E.uuid; 369 lim_update_pbc_session_entry(mac_ctx, 370 mac_hdr->sa, 371 uuid, 372 session); 373 } 374 } 375 ssid.length = session->ssId.length; 376 /* Copy the SSID from session entry to local variable */ 377 qdf_mem_copy(ssid.ssId, session->ssId.ssId, 378 session->ssId.length); 379 380 if (lim_need_broadcast_probe_rsp(session, mac_hdr->da)) 381 qdf_set_macaddr_broadcast((struct qdf_mac_addr *)dst_mac); 382 else 383 qdf_mem_copy(dst_mac, mac_hdr->sa, ETH_ALEN); 384 385 /* 386 * Compare received SSID with current SSID. If they match, 387 * reply with Probe Response 388 */ 389 if (probe_req->ssId.length) { 390 if (!ssid.length) 391 goto multipleSSIDcheck; 392 393 if (!qdf_mem_cmp((uint8_t *) &ssid, 394 (uint8_t *)&probe_req->ssId, 395 (uint8_t)(ssid.length + 1))) { 396 lim_send_probe_rsp_mgmt_frame(mac_ctx, 397 dst_mac, &ssid, 398 session, 399 probe_req->p2pIePresent); 400 goto free_and_exit; 401 } else if (session->opmode == 402 QDF_P2P_GO_MODE) { 403 uint8_t direct_ssid[7] = "DIRECT-"; 404 uint8_t direct_ssid_len = 7; 405 406 if (!qdf_mem_cmp((uint8_t *) &direct_ssid, 407 (uint8_t *)&probe_req->ssId.ssId, 408 (uint8_t)(direct_ssid_len))) { 409 lim_send_probe_rsp_mgmt_frame( 410 mac_ctx, dst_mac, &ssid, 411 session, 412 probe_req->p2pIePresent); 413 goto free_and_exit; 414 } 415 } else { 416 pe_debug("Ignore ProbeReq frm with unmatch SSID received from SA: "QDF_MAC_ADDR_FMT, 417 QDF_MAC_ADDR_REF(mac_hdr->sa)); 418 } 419 } else { 420 /* 421 * Broadcast SSID in the Probe Request. 422 * Reply with SSID we're configured with. 423 * Turn off the SSID length to 0 if hidden SSID feature 424 * is present 425 */ 426 if (session->ssidHidden) 427 /* 428 * We are returning from here as probe request 429 * contains the broadcast SSID. So no need to 430 * send the probe resp 431 */ 432 goto free_and_exit; 433 lim_send_probe_rsp_mgmt_frame(mac_ctx, dst_mac, 434 &ssid, 435 session, 436 probe_req->p2pIePresent); 437 goto free_and_exit; 438 } 439 multipleSSIDcheck: 440 pe_debug("Ignore ProbeReq frm with unmatch SSID rcved from SA: "QDF_MAC_ADDR_FMT, 441 QDF_MAC_ADDR_REF(mac_hdr->sa)); 442 } else { 443 /* Ignore received Probe Request frame */ 444 pe_debug("Ignoring Probe Request frame received from SA: "QDF_MAC_ADDR_FMT, 445 QDF_MAC_ADDR_REF(mac_hdr->sa)); 446 } 447 448 free_and_exit: 449 qdf_mem_free(probe_req); 450 return; 451 } 452 453 /** 454 * lim_indicate_probe_req_to_hdd 455 * 456 ***FUNCTION: 457 * This function is called by lim_process_probe_req_frame_multiple_bss() upon 458 * Probe Request frame reception. 459 * 460 ***LOGIC: 461 * This function processes received Probe Request frame and Pass 462 * Probe Request Frame to HDD. 463 * 464 * @param mac Pointer to Global MAC structure 465 * @param *pBd A pointer to Buffer descriptor + associated PDUs 466 * @param pe_session A pointer to PE session 467 * 468 * @return None 469 */ 470 471 static void lim_indicate_probe_req_to_hdd(struct mac_context * mac,uint8_t * pBd,struct pe_session * pe_session)472 lim_indicate_probe_req_to_hdd(struct mac_context *mac, uint8_t *pBd, 473 struct pe_session *pe_session) 474 { 475 tpSirMacMgmtHdr pHdr; 476 uint32_t frameLen; 477 478 pe_debug("Received a probe request frame"); 479 480 pHdr = WMA_GET_RX_MAC_HEADER(pBd); 481 frameLen = WMA_GET_RX_PAYLOAD_LEN(pBd); 482 483 /* send the probe req to SME. */ 484 lim_send_sme_mgmt_frame_ind(mac, pHdr->fc.subType, 485 (uint8_t *) pHdr, 486 (frameLen + sizeof(tSirMacMgmtHdr)), 487 pe_session->vdev_id, 488 WMA_GET_RX_FREQ(pBd), 489 WMA_GET_RX_RSSI_NORMALIZED(pBd), 490 RXMGMT_FLAG_NONE); 491 } /*** end lim_indicate_probe_req_to_hdd() ***/ 492 493 /** 494 * lim_process_probe_req_frame_multiple_bss() - to process probe req 495 * @mac_ctx: Pointer to Global MAC structure 496 * @buf_descr: A pointer to Buffer descriptor + associated PDUs 497 * @session: A pointer to PE session 498 * 499 * This function is called by limProcessMessageQueue() upon 500 * Probe Request frame reception. This function call 501 * lim_indicate_probe_req_to_hdd function to indicate 502 * Probe Request frame to HDD. It also call lim_process_probe_req_frame 503 * function which process received Probe Request frame and responds 504 * with Probe Response. 505 * 506 * @return None 507 */ 508 void lim_process_probe_req_frame_multiple_bss(struct mac_context * mac_ctx,uint8_t * buf_descr,struct pe_session * session)509 lim_process_probe_req_frame_multiple_bss(struct mac_context *mac_ctx, 510 uint8_t *buf_descr, struct pe_session *session) 511 { 512 uint8_t i; 513 struct wlan_channel *chan; 514 uint16_t probe_req_freq = WMA_GET_RX_FREQ(buf_descr); 515 516 if (session) { 517 if (LIM_IS_AP_ROLE(session)) { 518 lim_indicate_probe_req_to_hdd(mac_ctx, 519 buf_descr, session); 520 } 521 lim_process_probe_req_frame(mac_ctx, buf_descr, session); 522 return; 523 } 524 525 for (i = 0; i < mac_ctx->lim.maxBssId; i++) { 526 session = pe_find_session_by_session_id(mac_ctx, i); 527 if (!session) 528 continue; 529 530 if (!LIM_IS_AP_ROLE(session)) 531 continue; 532 533 if (wlan_vdev_is_up(session->vdev) != QDF_STATUS_SUCCESS) 534 continue; 535 536 chan = wlan_vdev_get_active_channel(session->vdev); 537 /** 538 * For GO present on 5G/6G/2G band channel and if probe req 539 * is received for p2p listen on the listen channel then no 540 * need to send probe resp on GO operating channel 541 **/ 542 if (!chan || chan->ch_freq != probe_req_freq) { 543 pe_debug("do not send probe resp to requested probe freq %d", 544 probe_req_freq); 545 continue; 546 } 547 548 lim_indicate_probe_req_to_hdd(mac_ctx, 549 buf_descr, session); 550 lim_process_probe_req_frame(mac_ctx, 551 buf_descr, session); 552 } 553 } 554 555 /** 556 * lim_send_sme_probe_req_ind() 557 * 558 ***FUNCTION: 559 * This function is to send 560 * eWNI_SME_WPS_PBC_PROBE_REQ_IND message to host 561 * 562 ***PARAMS: 563 * 564 ***LOGIC: 565 * 566 ***ASSUMPTIONS: 567 * NA 568 * 569 ***NOTE: 570 * This function is used for sending eWNI_SME_WPS_PBC_PROBE_REQ_IND 571 * to host. 572 * 573 * @param peerMacAddr Indicates the peer MAC addr that the probe request 574 * is generated. 575 * @param pProbeReqIE pointer to RAW probe request IE 576 * @param ProbeReqIELen The length of probe request IE. 577 * @param pe_session A pointer to PE session 578 * 579 * @return None 580 */ 581 void lim_send_sme_probe_req_ind(struct mac_context * mac,tSirMacAddr peerMacAddr,uint8_t * pProbeReqIE,uint32_t ProbeReqIELen,struct pe_session * pe_session)582 lim_send_sme_probe_req_ind(struct mac_context *mac, 583 tSirMacAddr peerMacAddr, 584 uint8_t *pProbeReqIE, 585 uint32_t ProbeReqIELen, struct pe_session *pe_session) 586 { 587 tSirSmeProbeReqInd *pSirSmeProbeReqInd; 588 struct scheduler_msg msgQ = {0}; 589 590 pSirSmeProbeReqInd = qdf_mem_malloc(sizeof(tSirSmeProbeReqInd)); 591 if (!pSirSmeProbeReqInd) 592 return; 593 594 msgQ.type = eWNI_SME_WPS_PBC_PROBE_REQ_IND; 595 msgQ.bodyval = 0; 596 msgQ.bodyptr = pSirSmeProbeReqInd; 597 598 pSirSmeProbeReqInd->messageType = eWNI_SME_WPS_PBC_PROBE_REQ_IND; 599 pSirSmeProbeReqInd->length = sizeof(*pSirSmeProbeReqInd); 600 pSirSmeProbeReqInd->sessionId = pe_session->smeSessionId; 601 602 qdf_mem_copy(pSirSmeProbeReqInd->bssid.bytes, pe_session->bssId, 603 QDF_MAC_ADDR_SIZE); 604 qdf_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.peer_macaddr.bytes, 605 peerMacAddr, QDF_MAC_ADDR_SIZE); 606 607 MTRACE(mac_trace(mac, TRACE_CODE_TX_SME_MSG, 608 pe_session->peSessionId, msgQ.type)); 609 610 if (ProbeReqIELen > sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq. 611 probeReqIE)) { 612 ProbeReqIELen = sizeof(pSirSmeProbeReqInd->WPSPBCProbeReq. 613 probeReqIE); 614 } 615 616 pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIELen = 617 (uint16_t) ProbeReqIELen; 618 qdf_mem_copy(pSirSmeProbeReqInd->WPSPBCProbeReq.probeReqIE, pProbeReqIE, 619 ProbeReqIELen); 620 621 lim_sys_process_mmh_msg_api(mac, &msgQ); 622 623 } /*** end lim_send_sme_probe_req_ind() ***/ 624