1 /* 2 * Copyright (c) 2017-2018 The Linux Foundation. All rights reserved. 3 * 4 * Permission to use, copy, modify, and/or distribute this software for 5 * any purpose with or without fee is hereby granted, provided that the 6 * above copyright notice and this permission notice appear in all 7 * copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL 10 * WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED 11 * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE 12 * AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 13 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 14 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER 15 * TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 16 * PERFORMANCE OF THIS SOFTWARE. 17 */ 18 19 /* 20 * DOC: Defines scan utility functions 21 */ 22 23 #include <wlan_cmn.h> 24 #include <wlan_scan_ucfg_api.h> 25 #include <wlan_scan_utils_api.h> 26 #include <../../core/src/wlan_scan_cache_db.h> 27 #include <../../core/src/wlan_scan_main.h> 28 #include <wlan_reg_services_api.h> 29 30 #define MAX_IE_LEN 1024 31 32 const char* 33 util_scan_get_ev_type_name(enum scan_event_type type) 34 { 35 static const char * const event_name[] = { 36 [SCAN_EVENT_TYPE_STARTED] = "STARTED", 37 [SCAN_EVENT_TYPE_COMPLETED] = "COMPLETED", 38 [SCAN_EVENT_TYPE_BSS_CHANNEL] = "HOME_CHANNEL", 39 [SCAN_EVENT_TYPE_FOREIGN_CHANNEL] = "FOREIGN_CHANNEL", 40 [SCAN_EVENT_TYPE_DEQUEUED] = "DEQUEUED", 41 [SCAN_EVENT_TYPE_PREEMPTED] = "PREEMPTED", 42 [SCAN_EVENT_TYPE_START_FAILED] = "START_FAILED", 43 [SCAN_EVENT_TYPE_RESTARTED] = "RESTARTED", 44 [SCAN_EVENT_TYPE_FOREIGN_CHANNEL_EXIT] = "FOREIGN_CHANNEL_EXIT", 45 [SCAN_EVENT_TYPE_SUSPENDED] = "SUSPENDED", 46 [SCAN_EVENT_TYPE_RESUMED] = "RESUMED", 47 [SCAN_EVENT_TYPE_NLO_COMPLETE] = "NLO_COMPLETE", 48 [SCAN_EVENT_TYPE_NLO_MATCH] = "NLO_MATCH", 49 [SCAN_EVENT_TYPE_INVALID] = "INVALID", 50 [SCAN_EVENT_TYPE_GPIO_TIMEOUT] = "GPIO_TIMEOUT", 51 [SCAN_EVENT_TYPE_RADIO_MEASUREMENT_START] = 52 "RADIO_MEASUREMENT_START", 53 [SCAN_EVENT_TYPE_RADIO_MEASUREMENT_END] = 54 "RADIO_MEASUREMENT_END", 55 [SCAN_EVENT_TYPE_BSSID_MATCH] = "BSSID_MATCH", 56 [SCAN_EVENT_TYPE_FOREIGN_CHANNEL_GET_NF] = 57 "FOREIGN_CHANNEL_GET_NF", 58 }; 59 60 if (type >= SCAN_EVENT_TYPE_MAX) 61 return "UNKNOWN"; 62 63 return event_name[type]; 64 } 65 66 67 const char* 68 util_scan_get_ev_reason_name(enum scan_completion_reason reason) 69 { 70 static const char * const reason_name[] = { 71 [SCAN_REASON_NONE] = "NONE", 72 [SCAN_REASON_COMPLETED] = "COMPLETED", 73 [SCAN_REASON_CANCELLED] = "CANCELLED", 74 [SCAN_REASON_PREEMPTED] = "PREEMPTED", 75 [SCAN_REASON_TIMEDOUT] = "TIMEDOUT", 76 [SCAN_REASON_INTERNAL_FAILURE] = "INTERNAL_FAILURE", 77 [SCAN_REASON_SUSPENDED] = "SUSPENDED", 78 [SCAN_REASON_RUN_FAILED] = "RUN_FAILED", 79 [SCAN_REASON_TERMINATION_FUNCTION] = "TERMINATION_FUNCTION", 80 [SCAN_REASON_MAX_OFFCHAN_RETRIES] = "MAX_OFFCHAN_RETRIES", 81 }; 82 83 if (reason >= SCAN_REASON_MAX) 84 return "UNKNOWN"; 85 86 return reason_name[reason]; 87 } 88 89 qdf_time_t 90 util_get_last_scan_time(struct wlan_objmgr_vdev *vdev) 91 { 92 uint8_t pdev_id; 93 struct wlan_scan_obj *scan_obj; 94 95 if (!vdev) { 96 scm_warn("null vdev"); 97 QDF_ASSERT(0); 98 return 0; 99 } 100 pdev_id = wlan_scan_vdev_get_pdev_id(vdev); 101 scan_obj = wlan_vdev_get_scan_obj(vdev); 102 103 return scan_obj->pdev_info[pdev_id].last_scan_time; 104 } 105 106 enum wlan_band util_scan_scm_chan_to_band(uint32_t chan) 107 { 108 if (WLAN_CHAN_IS_2GHZ(chan)) 109 return WLAN_BAND_2_4_GHZ; 110 111 return WLAN_BAND_5_GHZ; 112 } 113 114 enum wlan_band util_scan_scm_freq_to_band(uint16_t freq) 115 { 116 if (WLAN_REG_IS_24GHZ_CH_FREQ(freq)) 117 return WLAN_BAND_2_4_GHZ; 118 119 return WLAN_BAND_5_GHZ; 120 } 121 122 bool util_is_scan_entry_match( 123 struct scan_cache_entry *entry1, 124 struct scan_cache_entry *entry2) 125 { 126 127 if (entry1->cap_info.wlan_caps.ess != 128 entry2->cap_info.wlan_caps.ess) 129 return false; 130 131 if (entry1->cap_info.wlan_caps.ess && 132 !qdf_mem_cmp(entry1->bssid.bytes, 133 entry2->bssid.bytes, QDF_MAC_ADDR_SIZE) && 134 util_scan_scm_chan_to_band( 135 entry1->channel.chan_idx) == 136 util_scan_scm_chan_to_band(entry2->channel.chan_idx)) { 137 /* Check for BSS */ 138 if (util_is_ssid_match( 139 &entry1->ssid, &entry2->ssid)) 140 return true; 141 } else if (entry1->cap_info.wlan_caps.ibss && 142 (entry1->channel.chan_idx == 143 entry2->channel.chan_idx)) { 144 /* 145 * Same channel cannot have same SSID for 146 * different IBSS, so no need to check BSSID 147 */ 148 if (util_is_ssid_match( 149 &entry1->ssid, &entry2->ssid)) 150 return true; 151 } else if (!entry1->cap_info.wlan_caps.ibss && 152 !entry1->cap_info.wlan_caps.ess && 153 !qdf_mem_cmp(entry1->bssid.bytes, 154 entry2->bssid.bytes, QDF_MAC_ADDR_SIZE)) { 155 /* In case of P2P devices, ess and ibss will be set to zero */ 156 return true; 157 } 158 159 return false; 160 } 161 162 static bool util_is_pureg_rate(uint8_t *rates, uint8_t nrates) 163 { 164 static const uint8_t g_rates[] = {12, 18, 24, 36, 48, 72, 96, 108}; 165 bool pureg = false; 166 uint8_t i, j; 167 168 for (i = 0; i < nrates; i++) { 169 for (j = 0; j < QDF_ARRAY_SIZE(g_rates); j++) { 170 if (WLAN_RV(rates[i]) == g_rates[j]) { 171 pureg = true; 172 break; 173 } 174 } 175 if (pureg) 176 break; 177 } 178 179 return pureg; 180 } 181 static enum wlan_phymode 182 util_scan_get_phymode_5g(struct scan_cache_entry *scan_params) 183 { 184 enum wlan_phymode phymode = WLAN_PHYMODE_AUTO; 185 uint16_t ht_cap = 0; 186 struct htcap_cmn_ie *htcap; 187 struct wlan_ie_htinfo_cmn *htinfo; 188 struct wlan_ie_vhtop *vhtop; 189 190 htcap = (struct htcap_cmn_ie *) 191 util_scan_entry_htcap(scan_params); 192 htinfo = (struct wlan_ie_htinfo_cmn *) 193 util_scan_entry_htinfo(scan_params); 194 vhtop = (struct wlan_ie_vhtop *) 195 util_scan_entry_vhtop(scan_params); 196 197 if (!(htcap && htinfo)) 198 return WLAN_PHYMODE_11A; 199 200 if (htcap) 201 ht_cap = le16toh(htcap->hc_cap); 202 203 if (util_scan_entry_vhtcap(scan_params) && vhtop) { 204 switch (vhtop->vht_op_chwidth) { 205 case WLAN_VHTOP_CHWIDTH_2040: 206 if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 207 (htinfo->hi_extchoff == 208 WLAN_HTINFO_EXTOFFSET_ABOVE)) 209 phymode = WLAN_PHYMODE_11AC_VHT40PLUS; 210 else if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 211 (htinfo->hi_extchoff == 212 WLAN_HTINFO_EXTOFFSET_BELOW)) 213 phymode = WLAN_PHYMODE_11AC_VHT40MINUS; 214 else 215 phymode = WLAN_PHYMODE_11AC_VHT20; 216 break; 217 case WLAN_VHTOP_CHWIDTH_80: 218 if (WLAN_IS_REVSIG_VHT80_80(vhtop)) 219 phymode = WLAN_PHYMODE_11AC_VHT80_80; 220 else if (WLAN_IS_REVSIG_VHT160(vhtop)) 221 phymode = WLAN_PHYMODE_11AC_VHT160; 222 else 223 phymode = WLAN_PHYMODE_11AC_VHT80; 224 break; 225 case WLAN_VHTOP_CHWIDTH_160: 226 phymode = WLAN_PHYMODE_11AC_VHT160; 227 break; 228 case WLAN_VHTOP_CHWIDTH_80_80: 229 phymode = WLAN_PHYMODE_11AC_VHT80_80; 230 break; 231 default: 232 scm_err("bad channel: %d", 233 vhtop->vht_op_chwidth); 234 break; 235 } 236 } else if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 237 (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_ABOVE)) 238 phymode = WLAN_PHYMODE_11NA_HT40PLUS; 239 else if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 240 (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_BELOW)) 241 phymode = WLAN_PHYMODE_11NA_HT40MINUS; 242 else 243 phymode = WLAN_PHYMODE_11NA_HT20; 244 245 return phymode; 246 } 247 248 static enum wlan_phymode 249 util_scan_get_phymode_2g(struct scan_cache_entry *scan_params) 250 { 251 enum wlan_phymode phymode = WLAN_PHYMODE_AUTO; 252 uint16_t ht_cap = 0; 253 struct htcap_cmn_ie *htcap; 254 struct wlan_ie_htinfo_cmn *htinfo; 255 struct wlan_ie_vhtop *vhtop; 256 257 htcap = (struct htcap_cmn_ie *) 258 util_scan_entry_htcap(scan_params); 259 htinfo = (struct wlan_ie_htinfo_cmn *) 260 util_scan_entry_htinfo(scan_params); 261 vhtop = (struct wlan_ie_vhtop *) 262 util_scan_entry_vhtop(scan_params); 263 264 if (htcap) 265 ht_cap = le16toh(htcap->hc_cap); 266 267 if (htcap && htinfo) { 268 if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 269 (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_ABOVE)) 270 phymode = WLAN_PHYMODE_11NG_HT40PLUS; 271 else if ((ht_cap & WLAN_HTCAP_C_CHWIDTH40) && 272 (htinfo->hi_extchoff == WLAN_HTINFO_EXTOFFSET_BELOW)) 273 phymode = WLAN_PHYMODE_11NG_HT40MINUS; 274 else 275 phymode = WLAN_PHYMODE_11NG_HT20; 276 } else if (util_scan_entry_xrates(scan_params)) { 277 /* only 11G stations will have more than 8 rates */ 278 phymode = WLAN_PHYMODE_11G; 279 } else { 280 /* Some mischievous g-only APs do not set extended rates */ 281 if (util_scan_entry_rates(scan_params)) { 282 if (util_is_pureg_rate(&scan_params->ie_list.rates[2], 283 scan_params->ie_list.rates[1])) 284 phymode = WLAN_PHYMODE_11G; 285 else 286 phymode = WLAN_PHYMODE_11B; 287 } else { 288 phymode = WLAN_PHYMODE_11B; 289 } 290 } 291 292 return phymode; 293 } 294 295 static QDF_STATUS 296 util_scan_parse_chan_switch_wrapper_ie(struct scan_cache_entry *scan_params, 297 struct ie_header *sub_ie, qdf_size_t sub_ie_len) 298 { 299 /* Walk through to check nothing is malformed */ 300 while (sub_ie_len >= sizeof(struct ie_header)) { 301 /* At least one more header is present */ 302 sub_ie_len -= sizeof(struct ie_header); 303 304 if (sub_ie->ie_len == 0) { 305 sub_ie += 1; 306 continue; 307 } 308 if (sub_ie_len < sub_ie->ie_len) { 309 scm_err("Incomplete corrupted IE:%x", 310 WLAN_ELEMID_CHAN_SWITCH_WRAP); 311 return QDF_STATUS_E_INVAL; 312 } 313 switch (sub_ie->ie_id) { 314 case WLAN_ELEMID_COUNTRY: 315 scan_params->ie_list.country = (uint8_t *)sub_ie; 316 break; 317 case WLAN_ELEMID_WIDE_BAND_CHAN_SWITCH: 318 scan_params->ie_list.widebw = (uint8_t *)sub_ie; 319 break; 320 case WLAN_ELEMID_VHT_TX_PWR_ENVLP: 321 scan_params->ie_list.txpwrenvlp = (uint8_t *)sub_ie; 322 break; 323 } 324 /* Consume sub info element */ 325 sub_ie_len -= sub_ie->ie_len; 326 /* go to next Sub IE */ 327 sub_ie = (struct ie_header *) 328 (((uint8_t *) sub_ie) + 329 sizeof(struct ie_header) + sub_ie->ie_len); 330 } 331 332 return QDF_STATUS_SUCCESS; 333 } 334 335 bool 336 util_scan_is_hidden_ssid(struct ie_ssid *ssid) 337 { 338 uint8_t i; 339 340 /* 341 * We flag this as Hidden SSID if the Length is 0 342 * of the SSID only contains 0's 343 */ 344 if (!ssid || !ssid->ssid_len) 345 return true; 346 347 for (i = 0; i < ssid->ssid_len; i++) 348 if (ssid->ssid[i] != 0) 349 return false; 350 351 /* All 0's */ 352 return true; 353 } 354 355 static QDF_STATUS 356 util_scan_parse_extn_ie(struct scan_cache_entry *scan_params, 357 struct ie_header *ie) 358 { 359 struct extn_ie_header *extn_ie = (struct extn_ie_header *) ie; 360 361 switch (extn_ie->ie_extn_id) { 362 case WLAN_EXTN_ELEMID_SRP: 363 scan_params->ie_list.srp = (uint8_t *)ie; 364 break; 365 case WLAN_EXTN_ELEMID_HECAP: 366 scan_params->ie_list.hecap = (uint8_t *)ie; 367 break; 368 case WLAN_EXTN_ELEMID_HEOP: 369 scan_params->ie_list.heop = (uint8_t *)ie; 370 break; 371 case WLAN_EXTN_ELEMID_ESP: 372 scan_params->ie_list.esp = (uint8_t *)ie; 373 break; 374 case WLAN_EXTN_ELEMID_MUEDCA: 375 scan_params->ie_list.muedca = (uint8_t *)ie; 376 break; 377 default: 378 break; 379 } 380 return QDF_STATUS_SUCCESS; 381 } 382 383 static QDF_STATUS 384 util_scan_parse_vendor_ie(struct scan_cache_entry *scan_params, 385 struct ie_header *ie) 386 { 387 if (scan_params->ie_list.vendor == NULL) 388 scan_params->ie_list.vendor = (uint8_t *)ie; 389 390 if (is_wpa_oui((uint8_t *)ie)) { 391 scan_params->ie_list.wpa = (uint8_t *)ie; 392 } else if (is_wps_oui((uint8_t *)ie)) { 393 scan_params->ie_list.wps = (uint8_t *)ie; 394 /* WCN IE should be a subset of WPS IE */ 395 if (is_wcn_oui((uint8_t *)ie)) 396 scan_params->ie_list.wcn = (uint8_t *)ie; 397 } else if (is_wme_param((uint8_t *)ie)) { 398 scan_params->ie_list.wmeparam = (uint8_t *)ie; 399 } else if (is_wme_info((uint8_t *)ie)) { 400 scan_params->ie_list.wmeinfo = (uint8_t *)ie; 401 } else if (is_atheros_oui((uint8_t *)ie)) { 402 scan_params->ie_list.athcaps = (uint8_t *)ie; 403 } else if (is_atheros_extcap_oui((uint8_t *)ie)) { 404 scan_params->ie_list.athextcaps = (uint8_t *)ie; 405 } else if (is_sfa_oui((uint8_t *)ie)) { 406 scan_params->ie_list.sfa = (uint8_t *)ie; 407 } else if (is_p2p_oui((uint8_t *)ie)) { 408 scan_params->ie_list.p2p = (uint8_t *)ie; 409 } else if (is_qca_son_oui((uint8_t *)ie, 410 QCA_OUI_WHC_AP_INFO_SUBTYPE)) { 411 scan_params->ie_list.sonadv = (uint8_t *)ie; 412 } else if (is_ht_cap((uint8_t *)ie)) { 413 /* we only care if there isn't already an HT IE (ANA) */ 414 if (scan_params->ie_list.htcap == NULL) { 415 if (ie->ie_len != (WLAN_VENDOR_HT_IE_OFFSET_LEN + 416 sizeof(struct htcap_cmn_ie))) 417 return QDF_STATUS_E_INVAL; 418 scan_params->ie_list.htcap = 419 (uint8_t *)&(((struct wlan_vendor_ie_htcap *)ie)->ie); 420 } 421 } else if (is_ht_info((uint8_t *)ie)) { 422 /* we only care if there isn't already an HT IE (ANA) */ 423 if (scan_params->ie_list.htinfo == NULL) { 424 if (ie->ie_len != WLAN_VENDOR_HT_IE_OFFSET_LEN + 425 sizeof(struct wlan_ie_htinfo_cmn)) 426 return QDF_STATUS_E_INVAL; 427 scan_params->ie_list.htinfo = 428 (uint8_t *)&(((struct wlan_vendor_ie_htinfo *) 429 ie)->hi_ie); 430 } 431 } else if (is_interop_vht((uint8_t *)ie) && 432 !(scan_params->ie_list.vhtop)) { 433 uint8_t *vendor_ie = (uint8_t *)(ie); 434 435 if (ie->ie_len < ((WLAN_VENDOR_VHTCAP_IE_OFFSET + 436 sizeof(struct wlan_ie_vhtcaps)) - 437 sizeof(struct ie_header))) 438 return QDF_STATUS_E_INVAL; 439 vendor_ie = ((uint8_t *)(ie)) + WLAN_VENDOR_VHTCAP_IE_OFFSET; 440 if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtcaps)) - 441 sizeof(struct ie_header)) 442 return QDF_STATUS_E_INVAL; 443 /* location where Interop Vht Cap IE and VHT OP IE Present */ 444 scan_params->ie_list.vhtcap = (((uint8_t *)(ie)) + 445 WLAN_VENDOR_VHTCAP_IE_OFFSET); 446 if (ie->ie_len > ((WLAN_VENDOR_VHTCAP_IE_OFFSET + 447 sizeof(struct wlan_ie_vhtcaps)) - 448 sizeof(struct ie_header)) && 449 ie->ie_len < ((WLAN_VENDOR_VHTOP_IE_OFFSET + 450 sizeof(struct wlan_ie_vhtop)) - 451 sizeof(struct ie_header))) 452 return QDF_STATUS_E_INVAL; 453 vendor_ie = ((uint8_t *)(ie)) + WLAN_VENDOR_VHTOP_IE_OFFSET; 454 if (vendor_ie[1] != (sizeof(struct wlan_ie_vhtop) - 455 sizeof(struct ie_header))) 456 return QDF_STATUS_E_INVAL; 457 scan_params->ie_list.vhtop = (((uint8_t *)(ie)) + 458 WLAN_VENDOR_VHTOP_IE_OFFSET); 459 } else if (is_bwnss_oui((uint8_t *)ie)) { 460 /* 461 * Bandwidth-NSS map has sub-type & version. 462 * hence copy data just after version byte 463 */ 464 scan_params->ie_list.bwnss_map = (((uint8_t *)ie) + 8); 465 } else if (is_mbo_oce_oui((uint8_t *)ie)) { 466 scan_params->ie_list.mbo_oce = (uint8_t *)ie; 467 } else if (is_extender_oui((uint8_t *)ie)) { 468 scan_params->ie_list.extender = (uint8_t *)ie; 469 } 470 return QDF_STATUS_SUCCESS; 471 } 472 473 static QDF_STATUS 474 util_scan_populate_bcn_ie_list(struct scan_cache_entry *scan_params) 475 { 476 struct ie_header *ie, *sub_ie; 477 uint32_t ie_len, sub_ie_len; 478 QDF_STATUS status; 479 480 ie_len = util_scan_entry_ie_len(scan_params); 481 ie = (struct ie_header *) 482 util_scan_entry_ie_data(scan_params); 483 484 while (ie_len >= sizeof(struct ie_header)) { 485 ie_len -= sizeof(struct ie_header); 486 487 if (!ie->ie_len) { 488 ie += 1; 489 continue; 490 } 491 492 if (ie_len < ie->ie_len) { 493 scm_debug("Incomplete corrupted IE:%x", 494 ie->ie_id); 495 return QDF_STATUS_E_INVAL; 496 } 497 498 switch (ie->ie_id) { 499 case WLAN_ELEMID_SSID: 500 if (ie->ie_len > (sizeof(struct ie_ssid) - 501 sizeof(struct ie_header))) 502 return QDF_STATUS_E_INVAL; 503 scan_params->ie_list.ssid = (uint8_t *)ie; 504 break; 505 case WLAN_ELEMID_RATES: 506 if (ie->ie_len > WLAN_SUPPORTED_RATES_IE_MAX_LEN) 507 return QDF_STATUS_E_INVAL; 508 scan_params->ie_list.rates = (uint8_t *)ie; 509 break; 510 case WLAN_ELEMID_DSPARMS: 511 if (ie->ie_len != WLAN_DS_PARAM_IE_MAX_LEN) 512 return QDF_STATUS_E_INVAL; 513 scan_params->ie_list.ds_param = (uint8_t *)ie; 514 scan_params->channel.chan_idx = 515 ((struct ds_ie *)ie)->cur_chan; 516 break; 517 case WLAN_ELEMID_TIM: 518 if (ie->ie_len < WLAN_TIM_IE_MIN_LENGTH) 519 return QDF_STATUS_E_INVAL; 520 scan_params->ie_list.tim = (uint8_t *)ie; 521 scan_params->dtim_period = 522 ((struct wlan_tim_ie *)ie)->tim_period; 523 break; 524 case WLAN_ELEMID_COUNTRY: 525 if (ie->ie_len < WLAN_COUNTRY_IE_MIN_LEN) 526 return QDF_STATUS_E_INVAL; 527 scan_params->ie_list.country = (uint8_t *)ie; 528 break; 529 case WLAN_ELEMID_QBSS_LOAD: 530 if (ie->ie_len != sizeof(struct qbss_load_ie) - 531 sizeof(struct ie_header)) { 532 /* 533 * Expected QBSS IE length is 5Bytes; For some 534 * old cisco AP, QBSS IE length is 4Bytes, which 535 * doesn't match with latest spec, So ignore 536 * QBSS IE in such case. 537 */ 538 break; 539 } 540 scan_params->ie_list.qbssload = (uint8_t *)ie; 541 break; 542 case WLAN_ELEMID_CHANSWITCHANN: 543 if (ie->ie_len != WLAN_CSA_IE_MAX_LEN) 544 return QDF_STATUS_E_INVAL; 545 scan_params->ie_list.csa = (uint8_t *)ie; 546 break; 547 case WLAN_ELEMID_IBSSDFS: 548 if (ie->ie_len < WLAN_IBSSDFS_IE_MIN_LEN) 549 return QDF_STATUS_E_INVAL; 550 scan_params->ie_list.ibssdfs = (uint8_t *)ie; 551 break; 552 case WLAN_ELEMID_QUIET: 553 if (ie->ie_len != WLAN_QUIET_IE_MAX_LEN) 554 return QDF_STATUS_E_INVAL; 555 scan_params->ie_list.quiet = (uint8_t *)ie; 556 break; 557 case WLAN_ELEMID_ERP: 558 if (ie->ie_len != (sizeof(struct erp_ie) - 559 sizeof(struct ie_header))) 560 return QDF_STATUS_E_INVAL; 561 scan_params->erp = ((struct erp_ie *)ie)->value; 562 break; 563 case WLAN_ELEMID_HTCAP_ANA: 564 if (ie->ie_len != sizeof(struct htcap_cmn_ie)) 565 return QDF_STATUS_E_INVAL; 566 scan_params->ie_list.htcap = 567 (uint8_t *)&(((struct htcap_ie *)ie)->ie); 568 break; 569 case WLAN_ELEMID_RSN: 570 if (ie->ie_len < WLAN_RSN_IE_MIN_LEN) 571 return QDF_STATUS_E_INVAL; 572 scan_params->ie_list.rsn = (uint8_t *)ie; 573 break; 574 case WLAN_ELEMID_XRATES: 575 scan_params->ie_list.xrates = (uint8_t *)ie; 576 break; 577 case WLAN_ELEMID_EXTCHANSWITCHANN: 578 if (ie->ie_len != WLAN_XCSA_IE_MAX_LEN) 579 return QDF_STATUS_E_INVAL; 580 scan_params->ie_list.xcsa = (uint8_t *)ie; 581 break; 582 case WLAN_ELEMID_SECCHANOFFSET: 583 if (ie->ie_len != WLAN_SECCHANOFF_IE_MAX_LEN) 584 return QDF_STATUS_E_INVAL; 585 scan_params->ie_list.secchanoff = (uint8_t *)ie; 586 break; 587 case WLAN_ELEMID_HTINFO_ANA: 588 if (ie->ie_len != sizeof(struct wlan_ie_htinfo_cmn)) 589 return QDF_STATUS_E_INVAL; 590 scan_params->ie_list.htinfo = 591 (uint8_t *)&(((struct wlan_ie_htinfo *) ie)->hi_ie); 592 scan_params->channel.chan_idx = 593 ((struct wlan_ie_htinfo_cmn *) 594 (scan_params->ie_list.htinfo))->hi_ctrlchannel; 595 break; 596 case WLAN_ELEMID_WAPI: 597 if (ie->ie_len < WLAN_WAPI_IE_MIN_LEN) 598 return QDF_STATUS_E_INVAL; 599 scan_params->ie_list.wapi = (uint8_t *)ie; 600 break; 601 case WLAN_ELEMID_XCAPS: 602 if (ie->ie_len > WLAN_EXTCAP_IE_MAX_LEN) 603 return QDF_STATUS_E_INVAL; 604 scan_params->ie_list.extcaps = (uint8_t *)ie; 605 break; 606 case WLAN_ELEMID_VHTCAP: 607 if (ie->ie_len != (sizeof(struct wlan_ie_vhtcaps) - 608 sizeof(struct ie_header))) 609 return QDF_STATUS_E_INVAL; 610 scan_params->ie_list.vhtcap = (uint8_t *)ie; 611 break; 612 case WLAN_ELEMID_VHTOP: 613 if (ie->ie_len != (sizeof(struct wlan_ie_vhtop) - 614 sizeof(struct ie_header))) 615 return QDF_STATUS_E_INVAL; 616 scan_params->ie_list.vhtop = (uint8_t *)ie; 617 break; 618 case WLAN_ELEMID_OP_MODE_NOTIFY: 619 if (ie->ie_len != WLAN_OPMODE_IE_MAX_LEN) 620 return QDF_STATUS_E_INVAL; 621 scan_params->ie_list.opmode = (uint8_t *)ie; 622 break; 623 case WLAN_ELEMID_MOBILITY_DOMAIN: 624 if (ie->ie_len != WLAN_MOBILITY_DOMAIN_IE_MAX_LEN) 625 return QDF_STATUS_E_INVAL; 626 scan_params->ie_list.mdie = (uint8_t *)ie; 627 break; 628 case WLAN_ELEMID_VENDOR: 629 status = util_scan_parse_vendor_ie(scan_params, 630 ie); 631 if (QDF_IS_STATUS_ERROR(status)) 632 return status; 633 break; 634 case WLAN_ELEMID_CHAN_SWITCH_WRAP: 635 scan_params->ie_list.cswrp = (uint8_t *)ie; 636 /* Go to next sub IE */ 637 sub_ie = (struct ie_header *) 638 (((uint8_t *)ie) + sizeof(struct ie_header)); 639 sub_ie_len = ie->ie_len; 640 status = 641 util_scan_parse_chan_switch_wrapper_ie( 642 scan_params, sub_ie, sub_ie_len); 643 if (QDF_IS_STATUS_ERROR(status)) { 644 scm_err("failed to parse chan_switch_wrapper_ie"); 645 return status; 646 } 647 break; 648 case WLAN_ELEMID_FILS_INDICATION: 649 if (ie->ie_len < WLAN_FILS_INDICATION_IE_MIN_LEN) 650 return QDF_STATUS_E_INVAL; 651 scan_params->ie_list.fils_indication = (uint8_t *)ie; 652 break; 653 case WLAN_ELEMID_EXTN_ELEM: 654 status = util_scan_parse_extn_ie(scan_params, ie); 655 if (QDF_IS_STATUS_ERROR(status)) 656 return status; 657 break; 658 default: 659 break; 660 } 661 662 /* Consume info element */ 663 ie_len -= ie->ie_len; 664 /* Go to next IE */ 665 ie = (struct ie_header *) 666 (((uint8_t *) ie) + 667 sizeof(struct ie_header) + 668 ie->ie_len); 669 } 670 671 return QDF_STATUS_SUCCESS; 672 } 673 674 /** 675 * util_scan_update_esp_data: update ESP params from beacon/probe response 676 * @esp_information: pointer to wlan_esp_information 677 * @scan_entry: new received entry 678 * 679 * The Estimated Service Parameters element is 680 * used by a AP to provide information to another STA which 681 * can then use the information as input to an algorithm to 682 * generate an estimate of throughput between the two STAs. 683 * The ESP Information List field contains from 1 to 4 ESP 684 * Information fields(each field 24 bits), each corresponding 685 * to an access category for which estimated service parameters 686 * information is provided. 687 * 688 * Return: None 689 */ 690 static void util_scan_update_esp_data(struct wlan_esp_ie *esp_information, 691 struct scan_cache_entry *scan_entry) 692 { 693 694 uint8_t *data; 695 int i = 0; 696 uint64_t total_elements; 697 struct wlan_esp_info *esp_info; 698 struct wlan_esp_ie *esp_ie; 699 700 esp_ie = (struct wlan_esp_ie *) 701 util_scan_entry_esp_info(scan_entry); 702 703 total_elements = esp_ie->esp_len; 704 data = (uint8_t *)esp_ie + 3; 705 do_div(total_elements, ESP_INFORMATION_LIST_LENGTH); 706 707 if (total_elements > MAX_ESP_INFORMATION_FIELD) { 708 scm_err("No of Air time fractions are greater than supported"); 709 return; 710 } 711 712 for (i = 0; i < total_elements; i++) { 713 esp_info = (struct wlan_esp_info *)data; 714 if (esp_info->access_category == ESP_AC_BK) { 715 qdf_mem_copy(&esp_information->esp_info_AC_BK, 716 data, 3); 717 data = data + ESP_INFORMATION_LIST_LENGTH; 718 continue; 719 } 720 if (esp_info->access_category == ESP_AC_BE) { 721 qdf_mem_copy(&esp_information->esp_info_AC_BE, 722 data, 3); 723 data = data + ESP_INFORMATION_LIST_LENGTH; 724 continue; 725 } 726 if (esp_info->access_category == ESP_AC_VI) { 727 qdf_mem_copy(&esp_information->esp_info_AC_VI, 728 data, 3); 729 data = data + ESP_INFORMATION_LIST_LENGTH; 730 continue; 731 } 732 if (esp_info->access_category == ESP_AC_VO) { 733 qdf_mem_copy(&esp_information->esp_info_AC_VO, 734 data, 3); 735 data = data + ESP_INFORMATION_LIST_LENGTH; 736 break; 737 } 738 } 739 } 740 741 /** 742 * util_scan_scm_update_bss_with_esp_dataa: calculate estimated air time 743 * fraction 744 * @scan_entry: new received entry 745 * 746 * This function process all Access category ESP params and provide 747 * best effort air time fraction. 748 * If best effort is not available, it will choose VI, VO and BK in sequence 749 * 750 */ 751 static void util_scan_scm_update_bss_with_esp_data( 752 struct scan_cache_entry *scan_entry) 753 { 754 uint8_t air_time_fraction = 0; 755 struct wlan_esp_ie esp_information; 756 757 if (!scan_entry->ie_list.esp) 758 return; 759 760 util_scan_update_esp_data(&esp_information, scan_entry); 761 762 /* 763 * If the ESP metric is transmitting multiple airtime fractions, then 764 * follow the sequence AC_BE, AC_VI, AC_VO, AC_BK and pick whichever is 765 * the first one available 766 */ 767 if (esp_information.esp_info_AC_BE.access_category 768 == ESP_AC_BE) 769 air_time_fraction = 770 esp_information.esp_info_AC_BE. 771 estimated_air_fraction; 772 else if (esp_information.esp_info_AC_VI.access_category 773 == ESP_AC_VI) 774 air_time_fraction = 775 esp_information.esp_info_AC_VI. 776 estimated_air_fraction; 777 else if (esp_information.esp_info_AC_VO.access_category 778 == ESP_AC_VO) 779 air_time_fraction = 780 esp_information.esp_info_AC_VO. 781 estimated_air_fraction; 782 else if (esp_information.esp_info_AC_BK.access_category 783 == ESP_AC_BK) 784 air_time_fraction = 785 esp_information.esp_info_AC_BK. 786 estimated_air_fraction; 787 scan_entry->air_time_fraction = air_time_fraction; 788 } 789 790 /** 791 * util_scan_scm_calc_nss_supported_by_ap() - finds out nss from AP 792 * @scan_entry: new received entry 793 * 794 * Return: number of nss advertised by AP 795 */ 796 static int util_scan_scm_calc_nss_supported_by_ap( 797 struct scan_cache_entry *scan_params) 798 { 799 struct htcap_cmn_ie *htcap; 800 struct wlan_ie_vhtcaps *vhtcaps; 801 uint8_t rx_mcs_map; 802 803 htcap = (struct htcap_cmn_ie *) 804 util_scan_entry_htcap(scan_params); 805 vhtcaps = (struct wlan_ie_vhtcaps *) 806 util_scan_entry_vhtcap(scan_params); 807 if (vhtcaps) { 808 rx_mcs_map = vhtcaps->rx_mcs_map; 809 if ((rx_mcs_map & 0xC0) != 0xC0) 810 return 4; 811 812 if ((rx_mcs_map & 0x30) != 0x30) 813 return 3; 814 815 if ((rx_mcs_map & 0x0C) != 0x0C) 816 return 2; 817 } else if (htcap) { 818 if (htcap->mcsset[3]) 819 return 4; 820 821 if (htcap->mcsset[2]) 822 return 3; 823 824 if (htcap->mcsset[1]) 825 return 2; 826 827 } 828 return 1; 829 } 830 831 #ifdef WLAN_DFS_CHAN_HIDDEN_SSID 832 QDF_STATUS 833 util_scan_add_hidden_ssid(struct wlan_objmgr_pdev *pdev, qdf_nbuf_t bcnbuf) 834 { 835 struct wlan_frame_hdr *hdr; 836 struct wlan_bcn_frame *bcn; 837 struct wlan_scan_obj *scan_obj; 838 struct wlan_ssid *conf_ssid; 839 struct ie_header *ie; 840 uint32_t frame_len = qdf_nbuf_len(bcnbuf); 841 uint16_t bcn_ie_offset, ssid_ie_start_offset, ssid_ie_end_offset; 842 uint16_t tmplen, ie_length; 843 uint8_t *pbeacon, *tmp; 844 bool set_ssid_flag = false; 845 struct ie_ssid *ssid; 846 uint8_t pdev_id; 847 848 if (!pdev) { 849 scm_warn("pdev: 0x%pK is NULL", pdev); 850 return QDF_STATUS_E_NULL_VALUE; 851 } 852 pdev_id = wlan_objmgr_pdev_get_pdev_id(pdev); 853 scan_obj = wlan_pdev_get_scan_obj(pdev); 854 855 conf_ssid = &scan_obj->pdev_info[pdev_id].conf_ssid; 856 857 hdr = (struct wlan_frame_hdr *)qdf_nbuf_data(bcnbuf); 858 859 /* received bssid does not match configured bssid */ 860 if (qdf_mem_cmp(hdr->i_addr3, scan_obj->pdev_info[pdev_id].conf_bssid, 861 QDF_MAC_ADDR_SIZE) || 862 conf_ssid->length == 0) { 863 return QDF_STATUS_SUCCESS; 864 } 865 866 bcn = (struct wlan_bcn_frame *)(qdf_nbuf_data(bcnbuf) + sizeof(*hdr)); 867 pbeacon = (uint8_t *)bcn; 868 869 ie = (struct ie_header *)(pbeacon + 870 offsetof(struct wlan_bcn_frame, ie)); 871 872 bcn_ie_offset = offsetof(struct wlan_bcn_frame, ie); 873 ie_length = (uint16_t)(frame_len - sizeof(*hdr) - 874 bcn_ie_offset); 875 876 while (ie_length >= sizeof(struct ie_header)) { 877 ie_length -= sizeof(struct ie_header); 878 879 bcn_ie_offset += sizeof(struct ie_header); 880 881 if (ie_length < ie->ie_len) { 882 scm_debug("Incomplete corrupted IE:%x", ie->ie_id); 883 return QDF_STATUS_E_INVAL; 884 } 885 if (ie->ie_id == WLAN_ELEMID_SSID) { 886 if (ie->ie_len > (sizeof(struct ie_ssid) - 887 sizeof(struct ie_header))) { 888 return QDF_STATUS_E_INVAL; 889 } 890 ssid = (struct ie_ssid *)ie; 891 if (util_scan_is_hidden_ssid(ssid)) { 892 set_ssid_flag = true; 893 ssid_ie_start_offset = bcn_ie_offset - 894 sizeof(struct ie_header); 895 ssid_ie_end_offset = bcn_ie_offset + 896 ie->ie_len; 897 } 898 } 899 if (ie->ie_len == 0) { 900 ie += 1; /* next IE */ 901 continue; 902 } 903 if (ie->ie_id == WLAN_ELEMID_VENDOR && 904 is_wps_oui((uint8_t *)ie)) { 905 set_ssid_flag = false; 906 break; 907 } 908 /* Consume info element */ 909 ie_length -= ie->ie_len; 910 /* Go to next IE */ 911 ie = (struct ie_header *)(((uint8_t *)ie) + 912 sizeof(struct ie_header) + 913 ie->ie_len); 914 } 915 916 if (set_ssid_flag) { 917 /* Hidden SSID if the Length is 0 */ 918 if (!ssid->ssid_len) { 919 /* increase the taillength by length of ssid */ 920 if (qdf_nbuf_put_tail(bcnbuf, 921 conf_ssid->length) == NULL) { 922 scm_debug("No enough tailroom"); 923 return QDF_STATUS_E_NOMEM; 924 } 925 /* length of the buffer to be copied */ 926 tmplen = frame_len - 927 sizeof(*hdr) - ssid_ie_end_offset; 928 /* 929 * tmp memory to copy the beacon info 930 * after ssid ie. 931 */ 932 tmp = qdf_mem_malloc(tmplen * sizeof(u_int8_t)); 933 if (!tmp) { 934 scm_debug("tmp memory alloc failed"); 935 return QDF_STATUS_E_NOMEM; 936 } 937 /* Copy beacon data after ssid ie to tmp */ 938 qdf_nbuf_copy_bits(bcnbuf, (sizeof(*hdr) + 939 ssid_ie_end_offset), tmplen, tmp); 940 /* Add ssid length */ 941 *(pbeacon + (ssid_ie_start_offset + 1)) 942 = conf_ssid->length; 943 /* Insert the SSID string */ 944 qdf_mem_copy((pbeacon + ssid_ie_end_offset), 945 conf_ssid->ssid, conf_ssid->length); 946 /* Copy rest of the beacon data */ 947 qdf_mem_copy((pbeacon + ssid_ie_end_offset + 948 conf_ssid->length), tmp, tmplen); 949 qdf_mem_free(tmp); 950 951 /* Hidden ssid with all 0's */ 952 } else if (ssid->ssid_len == conf_ssid->length) { 953 /* Insert the SSID string */ 954 qdf_mem_copy((pbeacon + ssid_ie_start_offset + 955 sizeof(struct ie_header)), 956 conf_ssid->ssid, conf_ssid->length); 957 } else { 958 scm_debug("mismatch in hidden ssid length"); 959 return QDF_STATUS_E_INVAL; 960 } 961 } 962 return QDF_STATUS_SUCCESS; 963 } 964 #endif /* WLAN_DFS_CHAN_HIDDEN_SSID */ 965 static QDF_STATUS 966 util_scan_gen_scan_entry(struct wlan_objmgr_pdev *pdev, 967 uint8_t *frame, qdf_size_t frame_len, 968 uint32_t frm_subtype, 969 struct mgmt_rx_event_params *rx_param, 970 qdf_list_t *scan_list) 971 { 972 struct wlan_frame_hdr *hdr; 973 struct wlan_bcn_frame *bcn; 974 QDF_STATUS status = QDF_STATUS_SUCCESS; 975 struct ie_ssid *ssid; 976 struct scan_cache_entry *scan_entry; 977 struct qbss_load_ie *qbss_load; 978 struct scan_cache_node *scan_node; 979 980 scan_entry = qdf_mem_malloc_atomic(sizeof(*scan_entry)); 981 if (!scan_entry) { 982 scm_err("failed to allocate memory for scan_entry"); 983 return QDF_STATUS_E_NOMEM; 984 } 985 scan_entry->raw_frame.ptr = 986 qdf_mem_malloc_atomic(frame_len); 987 if (!scan_entry->raw_frame.ptr) { 988 scm_err("failed to allocate memory for frame"); 989 qdf_mem_free(scan_entry); 990 return QDF_STATUS_E_NOMEM; 991 } 992 993 bcn = (struct wlan_bcn_frame *) 994 (frame + sizeof(*hdr)); 995 hdr = (struct wlan_frame_hdr *)frame; 996 997 /* update timestamp in nanoseconds needed by kernel layers */ 998 scan_entry->boottime_ns = qdf_get_bootbased_boottime_ns(); 999 1000 scan_entry->frm_subtype = frm_subtype; 1001 qdf_mem_copy(scan_entry->bssid.bytes, 1002 hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1003 /* Scr addr */ 1004 qdf_mem_copy(scan_entry->mac_addr.bytes, 1005 hdr->i_addr2, QDF_MAC_ADDR_SIZE); 1006 scan_entry->seq_num = 1007 (le16toh(*(uint16_t *)hdr->i_seq) >> WLAN_SEQ_SEQ_SHIFT); 1008 1009 scan_entry->rssi_raw = rx_param->rssi; 1010 scan_entry->avg_rssi = WLAN_RSSI_IN(scan_entry->rssi_raw); 1011 scan_entry->tsf_delta = rx_param->tsf_delta; 1012 1013 /* Copy per chain rssi to scan entry */ 1014 qdf_mem_copy(scan_entry->per_chain_snr, rx_param->rssi_ctl, 1015 WLAN_MGMT_TXRX_HOST_MAX_ANTENNA); 1016 1017 /* store jiffies */ 1018 scan_entry->rrm_parent_tsf = (uint32_t)qdf_system_ticks(); 1019 1020 scan_entry->bcn_int = le16toh(bcn->beacon_interval); 1021 1022 /* 1023 * In case if the beacon dosnt have 1024 * valid beacon interval falback to def 1025 */ 1026 if (!scan_entry->bcn_int) 1027 scan_entry->bcn_int = 100; 1028 scan_entry->cap_info.value = le16toh(bcn->capability.value); 1029 qdf_mem_copy(scan_entry->tsf_info.data, 1030 bcn->timestamp, 8); 1031 scan_entry->erp = ERP_NON_ERP_PRESENT; 1032 1033 scan_entry->scan_entry_time = 1034 qdf_mc_timer_get_system_time(); 1035 1036 scan_entry->raw_frame.len = frame_len; 1037 qdf_mem_copy(scan_entry->raw_frame.ptr, 1038 frame, frame_len); 1039 status = util_scan_populate_bcn_ie_list(scan_entry); 1040 if (QDF_IS_STATUS_ERROR(status)) { 1041 scm_debug("failed to parse beacon IE"); 1042 qdf_mem_free(scan_entry->raw_frame.ptr); 1043 qdf_mem_free(scan_entry); 1044 return QDF_STATUS_E_FAILURE; 1045 } 1046 1047 if (!scan_entry->ie_list.rates) { 1048 qdf_mem_free(scan_entry->raw_frame.ptr); 1049 qdf_mem_free(scan_entry); 1050 return QDF_STATUS_E_FAILURE; 1051 } 1052 1053 ssid = (struct ie_ssid *) 1054 scan_entry->ie_list.ssid; 1055 1056 if (ssid && (ssid->ssid_len > WLAN_SSID_MAX_LEN)) { 1057 qdf_mem_free(scan_entry->raw_frame.ptr); 1058 qdf_mem_free(scan_entry); 1059 return QDF_STATUS_E_FAILURE; 1060 } 1061 1062 if (scan_entry->ie_list.p2p) 1063 scan_entry->is_p2p = true; 1064 1065 /* If no channel info is present in beacon use meta channel */ 1066 if (!scan_entry->channel.chan_idx) { 1067 scan_entry->channel.chan_idx = 1068 rx_param->channel; 1069 } else if (rx_param->channel != 1070 scan_entry->channel.chan_idx) { 1071 if (!wlan_reg_chan_is_49ghz(pdev, scan_entry->channel.chan_idx)) 1072 scan_entry->channel_mismatch = true; 1073 } 1074 1075 if (util_scan_is_hidden_ssid(ssid)) { 1076 scan_entry->ie_list.ssid = NULL; 1077 } else { 1078 qdf_mem_copy(scan_entry->ssid.ssid, 1079 ssid->ssid, WLAN_SSID_MAX_LEN); 1080 scan_entry->ssid.length = ssid->ssid_len; 1081 scan_entry->hidden_ssid_timestamp = 1082 scan_entry->scan_entry_time; 1083 } 1084 1085 if (WLAN_CHAN_IS_5GHZ(scan_entry->channel.chan_idx)) 1086 scan_entry->phy_mode = util_scan_get_phymode_5g(scan_entry); 1087 else 1088 scan_entry->phy_mode = util_scan_get_phymode_2g(scan_entry); 1089 1090 scan_entry->nss = util_scan_scm_calc_nss_supported_by_ap(scan_entry); 1091 util_scan_scm_update_bss_with_esp_data(scan_entry); 1092 qbss_load = (struct qbss_load_ie *) 1093 util_scan_entry_qbssload(scan_entry); 1094 if (qbss_load) 1095 scan_entry->qbss_chan_load = qbss_load->qbss_chan_load; 1096 1097 scan_node = qdf_mem_malloc_atomic(sizeof(*scan_node)); 1098 if (!scan_node) { 1099 qdf_mem_free(scan_entry->raw_frame.ptr); 1100 qdf_mem_free(scan_entry); 1101 return QDF_STATUS_E_FAILURE; 1102 } 1103 1104 scan_node->entry = scan_entry; 1105 qdf_list_insert_front(scan_list, &scan_node->node); 1106 1107 return status; 1108 } 1109 1110 /** 1111 * util_scan_find_ie() - find information element 1112 * @eid: element id 1113 * @ies: pointer consisting of IEs 1114 * @len: IE length 1115 * 1116 * Return: NULL if the element ID is not found or 1117 * a pointer to the first byte of the requested 1118 * element 1119 */ 1120 static uint8_t *util_scan_find_ie(uint8_t eid, uint8_t *ies, 1121 int32_t len) 1122 { 1123 while (len >= 2 && len >= ies[1] + 2) { 1124 if (ies[0] == eid) 1125 return ies; 1126 len -= ies[1] + 2; 1127 ies += ies[1] + 2; 1128 } 1129 1130 return NULL; 1131 } 1132 1133 #ifdef WLAN_FEATURE_MBSSID 1134 static void util_gen_new_bssid(uint8_t *bssid, uint8_t max_bssid, 1135 uint8_t mbssid_index, 1136 uint8_t *new_bssid_addr) 1137 { 1138 uint64_t bssid_tmp = 0, new_bssid = 0; 1139 uint64_t lsb_n; 1140 int i; 1141 1142 for (i = 0; i < QDF_MAC_ADDR_SIZE; i++) 1143 bssid_tmp = bssid_tmp << 8 | bssid[i]; 1144 1145 lsb_n = bssid_tmp & ((1 << max_bssid) - 1); 1146 new_bssid = bssid_tmp; 1147 new_bssid &= ~((1 << max_bssid) - 1); 1148 new_bssid |= (lsb_n + mbssid_index) % (1 << max_bssid); 1149 1150 for (i = QDF_MAC_ADDR_SIZE - 1; i >= 0; i--) { 1151 new_bssid_addr[i] = new_bssid & 0xff; 1152 new_bssid = new_bssid >> 8; 1153 } 1154 } 1155 1156 static uint32_t util_gen_new_ie(uint8_t *ie, uint32_t ielen, 1157 uint8_t *subelement, 1158 size_t subie_len, uint8_t *new_ie) 1159 { 1160 uint8_t *pos, *tmp; 1161 const uint8_t *tmp_old, *tmp_new; 1162 uint8_t *sub_copy; 1163 1164 /* copy subelement as we need to change its content to 1165 * mark an ie after it is processed. 1166 */ 1167 sub_copy = qdf_mem_malloc(subie_len); 1168 if (!sub_copy) 1169 return 0; 1170 qdf_mem_copy(sub_copy, subelement, subie_len); 1171 1172 pos = &new_ie[0]; 1173 1174 /* new ssid */ 1175 tmp_new = util_scan_find_ie(WLAN_ELEMID_SSID, sub_copy, subie_len); 1176 if (tmp_new) { 1177 qdf_mem_copy(pos, tmp_new, tmp_new[1] + 2); 1178 pos += (tmp_new[1] + 2); 1179 } 1180 1181 /* go through IEs in ie (skip SSID) and subelement, 1182 * merge them into new_ie 1183 */ 1184 tmp_old = util_scan_find_ie(WLAN_ELEMID_SSID, ie, ielen); 1185 tmp_old = (tmp_old) ? tmp_old + tmp_old[1] + 2 : ie; 1186 1187 while (tmp_old + tmp_old[1] + 2 - ie <= ielen) { 1188 if (tmp_old[0] == 0) { 1189 tmp_old++; 1190 continue; 1191 } 1192 1193 tmp = (uint8_t *)util_scan_find_ie(tmp_old[0], sub_copy, 1194 subie_len); 1195 if (!tmp) { 1196 /* ie in old ie but not in subelement */ 1197 if (tmp_old[0] != WLAN_ELEMID_MULTIPLE_BSSID) { 1198 qdf_mem_copy(pos, tmp_old, tmp_old[1] + 2); 1199 pos += tmp_old[1] + 2; 1200 } 1201 } else { 1202 /* ie in transmitting ie also in subelement, 1203 * copy from subelement and flag the ie in subelement 1204 * as copied (by setting eid field to 0xff). For 1205 * vendor ie, compare OUI + type + subType to 1206 * determine if they are the same ie. 1207 */ 1208 if (tmp_old[0] == WLAN_ELEMID_VENDOR) { 1209 if (!qdf_mem_cmp(tmp_old + 2, tmp + 2, 5)) { 1210 /* same vendor ie, copy from 1211 * subelement 1212 */ 1213 qdf_mem_copy(pos, tmp, tmp[1] + 2); 1214 pos += tmp[1] + 2; 1215 tmp[0] = 0xff; 1216 } else { 1217 qdf_mem_copy(pos, tmp_old, 1218 tmp_old[1] + 2); 1219 pos += tmp_old[1] + 2; 1220 } 1221 } else { 1222 /* copy ie from subelement into new ie */ 1223 qdf_mem_copy(pos, tmp, tmp[1] + 2); 1224 pos += tmp[1] + 2; 1225 tmp[0] = 0xff; 1226 } 1227 } 1228 1229 if (tmp_old + tmp_old[1] + 2 - ie == ielen) 1230 break; 1231 1232 tmp_old += tmp_old[1] + 2; 1233 } 1234 1235 /* go through subelement again to check if there is any ie not 1236 * copied to new ie, skip ssid, capability, bssid-index ie 1237 */ 1238 tmp_new = sub_copy; 1239 while (tmp_new + tmp_new[1] + 2 - sub_copy <= subie_len) { 1240 if (!(tmp_new[0] == WLAN_ELEMID_NONTX_BSSID_CAP || 1241 tmp_new[0] == WLAN_ELEMID_SSID || 1242 tmp_new[0] == WLAN_ELEMID_MULTI_BSSID_IDX || 1243 tmp_new[0] == 0xff)) { 1244 qdf_mem_copy(pos, tmp_new, tmp_new[1] + 2); 1245 pos += tmp_new[1] + 2; 1246 } 1247 if (tmp_new + tmp_new[1] + 2 - sub_copy == subie_len) 1248 break; 1249 tmp_new += tmp_new[1] + 2; 1250 } 1251 1252 qdf_mem_free(sub_copy); 1253 return pos - new_ie; 1254 } 1255 1256 static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev, 1257 uint8_t *frame, qdf_size_t frame_len, 1258 uint32_t frm_subtype, 1259 struct mgmt_rx_event_params *rx_param, 1260 qdf_list_t *scan_list) 1261 { 1262 struct wlan_bcn_frame *bcn; 1263 struct wlan_frame_hdr *hdr; 1264 QDF_STATUS status; 1265 uint8_t *pos, *subelement, *mbssid_end_pos; 1266 uint8_t *tmp, *mbssid_index_ie; 1267 uint32_t subie_len, new_ie_len; 1268 uint8_t new_bssid[QDF_MAC_ADDR_SIZE], bssid[QDF_MAC_ADDR_SIZE]; 1269 uint8_t *new_ie; 1270 uint8_t *ie, *new_frame = NULL; 1271 uint64_t ielen, new_frame_len; 1272 1273 hdr = (struct wlan_frame_hdr *)frame; 1274 bcn = (struct wlan_bcn_frame *)(frame + sizeof(struct wlan_frame_hdr)); 1275 ie = (uint8_t *)&bcn->ie; 1276 ielen = (uint16_t)(frame_len - 1277 sizeof(struct wlan_frame_hdr) - 1278 offsetof(struct wlan_bcn_frame, ie)); 1279 qdf_mem_copy(bssid, hdr->i_addr3, QDF_MAC_ADDR_SIZE); 1280 1281 if (!util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID, ie, ielen)) 1282 return QDF_STATUS_E_FAILURE; 1283 1284 pos = ie; 1285 1286 new_ie = qdf_mem_malloc(MAX_IE_LEN); 1287 if (!new_ie) { 1288 scm_err("Failed to allocate memory for new ie"); 1289 return QDF_STATUS_E_NOMEM; 1290 } 1291 1292 while (pos < ie + ielen + 2) { 1293 tmp = util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID, pos, 1294 ielen - (pos - ie)); 1295 if (!tmp) 1296 break; 1297 1298 mbssid_end_pos = tmp + tmp[1] + 2; 1299 /* Skip Element ID, Len, MaxBSSID Indicator */ 1300 if (tmp[1] < 4) 1301 break; 1302 for (subelement = tmp + 3; subelement < mbssid_end_pos - 1; 1303 subelement += 2 + subelement[1]) { 1304 subie_len = subelement[1]; 1305 if (mbssid_end_pos - subelement < 2 + subie_len) 1306 break; 1307 if (subelement[0] != 0 || subelement[1] < 4) { 1308 /* not a valid BSS profile */ 1309 continue; 1310 } 1311 1312 if (subelement[2] != WLAN_ELEMID_NONTX_BSSID_CAP || 1313 subelement[3] != 2) { 1314 /* The first element within the Nontransmitted 1315 * BSSID Profile is not the Nontransmitted 1316 * BSSID Capability element. 1317 */ 1318 continue; 1319 } 1320 1321 /* found a Nontransmitted BSSID Profile */ 1322 mbssid_index_ie = 1323 util_scan_find_ie(WLAN_ELEMID_MULTI_BSSID_IDX, 1324 subelement + 2, subie_len); 1325 if (!mbssid_index_ie || mbssid_index_ie[1] < 1 || 1326 mbssid_index_ie[2] == 0) { 1327 /* No valid Multiple BSSID-Index element */ 1328 continue; 1329 } 1330 1331 util_gen_new_bssid(bssid, tmp[2], mbssid_index_ie[2], 1332 new_bssid); 1333 new_ie_len = util_gen_new_ie(ie, ielen, subelement + 2, 1334 subie_len, new_ie); 1335 if (!new_ie_len) 1336 continue; 1337 1338 new_frame_len = frame_len - ielen + new_ie_len; 1339 new_frame = qdf_mem_malloc(new_frame_len); 1340 if (!new_frame) { 1341 qdf_mem_free(new_ie); 1342 scm_err("failed to allocate memory"); 1343 return QDF_STATUS_E_NOMEM; 1344 } 1345 1346 /* 1347 * Copy the header(24byte), timestamp(8 byte), 1348 * beaconinterval(2byte) and capability(2byte) 1349 */ 1350 qdf_mem_copy(new_frame, frame, 36); 1351 /* Copy the new ie generated from MBSSID profile*/ 1352 qdf_mem_copy(new_frame + 1353 offsetof(struct wlan_bcn_frame, ie), 1354 new_ie, new_ie_len); 1355 status = util_scan_gen_scan_entry(pdev, new_frame, 1356 new_frame_len, 1357 frm_subtype, 1358 rx_param, scan_list); 1359 if (QDF_IS_STATUS_ERROR(status)) { 1360 qdf_mem_free(new_frame); 1361 scm_err("failed to generate a scan entry"); 1362 break; 1363 } 1364 /* scan entry makes its own copy so free the frame*/ 1365 qdf_mem_free(new_frame); 1366 } 1367 1368 pos = mbssid_end_pos; 1369 } 1370 qdf_mem_free(new_ie); 1371 1372 return QDF_STATUS_SUCCESS; 1373 } 1374 #else 1375 static QDF_STATUS util_scan_parse_mbssid(struct wlan_objmgr_pdev *pdev, 1376 uint8_t *frame, qdf_size_t frame_len, 1377 uint32_t frm_subtype, 1378 struct mgmt_rx_event_params *rx_param, 1379 qdf_list_t *scan_list) 1380 { 1381 return util_scan_gen_scan_entry(pdev, frame, frame_len, 1382 frm_subtype, rx_param, scan_list); 1383 } 1384 #endif 1385 1386 static QDF_STATUS 1387 util_scan_parse_beacon_frame(struct wlan_objmgr_pdev *pdev, 1388 uint8_t *frame, 1389 qdf_size_t frame_len, 1390 uint32_t frm_subtype, 1391 struct mgmt_rx_event_params *rx_param, 1392 qdf_list_t *scan_list) 1393 { 1394 struct wlan_bcn_frame *bcn; 1395 uint32_t ie_len = 0; 1396 QDF_STATUS status; 1397 1398 bcn = (struct wlan_bcn_frame *) 1399 (frame + sizeof(struct wlan_frame_hdr)); 1400 ie_len = (uint16_t)(frame_len - 1401 sizeof(struct wlan_frame_hdr) - 1402 offsetof(struct wlan_bcn_frame, ie)); 1403 1404 /* 1405 * IF MBSSID IE is present in the beacon then 1406 * scan component will create a new entry for 1407 * each BSSID found in the MBSSID 1408 */ 1409 if (util_scan_find_ie(WLAN_ELEMID_MULTIPLE_BSSID, 1410 (uint8_t *)&bcn->ie, ie_len)) 1411 status = util_scan_parse_mbssid(pdev, frame, frame_len, 1412 frm_subtype, rx_param, 1413 scan_list); 1414 else 1415 status = util_scan_gen_scan_entry(pdev, frame, frame_len, 1416 frm_subtype, rx_param, 1417 scan_list); 1418 if (QDF_IS_STATUS_ERROR(status)) { 1419 scm_err_rl("Failed to create a scan entry"); 1420 } 1421 1422 return status; 1423 } 1424 1425 qdf_list_t * 1426 util_scan_unpack_beacon_frame(struct wlan_objmgr_pdev *pdev, uint8_t *frame, 1427 qdf_size_t frame_len, uint32_t frm_subtype, 1428 struct mgmt_rx_event_params *rx_param) 1429 { 1430 qdf_list_t *scan_list; 1431 QDF_STATUS status; 1432 1433 scan_list = qdf_mem_malloc_atomic(sizeof(*scan_list)); 1434 if (!scan_list) { 1435 scm_err("failed to allocate scan_list"); 1436 return NULL; 1437 } 1438 qdf_list_create(scan_list, MAX_SCAN_CACHE_SIZE); 1439 1440 status = util_scan_parse_beacon_frame(pdev, frame, frame_len, 1441 frm_subtype, rx_param, 1442 scan_list); 1443 if (QDF_IS_STATUS_ERROR(status)) { 1444 ucfg_scan_purge_results(scan_list); 1445 return NULL; 1446 } 1447 1448 return scan_list; 1449 } 1450 1451 QDF_STATUS 1452 util_scan_entry_update_mlme_info(struct wlan_objmgr_pdev *pdev, 1453 struct scan_cache_entry *scan_entry) 1454 { 1455 1456 if (!pdev || !scan_entry) { 1457 scm_err("pdev 0x%pK, scan_entry: 0x%pK", pdev, scan_entry); 1458 return QDF_STATUS_E_INVAL; 1459 } 1460 1461 return scm_update_scan_mlme_info(pdev, scan_entry); 1462 } 1463 1464 bool util_is_scan_completed(struct scan_event *event, bool *success) 1465 { 1466 if ((event->type == SCAN_EVENT_TYPE_COMPLETED) || 1467 (event->type == SCAN_EVENT_TYPE_DEQUEUED) || 1468 (event->type == SCAN_EVENT_TYPE_START_FAILED)) { 1469 if ((event->type == SCAN_EVENT_TYPE_COMPLETED) && 1470 (event->reason == SCAN_REASON_COMPLETED)) 1471 *success = true; 1472 else 1473 *success = false; 1474 1475 return true; 1476 } 1477 1478 *success = false; 1479 return false; 1480 } 1481 1482