qcacmn: Add logic to ignore 6Ghz AP if security is not valid

Add logic to
- Check if connect req freq is 6Ghz and security
  is not allowed for 6Ghz, reject connect.
- Ignore 6Ghz APs if connect req security is invalid
  for 6Ghz

Also added user config key_mgmt_mask_6ghz mask
to allow specific AKMs, by default all are allowed.

Add added user config check_6Ghz_security to enable
security checks as per spec.

Change-Id: I37518731faa4de67a49853e5ac544efa3b3ce1d6
CRs-Fixed: 2813013

os_if/linux/mlme/inc/osif_cm_req.h

@@ -40,11 +40,16 @@
  * for production.
  * @dot11mode_filter: dot11mode filter used to restrict connection to
  * 11n/11ac/11ax.
+ * @sae_pwe: SAE mechanism for PWE derivation
+ *           0 = hunting-and-pecking loop only
+ *           1 = hash-to-element only
+ *           2 = both hunting-and-pecking loop and hash-to-element enabled
  */
 struct osif_connect_params {
 	struct element_info scan_ie;
 	bool force_rsne_override;
 	enum dot11_mode_filter dot11mode_filter;
+	uint8_t sae_pwe;
 };
 
 /**

os_if/linux/mlme/src/osif_cm_req.c

@@ -348,6 +348,7 @@ osif_cm_fill_connect_params(struct wlan_cm_connect_req *req,
 	}
 	req->dot11mode_filter = params->dot11mode_filter;
 	req->force_rsne_override = params->force_rsne_override;
+	req->sae_pwe = params->sae_pwe;
 }
 
 static void osif_cm_free_connect_req(struct wlan_cm_connect_req *connect_req)

umac/cmn_services/crypto/inc/wlan_crypto_global_api.h

@@ -721,8 +721,8 @@ bool wlan_crypto_check_wpa_match(struct wlan_objmgr_psoc *psoc,
  *
  * Return: pointer to RSNXE capability or NULL
  */
-uint8_t *
-wlan_crypto_parse_rsnxe_ie(uint8_t *rsnxe_ie, uint8_t *cap_len);
+const uint8_t *
+wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len);
 
 /**
  * wlan_get_crypto_params_from_wapi_ie - Function to get crypto params

umac/cmn_services/crypto/inc/wlan_crypto_global_def.h

@@ -229,6 +229,11 @@ enum wlan_crypto_key_type {
 				(_c == WLAN_CRYPTO_CIPHER_WEP_40) || \
 				(_c == WLAN_CRYPTO_CIPHER_WEP_104))
 
+#define DEFAULT_KEYMGMT_6G_MASK 0xFFFFFFFF
+
+/* AKM wlan_crypto_key_mgmt 0-8, 12-15 and 24 are not allowed. */
+#define ALLOWED_KEYMGMT_6G_MASK 0xFEFF0E00
+
 /*
  * enum fils_erp_cryptosuite: this enum defines the cryptosuites used
  * to calculate auth tag and auth tag length as defined by RFC 6696 5.3.1

umac/cmn_services/crypto/src/wlan_crypto_global_api.c

@@ -4353,11 +4353,11 @@ wlan_crypto_reset_prarams(struct wlan_crypto_params *params)
 	params->rsn_caps = 0;
 }
 
-uint8_t *
-wlan_crypto_parse_rsnxe_ie(uint8_t *rsnxe_ie, uint8_t *cap_len)
+const uint8_t *
+wlan_crypto_parse_rsnxe_ie(const uint8_t *rsnxe_ie, uint8_t *cap_len)
 {
 	uint8_t len;
-	uint8_t *ie;
+	const uint8_t *ie;
 
 	if (!rsnxe_ie)
 		return NULL;

umac/mlme/connection_mgr/core/src/wlan_cm_bss_scoring.c

@@ -699,7 +699,9 @@ cm_calculate_sae_pk_ap_weightage(struct scan_cache_entry *entry,
 				 struct scoring_cfg *score_params,
 				 bool *sae_pk_cap_present)
 {
-	uint8_t *rsnxe_ie, *rsnxe_cap, cap_len;
+	const uint8_t *rsnxe_ie;
+	const uint8_t *rsnxe_cap;
+	uint8_t cap_len;
 
 	rsnxe_ie = util_scan_entry_rsnxe(entry);
 
@@ -1291,6 +1293,27 @@ cm_calculate_etp_score(struct wlan_objmgr_psoc *psoc,
 				  entry->rssi_raw,
 				  phy_config);
 }
+
+#ifdef CONFIG_BAND_6GHZ
+static bool cm_check_h2e_support(const uint8_t *rsnxe, uint8_t sae_pwe)
+{
+	const uint8_t *rsnxe_cap;
+	uint8_t cap_len;
+
+	rsnxe_cap = wlan_crypto_parse_rsnxe_ie(rsnxe, &cap_len);
+	if (!rsnxe_cap) {
+		mlme_debug("RSNXE caps not present");
+		return false;
+	}
+
+	if (*rsnxe_cap & WLAN_CRYPTO_RSNX_CAP_SAE_H2E)
+		return true;
+
+	mlme_debug("RSNXE caps %x dont have H2E support", *rsnxe_cap);
+
+	return false;
+}
+#endif
 #else
 static bool
 cm_get_pcl_weight_of_channel(uint32_t chan_freq,
@@ -1349,6 +1372,19 @@ cm_calculate_etp_score(struct wlan_objmgr_psoc *psoc,
 {
 	return 0;
 }
+
+#ifdef CONFIG_BAND_6GHZ
+static bool cm_check_h2e_support(const uint8_t *rsnxe, uint8_t sae_pwe)
+{
+	/* limiting to H2E usage only */
+	if (sae_pwe == 1)
+		return true;
+
+	mlme_debug("sae_pwe %d is not H2E", sae_pwe);
+
+	return false;
+}
+#endif
 #endif
 
 /**
@@ -1730,6 +1766,127 @@ void wlan_cm_calculate_bss_score(struct wlan_objmgr_pdev *pdev,
 	}
 }
 
+#ifdef CONFIG_BAND_6GHZ
+bool wlan_cm_6ghz_allowed_for_akm(struct wlan_objmgr_psoc *psoc,
+				  uint32_t key_mgmt, uint16_t rsn_caps,
+				  const uint8_t *rsnxe, uint8_t sae_pwe)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+	struct scoring_cfg *config;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return false;
+
+	config = &mlme_psoc_obj->psoc_cfg.score_config;
+	/*
+	 * if check_6ghz_security is not set check if key_mgmt_mask_6ghz is set
+	 * if key_mgmt_mask_6ghz is set check if AKM matches the user configured
+	 * 6Ghz security
+	 */
+	if (!config->check_6ghz_security) {
+		if (!config->key_mgmt_mask_6ghz)
+			return true;
+		/* Check if AKM is allowed as per user 6Ghz allowed AKM mask */
+		if ((config->key_mgmt_mask_6ghz & key_mgmt) != key_mgmt) {
+			mlme_debug("user configured mask %x didnt match AKM %x",
+				   config->key_mgmt_mask_6ghz , key_mgmt);
+			return false;
+		}
+
+		return true;
+	}
+
+	/* Check if the AKM is allowed as per the 6Ghz allowed AKM mask */
+	if ((key_mgmt & ALLOWED_KEYMGMT_6G_MASK) != key_mgmt)
+		return false;
+
+	/* if check_6ghz_security is set validate all checks for 6Ghz */
+	if (!(rsn_caps & WLAN_CRYPTO_RSN_CAP_MFP_ENABLED))
+		return false;
+
+	/* for SAE we need to check H2E support */
+	if (!(QDF_HAS_PARAM(key_mgmt, WLAN_CRYPTO_KEY_MGMT_SAE) ||
+	    QDF_HAS_PARAM(key_mgmt, WLAN_CRYPTO_KEY_MGMT_FT_SAE)))
+		return true;
+
+	return cm_check_h2e_support(rsnxe, sae_pwe);
+}
+
+void wlan_cm_set_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				     bool value)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return;
+
+	mlme_psoc_obj->psoc_cfg.score_config.check_6ghz_security = value;
+}
+
+void wlan_cm_reset_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				       bool value)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return;
+
+	mlme_psoc_obj->psoc_cfg.score_config.check_6ghz_security =
+					cfg_get(psoc ,CFG_CHECK_6GHZ_SECURITY);
+}
+
+bool wlan_cm_get_check_6ghz_security(struct wlan_objmgr_psoc *psoc)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return false;
+
+	return mlme_psoc_obj->psoc_cfg.score_config.check_6ghz_security;
+}
+
+void wlan_cm_set_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc,
+				     uint32_t value)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return;
+
+	mlme_psoc_obj->psoc_cfg.score_config.key_mgmt_mask_6ghz = value;
+}
+
+uint32_t wlan_cm_get_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc)
+{
+	struct psoc_mlme_obj *mlme_psoc_obj;
+
+	mlme_psoc_obj = wlan_psoc_mlme_get_cmpt_obj(psoc);
+	if (!mlme_psoc_obj)
+		return DEFAULT_KEYMGMT_6G_MASK;
+
+	return mlme_psoc_obj->psoc_cfg.score_config.key_mgmt_mask_6ghz;
+}
+
+static void cm_fill_6ghz_params(struct wlan_objmgr_psoc *psoc,
+				struct scoring_cfg *score_cfg)
+{
+	/* Allow all security in 6Ghz by default */
+	score_cfg->check_6ghz_security = cfg_get(psoc, CFG_CHECK_6GHZ_SECURITY);
+	score_cfg->key_mgmt_mask_6ghz =
+				cfg_get(psoc, CFG_6GHZ_ALLOWED_AKM_MASK);
+}
+#else
+static inline void cm_fill_6ghz_params(struct wlan_objmgr_psoc *psoc,
+				       struct scoring_cfg *score_cfg)
+{
+}
+#endif
+
 static uint32_t
 cm_limit_max_per_index_score(uint32_t per_index_score)
 {
@@ -1892,4 +2049,5 @@ void wlan_cm_init_score_config(struct wlan_objmgr_psoc *psoc,
 	score_cfg->vendor_roam_score_algorithm =
 			cfg_get(psoc, CFG_VENDOR_ROAM_SCORE_ALGORITHM);
 	score_cfg->check_assoc_disallowed = true;
+	cm_fill_6ghz_params(psoc, score_cfg);
 }

umac/mlme/connection_mgr/core/src/wlan_cm_connect.c

@@ -730,7 +730,6 @@ static void cm_update_security_filter(struct scan_filter *filter,
 	filter->mgmtcipherset = req->crypto.mgmt_ciphers;
 	cm_set_pmf_caps(req, filter);
 }
-
 static inline void cm_set_fils_wep_key(struct cnx_mgr *cm_ctx,
 				       struct wlan_cm_connect_resp *resp)
 {}
@@ -740,8 +739,12 @@ static inline void cm_set_fils_wep_key(struct cnx_mgr *cm_ctx,
 static void cm_connect_prepare_scan_filter(struct wlan_objmgr_pdev *pdev,
 					   struct cnx_mgr *cm_ctx,
 					   struct cm_connect_req *cm_req,
-					   struct scan_filter *filter)
+					   struct scan_filter *filter,
+					   bool security_valid_for_6ghz)
 {
+	struct wlan_objmgr_psoc *psoc;
+
+	psoc = wlan_pdev_get_psoc(pdev);
 	if (!qdf_is_macaddr_zero(&cm_req->req.bssid)) {
 		filter->num_of_bssid = 1;
 		qdf_copy_macaddr(&filter->bssid_list[0], &cm_req->req.bssid);
@@ -757,6 +760,10 @@ static void cm_connect_prepare_scan_filter(struct wlan_objmgr_pdev *pdev,
 		filter->chan_freq_list[0] = cm_req->req.chan_freq;
 	}
 
+	/* Security is not valid for 6Ghz so ignore 6Ghz APs */
+	if (!security_valid_for_6ghz)
+		filter->ignore_6ghz_channel = true;
+
 	cm_update_security_filter(filter, &cm_req->req);
 	cm_update_advance_filter(pdev, cm_ctx, filter, cm_req);
 }
@@ -770,12 +777,35 @@ static QDF_STATUS cm_connect_get_candidates(struct wlan_objmgr_pdev *pdev,
 	enum QDF_OPMODE op_mode;
 	qdf_list_t *candidate_list;
 	uint8_t vdev_id = wlan_vdev_get_id(cm_ctx->vdev);
+	bool security_valid_for_6ghz;
+	const uint8_t *rsnxe;
 
 	filter = qdf_mem_malloc(sizeof(*filter));
 	if (!filter)
 		return QDF_STATUS_E_NOMEM;
 
-	cm_connect_prepare_scan_filter(pdev, cm_ctx, cm_req, filter);
+	rsnxe = wlan_get_ie_ptr_from_eid(WLAN_ELEMID_RSNXE,
+					 cm_req->req.assoc_ie.ptr,
+					 cm_req->req.assoc_ie.len);
+	security_valid_for_6ghz =
+		wlan_cm_6ghz_allowed_for_akm(wlan_pdev_get_psoc(pdev),
+					     cm_req->req.crypto.akm_suites,
+					     cm_req->req.crypto.rsn_caps,
+					     rsnxe, cm_req->req.sae_pwe);
+
+	/*
+	 * Ignore connect req if the freq is provided and its 6Ghz and
+	 * security is not valid for 6Ghz
+	 */
+	if (cm_req->req.chan_freq && !security_valid_for_6ghz &&
+	    WLAN_REG_IS_6GHZ_CHAN_FREQ(cm_req->req.chan_freq)) {
+		mlme_info(CM_PREFIX_FMT "6ghz freq given and 6Ghz not allowed for the security in connect req",
+			  CM_PREFIX_REF(vdev_id, cm_req->cm_id),
+			  cm_req->req.chan_freq);
+		return QDF_STATUS_E_INVAL;
+	}
+	cm_connect_prepare_scan_filter(pdev, cm_ctx, cm_req, filter,
+				       security_valid_for_6ghz);
 
 	candidate_list = wlan_scan_get_result(pdev, filter);
 	if (candidate_list) {

umac/mlme/connection_mgr/dispatcher/inc/cfg_mlme_score_params.h

@@ -1105,6 +1105,62 @@
 	CFG_INI_BOOL("vendor_roam_score_algorithm", false, \
 	"Roam candidate selection score algorithm")
 
+#ifdef CONFIG_BAND_6GHZ
+/*
+ * <ini>
+ * check_6ghz_security - Enable check for 6Ghz allowed security
+ * BSSID.
+ * @Min: 0
+ * @Max: 1
+ * @Default: 0
+ *
+ * This ini is used to Enable check for 6Ghz allowed security. If enabled
+ * only WPA3 and other allowed security will be allowed for 6Ghz connection
+ *
+ * Related: None
+ *
+ * Supported Feature: STA
+ *
+ * Usage: External
+ *
+ * </ini>
+ */
+#define CFG_CHECK_6GHZ_SECURITY CFG_INI_BOOL(\
+				"check_6ghz_security", 0, \
+				"Enable check for 6Ghz allowed security")
+/*
+ * <ini>
+ * key_mgmt_mask_6ghz - AKM bit mask (@wlan_crypto_key_mgmt) allowed in 6Ghz
+ * channel
+ * @Min: 0
+ * @Max: 0xffffffff
+ * @Default: 0xffffffff
+ *
+ * This ini is used to set allowed AKM check for 6Ghz. If enabled
+ * only only AKM bits allowed will be used to connect to candidate.
+ * valid only if check_6ghz_security is 0. By default all AKM are allowed
+ *
+ * Related: check_6Ghz_security
+ *
+ * Supported Feature: STA
+ *
+ * Usage: External
+ *
+ * </ini>
+ */
+#define CFG_6GHZ_ALLOWED_AKM_MASK CFG_INI_UINT(\
+			"key_mgmt_mask_6ghz",\
+			0, DEFAULT_KEYMGMT_6G_MASK, DEFAULT_KEYMGMT_6G_MASK,\
+			CFG_VALUE_OR_DEFAULT, \
+			"Set priority for connection with bssid_hint")
+
+#define CFG_6GHZ_CONFIG \
+	CFG(CFG_CHECK_6GHZ_SECURITY) \
+	CFG(CFG_6GHZ_ALLOWED_AKM_MASK)
+#else
+#define CFG_6GHZ_CONFIG
+#endif
+
 #define CFG_MLME_SCORE_ALL \
 	CFG(CFG_SCORING_RSSI_WEIGHTAGE) \
 	CFG(CFG_SCORING_HT_CAPS_WEIGHTAGE) \
@@ -1142,6 +1198,7 @@
 	CFG(CFG_SCORING_OCE_WAN_SCORE_IDX_11_TO_8) \
 	CFG(CFG_SCORING_OCE_WAN_SCORE_IDX_15_TO_12) \
 	CFG(CFG_IS_BSSID_HINT_PRIORITY) \
-	CFG(CFG_VENDOR_ROAM_SCORE_ALGORITHM)
+	CFG(CFG_VENDOR_ROAM_SCORE_ALGORITHM) \
+	CFG_6GHZ_CONFIG
 
 #endif /* __CFG_MLME_SCORE_PARAMS_H */

umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_bss_score_param.h

@@ -128,6 +128,8 @@ struct per_slot_score {
  * @is_bssid_hint_priority: True if bssid_hint is given priority
  * @check_assoc_disallowed: Should assoc be disallowed if MBO OCE IE indicate so
  * @vendor_roam_score_algorithm: Preferred ETP vendor roam score algorithm
+ * @check_6ghz_security: check security for 6Ghz candidate
+ * @key_mgmt_mask_6ghz: user configurable mask for 6ghz AKM
  */
 struct scoring_cfg {
 	struct weight_cfg weight_config;
@@ -137,9 +139,11 @@ struct scoring_cfg {
 	uint32_t bandwidth_weight_per_index;
 	uint32_t nss_weight_per_index;
 	uint32_t band_weight_per_index;
-	bool is_bssid_hint_priority;
-	bool check_assoc_disallowed;
-	bool vendor_roam_score_algorithm;
+	uint8_t is_bssid_hint_priority:1,
+		 check_assoc_disallowed:1,
+		 vendor_roam_score_algorithm:1,
+		 check_6ghz_security:1;
+	uint32_t key_mgmt_mask_6ghz;
 };
 
 /**
@@ -216,6 +220,102 @@ void wlan_cm_calculate_bss_score(struct wlan_objmgr_pdev *pdev,
 void wlan_cm_init_score_config(struct wlan_objmgr_psoc *psoc,
 			       struct scoring_cfg *score_cfg);
 
+/**
+ * wlan_cm_6ghz_allowed_for_akm() - check if 6Ghz channel can be allowed for AKM
+ * @psoc: pointer to psoc object
+ * @key_mgmt: key mgmt used
+ * @rsn_caps: rsn caps
+ * @rsnxe: rsnxe pointer if present
+ * @sae_pwe: support for SAE password
+ *
+ * Return: bool
+ */
+#ifdef CONFIG_BAND_6GHZ
+bool wlan_cm_6ghz_allowed_for_akm(struct wlan_objmgr_psoc *psoc,
+				  uint32_t key_mgmt, uint16_t rsn_caps,
+				  const uint8_t *rsnxe, uint8_t sae_pwe);
+
+/**
+ * wlan_cm_set_check_6ghz_security() - Set check 6Ghz security
+ * @psoc: pointer to psoc object
+ * @value: value to be set
+ *
+ * Return: void
+ */
+void wlan_cm_set_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				     bool value);
+
+/**
+ * wlan_cm_reset_check_6ghz_security() - reset check 6Ghz security to orignal
+ * value
+ * @psoc: pointer to psoc object
+ * @value: value to be set
+ *
+ * Return: void
+ */
+void wlan_cm_reset_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				     bool value);
+
+/**
+ * wlan_cm_get_check_6ghz_security() - Get 6Ghz allowe AKM mask
+ * @psoc: pointer to psoc object
+ * @value: value to be set
+ *
+ * Return: value
+ */
+bool wlan_cm_get_check_6ghz_security(struct wlan_objmgr_psoc *psoc);
+
+/**
+ * wlan_cm_set_6ghz_key_mgmt_mask() - Set 6Ghz allowe AKM mask
+ * @psoc: pointer to psoc object
+ *
+ * Return: void
+ */
+void wlan_cm_set_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc,
+				    uint32_t value);
+
+/**
+ * wlan_cm_get_6ghz_key_mgmt_mask() - Get 6Ghz allowe AKM mask
+ * @psoc: pointer to psoc object
+ *
+ * Return: value
+ */
+uint32_t wlan_cm_get_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc);
+
+#else
+static inline bool
+wlan_cm_6ghz_allowed_for_akm(struct wlan_objmgr_psoc *psoc,
+			     uint32_t key_mgmt, uint16_t rsn_caps,
+			     const uint8_t *rsnxe, uint8_t sae_pwe)
+{
+	return true;
+}
+
+static inline
+void wlan_cm_set_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				     bool value) {}
+
+static inline
+void wlan_cm_reset_check_6ghz_security(struct wlan_objmgr_psoc *psoc,
+				        bool value) {}
+
+static inline
+bool wlan_cm_get_check_6ghz_security(struct wlan_objmgr_psoc *psoc)
+{
+	return false;
+}
+
+static inline
+void wlan_cm_set_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc,
+				    uint32_t value) {}
+
+static inline
+uint32_t wlan_cm_get_6ghz_key_mgmt_mask(struct wlan_objmgr_psoc *psoc)
+{
+	return DEFAULT_KEYMGMT_6G_MASK;
+}
+#endif
+
 #ifdef CONN_MGR_ADV_FEATURE
 /**
  * wlan_cm_set_check_assoc_disallowed() - Set check assoc disallowed param

umac/mlme/connection_mgr/dispatcher/inc/wlan_cm_public_struct.h

@@ -154,9 +154,13 @@ enum wlan_cm_source {
  * for production.
  * @dot11mode_filter: dot11mode filter used to restrict connection to
  * 11n/11ac/11ax.
- * @ht_caps: ht capability
+ * @sae_pwe: SAE mechanism for PWE derivation
+ *           0 = hunting-and-pecking loop only
+ *           1 = hash-to-element only
+ *           2 = both hunting-and-pecking loop and hash-to-element enabled
+ * @ht_caps: ht capability information bit mask
  * @ht_caps_mask: mask of valid ht caps
- * @vht_caps: vht capability
+ * @vht_caps: vht capability information bit mask
  * @vht_caps_mask: mask of valid vht caps
  * @fils_info: Fills related connect info
  */
@@ -173,6 +177,7 @@ struct wlan_cm_connect_req {
 	struct element_info scan_ie;
 	bool force_rsne_override;
 	enum dot11_mode_filter dot11mode_filter;
+	uint8_t sae_pwe;
 	uint16_t ht_caps;
 	uint16_t ht_caps_mask;
 	uint32_t vht_caps;

umac/scan/core/src/wlan_scan_filter.c

@@ -648,6 +648,10 @@ bool scm_filter_match(struct wlan_objmgr_psoc *psoc,
 	if (filter->dot11mode && !scm_check_dot11mode(db_entry, filter))
 		return false;
 
+	if (filter->ignore_6ghz_channel &&
+	    WLAN_REG_IS_6GHZ_CHAN_FREQ(db_entry->channel.chan_freq))
+		return false;
+
 	if (filter->age_threshold && filter->age_threshold <
 					util_scan_entry_age(db_entry))
 		return false;

umac/scan/dispatcher/inc/wlan_scan_public_structs.h

@@ -500,6 +500,7 @@ enum dot11_mode_filter {
  * @ignore_auth_enc_type: Ignore enc type if
  *                        this is set (For WPS/OSEN connection)
  * @ignore_nol_chan: Ignore entry with channel in the NOL list
+ * @ignore_6ghz_channel: ignore 6Ghz channels
  * @age_threshold: If set return entry which are newer than the age_threshold
  * @num_of_bssid: number of bssid passed
  * @num_of_ssid: number of ssid
@@ -530,7 +531,8 @@ struct scan_filter {
 		rrm_measurement_filter:1,
 		ignore_pmf_cap:1,
 		ignore_auth_enc_type:1,
-		ignore_nol_chan:1;
+		ignore_nol_chan:1,
+		ignore_6ghz_channel:1;
 	qdf_time_t age_threshold;
 	uint8_t num_of_bssid;
 	uint8_t num_of_ssid;