For multi link connection there might be the case where
rsnxe of the AP is not present on the link vdev.
This causes the link vdev alone to downgrade to 11ax
mode and assoc vdev is in 11be dot11 mode.
So for vdev with ML peer, the dot11mode is 11ax,
which causes abnormal firmware behavior.
Reject the partner link that doesn’t pass the security
check and validate the next available partner link.
if none of the partner link passes the security check,
proceed connection with single link.
Change-Id: I080557027180c0566a1c284a93fcc4b69c61a9c8
CRs-Fixed: 3581189
In some scenario, mbssid_info->prof_residue could be set to
true, hence mbssid_info->split_prof_continue will also be
set to true. Then for the next loop if buffer split_prof_start
is freed but split_prof_end does not reinitialize to NULL,
then use-after-free happens.
To address this issue, reinitialize split_prof_end properly
when split_prof_start is freed.
Change-Id: Iad7448868cfa4c2dd7922f6c1b2622cf20a6a28c
CRs-Fixed: 3583521
Currently PM_LL_LT_SAP_MODE is not handled in policy manager.
With this change add support for PM_LL_LT_SAP_MODE in the policy
manager.
Change-Id: I7b893b04498957eb4a7e9f74c4b4395d4a823bf9
CRs-Fixed: 3536612
APs can broadcast support for 20 & 40 MHz in the
HT cap IE and operate in 20 MHz also.
Therefore, use the extension channel offset field
of the HT info IE to identify the bandwidth of the
BSS.
Change-Id: I9987d45ec34ba3327b43ef70eb891d346e9e78c9
CRs-Fixed: 3587792
If bssid and short ssid is present in the rnr list,
do not add duplicated entry.
Change-Id: Ic2f3b2396cd087601cf72aad8b4fdf81188d064e
CRs-Fixed: 3554848
Currently in driver while using QDF_MAC_ADDR_FMT to print mac
address, the mac address reference provided to QDF_MAC_ADDR_REF is
incorrect in some cases. Fix all such instances.
Change-Id: I324581691dfe683e0d5b046e19b444928657ce05
CRs-Fixed: 3556423
Remove the interfering 6 GHz inaddition to the 5 GHz
channels from the scan list, if the DFS SAP is present.
Change-Id: Ia7dd5b87fe762d8ba326f9b7ac508731563312ba
CRs-Fixed: 3555971
For 11A only AP, HT and DS IE are not present in beacon,
STA may receive the beacon on adjacent channel, then
driver may record wrong channel frequency in scan entry.
Fix by update the channel frequency by old scan entry
channel frequency if new beacon RSSI lower than old beacon
RSSI and gap is bigger than 40 db within 5s.
Change-Id: Idbd144befa78597fcd50a753ca13b0f11d1f45f5
CRs-Fixed: 3484664
In api wlan_scan_start(), redundant check for
scan_start_req is observed in some static analysis
tool.
Remove the redundant check in the ap
wlan_scan_start() as the check is present in the
api scm_scan_free_scan_request_mem
Change-Id: Ic320bb95253668310c5d738216daba62ba2f4b3f
CRs-Fixed: 3528505
Currently, during scanning, while parsing the received beacons,
the beacon IEs are checked to verify whether the channel
present in the beacon is invalid. If the channel is found to be
invalid, the corresponding beacons are dropped. This check treats
the channels in the NOL list as invalid channels.
Consider a case of a repeater with RCSA enabled; when the RE
detects a radar, the RE adds the radar detected channels to
NOL and sends an RCSA action frame to the Root AP to intimate
the Root about the radar detection. The RE will also wait for the
Root to send CSA to RE. But in this case, the RE will not parse
the CSA IE received from the Root, as the beacons from the Root
AP are dropped, as the channel present in the beacon is
considered invalid.
The purpose of the channel validity check in the beacon parsing is
to avoid receiving beacons from an invalid channel, that is, the
channels that are not supported by the device. Since NOL channels
are valid, we can parse the beacons received from an NOL channel.
Therefore, to fix this issue, use the regulatory API
'wlan_reg_is_freq_enabled' instead of the API
'wlan_reg_is_disable_for_pwrmode' to check if the channel is
invalid.
The API 'wlan_reg_is_freq_enabled' treats NOL channels as valid
channels.
Change-Id: Iad502363c0ad15be2a009480c49bffcf8e004943
CRs-Fixed: 3513560
For mlo 5+6, 6 GHz band score is higher than 5 GHz, so 6+5 total score is
higher than 5+6, 6+5 is always selected before 5+6 even 6 GHz link score is
much worse than 5 GHz.
To fix it, calculate each link score for each MLO AP, if assoc link is
best link, add a boost score, then it can be selected first.
Update band weight and score for both SLO and MLO, select average of link
band score as MLO band score.
Change-Id: If0714fa94031d5746d89388917540f0e34086d86
CRs-Fixed: 3483850
Currently if MLO connection fails then connection is tried
with same link until it reaches to maximum no of trials but
connection is not tried with same assoc link by changing partner
link or with SLO.
So, when vendor roam score algorithm is enabled, add logic to try
MLO connection again by reducing number of partner links with
each retry till SLO connection is tried.
Change-Id: Ic0e3acd2198cfa0ed0ff893da6ae32d669d32a41
CRs-Fixed: 3521159
Only in the case of HMT, the host sets the
'scan_f_report_cca_busy_for_each_20mhz' scan flag
in scan request.
Trigger wide band scan also only if
scan_f_report_cca_busy_for_each_20mhz flag is set.
Change-Id: I9418d916f1927798ad56460b4c799100fc786378
CRs-Fixed: 3515959
If fcc constraint is set host disables all 6 GHz channels
except for the STA, P2P client connect 6 GHz channels,
but host shouldn't scan any 6 GHz channels.
Add changes to filter out 6 GHz channels from scan list.
Change-Id: Ibc6b34a5d294d1d11f1717be135030760359bd53
CRs-Fixed: 3481006
Optimize scan logs while dropping frame to print frame type
and freq and other info and use same format to print.
Also If bssid hint is zero, avoid printing hidden bssid which
are filtered out.
Change-Id: Ibb6cb523b9be6af2c05c4a5a7a5cbccb44f984af
CRs-Fixed: 3506377
For MBSSID case, ML IE does not contain full per-STA profile info
in MBSSID IE. When generating the beacon and probe response frame
for MBSSID case, it needs to copy the ML IE info from main frame.
Change-Id: Id369d08772f11a5f0f838351b5b76ecce3762c55
CRs-Fixed: 3479932
Host parse newely added vendor command
QCA_NL80211_VENDOR_SUBCMD_CONNECTED_CHANNEL_STATS and trigger
scan to get connected channel stats from FW in case of MLO
connection.
On scan done host sends scan done indication to upper layer
via QCA_NL80211_VENDOR_SUBCMD_CONNECTED_CHANNEL_STATS vendor
command.
Change-Id: I92dbd779c5fbdb1652a37cfa54c177bd13de4f28
CRs-Fixed: 3491060
Optimize beacon/probe rsp logs, by printing the params when
their values are non 0. Thus reducing the logs size.
Also add the frame length in the logs.
Change-Id: I6cad77b6cdc4576804cdabd9f53235029e6cebd7
CRs-Fixed: 3490632
scan db has intersected phymode. For BSS information via iwlist we need
non intersected phymode.
Change-Id: I62a4aea33a67ac12b5be5bcdd4a3fc4538056df9
CRs-Fixed: 3454700
1. Read the new service capability:
WMI_SERVICE_CCA_BUSY_INFO_FOREACH_20 MHz: Via this host knows
whether FW supports reporting of CCA busy info for each 20 MHz
subband of wideband scan channel or not.
WMI_SERVICE_VDEV_PARAM_CHWIDTH_WITH_NOTIFY_SUPPORT: Via this
host knows whether FW supports VDEV param channel width switch
with OMN/OMI notification or not
2. Register osif callback to send scan done indication to upper
layer
3. Add 2 new scan flags pause_home_channel and
report_cca_busy_for_each_20 MHz
Change-Id: I63d561a3c5f8e49a3ca42d956e6b630c63edeaf4
CRs-Fixed: 3460901
If PMKID present in AP expires, AP rejects the PMKID based association.
Current design is to clear the cache using BSSID/MAC address of link
in such cases to let a fresh SAE authentication to happen.
But host driver stores PMKSA with MLD address for ML BSS.
Adapt to the same and update PMKSA cache clear APIs to use
MLD address instead of link address.
Introduce new API which return the legacy address for non-ML
association and MLD address for MLO association of the BSS peer.
Use this API to get the correct entry from PMKSA cache to delete.
Introduce new utility API to fetch the MLD address from scan entry.
Use this API to get the MLD address of the ML candidate.
Change-Id: Id35a3937ba6649e8ba7ae8f849ac1ed2a9cc83f8
CRs-Fixed: 3453839
In some scenarios, there can be need to get the peer MLD address.
For this, add new API to extract the MLD address from the scan entry
by the BSSID.
Change-Id: I3b78501cb5320b3e834313a048b6fa0a84eab03b
CRs-Fixed: 3441498
For example, If tmp_new[1] = 3, subie_len=160,
tmp_new + tmp_new[1] + MIN_IE_LEN) - sub_copy will be 159.
In this scenario, while condition gets true (159 <= 160)
In if condition (159 >= 160), we are not breaking the loop in if.
tmp_new will get incremented, tmp_new will point at 159,
tmp_new[1] will point at 160, tmp_new[2] point at 161.
So, we are accessing one byte out-of-bound value.
To fix accessing out-of-bound value subtract one from the subie_len
in while and if condition to avoid this scenario.
Change-Id: I624585323963b6d79acf9ff0f96ec17e0b415c2d
CRs-Fixed: 3358833
SON IE length check drops some of the AP beacon or probe
response due to length mismatch.
As length may increase for some of APs. Remove check for
ie len of WLAN_VENDOR_SON_IE_LEN
Change-Id: I74add7ea539913f67bf7d11e2ff8e4b0374eba05
CRs-Fixed: 3418249
With the MBSSID IE, it has to generate the corresponding
beacon and probe response frames. Then handle the generated
frames per critical update feature.
Change-Id: Iff3fdb3a335a98d9ed7e51957885e2f161069807
CRs-Fixed: 3376521
Currently, Scan list is trimmed based on low latency sap frequency.
But even after removal of 6 GHz frequencies from scan list,
host receives scan events for 6 GHz frequencies because rnr info
is updated and hint bssids and hint ssids are added due to which
FW scans 6 GHz frequencies also.
Fix is to update hint_bssid and hint_s_ssid to those frequencies
only which are allowed to be scanned in case low latency sap is up.
Change-Id: I7f9bc6b6262a235d5aa02c9155555b4827227acf
CRs-Fixed: 3379401
The kernel-doc script identified some documentation errors in the
umac/scan folder, so fix them.
In addition, Change-Id I8340c6c654cf03f63aee9ed622e3db38056d714f
("qcacmn: Add API to access scan entry partner info") made an
incorrect copyright change, so fix that.
Change-Id: I629f5961ab0a284c70a47fc7d71fe81d5572ae25
CRs-Fixed: 3380633
In case of 4 LINK MLO we have link index as 0, 1, 2 and 3
so increase the MLD_MAX_LINKS to accommodate all links.
Also MAX RNR_BSS supported in 16vap 16 MLD across N links will
increase as:
For N(4 LINK) link MLO, Max RNR BSS will be given:
16(N_6G_LINKS) + N - (N_6G_LINKS) - 1(SELF_LINK) = 16*2 + N-2-1 = 33
Change-Id: If2e1755b8b99e83d8fe391220183921a70be61f5
CRs-Fixed: 3408516
Fix puncture bitmap validation on on 5 GHz band by
deriving the band bitmap based on primary frequency.
Change-Id: Ic1d482716a905812e08d21dbbfb2472f83b95491
CRs-Fixed: 3396325
Add support to get min and max band width of provided
channel enum, so that configured bandwidth can be validated
whether it lies in the range of bandwidth or not.
Change-Id: I765b4e8013d021eaca41b37789d1ef3f1d57fa7d
CRs-Fixed: 3402928
Currently, if ACS_LAST_SCAN_AGEOUT_TIME is not provided by user then
the last_scan_ageout_time is updated to 0 and full scan is triggered
to find channel instead of using previous scan results, to avoid delay
use last full scan result based on ini "last_scan_ageout_time" value.
Change-Id: Ic38f0d3c83087dafde54b43762dd14deb7d02870
CRs-Fixed: 3404550
In api wlan_add_age_ie(), age ie is included in scan
result.
Remove api wlan_add_age_ie() as the bss age is
calculated using NL80211_BSS_SEEN_MS_AGO.
Change-Id: Ided2364ce7a52d942d29343455fc7ae511be9a18
CRs-Fixed: 3391276
In suspend mode, driver issues the PNO scan with frequency list to
firmware. Currently, for 6 GHz PNO scan, driver adds the RNR flag
for non-PSC channels and sent the scan request to firmware. But
firmware is unable to scan for non-PSC frequencies as 2.4 GHz and
5 GHz frequencies are not present in the frequency list.
So, to fix this, driver exempts the addition of RNR flag for
non-PSC channel in PNO scan.
Change-Id: If2403586460f9da1647bc904027ed738e255af22
CRs-Fixed: 3384972
When the STA finds a candidate AP to connect to, it checks if the
primary 20 MHz channel is punctured or not. This validation is currently
done using scan channel parameters. The scan channel parameters are
intersected to the STA's capability and might not reflect the original EHT
OP IE parameters. For example, consider an 11ax STA in HE160 MHz mode
trying to connect to a 11be AP operating in EHT320 MHz mode. The scan
channel parameters are intersected to the STA's capability of 160 MHz.
The scan channel parameters like 320 MHz center frequency and puncturing
bitmap are inconsistent with the CCFS1 and punturing bitmap received in
the EHT OP IE.
So, instead of using the intersected scan channel parameters stored in the
STA to validate puncturing bitmap of the AP, use the EHT OP IE received
from the AP to validate puncturing bitmap.
Change-Id: I0cdc56eea96f04eb96327506bfd61c0f3a9109bb
CRs-Fixed: 3364639
Currently host drops an AP from scan list if host country is set to
US and AP country is non-US. This implementation violates our
standard regulatory scan policy.
To address this issue, introduce a new INI to differentiate
between our standard regulatory policy with others.
Change-Id: Id72f871653e31969c4d1b147cb3c557f90a6c8f6
CRs-Fixed: 3361720
Changes to handle dynamic link add for non-AP MLD.
Also add change to clear mlo cap for link removal of vdev.
Change-Id: I47e0bb77b7f32296e5745ffd53ce3a34ec35a63a
CRs-Fixed: 3346538
One bad AP Multi-Link IE length is 5, have no MLD addr, BSS peer MLD
addr is set as zero, connect fails, and bss peer leak happens.
DUT STA can't connect other AP any more if bss peer leak happen 2 times.
At last, if wifi is disabled, vdev delete fails for ref count leak, assert
happens.
To fix it, validate AP ML IE length before parse it, if it's actual length
is less than expected length, set ML IE as NULL, downgrade the AP to legacy
mode.
Change-Id: I7d6b27f0816f3169c8802f67b64e5561ffdde6ed
CRs-Fixed: 3351189
The FILS realm scan filter validates the fils realm
provided in connect request against the realm present in the
fils indication element. But according to the 802.11 standard
the AP can advertise the realm count as 0 and choose not
to advertise any realm ID. So the connection to that AP
fails as the BSSID gets filtered from scan results during
candidate selection due to realm mismatch.
Allow connection with FILS AP when the AP doesn't advertise
realm
Change-Id: I7fbaf27a9ba346e105af44d77318c485f55a74ab
CRs-Fixed: 3341993
Fetch beacon/probe response with given mac address from scan db.
The frame can be used to fill bss descriptor in case of MLO
roaming where scan entry is derived from ML probe response of
assoc link.
Change-Id: Ie20b36c6619dd0e44d04d3bd8767c7dd09b053d5
CRs-Fixed: 3342439
Currently, in driver, if DUT fw does not support 11be,
11be capable beacons will not be parsed in the scan result.
But driver can have 11be capable parsing even when target
is not capable of 11be. This may be helpful in understanding
OBSS and ACS kind of scenarios.
To fix, driver will parse 11be capable beacon in the scan result.
Change-Id: I1eb4d60c8a7513a01126575dd9c4fc4f1a4ee6e0
CRs-Fixed: 3296848
