For example, If tmp_new[1] = 3, subie_len=160,
tmp_new + tmp_new[1] + MIN_IE_LEN) - sub_copy will be 159.
In this scenario, while condition gets true (159 <= 160)
In if condition (159 >= 160), we are not breaking the loop in if.
tmp_new will get incremented, tmp_new will point at 159,
tmp_new[1] will point at 160, tmp_new[2] point at 161.
So, we are accessing one byte out-of-bound value.
To fix accessing out-of-bound value subtract one from the subie_len
in while and if condition to avoid this scenario.
Change-Id: I624585323963b6d79acf9ff0f96ec17e0b415c2d
CRs-Fixed: 3358833
SON IE length check drops some of the AP beacon or probe
response due to length mismatch.
As length may increase for some of APs. Remove check for
ie len of WLAN_VENDOR_SON_IE_LEN
Change-Id: I74add7ea539913f67bf7d11e2ff8e4b0374eba05
CRs-Fixed: 3418249
With the MBSSID IE, it has to generate the corresponding
beacon and probe response frames. Then handle the generated
frames per critical update feature.
Change-Id: Iff3fdb3a335a98d9ed7e51957885e2f161069807
CRs-Fixed: 3376521
Currently, Scan list is trimmed based on low latency sap frequency.
But even after removal of 6 GHz frequencies from scan list,
host receives scan events for 6 GHz frequencies because rnr info
is updated and hint bssids and hint ssids are added due to which
FW scans 6 GHz frequencies also.
Fix is to update hint_bssid and hint_s_ssid to those frequencies
only which are allowed to be scanned in case low latency sap is up.
Change-Id: I7f9bc6b6262a235d5aa02c9155555b4827227acf
CRs-Fixed: 3379401
The kernel-doc script identified some documentation errors in the
umac/scan folder, so fix them.
In addition, Change-Id I8340c6c654cf03f63aee9ed622e3db38056d714f
("qcacmn: Add API to access scan entry partner info") made an
incorrect copyright change, so fix that.
Change-Id: I629f5961ab0a284c70a47fc7d71fe81d5572ae25
CRs-Fixed: 3380633
In case of 4 LINK MLO we have link index as 0, 1, 2 and 3
so increase the MLD_MAX_LINKS to accommodate all links.
Also MAX RNR_BSS supported in 16vap 16 MLD across N links will
increase as:
For N(4 LINK) link MLO, Max RNR BSS will be given:
16(N_6G_LINKS) + N - (N_6G_LINKS) - 1(SELF_LINK) = 16*2 + N-2-1 = 33
Change-Id: If2e1755b8b99e83d8fe391220183921a70be61f5
CRs-Fixed: 3408516
Add support to get min and max band width of provided
channel enum, so that configured bandwidth can be validated
whether it lies in the range of bandwidth or not.
Change-Id: I765b4e8013d021eaca41b37789d1ef3f1d57fa7d
CRs-Fixed: 3402928
Currently, if ACS_LAST_SCAN_AGEOUT_TIME is not provided by user then
the last_scan_ageout_time is updated to 0 and full scan is triggered
to find channel instead of using previous scan results, to avoid delay
use last full scan result based on ini "last_scan_ageout_time" value.
Change-Id: Ic38f0d3c83087dafde54b43762dd14deb7d02870
CRs-Fixed: 3404550
In api wlan_add_age_ie(), age ie is included in scan
result.
Remove api wlan_add_age_ie() as the bss age is
calculated using NL80211_BSS_SEEN_MS_AGO.
Change-Id: Ided2364ce7a52d942d29343455fc7ae511be9a18
CRs-Fixed: 3391276
Changes to handle dynamic link add for non-AP MLD.
Also add change to clear mlo cap for link removal of vdev.
Change-Id: I47e0bb77b7f32296e5745ffd53ce3a34ec35a63a
CRs-Fixed: 3346538
One bad AP Multi-Link IE length is 5, have no MLD addr, BSS peer MLD
addr is set as zero, connect fails, and bss peer leak happens.
DUT STA can't connect other AP any more if bss peer leak happen 2 times.
At last, if wifi is disabled, vdev delete fails for ref count leak, assert
happens.
To fix it, validate AP ML IE length before parse it, if it's actual length
is less than expected length, set ML IE as NULL, downgrade the AP to legacy
mode.
Change-Id: I7d6b27f0816f3169c8802f67b64e5561ffdde6ed
CRs-Fixed: 3351189
Fetch beacon/probe response with given mac address from scan db.
The frame can be used to fill bss descriptor in case of MLO
roaming where scan entry is derived from ML probe response of
assoc link.
Change-Id: Ie20b36c6619dd0e44d04d3bd8767c7dd09b053d5
CRs-Fixed: 3342439
Currently, in driver, if DUT fw does not support 11be,
11be capable beacons will not be parsed in the scan result.
But driver can have 11be capable parsing even when target
is not capable of 11be. This may be helpful in understanding
OBSS and ACS kind of scenarios.
To fix, driver will parse 11be capable beacon in the scan result.
Change-Id: I1eb4d60c8a7513a01126575dd9c4fc4f1a4ee6e0
CRs-Fixed: 3296848
To check the allowed dot11 mode of the VDEV, add new member to
struct vdev_mlme_proto hold this value.
Change-Id: I5bfbff0ab3056013a997744b8e9ce0b4d0a3d43b
CRs-Fixed: 3314403
Currently, structure tbtt_information_header and
rnr_mld_info don't have attribute __packed. When
fetching the value of bss_param_change_cnt, it
tries to align with byte and causes wrong value.
And these are OTA structures which should be moved
to file wlan_cmn_ieee80211.h.
Change-Id: I326e62e6f513c2b43fe08c278aa4b5a245d2d35c
CRs-Fixed: 3313710
When the beacon frame is received by the DUT, util_scan_get_phymode_5g
gets invoked. In a highly noisy environment, malformed/incorrect
beacon frames is received and the content of vhtop->vht_op_chwidth
becomes invalid. Hence bad channel print floods the console since
it is under scm_err debug level (the default debug level of SCAN module
is ERROR).
Reduce the debug level of the print to scm_debug since it hits for
every in-correct beacon.
Change-Id: I92d99f8d69ac7f892f155f2043c60a4c0c2efa12
CRs-Fixed: 3313827
Low latency SAP can come up on below two profile
a. Gaming
b. Lossless Audio
Scenario: LL SAP is present on 5 GHz channel and scan comes up
DBS: For both profile, allow scan only in 2.4 GHz channel
SBS: For both profile, allow scan on non low latency SAP
channel which are mutually exclusive.
Change-Id: I9d5832a457d08325b9e66099286ae3f18cdc66e1
CRs-Fixed: 3294607
To protect user privacy, print SSID with QDF_SSID_FMT
and QDF_SSID_REF, then SSID will be hide in logs if
anonymization is enabled.
Change-Id: Ifad0ccd76bd1184a9b1d20f3d7fa4455df924843
CRs-Fixed: 3291826
Update the handler to fetch the status of the supports_11be
capability flag properly.
CRs-Fixed: 3305253
Change-Id: I35a083b7b717b0cf4fbe40e2e00b8bfd0ada9082
While generating the scan entry for TX VAP, the decision to
strip MBSSID IE from the TX VAP beacon, will be taken if the
platform supports 11BE.
CRs-Fixed: 3300515
Change-Id: Ie45da7a02a2811172b2403d5fd1bc4b9271432d5
While processing an beacon with MBSSID IE/ IEs, the driver
creates scan entries for the TX VAP/ profile and every Non-TX
profile present in the MBSSID IE.
The scan entry generation for nontx profile happens as required,
whereas while generating the scan entry for the TX VAP, driver
copies the MBSSID IE/IEs as well. Because of this, multiple
ML IEs would be part of one frame and as a result sometimes
supplicant fails in adapting/ fetching the proper ML IE.
With this change, the host driver takes care of stripping out
the MBSSID IE/IEs from the full beacon frame and while
generating the scan entry for TX VAP/ profile, it uses the data
that only belongs to the TX VAP.
This helps in resolving the duplicate ML IE issue.
Change-Id: I13b3ce94da1970eea8c16b52b1987edc1a5418bc
CRs-Fixed: 3295496
Duplicated 6 GHz beacons with poor RSSI are received in frequency far away
from primary channel, they are not dropped because HE duplicate beacon
field is set, which makes poor RSSI saved in scan entry.
To fix it, if 6 GHz HE duplicate beacon field is set, compare band width
and center frequency from EHT ops and HE ops with current frequency beacon
received, if current frequency is outside of the BSS operating BW, drop the
leaked beacon.
Change-Id: I580df7efbbe5a7b56cfd14795474ad9a4d432fdc
CRs-Fixed: 3299236
Prensently for initial scan and roam passive scan dwell time,
the same ini CFG_PASSIVE_MAX_CHANNEL_TIME is used. This will
cause initial scan to have the roam passive scan value.
Decouple passive scan and roam passive scan ini parameter by
adding new ini param for roaming
Change-Id: I7bffb24a1e45548ed57492abc35e80958e9955ee
CRs-Fixed: 3272817
Based on the new requirement, add support to get requested
feature set info from different feature components.
Change-Id: I75c5a3062312b1124d21d1ae429a7c5a18d9f2d0
CRs-Fixed: 3262867
Add APIs to update and get the time at which scan
is completed in that channel.
Change-Id: I8c594b1881fc83daa88800eac9eac94c2e0df64a
CRs-Fixed: 3239359
Some operating class like 81, channel spacing is 25, need convert
channel width to 20 to get right score when select candidate.
Fix some code style issues too.
Change-Id: I15795d016cae74b7596a199ae2883aeababaf081
CRs-Fixed: 3250207
Select best candidate by mlo score algorithm.
Check bss mlo type first by mlo info, mlo config, partner frequency and
dbs/sbs cap, calculate candidate score for SLO/MLMR/EMLSR bss types.
For SLO case, same as before except:
Decrease percent of legacy band and nss to include 320M and 8x8.
Decrease max percent of congestion from 100 to 80 to include MLMR joint
congestion.
Increase weight of both band width and nss to 20.
For EMLSR case, same as SLO except adding EMLSR boost score.
For MLMR case, besides adding MLMR boost score,
calculate joint RSSI/band width/congestion score for combination of
scan entry + each partner link by new mlo algorithm, select partner with
highest total joint score as candidate combination, only activate that
partner link.
Change-Id: I640c6825d945caf5fab504a77717195c2eac0c93
CRs-Fixed: 3234912
As part of a transition of basic MLO functionality to IEEE802.11be
D1.5, add definitions and receive processing for the signaling of the
presence of BSS Parameters Change Count subfield in STA Info field in
Per-STA Profile subelement in Basic Multi-Link element Link Info
field. This presence is signaled by a new bit in the STA Control
field of the corresponding Per-STA Profile subelement. Rename the
definition for BSS Parameters Change Count (sub)field size to make it
generic since it may occur in various protocol signaling areas
related to MLO.
Change-Id: Ieb17f65547b7106442369b51cd6bc303046a224a
CRs-Fixed: 3197012
Get mlo partner link freq from RNR IE.
Use band bitmap to filter mlo AP by band.
Force link on 2 GHz: mlo_support_link_band=1
Force link on 5 GHz: mlo_support_link_band=2
Force link on 6 GHz: mlo_support_link_band=4
Change-Id: Ib11dee117bef6121bbc455b62a2803138881a72a
CRs-Fixed: 3211974
Remove forward declaration of util_scan_get_he_6g_params. This
declaration is not required and is resulting in compilation
issues.
Change-Id: I43ac0839fa2a17d6e91811643d3ceb72c925e92f
CRs-Fixed: 3210127
Add boundary check for the newly generated frame per subelement.
It should not go beyond the original beacon frame length.
Change-Id: I6de5519052a47119ec0a294941244c1b277233fc
CRs-Fixed: 3194793
Start searching for IEs in the multi-link per-STA
profile from the STA Profile field instead of the
STA Control field to avoid invalid checks that may
arise due to other fields in-between.
CRs-Fixed: 3199541
Change-Id: I0a0f5b6c83135974820d2870e00f6dcf9eab61fe
Currently STA can scan and come up on 6Ghz or indoor channel if
hardware is non-dbs and SAP is present
As part of this change, do not allow STA to scan on 6Ghz or
5Ghz indoor channel for non-dbs hardware if SAP is present
Change-Id: I97759f8b2c6a1c460d90fbb797a0e64d2532797c
CRs-Fixed: 3186406
