Revert "Revert "[wpa_supplicant] cumilative patch from commit 3a..."
Revert submission 28102966-revert-26533062-Supplicant_merge_June24-CUATTSRBBR
Reason for revert: Fixed the regression issue (ag/28389573)
Reverted changes: /q/submissionid:28102966-revert-26533062-Supplicant_merge_June24-CUATTSRBBR
Bug: 329004037
Test: Turn ON/OFF SoftAp multiple times
Change-Id: Ibfff2a847be5678f1a6d77e28506a05936812a91
diff --git a/src/common/dpp_tcp.c b/src/common/dpp_tcp.c
index d226a8a..2fad3e1 100644
--- a/src/common/dpp_tcp.c
+++ b/src/common/dpp_tcp.c
@@ -563,7 +563,7 @@
struct dpp_connection *conn;
dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
- if (os_memcmp(src, conn->mac_addr, ETH_ALEN) == 0)
+ if (ether_addr_equal(src, conn->mac_addr))
return conn;
if ((type == DPP_PA_PKEX_EXCHANGE_RESP ||
type == DPP_PA_AUTHENTICATION_RESP) &&
@@ -661,7 +661,7 @@
struct dpp_connection *conn;
dl_list_for_each(conn, &ctrl->conn, struct dpp_connection, list) {
- if (os_memcmp(src, conn->mac_addr, ETH_ALEN) == 0)
+ if (ether_addr_equal(src, conn->mac_addr))
return conn;
}
@@ -2601,7 +2601,8 @@
}
-static void dpp_tcp_send_conn_status_msg(struct dpp_connection *conn,
+static void dpp_tcp_send_conn_status_msg(struct dpp_global *dpp,
+ struct dpp_connection *conn,
enum dpp_status_error result,
const u8 *ssid, size_t ssid_len,
const char *channel_list)
@@ -2609,6 +2610,7 @@
struct dpp_authentication *auth = conn->auth;
int res;
struct wpabuf *msg;
+ struct dpp_connection *c;
auth->conn_status_requested = 0;
@@ -2627,8 +2629,16 @@
return;
}
- /* This exchange will be terminated in the TX status handler */
- conn->on_tcp_tx_complete_remove = 1;
+ /* conn might have been removed during the dpp_tcp_send_msg() call, so
+ * need to check that it is still present before modifying it. */
+ dl_list_for_each(c, &dpp->tcp_init, struct dpp_connection, list) {
+ if (conn == c) {
+ /* This exchange will be terminated in the TX status
+ * handler */
+ conn->on_tcp_tx_complete_remove = 1;
+ break;
+ }
+ }
}
@@ -2641,7 +2651,7 @@
dl_list_for_each(conn, &dpp->tcp_init, struct dpp_connection, list) {
if (conn->auth && conn->auth->conn_status_requested) {
- dpp_tcp_send_conn_status_msg(conn, result, ssid,
+ dpp_tcp_send_conn_status_msg(dpp, conn, result, ssid,
ssid_len, channel_list);
break;
}
diff --git a/src/common/gas_server.c b/src/common/gas_server.c
index 745a13f..1075500 100644
--- a/src/common/gas_server.c
+++ b/src/common/gas_server.c
@@ -352,7 +352,7 @@
dl_list_for_each(response, &gas->responses, struct gas_server_response,
list) {
if (response->dialog_token != dialog_token ||
- os_memcmp(sa, response->dst, ETH_ALEN) != 0)
+ !ether_addr_equal(sa, response->dst))
continue;
gas_server_handle_rx_comeback_req(response);
return 0;
@@ -470,7 +470,7 @@
dl_list_for_each(response, &gas->responses, struct gas_server_response,
list) {
if (response->dialog_token != dialog_token ||
- os_memcmp(dst, response->dst, ETH_ALEN) != 0)
+ !ether_addr_equal(dst, response->dst))
continue;
gas_server_handle_tx_status(response, ack);
return;
diff --git a/src/common/hw_features_common.c b/src/common/hw_features_common.c
index 57b5a8e..f45d2e9 100644
--- a/src/common/hw_features_common.c
+++ b/src/common/hw_features_common.c
@@ -448,6 +448,7 @@
} else {
int freq1, freq2 = 0;
int bw = center_idx_to_bw_6ghz(center_segment0);
+ int opclass;
if (bw < 0) {
wpa_printf(MSG_ERROR,
@@ -455,7 +456,10 @@
return -1;
}
- freq1 = ieee80211_chan_to_freq(NULL, 131,
+ /* The 6 GHz channel 2 uses a different operating class
+ */
+ opclass = center_segment0 == 2 ? 136 : 131;
+ freq1 = ieee80211_chan_to_freq(NULL, opclass,
center_segment0);
if (freq1 < 0) {
wpa_printf(MSG_ERROR,
diff --git a/src/common/ieee802_11_common.c b/src/common/ieee802_11_common.c
index dbe7b29..08ba45b 100644
--- a/src/common/ieee802_11_common.c
+++ b/src/common/ieee802_11_common.c
@@ -1012,7 +1012,7 @@
continue;
}
- if (sub_elem_len < 3) {
+ if (sub_elem_len < 5) {
if (show_errors)
wpa_printf(MSG_DEBUG,
"MLD: error: sub_elem_len=%zu < 5",
@@ -1081,7 +1081,8 @@
non_inherit_len -= 1 + non_inherit[0];
non_inherit += 1 + non_inherit[0];
- if (non_inherit_len < 1UL + non_inherit[0]) {
+ if (non_inherit_len < 1UL ||
+ non_inherit_len < 1UL + non_inherit[0]) {
if (show_errors)
wpa_printf(MSG_DEBUG,
"MLD: Invalid inheritance");
@@ -2507,35 +2508,6 @@
/**
- * get_ie_nth - Fetch a specified information element from IEs buffer
- * @ies: Information elements buffer
- * @len: Information elements buffer length
- * @eid: Information element identifier (WLAN_EID_*)
- * @nth: Return the nth element of the requested type (2 returns the second)
- * Returns: Pointer to the information element (id field) or %NULL if not found
- *
- * This function returns the nth matching information element in the IEs
- * buffer or %NULL in case the element is not found.
- */
-const u8 * get_ie_nth(const u8 *ies, size_t len, u8 eid, int nth)
-{
- const struct element *elem;
- int sofar = 0;
-
- if (!ies)
- return NULL;
-
- for_each_element_id(elem, eid, ies, len) {
- sofar++;
- if (sofar == nth)
- return &elem->id;
- }
-
- return NULL;
-}
-
-
-/**
* get_ie_ext - Fetch a specified extended information element from IEs buffer
* @ies: Information elements buffer
* @len: Information elements buffer length
@@ -2874,6 +2846,21 @@
}
+bool is_same_band(int freq1, int freq2)
+{
+ if (IS_2P4GHZ(freq1) && IS_2P4GHZ(freq2))
+ return true;
+
+ if (IS_5GHZ(freq1) && IS_5GHZ(freq2))
+ return true;
+
+ if (is_6ghz_freq(freq1) && is_6ghz_freq(freq2))
+ return true;
+
+ return false;
+}
+
+
int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep,
size_t nei_rep_len)
{
@@ -3212,8 +3199,39 @@
}
-struct wpabuf * ieee802_11_defrag_data(const u8 *data, size_t len,
- bool ext_elem)
+/**
+ * chwidth_freq2_to_ch_width - Determine channel width as enum oper_chan_width
+ * @chwidth: Channel width integer
+ * @freq2: Value for frequency 2. 0 is not used
+ * Returns: enum oper_chan_width, -1 on failure
+ */
+int chwidth_freq2_to_ch_width(int chwidth, int freq2)
+{
+ if (freq2 < 0)
+ return -1;
+ if (freq2)
+ return CONF_OPER_CHWIDTH_80P80MHZ;
+
+ switch (chwidth) {
+ case 0:
+ case 20:
+ case 40:
+ return CONF_OPER_CHWIDTH_USE_HT;
+ case 80:
+ return CONF_OPER_CHWIDTH_80MHZ;
+ case 160:
+ return CONF_OPER_CHWIDTH_160MHZ;
+ case 320:
+ return CONF_OPER_CHWIDTH_320MHZ;
+ default:
+ wpa_printf(MSG_DEBUG, "Unknown max oper bandwidth: %d",
+ chwidth);
+ return -1;
+ }
+}
+
+
+struct wpabuf * ieee802_11_defrag(const u8 *data, size_t len, bool ext_elem)
{
struct wpabuf *buf;
const u8 *pos, *end = data + len;
@@ -3253,43 +3271,42 @@
}
-struct wpabuf * ieee802_11_defrag(struct ieee802_11_elems *elems,
- u8 eid, u8 eid_ext)
+const u8 * get_ml_ie(const u8 *ies, size_t len, u8 type)
{
- const u8 *data;
- size_t len;
+ const struct element *elem;
- /*
- * TODO: Defragmentation mechanism can be supported for all IEs. For now
- * handle only those that are used (or use ieee802_11_defrag_data()).
- */
- switch (eid) {
- case WLAN_EID_EXTENSION:
- switch (eid_ext) {
- case WLAN_EID_EXT_FILS_HLP_CONTAINER:
- data = elems->fils_hlp;
- len = elems->fils_hlp_len;
- break;
- case WLAN_EID_EXT_WRAPPED_DATA:
- data = elems->wrapped_data;
- len = elems->wrapped_data_len;
- break;
- default:
- wpa_printf(MSG_DEBUG,
- "Defragmentation not supported. eid_ext=%u",
- eid_ext);
- return NULL;
- }
- break;
- default:
- wpa_printf(MSG_DEBUG,
- "Defragmentation not supported. eid=%u", eid);
+ if (!ies)
return NULL;
+
+ for_each_element_extid(elem, WLAN_EID_EXT_MULTI_LINK, ies, len) {
+ if (elem->datalen >= 2 &&
+ (elem->data[1] & MULTI_LINK_CONTROL_TYPE_MASK) == type)
+ return &elem->id;
}
- return ieee802_11_defrag_data(data, len, true);
+ return NULL;
}
+
+const u8 * get_basic_mle_mld_addr(const u8 *buf, size_t len)
+{
+ const size_t mld_addr_pos =
+ 2 /* Control field */ +
+ 1 /* Common Info Length field */;
+ const size_t fixed_len = mld_addr_pos +
+ ETH_ALEN /* MLD MAC Address field */;
+
+ if (len < fixed_len)
+ return NULL;
+
+ if ((buf[0] & MULTI_LINK_CONTROL_TYPE_MASK) !=
+ MULTI_LINK_CONTROL_TYPE_BASIC)
+ return NULL;
+
+ return &buf[mld_addr_pos];
+}
+
+
/* Parse HT capabilities to get maximum number of supported spatial streams */
static int parse_ht_mcs_set_for_max_nss(
struct ieee80211_ht_capabilities *htcaps,
@@ -3419,6 +3436,7 @@
return supported_width;
}
+
/*
* Parse VHT operation info fields to get operation channel width
* note that VHT operation info fields could come from VHT operation IE
@@ -3453,6 +3471,7 @@
return channel_width;
}
+
/* Parse 6GHz operation info fields to get operation channel width */
static enum chan_width get_6ghz_operation_channel_width(
struct ieee80211_6ghz_operation_info * six_ghz_oper_info)
@@ -3525,6 +3544,7 @@
return channel_width;
}
+
/* Parse EHT operation IE to get EHT operation channel width */
static enum chan_width get_eht_operation_channel_width(
struct ieee80211_eht_operation *eht_oper,
@@ -3558,6 +3578,7 @@
return channel_width;
}
+
/* Parse HT/VHT/HE operation IEs to get operation channel width */
enum chan_width get_operation_channel_width(struct ieee802_11_elems *elems)
{
@@ -3594,6 +3615,8 @@
return channel_width;
}
+
+
/*
* Get STA operation channel width from AP's operation channel width and
* STA's supported channel width
@@ -3615,78 +3638,6 @@
return ap_operation_chan_width;
}
-const u8 * get_ml_ie(const u8 *ies, size_t len, u8 type)
-{
- const struct element *elem;
-
- if (!ies)
- return NULL;
-
- for_each_element_extid(elem, WLAN_EID_EXT_MULTI_LINK, ies, len) {
- if (elem->datalen >= 2 &&
- (elem->data[1] & MULTI_LINK_CONTROL_TYPE_MASK) == type)
- return &elem->id;
- }
-
- return NULL;
-}
-
-
-const u8 * get_basic_mle_mld_addr(const u8 *buf, size_t len)
-{
- const size_t mld_addr_pos =
- 2 /* Control field */ +
- 1 /* Common Info Length field */;
- const size_t fixed_len = mld_addr_pos +
- ETH_ALEN /* MLD MAC Address field */;
-
- if (len < fixed_len)
- return NULL;
-
- if ((buf[0] & MULTI_LINK_CONTROL_TYPE_MASK) !=
- MULTI_LINK_CONTROL_TYPE_BASIC)
- return NULL;
-
- return &buf[mld_addr_pos];
-}
-
-
-struct wpabuf * ieee802_11_defrag_mle(struct ieee802_11_elems *elems, u8 type)
-{
- const u8 *data;
- size_t len;
-
- switch (type) {
- case MULTI_LINK_CONTROL_TYPE_BASIC:
- data = elems->basic_mle;
- len = elems->basic_mle_len;
- break;
- case MULTI_LINK_CONTROL_TYPE_PROBE_REQ:
- data = elems->probe_req_mle;
- len = elems->probe_req_mle_len;
- break;
- case MULTI_LINK_CONTROL_TYPE_RECONF:
- data = elems->reconf_mle;
- len = elems->reconf_mle_len;
- break;
- case MULTI_LINK_CONTROL_TYPE_TDLS:
- data = elems->tdls_mle;
- len = elems->tdls_mle_len;
- break;
- case MULTI_LINK_CONTROL_TYPE_PRIOR_ACCESS:
- data = elems->prior_access_mle;
- len = elems->prior_access_mle_len;
- break;
- default:
- wpa_printf(MSG_DEBUG,
- "Defragmentation not supported for Multi-Link element type=%u",
- type);
- return NULL;
- }
-
- return ieee802_11_defrag_data(data, len, true);
-}
-
unsigned int is_ap_t2lm_negotiation_supported(const u8 *mle, size_t mle_len)
{
diff --git a/src/common/ieee802_11_common.h b/src/common/ieee802_11_common.h
index 6f4fe80..60260e5 100644
--- a/src/common/ieee802_11_common.h
+++ b/src/common/ieee802_11_common.h
@@ -261,7 +261,6 @@
extern size_t global_op_class_size;
const u8 * get_ie(const u8 *ies, size_t len, u8 eid);
-const u8 * get_ie_nth(const u8 *ies, size_t len, u8 eid, int nth);
const u8 * get_ie_ext(const u8 *ies, size_t len, u8 ext);
const u8 * get_vendor_ie(const u8 *ies, size_t len, u32 vendor_type);
@@ -284,6 +283,10 @@
bool is_6ghz_psc_frequency(int freq);
int get_6ghz_sec_channel(int channel);
+bool is_same_band(int freq1, int freq2);
+#define IS_2P4GHZ(n) (n >= 2412 && n <= 2484)
+#define IS_5GHZ(n) (n > 4000 && n < 5895)
+
int ieee802_11_parse_candidate_list(const char *pos, u8 *nei_rep,
size_t nei_rep_len);
@@ -293,6 +296,7 @@
bool ieee802_11_rsnx_capab(const u8 *rsnxe, unsigned int capab);
int op_class_to_bandwidth(u8 op_class);
enum oper_chan_width op_class_to_ch_width(u8 op_class);
+int chwidth_freq2_to_ch_width(int chwidth, int freq2);
/* element iteration helpers */
#define for_each_element(_elem, _data, _datalen) \
@@ -350,11 +354,7 @@
int ieee802_edmg_is_allowed(struct ieee80211_edmg_config allowed,
struct ieee80211_edmg_config requested);
-struct wpabuf * ieee802_11_defrag_data(const u8 *data, size_t len,
- bool ext_elem);
-struct wpabuf * ieee802_11_defrag(struct ieee802_11_elems *elems,
- u8 eid, u8 eid_ext);
-struct wpabuf * ieee802_11_defrag_mle(struct ieee802_11_elems *elems, u8 type);
+struct wpabuf * ieee802_11_defrag(const u8 *data, size_t len, bool ext_elem);
const u8 * get_ml_ie(const u8 *ies, size_t len, u8 type);
const u8 * get_basic_mle_mld_addr(const u8 *buf, size_t len);
diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index a895f9c..619aa19 100644
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -24,6 +24,13 @@
#define WLAN_FC_ISWEP 0x4000
#define WLAN_FC_HTC 0x8000
+#define WLAN_FC_S1G_BEACON_NEXT_TBTT 0x0100
+#define WLAN_FC_S1G_BEACON_COMP_SSID 0x0200
+#define WLAN_FC_S1G_BEACON_ANO 0x0400
+#define WLAN_FC_S1G_BEACON_BSS_BW 0x3800
+#define WLAN_FC_S1G_BEACON_SECURITY 0x4000
+#define WLAN_FC_S1G_BEACON_AP_PM 0x8000
+
#define WLAN_FC_GET_TYPE(fc) (((fc) & 0x000c) >> 2)
#define WLAN_FC_GET_STYPE(fc) (((fc) & 0x00f0) >> 4)
@@ -36,6 +43,7 @@
#define WLAN_FC_TYPE_MGMT 0
#define WLAN_FC_TYPE_CTRL 1
#define WLAN_FC_TYPE_DATA 2
+#define WLAN_FC_TYPE_EXT 3
/* management */
#define WLAN_FC_STYPE_ASSOC_REQ 0
@@ -77,6 +85,10 @@
#define WLAN_FC_STYPE_QOS_CFPOLL 14
#define WLAN_FC_STYPE_QOS_CFACKPOLL 15
+/* extension */
+#define WLAN_FC_STYPE_DMG_BEACON 0
+#define WLAN_FC_STYPE_S1G_BEACON 1
+
/* Authentication algorithms */
#define WLAN_AUTH_OPEN 0
#define WLAN_AUTH_SHARED_KEY 1
@@ -107,7 +119,7 @@
#define WLAN_CAPABILITY_DELAYED_BLOCK_ACK BIT(14)
#define WLAN_CAPABILITY_IMM_BLOCK_ACK BIT(15)
-/* Status codes (IEEE Std 802.11-2016, 9.4.1.9, Table 9-46) */
+/* Status codes (IEEE Std 802.11-2020, 9.4.1.9, Table 9-50) */
#define WLAN_STATUS_SUCCESS 0
#define WLAN_STATUS_UNSPECIFIED_FAILURE 1
#define WLAN_STATUS_TDLS_WAKEUP_ALTERNATE 2
@@ -209,11 +221,20 @@
#define WLAN_STATUS_DENIED_HE_NOT_SUPPORTED 124
#define WLAN_STATUS_SAE_HASH_TO_ELEMENT 126
#define WLAN_STATUS_SAE_PK 127
+#define WLAN_STATUS_DENIED_STA_AFF_WITH_MLD_WITH_EXISTING_ASSOC 130
+#define WLAN_STATUS_EPCS_DENIED_UNAUTHORIZED 131
+#define WLAN_STATUS_EPCS_DENIED 132
+#define WLAN_STATUS_DENIED_TID_TO_LINK_MAPPING 133
+#define WLAN_STATUS_PREFERRED_TID_TO_LINK_MAPPING_SUGGESTED 134
+#define WLAN_STATUS_DENIED_EHT_NOT_SUPPORTED 135
#define WLAN_STATUS_INVALID_PUBLIC_KEY 136
#define WLAN_STATUS_PASN_BASE_AKMP_FAILED 137
#define WLAN_STATUS_OCI_MISMATCH 138
+#define WLAN_STATUS_DENIED_TX_LINK_NOT_ACCEPTED 139
+#define WLAN_STATUS_EPCS_DENIED_VERIFICATION_FAILURE 140
+#define WLAN_STATUS_DENIED_OPERATION_PARAMETER_UPDATE 141
-/* Reason codes (IEEE Std 802.11-2016, 9.4.1.7, Table 9-45) */
+/* Reason codes (IEEE Std 802.11-2020, 9.4.1.7, Table 9-90) */
#define WLAN_REASON_UNSPECIFIED 1
#define WLAN_REASON_PREV_AUTH_NOT_VALID 2
#define WLAN_REASON_DEAUTH_LEAVING 3
@@ -277,7 +298,7 @@
#define WLAN_REASON_MESH_CHANNEL_SWITCH_UNSPECIFIED 66
-/* Information Element IDs (IEEE Std 802.11-2016, 9.4.2.1, Table 9-77) */
+/* Element IDs (IEEE Std 802.11-2020, 9.4.2.1, Table 9-92) */
#define WLAN_EID_SSID 0
#define WLAN_EID_SUPP_RATES 1
#define WLAN_EID_DS_PARAMS 3
@@ -599,7 +620,7 @@
/* Multiple BSSID element subelements */
#define WLAN_MBSSID_SUBELEMENT_NONTRANSMITTED_BSSID_PROFILE 0
-/* Action frame categories (IEEE Std 802.11-2016, 9.4.1.11, Table 9-76) */
+/* Action frame categories (IEEE Std 802.11-2020, 9.4.1.11, Table 9-51) */
#define WLAN_ACTION_SPECTRUM_MGMT 0
#define WLAN_ACTION_QOS 1
#define WLAN_ACTION_DLS 2
@@ -640,7 +661,7 @@
#define WLAN_ACTION_VENDOR_SPECIFIC 127
/* Note: 128-255 used to report errors by setting category | 0x80 */
-/* Public action codes (IEEE Std 802.11-2016, 9.6.8.1, Table 9-307) */
+/* Public action codes (IEEE Std 802.11-2020, 9.6.7.1, Table 9-364) */
#define WLAN_PA_20_40_BSS_COEX 0
#define WLAN_PA_DSE_ENABLEMENT 1
#define WLAN_PA_DSE_DEENABLEMENT 2
@@ -691,8 +712,8 @@
#define WLAN_VHT_ACTION_GROUP_ID_MGMT 1
#define WLAN_VHT_ACTION_OPMODE_NOTIF 2
-/* Protected Dual of Public Action frames (IEEE Std 802.11-2016, 9.6.11,
- * Table 9-332) */
+/* Protected Dual of Public Action frames (IEEE Std 802.11-2020, 9.6.10,
+ * Table 9-404) */
#define WLAN_PROT_DSE_ENABLEMENT 1
#define WLAN_PROT_DSE_DEENABLEMENT 2
#define WLAN_PROT_EXT_CSA 4
@@ -720,7 +741,7 @@
#define WLAN_PROT_NETWORK_CHANNEL_CONTROL 30
#define WLAN_PROT_WHITE_SPACE_MAP_ANNOUNCEMENT 31
-/* SA Query Action frame (IEEE 802.11w/D8.0, 7.4.9) */
+/* SA Query Action frame (IEEE Std 802.11-2020, 9.6.9) */
#define WLAN_SA_QUERY_REQUEST 0
#define WLAN_SA_QUERY_RESPONSE 1
@@ -753,7 +774,7 @@
#define WLAN_PROT_FTM_REPORT 3
/* Radio Measurement capabilities (from RM Enabled Capabilities element)
- * IEEE Std 802.11-2016, 9.4.2.45, Table 9-157 */
+ * IEEE Std 802.11-2020, 9.4.2.44, Table 9-179 */
/* byte 1 (out of 5) */
#define WLAN_RRM_CAPS_LINK_MEASUREMENT BIT(0)
#define WLAN_RRM_CAPS_NEIGHBOR_REPORT BIT(1)
@@ -766,8 +787,8 @@
#define WLAN_RRM_CAPS_FTM_RANGE_REPORT BIT(2)
/*
- * IEEE P802.11-REVmc/D5.0, 9.4.2.21.19 (Fine Timing Measurement Range
- * request) - Minimum AP count
+ * IEEE Std 802.11-2020, 9.4.2.20.19 (Fine Timing Measurement Range
+ * request) - Minimum AP Count
*/
#define WLAN_RRM_RANGE_REQ_MAX_MIN_AP 15
@@ -776,7 +797,8 @@
#define WLAN_TIMEOUT_KEY_LIFETIME 2
#define WLAN_TIMEOUT_ASSOC_COMEBACK 3
-/* Interworking element (IEEE 802.11u) - Access Network Options */
+/* Interworking element (IEEE Std 802.11-2020, 9.4.2.91) -
+ * Access Network Options */
#define INTERWORKING_ANO_ACCESS_NETWORK_MASK 0x0f
#define INTERWORKING_ANO_INTERNET 0x10
#define INTERWORKING_ANO_ASRA 0x20
@@ -792,7 +814,7 @@
#define INTERWORKING_ANT_TEST 6
#define INTERWORKING_ANT_WILDCARD 15
-/* Advertisement Protocol ID definitions (IEEE Std 802.11-2016, Table 9-215) */
+/* Advertisement Protocol ID definitions (IEEE Std 802.11-2020, Table 9-237) */
enum adv_proto_id {
ACCESS_NETWORK_QUERY_PROTOCOL = 0,
MIH_INFO_SERVICE = 1,
@@ -802,8 +824,7 @@
ADV_PROTO_VENDOR_SPECIFIC = 221
};
-/* Access Network Query Protocol info ID definitions (IEEE Std 802.11-2016,
- * Table 9-271; P802.11ai) */
+/* ANQP-element definitions (IEEE Std 802.11-2020, Table 9-331) */
enum anqp_info_id {
ANQP_QUERY_LIST = 256,
ANQP_CAPABILITY_LIST = 257,
@@ -878,7 +899,7 @@
#define S1G_ACT_TWT_INFORMATION 11
/*
- * IEEE P802.11-REVmc/D5.0 Table 9-81 - Measurement type definitions for
+ * IEEE Std 802.11-2020, Table 9-98 - Measurement type definitions for
* measurement requests
*/
enum measure_type {
@@ -902,7 +923,7 @@
MEASURE_TYPE_MEASURE_PAUSE = 255,
};
-/* IEEE Std 802.11-2012 Table 8-71 - Location subject definition */
+/* IEEE Std 802.11-2020, Table 9-110 - Location Subject field definition */
enum location_subject {
LOCATION_SUBJECT_LOCAL = 0,
LOCATION_SUBJECT_REMOTE = 1,
@@ -910,7 +931,7 @@
};
/*
- * IEEE P802.11-REVmc/D5.0 Table 9-94 - Optional subelement IDs for LCI request
+ * IEEE Std 802.11-2020, Table 9-111 - Optional subelement IDs for LCI request
*/
enum lci_req_subelem {
LCI_REQ_SUBELEM_AZIMUTH_REQ = 1,
@@ -945,6 +966,23 @@
#define IEEE80211_HDRLEN (sizeof(struct ieee80211_hdr))
+struct ieee80211_hdr_s1g_beacon {
+ le16 frame_control;
+ le16 duration_id;
+ u8 sa[6];
+ u8 timestamp[4];
+ u8 change_seq[1];
+ /* followed by:
+ * 'u8 next_tbtt[3];' if the Next TBTT Present field in the
+ * Frame Control field is 1
+ * 'u8 compressed_ssid[4];' if the Compressed SSID Present field in
+ * the Frame Control is 1
+ * 'u8 ano[1];' if the ANO field in the Frame Control field is 1
+ */
+} STRUCT_PACKED;
+
+#define IEEE80211_HDRLEN_S1G_BEACON (sizeof(struct ieee80211_hdr_s1g_beacon))
+
#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4))
struct ieee80211_mgmt {
@@ -1396,7 +1434,11 @@
#define WFD_OUI_TYPE 10
#define HS20_IE_VENDOR_TYPE 0x506f9a10
#define OSEN_IE_VENDOR_TYPE 0x506f9a12
+#define NAN_IE_VENDOR_TYPE 0x506f9a13
+#define NAN_SDF_VENDOR_TYPE 0x506f9a13
+#define NAN_OUI_TYPE 0x13
#define MBO_IE_VENDOR_TYPE 0x506f9a16
+#define NAN_NAF_VENDOR_TYPE 0x506f9a18
#define MBO_OUI_TYPE 22
#define OWE_IE_VENDOR_TYPE 0x506f9a1c
#define OWE_OUI_TYPE 28
@@ -1882,8 +1924,9 @@
#define WNM_BSS_TM_REQ_DISASSOC_IMMINENT BIT(2)
#define WNM_BSS_TM_REQ_BSS_TERMINATION_INCLUDED BIT(3)
#define WNM_BSS_TM_REQ_ESS_DISASSOC_IMMINENT BIT(4)
+#define WNM_BSS_TM_REQ_LINK_REMOVAL_IMMINENT BIT(5)
-/* IEEE Std 802.11-2012 - Table 8-253 */
+/* IEEE Std 802.11-2020, Table 9-428 (BTM status code definitions) */
enum bss_trans_mgmt_status_code {
WNM_BSS_TM_ACCEPT = 0,
WNM_BSS_TM_REJECT_UNSPECIFIED = 1,
@@ -1896,9 +1939,36 @@
WNM_BSS_TM_REJECT_LEAVING_ESS = 8
};
+/* BSS transition management reasons
+ * IEEE Std 802.11-2020, Table 9-198 (Transition and Transition Query reasons)
+ */
+enum bss_trans_mgmt_reason {
+ WNM_TRANSITION_REASON_UNSPECIFIED = 0,
+ WNM_TRANSITION_REASON_EXCESSIVE_FRAME_LOSS = 1,
+ WNM_TRANSITION_REASON_EXCESSIVE_DELAY = 2,
+ WNM_TRANSITION_REASON_INSUFFICIENT_QOS = 3,
+ WNM_TRANSITION_REASON_FIRST_ESS_ASSOC = 4,
+ WNM_TRANSITION_REASON_LOAD_BALANCING = 5,
+ WNM_TRANSITION_REASON_BETTER_AP_FOUND = 6,
+ WNM_TRANSITION_REASON_DEAUTH_FROM_PREV_AP = 7,
+ WNM_TRANSITION_REASON_AP_FAILED_EAP = 8,
+ WNM_TRANSITION_REASON_AP_FAILED_4WAY_HS = 9,
+ WNM_TRANSITION_REASON_RX_TOO_MANY_REPLAYS = 10,
+ WNM_TRANSITION_REASON_RX_TOO_MANY_MIC_FAILURES = 11,
+ WNM_TRANSITION_REASON_EXCEEDED_MAX_RETRANS = 12,
+ WNM_TRANSITION_REASON_RX_TOO_MANY_BC_DISASSOC = 13,
+ WNM_TRANSITION_REASON_RX_TOO_MANY_BC_DEAUTH = 14,
+ WNM_TRANSITION_REASON_PREV_TRANSITION_FAILED = 15,
+ WNM_TRANSITION_REASON_LOW_RSSI = 16,
+ WNM_TRANSITION_REASON_ROAM_FROM_NON_802_11 = 17,
+ WNM_TRANSITION_REASON_TRANSITION_DUE_TO_BTM_REQ = 18,
+ WNM_TRANSITION_REASON_PREF_TRANSITION_CANDIDATE_LIST = 19,
+ WNM_TRANSITION_REASON_LEAVING_ESS = 20,
+};
+
/*
- * IEEE P802.11-REVmc/D5.0 Table 9-150 - Optional subelement IDs for
- * neighbor report
+ * IEEE Std 802.11-2020, Table 9-173 - Optional subelement IDs for
+ * Neighbor Report
*/
#define WNM_NEIGHBOR_TSF 1
#define WNM_NEIGHBOR_CONDENSED_COUNTRY_STRING 2
@@ -1925,7 +1995,7 @@
QOS_QOS_MAP_CONFIG = 4,
};
-/* IEEE Std 802.11-2012, 8.4.2.62 20/40 BSS Coexistence element */
+/* IEEE Std 802.11-2020, 9.4.2.59 (20/40 BSS Coexistence element) */
#define WLAN_20_40_BSS_COEX_INFO_REQ BIT(0)
#define WLAN_20_40_BSS_COEX_40MHZ_INTOL BIT(1)
#define WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ BIT(2)
@@ -1973,7 +2043,7 @@
WNM_SLEEP_SUBELEM_BIGTK = 2,
};
-/* WNM notification type (IEEE P802.11-REVmd/D3.0, Table 9-430) */
+/* WNM notification type (IEEE Std 802.11-2020, Table 9-431) */
enum wnm_notification_Type {
WNM_NOTIF_TYPE_FIRMWARE_UPDATE = 0,
WNM_NOTIF_TYPE_BEACON_PROTECTION_FAILURE = 2,
@@ -2049,7 +2119,7 @@
#define RRM_CAPABILITIES_IE_LEN 5
-/* IEEE Std 802.11-2012, 8.5.7.4 - Link Measurement Request frame format */
+/* IEEE Std 802.11-2020, 9.6.6.4 - Link Measurement Request frame format */
struct rrm_link_measurement_request {
u8 dialog_token;
s8 tx_power;
@@ -2057,7 +2127,7 @@
u8 variable[0];
} STRUCT_PACKED;
-/* IEEE Std 802.11-2012, 8.5.7.5 - Link Measurement Report frame format */
+/* IEEE Std 802.11-2020, 9.6.6.5 - Link Measurement Report frame format */
struct rrm_link_measurement_report {
u8 dialog_token;
struct tpc_report tpc;
@@ -2068,7 +2138,7 @@
u8 variable[0];
} STRUCT_PACKED;
-/* IEEE Std 802.11-2016, 9.4.2.21 - Measurement Request element */
+/* IEEE Std 802.11-2020, 9.4.2.20 - Measurement Request element */
struct rrm_measurement_request_element {
u8 eid; /* Element ID */
u8 len; /* Length */
@@ -2078,14 +2148,14 @@
u8 variable[0]; /* Measurement Request */
} STRUCT_PACKED;
-/* IEEE Std 802.11-2016, Figure 9-148 - Measurement Request Mode field */
+/* IEEE Std 802.11-2020, Figure 9-180 - Measurement Request Mode field format */
#define MEASUREMENT_REQUEST_MODE_PARALLEL BIT(0)
#define MEASUREMENT_REQUEST_MODE_ENABLE BIT(1)
#define MEASUREMENT_REQUEST_MODE_REQUEST BIT(2)
#define MEASUREMENT_REQUEST_MODE_REPORT BIT(3)
#define MEASUREMENT_REQUEST_MODE_DURATION_MANDATORY BIT(4)
-/* IEEE Std 802.11-2016, 9.4.2.21.7 - Beacon request */
+/* IEEE Std 802.11-2020, 9.4.2.20.7 - Beacon request */
struct rrm_measurement_beacon_request {
u8 oper_class; /* Operating Class */
u8 channel; /* Channel Number */
@@ -2097,7 +2167,7 @@
} STRUCT_PACKED;
/*
- * IEEE Std 802.11-2016, Table 9-87 - Measurement Mode definitions for Beacon
+ * IEEE Std 802.11-2020, Table 9-103 - Measurement Mode definitions for Beacon
* request
*/
enum beacon_report_mode {
@@ -2106,20 +2176,19 @@
BEACON_REPORT_MODE_TABLE = 2,
};
-/* IEEE Std 802.11-2016, Table 9-88 - Beacon Request subelement IDs */
-/* IEEE P802.11-REVmd/D2.0, Table 9-106 - Optional subelement IDs for
+/* IEEE Std 802.11-2020, Table 9-104 - Optional subelement IDs for
* Beacon request */
#define WLAN_BEACON_REQUEST_SUBELEM_SSID 0
#define WLAN_BEACON_REQUEST_SUBELEM_INFO 1 /* Beacon Reporting */
#define WLAN_BEACON_REQUEST_SUBELEM_DETAIL 2 /* Reporting Detail */
#define WLAN_BEACON_REQUEST_SUBELEM_REQUEST 10
+#define WLAN_BEACON_REQUEST_SUBELEM_EXT_REQUEST 11
#define WLAN_BEACON_REQUEST_SUBELEM_AP_CHANNEL 51 /* AP Channel Report */
+#define WLAN_BEACON_REQUEST_SUBELEM_WIDE_BW_CS 163
#define WLAN_BEACON_REQUEST_SUBELEM_LAST_INDICATION 164
#define WLAN_BEACON_REQUEST_SUBELEM_VENDOR 221
-/*
- * IEEE Std 802.11-2016, Table 9-90 - Reporting Detail values
- */
+/* IEEE Std 802.11-2020, Table 9-106 - Reporting Detail values */
enum beacon_report_detail {
/* No fixed-length fields or elements */
BEACON_REPORT_DETAIL_NONE = 0,
@@ -2131,7 +2200,7 @@
BEACON_REPORT_DETAIL_ALL_FIELDS_AND_ELEMENTS = 2,
};
-/* IEEE Std 802.11-2016, 9.4.2.22 - Measurement Report element */
+/* IEEE Std 802.11-2020, 9.4.2.21 - Measurement Report element */
struct rrm_measurement_report_element {
u8 eid; /* Element ID */
u8 len; /* Length */
@@ -2141,13 +2210,13 @@
u8 variable[0]; /* Measurement Report */
} STRUCT_PACKED;
-/* IEEE Std 802.11-2016, Figure 9-192 - Measurement Report Mode field */
+/* IEEE Std 802.11-2020, Figure 9-223 - Measurement Report Mode field */
#define MEASUREMENT_REPORT_MODE_ACCEPT 0
#define MEASUREMENT_REPORT_MODE_REJECT_LATE BIT(0)
#define MEASUREMENT_REPORT_MODE_REJECT_INCAPABLE BIT(1)
#define MEASUREMENT_REPORT_MODE_REJECT_REFUSED BIT(2)
-/* IEEE Std 802.11-2016, 9.4.2.22.7 - Beacon report */
+/* IEEE Std 802.11-2020, 9.4.2.21.7 - Beacon report */
struct rrm_measurement_beacon_report {
u8 op_class; /* Operating Class */
u8 channel; /* Channel Number */
@@ -2163,23 +2232,23 @@
u8 variable[0]; /* Optional Subelements */
} STRUCT_PACKED;
-/* IEEE Std 802.11-2016, Table 9-112 - Beacon report Subelement IDs */
-/* IEEE P802.11-REVmd/D2.0, Table 9-130 - Optional subelement IDs for
+/* IEEE Std 802.11-2020, Table 9-130 - Optional subelement IDs for
* Beacon report */
#define WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY 1
#define WLAN_BEACON_REPORT_SUBELEM_FRAME_BODY_FRAGMENT_ID 2
+#define WLAN_BEACON_REPORT_SUBELEM_WID_BW_CS 163
#define WLAN_BEACON_REPORT_SUBELEM_LAST_INDICATION 164
#define WLAN_BEACON_REPORT_SUBELEM_VENDOR 221
-/* IEEE P802.11-REVmd/D2.0, Table 9-232 - Data field format of the
- * Reported Frame Body Fragment ID subelement */
+/* IEEE Std 802.11-2020, Table 9-232 - Data field format (of the
+ * Reported Frame Body Fragment ID subelement) */
#define REPORTED_FRAME_BODY_SUBELEM_LEN 4
#define REPORTED_FRAME_BODY_MORE_FRAGMENTS BIT(7)
-/* IEEE P802.11-REVmd/D2.0, 9.4.2.21.7 - Beacon report */
+/* IEEE Std 802.11-2020, 9.4.2.21.7 - Beacon report */
#define BEACON_REPORT_LAST_INDICATION_SUBELEM_LEN 3
-/* IEEE Std 802.11ad-2012 - Multi-band element */
+/* IEEE Std 802.11-2020, 9.4.2.138 - Multi-band element */
struct multi_band_ie {
u8 eid; /* WLAN_EID_MULTI_BAND */
u8 len;
@@ -2225,7 +2294,7 @@
#define MB_CONNECTION_CAPABILITY_TDLS ((u8) (BIT(3)))
#define MB_CONNECTION_CAPABILITY_IBSS ((u8) (BIT(4)))
-/* IEEE Std 802.11ad-2014 - FST Action field */
+/* IEEE Std 802.11-2020, Table 9-479 - FST Action field values */
enum fst_action {
FST_ACTION_SETUP_REQUEST = 0,
FST_ACTION_SETUP_RESPONSE = 1,
@@ -2235,21 +2304,23 @@
FST_ACTION_ON_CHANNEL_TUNNEL = 5,
};
-/* IEEE Std 802.11ac-2013, Annex C - dot11PHYType */
+/* IEEE Std 802.11-2020, Annex C - dot11PHYType */
enum phy_type {
PHY_TYPE_UNSPECIFIED = 0,
- PHY_TYPE_FHSS = 1,
PHY_TYPE_DSSS = 2,
- PHY_TYPE_IRBASEBAND = 3,
PHY_TYPE_OFDM = 4,
PHY_TYPE_HRDSSS = 5,
PHY_TYPE_ERP = 6,
PHY_TYPE_HT = 7,
PHY_TYPE_DMG = 8,
PHY_TYPE_VHT = 9,
+ PHY_TYPE_TVHT = 10,
+ PHY_TYPE_S1G = 11,
+ PHY_TYPE_CDMG = 12,
+ PHY_TYPE_CMMG = 13,
};
-/* IEEE P802.11-REVmd/D3.0, 9.4.2.36 - Neighbor Report element */
+/* IEEE Std 802.11-2020, 9.4.2.36 - Neighbor Report element */
/* BSSID Information Field */
#define NEI_REP_BSSID_INFO_AP_NOT_REACH BIT(0)
#define NEI_REP_BSSID_INFO_AP_UNKNOWN_REACH BIT(1)
@@ -2270,7 +2341,7 @@
#define NEI_REP_BSSID_INFO_EHT BIT(21)
/*
- * IEEE P802.11-REVmc/D5.0 Table 9-152 - HT/VHT Operation Information
+ * IEEE Std 802.11-2020, Table 9-175 - HT/VHT Operation Information
* subfields.
* Note: These definitions are not the same as other CHANWIDTH_*.
*/
@@ -2434,16 +2505,31 @@
#define HE_OPERATION_6GHZ_OPER_INFO_LEN 5
/**
- * enum he_6ghz_ap_type - Allowed Access Point types for 6 GHz Band
+ * enum he_reg_info_6ghz_ap_type - Allowed Access Point types for 6 GHz Band
*
- * IEEE Std 802.11ax-2021, Table E-12 (Regulatory Info subfield encoding in the
- * United States)
+ * IEEE P802.11-REVme/D4.0, Table E-12 (Regulatory Info subfield encoding)
*/
-enum he_6ghz_ap_type {
- HE_6GHZ_INDOOR_AP = 0,
- HE_6GHZ_STANDARD_POWER_AP = 1,
+enum he_reg_info_6ghz_ap_type {
+ HE_REG_INFO_6GHZ_AP_TYPE_INDOOR = 0,
+ HE_REG_INFO_6GHZ_AP_TYPE_SP = 1,
+ HE_REG_INFO_6GHZ_AP_TYPE_VLP = 2,
+ HE_REG_INFO_6GHZ_AP_TYPE_INDOOR_ENABLED = 3,
+ HE_REG_INFO_6GHZ_AP_TYPE_INDOOR_SP = 4,
+ HE_REG_INFO_6GHZ_AP_TYPE_MAX = HE_REG_INFO_6GHZ_AP_TYPE_INDOOR_SP,
};
+static inline bool he_reg_is_indoor(enum he_reg_info_6ghz_ap_type type)
+{
+ return type == HE_REG_INFO_6GHZ_AP_TYPE_INDOOR ||
+ type == HE_REG_INFO_6GHZ_AP_TYPE_INDOOR_SP;
+}
+
+static inline bool he_reg_is_sp(enum he_reg_info_6ghz_ap_type type)
+{
+ return type == HE_REG_INFO_6GHZ_AP_TYPE_SP ||
+ type == HE_REG_INFO_6GHZ_AP_TYPE_INDOOR_SP;
+}
+
/* Spatial Reuse defines */
#define SPATIAL_REUSE_SRP_DISALLOWED BIT(0)
#define SPATIAL_REUSE_NON_SRG_OBSS_PD_SR_DISALLOWED BIT(1)
@@ -2511,7 +2597,18 @@
#define RNR_BSS_PARAM_MEMBER_CO_LOCATED_ESS BIT(4)
#define RNR_BSS_PARAM_UNSOLIC_PROBE_RESP_ACTIVE BIT(5)
#define RNR_BSS_PARAM_CO_LOCATED BIT(6)
-#define RNR_20_MHZ_PSD_MAX_TXPOWER 255 /* dBm */
+/* Maximum transmit power in Y/2 dBm (-127..126); 127 indicates no maximum
+ * transmit power is specified for the corresponding 20 MHz channel. */
+#define RNR_20_MHZ_PSD_MAX_TXPOWER 127
+
+/* IEEE P802.11be/D5.0, Figure 9-704c - MLD Parameters subfield format */
+/* B0..B7: AP MLD ID */
+/* B8..B11: Link ID */
+/* B12..B19: BSS Parameters Change Count */
+/* B20: All Updates Included */
+#define RNR_TBTT_INFO_MLD_PARAM2_ALL_UPDATE_INC 0x10
+/* B21: Disabled Link Indication */
+#define RNR_TBTT_INFO_MLD_PARAM2_LINK_DISABLED 0x20
/* IEEE P802.11be/D2.3, 9.4.2.311 - EHT Operation element */
@@ -2725,6 +2822,17 @@
#define EHT_PER_STA_CTRL_NSTR_BM_SIZE_MSK 0x0400
#define EHT_PER_STA_CTRL_BSS_PARAM_CNT_PRESENT_MSK 0x0800
+/* IEEE P802.11be/D4.1, Figure 9-1001x - STA Control field format for the
+ * Reconfiguration Multi-Link element */
+#define EHT_PER_STA_RECONF_CTRL_LINK_ID_MSK 0x000f
+#define EHT_PER_STA_RECONF_CTRL_COMPLETE_PROFILE 0x0010
+#define EHT_PER_STA_RECONF_CTRL_MAC_ADDR 0x0020
+#define EHT_PER_STA_RECONF_CTRL_AP_REMOVAL_TIMER 0x0040
+#define EHT_PER_STA_RECONF_CTRL_OP_UPDATE_TYPE_MSK 0x0780
+#define EHT_PER_STA_RECONF_CTRL_OP_PARAMS 0x0800
+#define EHT_PER_STA_RECONF_CTRL_NSTR_BITMAP_SIZE 0x1000
+#define EHT_PER_STA_RECONF_CTRL_NSTR_INDIC_BITMAP 0x2000
+
/* IEEE P802.11be/D2.0, 9.4.2.312.2.4 - Per-STA Profile subelement format */
struct ieee80211_eht_per_sta_profile {
le16 sta_control;
@@ -2733,9 +2841,11 @@
u8 variable[];
} STRUCT_PACKED;
-/* IEEE P802.11be/D2.0, 9.4.2.312.3 - Probe Request Multi-Link element */
+/* IEEE P802.11be/D4.0, 9.4.2.312.3 - Probe Request Multi-Link element
+ * Presence Bitmap field is B4..B15 of the Multi-Link Control field, i.e.,
+ * B0 in the presence bitmap is B4 in the control field. */
-#define EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID 0x0001
+#define EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID 0x0010
struct eht_ml_probe_req_common_info {
u8 len;
@@ -2869,8 +2979,8 @@
};
/*
- * IEEE Std 802.11ai-2016, 9.6.8.36 FILS Discovery frame format,
- * Figure 9-687b - FILS Discovery Frame Control subfield format
+ * IEEE Std 802.11-2020, 9.6.7.36 FILS Discovery frame format,
+ * Figure 9-900 - FILS Discovery Frame Control subfield format
*/
#define FD_FRAME_CTL_CAP_PRESENT ((u16) BIT(5))
#define FD_FRAME_CTL_SHORT_SSID_PRESENT ((u16) BIT(6))
@@ -2883,8 +2993,8 @@
#define FD_FRAME_CTL_MD_PRESENT ((u16) BIT(13))
/*
- * IEEE Std 802.11ai-2016, 9.6.8.36 FILS Discovery frame format,
- * Figure 9-687c - FD Capability subfield format
+ * IEEE Std 802.11-2020, 9.6.7.36 FILS Discovery frame format,
+ * Figure 9-901 - FD Capability subfield format
*/
#define FD_CAP_ESS BIT(0)
#define FD_CAP_PRIVACY BIT(1)
@@ -2973,6 +3083,15 @@
u8 data[0];
} STRUCT_PACKED;
+/* S1G Beacon Compatibility element */
+struct ieee80211_s1g_beacon_compat {
+ u8 element_id;
+ u8 length;
+ le16 compat_info;
+ le16 beacon_interval;
+ le32 tsf_completion;
+} STRUCT_PACKED;
+
#ifdef _MSC_VER
#pragma pack(pop)
#endif /* _MSC_VER */
diff --git a/src/common/nan.h b/src/common/nan.h
new file mode 100644
index 0000000..19ab746
--- /dev/null
+++ b/src/common/nan.h
@@ -0,0 +1,98 @@
+/*
+ * NAN (Wi-Fi Aware) definitions
+ * Copyright (c) 2024, Qualcomm Innovation Center, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef NAN_H
+#define NAN_H
+
+enum nan_attr_id {
+ NAN_ATTR_MASTER_INDICATION = 0x00,
+ NAN_ATTR_CLUSTER = 0x01,
+ NAN_ATTR_NAN_ATTR_SERVICE_ID_LIST = 0x02,
+ NAN_ATTR_SDA = 0x03, /* Service Descriptor attribute */
+ NAN_ATTR_CONN_CAPA = 0x04,
+ NAN_ATTR_WLAN_INFRA = 0x05,
+ NAN_ATTR_P2P_OPER = 0x06,
+ NAN_ATTR_IBSS = 0x07,
+ NAN_ATTR_MESH = 0x08,
+ NAN_ATTR_FURTHER_NAN_SD = 0x09,
+ NAN_ATTR_FURTHER_AVAIL_MAP = 0x0A,
+ NAN_ATTR_COUNTRY_CODE = 0x0B,
+ NAN_ATTR_RANGIN = 0x0C,
+ NAN_ATTR_CLUSTER_DISCOVERY = 0x0D,
+ NAN_ATTR_SDEA = 0x0E, /* Service Descriptor Extension attribute */
+ NAN_ATTR_DEVICE_CAPABILITY = 0x0F,
+ NAN_ATTR_NDP = 0x10,
+ NAN_ATTR_NAN_AVAILABILITY = 0x12,
+ NAN_ATTR_NDC = 0x13,
+ NAN_ATTR_NDL = 0x14,
+ NAN_ATTR_NDL_QOS = 0x15,
+ NAN_ATTR_UNALIGNED_SCHEDULE = 0x17,
+ NAN_ATTR_RANGING_INFO = 0x1A,
+ NAN_ATTR_RANGING_SETUP = 0x1B,
+ NAN_ATTR_FTM_RANGING_REPORT = 0x1C,
+ NAN_ATTR_ELEM_CONTAINER = 0x1D,
+ NAN_ATTR_EXT_WLAN_INFRA = 0x1E,
+ NAN_ATTR_EXT_P2P_OPER = 0x1FE,
+ NAN_ATTR_EXT_IBSS = 0x20,
+ NAN_ATTR_EXT_MESH = 0x21,
+ NAN_ATTR_CSIA = 0x22, /* Cipher Suite Info attribute */
+ NAN_ATTR_SCIA = 0x23, /* Security Context Info attribute */
+ NAN_ATTR_SHARED_KEY_DESCR = 0x24,
+ NAN_ATTR_PUBLIC_AVAILABILITY = 0x27,
+ NAN_ATTR_SUBSC_SERVICE_ID_LIST = 0x28,
+ NAN_ATTR_NDP_EXT = 0x29,
+ NAN_ATTR_DCEA = 0x2A, /* Device Capability Extension attribute */
+ NAN_ATTR_NIRA = 0x2B, /* NAN Identity Resolution attribute */
+ NAN_ATTR_BPBA = 0x2C, /* NAN Pairing Bootstrapping attribute */
+ NAN_ATTR_S3 = 0x2D,
+ NAN_ATTR_TPEA = 0x2E, /* Transmit Power Envelope attribute */
+ NAN_ATTR_VENDOR_SPECIFIC = 0xDD,
+};
+
+/* Service Descriptor attribute (SDA) */
+
+/* Service Control field */
+#define NAN_SRV_CTRL_TYPE_MASK (BIT(0) | BIT(1))
+#define NAN_SRV_CTRL_MATCHING_FILTER BIT(2)
+#define NAN_SRV_CTRL_RESP_FILTER BIT(3)
+#define NAN_SRV_CTRL_SRV_INFO BIT(4)
+#define NAN_SRV_CTRL_DISCOVERY_RANGE_LIMITED BIT(5)
+#define NAN_SRV_CTRL_BINDING_BITMAP BIT(6)
+
+enum nan_service_control_type {
+ NAN_SRV_CTRL_PUBLISH = 0,
+ NAN_SRV_CTRL_SUBSCRIBE = 1,
+ NAN_SRV_CTRL_FOLLOW_UP = 2,
+};
+
+/* Service Descriptor Extension attribute (SDEA) */
+
+/* SDEA Control field */
+#define NAN_SDEA_CTRL_FSD_REQ BIT(0)
+#define NAN_SDEA_CTRL_FSD_GAS BIT(1)
+#define NAN_SDEA_CTRL_DATA_PATH_REQ BIT(2)
+#define NAN_SDEA_CTRL_DATA_PATH_TYPE BIT(3)
+#define NAN_SDEA_CTRL_QOS_REQ BIT(5)
+#define NAN_SDEA_CTRL_SECURITY_REQ BIT(6)
+#define NAN_SDEA_CTRL_RANGING_REQ BIT(7)
+#define NAN_SDEA_CTRL_RANGE_LIMIT BIT(8)
+#define NAN_SDEA_CTRL_SRV_UPD_INDIC BIT(9)
+#define NAN_SDEA_CTRL_GTK_REQ BIT(10)
+
+enum nan_service_protocol_type {
+ NAN_SRV_PROTO_BONJOUR = 1,
+ NAN_SRV_PROTO_GENERIC = 2,
+ NAN_SRV_PROTO_CSA_MATTER = 3,
+};
+
+#define NAN_ATTR_HDR_LEN 3
+#define NAN_SERVICE_ID_LEN 6
+
+#define NAN_USD_DEFAULT_FREQ 2437
+
+#endif /* NAN_H */
diff --git a/src/common/nan_de.c b/src/common/nan_de.c
new file mode 100644
index 0000000..e1999a0
--- /dev/null
+++ b/src/common/nan_de.c
@@ -0,0 +1,1389 @@
+/*
+ * NAN Discovery Engine
+ * Copyright (c) 2024, Qualcomm Innovation Center, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "utils/includes.h"
+
+#include "utils/common.h"
+#include "utils/eloop.h"
+#include "crypto/crypto.h"
+#include "crypto/sha256.h"
+#include "ieee802_11_defs.h"
+#include "nan.h"
+#include "nan_de.h"
+
+static const u8 nan_network_id[ETH_ALEN] =
+{ 0x51, 0x6f, 0x9a, 0x01, 0x00, 0x00 };
+static const u8 wildcard_bssid[ETH_ALEN] =
+{ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
+
+enum nan_de_service_type {
+ NAN_DE_PUBLISH,
+ NAN_DE_SUBSCRIBE,
+};
+
+struct nan_de_service {
+ int id;
+ enum nan_de_service_type type;
+ char *service_name;
+ u8 service_id[NAN_SERVICE_ID_LEN];
+ struct nan_publish_params publish;
+ struct nan_subscribe_params subscribe;
+ enum nan_service_protocol_type srv_proto_type;
+ struct wpabuf *ssi;
+ struct wpabuf *elems;
+ struct os_reltime time_started;
+ struct os_reltime end_time;
+ struct os_reltime last_multicast;
+ struct os_reltime first_discovered;
+ struct os_reltime last_followup;
+ bool needs_fsd;
+ unsigned int freq;
+ unsigned int default_freq;
+ int *freq_list;
+
+ /* pauseState information for Publish function */
+ struct os_reltime pause_state_end;
+ u8 sel_peer_id;
+ u8 sel_peer_addr[ETH_ALEN];
+
+ /* Publish state - channel iteration */
+ bool in_multi_chan;
+ bool first_multi_chan;
+ int multi_chan_idx; /* index to freq_list[] */
+ struct os_reltime next_publish_state;
+ struct os_reltime next_publish_chan;
+ unsigned int next_publish_duration;
+};
+
+struct nan_de {
+ u8 nmi[ETH_ALEN];
+ bool ap;
+ struct nan_callbacks cb;
+
+ struct nan_de_service *service[NAN_DE_MAX_SERVICE];
+ unsigned int num_service;
+
+ int next_handle;
+
+ unsigned int ext_listen_freq;
+ unsigned int listen_freq;
+ unsigned int tx_wait_status_freq;
+ unsigned int tx_wait_end_freq;
+};
+
+
+struct nan_de * nan_de_init(const u8 *nmi, bool ap,
+ const struct nan_callbacks *cb)
+{
+ struct nan_de *de;
+
+ de = os_zalloc(sizeof(*de));
+ if (!de)
+ return NULL;
+
+ os_memcpy(de->nmi, nmi, ETH_ALEN);
+ de->ap = ap;
+ os_memcpy(&de->cb, cb, sizeof(*cb));
+
+ return de;
+}
+
+
+static void nan_de_service_free(struct nan_de_service *srv)
+{
+ os_free(srv->service_name);
+ wpabuf_free(srv->ssi);
+ wpabuf_free(srv->elems);
+ os_free(srv->freq_list);
+ os_free(srv);
+}
+
+
+static void nan_de_service_deinit(struct nan_de *de, struct nan_de_service *srv,
+ enum nan_de_reason reason)
+{
+ if (!srv)
+ return;
+ if (srv->type == NAN_DE_PUBLISH && de->cb.publish_terminated)
+ de->cb.publish_terminated(de->cb.ctx, srv->id, reason);
+ if (srv->type == NAN_DE_SUBSCRIBE && de->cb.subscribe_terminated)
+ de->cb.subscribe_terminated(de->cb.ctx, srv->id, reason);
+ nan_de_service_free(srv);
+}
+
+
+static void nan_de_clear_pending(struct nan_de *de)
+{
+ de->listen_freq = 0;
+ de->tx_wait_status_freq = 0;
+ de->tx_wait_end_freq = 0;
+}
+
+
+void nan_de_flush(struct nan_de *de)
+{
+ unsigned int i;
+
+ if (!de)
+ return;
+
+ for (i = 0; i < NAN_DE_MAX_SERVICE; i++) {
+ nan_de_service_deinit(de, de->service[i],
+ NAN_DE_REASON_USER_REQUEST);
+ de->service[i] = NULL;
+ }
+
+ de->num_service = 0;
+ nan_de_clear_pending(de);
+}
+
+
+static void nan_de_pause_state(struct nan_de_service *srv, const u8 *peer_addr,
+ u8 peer_id)
+{
+ wpa_printf(MSG_DEBUG, "NAN: Start pauseState");
+ os_get_reltime(&srv->pause_state_end);
+ srv->pause_state_end.sec += 60;
+ os_memcpy(srv->sel_peer_addr, peer_addr, ETH_ALEN);
+ srv->sel_peer_id = peer_id;
+}
+
+
+static void nan_de_unpause_state(struct nan_de_service *srv)
+{
+ wpa_printf(MSG_DEBUG, "NAN: Stop pauseState");
+ srv->pause_state_end.sec = 0;
+ srv->pause_state_end.usec = 0;
+ os_memset(srv->sel_peer_addr, 0, ETH_ALEN);
+ srv->sel_peer_id = 0;
+}
+
+
+static struct wpabuf * nan_de_alloc_sdf(size_t len)
+{
+ struct wpabuf *buf;
+
+ buf = wpabuf_alloc(2 + 4 + len);
+ if (buf) {
+ wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
+ wpabuf_put_u8(buf, WLAN_PA_VENDOR_SPECIFIC);
+ wpabuf_put_be32(buf, NAN_SDF_VENDOR_TYPE);
+ }
+
+ return buf;
+}
+
+
+static int nan_de_tx(struct nan_de *de, unsigned int freq,
+ unsigned int wait_time,
+ const u8 *dst, const u8 *src, const u8 *bssid,
+ const struct wpabuf *buf)
+{
+ int res;
+
+ if (!de->cb.tx)
+ return -1;
+
+ res = de->cb.tx(de->cb.ctx, freq, wait_time, dst, src, bssid, buf);
+ if (res < 0)
+ return res;
+
+ de->tx_wait_status_freq = freq;
+ de->tx_wait_end_freq = wait_time ? freq : 0;
+
+ return res;
+}
+
+
+static void nan_de_tx_sdf(struct nan_de *de, struct nan_de_service *srv,
+ unsigned int wait_time,
+ enum nan_service_control_type type,
+ const u8 *dst, u8 req_instance_id,
+ const struct wpabuf *ssi)
+{
+ struct wpabuf *buf;
+ size_t len = 0, sda_len, sdea_len;
+ u8 ctrl = type;
+ u16 sdea_ctrl = 0;
+
+ /* Service Descriptor attribute */
+ sda_len = NAN_SERVICE_ID_LEN + 1 + 1 + 1;
+ len += NAN_ATTR_HDR_LEN + sda_len;
+
+ /* Service Descriptor Extension attribute */
+ sdea_len = 1 + 2;
+ if (ssi)
+ sdea_len += 2 + 4 + wpabuf_len(ssi);
+ len += NAN_ATTR_HDR_LEN + sdea_len;
+
+ /* Element Container attribute */
+ if (srv->elems)
+ len += NAN_ATTR_HDR_LEN + 1 + wpabuf_len(srv->elems);
+
+ buf = nan_de_alloc_sdf(len);
+ if (!buf)
+ return;
+
+ /* Service Descriptor attribute */
+ wpabuf_put_u8(buf, NAN_ATTR_SDA);
+ wpabuf_put_le16(buf, sda_len);
+ wpabuf_put_data(buf, srv->service_id, NAN_SERVICE_ID_LEN);
+ wpabuf_put_u8(buf, srv->id); /* Instance ID */
+ wpabuf_put_u8(buf, req_instance_id); /* Requestor Instance ID */
+ wpabuf_put_u8(buf, ctrl);
+
+ /* Service Descriptor Extension attribute */
+ if (srv->type == NAN_DE_PUBLISH || ssi) {
+ wpabuf_put_u8(buf, NAN_ATTR_SDEA);
+ wpabuf_put_le16(buf, sdea_len);
+ wpabuf_put_u8(buf, srv->id); /* Instance ID */
+ if (srv->type == NAN_DE_PUBLISH) {
+ if (srv->publish.fsd)
+ sdea_ctrl |= NAN_SDEA_CTRL_FSD_REQ;
+ if (srv->publish.fsd_gas)
+ sdea_ctrl |= NAN_SDEA_CTRL_FSD_GAS;
+ }
+ wpabuf_put_le16(buf, sdea_ctrl);
+ if (ssi) {
+ wpabuf_put_le16(buf, 4 + wpabuf_len(ssi));
+ wpabuf_put_be24(buf, OUI_WFA);
+ wpabuf_put_u8(buf, srv->srv_proto_type);
+ wpabuf_put_buf(buf, ssi);
+ }
+ }
+
+ /* Element Container attribute */
+ if (srv->elems) {
+ wpabuf_put_u8(buf, NAN_ATTR_ELEM_CONTAINER);
+ wpabuf_put_le16(buf, 1 + wpabuf_len(srv->elems));
+ wpabuf_put_u8(buf, 0); /* Map ID */
+ wpabuf_put_buf(buf, srv->elems);
+ }
+
+ /* Wi-Fi Aware specification v4.0 uses NAN Cluster ID as A3 for USD,
+ * but there is no synchronization in USD as as such, no NAN Cluster
+ * either. Use Wildcard BSSID instead. */
+ nan_de_tx(de, srv->freq, wait_time, dst, de->nmi, wildcard_bssid, buf);
+ wpabuf_free(buf);
+}
+
+
+static int nan_de_time_to_next_chan_change(struct nan_de_service *srv)
+{
+ struct os_reltime tmp, diff, now;
+
+ if (os_reltime_before(&srv->next_publish_state,
+ &srv->next_publish_chan))
+ tmp = srv->next_publish_state;
+ else if (srv->in_multi_chan)
+ tmp = srv->next_publish_chan;
+ else
+ tmp = srv->next_publish_state;
+
+ os_get_reltime(&now);
+ os_reltime_sub(&tmp, &now, &diff);
+ return os_reltime_in_ms(&diff);
+}
+
+
+static void nan_de_set_publish_times(struct nan_de_service *srv)
+{
+ os_get_reltime(&srv->next_publish_state);
+ srv->next_publish_chan = srv->next_publish_state;
+ /* Swap single/multi channel state in N * 100 TU */
+ os_reltime_add_ms(&srv->next_publish_state,
+ srv->next_publish_duration * 1024 / 1000);
+
+ /* Swap channel in multi channel state after 150 ms */
+ os_reltime_add_ms(&srv->next_publish_chan, 150);
+}
+
+
+static void nan_de_check_chan_change(struct nan_de_service *srv)
+{
+ if (srv->next_publish_duration) {
+ /* Update end times for the first operation of the publish
+ * iteration */
+ nan_de_set_publish_times(srv);
+ srv->next_publish_duration = 0;
+ } else if (srv->in_multi_chan) {
+ if (!os_reltime_initialized(&srv->pause_state_end)) {
+ srv->multi_chan_idx++;
+ if (srv->freq_list[srv->multi_chan_idx] == 0)
+ srv->multi_chan_idx = 0;
+ srv->freq = srv->freq_list[srv->multi_chan_idx];
+ wpa_printf(MSG_DEBUG,
+ "NAN: Publish multi-channel change to %u MHz",
+ srv->freq);
+ }
+ os_get_reltime(&srv->next_publish_chan);
+ os_reltime_add_ms(&srv->next_publish_chan, 150);
+ }
+}
+
+
+static void nan_de_tx_multicast(struct nan_de *de, struct nan_de_service *srv,
+ u8 req_instance_id)
+{
+ enum nan_service_control_type type;
+ unsigned int wait_time = 100;
+
+ if (srv->type == NAN_DE_PUBLISH) {
+ int ms;
+
+ type = NAN_SRV_CTRL_PUBLISH;
+
+ nan_de_check_chan_change(srv);
+ ms = nan_de_time_to_next_chan_change(srv);
+ if (ms < 100)
+ ms = 100;
+ wait_time = ms;
+ } else if (srv->type == NAN_DE_SUBSCRIBE) {
+ type = NAN_SRV_CTRL_SUBSCRIBE;
+ } else {
+ return;
+ }
+
+ nan_de_tx_sdf(de, srv, wait_time, type, nan_network_id,
+ req_instance_id, srv->ssi);
+ os_get_reltime(&srv->last_multicast);
+}
+
+
+static void nan_de_add_srv(struct nan_de *de, struct nan_de_service *srv)
+{
+ int ttl;
+
+ os_get_reltime(&srv->time_started);
+ ttl = srv->type == NAN_DE_PUBLISH ? srv->publish.ttl :
+ srv->subscribe.ttl;
+ if (ttl) {
+ srv->end_time = srv->time_started;
+ srv->end_time.sec += ttl;
+ }
+
+ de->service[srv->id - 1] = srv;
+ de->num_service++;
+}
+
+
+static void nan_de_del_srv(struct nan_de *de, struct nan_de_service *srv,
+ enum nan_de_reason reason)
+{
+ de->service[srv->id - 1] = NULL;
+ nan_de_service_deinit(de, srv, reason);
+ de->num_service--;
+ if (de->num_service == 0)
+ nan_de_clear_pending(de);
+}
+
+
+static bool nan_de_srv_expired(struct nan_de_service *srv,
+ struct os_reltime *now)
+{
+ if (os_reltime_initialized(&srv->end_time))
+ return os_reltime_before(&srv->end_time, now);
+
+ if (srv->type == NAN_DE_PUBLISH) {
+ /* Time out after one transmission (and wait for FSD) */
+ if (!os_reltime_initialized(&srv->last_multicast))
+ return false;
+ if (!srv->publish.fsd)
+ return true;
+ if (os_reltime_initialized(&srv->last_followup) &&
+ !os_reltime_expired(now, &srv->last_followup, 1))
+ return false;
+ if (os_reltime_expired(now, &srv->last_multicast, 1))
+ return true;
+ }
+
+ if (srv->type == NAN_DE_SUBSCRIBE) {
+ /* Time out after first DiscoveryResult event (and wait for
+ * FSD) */
+ if (!os_reltime_initialized(&srv->first_discovered))
+ return false;
+ if (!srv->needs_fsd)
+ return true;
+ if (os_reltime_initialized(&srv->last_followup) &&
+ !os_reltime_expired(now, &srv->last_followup, 1))
+ return false;
+ if (os_reltime_expired(now, &srv->first_discovered, 1))
+ return true;
+ }
+
+ return false;
+}
+
+
+static int nan_de_next_multicast(struct nan_de *de, struct nan_de_service *srv,
+ struct os_reltime *now)
+{
+ unsigned int period;
+ struct os_reltime next, diff;
+
+ if (srv->type == NAN_DE_PUBLISH && !srv->publish.unsolicited)
+ return -1;
+ if (srv->type == NAN_DE_SUBSCRIBE && !srv->subscribe.active)
+ return -1;
+
+ if (!os_reltime_initialized(&srv->last_multicast))
+ return 0;
+
+ if (srv->type == NAN_DE_PUBLISH && srv->publish.ttl == 0)
+ return -1;
+
+ if (srv->type == NAN_DE_PUBLISH &&
+ os_reltime_initialized(&srv->pause_state_end))
+ return -1;
+
+ period = srv->type == NAN_DE_PUBLISH ?
+ srv->publish.announcement_period :
+ srv->subscribe.query_period;
+ if (period == 0)
+ period = 100;
+ next = srv->last_multicast;
+ os_reltime_add_ms(&next, period);
+
+ if (srv->type == NAN_DE_PUBLISH) {
+ if (!de->tx_wait_end_freq && srv->publish.unsolicited &&
+ os_reltime_before(&next, now))
+ return 0;
+ next = srv->next_publish_state;
+ }
+
+ if (os_reltime_before(&next, now))
+ return 0;
+
+ os_reltime_sub(&next, now, &diff);
+ return os_reltime_in_ms(&diff);
+}
+
+
+static int nan_de_srv_time_to_next(struct nan_de *de,
+ struct nan_de_service *srv,
+ struct os_reltime *now)
+{
+ struct os_reltime diff;
+ int next = -1, tmp;
+
+ if (os_reltime_initialized(&srv->end_time)) {
+ os_reltime_sub(&srv->end_time, now, &diff);
+ tmp = os_reltime_in_ms(&diff);
+ if (next == -1 || tmp < next)
+ next = tmp;
+ }
+
+ tmp = nan_de_next_multicast(de, srv, now);
+ if (tmp >= 0 && (next == -1 || tmp < next))
+ next = tmp;
+
+ if (srv->type == NAN_DE_PUBLISH &&
+ os_reltime_initialized(&srv->last_multicast)) {
+ /* Time out after one transmission (and wait for FSD) */
+ tmp = srv->publish.fsd ? 1000 : 100;
+ if (next == -1 || tmp < next)
+ next = tmp;
+ }
+
+ if (srv->type == NAN_DE_SUBSCRIBE &&
+ os_reltime_initialized(&srv->first_discovered)) {
+ /* Time out after first DiscoveryResult event (and wait for
+ * FSD) */
+ tmp = srv->needs_fsd ? 1000 : 100;
+ if (next == -1 || tmp < next)
+ next = tmp;
+ }
+
+ if (os_reltime_initialized(&srv->next_publish_state)) {
+ os_reltime_sub(&srv->next_publish_state, now, &diff);
+ if (diff.sec < 0 || (diff.sec == 0 && diff.usec < 0))
+ tmp = 0;
+ else
+ tmp = os_reltime_in_ms(&diff);
+ if (next == -1 || tmp < next)
+ next = tmp;
+ }
+
+ return next;
+}
+
+
+static void nan_de_start_new_publish_state(struct nan_de_service *srv,
+ bool force_single)
+{
+ unsigned int n;
+
+ if (force_single || !srv->freq_list || srv->freq_list[0] == 0)
+ srv->in_multi_chan = false;
+ else
+ srv->in_multi_chan = !srv->in_multi_chan;
+
+ /* Use hardcoded Nmin=5 and Nmax=10 and pick a random N from that range.
+ * Use same values for M. */
+ n = 5 + os_random() % 5;
+ srv->next_publish_duration = n * 100;
+
+ nan_de_set_publish_times(srv);
+
+ if (os_reltime_initialized(&srv->pause_state_end))
+ return;
+
+ if (srv->in_multi_chan && srv->freq_list && srv->freq_list[0]) {
+ if (!srv->first_multi_chan)
+ srv->multi_chan_idx++;
+ if (srv->freq_list[srv->multi_chan_idx] == 0)
+ srv->multi_chan_idx = 0;
+ srv->first_multi_chan = false;
+ srv->freq = srv->freq_list[srv->multi_chan_idx];
+ } else {
+ srv->freq = srv->default_freq;
+ }
+
+ wpa_printf(MSG_DEBUG,
+ "NAN: Publish in %s channel state for %u TU; starting with %u MHz",
+ srv->in_multi_chan ? "multi" : "single", n * 100, srv->freq);
+}
+
+
+static void nan_de_timer(void *eloop_ctx, void *timeout_ctx)
+{
+ struct nan_de *de = eloop_ctx;
+ unsigned int i;
+ int next = -1;
+ bool started = false;
+ struct os_reltime now;
+
+ os_get_reltime(&now);
+
+ for (i = 0; i < NAN_DE_MAX_SERVICE; i++) {
+ struct nan_de_service *srv = de->service[i];
+ int srv_next;
+
+ if (!srv)
+ continue;
+
+ if (nan_de_srv_expired(srv, &now)) {
+ wpa_printf(MSG_DEBUG, "NAN: Service id %d expired",
+ srv->id);
+ nan_de_del_srv(de, srv, NAN_DE_REASON_TIMEOUT);
+ continue;
+ }
+
+ if (os_reltime_initialized(&srv->next_publish_state) &&
+ os_reltime_before(&srv->next_publish_state, &now))
+ nan_de_start_new_publish_state(srv, false);
+
+ if (srv->type == NAN_DE_PUBLISH &&
+ os_reltime_initialized(&srv->pause_state_end) &&
+ (os_reltime_before(&srv->pause_state_end, &now) ||
+ (srv->publish.fsd &&
+ os_reltime_initialized(&srv->last_followup) &&
+ os_reltime_expired(&now, &srv->last_followup, 1))))
+ nan_de_unpause_state(srv);
+
+ srv_next = nan_de_srv_time_to_next(de, srv, &now);
+ if (srv_next >= 0 && (next == -1 || srv_next < next))
+ next = srv_next;
+
+ if (srv_next == 0 && !started &&
+ de->listen_freq == 0 && de->ext_listen_freq == 0 &&
+ de->tx_wait_end_freq == 0 &&
+ nan_de_next_multicast(de, srv, &now) == 0) {
+ started = true;
+ nan_de_tx_multicast(de, srv, 0);
+ }
+
+ if (!started && de->cb.listen &&
+ de->listen_freq == 0 && de->ext_listen_freq == 0 &&
+ de->tx_wait_end_freq == 0 &&
+ ((srv->type == NAN_DE_PUBLISH &&
+ !srv->publish.unsolicited && srv->publish.solicited) ||
+ (srv->type == NAN_DE_SUBSCRIBE &&
+ !srv->subscribe.active))) {
+ int duration = 1000;
+
+ if (srv->type == NAN_DE_PUBLISH) {
+ nan_de_check_chan_change(srv);
+ duration = nan_de_time_to_next_chan_change(srv);
+ if (duration < 150)
+ duration = 150;
+ }
+
+ started = true;
+ if (de->cb.listen(de->cb.ctx, srv->freq, duration) == 0)
+ de->listen_freq = srv->freq;
+ }
+
+ }
+
+ if (next < 0)
+ return;
+
+ if (next == 0)
+ next = 1;
+ wpa_printf(MSG_DEBUG, "NAN: Next timer in %u ms", next);
+ eloop_register_timeout(next / 1000, (next % 1000) * 1000, nan_de_timer,
+ de, NULL);
+}
+
+
+static void nan_de_run_timer(struct nan_de *de)
+{
+ eloop_cancel_timeout(nan_de_timer, de, NULL);
+ eloop_register_timeout(0, 0, nan_de_timer, de, NULL);
+}
+
+
+void nan_de_deinit(struct nan_de *de)
+{
+ eloop_cancel_timeout(nan_de_timer, de, NULL);
+ nan_de_flush(de);
+ os_free(de);
+}
+
+
+void nan_de_listen_started(struct nan_de *de, unsigned int freq,
+ unsigned int duration)
+{
+ if (freq != de->listen_freq)
+ de->ext_listen_freq = freq;
+}
+
+
+void nan_de_listen_ended(struct nan_de *de, unsigned int freq)
+{
+ if (freq == de->ext_listen_freq)
+ de->ext_listen_freq = 0;
+
+ if (freq == de->listen_freq) {
+ de->listen_freq = 0;
+ nan_de_run_timer(de);
+ }
+}
+
+
+void nan_de_tx_status(struct nan_de *de, unsigned int freq, const u8 *dst)
+{
+ if (freq == de->tx_wait_status_freq)
+ de->tx_wait_status_freq = 0;
+}
+
+
+void nan_de_tx_wait_ended(struct nan_de *de)
+{
+ de->tx_wait_end_freq = 0;
+ nan_de_run_timer(de);
+}
+
+
+static const u8 *
+nan_de_get_attr(const u8 *buf, size_t len, enum nan_attr_id id,
+ unsigned int skip)
+{
+ const u8 *pos = buf, *end = buf + len;
+
+ while (end - pos >= NAN_ATTR_HDR_LEN) {
+ const u8 *attr = pos;
+ u8 attr_id;
+ u16 attr_len;
+
+ attr_id = *pos++;
+ attr_len = WPA_GET_LE16(pos);
+ pos += 2;
+ if (attr_len > end - pos) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: Truncated attribute %u (len %u; left %zu)",
+ attr_id, attr_len, end - pos);
+ break;
+ }
+
+ if (attr_id == id) {
+ if (skip == 0)
+ return attr;
+ skip--;
+ }
+
+ pos += attr_len;
+ }
+
+ return NULL;
+}
+
+
+static void nan_de_get_sdea(const u8 *buf, size_t len, u8 instance_id,
+ u16 *sdea_control,
+ enum nan_service_protocol_type *srv_proto_type,
+ const u8 **ssi, size_t *ssi_len)
+{
+ unsigned int skip;
+ const u8 *sdea, *end;
+ u16 sdea_len;
+
+ for (skip = 0; ; skip++) {
+ sdea = nan_de_get_attr(buf, len, NAN_ATTR_SDEA, skip);
+ if (!sdea)
+ break;
+
+ sdea++;
+ sdea_len = WPA_GET_LE16(sdea);
+ sdea += 2;
+ if (sdea_len < 1 + 2)
+ continue;
+ end = sdea + sdea_len;
+
+ if (instance_id != *sdea++)
+ continue; /* Mismatching Instance ID */
+
+ *sdea_control = WPA_GET_LE16(sdea);
+ sdea += 2;
+
+ if (*sdea_control & NAN_SDEA_CTRL_RANGE_LIMIT) {
+ if (end - sdea < 4)
+ continue;
+ sdea += 4;
+ }
+
+ if (*sdea_control & NAN_SDEA_CTRL_SRV_UPD_INDIC) {
+ if (end - sdea < 1)
+ continue;
+ sdea++;
+ }
+
+ if (end - sdea >= 2) {
+ u16 srv_info_len;
+
+ srv_info_len = WPA_GET_LE16(sdea);
+ sdea += 2;
+
+ if (srv_info_len > end - sdea)
+ continue;
+
+ if (srv_info_len >= 4 &&
+ WPA_GET_BE24(sdea) == OUI_WFA) {
+ *srv_proto_type = sdea[3];
+ *ssi = sdea + 4;
+ *ssi_len = srv_info_len - 4;
+ }
+ }
+ }
+}
+
+
+static void nan_de_rx_publish(struct nan_de *de, struct nan_de_service *srv,
+ const u8 *peer_addr, u8 instance_id,
+ u8 req_instance_id, u16 sdea_control,
+ enum nan_service_protocol_type srv_proto_type,
+ const u8 *ssi, size_t ssi_len)
+{
+ /* Subscribe function processing of a receive Publish message */
+ if (!os_reltime_initialized(&srv->first_discovered)) {
+ os_get_reltime(&srv->first_discovered);
+ srv->needs_fsd = sdea_control & NAN_SDEA_CTRL_FSD_REQ;
+ nan_de_run_timer(de);
+ }
+
+ if (srv->subscribe.active && req_instance_id == 0) {
+ /* Active subscriber replies with a Subscribe message if it
+ * received a matching unsolicited Publish message. */
+ nan_de_tx_multicast(de, srv, instance_id);
+ }
+
+ if (!srv->subscribe.active && req_instance_id == 0) {
+ /* Passive subscriber replies with a Follow-up message without
+ * Service Specific Info field if it received a matching
+ * unsolicited Publish message. */
+ nan_de_transmit(de, srv->id, NULL, NULL, peer_addr,
+ instance_id);
+ }
+
+ if (de->cb.discovery_result)
+ de->cb.discovery_result(
+ de->cb.ctx, srv->id, srv_proto_type,
+ ssi, ssi_len, instance_id,
+ peer_addr,
+ sdea_control & NAN_SDEA_CTRL_FSD_REQ,
+ sdea_control & NAN_SDEA_CTRL_FSD_GAS);
+}
+
+
+static bool nan_de_filter_match(struct nan_de_service *srv,
+ const u8 *matching_filter,
+ size_t matching_filter_len)
+{
+ const u8 *pos, *end;
+
+ /* Since we do not currently support matching_filter_rx values for the
+ * local Publish function, any matching filter with at least one
+ * <length,value> pair with length larger than zero implies a mismatch.
+ */
+
+ if (!matching_filter)
+ return true;
+
+ pos = matching_filter;
+ end = matching_filter + matching_filter_len;
+
+ while (pos < end) {
+ u8 len;
+
+ len = *pos++;
+ if (len > end - pos)
+ break;
+ if (len) {
+ /* A non-empty Matching Filter entry: no match since
+ * there is no local matching_filter_rx. */
+ return false;
+ }
+ }
+
+ return true;
+}
+
+
+static void nan_de_rx_subscribe(struct nan_de *de, struct nan_de_service *srv,
+ const u8 *peer_addr, u8 instance_id,
+ const u8 *matching_filter,
+ size_t matching_filter_len,
+ enum nan_service_protocol_type srv_proto_type,
+ const u8 *ssi, size_t ssi_len)
+{
+ struct wpabuf *buf;
+ size_t len = 0, sda_len, sdea_len;
+ u8 ctrl = 0;
+ u16 sdea_ctrl = 0;
+
+ /* Publish function processing of a receive Subscribe message */
+
+ if (!nan_de_filter_match(srv, matching_filter, matching_filter_len))
+ return;
+
+ if (!srv->publish.solicited)
+ return;
+
+ if (os_reltime_initialized(&srv->pause_state_end) &&
+ (!ether_addr_equal(peer_addr, srv->sel_peer_addr) ||
+ instance_id != srv->sel_peer_id)) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: In pauseState - ignore Subscribe message from another subscriber");
+ return;
+ }
+
+ /* Reply with a solicited Publish message */
+ /* Service Descriptor attribute */
+ sda_len = NAN_SERVICE_ID_LEN + 1 + 1 + 1;
+ len += NAN_ATTR_HDR_LEN + sda_len;
+
+ /* Service Descriptor Extension attribute */
+ sdea_len = 1 + 2;
+ if (srv->ssi)
+ sdea_len += 2 + 4 + wpabuf_len(srv->ssi);
+ len += NAN_ATTR_HDR_LEN + sdea_len;
+
+ /* Element Container attribute */
+ if (srv->elems)
+ len += NAN_ATTR_HDR_LEN + 1 + wpabuf_len(srv->elems);
+
+ buf = nan_de_alloc_sdf(len);
+ if (!buf)
+ return;
+
+ /* Service Descriptor attribute */
+ wpabuf_put_u8(buf, NAN_ATTR_SDA);
+ wpabuf_put_le16(buf, sda_len);
+ wpabuf_put_data(buf, srv->service_id, NAN_SERVICE_ID_LEN);
+ wpabuf_put_u8(buf, srv->id); /* Instance ID */
+ wpabuf_put_u8(buf, instance_id); /* Requestor Instance ID */
+ ctrl |= NAN_SRV_CTRL_PUBLISH;
+ wpabuf_put_u8(buf, ctrl);
+
+ /* Service Descriptor Extension attribute */
+ if (srv->type == NAN_DE_PUBLISH || srv->ssi) {
+ wpabuf_put_u8(buf, NAN_ATTR_SDEA);
+ wpabuf_put_le16(buf, sdea_len);
+ wpabuf_put_u8(buf, srv->id); /* Instance ID */
+ if (srv->type == NAN_DE_PUBLISH) {
+ if (srv->publish.fsd)
+ sdea_ctrl |= NAN_SDEA_CTRL_FSD_REQ;
+ if (srv->publish.fsd_gas)
+ sdea_ctrl |= NAN_SDEA_CTRL_FSD_GAS;
+ }
+ wpabuf_put_le16(buf, sdea_ctrl);
+ if (srv->ssi) {
+ wpabuf_put_le16(buf, 4 + wpabuf_len(srv->ssi));
+ wpabuf_put_be24(buf, OUI_WFA);
+ wpabuf_put_u8(buf, srv->srv_proto_type);
+ wpabuf_put_buf(buf, srv->ssi);
+ }
+ }
+
+ /* Element Container attribute */
+ if (srv->elems) {
+ wpabuf_put_u8(buf, NAN_ATTR_ELEM_CONTAINER);
+ wpabuf_put_le16(buf, 1 + wpabuf_len(srv->elems));
+ wpabuf_put_u8(buf, 0); /* Map ID */
+ wpabuf_put_buf(buf, srv->elems);
+ }
+
+ /* Wi-Fi Aware specification v4.0 uses NAN Cluster ID as A3 for USD,
+ * but there is no synchronization in USD as as such, no NAN Cluster
+ * either. Use Wildcard BSSID instead. */
+ nan_de_tx(de, srv->freq, 100,
+ srv->publish.solicited_multicast ? nan_network_id : peer_addr,
+ de->nmi, wildcard_bssid, buf);
+ wpabuf_free(buf);
+
+ nan_de_pause_state(srv, peer_addr, instance_id);
+
+ if (!srv->publish.disable_events && de->cb.replied)
+ de->cb.replied(de->cb.ctx, srv->id, peer_addr, instance_id,
+ srv_proto_type, ssi, ssi_len);
+}
+
+
+static void nan_de_rx_follow_up(struct nan_de *de, struct nan_de_service *srv,
+ const u8 *peer_addr, u8 instance_id,
+ const u8 *ssi, size_t ssi_len)
+{
+ /* Follow-up function processing of a receive Follow-up message for a
+ * Subscribe or Publish instance */
+
+ if (srv->type == NAN_DE_PUBLISH &&
+ os_reltime_initialized(&srv->pause_state_end) &&
+ (!ether_addr_equal(peer_addr, srv->sel_peer_addr) ||
+ instance_id != srv->sel_peer_id ||
+ !ssi)) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: In pauseState - ignore Follow-up message from another subscriber or without ssi");
+ return;
+ }
+
+ os_get_reltime(&srv->last_followup);
+
+ if (srv->type == NAN_DE_PUBLISH && !ssi)
+ nan_de_pause_state(srv, peer_addr, instance_id);
+
+ if (de->cb.receive)
+ de->cb.receive(de->cb.ctx, srv->id, instance_id, ssi, ssi_len,
+ peer_addr);
+}
+
+
+static void nan_de_rx_sda(struct nan_de *de, const u8 *peer_addr,
+ unsigned int freq, const u8 *buf, size_t len,
+ const u8 *sda, size_t sda_len)
+{
+ const u8 *service_id;
+ u8 instance_id, req_instance_id, ctrl;
+ u16 sdea_control = 0;
+ unsigned int i;
+ enum nan_service_control_type type = 0;
+ enum nan_service_protocol_type srv_proto_type = 0;
+ const u8 *ssi = NULL;
+ size_t ssi_len = 0;
+ bool first = true;
+ const u8 *end;
+ const u8 *matching_filter = NULL;
+ size_t matching_filter_len = 0;
+
+ if (sda_len < NAN_SERVICE_ID_LEN + 1 + 1 + 1)
+ return;
+ end = sda + sda_len;
+
+ service_id = sda;
+ sda += NAN_SERVICE_ID_LEN;
+ instance_id = *sda++;
+ req_instance_id = *sda++;
+ ctrl = *sda;
+ type = ctrl & NAN_SRV_CTRL_TYPE_MASK;
+ wpa_printf(MSG_DEBUG,
+ "NAN: SDA - Service ID %02x%02x%02x%02x%02x%02x Instance ID %u Requestor Instance ID %u Service Control 0x%x (Service Control Type %u)",
+ MAC2STR(service_id), instance_id, req_instance_id,
+ ctrl, type);
+ if (type != NAN_SRV_CTRL_PUBLISH &&
+ type != NAN_SRV_CTRL_SUBSCRIBE &&
+ type != NAN_SRV_CTRL_FOLLOW_UP) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: Discard SDF with unknown Service Control Type %u",
+ type);
+ return;
+ }
+
+ if (ctrl & NAN_SRV_CTRL_BINDING_BITMAP) {
+ if (end - sda < 2)
+ return;
+ sda += 2;
+ }
+
+ if (ctrl & NAN_SRV_CTRL_MATCHING_FILTER) {
+ u8 flen;
+
+ if (end - sda < 1)
+ return;
+ flen = *sda++;
+ if (end - sda < flen)
+ return;
+ matching_filter = sda;
+ matching_filter_len = flen;
+ sda += flen;
+ }
+
+ if (ctrl & NAN_SRV_CTRL_RESP_FILTER) {
+ u8 flen;
+
+ if (end - sda < 1)
+ return;
+ flen = *sda++;
+ if (end - sda < flen)
+ return;
+ sda += flen;
+ }
+
+ if (ctrl & NAN_SRV_CTRL_SRV_INFO) {
+ u8 flen;
+
+ if (end - sda < 1)
+ return;
+ flen = *sda++;
+ if (end - sda < flen)
+ return;
+ if (flen >= 4 && WPA_GET_BE24(sda) == OUI_WFA) {
+ srv_proto_type = sda[3];
+ ssi = sda + 4;
+ ssi_len = flen - 4;
+ wpa_printf(MSG_DEBUG, "NAN: Service Protocol Type %d",
+ srv_proto_type);
+ wpa_hexdump(MSG_MSGDUMP, "NAN: ssi", ssi, ssi_len);
+ }
+ sda += flen;
+ }
+
+ for (i = 0; i < NAN_DE_MAX_SERVICE; i++) {
+ struct nan_de_service *srv = de->service[i];
+
+ if (!srv)
+ continue;
+ if (os_memcmp(srv->service_id, service_id,
+ NAN_SERVICE_ID_LEN) != 0)
+ continue;
+ if (type == NAN_SRV_CTRL_PUBLISH) {
+ if (srv->type == NAN_DE_PUBLISH)
+ continue;
+ if (req_instance_id && srv->id != req_instance_id)
+ continue;
+ }
+ if (type == NAN_SRV_CTRL_SUBSCRIBE &&
+ srv->type == NAN_DE_SUBSCRIBE)
+ continue;
+ wpa_printf(MSG_DEBUG, "NAN: Received SDF matches service ID %u",
+ i + 1);
+
+ if (first) {
+ first = false;
+ nan_de_get_sdea(buf, len, instance_id, &sdea_control,
+ &srv_proto_type, &ssi, &ssi_len);
+
+ if (ssi) {
+ wpa_printf(MSG_DEBUG,
+ "NAN: Service Protocol Type %d",
+ srv_proto_type);
+ wpa_hexdump(MSG_MSGDUMP, "NAN: ssi",
+ ssi, ssi_len);
+ }
+ }
+
+ switch (type) {
+ case NAN_SRV_CTRL_PUBLISH:
+ nan_de_rx_publish(de, srv, peer_addr, instance_id,
+ req_instance_id,
+ sdea_control, srv_proto_type,
+ ssi, ssi_len);
+ break;
+ case NAN_SRV_CTRL_SUBSCRIBE:
+ nan_de_rx_subscribe(de, srv, peer_addr, instance_id,
+ matching_filter,
+ matching_filter_len,
+ srv_proto_type,
+ ssi, ssi_len);
+ break;
+ case NAN_SRV_CTRL_FOLLOW_UP:
+ nan_de_rx_follow_up(de, srv, peer_addr, instance_id,
+ ssi, ssi_len);
+ break;
+ }
+ }
+}
+
+
+void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, unsigned int freq,
+ const u8 *buf, size_t len)
+{
+ const u8 *sda;
+ u16 sda_len;
+ unsigned int skip;
+
+ if (!de->num_service)
+ return;
+
+ wpa_printf(MSG_DEBUG, "NAN: RX SDF from " MACSTR " freq=%u len=%zu",
+ MAC2STR(peer_addr), freq, len);
+
+ wpa_hexdump(MSG_MSGDUMP, "NAN: SDF payload", buf, len);
+
+ for (skip = 0; ; skip++) {
+ sda = nan_de_get_attr(buf, len, NAN_ATTR_SDA, skip);
+ if (!sda)
+ break;
+
+ sda++;
+ sda_len = WPA_GET_LE16(sda);
+ sda += 2;
+ nan_de_rx_sda(de, peer_addr, freq, buf, len, sda, sda_len);
+ }
+}
+
+
+static int nan_de_get_handle(struct nan_de *de)
+{
+ int i = de->next_handle;
+
+ if (de->num_service >= NAN_DE_MAX_SERVICE)
+ goto fail;
+
+ do {
+ if (!de->service[i]) {
+ de->next_handle = (i + 1) % NAN_DE_MAX_SERVICE;
+ return i + 1;
+ }
+ i = (i + 1) % NAN_DE_MAX_SERVICE;
+ } while (i != de->next_handle);
+
+fail:
+ wpa_printf(MSG_DEBUG, "NAN: No more room for a new service");
+ return -1;
+}
+
+
+static int nan_de_derive_service_id(struct nan_de_service *srv)
+{
+ u8 hash[SHA256_MAC_LEN];
+ char *name, *pos;
+ int ret;
+ const u8 *addr[1];
+ size_t len[1];
+
+ name = os_strdup(srv->service_name);
+ if (!name)
+ return -1;
+ pos = name;
+ while (*pos) {
+ *pos = tolower(*pos);
+ pos++;
+ }
+
+ addr[0] = (u8 *) name;
+ len[0] = os_strlen(name);
+ ret = sha256_vector(1, addr, len, hash);
+ os_free(name);
+ if (ret == 0)
+ os_memcpy(srv->service_id, hash, NAN_SERVICE_ID_LEN);
+
+ return ret;
+}
+
+
+int nan_de_publish(struct nan_de *de, const char *service_name,
+ enum nan_service_protocol_type srv_proto_type,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ struct nan_publish_params *params)
+{
+ int publish_id;
+ struct nan_de_service *srv;
+
+ if (!service_name) {
+ wpa_printf(MSG_DEBUG, "NAN: Publish() - no service_name");
+ return -1;
+ }
+
+ publish_id = nan_de_get_handle(de);
+ if (publish_id < 1)
+ return -1;
+
+ srv = os_zalloc(sizeof(*srv));
+ if (!srv)
+ return -1;
+ srv->type = NAN_DE_PUBLISH;
+ srv->freq = srv->default_freq = params->freq;
+ srv->service_name = os_strdup(service_name);
+ if (!srv->service_name)
+ goto fail;
+ if (nan_de_derive_service_id(srv) < 0)
+ goto fail;
+ os_memcpy(&srv->publish, params, sizeof(*params));
+
+ if (params->freq_list) {
+ size_t len;
+
+ len = (int_array_len(params->freq_list) + 1) * sizeof(int);
+ srv->freq_list = os_memdup(params->freq_list, len);
+ if (!srv->freq_list)
+ goto fail;
+ }
+ srv->publish.freq_list = NULL;
+
+ srv->srv_proto_type = srv_proto_type;
+ if (ssi) {
+ srv->ssi = wpabuf_dup(ssi);
+ if (!srv->ssi)
+ goto fail;
+ }
+ if (elems) {
+ srv->elems = wpabuf_dup(elems);
+ if (!srv->elems)
+ goto fail;
+ }
+
+ /* Prepare for single and multi-channel states; starting with
+ * single channel */
+ srv->first_multi_chan = true;
+ nan_de_start_new_publish_state(srv, true);
+
+ wpa_printf(MSG_DEBUG, "NAN: Assigned new publish handle %d for %s",
+ publish_id, service_name);
+ srv->id = publish_id;
+ nan_de_add_srv(de, srv);
+ nan_de_run_timer(de);
+ return publish_id;
+fail:
+ nan_de_service_free(srv);
+ return -1;
+}
+
+
+void nan_de_cancel_publish(struct nan_de *de, int publish_id)
+{
+ struct nan_de_service *srv;
+
+ wpa_printf(MSG_DEBUG, "NAN: CancelPublish(publish_id=%d)", publish_id);
+
+ if (publish_id < 1 || publish_id > NAN_DE_MAX_SERVICE)
+ return;
+ srv = de->service[publish_id - 1];
+ if (!srv || srv->type != NAN_DE_PUBLISH)
+ return;
+ nan_de_del_srv(de, srv, NAN_DE_REASON_USER_REQUEST);
+}
+
+
+int nan_de_update_publish(struct nan_de *de, int publish_id,
+ const struct wpabuf *ssi)
+{
+ struct nan_de_service *srv;
+
+ wpa_printf(MSG_DEBUG, "NAN: UpdatePublish(publish_id=%d)", publish_id);
+
+ if (publish_id < 1 || publish_id > NAN_DE_MAX_SERVICE)
+ return -1;
+ srv = de->service[publish_id - 1];
+ if (!srv || srv->type != NAN_DE_PUBLISH)
+ return -1;
+
+ wpabuf_free(srv->ssi);
+ srv->ssi = NULL;
+ if (!ssi)
+ return 0;
+ srv->ssi = wpabuf_dup(ssi);
+ if (!srv->ssi)
+ return -1;
+ return 0;
+}
+
+
+int nan_de_subscribe(struct nan_de *de, const char *service_name,
+ enum nan_service_protocol_type srv_proto_type,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ struct nan_subscribe_params *params)
+{
+ int subscribe_id;
+ struct nan_de_service *srv;
+
+ if (!service_name) {
+ wpa_printf(MSG_DEBUG, "NAN: Subscribe() - no service_name");
+ return -1;
+ }
+
+ subscribe_id = nan_de_get_handle(de);
+ if (subscribe_id < 1)
+ return -1;
+
+ srv = os_zalloc(sizeof(*srv));
+ if (!srv)
+ return -1;
+ srv->type = NAN_DE_SUBSCRIBE;
+ srv->freq = params->freq;
+ srv->service_name = os_strdup(service_name);
+ if (!srv->service_name)
+ goto fail;
+ if (nan_de_derive_service_id(srv) < 0)
+ goto fail;
+ os_memcpy(&srv->subscribe, params, sizeof(*params));
+ srv->srv_proto_type = srv_proto_type;
+ if (ssi) {
+ srv->ssi = wpabuf_dup(ssi);
+ if (!srv->ssi)
+ goto fail;
+ }
+ if (elems) {
+ srv->elems = wpabuf_dup(elems);
+ if (!srv->elems)
+ goto fail;
+ }
+
+ wpa_printf(MSG_DEBUG, "NAN: Assigned new subscribe handle %d for %s",
+ subscribe_id, service_name);
+ srv->id = subscribe_id;
+ nan_de_add_srv(de, srv);
+ nan_de_run_timer(de);
+ return subscribe_id;
+fail:
+ nan_de_service_free(srv);
+ return -1;
+}
+
+
+void nan_de_cancel_subscribe(struct nan_de *de, int subscribe_id)
+{
+ struct nan_de_service *srv;
+
+ if (subscribe_id < 1 || subscribe_id > NAN_DE_MAX_SERVICE)
+ return;
+ srv = de->service[subscribe_id - 1];
+ if (!srv || srv->type != NAN_DE_SUBSCRIBE)
+ return;
+ nan_de_del_srv(de, srv, NAN_DE_REASON_USER_REQUEST);
+}
+
+
+int nan_de_transmit(struct nan_de *de, int handle,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ const u8 *peer_addr, u8 req_instance_id)
+{
+ struct nan_de_service *srv;
+
+ if (handle < 1 || handle > NAN_DE_MAX_SERVICE)
+ return -1;
+
+ srv = de->service[handle - 1];
+ if (!srv)
+ return -1;
+
+ nan_de_tx_sdf(de, srv, 100, NAN_SRV_CTRL_FOLLOW_UP,
+ peer_addr, req_instance_id, ssi);
+
+ os_get_reltime(&srv->last_followup);
+ return 0;
+}
diff --git a/src/common/nan_de.h b/src/common/nan_de.h
new file mode 100644
index 0000000..6223506
--- /dev/null
+++ b/src/common/nan_de.h
@@ -0,0 +1,145 @@
+/*
+ * NAN Discovery Engine
+ * Copyright (c) 2024, Qualcomm Innovation Center, Inc.
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef NAN_DE_H
+#define NAN_DE_H
+
+#include "nan.h"
+
+/* Maximum number of active local publish and subscribe instances */
+#ifndef NAN_DE_MAX_SERVICE
+#define NAN_DE_MAX_SERVICE 20
+#endif /* NAN_DE_MAX_SERVICE */
+
+struct nan_de;
+
+enum nan_de_reason {
+ NAN_DE_REASON_TIMEOUT,
+ NAN_DE_REASON_USER_REQUEST,
+ NAN_DE_REASON_FAILURE,
+};
+
+struct nan_callbacks {
+ void *ctx;
+
+ int (*tx)(void *ctx, unsigned int freq, unsigned int wait_time,
+ const u8 *dst, const u8 *src, const u8 *bssid,
+ const struct wpabuf *buf);
+ int (*listen)(void *ctx, unsigned int freq, unsigned int duration);
+
+ /* NAN DE Events */
+ void (*discovery_result)(void *ctx, int subscribe_id,
+ enum nan_service_protocol_type srv_proto_type,
+ const u8 *ssi, size_t ssi_len,
+ int peer_publish_id,
+ const u8 *peer_addr, bool fsd, bool fsd_gas);
+
+ void (*replied)(void *ctx, int publish_id, const u8 *peer_addr,
+ int peer_subscribe_id,
+ enum nan_service_protocol_type srv_proto_type,
+ const u8 *ssi, size_t ssi_len);
+
+ void (*publish_terminated)(void *ctx, int publish_id,
+ enum nan_de_reason reason);
+
+ void (*subscribe_terminated)(void *ctx, int subscribe_id,
+ enum nan_de_reason reason);
+
+ void (*receive)(void *ctx, int id, int peer_instance_id,
+ const u8 *ssi, size_t ssi_len,
+ const u8 *peer_addr);
+};
+
+struct nan_de * nan_de_init(const u8 *nmi, bool ap,
+ const struct nan_callbacks *cb);
+void nan_de_flush(struct nan_de *de);
+void nan_de_deinit(struct nan_de *de);
+
+void nan_de_listen_started(struct nan_de *de, unsigned int freq,
+ unsigned int duration);
+void nan_de_listen_ended(struct nan_de *de, unsigned int freq);
+void nan_de_tx_status(struct nan_de *de, unsigned int freq, const u8 *dst);
+void nan_de_tx_wait_ended(struct nan_de *de);
+
+void nan_de_rx_sdf(struct nan_de *de, const u8 *peer_addr, unsigned int freq,
+ const u8 *buf, size_t len);
+
+struct nan_publish_params {
+ /* configuration_parameters */
+
+ /* Publish type */
+ bool unsolicited;
+ bool solicited;
+
+ /* Solicited transmission type */
+ bool solicited_multicast;
+
+ /* Time to live (in seconds); 0 = one TX only */
+ unsigned int ttl;
+
+ /* Event conditions */
+ bool disable_events;
+
+ /* Further Service Discovery flag */
+ bool fsd;
+
+ /* Further Service Discovery function */
+ bool fsd_gas;
+
+ /* Default frequency (defaultPublishChannel) */
+ unsigned int freq;
+
+ /* Multi-channel frequencies (publishChannelList) */
+ const int *freq_list;
+
+ /* Announcement period in ms; 0 = use default */
+ unsigned int announcement_period;
+};
+
+/* Returns -1 on failure or >0 publish_id */
+int nan_de_publish(struct nan_de *de, const char *service_name,
+ enum nan_service_protocol_type srv_proto_type,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ struct nan_publish_params *params);
+
+void nan_de_cancel_publish(struct nan_de *de, int publish_id);
+
+int nan_de_update_publish(struct nan_de *de, int publish_id,
+ const struct wpabuf *ssi);
+
+struct nan_subscribe_params {
+ /* configuration_parameters */
+
+ /* Subscribe type */
+ bool active;
+
+ /* Time to live (in seconds); 0 = until first result */
+ unsigned int ttl;
+
+ /* Selected frequency */
+ unsigned int freq;
+
+ /* Query period in ms; 0 = use default */
+ unsigned int query_period;
+};
+
+/* Returns -1 on failure or >0 subscribe_id */
+int nan_de_subscribe(struct nan_de *de, const char *service_name,
+ enum nan_service_protocol_type srv_proto_type,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ struct nan_subscribe_params *params);
+
+void nan_de_cancel_subscribe(struct nan_de *de, int subscribe_id);
+
+/* handle = publish_id or subscribe_id
+ * req_instance_id = peer publish_id or subscribe_id */
+int nan_de_transmit(struct nan_de *de, int handle,
+ const struct wpabuf *ssi, const struct wpabuf *elems,
+ const u8 *peer_addr, u8 req_instance_id);
+
+#endif /* NAN_DE_H */
diff --git a/src/common/ptksa_cache.c b/src/common/ptksa_cache.c
index 3b5c0b8..c00f288 100644
--- a/src/common/ptksa_cache.c
+++ b/src/common/ptksa_cache.c
@@ -141,7 +141,7 @@
return NULL;
dl_list_for_each(e, &ptksa->ptksa, struct ptksa_cache_entry, list) {
- if ((!addr || os_memcmp(e->addr, addr, ETH_ALEN) == 0) &&
+ if ((!addr || ether_addr_equal(e->addr, addr)) &&
(cipher == WPA_CIPHER_NONE || cipher == e->cipher))
return e;
}
@@ -238,7 +238,7 @@
dl_list_for_each_safe(e, next, &ptksa->ptksa, struct ptksa_cache_entry,
list) {
- if ((!addr || os_memcmp(e->addr, addr, ETH_ALEN) == 0) &&
+ if ((!addr || ether_addr_equal(e->addr, addr)) &&
(cipher == WPA_CIPHER_NONE || cipher == e->cipher)) {
wpa_printf(MSG_DEBUG,
"Flush PTKSA cache entry for " MACSTR,
diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h
index 7620f03..a5bbc78 100644
--- a/src/common/qca-vendor.h
+++ b/src/common/qca-vendor.h
@@ -1024,6 +1024,30 @@
*
* The attributes used with this subcommand are defined in
* enum qca_wlan_vendor_attr_tx_latency.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO: Vendor command is used to
+ * query transmit power information on STA interface from the driver for a
+ * connected AP. The attributes included in response are defined in
+ * enum qca_wlan_vendor_attr_tpc_links. In case of MLO STA, multiple links
+ * TPC info may be returned. The information includes regulatory maximum
+ * transmit power limit, AP local power constraint advertised from AP's
+ * Beacon and Probe Response frames. For PSD power mode, the information
+ * includes PSD power levels for each subchannel of operating bandwidth.
+ * The information is driver calculated power limits based on the current
+ * regulatory domain, AP local power constraint, and other IEs. The
+ * information will be set to target. Target will decide the final TX power
+ * based on this and chip specific power conformance test limits (CTL), and
+ * SAR limits.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_FW_PAGE_FAULT_REPORT: Event indication from the
+ * driver to user space which is carrying firmware page fault related
+ * summary report. The attributes for this command are defined in
+ * enum qca_wlan_vendor_attr_fw_page_fault_report.
+ *
+ * @QCA_NL80211_VENDOR_SUBCMD_DISASSOC_PEER: Event indication from the driver
+ * to user space to disassociate with a peer based on the peer MAC address
+ * provided. Specify the peer MAC address in
+ * QCA_WLAN_VENDOR_ATTR_MAC_ADDR. For MLO, MLD MAC address is provided.
*/
enum qca_nl80211_vendor_subcmds {
QCA_NL80211_VENDOR_SUBCMD_UNSPEC = 0,
@@ -1242,6 +1266,12 @@
/* 232 - reserved for QCA */
QCA_NL80211_VENDOR_SUBCMD_TX_LATENCY = 233,
/* 234 - reserved for QCA */
+ QCA_NL80211_VENDOR_SUBCMD_SDWF_PHY_OPS = 235,
+ QCA_NL80211_VENDOR_SUBCMD_SDWF_DEV_OPS = 236,
+ QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO = 237,
+ QCA_NL80211_VENDOR_SUBCMD_FW_PAGE_FAULT_REPORT = 238,
+ QCA_NL80211_VENDOR_SUBCMD_FLOW_POLICY = 239,
+ QCA_NL80211_VENDOR_SUBCMD_DISASSOC_PEER = 240,
};
/* Compatibility defines for previously used subcmd names.
@@ -1795,6 +1825,11 @@
* scoring. In case scan was performed on a partial set of channels configured
* with this command within last QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME
* (in ms), scan only the remaining channels.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_ACS_LINK_ID: Mandatory on AP MLD (u8).
+ * Used with command to configure ACS operation for a specific link affiliated
+ * to an AP MLD.
+ *
*/
enum qca_wlan_vendor_attr_acs_offload {
QCA_WLAN_VENDOR_ATTR_ACS_CHANNEL_INVALID = 0,
@@ -1818,6 +1853,7 @@
QCA_WLAN_VENDOR_ATTR_ACS_PUNCTURE_BITMAP = 18,
QCA_WLAN_VENDOR_ATTR_ACS_EHT_ENABLED = 19,
QCA_WLAN_VENDOR_ATTR_ACS_LAST_SCAN_AGEOUT_TIME = 20,
+ QCA_WLAN_VENDOR_ATTR_ACS_LINK_ID = 21,
/* keep last */
QCA_WLAN_VENDOR_ATTR_ACS_AFTER_LAST,
@@ -2179,7 +2215,8 @@
* &enum qca_tsf_cmd.
* @QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE: Optional (u64)
* This attribute contains TSF timer value. This attribute is only available
- * in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
+ * in %QCA_TSF_GET, %QCA_TSF_SYNC_GET or %QCA_TSF_SYNC_GET_CSA_TIMESTAMP
+ * response.
* @QCA_WLAN_VENDOR_ATTR_TSF_SOC_TIMER_VALUE: Optional (u64)
* This attribute contains SOC timer value at TSF capture. This attribute is
* only available in %QCA_TSF_GET or %QCA_TSF_SYNC_GET response.
@@ -2223,6 +2260,12 @@
* userspace can query the TSF and host time mapping via the %QCA_TSF_GET
* command.
* @QCA_TSF_SYNC_STOP: Stop periodic TSF sync feature.
+ * @QCA_TSF_SYNC_GET_CSA_TIMESTAMP: Get TSF timestamp when AP will move and
+ * starts beaconing on a new channel. The driver synchronously responds with the
+ * TSF value using attribute %QCA_WLAN_VENDOR_ATTR_TSF_TIMER_VALUE. Userspace
+ * gets the valid CSA TSF after receiving %NL80211_CMD_CH_SWITCH_STARTED_NOTIFY
+ * on the AP interface. This TSF can be sent via OOB mechanism to connected
+ * clients.
*/
enum qca_tsf_cmd {
QCA_TSF_CAPTURE,
@@ -2232,6 +2275,7 @@
QCA_TSF_AUTO_REPORT_DISABLE,
QCA_TSF_SYNC_START,
QCA_TSF_SYNC_STOP,
+ QCA_TSF_SYNC_GET_CSA_TIMESTAMP,
};
/**
@@ -2373,6 +2417,10 @@
* QCA_WLAN_VENDOR_SCAN_PRIORITY_HIGH as the priority of vendor scan.
* @QCA_WLAN_VENDOR_ATTR_SCAN_PAD: Attribute used for padding for 64-bit
* alignment.
+ * @QCA_WLAN_VENDOR_ATTR_SCAN_LINK_ID: This u8 attribute is used for OBSS scan
+ * when AP is operating as MLD to specify which link is requesting the
+ * scan or which link the scan result is for. No need of this attribute
+ * in other cases.
*/
enum qca_wlan_vendor_attr_scan {
QCA_WLAN_VENDOR_ATTR_SCAN_INVALID_PARAM = 0,
@@ -2390,6 +2438,7 @@
QCA_WLAN_VENDOR_ATTR_SCAN_DWELL_TIME = 12,
QCA_WLAN_VENDOR_ATTR_SCAN_PRIORITY = 13,
QCA_WLAN_VENDOR_ATTR_SCAN_PAD = 14,
+ QCA_WLAN_VENDOR_ATTR_SCAN_LINK_ID = 15,
QCA_WLAN_VENDOR_ATTR_SCAN_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_SCAN_MAX =
QCA_WLAN_VENDOR_ATTR_SCAN_AFTER_LAST - 1
@@ -3302,6 +3351,16 @@
*/
QCA_WLAN_VENDOR_ATTR_CONFIG_COEX_TRAFFIC_SHAPING_MODE = 105,
+ /* 8-bit unsigned value.
+ *
+ * This attribute is used to specify whether an associated peer is a QCA
+ * device. The associated peer is specified with
+ * QCA_WLAN_VENDOR_ATTR_CONFIG_PEER_MAC. For MLO cases, the MLD MAC
+ * address of the peer is used.
+ * 1 - QCA device, 0 - non-QCA device.
+ */
+ QCA_WLAN_VENDOR_ATTR_CONFIG_QCA_PEER = 106,
+
/* keep last */
QCA_WLAN_VENDOR_ATTR_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_CONFIG_MAX =
@@ -9989,6 +10048,13 @@
*/
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MLD_ID_ML_PROBE_REQ = 72,
+ /* 8-bit unsigned value to configure the SCS traffic description
+ * support in the EHT capabilities of an Association Request frame.
+ * 1-enable, 0-disable
+ * This attribute is used to configure the testbed device.
+ */
+ QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_EHT_SCS_TRAFFIC_SUPPORT = 73,
+
/* keep last */
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_AFTER_LAST,
QCA_WLAN_VENDOR_ATTR_WIFI_TEST_CONFIG_MAX =
@@ -14169,12 +14235,14 @@
* @QCA_WLAN_RATEMASK_PARAMS_TYPE_HT: HT rate mask config
* @QCA_WLAN_RATEMASK_PARAMS_TYPE_VHT: VHT rate mask config
* @QCA_WLAN_RATEMASK_PARAMS_TYPE_HE: HE rate mask config
+ * @QCA_WLAN_RATEMASK_PARAMS_TYPE_EHT: EHT rate mask config
*/
enum qca_wlan_ratemask_params_type {
QCA_WLAN_RATEMASK_PARAMS_TYPE_CCK_OFDM = 0,
QCA_WLAN_RATEMASK_PARAMS_TYPE_HT = 1,
QCA_WLAN_RATEMASK_PARAMS_TYPE_VHT = 2,
QCA_WLAN_RATEMASK_PARAMS_TYPE_HE = 3,
+ QCA_WLAN_RATEMASK_PARAMS_TYPE_EHT = 4,
};
/**
@@ -14969,12 +15037,25 @@
* CTL group but user can choose up to 3 SAR set index only, as the top half
* of the SAR index (0 to 2) is used for non DBS purpose and the bottom half of
* the SAR index (3 to 5) is used for DBS mode.
+ *
+ * @QCA_WLAN_VENDOR_SAR_VERSION_4: The firmware supports SAR version 4,
+ * known as SAR Smart Transmit (STX) mode. STX is time averaging algorithmic
+ * for power limit computation in collaboration with WWAN.
+ * In STX mode, firmware has 41 indexes and there is no ctl grouping uses.
+ *
+ * @QCA_WLAN_VENDOR_SAR_VERSION_5: The firmware supports SAR version 5,
+ * known as TAS (Time Averaging SAR) mode. In TAS mode, as name implies
+ * instead of fixed static SAR power limit firmware uses time averaging
+ * to adjust the SAR limit dynamically. It is wlan soc standalone mechanism.
+ * In this mode firmware has up to 43 indexes.
*/
enum qca_wlan_vendor_sar_version {
QCA_WLAN_VENDOR_SAR_VERSION_INVALID = 0,
QCA_WLAN_VENDOR_SAR_VERSION_1 = 1,
QCA_WLAN_VENDOR_SAR_VERSION_2 = 2,
QCA_WLAN_VENDOR_SAR_VERSION_3 = 3,
+ QCA_WLAN_VENDOR_SAR_VERSION_4 = 4,
+ QCA_WLAN_VENDOR_SAR_VERSION_5 = 5,
};
/**
@@ -16602,4 +16683,115 @@
QCA_CHAN_WIDTH_UPDATE_TYPE_TX_RX_EXT = 2,
};
+/**
+ * enum qca_wlan_vendor_attr_tpc_pwr_level - Definition of attributes
+ * used inside nested attribute %QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_FREQUENCY: u32 channel center
+ * frequency (MHz): If PSD power, carries one 20 MHz sub-channel center
+ * frequency. If non PSD power, carries either 20 MHz bandwidth's center
+ * channel frequency or 40 MHz bandwidth's center channel frequency
+ * (or 80/160 MHz bandwidth's center channel frequency).
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_TX_POWER: s8 transmit power limit (dBm).
+ * If PSD power, carries PSD power value of the
+ * QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_FREQUENCY mentioned sub-channel.
+ * If non PSD power, carries EIRP power value of bandwidth mentioned
+ * by QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_FREQUENCY center frequency.
+ */
+enum qca_wlan_vendor_attr_tpc_pwr_level {
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_FREQUENCY = 1,
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_TX_POWER = 2,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_MAX =
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL_AFTER_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_tpc - Definition of link attributes
+ * used inside nested attribute %QCA_WLAN_VENDOR_ATTR_TPC_LINKS.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_BSSID: 6-bytes AP BSSID.
+ * For MLO STA, AP BSSID indicates the AP's link address.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_PSD_POWER: PSD power flag
+ * Indicates using PSD power mode if this flag is present.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_EIRP_POWER: s8 Regulatory EIRP power
+ * value in dBm
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_POWER_TYPE_6GHZ: u8 power type of 6 GHz
+ * AP, refer to Table E-12-Regulatory Info subfield encoding in
+ * IEEE P802.11-REVme/D4.0. Only present if link is connected to 6 GHz AP.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_AP_CONSTRAINT_POWER: u8 Local Power Constraint
+ * (dBm) advertised by AP in Power Constraint element, refer to
+ * IEEE Std 802.11-2020, 9.4.2.13 Power Constraint element.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL: A nested attribute containing
+ * attributes defined by enum qca_wlan_vendor_attr_tpc_pwr_level.
+ * If PSD power, each power level describes each 20 MHz subchannel PSD
+ * power value. If non PSD power, each power level describes each supported
+ * bandwidth's EIRP power value (up to Max bandwidth of AP operating on),
+ * each level attribute contains corresponding bandwidth's center channel
+ * frequency and its EIRP power value.
+ */
+enum qca_wlan_vendor_attr_tpc {
+ QCA_WLAN_VENDOR_ATTR_TPC_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_TPC_BSSID = 1,
+ QCA_WLAN_VENDOR_ATTR_TPC_PSD_POWER = 2,
+ QCA_WLAN_VENDOR_ATTR_TPC_EIRP_POWER = 3,
+ QCA_WLAN_VENDOR_ATTR_TPC_POWER_TYPE_6GHZ = 4,
+ QCA_WLAN_VENDOR_ATTR_TPC_AP_CONSTRAINT_POWER = 5,
+ QCA_WLAN_VENDOR_ATTR_TPC_PWR_LEVEL = 6,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_TPC_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_TPC_MAX =
+ QCA_WLAN_VENDOR_ATTR_TPC_AFTER_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_tpc_links - Definition of attributes
+ * for %QCA_NL80211_VENDOR_SUBCMD_REGULATORY_TPC_INFO subcommand
+ *
+ * @QCA_WLAN_VENDOR_ATTR_TPC_LINKS: A nested attribute containing
+ * per-link TPC information of all the active links of MLO STA.
+ * For non MLO STA, only one link TPC information will be returned
+ * for connected AP in this nested attribute.
+ * The attributes used inside this nested attributes are defined
+ * in enum qca_wlan_vendor_attr_tpc.
+ */
+enum qca_wlan_vendor_attr_tpc_links {
+ QCA_WLAN_VENDOR_ATTR_TPC_LINKS_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_TPC_LINKS = 1,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_TPC_LINKS_AFTER_LAST,
+ QCA_WLAN_VENDOR_ATTR_TPC_LINKS_MAX =
+ QCA_WLAN_VENDOR_ATTR_TPC_AFTER_LAST - 1,
+};
+
+/**
+ * enum qca_wlan_vendor_attr_fw_page_fault_report - Used by the vendor
+ * command %QCA_NL80211_VENDOR_SUBCMD_FW_PAGE_FAULT_REPORT.
+ *
+ * @QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_DATA: The binary blob data
+ * associated with the firmware page fault that is expected to contain the
+ * required dump to analyze frequent page faults.
+ * NLA_BINARY attribute, the maximum size is 1024 bytes.
+ */
+enum qca_wlan_vendor_attr_fw_page_fault_report {
+ QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_INVALID = 0,
+ QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_DATA = 1,
+
+ /* keep last */
+ QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_LAST,
+ QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_MAX =
+ QCA_WLAN_VENDOR_ATTR_FW_PAGE_FAULT_REPORT_LAST - 1,
+};
+
#endif /* QCA_VENDOR_H */
diff --git a/src/common/sae.c b/src/common/sae.c
index d4a196f..f1c164e 100644
--- a/src/common/sae.c
+++ b/src/common/sae.c
@@ -458,7 +458,7 @@
* mask */
u8 mask;
struct crypto_bignum *pwe;
- size_t prime_len = sae->tmp->prime_len * 8;
+ size_t prime_len = sae->tmp->prime_len;
u8 *pwe_buf;
crypto_bignum_deinit(sae->tmp->pwe_ffc, 1);
diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c
index d897e0e..c82fd0e 100644
--- a/src/common/wpa_common.c
+++ b/src/common/wpa_common.c
@@ -1329,8 +1329,7 @@
if (fte_len < 255) {
res = wpa_ft_parse_fte(key_mgmt, fte, fte_len, parse);
} else {
- parse->fte_buf = ieee802_11_defrag_data(fte, fte_len,
- false);
+ parse->fte_buf = ieee802_11_defrag(fte, fte_len, false);
if (!parse->fte_buf)
goto fail;
res = wpa_ft_parse_fte(key_mgmt,
@@ -2894,7 +2893,7 @@
}
-int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid)
+int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid, bool replace)
{
u8 *start, *end, *rpos, *rend;
int added = 0;
@@ -2957,12 +2956,12 @@
if (rend - rpos < 2)
return -1;
num_pmkid = WPA_GET_LE16(rpos);
+ if (num_pmkid * PMKID_LEN > rend - rpos - 2)
+ return -1;
/* PMKID-Count was included; use it */
- if (num_pmkid != 0) {
+ if (replace && num_pmkid != 0) {
u8 *after;
- if (num_pmkid * PMKID_LEN > rend - rpos - 2)
- return -1;
/*
* PMKID may have been included in RSN IE in
* (Re)Association Request frame, so remove the old
@@ -2975,8 +2974,9 @@
os_memmove(rpos + 2, after, end - after);
start[1] -= num_pmkid * PMKID_LEN;
added -= num_pmkid * PMKID_LEN;
+ num_pmkid = 0;
}
- WPA_PUT_LE16(rpos, 1);
+ WPA_PUT_LE16(rpos, num_pmkid + 1);
rpos += 2;
os_memmove(rpos + PMKID_LEN, rpos, end + added - rpos);
os_memcpy(rpos, pmkid, PMKID_LEN);
diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
index 1269bf9..a2c7033 100644
--- a/src/common/wpa_common.h
+++ b/src/common/wpa_common.h
@@ -555,7 +555,7 @@
int wpa_compare_rsn_ie(int ft_initial_assoc,
const u8 *ie1, size_t ie1len,
const u8 *ie2, size_t ie2len);
-int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid);
+int wpa_insert_pmkid(u8 *ies, size_t *ies_len, const u8 *pmkid, bool replace);
#define MAX_NUM_MLO_LINKS 15
diff --git a/src/common/wpa_ctrl.h b/src/common/wpa_ctrl.h
index 416e0d6..c5bb9ab 100644
--- a/src/common/wpa_ctrl.h
+++ b/src/common/wpa_ctrl.h
@@ -87,6 +87,8 @@
#define WPA_EVENT_BEACON_LOSS "CTRL-EVENT-BEACON-LOSS "
/** Regulatory domain channel */
#define WPA_EVENT_REGDOM_CHANGE "CTRL-EVENT-REGDOM-CHANGE "
+/** Regulatory beacon hint */
+#define WPA_EVENT_REGDOM_BEACON_HINT "CTRL-EVENT-REGDOM-BEACON-HINT "
/** Channel switch started (followed by freq=<MHz> and other channel parameters)
*/
#define WPA_EVENT_CHANNEL_SWITCH_STARTED "CTRL-EVENT-STARTED-CHANNEL-SWITCH "
@@ -230,6 +232,13 @@
#define DPP_EVENT_PB_RESULT "DPP-PB-RESULT "
#define DPP_EVENT_RELAY_NEEDS_CONTROLLER "DPP-RELAY-NEEDS-CONTROLLER "
+/* Wi-Fi Aware (NAN USD) events */
+#define NAN_DISCOVERY_RESULT "NAN-DISCOVERY-RESULT "
+#define NAN_REPLIED "NAN-REPLIED "
+#define NAN_PUBLISH_TERMINATED "NAN-PUBLISH-TERMINATED "
+#define NAN_SUBSCRIBE_TERMINATED "NAN-SUBSCRIBE-TERMINATED "
+#define NAN_RECEIVE "NAN-RECEIVE "
+
/* MESH events */
#define MESH_GROUP_STARTED "MESH-GROUP-STARTED "
#define MESH_GROUP_REMOVED "MESH-GROUP-REMOVED "