Currently the mpdu_data_len in Rx pkt meta is not checked for
upper bound in wma_form_rx_packet.
Add sanity check to drop the packet if mpdu_data_len is
greater than 2000 bytes. Also add upper bound check for
frame_len in lim_process_auth_frame function.
Change-Id: I7ab454045e2f6d278351dcabde6da556f9f741e0
CRs-Fixed: 2093392
SIR_MAC_AUTH_CHALLENGE_LENGTH is updated to 253 from
128 as per IEEE spec due to connection fails between
DUT-SAP and old ref-STA. Auth failure occurs as encrypted
data sent by ref-STA is only 128 bytes instead of 253
bytes.
Fix is to set length of challenge text sent by SAP
to 128 bytes.
Change-Id: I81409bb58ad34e469c54e2909f45b8a6826eb06a
CRs-Fixed: 2096512
In a noisy enviornment assoc indication in SME queueu
is not getting processed due to multiple beacons/probes
getting processed in PE queue which is high priority
than SME queue.
Instead of posting a message to SME queue, assoc indication
will run to completion using sme callback mechanism.
Change-Id: I4dc7e3ef0c91964ebc842afa38b7815464e0e406
CRs-Fixed: 2114425
Add a new dumpStats parameter (25) to dump disconnect stats.
The following command will dump disconnect Stats into QXDM.
>iwpriv wlan0 dumpStats 25
Change-Id: I0908c947b5c829f51b087871ad11d5674908dca2
CRs-Fixed: 2058958
Add new WCNSS_qcom_cfg.ini item to configure offset from bad RSSI
threshold ini for 2G to 5G band roam. This offset is used to
calculate the RSSI to be used as trigger for device to roam from
2G to 5G band when it is connected to a bad RSSI 2G AP and a 5G AP
is available in the environment.
New ini added : roam_bad_rssi_thresh_offset_2g
Change-Id: If2285317d1d01bb2faae2cf1928ad7adae8204d4
CRs-Fixed: 2105894
Copy the contents of auth frame in a proper manner
in lim_send_auth_mgmt_frame().
Change-Id: I5197634e36fa5b4344fc71fc22e1de6a2147744d
CRS-Fixed: 2112170
Add data structures to save beacon tx rate.
The beacon data rate is multiples of 100 Kbps.
Firmware expects the data rate in the form of hw rate codes.
So convert the data rates to hw rate code.
And send it to firmware.
Change-Id: Ia39fd4c14defa729f75f2c45748fe5b04b909647
CRs-Fixed: 2099052
Introduce the below WCNSS_qcom_cfg.ini items to configure
for bad RSSI roaming. These parameters would be used when
the device is connected to an AP with weak signal and has
to roam to a better AP if it is stationary but has found
some other better AP in the vicinity
roam_bg_scan_bad_rssi_thresh:
If the DUT is connected to an AP with weak signal, then the bad RSSI
threshold will be used as an opportunity to use the scan results
from other scan clients and try to roam if there is a better AP
available in the environment.
roam_bg_scan_client_bitmap:
This bitmap is used to define the client scans that need to be used
by the roaming module to perform a background roaming.
Change-Id: I3b9f737ea389d35f8be173ce83b2237c2375fb88
CRs-Fixed: 2082904
Cleanup duplicate APIs for get ie pointer from EID or OUI or EXT_ID
and use wlan_utils exposed by qcacmn.
Change-Id: Iacbf041c9c49b2aedeffecba3427e9334cb70dcc
CRs-Fixed: 2105377
Currently in the function lim_process_action_vendor_specific, mem_cmp
is done on the received frame pointer without validating the frame_len
which could lead to out-of-bounds memory access if the frame_len is
not matching the size of action_hdr.
Add check to validate the frame_len with action_hdr size before doing
mem_cmp for the p2p oui.
Change-Id: I39329d1a9ef45614d3c617db11a7a7f5ec2aaaec
CRs-Fixed: 2101439
RRM beacon report scan may find many neighbor BSSIDs on a channel
but it currently sends only 1 beacon report frame with maximum 4
measurement reports. Add a loop to go send all BSSIDs by generating
multiple frames.
CRs-Fixed: 2065920
Change-Id: Iabf889e092b4818ca9c31969eea38e92028209c0
