diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index bae632e30..19c01469a 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -6838,11 +6838,26 @@ static void wpas_ctrl_neighbor_rep_cb(void *ctx, struct wpabuf *neighbor_rep) } -static int wpas_ctrl_iface_send_neigbor_rep(struct wpa_supplicant *wpa_s) +static int wpas_ctrl_iface_send_neigbor_rep(struct wpa_supplicant *wpa_s, + char *cmd) { - return wpas_rrm_send_neighbor_rep_request(wpa_s, - wpas_ctrl_neighbor_rep_cb, - wpa_s); + struct wpa_ssid ssid; + struct wpa_ssid *ssid_p = NULL; + int ret = 0; + + if (os_strncmp(cmd, " ssid=", 6) == 0) { + ssid.ssid_len = os_strlen(cmd + 6); + if (ssid.ssid_len > 32) + return -1; + ssid.ssid = (u8 *) (cmd + 6); + ssid_p = &ssid; + } + + ret = wpas_rrm_send_neighbor_rep_request(wpa_s, ssid_p, + wpas_ctrl_neighbor_rep_cb, + wpa_s); + + return ret; } @@ -7449,7 +7464,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, if (wpas_ctrl_vendor_elem_remove(wpa_s, buf + 19) < 0) reply_len = -1; } else if (os_strncmp(buf, "NEIGHBOR_REP_REQUEST", 20) == 0) { - if (wpas_ctrl_iface_send_neigbor_rep(wpa_s)) + if (wpas_ctrl_iface_send_neigbor_rep(wpa_s, buf + 20)) reply_len = -1; } else { os_memcpy(reply, "UNKNOWN COMMAND\n", 16); diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index ef80c6b5f..196c6ff4c 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -4994,6 +4994,8 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s, /** * wpas_rrm_send_neighbor_rep_request - Request a neighbor report from our AP * @wpa_s: Pointer to wpa_supplicant + * @ssid: if not null, this is sent in the request. Otherwise, no SSID IE + * is sent in the request. * @cb: Callback function to be called once the requested report arrives, or * timed out after RRM_NEIGHBOR_REPORT_TIMEOUT seconds. * In the former case, 'neighbor_rep' is a newly allocated wpabuf, and it's @@ -5005,9 +5007,9 @@ void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s, * In case there is a previous request which has not been answered yet, the * new request fails. The caller may retry after RRM_NEIGHBOR_REPORT_TIMEOUT. * Request must contain a callback function. - * The Neighbor Report Request sent to the AP will specify the current SSID. */ int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s, + const struct wpa_ssid *ssid, void (*cb)(void *ctx, struct wpabuf *neighbor_rep), void *cb_ctx) @@ -5047,8 +5049,8 @@ int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s, return -EBUSY; } - /* 5 = action category + action code + dialog token + IE hdr */ - buf = wpabuf_alloc(5 + wpa_s->current_ssid->ssid_len); + /* 3 = action category + action code + dialog token */ + buf = wpabuf_alloc(3 + (ssid ? 2 + ssid->ssid_len : 0)); if (buf == NULL) { wpa_printf(MSG_DEBUG, "RRM: Failed to allocate Neighbor Report Request"); @@ -5056,17 +5058,17 @@ int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s, } wpa_printf(MSG_DEBUG, "RRM: Neighbor report request (for %s), token=%d", - wpa_ssid_txt(wpa_s->current_ssid->ssid, - wpa_s->current_ssid->ssid_len), + (ssid ? wpa_ssid_txt(ssid->ssid, ssid->ssid_len) : ""), wpa_s->rrm.next_neighbor_rep_token); wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT); wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_REQUEST); wpabuf_put_u8(buf, wpa_s->rrm.next_neighbor_rep_token); - wpabuf_put_u8(buf, WLAN_EID_SSID); - wpabuf_put_u8(buf, wpa_s->current_ssid->ssid_len); - wpabuf_put_data(buf, wpa_s->current_ssid->ssid, - wpa_s->current_ssid->ssid_len); + if (ssid) { + wpabuf_put_u8(buf, WLAN_EID_SSID); + wpabuf_put_u8(buf, ssid->ssid_len); + wpabuf_put_data(buf, ssid->ssid, ssid->ssid_len); + } wpa_s->rrm.next_neighbor_rep_token++; diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index a1155070e..99799725f 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -1026,6 +1026,7 @@ void wpas_rrm_reset(struct wpa_supplicant *wpa_s); void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s, const u8 *report, size_t report_len); int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s, + const struct wpa_ssid *ssid, void (*cb)(void *ctx, struct wpabuf *neighbor_rep), void *cb_ctx);