1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 26 27 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 28 { 29 struct wpa_ssid *ssid; 30 union wpa_event_data data; 31 32 ssid = wpa_supplicant_get_ssid(wpa_s); 33 if (ssid == NULL) 34 return; 35 36 if (wpa_s->current_ssid == NULL) { 37 wpa_s->current_ssid = ssid; 38 if (wpa_s->current_ssid != NULL) 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (!ssid->eap.phase1) 63 continue; 64 65 if (os_strstr(ssid->eap.phase1, "pbc=1")) 66 return 2; 67 } 68 69 #ifdef CONFIG_P2P 70 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 71 !wpa_s->conf->p2p_disabled) { 72 wpa_s->wps->dev.p2p = 1; 73 if (!wps) { 74 wps = 1; 75 *req_type = WPS_REQ_ENROLLEE_INFO; 76 } 77 } 78 #endif /* CONFIG_P2P */ 79 80 return wps; 81 } 82 #endif /* CONFIG_WPS */ 83 84 85 /** 86 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 87 * @wpa_s: Pointer to wpa_supplicant data 88 * Returns: 0 if no networks are enabled, >0 if networks are enabled 89 * 90 * This function is used to figure out whether any networks (or Interworking 91 * with enabled credentials and auto_interworking) are present in the current 92 * configuration. 93 */ 94 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 95 { 96 struct wpa_ssid *ssid = wpa_s->conf->ssid; 97 int count = 0, disabled = 0; 98 while (ssid) { 99 if (!wpas_network_disabled(wpa_s, ssid)) 100 count++; 101 else 102 disabled++; 103 ssid = ssid->next; 104 } 105 if (wpa_s->conf->cred && wpa_s->conf->interworking && 106 wpa_s->conf->auto_interworking) 107 count++; 108 if (count == 0 && disabled > 0) { 109 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 110 "networks)", disabled); 111 } 112 return count; 113 } 114 115 116 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 117 struct wpa_ssid *ssid) 118 { 119 while (ssid) { 120 if (!wpas_network_disabled(wpa_s, ssid)) 121 break; 122 ssid = ssid->next; 123 } 124 125 /* ap_scan=2 mode - try to associate with each SSID. */ 126 if (ssid == NULL) { 127 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 128 "end of scan list - go back to beginning"); 129 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 130 wpa_supplicant_req_scan(wpa_s, 0, 0); 131 return; 132 } 133 if (ssid->next) { 134 /* Continue from the next SSID on the next attempt. */ 135 wpa_s->prev_scan_ssid = ssid; 136 } else { 137 /* Start from the beginning of the SSID list. */ 138 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 139 } 140 wpa_supplicant_associate(wpa_s, NULL, ssid); 141 } 142 143 144 static int int_array_len(const int *a) 145 { 146 int i; 147 for (i = 0; a && a[i]; i++) 148 ; 149 return i; 150 } 151 152 153 static void int_array_concat(int **res, const int *a) 154 { 155 int reslen, alen, i; 156 int *n; 157 158 reslen = int_array_len(*res); 159 alen = int_array_len(a); 160 161 n = os_realloc_array(*res, reslen + alen + 1, sizeof(int)); 162 if (n == NULL) { 163 os_free(*res); 164 *res = NULL; 165 return; 166 } 167 for (i = 0; i <= alen; i++) 168 n[reslen + i] = a[i]; 169 *res = n; 170 } 171 172 173 static int freq_cmp(const void *a, const void *b) 174 { 175 int _a = *(int *) a; 176 int _b = *(int *) b; 177 178 if (_a == 0) 179 return 1; 180 if (_b == 0) 181 return -1; 182 return _a - _b; 183 } 184 185 186 static void int_array_sort_unique(int *a) 187 { 188 int alen; 189 int i, j; 190 191 if (a == NULL) 192 return; 193 194 alen = int_array_len(a); 195 qsort(a, alen, sizeof(int), freq_cmp); 196 197 i = 0; 198 j = 1; 199 while (a[i] && a[j]) { 200 if (a[i] == a[j]) { 201 j++; 202 continue; 203 } 204 a[++i] = a[j++]; 205 } 206 if (a[i]) 207 i++; 208 a[i] = 0; 209 } 210 211 212 /** 213 * wpa_supplicant_trigger_scan - Request driver to start a scan 214 * @wpa_s: Pointer to wpa_supplicant data 215 * @params: Scan parameters 216 * Returns: 0 on success, -1 on failure 217 */ 218 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 219 struct wpa_driver_scan_params *params) 220 { 221 int ret; 222 223 wpa_supplicant_notify_scanning(wpa_s, 1); 224 225 ret = wpa_drv_scan(wpa_s, params); 226 if (ret) { 227 wpa_supplicant_notify_scanning(wpa_s, 0); 228 wpas_notify_scan_done(wpa_s, 0); 229 } else { 230 os_get_time(&wpa_s->scan_trigger_time); 231 wpa_s->scan_runs++; 232 wpa_s->normal_scans++; 233 } 234 235 return ret; 236 } 237 238 239 static void 240 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 241 { 242 struct wpa_supplicant *wpa_s = eloop_ctx; 243 244 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 245 246 if (wpa_supplicant_req_sched_scan(wpa_s)) 247 wpa_supplicant_req_scan(wpa_s, 0, 0); 248 } 249 250 251 static void 252 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 253 { 254 struct wpa_supplicant *wpa_s = eloop_ctx; 255 256 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 257 258 wpa_s->sched_scan_timed_out = 1; 259 wpa_supplicant_cancel_sched_scan(wpa_s); 260 } 261 262 263 static int 264 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 265 struct wpa_driver_scan_params *params, 266 int interval) 267 { 268 int ret; 269 #ifndef ANDROID_P2P 270 wpa_supplicant_notify_scanning(wpa_s, 1); 271 #endif 272 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 273 if (ret) 274 wpa_supplicant_notify_scanning(wpa_s, 0); 275 else { 276 wpa_s->sched_scanning = 1; 277 #ifdef ANDROID_P2P 278 wpa_supplicant_notify_scanning(wpa_s, 1); 279 #endif 280 } 281 282 return ret; 283 } 284 285 286 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 287 { 288 int ret; 289 290 ret = wpa_drv_stop_sched_scan(wpa_s); 291 if (ret) { 292 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 293 /* TODO: what to do if stopping fails? */ 294 return -1; 295 } 296 297 return ret; 298 } 299 300 301 static struct wpa_driver_scan_filter * 302 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 303 { 304 struct wpa_driver_scan_filter *ssids; 305 struct wpa_ssid *ssid; 306 size_t count; 307 308 *num_ssids = 0; 309 if (!conf->filter_ssids) 310 return NULL; 311 312 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 313 if (ssid->ssid && ssid->ssid_len) 314 count++; 315 } 316 if (count == 0) 317 return NULL; 318 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter)); 319 if (ssids == NULL) 320 return NULL; 321 322 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 323 if (!ssid->ssid || !ssid->ssid_len) 324 continue; 325 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 326 ssids[*num_ssids].ssid_len = ssid->ssid_len; 327 (*num_ssids)++; 328 } 329 330 return ssids; 331 } 332 333 334 static void wpa_supplicant_optimize_freqs( 335 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 336 { 337 #ifdef CONFIG_P2P 338 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 339 wpa_s->go_params) { 340 /* Optimize provisioning state scan based on GO information */ 341 if (wpa_s->p2p_in_provisioning < 5 && 342 wpa_s->go_params->freq > 0) { 343 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 344 "preferred frequency %d MHz", 345 wpa_s->go_params->freq); 346 params->freqs = os_zalloc(2 * sizeof(int)); 347 if (params->freqs) 348 params->freqs[0] = wpa_s->go_params->freq; 349 } else if (wpa_s->p2p_in_provisioning < 8 && 350 wpa_s->go_params->freq_list[0]) { 351 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 352 "channels"); 353 int_array_concat(¶ms->freqs, 354 wpa_s->go_params->freq_list); 355 if (params->freqs) 356 int_array_sort_unique(params->freqs); 357 } 358 wpa_s->p2p_in_provisioning++; 359 } 360 #endif /* CONFIG_P2P */ 361 362 #ifdef CONFIG_WPS 363 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 364 /* 365 * Optimize post-provisioning scan based on channel used 366 * during provisioning. 367 */ 368 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 369 "that was used during provisioning", wpa_s->wps_freq); 370 params->freqs = os_zalloc(2 * sizeof(int)); 371 if (params->freqs) 372 params->freqs[0] = wpa_s->wps_freq; 373 wpa_s->after_wps--; 374 } 375 376 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 377 { 378 /* Optimize provisioning scan based on already known channel */ 379 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 380 wpa_s->wps_freq); 381 params->freqs = os_zalloc(2 * sizeof(int)); 382 if (params->freqs) 383 params->freqs[0] = wpa_s->wps_freq; 384 wpa_s->known_wps_freq = 0; /* only do this once */ 385 } 386 #endif /* CONFIG_WPS */ 387 } 388 389 390 #ifdef CONFIG_INTERWORKING 391 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 392 struct wpabuf *buf) 393 { 394 if (wpa_s->conf->interworking == 0) 395 return; 396 397 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 398 wpabuf_put_u8(buf, 4); 399 wpabuf_put_u8(buf, 0x00); 400 wpabuf_put_u8(buf, 0x00); 401 wpabuf_put_u8(buf, 0x00); 402 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 403 404 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 405 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 406 1 + ETH_ALEN); 407 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 408 /* No Venue Info */ 409 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 410 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 411 } 412 #endif /* CONFIG_INTERWORKING */ 413 414 415 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 416 { 417 struct wpabuf *extra_ie = NULL; 418 #ifdef CONFIG_WPS 419 int wps = 0; 420 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 421 #endif /* CONFIG_WPS */ 422 423 #ifdef CONFIG_INTERWORKING 424 if (wpa_s->conf->interworking && 425 wpabuf_resize(&extra_ie, 100) == 0) 426 wpas_add_interworking_elements(wpa_s, extra_ie); 427 #endif /* CONFIG_INTERWORKING */ 428 429 #ifdef CONFIG_WPS 430 wps = wpas_wps_in_use(wpa_s, &req_type); 431 432 if (wps) { 433 struct wpabuf *wps_ie; 434 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 435 DEV_PW_DEFAULT, 436 &wpa_s->wps->dev, 437 wpa_s->wps->uuid, req_type, 438 0, NULL); 439 if (wps_ie) { 440 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 441 wpabuf_put_buf(extra_ie, wps_ie); 442 wpabuf_free(wps_ie); 443 } 444 } 445 446 #ifdef CONFIG_P2P 447 if (wps) { 448 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 449 if (wpabuf_resize(&extra_ie, ielen) == 0) 450 wpas_p2p_scan_ie(wpa_s, extra_ie); 451 } 452 #endif /* CONFIG_P2P */ 453 454 #endif /* CONFIG_WPS */ 455 456 return extra_ie; 457 } 458 459 460 #ifdef CONFIG_P2P 461 462 /* 463 * Check whether there are any enabled networks or credentials that could be 464 * used for a non-P2P connection. 465 */ 466 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 467 { 468 struct wpa_ssid *ssid; 469 470 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 471 if (wpas_network_disabled(wpa_s, ssid)) 472 continue; 473 if (!ssid->p2p_group) 474 return 1; 475 } 476 477 if (wpa_s->conf->cred && wpa_s->conf->interworking && 478 wpa_s->conf->auto_interworking) 479 return 1; 480 481 return 0; 482 } 483 484 485 /* 486 * Find the operating frequency of any other virtual interface that is using 487 * the same radio concurrently. 488 */ 489 static int shared_vif_oper_freq(struct wpa_supplicant *wpa_s) 490 { 491 const char *rn, *rn2; 492 struct wpa_supplicant *ifs; 493 u8 bssid[ETH_ALEN]; 494 495 if (!wpa_s->driver->get_radio_name) 496 return -1; 497 498 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv); 499 if (rn == NULL || rn[0] == '\0') 500 return -1; 501 502 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) { 503 if (ifs == wpa_s || !ifs->driver->get_radio_name) 504 continue; 505 506 rn2 = ifs->driver->get_radio_name(ifs->drv_priv); 507 if (!rn2 || os_strcmp(rn, rn2) != 0) 508 continue; 509 510 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0) 511 continue; 512 513 if (ifs->current_ssid->mode == WPAS_MODE_AP || 514 ifs->current_ssid->mode == WPAS_MODE_P2P_GO) 515 return ifs->current_ssid->frequency; 516 if (wpa_drv_get_bssid(ifs, bssid) == 0) 517 return ifs->assoc_freq; 518 } 519 520 return 0; 521 } 522 523 #endif /* CONFIG_P2P */ 524 525 526 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 527 { 528 struct wpa_supplicant *wpa_s = eloop_ctx; 529 struct wpa_ssid *ssid; 530 enum scan_req_type scan_req = NORMAL_SCAN_REQ; 531 int ret; 532 struct wpabuf *extra_ie = NULL; 533 struct wpa_driver_scan_params params; 534 struct wpa_driver_scan_params *scan_params; 535 size_t max_ssids; 536 enum wpa_states prev_state; 537 538 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 539 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 540 wpas_p2p_continue_after_scan(wpa_s); 541 return; 542 } 543 544 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 545 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 546 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 547 wpas_p2p_continue_after_scan(wpa_s); 548 return; 549 } 550 #ifdef ANDROID 551 if (wpa_s->scanning) { 552 /* If we are already in scanning state, we shall ignore this new scan request*/ 553 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - already scanning"); 554 return; 555 } 556 #endif 557 if (!wpa_supplicant_enabled_networks(wpa_s) && 558 wpa_s->scan_req == NORMAL_SCAN_REQ) { 559 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 560 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 561 wpas_p2p_continue_after_scan(wpa_s); 562 return; 563 } 564 565 if (wpa_s->conf->ap_scan != 0 && 566 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 567 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 568 "overriding ap_scan configuration"); 569 wpa_s->conf->ap_scan = 0; 570 wpas_notify_ap_scan_changed(wpa_s); 571 } 572 573 if (wpa_s->conf->ap_scan == 0) { 574 wpa_supplicant_gen_assoc_event(wpa_s); 575 return; 576 } 577 578 #ifdef CONFIG_P2P 579 if (wpas_p2p_in_progress(wpa_s)) { 580 if (wpa_s->sta_scan_pending && 581 wpas_p2p_in_progress(wpa_s) == 2 && 582 wpa_s->global->p2p_cb_on_scan_complete) { 583 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending station " 584 "mode scan during P2P search"); 585 } else { 586 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan " 587 "while P2P operation is in progress"); 588 wpa_s->sta_scan_pending = 1; 589 wpa_supplicant_req_scan(wpa_s, 5, 0); 590 return; 591 } 592 } 593 #endif /* CONFIG_P2P */ 594 595 if (wpa_s->conf->ap_scan == 2) 596 max_ssids = 1; 597 else { 598 max_ssids = wpa_s->max_scan_ssids; 599 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 600 max_ssids = WPAS_MAX_SCAN_SSIDS; 601 } 602 603 scan_req = wpa_s->scan_req; 604 wpa_s->scan_req = NORMAL_SCAN_REQ; 605 606 os_memset(¶ms, 0, sizeof(params)); 607 608 prev_state = wpa_s->wpa_state; 609 if (wpa_s->wpa_state == WPA_DISCONNECTED || 610 wpa_s->wpa_state == WPA_INACTIVE) 611 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 612 613 /* 614 * If autoscan has set its own scanning parameters 615 */ 616 if (wpa_s->autoscan_params != NULL) { 617 scan_params = wpa_s->autoscan_params; 618 goto scan; 619 } 620 621 if (scan_req != MANUAL_SCAN_REQ && wpa_s->connect_without_scan) { 622 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 623 if (ssid == wpa_s->connect_without_scan) 624 break; 625 } 626 wpa_s->connect_without_scan = NULL; 627 if (ssid) { 628 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 629 "without scan step"); 630 wpa_supplicant_associate(wpa_s, NULL, ssid); 631 return; 632 } 633 } 634 635 #ifdef CONFIG_P2P 636 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 637 wpa_s->go_params) { 638 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during " 639 "P2P group formation"); 640 params.ssids[0].ssid = wpa_s->go_params->ssid; 641 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 642 params.num_ssids = 1; 643 goto ssid_list_set; 644 } 645 #endif /* CONFIG_P2P */ 646 647 /* Find the starting point from which to continue scanning */ 648 ssid = wpa_s->conf->ssid; 649 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 650 while (ssid) { 651 if (ssid == wpa_s->prev_scan_ssid) { 652 ssid = ssid->next; 653 break; 654 } 655 ssid = ssid->next; 656 } 657 } 658 659 if (scan_req != MANUAL_SCAN_REQ && wpa_s->conf->ap_scan == 2) { 660 wpa_s->connect_without_scan = NULL; 661 wpa_s->prev_scan_wildcard = 0; 662 wpa_supplicant_assoc_try(wpa_s, ssid); 663 return; 664 #ifndef ANDROID 665 } else if (wpa_s->conf->ap_scan == 2) { 666 /* 667 * User-initiated scan request in ap_scan == 2; scan with 668 * wildcard SSID. 669 */ 670 ssid = NULL; 671 #endif 672 } else { 673 struct wpa_ssid *start = ssid, *tssid; 674 int freqs_set = 0; 675 if (ssid == NULL && max_ssids > 1) 676 ssid = wpa_s->conf->ssid; 677 while (ssid) { 678 if (!wpas_network_disabled(wpa_s, ssid) && 679 ssid->scan_ssid) { 680 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 681 ssid->ssid, ssid->ssid_len); 682 params.ssids[params.num_ssids].ssid = 683 ssid->ssid; 684 params.ssids[params.num_ssids].ssid_len = 685 ssid->ssid_len; 686 params.num_ssids++; 687 if (params.num_ssids + 1 >= max_ssids) 688 break; 689 } 690 ssid = ssid->next; 691 if (ssid == start) 692 break; 693 if (ssid == NULL && max_ssids > 1 && 694 start != wpa_s->conf->ssid) 695 ssid = wpa_s->conf->ssid; 696 } 697 698 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) { 699 if (wpas_network_disabled(wpa_s, tssid)) 700 continue; 701 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 702 int_array_concat(¶ms.freqs, 703 tssid->scan_freq); 704 } else { 705 os_free(params.freqs); 706 params.freqs = NULL; 707 } 708 freqs_set = 1; 709 } 710 int_array_sort_unique(params.freqs); 711 } 712 713 if (ssid && max_ssids == 1) { 714 /* 715 * If the driver is limited to 1 SSID at a time interleave 716 * wildcard SSID scans with specific SSID scans to avoid 717 * waiting a long time for a wildcard scan. 718 */ 719 if (!wpa_s->prev_scan_wildcard) { 720 params.ssids[0].ssid = NULL; 721 params.ssids[0].ssid_len = 0; 722 wpa_s->prev_scan_wildcard = 1; 723 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 724 "wildcard SSID (Interleave with specific)"); 725 } else { 726 wpa_s->prev_scan_ssid = ssid; 727 wpa_s->prev_scan_wildcard = 0; 728 wpa_dbg(wpa_s, MSG_DEBUG, 729 "Starting AP scan for specific SSID: %s", 730 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 731 } 732 } else if (ssid) { 733 /* max_ssids > 1 */ 734 735 wpa_s->prev_scan_ssid = ssid; 736 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 737 "the scan request"); 738 params.num_ssids++; 739 } else { 740 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 741 params.num_ssids++; 742 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 743 "SSID"); 744 } 745 #ifdef CONFIG_P2P 746 ssid_list_set: 747 #endif /* CONFIG_P2P */ 748 749 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 750 extra_ie = wpa_supplicant_extra_ies(wpa_s); 751 752 #ifdef CONFIG_HS20 753 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 754 wpas_hs20_add_indication(extra_ie); 755 #endif /* CONFIG_HS20 */ 756 757 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 758 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 759 "generated frequency list"); 760 params.freqs = wpa_s->next_scan_freqs; 761 } else 762 os_free(wpa_s->next_scan_freqs); 763 wpa_s->next_scan_freqs = NULL; 764 765 params.filter_ssids = wpa_supplicant_build_filter_ssids( 766 wpa_s->conf, ¶ms.num_filter_ssids); 767 if (extra_ie) { 768 params.extra_ies = wpabuf_head(extra_ie); 769 params.extra_ies_len = wpabuf_len(extra_ie); 770 } 771 772 #ifdef CONFIG_P2P 773 if (wpa_s->p2p_in_provisioning || 774 (wpa_s->show_group_started && wpa_s->go_params)) { 775 /* 776 * The interface may not yet be in P2P mode, so we have to 777 * explicitly request P2P probe to disable CCK rates. 778 */ 779 params.p2p_probe = 1; 780 } 781 #endif /* CONFIG_P2P */ 782 783 scan_params = ¶ms; 784 785 scan: 786 #ifdef CONFIG_P2P 787 /* 788 * If the driver does not support multi-channel concurrency and a 789 * virtual interface that shares the same radio with the wpa_s interface 790 * is operating there may not be need to scan other channels apart from 791 * the current operating channel on the other virtual interface. Filter 792 * out other channels in case we are trying to find a connection for a 793 * station interface when we are not configured to prefer station 794 * connection and a concurrent operation is already in process. 795 */ 796 if (wpa_s->scan_for_connection && scan_req == NORMAL_SCAN_REQ && 797 !scan_params->freqs && !params.freqs && 798 wpas_is_p2p_prioritized(wpa_s) && 799 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) && 800 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 801 non_p2p_network_enabled(wpa_s)) { 802 int freq = shared_vif_oper_freq(wpa_s); 803 if (freq > 0) { 804 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only the current " 805 "operating channel (%d MHz) since driver does " 806 "not support multi-channel concurrency", freq); 807 params.freqs = os_zalloc(sizeof(int) * 2); 808 if (params.freqs) 809 params.freqs[0] = freq; 810 scan_params->freqs = params.freqs; 811 } 812 } 813 #endif /* CONFIG_P2P */ 814 815 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 816 817 wpabuf_free(extra_ie); 818 os_free(params.freqs); 819 os_free(params.filter_ssids); 820 821 if (ret) { 822 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 823 if (prev_state != wpa_s->wpa_state) 824 wpa_supplicant_set_state(wpa_s, prev_state); 825 /* Restore scan_req since we will try to scan again */ 826 wpa_s->scan_req = scan_req; 827 wpa_supplicant_req_scan(wpa_s, 1, 0); 828 } else { 829 wpa_s->scan_for_connection = 0; 830 } 831 } 832 833 834 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 835 { 836 struct os_time remaining, new_int; 837 int cancelled; 838 839 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 840 &remaining); 841 842 new_int.sec = sec; 843 new_int.usec = 0; 844 if (cancelled && os_time_before(&remaining, &new_int)) { 845 new_int.sec = remaining.sec; 846 new_int.usec = remaining.usec; 847 } 848 849 eloop_register_timeout(new_int.sec, new_int.usec, wpa_supplicant_scan, 850 wpa_s, NULL); 851 wpa_s->scan_interval = sec; 852 } 853 854 855 /** 856 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 857 * @wpa_s: Pointer to wpa_supplicant data 858 * @sec: Number of seconds after which to scan 859 * @usec: Number of microseconds after which to scan 860 * 861 * This function is used to schedule a scan for neighboring access points after 862 * the specified time. 863 */ 864 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 865 { 866 #ifndef ANDROID 867 /* If there's at least one network that should be specifically scanned 868 * then don't cancel the scan and reschedule. Some drivers do 869 * background scanning which generates frequent scan results, and that 870 * causes the specific SSID scan to get continually pushed back and 871 * never happen, which causes hidden APs to never get probe-scanned. 872 */ 873 if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) && 874 wpa_s->conf->ap_scan == 1) { 875 struct wpa_ssid *ssid = wpa_s->conf->ssid; 876 877 while (ssid) { 878 if (!wpas_network_disabled(wpa_s, ssid) && 879 ssid->scan_ssid) 880 break; 881 ssid = ssid->next; 882 } 883 if (ssid) { 884 wpa_dbg(wpa_s, MSG_DEBUG, "Not rescheduling scan to " 885 "ensure that specific SSID scans occur"); 886 return; 887 } 888 } 889 #endif 890 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec", 891 sec, usec); 892 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 893 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 894 } 895 896 897 /** 898 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 899 * @wpa_s: Pointer to wpa_supplicant data 900 * @sec: Number of seconds after which to scan 901 * @usec: Number of microseconds after which to scan 902 * Returns: 0 on success or -1 otherwise 903 * 904 * This function is used to schedule periodic scans for neighboring 905 * access points after the specified time. 906 */ 907 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 908 int sec, int usec) 909 { 910 if (!wpa_s->sched_scan_supported) 911 return -1; 912 913 eloop_register_timeout(sec, usec, 914 wpa_supplicant_delayed_sched_scan_timeout, 915 wpa_s, NULL); 916 917 return 0; 918 } 919 920 921 /** 922 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 923 * @wpa_s: Pointer to wpa_supplicant data 924 * Returns: 0 is sched_scan was started or -1 otherwise 925 * 926 * This function is used to schedule periodic scans for neighboring 927 * access points repeating the scan continuously. 928 */ 929 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 930 { 931 struct wpa_driver_scan_params params; 932 struct wpa_driver_scan_params *scan_params; 933 enum wpa_states prev_state; 934 struct wpa_ssid *ssid = NULL; 935 struct wpabuf *extra_ie = NULL; 936 int ret; 937 unsigned int max_sched_scan_ssids; 938 int wildcard = 0; 939 int need_ssids; 940 941 if (!wpa_s->sched_scan_supported) 942 return -1; 943 944 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 945 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 946 else 947 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 948 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 949 return -1; 950 951 if (wpa_s->sched_scanning) { 952 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 953 return 0; 954 } 955 956 need_ssids = 0; 957 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 958 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 959 /* Use wildcard SSID to find this network */ 960 wildcard = 1; 961 } else if (!wpas_network_disabled(wpa_s, ssid) && 962 ssid->ssid_len) 963 need_ssids++; 964 965 #ifdef CONFIG_WPS 966 if (!wpas_network_disabled(wpa_s, ssid) && 967 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 968 /* 969 * Normal scan is more reliable and faster for WPS 970 * operations and since these are for short periods of 971 * time, the benefit of trying to use sched_scan would 972 * be limited. 973 */ 974 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 975 "sched_scan for WPS"); 976 return -1; 977 } 978 #endif /* CONFIG_WPS */ 979 } 980 if (wildcard) 981 need_ssids++; 982 983 if (wpa_s->normal_scans < 3 && 984 (need_ssids <= wpa_s->max_scan_ssids || 985 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 986 /* 987 * When normal scan can speed up operations, use that for the 988 * first operations before starting the sched_scan to allow 989 * user space sleep more. We do this only if the normal scan 990 * has functionality that is suitable for this or if the 991 * sched_scan does not have better support for multiple SSIDs. 992 */ 993 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 994 "sched_scan for initial scans (normal_scans=%d)", 995 wpa_s->normal_scans); 996 return -1; 997 } 998 999 os_memset(¶ms, 0, sizeof(params)); 1000 1001 /* If we can't allocate space for the filters, we just don't filter */ 1002 params.filter_ssids = os_zalloc(wpa_s->max_match_sets * 1003 sizeof(struct wpa_driver_scan_filter)); 1004 1005 prev_state = wpa_s->wpa_state; 1006 #ifndef ANDROID_P2P 1007 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1008 wpa_s->wpa_state == WPA_INACTIVE) 1009 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1010 #endif 1011 1012 if (wpa_s->autoscan_params != NULL) { 1013 scan_params = wpa_s->autoscan_params; 1014 goto scan; 1015 } 1016 1017 /* Find the starting point from which to continue scanning */ 1018 ssid = wpa_s->conf->ssid; 1019 if (wpa_s->prev_sched_ssid) { 1020 while (ssid) { 1021 if (ssid == wpa_s->prev_sched_ssid) { 1022 ssid = ssid->next; 1023 break; 1024 } 1025 ssid = ssid->next; 1026 } 1027 } 1028 1029 if (!ssid || !wpa_s->prev_sched_ssid) { 1030 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1031 1032 if (wpa_s->sched_scan_interval == 0) 1033 wpa_s->sched_scan_interval = 10; 1034 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1035 wpa_s->first_sched_scan = 1; 1036 ssid = wpa_s->conf->ssid; 1037 wpa_s->prev_sched_ssid = ssid; 1038 } 1039 1040 if (wildcard) { 1041 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1042 params.num_ssids++; 1043 } 1044 1045 while (ssid) { 1046 if (wpas_network_disabled(wpa_s, ssid)) 1047 goto next; 1048 1049 if (params.num_filter_ssids < wpa_s->max_match_sets && 1050 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1051 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1052 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1053 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1054 ssid->ssid, ssid->ssid_len); 1055 params.filter_ssids[params.num_filter_ssids].ssid_len = 1056 ssid->ssid_len; 1057 params.num_filter_ssids++; 1058 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1059 { 1060 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1061 "filter for sched_scan - drop filter"); 1062 os_free(params.filter_ssids); 1063 params.filter_ssids = NULL; 1064 params.num_filter_ssids = 0; 1065 } 1066 1067 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1068 if (params.num_ssids == max_sched_scan_ssids) 1069 break; /* only room for broadcast SSID */ 1070 wpa_dbg(wpa_s, MSG_DEBUG, 1071 "add to active scan ssid: %s", 1072 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1073 params.ssids[params.num_ssids].ssid = 1074 ssid->ssid; 1075 params.ssids[params.num_ssids].ssid_len = 1076 ssid->ssid_len; 1077 params.num_ssids++; 1078 if (params.num_ssids >= max_sched_scan_ssids) { 1079 wpa_s->prev_sched_ssid = ssid; 1080 do { 1081 ssid = ssid->next; 1082 } while (ssid && 1083 (wpas_network_disabled(wpa_s, ssid) || 1084 !ssid->scan_ssid)); 1085 break; 1086 } 1087 } 1088 1089 next: 1090 wpa_s->prev_sched_ssid = ssid; 1091 ssid = ssid->next; 1092 } 1093 1094 if (params.num_filter_ssids == 0) { 1095 os_free(params.filter_ssids); 1096 params.filter_ssids = NULL; 1097 } 1098 1099 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1100 if (extra_ie) { 1101 params.extra_ies = wpabuf_head(extra_ie); 1102 params.extra_ies_len = wpabuf_len(extra_ie); 1103 } 1104 1105 scan_params = ¶ms; 1106 1107 scan: 1108 if (ssid || !wpa_s->first_sched_scan) { 1109 wpa_dbg(wpa_s, MSG_DEBUG, 1110 "Starting sched scan: interval %d timeout %d", 1111 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1112 } else { 1113 wpa_dbg(wpa_s, MSG_DEBUG, 1114 "Starting sched scan: interval %d (no timeout)", 1115 wpa_s->sched_scan_interval); 1116 } 1117 1118 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1119 wpa_s->sched_scan_interval); 1120 wpabuf_free(extra_ie); 1121 os_free(params.filter_ssids); 1122 if (ret) { 1123 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1124 if (prev_state != wpa_s->wpa_state) 1125 wpa_supplicant_set_state(wpa_s, prev_state); 1126 return ret; 1127 } 1128 1129 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1130 if (ssid || !wpa_s->first_sched_scan) { 1131 wpa_s->sched_scan_timed_out = 0; 1132 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1133 wpa_supplicant_sched_scan_timeout, 1134 wpa_s, NULL); 1135 wpa_s->first_sched_scan = 0; 1136 wpa_s->sched_scan_timeout /= 2; 1137 wpa_s->sched_scan_interval *= 2; 1138 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1139 wpa_s->sched_scan_interval = 10; 1140 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1141 } 1142 } 1143 1144 /* If there is no more ssids, start next time from the beginning */ 1145 if (!ssid) 1146 wpa_s->prev_sched_ssid = NULL; 1147 1148 return 0; 1149 } 1150 1151 1152 /** 1153 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1154 * @wpa_s: Pointer to wpa_supplicant data 1155 * 1156 * This function is used to cancel a scan request scheduled with 1157 * wpa_supplicant_req_scan(). 1158 */ 1159 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1160 { 1161 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1162 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1163 wpas_p2p_continue_after_scan(wpa_s); 1164 #ifdef ANDROID 1165 wpa_supplicant_notify_scanning(wpa_s, 0); 1166 #endif 1167 } 1168 1169 1170 /** 1171 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1172 * @wpa_s: Pointer to wpa_supplicant data 1173 * 1174 * This function is used to stop a periodic scheduled scan. 1175 */ 1176 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1177 { 1178 if (!wpa_s->sched_scanning) 1179 return; 1180 1181 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1182 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1183 wpa_supplicant_stop_sched_scan(wpa_s); 1184 } 1185 1186 1187 /** 1188 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1189 * @wpa_s: Pointer to wpa_supplicant data 1190 * @scanning: Whether scanning is currently in progress 1191 * 1192 * This function is to generate scanning notifycations. It is called whenever 1193 * there may have been a change in scanning (scan started, completed, stopped). 1194 * wpas_notify_scanning() is called whenever the scanning state changed from the 1195 * previously notified state. 1196 */ 1197 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1198 int scanning) 1199 { 1200 if (wpa_s->scanning != scanning) { 1201 #ifdef ANDROID_P2P 1202 if(!wpa_s->sched_scanning) 1203 wpa_s->scanning = scanning; 1204 #else 1205 wpa_s->scanning = scanning; 1206 #endif 1207 wpas_notify_scanning(wpa_s); 1208 } 1209 } 1210 1211 1212 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1213 { 1214 int rate = 0; 1215 const u8 *ie; 1216 int i; 1217 1218 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1219 for (i = 0; ie && i < ie[1]; i++) { 1220 if ((ie[i + 2] & 0x7f) > rate) 1221 rate = ie[i + 2] & 0x7f; 1222 } 1223 1224 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1225 for (i = 0; ie && i < ie[1]; i++) { 1226 if ((ie[i + 2] & 0x7f) > rate) 1227 rate = ie[i + 2] & 0x7f; 1228 } 1229 1230 return rate; 1231 } 1232 1233 1234 /** 1235 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1236 * @res: Scan result entry 1237 * @ie: Information element identitifier (WLAN_EID_*) 1238 * Returns: Pointer to the information element (id field) or %NULL if not found 1239 * 1240 * This function returns the first matching information element in the scan 1241 * result. 1242 */ 1243 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1244 { 1245 const u8 *end, *pos; 1246 1247 pos = (const u8 *) (res + 1); 1248 end = pos + res->ie_len; 1249 1250 while (pos + 1 < end) { 1251 if (pos + 2 + pos[1] > end) 1252 break; 1253 if (pos[0] == ie) 1254 return pos; 1255 pos += 2 + pos[1]; 1256 } 1257 1258 return NULL; 1259 } 1260 1261 1262 /** 1263 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1264 * @res: Scan result entry 1265 * @vendor_type: Vendor type (four octets starting the IE payload) 1266 * Returns: Pointer to the information element (id field) or %NULL if not found 1267 * 1268 * This function returns the first matching information element in the scan 1269 * result. 1270 */ 1271 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1272 u32 vendor_type) 1273 { 1274 const u8 *end, *pos; 1275 1276 pos = (const u8 *) (res + 1); 1277 end = pos + res->ie_len; 1278 1279 while (pos + 1 < end) { 1280 if (pos + 2 + pos[1] > end) 1281 break; 1282 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1283 vendor_type == WPA_GET_BE32(&pos[2])) 1284 return pos; 1285 pos += 2 + pos[1]; 1286 } 1287 1288 return NULL; 1289 } 1290 1291 1292 /** 1293 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1294 * @res: Scan result entry 1295 * @vendor_type: Vendor type (four octets starting the IE payload) 1296 * Returns: Pointer to the information element payload or %NULL if not found 1297 * 1298 * This function returns concatenated payload of possibly fragmented vendor 1299 * specific information elements in the scan result. The caller is responsible 1300 * for freeing the returned buffer. 1301 */ 1302 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1303 u32 vendor_type) 1304 { 1305 struct wpabuf *buf; 1306 const u8 *end, *pos; 1307 1308 buf = wpabuf_alloc(res->ie_len); 1309 if (buf == NULL) 1310 return NULL; 1311 1312 pos = (const u8 *) (res + 1); 1313 end = pos + res->ie_len; 1314 1315 while (pos + 1 < end) { 1316 if (pos + 2 + pos[1] > end) 1317 break; 1318 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1319 vendor_type == WPA_GET_BE32(&pos[2])) 1320 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1321 pos += 2 + pos[1]; 1322 } 1323 1324 if (wpabuf_len(buf) == 0) { 1325 wpabuf_free(buf); 1326 buf = NULL; 1327 } 1328 1329 return buf; 1330 } 1331 1332 1333 /* 1334 * Channels with a great SNR can operate at full rate. What is a great SNR? 1335 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1336 * rule of thumb is that any SNR above 20 is good." This one 1337 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1338 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1339 * conservative value. 1340 */ 1341 #define GREAT_SNR 30 1342 1343 /* Compare function for sorting scan results. Return >0 if @b is considered 1344 * better. */ 1345 static int wpa_scan_result_compar(const void *a, const void *b) 1346 { 1347 #define IS_5GHZ(n) (n > 4000) 1348 #define MIN(a,b) a < b ? a : b 1349 struct wpa_scan_res **_wa = (void *) a; 1350 struct wpa_scan_res **_wb = (void *) b; 1351 struct wpa_scan_res *wa = *_wa; 1352 struct wpa_scan_res *wb = *_wb; 1353 int wpa_a, wpa_b, maxrate_a, maxrate_b; 1354 int snr_a, snr_b; 1355 1356 /* WPA/WPA2 support preferred */ 1357 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1358 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1359 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1360 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1361 1362 if (wpa_b && !wpa_a) 1363 return 1; 1364 if (!wpa_b && wpa_a) 1365 return -1; 1366 1367 /* privacy support preferred */ 1368 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1369 (wb->caps & IEEE80211_CAP_PRIVACY)) 1370 return 1; 1371 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1372 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1373 return -1; 1374 1375 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && 1376 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { 1377 snr_a = MIN(wa->level - wa->noise, GREAT_SNR); 1378 snr_b = MIN(wb->level - wb->noise, GREAT_SNR); 1379 } else { 1380 /* Not suitable information to calculate SNR, so use level */ 1381 snr_a = wa->level; 1382 snr_b = wb->level; 1383 } 1384 1385 /* best/max rate preferred if SNR close enough */ 1386 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1387 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1388 maxrate_a = wpa_scan_get_max_rate(wa); 1389 maxrate_b = wpa_scan_get_max_rate(wb); 1390 if (maxrate_a != maxrate_b) 1391 return maxrate_b - maxrate_a; 1392 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1393 return IS_5GHZ(wa->freq) ? -1 : 1; 1394 } 1395 1396 /* use freq for channel preference */ 1397 1398 /* all things being equal, use SNR; if SNRs are 1399 * identical, use quality values since some drivers may only report 1400 * that value and leave the signal level zero */ 1401 if (snr_b == snr_a) 1402 return wb->qual - wa->qual; 1403 return snr_b - snr_a; 1404 #undef MIN 1405 #undef IS_5GHZ 1406 } 1407 1408 1409 #ifdef CONFIG_WPS 1410 /* Compare function for sorting scan results when searching a WPS AP for 1411 * provisioning. Return >0 if @b is considered better. */ 1412 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1413 { 1414 struct wpa_scan_res **_wa = (void *) a; 1415 struct wpa_scan_res **_wb = (void *) b; 1416 struct wpa_scan_res *wa = *_wa; 1417 struct wpa_scan_res *wb = *_wb; 1418 int uses_wps_a, uses_wps_b; 1419 struct wpabuf *wps_a, *wps_b; 1420 int res; 1421 1422 /* Optimization - check WPS IE existence before allocated memory and 1423 * doing full reassembly. */ 1424 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1425 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1426 if (uses_wps_a && !uses_wps_b) 1427 return -1; 1428 if (!uses_wps_a && uses_wps_b) 1429 return 1; 1430 1431 if (uses_wps_a && uses_wps_b) { 1432 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1433 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1434 res = wps_ap_priority_compar(wps_a, wps_b); 1435 wpabuf_free(wps_a); 1436 wpabuf_free(wps_b); 1437 if (res) 1438 return res; 1439 } 1440 1441 /* 1442 * Do not use current AP security policy as a sorting criteria during 1443 * WPS provisioning step since the AP may get reconfigured at the 1444 * completion of provisioning. 1445 */ 1446 1447 /* all things being equal, use signal level; if signal levels are 1448 * identical, use quality values since some drivers may only report 1449 * that value and leave the signal level zero */ 1450 if (wb->level == wa->level) 1451 return wb->qual - wa->qual; 1452 return wb->level - wa->level; 1453 } 1454 #endif /* CONFIG_WPS */ 1455 1456 1457 static void dump_scan_res(struct wpa_scan_results *scan_res) 1458 { 1459 #ifndef CONFIG_NO_STDOUT_DEBUG 1460 size_t i; 1461 1462 if (scan_res->res == NULL || scan_res->num == 0) 1463 return; 1464 1465 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1466 1467 for (i = 0; i < scan_res->num; i++) { 1468 struct wpa_scan_res *r = scan_res->res[i]; 1469 u8 *pos; 1470 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID)) 1471 == WPA_SCAN_LEVEL_DBM) { 1472 int snr = r->level - r->noise; 1473 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1474 "noise=%d level=%d snr=%d%s flags=0x%x " 1475 "age=%u", 1476 MAC2STR(r->bssid), r->freq, r->qual, 1477 r->noise, r->level, snr, 1478 snr >= GREAT_SNR ? "*" : "", r->flags, 1479 r->age); 1480 } else { 1481 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1482 "noise=%d level=%d flags=0x%x age=%u", 1483 MAC2STR(r->bssid), r->freq, r->qual, 1484 r->noise, r->level, r->flags, r->age); 1485 } 1486 pos = (u8 *) (r + 1); 1487 if (r->ie_len) 1488 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1489 pos += r->ie_len; 1490 if (r->beacon_ie_len) 1491 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1492 pos, r->beacon_ie_len); 1493 } 1494 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1495 } 1496 1497 1498 /** 1499 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1500 * @wpa_s: Pointer to wpa_supplicant data 1501 * @bssid: BSSID to check 1502 * Returns: 0 if the BSSID is filtered or 1 if not 1503 * 1504 * This function is used to filter out specific BSSIDs from scan reslts mainly 1505 * for testing purposes (SET bssid_filter ctrl_iface command). 1506 */ 1507 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1508 const u8 *bssid) 1509 { 1510 size_t i; 1511 1512 if (wpa_s->bssid_filter == NULL) 1513 return 1; 1514 1515 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1516 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1517 ETH_ALEN) == 0) 1518 return 1; 1519 } 1520 1521 return 0; 1522 } 1523 1524 1525 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1526 struct wpa_scan_results *res) 1527 { 1528 size_t i, j; 1529 1530 if (wpa_s->bssid_filter == NULL) 1531 return; 1532 1533 for (i = 0, j = 0; i < res->num; i++) { 1534 if (wpa_supplicant_filter_bssid_match(wpa_s, 1535 res->res[i]->bssid)) { 1536 res->res[j++] = res->res[i]; 1537 } else { 1538 os_free(res->res[i]); 1539 res->res[i] = NULL; 1540 } 1541 } 1542 1543 if (res->num != j) { 1544 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1545 (int) (res->num - j)); 1546 res->num = j; 1547 } 1548 } 1549 1550 1551 /** 1552 * wpa_supplicant_get_scan_results - Get scan results 1553 * @wpa_s: Pointer to wpa_supplicant data 1554 * @info: Information about what was scanned or %NULL if not available 1555 * @new_scan: Whether a new scan was performed 1556 * Returns: Scan results, %NULL on failure 1557 * 1558 * This function request the current scan results from the driver and updates 1559 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 1560 * results with wpa_scan_results_free(). 1561 */ 1562 struct wpa_scan_results * 1563 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 1564 struct scan_info *info, int new_scan) 1565 { 1566 struct wpa_scan_results *scan_res; 1567 size_t i; 1568 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 1569 1570 scan_res = wpa_drv_get_scan_results2(wpa_s); 1571 if (scan_res == NULL) { 1572 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 1573 return NULL; 1574 } 1575 if (scan_res->fetch_time.sec == 0) { 1576 /* 1577 * Make sure we have a valid timestamp if the driver wrapper 1578 * does not set this. 1579 */ 1580 os_get_time(&scan_res->fetch_time); 1581 } 1582 filter_scan_res(wpa_s, scan_res); 1583 1584 #ifdef CONFIG_WPS 1585 if (wpas_wps_in_progress(wpa_s)) { 1586 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 1587 "provisioning rules"); 1588 compar = wpa_scan_result_wps_compar; 1589 } 1590 #endif /* CONFIG_WPS */ 1591 1592 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 1593 compar); 1594 dump_scan_res(scan_res); 1595 1596 wpa_bss_update_start(wpa_s); 1597 for (i = 0; i < scan_res->num; i++) 1598 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 1599 &scan_res->fetch_time); 1600 wpa_bss_update_end(wpa_s, info, new_scan); 1601 1602 return scan_res; 1603 } 1604 1605 1606 /** 1607 * wpa_supplicant_update_scan_results - Update scan results from the driver 1608 * @wpa_s: Pointer to wpa_supplicant data 1609 * Returns: 0 on success, -1 on failure 1610 * 1611 * This function updates the BSS table within wpa_supplicant based on the 1612 * currently available scan results from the driver without requesting a new 1613 * scan. This is used in cases where the driver indicates an association 1614 * (including roaming within ESS) and wpa_supplicant does not yet have the 1615 * needed information to complete the connection (e.g., to perform validation 1616 * steps in 4-way handshake). 1617 */ 1618 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 1619 { 1620 struct wpa_scan_results *scan_res; 1621 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 1622 if (scan_res == NULL) 1623 return -1; 1624 wpa_scan_results_free(scan_res); 1625 1626 return 0; 1627 } 1628 1629 1630 /** 1631 * scan_only_handler - Reports scan results 1632 */ 1633 void scan_only_handler(struct wpa_supplicant *wpa_s, 1634 struct wpa_scan_results *scan_res) 1635 { 1636 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 1637 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1638 wpas_notify_scan_results(wpa_s); 1639 wpas_notify_scan_done(wpa_s, 1); 1640 } 1641 1642 1643 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 1644 { 1645 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 1646 } 1647
