1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 26 27 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 28 { 29 struct wpa_ssid *ssid; 30 union wpa_event_data data; 31 32 ssid = wpa_supplicant_get_ssid(wpa_s); 33 if (ssid == NULL) 34 return; 35 36 if (wpa_s->current_ssid == NULL) { 37 wpa_s->current_ssid = ssid; 38 if (wpa_s->current_ssid != NULL) 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (!ssid->eap.phase1) 63 continue; 64 65 if (os_strstr(ssid->eap.phase1, "pbc=1")) 66 return 2; 67 } 68 69 #ifdef CONFIG_P2P 70 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 71 !wpa_s->conf->p2p_disabled) { 72 wpa_s->wps->dev.p2p = 1; 73 if (!wps) { 74 wps = 1; 75 *req_type = WPS_REQ_ENROLLEE_INFO; 76 } 77 } 78 #endif /* CONFIG_P2P */ 79 80 return wps; 81 } 82 #endif /* CONFIG_WPS */ 83 84 85 /** 86 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 87 * @wpa_s: Pointer to wpa_supplicant data 88 * Returns: 0 if no networks are enabled, >0 if networks are enabled 89 * 90 * This function is used to figure out whether any networks (or Interworking 91 * with enabled credentials and auto_interworking) are present in the current 92 * configuration. 93 */ 94 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 95 { 96 struct wpa_ssid *ssid = wpa_s->conf->ssid; 97 int count = 0, disabled = 0; 98 while (ssid) { 99 if (!wpas_network_disabled(wpa_s, ssid)) 100 count++; 101 else 102 disabled++; 103 ssid = ssid->next; 104 } 105 if (wpa_s->conf->cred && wpa_s->conf->interworking && 106 wpa_s->conf->auto_interworking) 107 count++; 108 if (count == 0 && disabled > 0) { 109 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 110 "networks)", disabled); 111 } 112 return count; 113 } 114 115 116 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 117 struct wpa_ssid *ssid) 118 { 119 while (ssid) { 120 if (!wpas_network_disabled(wpa_s, ssid)) 121 break; 122 ssid = ssid->next; 123 } 124 125 /* ap_scan=2 mode - try to associate with each SSID. */ 126 if (ssid == NULL) { 127 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 128 "end of scan list - go back to beginning"); 129 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 130 wpa_supplicant_req_scan(wpa_s, 0, 0); 131 return; 132 } 133 if (ssid->next) { 134 /* Continue from the next SSID on the next attempt. */ 135 wpa_s->prev_scan_ssid = ssid; 136 } else { 137 /* Start from the beginning of the SSID list. */ 138 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 139 } 140 wpa_supplicant_associate(wpa_s, NULL, ssid); 141 } 142 143 144 static int int_array_len(const int *a) 145 { 146 int i; 147 for (i = 0; a && a[i]; i++) 148 ; 149 return i; 150 } 151 152 153 static void int_array_concat(int **res, const int *a) 154 { 155 int reslen, alen, i; 156 int *n; 157 158 reslen = int_array_len(*res); 159 alen = int_array_len(a); 160 161 n = os_realloc_array(*res, reslen + alen + 1, sizeof(int)); 162 if (n == NULL) { 163 os_free(*res); 164 *res = NULL; 165 return; 166 } 167 for (i = 0; i <= alen; i++) 168 n[reslen + i] = a[i]; 169 *res = n; 170 } 171 172 173 static int freq_cmp(const void *a, const void *b) 174 { 175 int _a = *(int *) a; 176 int _b = *(int *) b; 177 178 if (_a == 0) 179 return 1; 180 if (_b == 0) 181 return -1; 182 return _a - _b; 183 } 184 185 186 static void int_array_sort_unique(int *a) 187 { 188 int alen; 189 int i, j; 190 191 if (a == NULL) 192 return; 193 194 alen = int_array_len(a); 195 qsort(a, alen, sizeof(int), freq_cmp); 196 197 i = 0; 198 j = 1; 199 while (a[i] && a[j]) { 200 if (a[i] == a[j]) { 201 j++; 202 continue; 203 } 204 a[++i] = a[j++]; 205 } 206 if (a[i]) 207 i++; 208 a[i] = 0; 209 } 210 211 212 /** 213 * wpa_supplicant_trigger_scan - Request driver to start a scan 214 * @wpa_s: Pointer to wpa_supplicant data 215 * @params: Scan parameters 216 * Returns: 0 on success, -1 on failure 217 */ 218 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 219 struct wpa_driver_scan_params *params) 220 { 221 int ret; 222 223 wpa_supplicant_notify_scanning(wpa_s, 1); 224 225 ret = wpa_drv_scan(wpa_s, params); 226 if (ret) { 227 wpa_supplicant_notify_scanning(wpa_s, 0); 228 wpas_notify_scan_done(wpa_s, 0); 229 } else { 230 os_get_time(&wpa_s->scan_trigger_time); 231 wpa_s->scan_runs++; 232 wpa_s->normal_scans++; 233 } 234 235 return ret; 236 } 237 238 239 static void 240 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 241 { 242 struct wpa_supplicant *wpa_s = eloop_ctx; 243 244 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 245 246 if (wpa_supplicant_req_sched_scan(wpa_s)) 247 wpa_supplicant_req_scan(wpa_s, 0, 0); 248 } 249 250 251 static void 252 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 253 { 254 struct wpa_supplicant *wpa_s = eloop_ctx; 255 256 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 257 258 wpa_s->sched_scan_timed_out = 1; 259 wpa_supplicant_cancel_sched_scan(wpa_s); 260 } 261 262 263 static int 264 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 265 struct wpa_driver_scan_params *params, 266 int interval) 267 { 268 int ret; 269 270 wpa_supplicant_notify_scanning(wpa_s, 1); 271 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 272 if (ret) 273 wpa_supplicant_notify_scanning(wpa_s, 0); 274 else { 275 wpa_s->sched_scanning = 1; 276 } 277 278 return ret; 279 } 280 281 282 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 283 { 284 int ret; 285 286 ret = wpa_drv_stop_sched_scan(wpa_s); 287 if (ret) { 288 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 289 /* TODO: what to do if stopping fails? */ 290 return -1; 291 } 292 293 return ret; 294 } 295 296 297 static struct wpa_driver_scan_filter * 298 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 299 { 300 struct wpa_driver_scan_filter *ssids; 301 struct wpa_ssid *ssid; 302 size_t count; 303 304 *num_ssids = 0; 305 if (!conf->filter_ssids) 306 return NULL; 307 308 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 309 if (ssid->ssid && ssid->ssid_len) 310 count++; 311 } 312 if (count == 0) 313 return NULL; 314 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter)); 315 if (ssids == NULL) 316 return NULL; 317 318 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 319 if (!ssid->ssid || !ssid->ssid_len) 320 continue; 321 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 322 ssids[*num_ssids].ssid_len = ssid->ssid_len; 323 (*num_ssids)++; 324 } 325 326 return ssids; 327 } 328 329 330 static void wpa_supplicant_optimize_freqs( 331 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 332 { 333 #ifdef CONFIG_P2P 334 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 335 wpa_s->go_params) { 336 /* Optimize provisioning state scan based on GO information */ 337 if (wpa_s->p2p_in_provisioning < 5 && 338 wpa_s->go_params->freq > 0) { 339 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 340 "preferred frequency %d MHz", 341 wpa_s->go_params->freq); 342 params->freqs = os_zalloc(2 * sizeof(int)); 343 if (params->freqs) 344 params->freqs[0] = wpa_s->go_params->freq; 345 } else if (wpa_s->p2p_in_provisioning < 8 && 346 wpa_s->go_params->freq_list[0]) { 347 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 348 "channels"); 349 int_array_concat(¶ms->freqs, 350 wpa_s->go_params->freq_list); 351 if (params->freqs) 352 int_array_sort_unique(params->freqs); 353 } 354 wpa_s->p2p_in_provisioning++; 355 } 356 #endif /* CONFIG_P2P */ 357 358 #ifdef CONFIG_WPS 359 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 360 /* 361 * Optimize post-provisioning scan based on channel used 362 * during provisioning. 363 */ 364 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 365 "that was used during provisioning", wpa_s->wps_freq); 366 params->freqs = os_zalloc(2 * sizeof(int)); 367 if (params->freqs) 368 params->freqs[0] = wpa_s->wps_freq; 369 wpa_s->after_wps--; 370 } 371 372 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 373 { 374 /* Optimize provisioning scan based on already known channel */ 375 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 376 wpa_s->wps_freq); 377 params->freqs = os_zalloc(2 * sizeof(int)); 378 if (params->freqs) 379 params->freqs[0] = wpa_s->wps_freq; 380 wpa_s->known_wps_freq = 0; /* only do this once */ 381 } 382 #endif /* CONFIG_WPS */ 383 } 384 385 386 #ifdef CONFIG_INTERWORKING 387 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 388 struct wpabuf *buf) 389 { 390 if (wpa_s->conf->interworking == 0) 391 return; 392 393 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 394 wpabuf_put_u8(buf, 4); 395 wpabuf_put_u8(buf, 0x00); 396 wpabuf_put_u8(buf, 0x00); 397 wpabuf_put_u8(buf, 0x00); 398 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 399 400 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 401 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 402 1 + ETH_ALEN); 403 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 404 /* No Venue Info */ 405 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 406 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 407 } 408 #endif /* CONFIG_INTERWORKING */ 409 410 411 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 412 { 413 struct wpabuf *extra_ie = NULL; 414 #ifdef CONFIG_WPS 415 int wps = 0; 416 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 417 #endif /* CONFIG_WPS */ 418 419 #ifdef CONFIG_INTERWORKING 420 if (wpa_s->conf->interworking && 421 wpabuf_resize(&extra_ie, 100) == 0) 422 wpas_add_interworking_elements(wpa_s, extra_ie); 423 #endif /* CONFIG_INTERWORKING */ 424 425 #ifdef CONFIG_WPS 426 wps = wpas_wps_in_use(wpa_s, &req_type); 427 428 if (wps) { 429 struct wpabuf *wps_ie; 430 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 431 DEV_PW_DEFAULT, 432 &wpa_s->wps->dev, 433 wpa_s->wps->uuid, req_type, 434 0, NULL); 435 if (wps_ie) { 436 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 437 wpabuf_put_buf(extra_ie, wps_ie); 438 wpabuf_free(wps_ie); 439 } 440 } 441 442 #ifdef CONFIG_P2P 443 if (wps) { 444 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 445 if (wpabuf_resize(&extra_ie, ielen) == 0) 446 wpas_p2p_scan_ie(wpa_s, extra_ie); 447 } 448 #endif /* CONFIG_P2P */ 449 450 #endif /* CONFIG_WPS */ 451 452 #ifdef CONFIG_HS20 453 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 454 wpas_hs20_add_indication(extra_ie); 455 #endif /* CONFIG_HS20 */ 456 457 return extra_ie; 458 } 459 460 461 #ifdef CONFIG_P2P 462 463 /* 464 * Check whether there are any enabled networks or credentials that could be 465 * used for a non-P2P connection. 466 */ 467 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 468 { 469 struct wpa_ssid *ssid; 470 471 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 472 if (wpas_network_disabled(wpa_s, ssid)) 473 continue; 474 if (!ssid->p2p_group) 475 return 1; 476 } 477 478 if (wpa_s->conf->cred && wpa_s->conf->interworking && 479 wpa_s->conf->auto_interworking) 480 return 1; 481 482 return 0; 483 } 484 485 #endif /* CONFIG_P2P */ 486 487 488 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 489 u16 num_modes, 490 enum hostapd_hw_mode mode) 491 { 492 u16 i; 493 494 for (i = 0; i < num_modes; i++) { 495 if (modes[i].mode == mode) 496 return &modes[i]; 497 } 498 499 return NULL; 500 } 501 502 503 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 504 enum hostapd_hw_mode band, 505 struct wpa_driver_scan_params *params) 506 { 507 /* Include only supported channels for the specified band */ 508 struct hostapd_hw_modes *mode; 509 int count, i; 510 511 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 512 if (mode == NULL) { 513 /* No channels supported in this band - use empty list */ 514 params->freqs = os_zalloc(sizeof(int)); 515 return; 516 } 517 518 params->freqs = os_zalloc((mode->num_channels + 1) * sizeof(int)); 519 if (params->freqs == NULL) 520 return; 521 for (count = 0, i = 0; i < mode->num_channels; i++) { 522 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 523 continue; 524 params->freqs[count++] = mode->channels[i].freq; 525 } 526 } 527 528 529 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 530 struct wpa_driver_scan_params *params) 531 { 532 if (wpa_s->hw.modes == NULL) 533 return; /* unknown what channels the driver supports */ 534 if (params->freqs) 535 return; /* already using a limited channel set */ 536 if (wpa_s->setband == WPA_SETBAND_5G) 537 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 538 params); 539 else if (wpa_s->setband == WPA_SETBAND_2G) 540 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 541 params); 542 } 543 544 545 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 546 { 547 struct wpa_supplicant *wpa_s = eloop_ctx; 548 struct wpa_ssid *ssid; 549 enum scan_req_type scan_req = NORMAL_SCAN_REQ; 550 int ret; 551 struct wpabuf *extra_ie = NULL; 552 struct wpa_driver_scan_params params; 553 struct wpa_driver_scan_params *scan_params; 554 size_t max_ssids; 555 enum wpa_states prev_state; 556 557 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 558 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 559 wpas_p2p_continue_after_scan(wpa_s); 560 return; 561 } 562 563 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 564 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 565 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 566 wpas_p2p_continue_after_scan(wpa_s); 567 return; 568 } 569 #ifdef ANDROID 570 if (wpa_s->scanning) { 571 /* If we are already in scanning state, we shall ignore this new scan request*/ 572 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - already scanning"); 573 return; 574 } 575 #endif 576 if (!wpa_supplicant_enabled_networks(wpa_s) && 577 wpa_s->scan_req == NORMAL_SCAN_REQ) { 578 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 579 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 580 wpas_p2p_continue_after_scan(wpa_s); 581 return; 582 } 583 584 if (wpa_s->conf->ap_scan != 0 && 585 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 586 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 587 "overriding ap_scan configuration"); 588 wpa_s->conf->ap_scan = 0; 589 wpas_notify_ap_scan_changed(wpa_s); 590 } 591 592 if (wpa_s->conf->ap_scan == 0) { 593 wpa_supplicant_gen_assoc_event(wpa_s); 594 return; 595 } 596 597 #ifdef CONFIG_P2P 598 if (wpas_p2p_in_progress(wpa_s) || wpas_wpa_is_in_progress(wpa_s)) { 599 if (wpa_s->sta_scan_pending && 600 wpas_p2p_in_progress(wpa_s) == 2 && 601 wpa_s->global->p2p_cb_on_scan_complete) { 602 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending station " 603 "mode scan during P2P search"); 604 } else { 605 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan " 606 "while P2P operation is in progress"); 607 wpa_s->sta_scan_pending = 1; 608 wpa_supplicant_req_scan(wpa_s, 5, 0); 609 return; 610 } 611 } 612 #endif /* CONFIG_P2P */ 613 614 if (wpa_s->conf->ap_scan == 2) 615 max_ssids = 1; 616 else { 617 max_ssids = wpa_s->max_scan_ssids; 618 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 619 max_ssids = WPAS_MAX_SCAN_SSIDS; 620 } 621 622 scan_req = wpa_s->scan_req; 623 wpa_s->scan_req = NORMAL_SCAN_REQ; 624 625 os_memset(¶ms, 0, sizeof(params)); 626 627 prev_state = wpa_s->wpa_state; 628 if (wpa_s->wpa_state == WPA_DISCONNECTED || 629 wpa_s->wpa_state == WPA_INACTIVE) 630 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 631 632 /* 633 * If autoscan has set its own scanning parameters 634 */ 635 if (wpa_s->autoscan_params != NULL) { 636 scan_params = wpa_s->autoscan_params; 637 goto scan; 638 } 639 640 if (scan_req != MANUAL_SCAN_REQ && wpa_s->connect_without_scan) { 641 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 642 if (ssid == wpa_s->connect_without_scan) 643 break; 644 } 645 wpa_s->connect_without_scan = NULL; 646 if (ssid) { 647 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 648 "without scan step"); 649 wpa_supplicant_associate(wpa_s, NULL, ssid); 650 return; 651 } 652 } 653 654 #ifdef CONFIG_P2P 655 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 656 wpa_s->go_params) { 657 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during " 658 "P2P group formation"); 659 params.ssids[0].ssid = wpa_s->go_params->ssid; 660 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 661 params.num_ssids = 1; 662 goto ssid_list_set; 663 } 664 #endif /* CONFIG_P2P */ 665 666 /* Find the starting point from which to continue scanning */ 667 ssid = wpa_s->conf->ssid; 668 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 669 while (ssid) { 670 if (ssid == wpa_s->prev_scan_ssid) { 671 ssid = ssid->next; 672 break; 673 } 674 ssid = ssid->next; 675 } 676 } 677 678 if (scan_req != MANUAL_SCAN_REQ && wpa_s->conf->ap_scan == 2) { 679 wpa_s->connect_without_scan = NULL; 680 wpa_s->prev_scan_wildcard = 0; 681 wpa_supplicant_assoc_try(wpa_s, ssid); 682 return; 683 #ifndef ANDROID 684 } else if (wpa_s->conf->ap_scan == 2) { 685 /* 686 * User-initiated scan request in ap_scan == 2; scan with 687 * wildcard SSID. 688 */ 689 ssid = NULL; 690 #endif 691 } else { 692 struct wpa_ssid *start = ssid, *tssid; 693 int freqs_set = 0; 694 if (ssid == NULL && max_ssids > 1) 695 ssid = wpa_s->conf->ssid; 696 while (ssid) { 697 if (!wpas_network_disabled(wpa_s, ssid) && 698 ssid->scan_ssid) { 699 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 700 ssid->ssid, ssid->ssid_len); 701 params.ssids[params.num_ssids].ssid = 702 ssid->ssid; 703 params.ssids[params.num_ssids].ssid_len = 704 ssid->ssid_len; 705 params.num_ssids++; 706 if (params.num_ssids + 1 >= max_ssids) 707 break; 708 } 709 ssid = ssid->next; 710 if (ssid == start) 711 break; 712 if (ssid == NULL && max_ssids > 1 && 713 start != wpa_s->conf->ssid) 714 ssid = wpa_s->conf->ssid; 715 } 716 717 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) { 718 if (wpas_network_disabled(wpa_s, tssid)) 719 continue; 720 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 721 int_array_concat(¶ms.freqs, 722 tssid->scan_freq); 723 } else { 724 os_free(params.freqs); 725 params.freqs = NULL; 726 } 727 freqs_set = 1; 728 } 729 int_array_sort_unique(params.freqs); 730 } 731 732 if (ssid && max_ssids == 1) { 733 /* 734 * If the driver is limited to 1 SSID at a time interleave 735 * wildcard SSID scans with specific SSID scans to avoid 736 * waiting a long time for a wildcard scan. 737 */ 738 if (!wpa_s->prev_scan_wildcard) { 739 params.ssids[0].ssid = NULL; 740 params.ssids[0].ssid_len = 0; 741 wpa_s->prev_scan_wildcard = 1; 742 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 743 "wildcard SSID (Interleave with specific)"); 744 } else { 745 wpa_s->prev_scan_ssid = ssid; 746 wpa_s->prev_scan_wildcard = 0; 747 wpa_dbg(wpa_s, MSG_DEBUG, 748 "Starting AP scan for specific SSID: %s", 749 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 750 } 751 } else if (ssid) { 752 /* max_ssids > 1 */ 753 754 wpa_s->prev_scan_ssid = ssid; 755 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 756 "the scan request"); 757 params.num_ssids++; 758 } else { 759 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 760 params.num_ssids++; 761 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 762 "SSID"); 763 } 764 #ifdef CONFIG_P2P 765 ssid_list_set: 766 #endif /* CONFIG_P2P */ 767 768 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 769 extra_ie = wpa_supplicant_extra_ies(wpa_s); 770 771 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 772 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 773 "generated frequency list"); 774 params.freqs = wpa_s->next_scan_freqs; 775 } else 776 os_free(wpa_s->next_scan_freqs); 777 wpa_s->next_scan_freqs = NULL; 778 wpa_setband_scan_freqs(wpa_s, ¶ms); 779 780 /* See if user specified frequencies. If so, scan only those. */ 781 if (wpa_s->conf->freq_list && !params.freqs) { 782 wpa_dbg(wpa_s, MSG_DEBUG, 783 "Optimize scan based on conf->freq_list"); 784 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 785 } 786 787 /* Use current associated channel? */ 788 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 789 unsigned int num = wpa_s->num_multichan_concurrent; 790 791 params.freqs = os_calloc(num + 1, sizeof(int)); 792 if (params.freqs) { 793 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 794 if (num > 0) { 795 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 796 "current operating channels since " 797 "scan_cur_freq is enabled"); 798 } else { 799 os_free(params.freqs); 800 params.freqs = NULL; 801 } 802 } 803 } 804 805 params.filter_ssids = wpa_supplicant_build_filter_ssids( 806 wpa_s->conf, ¶ms.num_filter_ssids); 807 if (extra_ie) { 808 params.extra_ies = wpabuf_head(extra_ie); 809 params.extra_ies_len = wpabuf_len(extra_ie); 810 } 811 812 #ifdef CONFIG_P2P 813 if (wpa_s->p2p_in_provisioning || 814 (wpa_s->show_group_started && wpa_s->go_params)) { 815 /* 816 * The interface may not yet be in P2P mode, so we have to 817 * explicitly request P2P probe to disable CCK rates. 818 */ 819 params.p2p_probe = 1; 820 } 821 #endif /* CONFIG_P2P */ 822 823 scan_params = ¶ms; 824 825 scan: 826 #ifdef CONFIG_P2P 827 /* 828 * If the driver does not support multi-channel concurrency and a 829 * virtual interface that shares the same radio with the wpa_s interface 830 * is operating there may not be need to scan other channels apart from 831 * the current operating channel on the other virtual interface. Filter 832 * out other channels in case we are trying to find a connection for a 833 * station interface when we are not configured to prefer station 834 * connection and a concurrent operation is already in process. 835 */ 836 if (wpa_s->scan_for_connection && scan_req == NORMAL_SCAN_REQ && 837 !scan_params->freqs && !params.freqs && 838 wpas_is_p2p_prioritized(wpa_s) && 839 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 840 non_p2p_network_enabled(wpa_s)) { 841 unsigned int num = wpa_s->num_multichan_concurrent; 842 843 params.freqs = os_calloc(num + 1, sizeof(int)); 844 if (params.freqs) { 845 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 846 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 847 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 848 } else { 849 os_free(params.freqs); 850 params.freqs = NULL; 851 } 852 } 853 } 854 #endif /* CONFIG_P2P */ 855 856 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 857 858 wpabuf_free(extra_ie); 859 os_free(params.freqs); 860 os_free(params.filter_ssids); 861 862 if (ret) { 863 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 864 if (prev_state != wpa_s->wpa_state) 865 wpa_supplicant_set_state(wpa_s, prev_state); 866 /* Restore scan_req since we will try to scan again */ 867 wpa_s->scan_req = scan_req; 868 wpa_supplicant_req_scan(wpa_s, 1, 0); 869 } else { 870 wpa_s->scan_for_connection = 0; 871 } 872 } 873 874 875 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 876 { 877 struct os_time remaining, new_int; 878 int cancelled; 879 880 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 881 &remaining); 882 883 new_int.sec = sec; 884 new_int.usec = 0; 885 if (cancelled && os_time_before(&remaining, &new_int)) { 886 new_int.sec = remaining.sec; 887 new_int.usec = remaining.usec; 888 } 889 890 eloop_register_timeout(new_int.sec, new_int.usec, wpa_supplicant_scan, 891 wpa_s, NULL); 892 wpa_s->scan_interval = sec; 893 } 894 895 896 /** 897 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 898 * @wpa_s: Pointer to wpa_supplicant data 899 * @sec: Number of seconds after which to scan 900 * @usec: Number of microseconds after which to scan 901 * 902 * This function is used to schedule a scan for neighboring access points after 903 * the specified time. 904 */ 905 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 906 { 907 #ifndef ANDROID 908 /* If there's at least one network that should be specifically scanned 909 * then don't cancel the scan and reschedule. Some drivers do 910 * background scanning which generates frequent scan results, and that 911 * causes the specific SSID scan to get continually pushed back and 912 * never happen, which causes hidden APs to never get probe-scanned. 913 */ 914 if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) && 915 wpa_s->conf->ap_scan == 1) { 916 struct wpa_ssid *ssid = wpa_s->conf->ssid; 917 918 while (ssid) { 919 if (!wpas_network_disabled(wpa_s, ssid) && 920 ssid->scan_ssid) 921 break; 922 ssid = ssid->next; 923 } 924 if (ssid) { 925 wpa_dbg(wpa_s, MSG_DEBUG, "Not rescheduling scan to " 926 "ensure that specific SSID scans occur"); 927 return; 928 } 929 } 930 #endif 931 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec", 932 sec, usec); 933 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 934 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 935 } 936 937 938 /** 939 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 940 * @wpa_s: Pointer to wpa_supplicant data 941 * @sec: Number of seconds after which to scan 942 * @usec: Number of microseconds after which to scan 943 * Returns: 0 on success or -1 otherwise 944 * 945 * This function is used to schedule periodic scans for neighboring 946 * access points after the specified time. 947 */ 948 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 949 int sec, int usec) 950 { 951 if (!wpa_s->sched_scan_supported) 952 return -1; 953 954 eloop_register_timeout(sec, usec, 955 wpa_supplicant_delayed_sched_scan_timeout, 956 wpa_s, NULL); 957 958 return 0; 959 } 960 961 962 /** 963 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 964 * @wpa_s: Pointer to wpa_supplicant data 965 * Returns: 0 is sched_scan was started or -1 otherwise 966 * 967 * This function is used to schedule periodic scans for neighboring 968 * access points repeating the scan continuously. 969 */ 970 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 971 { 972 struct wpa_driver_scan_params params; 973 struct wpa_driver_scan_params *scan_params; 974 enum wpa_states prev_state; 975 struct wpa_ssid *ssid = NULL; 976 struct wpabuf *extra_ie = NULL; 977 int ret; 978 unsigned int max_sched_scan_ssids; 979 int wildcard = 0; 980 int need_ssids; 981 982 if (!wpa_s->sched_scan_supported) 983 return -1; 984 985 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 986 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 987 else 988 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 989 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 990 return -1; 991 992 if (wpa_s->sched_scanning) { 993 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 994 return 0; 995 } 996 997 need_ssids = 0; 998 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 999 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1000 /* Use wildcard SSID to find this network */ 1001 wildcard = 1; 1002 } else if (!wpas_network_disabled(wpa_s, ssid) && 1003 ssid->ssid_len) 1004 need_ssids++; 1005 1006 #ifdef CONFIG_WPS 1007 if (!wpas_network_disabled(wpa_s, ssid) && 1008 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1009 /* 1010 * Normal scan is more reliable and faster for WPS 1011 * operations and since these are for short periods of 1012 * time, the benefit of trying to use sched_scan would 1013 * be limited. 1014 */ 1015 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1016 "sched_scan for WPS"); 1017 return -1; 1018 } 1019 #endif /* CONFIG_WPS */ 1020 } 1021 if (wildcard) 1022 need_ssids++; 1023 1024 if (wpa_s->normal_scans < 3 && 1025 (need_ssids <= wpa_s->max_scan_ssids || 1026 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1027 /* 1028 * When normal scan can speed up operations, use that for the 1029 * first operations before starting the sched_scan to allow 1030 * user space sleep more. We do this only if the normal scan 1031 * has functionality that is suitable for this or if the 1032 * sched_scan does not have better support for multiple SSIDs. 1033 */ 1034 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1035 "sched_scan for initial scans (normal_scans=%d)", 1036 wpa_s->normal_scans); 1037 return -1; 1038 } 1039 1040 os_memset(¶ms, 0, sizeof(params)); 1041 1042 /* If we can't allocate space for the filters, we just don't filter */ 1043 params.filter_ssids = os_zalloc(wpa_s->max_match_sets * 1044 sizeof(struct wpa_driver_scan_filter)); 1045 1046 prev_state = wpa_s->wpa_state; 1047 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1048 wpa_s->wpa_state == WPA_INACTIVE) 1049 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1050 1051 if (wpa_s->autoscan_params != NULL) { 1052 scan_params = wpa_s->autoscan_params; 1053 goto scan; 1054 } 1055 1056 /* Find the starting point from which to continue scanning */ 1057 ssid = wpa_s->conf->ssid; 1058 if (wpa_s->prev_sched_ssid) { 1059 while (ssid) { 1060 if (ssid == wpa_s->prev_sched_ssid) { 1061 ssid = ssid->next; 1062 break; 1063 } 1064 ssid = ssid->next; 1065 } 1066 } 1067 1068 if (!ssid || !wpa_s->prev_sched_ssid) { 1069 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1070 if (wpa_s->conf->sched_scan_interval) 1071 wpa_s->sched_scan_interval = 1072 wpa_s->conf->sched_scan_interval; 1073 if (wpa_s->sched_scan_interval == 0) 1074 wpa_s->sched_scan_interval = 10; 1075 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1076 wpa_s->first_sched_scan = 1; 1077 ssid = wpa_s->conf->ssid; 1078 wpa_s->prev_sched_ssid = ssid; 1079 } 1080 1081 if (wildcard) { 1082 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1083 params.num_ssids++; 1084 } 1085 1086 while (ssid) { 1087 if (wpas_network_disabled(wpa_s, ssid)) 1088 goto next; 1089 1090 if (params.num_filter_ssids < wpa_s->max_match_sets && 1091 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1092 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1093 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1094 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1095 ssid->ssid, ssid->ssid_len); 1096 params.filter_ssids[params.num_filter_ssids].ssid_len = 1097 ssid->ssid_len; 1098 params.num_filter_ssids++; 1099 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1100 { 1101 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1102 "filter for sched_scan - drop filter"); 1103 os_free(params.filter_ssids); 1104 params.filter_ssids = NULL; 1105 params.num_filter_ssids = 0; 1106 } 1107 1108 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1109 if (params.num_ssids == max_sched_scan_ssids) 1110 break; /* only room for broadcast SSID */ 1111 wpa_dbg(wpa_s, MSG_DEBUG, 1112 "add to active scan ssid: %s", 1113 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1114 params.ssids[params.num_ssids].ssid = 1115 ssid->ssid; 1116 params.ssids[params.num_ssids].ssid_len = 1117 ssid->ssid_len; 1118 params.num_ssids++; 1119 if (params.num_ssids >= max_sched_scan_ssids) { 1120 wpa_s->prev_sched_ssid = ssid; 1121 do { 1122 ssid = ssid->next; 1123 } while (ssid && 1124 (wpas_network_disabled(wpa_s, ssid) || 1125 !ssid->scan_ssid)); 1126 break; 1127 } 1128 } 1129 1130 next: 1131 wpa_s->prev_sched_ssid = ssid; 1132 ssid = ssid->next; 1133 } 1134 1135 if (params.num_filter_ssids == 0) { 1136 os_free(params.filter_ssids); 1137 params.filter_ssids = NULL; 1138 } 1139 1140 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1141 if (extra_ie) { 1142 params.extra_ies = wpabuf_head(extra_ie); 1143 params.extra_ies_len = wpabuf_len(extra_ie); 1144 } 1145 1146 scan_params = ¶ms; 1147 1148 scan: 1149 if (ssid || !wpa_s->first_sched_scan) { 1150 wpa_dbg(wpa_s, MSG_DEBUG, 1151 "Starting sched scan: interval %d timeout %d", 1152 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1153 } else { 1154 wpa_dbg(wpa_s, MSG_DEBUG, 1155 "Starting sched scan: interval %d (no timeout)", 1156 wpa_s->sched_scan_interval); 1157 } 1158 1159 wpa_setband_scan_freqs(wpa_s, scan_params); 1160 1161 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1162 wpa_s->sched_scan_interval); 1163 wpabuf_free(extra_ie); 1164 os_free(params.filter_ssids); 1165 if (ret) { 1166 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1167 if (prev_state != wpa_s->wpa_state) 1168 wpa_supplicant_set_state(wpa_s, prev_state); 1169 return ret; 1170 } 1171 1172 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1173 if (ssid || !wpa_s->first_sched_scan) { 1174 wpa_s->sched_scan_timed_out = 0; 1175 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1176 wpa_supplicant_sched_scan_timeout, 1177 wpa_s, NULL); 1178 wpa_s->first_sched_scan = 0; 1179 wpa_s->sched_scan_timeout /= 2; 1180 wpa_s->sched_scan_interval *= 2; 1181 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1182 wpa_s->sched_scan_interval = 10; 1183 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1184 } 1185 } 1186 1187 /* If there is no more ssids, start next time from the beginning */ 1188 if (!ssid) 1189 wpa_s->prev_sched_ssid = NULL; 1190 1191 return 0; 1192 } 1193 1194 1195 /** 1196 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1197 * @wpa_s: Pointer to wpa_supplicant data 1198 * 1199 * This function is used to cancel a scan request scheduled with 1200 * wpa_supplicant_req_scan(). 1201 */ 1202 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1203 { 1204 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1205 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1206 wpas_p2p_continue_after_scan(wpa_s); 1207 #ifdef ANDROID 1208 wpa_supplicant_notify_scanning(wpa_s, 0); 1209 #endif 1210 } 1211 1212 1213 /** 1214 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1215 * @wpa_s: Pointer to wpa_supplicant data 1216 * 1217 * This function is used to stop a delayed scheduled scan. 1218 */ 1219 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1220 { 1221 if (!wpa_s->sched_scan_supported) 1222 return; 1223 1224 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1225 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1226 wpa_s, NULL); 1227 } 1228 1229 1230 /** 1231 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1232 * @wpa_s: Pointer to wpa_supplicant data 1233 * 1234 * This function is used to stop a periodic scheduled scan. 1235 */ 1236 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1237 { 1238 if (!wpa_s->sched_scanning) 1239 return; 1240 1241 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1242 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1243 wpa_supplicant_stop_sched_scan(wpa_s); 1244 } 1245 1246 1247 /** 1248 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1249 * @wpa_s: Pointer to wpa_supplicant data 1250 * @scanning: Whether scanning is currently in progress 1251 * 1252 * This function is to generate scanning notifycations. It is called whenever 1253 * there may have been a change in scanning (scan started, completed, stopped). 1254 * wpas_notify_scanning() is called whenever the scanning state changed from the 1255 * previously notified state. 1256 */ 1257 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1258 int scanning) 1259 { 1260 if (wpa_s->scanning != scanning) { 1261 wpa_s->scanning = scanning; 1262 wpas_notify_scanning(wpa_s); 1263 } 1264 } 1265 1266 1267 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1268 { 1269 int rate = 0; 1270 const u8 *ie; 1271 int i; 1272 1273 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1274 for (i = 0; ie && i < ie[1]; i++) { 1275 if ((ie[i + 2] & 0x7f) > rate) 1276 rate = ie[i + 2] & 0x7f; 1277 } 1278 1279 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1280 for (i = 0; ie && i < ie[1]; i++) { 1281 if ((ie[i + 2] & 0x7f) > rate) 1282 rate = ie[i + 2] & 0x7f; 1283 } 1284 1285 return rate; 1286 } 1287 1288 1289 /** 1290 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1291 * @res: Scan result entry 1292 * @ie: Information element identitifier (WLAN_EID_*) 1293 * Returns: Pointer to the information element (id field) or %NULL if not found 1294 * 1295 * This function returns the first matching information element in the scan 1296 * result. 1297 */ 1298 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1299 { 1300 const u8 *end, *pos; 1301 1302 pos = (const u8 *) (res + 1); 1303 end = pos + res->ie_len; 1304 1305 while (pos + 1 < end) { 1306 if (pos + 2 + pos[1] > end) 1307 break; 1308 if (pos[0] == ie) 1309 return pos; 1310 pos += 2 + pos[1]; 1311 } 1312 1313 return NULL; 1314 } 1315 1316 1317 /** 1318 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1319 * @res: Scan result entry 1320 * @vendor_type: Vendor type (four octets starting the IE payload) 1321 * Returns: Pointer to the information element (id field) or %NULL if not found 1322 * 1323 * This function returns the first matching information element in the scan 1324 * result. 1325 */ 1326 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1327 u32 vendor_type) 1328 { 1329 const u8 *end, *pos; 1330 1331 pos = (const u8 *) (res + 1); 1332 end = pos + res->ie_len; 1333 1334 while (pos + 1 < end) { 1335 if (pos + 2 + pos[1] > end) 1336 break; 1337 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1338 vendor_type == WPA_GET_BE32(&pos[2])) 1339 return pos; 1340 pos += 2 + pos[1]; 1341 } 1342 1343 return NULL; 1344 } 1345 1346 1347 /** 1348 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1349 * @res: Scan result entry 1350 * @vendor_type: Vendor type (four octets starting the IE payload) 1351 * Returns: Pointer to the information element payload or %NULL if not found 1352 * 1353 * This function returns concatenated payload of possibly fragmented vendor 1354 * specific information elements in the scan result. The caller is responsible 1355 * for freeing the returned buffer. 1356 */ 1357 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1358 u32 vendor_type) 1359 { 1360 struct wpabuf *buf; 1361 const u8 *end, *pos; 1362 1363 buf = wpabuf_alloc(res->ie_len); 1364 if (buf == NULL) 1365 return NULL; 1366 1367 pos = (const u8 *) (res + 1); 1368 end = pos + res->ie_len; 1369 1370 while (pos + 1 < end) { 1371 if (pos + 2 + pos[1] > end) 1372 break; 1373 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1374 vendor_type == WPA_GET_BE32(&pos[2])) 1375 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1376 pos += 2 + pos[1]; 1377 } 1378 1379 if (wpabuf_len(buf) == 0) { 1380 wpabuf_free(buf); 1381 buf = NULL; 1382 } 1383 1384 return buf; 1385 } 1386 1387 1388 /* 1389 * Channels with a great SNR can operate at full rate. What is a great SNR? 1390 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1391 * rule of thumb is that any SNR above 20 is good." This one 1392 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1393 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1394 * conservative value. 1395 */ 1396 #define GREAT_SNR 30 1397 1398 /* Compare function for sorting scan results. Return >0 if @b is considered 1399 * better. */ 1400 static int wpa_scan_result_compar(const void *a, const void *b) 1401 { 1402 #define IS_5GHZ(n) (n > 4000) 1403 #define MIN(a,b) a < b ? a : b 1404 struct wpa_scan_res **_wa = (void *) a; 1405 struct wpa_scan_res **_wb = (void *) b; 1406 struct wpa_scan_res *wa = *_wa; 1407 struct wpa_scan_res *wb = *_wb; 1408 int wpa_a, wpa_b, maxrate_a, maxrate_b; 1409 int snr_a, snr_b; 1410 1411 /* WPA/WPA2 support preferred */ 1412 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1413 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1414 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1415 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1416 1417 if (wpa_b && !wpa_a) 1418 return 1; 1419 if (!wpa_b && wpa_a) 1420 return -1; 1421 1422 /* privacy support preferred */ 1423 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1424 (wb->caps & IEEE80211_CAP_PRIVACY)) 1425 return 1; 1426 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1427 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1428 return -1; 1429 1430 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && 1431 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { 1432 snr_a = MIN(wa->level - wa->noise, GREAT_SNR); 1433 snr_b = MIN(wb->level - wb->noise, GREAT_SNR); 1434 } else { 1435 /* Not suitable information to calculate SNR, so use level */ 1436 snr_a = wa->level; 1437 snr_b = wb->level; 1438 } 1439 1440 /* best/max rate preferred if SNR close enough */ 1441 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1442 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1443 maxrate_a = wpa_scan_get_max_rate(wa); 1444 maxrate_b = wpa_scan_get_max_rate(wb); 1445 if (maxrate_a != maxrate_b) 1446 return maxrate_b - maxrate_a; 1447 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1448 return IS_5GHZ(wa->freq) ? -1 : 1; 1449 } 1450 1451 /* use freq for channel preference */ 1452 1453 /* all things being equal, use SNR; if SNRs are 1454 * identical, use quality values since some drivers may only report 1455 * that value and leave the signal level zero */ 1456 if (snr_b == snr_a) 1457 return wb->qual - wa->qual; 1458 return snr_b - snr_a; 1459 #undef MIN 1460 #undef IS_5GHZ 1461 } 1462 1463 1464 #ifdef CONFIG_WPS 1465 /* Compare function for sorting scan results when searching a WPS AP for 1466 * provisioning. Return >0 if @b is considered better. */ 1467 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1468 { 1469 struct wpa_scan_res **_wa = (void *) a; 1470 struct wpa_scan_res **_wb = (void *) b; 1471 struct wpa_scan_res *wa = *_wa; 1472 struct wpa_scan_res *wb = *_wb; 1473 int uses_wps_a, uses_wps_b; 1474 struct wpabuf *wps_a, *wps_b; 1475 int res; 1476 1477 /* Optimization - check WPS IE existence before allocated memory and 1478 * doing full reassembly. */ 1479 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1480 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1481 if (uses_wps_a && !uses_wps_b) 1482 return -1; 1483 if (!uses_wps_a && uses_wps_b) 1484 return 1; 1485 1486 if (uses_wps_a && uses_wps_b) { 1487 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1488 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1489 res = wps_ap_priority_compar(wps_a, wps_b); 1490 wpabuf_free(wps_a); 1491 wpabuf_free(wps_b); 1492 if (res) 1493 return res; 1494 } 1495 1496 /* 1497 * Do not use current AP security policy as a sorting criteria during 1498 * WPS provisioning step since the AP may get reconfigured at the 1499 * completion of provisioning. 1500 */ 1501 1502 /* all things being equal, use signal level; if signal levels are 1503 * identical, use quality values since some drivers may only report 1504 * that value and leave the signal level zero */ 1505 if (wb->level == wa->level) 1506 return wb->qual - wa->qual; 1507 return wb->level - wa->level; 1508 } 1509 #endif /* CONFIG_WPS */ 1510 1511 1512 static void dump_scan_res(struct wpa_scan_results *scan_res) 1513 { 1514 #ifndef CONFIG_NO_STDOUT_DEBUG 1515 size_t i; 1516 1517 if (scan_res->res == NULL || scan_res->num == 0) 1518 return; 1519 1520 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1521 1522 for (i = 0; i < scan_res->num; i++) { 1523 struct wpa_scan_res *r = scan_res->res[i]; 1524 u8 *pos; 1525 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID)) 1526 == WPA_SCAN_LEVEL_DBM) { 1527 int snr = r->level - r->noise; 1528 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1529 "noise=%d level=%d snr=%d%s flags=0x%x " 1530 "age=%u", 1531 MAC2STR(r->bssid), r->freq, r->qual, 1532 r->noise, r->level, snr, 1533 snr >= GREAT_SNR ? "*" : "", r->flags, 1534 r->age); 1535 } else { 1536 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1537 "noise=%d level=%d flags=0x%x age=%u", 1538 MAC2STR(r->bssid), r->freq, r->qual, 1539 r->noise, r->level, r->flags, r->age); 1540 } 1541 pos = (u8 *) (r + 1); 1542 if (r->ie_len) 1543 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1544 pos += r->ie_len; 1545 if (r->beacon_ie_len) 1546 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1547 pos, r->beacon_ie_len); 1548 } 1549 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1550 } 1551 1552 1553 /** 1554 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1555 * @wpa_s: Pointer to wpa_supplicant data 1556 * @bssid: BSSID to check 1557 * Returns: 0 if the BSSID is filtered or 1 if not 1558 * 1559 * This function is used to filter out specific BSSIDs from scan reslts mainly 1560 * for testing purposes (SET bssid_filter ctrl_iface command). 1561 */ 1562 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1563 const u8 *bssid) 1564 { 1565 size_t i; 1566 1567 if (wpa_s->bssid_filter == NULL) 1568 return 1; 1569 1570 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1571 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1572 ETH_ALEN) == 0) 1573 return 1; 1574 } 1575 1576 return 0; 1577 } 1578 1579 1580 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1581 struct wpa_scan_results *res) 1582 { 1583 size_t i, j; 1584 1585 if (wpa_s->bssid_filter == NULL) 1586 return; 1587 1588 for (i = 0, j = 0; i < res->num; i++) { 1589 if (wpa_supplicant_filter_bssid_match(wpa_s, 1590 res->res[i]->bssid)) { 1591 res->res[j++] = res->res[i]; 1592 } else { 1593 os_free(res->res[i]); 1594 res->res[i] = NULL; 1595 } 1596 } 1597 1598 if (res->num != j) { 1599 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1600 (int) (res->num - j)); 1601 res->num = j; 1602 } 1603 } 1604 1605 1606 /** 1607 * wpa_supplicant_get_scan_results - Get scan results 1608 * @wpa_s: Pointer to wpa_supplicant data 1609 * @info: Information about what was scanned or %NULL if not available 1610 * @new_scan: Whether a new scan was performed 1611 * Returns: Scan results, %NULL on failure 1612 * 1613 * This function request the current scan results from the driver and updates 1614 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 1615 * results with wpa_scan_results_free(). 1616 */ 1617 struct wpa_scan_results * 1618 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 1619 struct scan_info *info, int new_scan) 1620 { 1621 struct wpa_scan_results *scan_res; 1622 size_t i; 1623 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 1624 1625 scan_res = wpa_drv_get_scan_results2(wpa_s); 1626 if (scan_res == NULL) { 1627 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 1628 return NULL; 1629 } 1630 if (scan_res->fetch_time.sec == 0) { 1631 /* 1632 * Make sure we have a valid timestamp if the driver wrapper 1633 * does not set this. 1634 */ 1635 os_get_time(&scan_res->fetch_time); 1636 } 1637 filter_scan_res(wpa_s, scan_res); 1638 1639 #ifdef CONFIG_WPS 1640 if (wpas_wps_in_progress(wpa_s)) { 1641 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 1642 "provisioning rules"); 1643 compar = wpa_scan_result_wps_compar; 1644 } 1645 #endif /* CONFIG_WPS */ 1646 1647 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 1648 compar); 1649 dump_scan_res(scan_res); 1650 1651 wpa_bss_update_start(wpa_s); 1652 for (i = 0; i < scan_res->num; i++) 1653 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 1654 &scan_res->fetch_time); 1655 wpa_bss_update_end(wpa_s, info, new_scan); 1656 1657 return scan_res; 1658 } 1659 1660 1661 /** 1662 * wpa_supplicant_update_scan_results - Update scan results from the driver 1663 * @wpa_s: Pointer to wpa_supplicant data 1664 * Returns: 0 on success, -1 on failure 1665 * 1666 * This function updates the BSS table within wpa_supplicant based on the 1667 * currently available scan results from the driver without requesting a new 1668 * scan. This is used in cases where the driver indicates an association 1669 * (including roaming within ESS) and wpa_supplicant does not yet have the 1670 * needed information to complete the connection (e.g., to perform validation 1671 * steps in 4-way handshake). 1672 */ 1673 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 1674 { 1675 struct wpa_scan_results *scan_res; 1676 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 1677 if (scan_res == NULL) 1678 return -1; 1679 wpa_scan_results_free(scan_res); 1680 1681 return 0; 1682 } 1683 1684 1685 /** 1686 * scan_only_handler - Reports scan results 1687 */ 1688 void scan_only_handler(struct wpa_supplicant *wpa_s, 1689 struct wpa_scan_results *scan_res) 1690 { 1691 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 1692 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1693 wpas_notify_scan_results(wpa_s); 1694 wpas_notify_scan_done(wpa_s, 1); 1695 } 1696 1697 1698 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 1699 { 1700 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 1701 } 1702
