1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 26 27 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 28 { 29 struct wpa_ssid *ssid; 30 union wpa_event_data data; 31 32 ssid = wpa_supplicant_get_ssid(wpa_s); 33 if (ssid == NULL) 34 return; 35 36 if (wpa_s->current_ssid == NULL) { 37 wpa_s->current_ssid = ssid; 38 if (wpa_s->current_ssid != NULL) 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (!ssid->eap.phase1) 63 continue; 64 65 if (os_strstr(ssid->eap.phase1, "pbc=1")) 66 return 2; 67 } 68 69 #ifdef CONFIG_P2P 70 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 71 !wpa_s->conf->p2p_disabled) { 72 wpa_s->wps->dev.p2p = 1; 73 if (!wps) { 74 wps = 1; 75 *req_type = WPS_REQ_ENROLLEE_INFO; 76 } 77 } 78 #endif /* CONFIG_P2P */ 79 80 return wps; 81 } 82 #endif /* CONFIG_WPS */ 83 84 85 /** 86 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 87 * @wpa_s: Pointer to wpa_supplicant data 88 * Returns: 0 if no networks are enabled, >0 if networks are enabled 89 * 90 * This function is used to figure out whether any networks (or Interworking 91 * with enabled credentials and auto_interworking) are present in the current 92 * configuration. 93 */ 94 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 95 { 96 struct wpa_ssid *ssid = wpa_s->conf->ssid; 97 int count = 0, disabled = 0; 98 while (ssid) { 99 if (!wpas_network_disabled(wpa_s, ssid)) 100 count++; 101 else 102 disabled++; 103 ssid = ssid->next; 104 } 105 if (wpa_s->conf->cred && wpa_s->conf->interworking && 106 wpa_s->conf->auto_interworking) 107 count++; 108 if (count == 0 && disabled > 0) { 109 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 110 "networks)", disabled); 111 } 112 return count; 113 } 114 115 116 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 117 struct wpa_ssid *ssid) 118 { 119 while (ssid) { 120 if (!wpas_network_disabled(wpa_s, ssid)) 121 break; 122 ssid = ssid->next; 123 } 124 125 /* ap_scan=2 mode - try to associate with each SSID. */ 126 if (ssid == NULL) { 127 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 128 "end of scan list - go back to beginning"); 129 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 130 wpa_supplicant_req_scan(wpa_s, 0, 0); 131 return; 132 } 133 if (ssid->next) { 134 /* Continue from the next SSID on the next attempt. */ 135 wpa_s->prev_scan_ssid = ssid; 136 } else { 137 /* Start from the beginning of the SSID list. */ 138 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 139 } 140 wpa_supplicant_associate(wpa_s, NULL, ssid); 141 } 142 143 144 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 145 { 146 struct wpa_supplicant *wpa_s = work->wpa_s; 147 struct wpa_driver_scan_params *params = work->ctx; 148 int ret; 149 150 if (deinit) { 151 if (!work->started) { 152 wpa_scan_free_params(params); 153 return; 154 } 155 wpa_supplicant_notify_scanning(wpa_s, 0); 156 wpas_notify_scan_done(wpa_s, 0); 157 wpa_s->scan_work = NULL; 158 return; 159 } 160 161 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 162 wpa_msg(wpa_s, MSG_INFO, 163 "Failed to assign random MAC address for a scan"); 164 radio_work_done(work); 165 return; 166 } 167 168 wpa_supplicant_notify_scanning(wpa_s, 1); 169 170 if (wpa_s->clear_driver_scan_cache) 171 params->only_new_results = 1; 172 ret = wpa_drv_scan(wpa_s, params); 173 wpa_scan_free_params(params); 174 work->ctx = NULL; 175 if (ret) { 176 wpa_supplicant_notify_scanning(wpa_s, 0); 177 wpas_notify_scan_done(wpa_s, 0); 178 radio_work_done(work); 179 return; 180 } 181 182 os_get_reltime(&wpa_s->scan_trigger_time); 183 wpa_s->scan_runs++; 184 wpa_s->normal_scans++; 185 wpa_s->own_scan_requested = 1; 186 wpa_s->clear_driver_scan_cache = 0; 187 wpa_s->scan_work = work; 188 } 189 190 191 /** 192 * wpa_supplicant_trigger_scan - Request driver to start a scan 193 * @wpa_s: Pointer to wpa_supplicant data 194 * @params: Scan parameters 195 * Returns: 0 on success, -1 on failure 196 */ 197 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 198 struct wpa_driver_scan_params *params) 199 { 200 struct wpa_driver_scan_params *ctx; 201 202 if (wpa_s->scan_work) { 203 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 204 return -1; 205 } 206 207 ctx = wpa_scan_clone_params(params); 208 if (ctx == NULL) 209 return -1; 210 211 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 212 { 213 wpa_scan_free_params(ctx); 214 return -1; 215 } 216 217 return 0; 218 } 219 220 221 static void 222 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 223 { 224 struct wpa_supplicant *wpa_s = eloop_ctx; 225 226 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 227 228 if (wpa_supplicant_req_sched_scan(wpa_s)) 229 wpa_supplicant_req_scan(wpa_s, 0, 0); 230 } 231 232 233 static void 234 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 235 { 236 struct wpa_supplicant *wpa_s = eloop_ctx; 237 238 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 239 240 wpa_s->sched_scan_timed_out = 1; 241 wpa_supplicant_cancel_sched_scan(wpa_s); 242 } 243 244 245 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 246 struct wpa_driver_scan_params *params, 247 int interval) 248 { 249 int ret; 250 251 wpa_supplicant_notify_scanning(wpa_s, 1); 252 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 253 if (ret) 254 wpa_supplicant_notify_scanning(wpa_s, 0); 255 else 256 wpa_s->sched_scanning = 1; 257 258 return ret; 259 } 260 261 262 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 263 { 264 int ret; 265 266 ret = wpa_drv_stop_sched_scan(wpa_s); 267 if (ret) { 268 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 269 /* TODO: what to do if stopping fails? */ 270 return -1; 271 } 272 273 return ret; 274 } 275 276 277 static struct wpa_driver_scan_filter * 278 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 279 { 280 struct wpa_driver_scan_filter *ssids; 281 struct wpa_ssid *ssid; 282 size_t count; 283 284 *num_ssids = 0; 285 if (!conf->filter_ssids) 286 return NULL; 287 288 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 289 if (ssid->ssid && ssid->ssid_len) 290 count++; 291 } 292 if (count == 0) 293 return NULL; 294 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter)); 295 if (ssids == NULL) 296 return NULL; 297 298 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 299 if (!ssid->ssid || !ssid->ssid_len) 300 continue; 301 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 302 ssids[*num_ssids].ssid_len = ssid->ssid_len; 303 (*num_ssids)++; 304 } 305 306 return ssids; 307 } 308 309 310 static void wpa_supplicant_optimize_freqs( 311 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 312 { 313 #ifdef CONFIG_P2P 314 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 315 wpa_s->go_params) { 316 /* Optimize provisioning state scan based on GO information */ 317 if (wpa_s->p2p_in_provisioning < 5 && 318 wpa_s->go_params->freq > 0) { 319 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 320 "preferred frequency %d MHz", 321 wpa_s->go_params->freq); 322 params->freqs = os_zalloc(2 * sizeof(int)); 323 if (params->freqs) 324 params->freqs[0] = wpa_s->go_params->freq; 325 } else if (wpa_s->p2p_in_provisioning < 8 && 326 wpa_s->go_params->freq_list[0]) { 327 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 328 "channels"); 329 int_array_concat(¶ms->freqs, 330 wpa_s->go_params->freq_list); 331 if (params->freqs) 332 int_array_sort_unique(params->freqs); 333 } 334 wpa_s->p2p_in_provisioning++; 335 } 336 337 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 338 /* 339 * Optimize scan based on GO information during persistent 340 * group reinvocation 341 */ 342 if (wpa_s->p2p_in_invitation < 5 && 343 wpa_s->p2p_invite_go_freq > 0) { 344 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 345 wpa_s->p2p_invite_go_freq); 346 params->freqs = os_zalloc(2 * sizeof(int)); 347 if (params->freqs) 348 params->freqs[0] = wpa_s->p2p_invite_go_freq; 349 } 350 wpa_s->p2p_in_invitation++; 351 if (wpa_s->p2p_in_invitation > 20) { 352 /* 353 * This should not really happen since the variable is 354 * cleared on group removal, but if it does happen, make 355 * sure we do not get stuck in special invitation scan 356 * mode. 357 */ 358 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 359 wpa_s->p2p_in_invitation = 0; 360 } 361 } 362 #endif /* CONFIG_P2P */ 363 364 #ifdef CONFIG_WPS 365 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 366 /* 367 * Optimize post-provisioning scan based on channel used 368 * during provisioning. 369 */ 370 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 371 "that was used during provisioning", wpa_s->wps_freq); 372 params->freqs = os_zalloc(2 * sizeof(int)); 373 if (params->freqs) 374 params->freqs[0] = wpa_s->wps_freq; 375 wpa_s->after_wps--; 376 } else if (wpa_s->after_wps) 377 wpa_s->after_wps--; 378 379 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 380 { 381 /* Optimize provisioning scan based on already known channel */ 382 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 383 wpa_s->wps_freq); 384 params->freqs = os_zalloc(2 * sizeof(int)); 385 if (params->freqs) 386 params->freqs[0] = wpa_s->wps_freq; 387 wpa_s->known_wps_freq = 0; /* only do this once */ 388 } 389 #endif /* CONFIG_WPS */ 390 } 391 392 393 #ifdef CONFIG_INTERWORKING 394 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 395 struct wpabuf *buf) 396 { 397 if (wpa_s->conf->interworking == 0) 398 return; 399 400 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 401 wpabuf_put_u8(buf, 6); 402 wpabuf_put_u8(buf, 0x00); 403 wpabuf_put_u8(buf, 0x00); 404 wpabuf_put_u8(buf, 0x00); 405 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 406 wpabuf_put_u8(buf, 0x00); 407 #ifdef CONFIG_HS20 408 wpabuf_put_u8(buf, 0x40); /* Bit 46 - WNM-Notification */ 409 #else /* CONFIG_HS20 */ 410 wpabuf_put_u8(buf, 0x00); 411 #endif /* CONFIG_HS20 */ 412 413 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 414 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 415 1 + ETH_ALEN); 416 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 417 /* No Venue Info */ 418 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 419 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 420 } 421 #endif /* CONFIG_INTERWORKING */ 422 423 424 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 425 { 426 struct wpabuf *extra_ie = NULL; 427 #ifdef CONFIG_WPS 428 int wps = 0; 429 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 430 #endif /* CONFIG_WPS */ 431 432 #ifdef CONFIG_INTERWORKING 433 if (wpa_s->conf->interworking && 434 wpabuf_resize(&extra_ie, 100) == 0) 435 wpas_add_interworking_elements(wpa_s, extra_ie); 436 #endif /* CONFIG_INTERWORKING */ 437 438 #ifdef CONFIG_WPS 439 wps = wpas_wps_in_use(wpa_s, &req_type); 440 441 if (wps) { 442 struct wpabuf *wps_ie; 443 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 444 DEV_PW_DEFAULT, 445 &wpa_s->wps->dev, 446 wpa_s->wps->uuid, req_type, 447 0, NULL); 448 if (wps_ie) { 449 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 450 wpabuf_put_buf(extra_ie, wps_ie); 451 wpabuf_free(wps_ie); 452 } 453 } 454 455 #ifdef CONFIG_P2P 456 if (wps) { 457 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 458 if (wpabuf_resize(&extra_ie, ielen) == 0) 459 wpas_p2p_scan_ie(wpa_s, extra_ie); 460 } 461 #endif /* CONFIG_P2P */ 462 463 #endif /* CONFIG_WPS */ 464 465 #ifdef CONFIG_HS20 466 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 467 wpas_hs20_add_indication(extra_ie, -1); 468 #endif /* CONFIG_HS20 */ 469 470 return extra_ie; 471 } 472 473 474 #ifdef CONFIG_P2P 475 476 /* 477 * Check whether there are any enabled networks or credentials that could be 478 * used for a non-P2P connection. 479 */ 480 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 481 { 482 struct wpa_ssid *ssid; 483 484 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 485 if (wpas_network_disabled(wpa_s, ssid)) 486 continue; 487 if (!ssid->p2p_group) 488 return 1; 489 } 490 491 if (wpa_s->conf->cred && wpa_s->conf->interworking && 492 wpa_s->conf->auto_interworking) 493 return 1; 494 495 return 0; 496 } 497 498 #endif /* CONFIG_P2P */ 499 500 501 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 502 u16 num_modes, 503 enum hostapd_hw_mode mode) 504 { 505 u16 i; 506 507 for (i = 0; i < num_modes; i++) { 508 if (modes[i].mode == mode) 509 return &modes[i]; 510 } 511 512 return NULL; 513 } 514 515 516 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 517 enum hostapd_hw_mode band, 518 struct wpa_driver_scan_params *params) 519 { 520 /* Include only supported channels for the specified band */ 521 struct hostapd_hw_modes *mode; 522 int count, i; 523 524 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 525 if (mode == NULL) { 526 /* No channels supported in this band - use empty list */ 527 params->freqs = os_zalloc(sizeof(int)); 528 return; 529 } 530 531 params->freqs = os_zalloc((mode->num_channels + 1) * sizeof(int)); 532 if (params->freqs == NULL) 533 return; 534 for (count = 0, i = 0; i < mode->num_channels; i++) { 535 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 536 continue; 537 params->freqs[count++] = mode->channels[i].freq; 538 } 539 } 540 541 542 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 543 struct wpa_driver_scan_params *params) 544 { 545 if (wpa_s->hw.modes == NULL) 546 return; /* unknown what channels the driver supports */ 547 if (params->freqs) 548 return; /* already using a limited channel set */ 549 if (wpa_s->setband == WPA_SETBAND_5G) 550 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 551 params); 552 else if (wpa_s->setband == WPA_SETBAND_2G) 553 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 554 params); 555 } 556 557 558 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 559 struct wpa_driver_scan_params *params, 560 size_t max_ssids) 561 { 562 unsigned int i; 563 struct wpa_ssid *ssid; 564 565 for (i = 0; i < wpa_s->scan_id_count; i++) { 566 unsigned int j; 567 568 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 569 if (!ssid || !ssid->scan_ssid) 570 continue; 571 572 for (j = 0; j < params->num_ssids; j++) { 573 if (params->ssids[j].ssid_len == ssid->ssid_len && 574 params->ssids[j].ssid && 575 os_memcmp(params->ssids[j].ssid, ssid->ssid, 576 ssid->ssid_len) == 0) 577 break; 578 } 579 if (j < params->num_ssids) 580 continue; /* already in the list */ 581 582 if (params->num_ssids + 1 > max_ssids) { 583 wpa_printf(MSG_DEBUG, 584 "Over max scan SSIDs for manual request"); 585 break; 586 } 587 588 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 589 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 590 params->ssids[params->num_ssids].ssid = ssid->ssid; 591 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 592 params->num_ssids++; 593 } 594 595 wpa_s->scan_id_count = 0; 596 } 597 598 599 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 600 { 601 struct wpa_supplicant *wpa_s = eloop_ctx; 602 struct wpa_ssid *ssid; 603 int ret; 604 struct wpabuf *extra_ie = NULL; 605 struct wpa_driver_scan_params params; 606 struct wpa_driver_scan_params *scan_params; 607 size_t max_ssids; 608 enum wpa_states prev_state; 609 610 if (wpa_s->pno || wpa_s->pno_sched_pending) { 611 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 612 return; 613 } 614 615 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 616 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 617 return; 618 } 619 620 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 621 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 622 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 623 return; 624 } 625 626 if (wpa_s->scanning) { 627 /* 628 * If we are already in scanning state, we shall reschedule the 629 * the incoming scan request. 630 */ 631 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 632 wpa_supplicant_req_scan(wpa_s, 1, 0); 633 return; 634 } 635 636 if (!wpa_supplicant_enabled_networks(wpa_s) && 637 wpa_s->scan_req == NORMAL_SCAN_REQ) { 638 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 639 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 640 return; 641 } 642 643 if (wpa_s->conf->ap_scan != 0 && 644 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 645 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 646 "overriding ap_scan configuration"); 647 wpa_s->conf->ap_scan = 0; 648 wpas_notify_ap_scan_changed(wpa_s); 649 } 650 651 if (wpa_s->conf->ap_scan == 0) { 652 wpa_supplicant_gen_assoc_event(wpa_s); 653 return; 654 } 655 656 if (wpas_p2p_in_progress(wpa_s)) { 657 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 658 wpa_supplicant_req_scan(wpa_s, 5, 0); 659 return; 660 } 661 662 if (wpa_s->conf->ap_scan == 2) 663 max_ssids = 1; 664 else { 665 max_ssids = wpa_s->max_scan_ssids; 666 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 667 max_ssids = WPAS_MAX_SCAN_SSIDS; 668 } 669 670 wpa_s->last_scan_req = wpa_s->scan_req; 671 wpa_s->scan_req = NORMAL_SCAN_REQ; 672 673 os_memset(¶ms, 0, sizeof(params)); 674 675 prev_state = wpa_s->wpa_state; 676 if (wpa_s->wpa_state == WPA_DISCONNECTED || 677 wpa_s->wpa_state == WPA_INACTIVE) 678 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 679 680 /* 681 * If autoscan has set its own scanning parameters 682 */ 683 if (wpa_s->autoscan_params != NULL) { 684 scan_params = wpa_s->autoscan_params; 685 goto scan; 686 } 687 688 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 689 wpa_s->connect_without_scan) { 690 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 691 if (ssid == wpa_s->connect_without_scan) 692 break; 693 } 694 wpa_s->connect_without_scan = NULL; 695 if (ssid) { 696 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 697 "without scan step"); 698 wpa_supplicant_associate(wpa_s, NULL, ssid); 699 return; 700 } 701 } 702 703 #ifdef CONFIG_P2P 704 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 705 wpa_s->go_params) { 706 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 707 wpa_s->p2p_in_provisioning, 708 wpa_s->show_group_started); 709 params.ssids[0].ssid = wpa_s->go_params->ssid; 710 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 711 params.num_ssids = 1; 712 goto ssid_list_set; 713 } 714 715 if (wpa_s->p2p_in_invitation) { 716 if (wpa_s->current_ssid) { 717 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 718 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 719 params.ssids[0].ssid_len = 720 wpa_s->current_ssid->ssid_len; 721 params.num_ssids = 1; 722 } else { 723 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 724 } 725 goto ssid_list_set; 726 } 727 #endif /* CONFIG_P2P */ 728 729 /* Find the starting point from which to continue scanning */ 730 ssid = wpa_s->conf->ssid; 731 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 732 while (ssid) { 733 if (ssid == wpa_s->prev_scan_ssid) { 734 ssid = ssid->next; 735 break; 736 } 737 ssid = ssid->next; 738 } 739 } 740 741 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 742 wpa_s->conf->ap_scan == 2) { 743 wpa_s->connect_without_scan = NULL; 744 wpa_s->prev_scan_wildcard = 0; 745 wpa_supplicant_assoc_try(wpa_s, ssid); 746 return; 747 } else if (wpa_s->conf->ap_scan == 2) { 748 /* 749 * User-initiated scan request in ap_scan == 2; scan with 750 * wildcard SSID. 751 */ 752 ssid = NULL; 753 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 754 /* 755 * Perform single-channel single-SSID scan for 756 * reassociate-to-same-BSS operation. 757 */ 758 /* Setup SSID */ 759 ssid = wpa_s->current_ssid; 760 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 761 ssid->ssid, ssid->ssid_len); 762 params.ssids[0].ssid = ssid->ssid; 763 params.ssids[0].ssid_len = ssid->ssid_len; 764 params.num_ssids = 1; 765 766 /* 767 * Allocate memory for frequency array, allocate one extra 768 * slot for the zero-terminator. 769 */ 770 params.freqs = os_malloc(sizeof(int) * 2); 771 if (params.freqs == NULL) { 772 wpa_dbg(wpa_s, MSG_ERROR, "Memory allocation failed"); 773 return; 774 } 775 params.freqs[0] = wpa_s->assoc_freq; 776 params.freqs[1] = 0; 777 778 /* 779 * Reset the reattach flag so that we fall back to full scan if 780 * this scan fails. 781 */ 782 wpa_s->reattach = 0; 783 } else { 784 struct wpa_ssid *start = ssid, *tssid; 785 int freqs_set = 0; 786 if (ssid == NULL && max_ssids > 1) 787 ssid = wpa_s->conf->ssid; 788 while (ssid) { 789 if (!wpas_network_disabled(wpa_s, ssid) && 790 ssid->scan_ssid) { 791 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 792 ssid->ssid, ssid->ssid_len); 793 params.ssids[params.num_ssids].ssid = 794 ssid->ssid; 795 params.ssids[params.num_ssids].ssid_len = 796 ssid->ssid_len; 797 params.num_ssids++; 798 if (params.num_ssids + 1 >= max_ssids) 799 break; 800 } 801 ssid = ssid->next; 802 if (ssid == start) 803 break; 804 if (ssid == NULL && max_ssids > 1 && 805 start != wpa_s->conf->ssid) 806 ssid = wpa_s->conf->ssid; 807 } 808 809 if (wpa_s->scan_id_count && 810 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 811 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 812 813 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) { 814 if (wpas_network_disabled(wpa_s, tssid)) 815 continue; 816 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 817 int_array_concat(¶ms.freqs, 818 tssid->scan_freq); 819 } else { 820 os_free(params.freqs); 821 params.freqs = NULL; 822 } 823 freqs_set = 1; 824 } 825 int_array_sort_unique(params.freqs); 826 } 827 828 if (ssid && max_ssids == 1) { 829 /* 830 * If the driver is limited to 1 SSID at a time interleave 831 * wildcard SSID scans with specific SSID scans to avoid 832 * waiting a long time for a wildcard scan. 833 */ 834 if (!wpa_s->prev_scan_wildcard) { 835 params.ssids[0].ssid = NULL; 836 params.ssids[0].ssid_len = 0; 837 wpa_s->prev_scan_wildcard = 1; 838 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 839 "wildcard SSID (Interleave with specific)"); 840 } else { 841 wpa_s->prev_scan_ssid = ssid; 842 wpa_s->prev_scan_wildcard = 0; 843 wpa_dbg(wpa_s, MSG_DEBUG, 844 "Starting AP scan for specific SSID: %s", 845 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 846 } 847 } else if (ssid) { 848 /* max_ssids > 1 */ 849 850 wpa_s->prev_scan_ssid = ssid; 851 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 852 "the scan request"); 853 params.num_ssids++; 854 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 855 wpa_s->manual_scan_passive && params.num_ssids == 0) { 856 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 857 } else { 858 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 859 params.num_ssids++; 860 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 861 "SSID"); 862 } 863 #ifdef CONFIG_P2P 864 ssid_list_set: 865 #endif /* CONFIG_P2P */ 866 867 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 868 extra_ie = wpa_supplicant_extra_ies(wpa_s); 869 870 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 871 wpa_s->manual_scan_only_new) 872 params.only_new_results = 1; 873 874 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 875 wpa_s->manual_scan_freqs) { 876 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 877 params.freqs = wpa_s->manual_scan_freqs; 878 wpa_s->manual_scan_freqs = NULL; 879 } 880 881 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 882 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 883 "generated frequency list"); 884 params.freqs = wpa_s->next_scan_freqs; 885 } else 886 os_free(wpa_s->next_scan_freqs); 887 wpa_s->next_scan_freqs = NULL; 888 wpa_setband_scan_freqs(wpa_s, ¶ms); 889 890 /* See if user specified frequencies. If so, scan only those. */ 891 if (wpa_s->conf->freq_list && !params.freqs) { 892 wpa_dbg(wpa_s, MSG_DEBUG, 893 "Optimize scan based on conf->freq_list"); 894 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 895 } 896 897 /* Use current associated channel? */ 898 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 899 unsigned int num = wpa_s->num_multichan_concurrent; 900 901 params.freqs = os_calloc(num + 1, sizeof(int)); 902 if (params.freqs) { 903 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 904 if (num > 0) { 905 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 906 "current operating channels since " 907 "scan_cur_freq is enabled"); 908 } else { 909 os_free(params.freqs); 910 params.freqs = NULL; 911 } 912 } 913 } 914 915 params.filter_ssids = wpa_supplicant_build_filter_ssids( 916 wpa_s->conf, ¶ms.num_filter_ssids); 917 if (extra_ie) { 918 params.extra_ies = wpabuf_head(extra_ie); 919 params.extra_ies_len = wpabuf_len(extra_ie); 920 } 921 922 #ifdef CONFIG_P2P 923 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 924 (wpa_s->show_group_started && wpa_s->go_params)) { 925 /* 926 * The interface may not yet be in P2P mode, so we have to 927 * explicitly request P2P probe to disable CCK rates. 928 */ 929 params.p2p_probe = 1; 930 } 931 #endif /* CONFIG_P2P */ 932 933 scan_params = ¶ms; 934 935 scan: 936 #ifdef CONFIG_P2P 937 /* 938 * If the driver does not support multi-channel concurrency and a 939 * virtual interface that shares the same radio with the wpa_s interface 940 * is operating there may not be need to scan other channels apart from 941 * the current operating channel on the other virtual interface. Filter 942 * out other channels in case we are trying to find a connection for a 943 * station interface when we are not configured to prefer station 944 * connection and a concurrent operation is already in process. 945 */ 946 if (wpa_s->scan_for_connection && 947 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 948 !scan_params->freqs && !params.freqs && 949 wpas_is_p2p_prioritized(wpa_s) && 950 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 951 non_p2p_network_enabled(wpa_s)) { 952 unsigned int num = wpa_s->num_multichan_concurrent; 953 954 params.freqs = os_calloc(num + 1, sizeof(int)); 955 if (params.freqs) { 956 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 957 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 958 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 959 } else { 960 os_free(params.freqs); 961 params.freqs = NULL; 962 } 963 } 964 } 965 #endif /* CONFIG_P2P */ 966 967 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 968 969 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 970 !wpa_s->manual_scan_freqs) { 971 /* Restore manual_scan_freqs for the next attempt */ 972 wpa_s->manual_scan_freqs = params.freqs; 973 params.freqs = NULL; 974 } 975 976 wpabuf_free(extra_ie); 977 os_free(params.freqs); 978 os_free(params.filter_ssids); 979 980 if (ret) { 981 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 982 if (prev_state != wpa_s->wpa_state) 983 wpa_supplicant_set_state(wpa_s, prev_state); 984 /* Restore scan_req since we will try to scan again */ 985 wpa_s->scan_req = wpa_s->last_scan_req; 986 wpa_supplicant_req_scan(wpa_s, 1, 0); 987 } else { 988 wpa_s->scan_for_connection = 0; 989 } 990 } 991 992 993 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 994 { 995 struct os_reltime remaining, new_int; 996 int cancelled; 997 998 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 999 &remaining); 1000 1001 new_int.sec = sec; 1002 new_int.usec = 0; 1003 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1004 new_int.sec = remaining.sec; 1005 new_int.usec = remaining.usec; 1006 } 1007 1008 if (cancelled) { 1009 eloop_register_timeout(new_int.sec, new_int.usec, 1010 wpa_supplicant_scan, wpa_s, NULL); 1011 } 1012 wpa_s->scan_interval = sec; 1013 } 1014 1015 1016 /** 1017 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1018 * @wpa_s: Pointer to wpa_supplicant data 1019 * @sec: Number of seconds after which to scan 1020 * @usec: Number of microseconds after which to scan 1021 * 1022 * This function is used to schedule a scan for neighboring access points after 1023 * the specified time. 1024 */ 1025 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1026 { 1027 int res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1028 NULL); 1029 if (res == 1) { 1030 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1031 sec, usec); 1032 } else if (res == 0) { 1033 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1034 sec, usec); 1035 } else { 1036 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1037 sec, usec); 1038 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1039 } 1040 } 1041 1042 1043 /** 1044 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1045 * @wpa_s: Pointer to wpa_supplicant data 1046 * @sec: Number of seconds after which to scan 1047 * @usec: Number of microseconds after which to scan 1048 * Returns: 0 on success or -1 otherwise 1049 * 1050 * This function is used to schedule periodic scans for neighboring 1051 * access points after the specified time. 1052 */ 1053 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1054 int sec, int usec) 1055 { 1056 if (!wpa_s->sched_scan_supported) 1057 return -1; 1058 1059 eloop_register_timeout(sec, usec, 1060 wpa_supplicant_delayed_sched_scan_timeout, 1061 wpa_s, NULL); 1062 1063 return 0; 1064 } 1065 1066 1067 /** 1068 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1069 * @wpa_s: Pointer to wpa_supplicant data 1070 * Returns: 0 is sched_scan was started or -1 otherwise 1071 * 1072 * This function is used to schedule periodic scans for neighboring 1073 * access points repeating the scan continuously. 1074 */ 1075 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1076 { 1077 struct wpa_driver_scan_params params; 1078 struct wpa_driver_scan_params *scan_params; 1079 enum wpa_states prev_state; 1080 struct wpa_ssid *ssid = NULL; 1081 struct wpabuf *extra_ie = NULL; 1082 int ret; 1083 unsigned int max_sched_scan_ssids; 1084 int wildcard = 0; 1085 int need_ssids; 1086 1087 if (!wpa_s->sched_scan_supported) 1088 return -1; 1089 1090 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1091 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1092 else 1093 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1094 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1095 return -1; 1096 1097 if (wpa_s->sched_scanning) { 1098 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1099 return 0; 1100 } 1101 1102 need_ssids = 0; 1103 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1104 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1105 /* Use wildcard SSID to find this network */ 1106 wildcard = 1; 1107 } else if (!wpas_network_disabled(wpa_s, ssid) && 1108 ssid->ssid_len) 1109 need_ssids++; 1110 1111 #ifdef CONFIG_WPS 1112 if (!wpas_network_disabled(wpa_s, ssid) && 1113 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1114 /* 1115 * Normal scan is more reliable and faster for WPS 1116 * operations and since these are for short periods of 1117 * time, the benefit of trying to use sched_scan would 1118 * be limited. 1119 */ 1120 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1121 "sched_scan for WPS"); 1122 return -1; 1123 } 1124 #endif /* CONFIG_WPS */ 1125 } 1126 if (wildcard) 1127 need_ssids++; 1128 1129 if (wpa_s->normal_scans < 3 && 1130 (need_ssids <= wpa_s->max_scan_ssids || 1131 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1132 /* 1133 * When normal scan can speed up operations, use that for the 1134 * first operations before starting the sched_scan to allow 1135 * user space sleep more. We do this only if the normal scan 1136 * has functionality that is suitable for this or if the 1137 * sched_scan does not have better support for multiple SSIDs. 1138 */ 1139 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1140 "sched_scan for initial scans (normal_scans=%d)", 1141 wpa_s->normal_scans); 1142 return -1; 1143 } 1144 1145 os_memset(¶ms, 0, sizeof(params)); 1146 1147 /* If we can't allocate space for the filters, we just don't filter */ 1148 params.filter_ssids = os_zalloc(wpa_s->max_match_sets * 1149 sizeof(struct wpa_driver_scan_filter)); 1150 1151 prev_state = wpa_s->wpa_state; 1152 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1153 wpa_s->wpa_state == WPA_INACTIVE) 1154 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1155 1156 if (wpa_s->autoscan_params != NULL) { 1157 scan_params = wpa_s->autoscan_params; 1158 goto scan; 1159 } 1160 1161 /* Find the starting point from which to continue scanning */ 1162 ssid = wpa_s->conf->ssid; 1163 if (wpa_s->prev_sched_ssid) { 1164 while (ssid) { 1165 if (ssid == wpa_s->prev_sched_ssid) { 1166 ssid = ssid->next; 1167 break; 1168 } 1169 ssid = ssid->next; 1170 } 1171 } 1172 1173 if (!ssid || !wpa_s->prev_sched_ssid) { 1174 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1175 if (wpa_s->conf->sched_scan_interval) 1176 wpa_s->sched_scan_interval = 1177 wpa_s->conf->sched_scan_interval; 1178 if (wpa_s->sched_scan_interval == 0) 1179 wpa_s->sched_scan_interval = 10; 1180 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1181 wpa_s->first_sched_scan = 1; 1182 ssid = wpa_s->conf->ssid; 1183 wpa_s->prev_sched_ssid = ssid; 1184 } 1185 1186 if (wildcard) { 1187 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1188 params.num_ssids++; 1189 } 1190 1191 while (ssid) { 1192 if (wpas_network_disabled(wpa_s, ssid)) 1193 goto next; 1194 1195 if (params.num_filter_ssids < wpa_s->max_match_sets && 1196 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1197 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1198 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1199 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1200 ssid->ssid, ssid->ssid_len); 1201 params.filter_ssids[params.num_filter_ssids].ssid_len = 1202 ssid->ssid_len; 1203 params.num_filter_ssids++; 1204 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1205 { 1206 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1207 "filter for sched_scan - drop filter"); 1208 os_free(params.filter_ssids); 1209 params.filter_ssids = NULL; 1210 params.num_filter_ssids = 0; 1211 } 1212 1213 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1214 if (params.num_ssids == max_sched_scan_ssids) 1215 break; /* only room for broadcast SSID */ 1216 wpa_dbg(wpa_s, MSG_DEBUG, 1217 "add to active scan ssid: %s", 1218 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1219 params.ssids[params.num_ssids].ssid = 1220 ssid->ssid; 1221 params.ssids[params.num_ssids].ssid_len = 1222 ssid->ssid_len; 1223 params.num_ssids++; 1224 if (params.num_ssids >= max_sched_scan_ssids) { 1225 wpa_s->prev_sched_ssid = ssid; 1226 do { 1227 ssid = ssid->next; 1228 } while (ssid && 1229 (wpas_network_disabled(wpa_s, ssid) || 1230 !ssid->scan_ssid)); 1231 break; 1232 } 1233 } 1234 1235 next: 1236 wpa_s->prev_sched_ssid = ssid; 1237 ssid = ssid->next; 1238 } 1239 1240 if (params.num_filter_ssids == 0) { 1241 os_free(params.filter_ssids); 1242 params.filter_ssids = NULL; 1243 } 1244 1245 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1246 if (extra_ie) { 1247 params.extra_ies = wpabuf_head(extra_ie); 1248 params.extra_ies_len = wpabuf_len(extra_ie); 1249 } 1250 1251 if (wpa_s->conf->filter_rssi) 1252 params.filter_rssi = wpa_s->conf->filter_rssi; 1253 1254 /* See if user specified frequencies. If so, scan only those. */ 1255 if (wpa_s->conf->freq_list && !params.freqs) { 1256 wpa_dbg(wpa_s, MSG_DEBUG, 1257 "Optimize scan based on conf->freq_list"); 1258 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1259 } 1260 1261 scan_params = ¶ms; 1262 1263 scan: 1264 if (ssid || !wpa_s->first_sched_scan) { 1265 wpa_dbg(wpa_s, MSG_DEBUG, 1266 "Starting sched scan: interval %d timeout %d", 1267 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1268 } else { 1269 wpa_dbg(wpa_s, MSG_DEBUG, 1270 "Starting sched scan: interval %d (no timeout)", 1271 wpa_s->sched_scan_interval); 1272 } 1273 1274 wpa_setband_scan_freqs(wpa_s, scan_params); 1275 1276 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1277 wpa_s->sched_scan_interval); 1278 wpabuf_free(extra_ie); 1279 os_free(params.filter_ssids); 1280 if (ret) { 1281 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1282 if (prev_state != wpa_s->wpa_state) 1283 wpa_supplicant_set_state(wpa_s, prev_state); 1284 return ret; 1285 } 1286 1287 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1288 if (ssid || !wpa_s->first_sched_scan) { 1289 wpa_s->sched_scan_timed_out = 0; 1290 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1291 wpa_supplicant_sched_scan_timeout, 1292 wpa_s, NULL); 1293 wpa_s->first_sched_scan = 0; 1294 wpa_s->sched_scan_timeout /= 2; 1295 wpa_s->sched_scan_interval *= 2; 1296 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1297 wpa_s->sched_scan_interval = 10; 1298 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1299 } 1300 } 1301 1302 /* If there is no more ssids, start next time from the beginning */ 1303 if (!ssid) 1304 wpa_s->prev_sched_ssid = NULL; 1305 1306 return 0; 1307 } 1308 1309 1310 /** 1311 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1312 * @wpa_s: Pointer to wpa_supplicant data 1313 * 1314 * This function is used to cancel a scan request scheduled with 1315 * wpa_supplicant_req_scan(). 1316 */ 1317 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1318 { 1319 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1320 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1321 } 1322 1323 1324 /** 1325 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1326 * @wpa_s: Pointer to wpa_supplicant data 1327 * 1328 * This function is used to stop a delayed scheduled scan. 1329 */ 1330 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1331 { 1332 if (!wpa_s->sched_scan_supported) 1333 return; 1334 1335 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1336 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1337 wpa_s, NULL); 1338 } 1339 1340 1341 /** 1342 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1343 * @wpa_s: Pointer to wpa_supplicant data 1344 * 1345 * This function is used to stop a periodic scheduled scan. 1346 */ 1347 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1348 { 1349 if (!wpa_s->sched_scanning) 1350 return; 1351 1352 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1353 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1354 wpa_supplicant_stop_sched_scan(wpa_s); 1355 } 1356 1357 1358 /** 1359 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1360 * @wpa_s: Pointer to wpa_supplicant data 1361 * @scanning: Whether scanning is currently in progress 1362 * 1363 * This function is to generate scanning notifycations. It is called whenever 1364 * there may have been a change in scanning (scan started, completed, stopped). 1365 * wpas_notify_scanning() is called whenever the scanning state changed from the 1366 * previously notified state. 1367 */ 1368 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1369 int scanning) 1370 { 1371 if (wpa_s->scanning != scanning) { 1372 wpa_s->scanning = scanning; 1373 wpas_notify_scanning(wpa_s); 1374 } 1375 } 1376 1377 1378 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1379 { 1380 int rate = 0; 1381 const u8 *ie; 1382 int i; 1383 1384 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1385 for (i = 0; ie && i < ie[1]; i++) { 1386 if ((ie[i + 2] & 0x7f) > rate) 1387 rate = ie[i + 2] & 0x7f; 1388 } 1389 1390 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1391 for (i = 0; ie && i < ie[1]; i++) { 1392 if ((ie[i + 2] & 0x7f) > rate) 1393 rate = ie[i + 2] & 0x7f; 1394 } 1395 1396 return rate; 1397 } 1398 1399 1400 /** 1401 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1402 * @res: Scan result entry 1403 * @ie: Information element identitifier (WLAN_EID_*) 1404 * Returns: Pointer to the information element (id field) or %NULL if not found 1405 * 1406 * This function returns the first matching information element in the scan 1407 * result. 1408 */ 1409 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1410 { 1411 const u8 *end, *pos; 1412 1413 pos = (const u8 *) (res + 1); 1414 end = pos + res->ie_len; 1415 1416 while (pos + 1 < end) { 1417 if (pos + 2 + pos[1] > end) 1418 break; 1419 if (pos[0] == ie) 1420 return pos; 1421 pos += 2 + pos[1]; 1422 } 1423 1424 return NULL; 1425 } 1426 1427 1428 /** 1429 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1430 * @res: Scan result entry 1431 * @vendor_type: Vendor type (four octets starting the IE payload) 1432 * Returns: Pointer to the information element (id field) or %NULL if not found 1433 * 1434 * This function returns the first matching information element in the scan 1435 * result. 1436 */ 1437 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1438 u32 vendor_type) 1439 { 1440 const u8 *end, *pos; 1441 1442 pos = (const u8 *) (res + 1); 1443 end = pos + res->ie_len; 1444 1445 while (pos + 1 < end) { 1446 if (pos + 2 + pos[1] > end) 1447 break; 1448 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1449 vendor_type == WPA_GET_BE32(&pos[2])) 1450 return pos; 1451 pos += 2 + pos[1]; 1452 } 1453 1454 return NULL; 1455 } 1456 1457 1458 /** 1459 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1460 * @res: Scan result entry 1461 * @vendor_type: Vendor type (four octets starting the IE payload) 1462 * Returns: Pointer to the information element (id field) or %NULL if not found 1463 * 1464 * This function returns the first matching information element in the scan 1465 * result. 1466 * 1467 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1468 * from Beacon frames instead of either Beacon or Probe Response frames. 1469 */ 1470 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1471 u32 vendor_type) 1472 { 1473 const u8 *end, *pos; 1474 1475 if (res->beacon_ie_len == 0) 1476 return NULL; 1477 1478 pos = (const u8 *) (res + 1); 1479 pos += res->ie_len; 1480 end = pos + res->beacon_ie_len; 1481 1482 while (pos + 1 < end) { 1483 if (pos + 2 + pos[1] > end) 1484 break; 1485 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1486 vendor_type == WPA_GET_BE32(&pos[2])) 1487 return pos; 1488 pos += 2 + pos[1]; 1489 } 1490 1491 return NULL; 1492 } 1493 1494 1495 /** 1496 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1497 * @res: Scan result entry 1498 * @vendor_type: Vendor type (four octets starting the IE payload) 1499 * Returns: Pointer to the information element payload or %NULL if not found 1500 * 1501 * This function returns concatenated payload of possibly fragmented vendor 1502 * specific information elements in the scan result. The caller is responsible 1503 * for freeing the returned buffer. 1504 */ 1505 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1506 u32 vendor_type) 1507 { 1508 struct wpabuf *buf; 1509 const u8 *end, *pos; 1510 1511 buf = wpabuf_alloc(res->ie_len); 1512 if (buf == NULL) 1513 return NULL; 1514 1515 pos = (const u8 *) (res + 1); 1516 end = pos + res->ie_len; 1517 1518 while (pos + 1 < end) { 1519 if (pos + 2 + pos[1] > end) 1520 break; 1521 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1522 vendor_type == WPA_GET_BE32(&pos[2])) 1523 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1524 pos += 2 + pos[1]; 1525 } 1526 1527 if (wpabuf_len(buf) == 0) { 1528 wpabuf_free(buf); 1529 buf = NULL; 1530 } 1531 1532 return buf; 1533 } 1534 1535 1536 /* 1537 * Channels with a great SNR can operate at full rate. What is a great SNR? 1538 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1539 * rule of thumb is that any SNR above 20 is good." This one 1540 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1541 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1542 * conservative value. 1543 */ 1544 #define GREAT_SNR 30 1545 1546 /* Compare function for sorting scan results. Return >0 if @b is considered 1547 * better. */ 1548 static int wpa_scan_result_compar(const void *a, const void *b) 1549 { 1550 #define IS_5GHZ(n) (n > 4000) 1551 #define MIN(a,b) a < b ? a : b 1552 struct wpa_scan_res **_wa = (void *) a; 1553 struct wpa_scan_res **_wb = (void *) b; 1554 struct wpa_scan_res *wa = *_wa; 1555 struct wpa_scan_res *wb = *_wb; 1556 int wpa_a, wpa_b, maxrate_a, maxrate_b; 1557 int snr_a, snr_b; 1558 1559 /* WPA/WPA2 support preferred */ 1560 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1561 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1562 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1563 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1564 1565 if (wpa_b && !wpa_a) 1566 return 1; 1567 if (!wpa_b && wpa_a) 1568 return -1; 1569 1570 /* privacy support preferred */ 1571 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1572 (wb->caps & IEEE80211_CAP_PRIVACY)) 1573 return 1; 1574 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1575 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1576 return -1; 1577 1578 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && 1579 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { 1580 snr_a = MIN(wa->level - wa->noise, GREAT_SNR); 1581 snr_b = MIN(wb->level - wb->noise, GREAT_SNR); 1582 } else { 1583 /* Not suitable information to calculate SNR, so use level */ 1584 snr_a = wa->level; 1585 snr_b = wb->level; 1586 } 1587 1588 /* best/max rate preferred if SNR close enough */ 1589 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1590 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1591 maxrate_a = wpa_scan_get_max_rate(wa); 1592 maxrate_b = wpa_scan_get_max_rate(wb); 1593 if (maxrate_a != maxrate_b) 1594 return maxrate_b - maxrate_a; 1595 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1596 return IS_5GHZ(wa->freq) ? -1 : 1; 1597 } 1598 1599 /* use freq for channel preference */ 1600 1601 /* all things being equal, use SNR; if SNRs are 1602 * identical, use quality values since some drivers may only report 1603 * that value and leave the signal level zero */ 1604 if (snr_b == snr_a) 1605 return wb->qual - wa->qual; 1606 return snr_b - snr_a; 1607 #undef MIN 1608 #undef IS_5GHZ 1609 } 1610 1611 1612 #ifdef CONFIG_WPS 1613 /* Compare function for sorting scan results when searching a WPS AP for 1614 * provisioning. Return >0 if @b is considered better. */ 1615 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1616 { 1617 struct wpa_scan_res **_wa = (void *) a; 1618 struct wpa_scan_res **_wb = (void *) b; 1619 struct wpa_scan_res *wa = *_wa; 1620 struct wpa_scan_res *wb = *_wb; 1621 int uses_wps_a, uses_wps_b; 1622 struct wpabuf *wps_a, *wps_b; 1623 int res; 1624 1625 /* Optimization - check WPS IE existence before allocated memory and 1626 * doing full reassembly. */ 1627 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1628 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1629 if (uses_wps_a && !uses_wps_b) 1630 return -1; 1631 if (!uses_wps_a && uses_wps_b) 1632 return 1; 1633 1634 if (uses_wps_a && uses_wps_b) { 1635 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1636 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1637 res = wps_ap_priority_compar(wps_a, wps_b); 1638 wpabuf_free(wps_a); 1639 wpabuf_free(wps_b); 1640 if (res) 1641 return res; 1642 } 1643 1644 /* 1645 * Do not use current AP security policy as a sorting criteria during 1646 * WPS provisioning step since the AP may get reconfigured at the 1647 * completion of provisioning. 1648 */ 1649 1650 /* all things being equal, use signal level; if signal levels are 1651 * identical, use quality values since some drivers may only report 1652 * that value and leave the signal level zero */ 1653 if (wb->level == wa->level) 1654 return wb->qual - wa->qual; 1655 return wb->level - wa->level; 1656 } 1657 #endif /* CONFIG_WPS */ 1658 1659 1660 static void dump_scan_res(struct wpa_scan_results *scan_res) 1661 { 1662 #ifndef CONFIG_NO_STDOUT_DEBUG 1663 size_t i; 1664 1665 if (scan_res->res == NULL || scan_res->num == 0) 1666 return; 1667 1668 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1669 1670 for (i = 0; i < scan_res->num; i++) { 1671 struct wpa_scan_res *r = scan_res->res[i]; 1672 u8 *pos; 1673 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID)) 1674 == WPA_SCAN_LEVEL_DBM) { 1675 int snr = r->level - r->noise; 1676 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1677 "noise=%d level=%d snr=%d%s flags=0x%x " 1678 "age=%u", 1679 MAC2STR(r->bssid), r->freq, r->qual, 1680 r->noise, r->level, snr, 1681 snr >= GREAT_SNR ? "*" : "", r->flags, 1682 r->age); 1683 } else { 1684 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1685 "noise=%d level=%d flags=0x%x age=%u", 1686 MAC2STR(r->bssid), r->freq, r->qual, 1687 r->noise, r->level, r->flags, r->age); 1688 } 1689 pos = (u8 *) (r + 1); 1690 if (r->ie_len) 1691 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1692 pos += r->ie_len; 1693 if (r->beacon_ie_len) 1694 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1695 pos, r->beacon_ie_len); 1696 } 1697 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1698 } 1699 1700 1701 /** 1702 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1703 * @wpa_s: Pointer to wpa_supplicant data 1704 * @bssid: BSSID to check 1705 * Returns: 0 if the BSSID is filtered or 1 if not 1706 * 1707 * This function is used to filter out specific BSSIDs from scan reslts mainly 1708 * for testing purposes (SET bssid_filter ctrl_iface command). 1709 */ 1710 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1711 const u8 *bssid) 1712 { 1713 size_t i; 1714 1715 if (wpa_s->bssid_filter == NULL) 1716 return 1; 1717 1718 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1719 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1720 ETH_ALEN) == 0) 1721 return 1; 1722 } 1723 1724 return 0; 1725 } 1726 1727 1728 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1729 struct wpa_scan_results *res) 1730 { 1731 size_t i, j; 1732 1733 if (wpa_s->bssid_filter == NULL) 1734 return; 1735 1736 for (i = 0, j = 0; i < res->num; i++) { 1737 if (wpa_supplicant_filter_bssid_match(wpa_s, 1738 res->res[i]->bssid)) { 1739 res->res[j++] = res->res[i]; 1740 } else { 1741 os_free(res->res[i]); 1742 res->res[i] = NULL; 1743 } 1744 } 1745 1746 if (res->num != j) { 1747 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1748 (int) (res->num - j)); 1749 res->num = j; 1750 } 1751 } 1752 1753 1754 /** 1755 * wpa_supplicant_get_scan_results - Get scan results 1756 * @wpa_s: Pointer to wpa_supplicant data 1757 * @info: Information about what was scanned or %NULL if not available 1758 * @new_scan: Whether a new scan was performed 1759 * Returns: Scan results, %NULL on failure 1760 * 1761 * This function request the current scan results from the driver and updates 1762 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 1763 * results with wpa_scan_results_free(). 1764 */ 1765 struct wpa_scan_results * 1766 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 1767 struct scan_info *info, int new_scan) 1768 { 1769 struct wpa_scan_results *scan_res; 1770 size_t i; 1771 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 1772 1773 scan_res = wpa_drv_get_scan_results2(wpa_s); 1774 if (scan_res == NULL) { 1775 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 1776 return NULL; 1777 } 1778 if (scan_res->fetch_time.sec == 0) { 1779 /* 1780 * Make sure we have a valid timestamp if the driver wrapper 1781 * does not set this. 1782 */ 1783 os_get_reltime(&scan_res->fetch_time); 1784 } 1785 filter_scan_res(wpa_s, scan_res); 1786 1787 #ifdef CONFIG_WPS 1788 if (wpas_wps_searching(wpa_s)) { 1789 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 1790 "provisioning rules"); 1791 compar = wpa_scan_result_wps_compar; 1792 } 1793 #endif /* CONFIG_WPS */ 1794 1795 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 1796 compar); 1797 dump_scan_res(scan_res); 1798 1799 wpa_bss_update_start(wpa_s); 1800 for (i = 0; i < scan_res->num; i++) 1801 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 1802 &scan_res->fetch_time); 1803 wpa_bss_update_end(wpa_s, info, new_scan); 1804 1805 return scan_res; 1806 } 1807 1808 1809 /** 1810 * wpa_supplicant_update_scan_results - Update scan results from the driver 1811 * @wpa_s: Pointer to wpa_supplicant data 1812 * Returns: 0 on success, -1 on failure 1813 * 1814 * This function updates the BSS table within wpa_supplicant based on the 1815 * currently available scan results from the driver without requesting a new 1816 * scan. This is used in cases where the driver indicates an association 1817 * (including roaming within ESS) and wpa_supplicant does not yet have the 1818 * needed information to complete the connection (e.g., to perform validation 1819 * steps in 4-way handshake). 1820 */ 1821 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 1822 { 1823 struct wpa_scan_results *scan_res; 1824 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 1825 if (scan_res == NULL) 1826 return -1; 1827 wpa_scan_results_free(scan_res); 1828 1829 return 0; 1830 } 1831 1832 1833 /** 1834 * scan_only_handler - Reports scan results 1835 */ 1836 void scan_only_handler(struct wpa_supplicant *wpa_s, 1837 struct wpa_scan_results *scan_res) 1838 { 1839 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 1840 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1841 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 1842 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 1843 wpa_s->manual_scan_id); 1844 wpa_s->manual_scan_use_id = 0; 1845 } else { 1846 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1847 } 1848 wpas_notify_scan_results(wpa_s); 1849 wpas_notify_scan_done(wpa_s, 1); 1850 if (wpa_s->scan_work) { 1851 struct wpa_radio_work *work = wpa_s->scan_work; 1852 wpa_s->scan_work = NULL; 1853 radio_work_done(work); 1854 } 1855 } 1856 1857 1858 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 1859 { 1860 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 1861 } 1862 1863 1864 struct wpa_driver_scan_params * 1865 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 1866 { 1867 struct wpa_driver_scan_params *params; 1868 size_t i; 1869 u8 *n; 1870 1871 params = os_zalloc(sizeof(*params)); 1872 if (params == NULL) 1873 return NULL; 1874 1875 for (i = 0; i < src->num_ssids; i++) { 1876 if (src->ssids[i].ssid) { 1877 n = os_malloc(src->ssids[i].ssid_len); 1878 if (n == NULL) 1879 goto failed; 1880 os_memcpy(n, src->ssids[i].ssid, 1881 src->ssids[i].ssid_len); 1882 params->ssids[i].ssid = n; 1883 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 1884 } 1885 } 1886 params->num_ssids = src->num_ssids; 1887 1888 if (src->extra_ies) { 1889 n = os_malloc(src->extra_ies_len); 1890 if (n == NULL) 1891 goto failed; 1892 os_memcpy(n, src->extra_ies, src->extra_ies_len); 1893 params->extra_ies = n; 1894 params->extra_ies_len = src->extra_ies_len; 1895 } 1896 1897 if (src->freqs) { 1898 int len = int_array_len(src->freqs); 1899 params->freqs = os_malloc((len + 1) * sizeof(int)); 1900 if (params->freqs == NULL) 1901 goto failed; 1902 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 1903 } 1904 1905 if (src->filter_ssids) { 1906 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 1907 src->num_filter_ssids); 1908 if (params->filter_ssids == NULL) 1909 goto failed; 1910 os_memcpy(params->filter_ssids, src->filter_ssids, 1911 sizeof(*params->filter_ssids) * 1912 src->num_filter_ssids); 1913 params->num_filter_ssids = src->num_filter_ssids; 1914 } 1915 1916 params->filter_rssi = src->filter_rssi; 1917 params->p2p_probe = src->p2p_probe; 1918 params->only_new_results = src->only_new_results; 1919 params->low_priority = src->low_priority; 1920 1921 return params; 1922 1923 failed: 1924 wpa_scan_free_params(params); 1925 return NULL; 1926 } 1927 1928 1929 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 1930 { 1931 size_t i; 1932 1933 if (params == NULL) 1934 return; 1935 1936 for (i = 0; i < params->num_ssids; i++) 1937 os_free((u8 *) params->ssids[i].ssid); 1938 os_free((u8 *) params->extra_ies); 1939 os_free(params->freqs); 1940 os_free(params->filter_ssids); 1941 os_free(params); 1942 } 1943 1944 1945 int wpas_start_pno(struct wpa_supplicant *wpa_s) 1946 { 1947 int ret, interval; 1948 size_t i, num_ssid, num_match_ssid; 1949 struct wpa_ssid *ssid; 1950 struct wpa_driver_scan_params params; 1951 1952 if (!wpa_s->sched_scan_supported) 1953 return -1; 1954 1955 if (wpa_s->pno || wpa_s->pno_sched_pending) 1956 return 0; 1957 1958 if ((wpa_s->wpa_state > WPA_SCANNING) && 1959 (wpa_s->wpa_state <= WPA_COMPLETED)) { 1960 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 1961 return -EAGAIN; 1962 } 1963 1964 if (wpa_s->wpa_state == WPA_SCANNING) { 1965 wpa_supplicant_cancel_scan(wpa_s); 1966 if (wpa_s->sched_scanning) { 1967 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 1968 "ongoing sched scan"); 1969 wpa_supplicant_cancel_sched_scan(wpa_s); 1970 wpa_s->pno_sched_pending = 1; 1971 return 0; 1972 } 1973 } 1974 1975 os_memset(¶ms, 0, sizeof(params)); 1976 1977 num_ssid = num_match_ssid = 0; 1978 ssid = wpa_s->conf->ssid; 1979 while (ssid) { 1980 if (!wpas_network_disabled(wpa_s, ssid)) { 1981 num_match_ssid++; 1982 if (ssid->scan_ssid) 1983 num_ssid++; 1984 } 1985 ssid = ssid->next; 1986 } 1987 1988 if (num_match_ssid == 0) { 1989 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 1990 return -1; 1991 } 1992 1993 if (num_match_ssid > num_ssid) { 1994 params.num_ssids++; /* wildcard */ 1995 num_ssid++; 1996 } 1997 1998 if (num_ssid > WPAS_MAX_SCAN_SSIDS) { 1999 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2000 "%u", WPAS_MAX_SCAN_SSIDS, (unsigned int) num_ssid); 2001 num_ssid = WPAS_MAX_SCAN_SSIDS; 2002 } 2003 2004 if (num_match_ssid > wpa_s->max_match_sets) { 2005 num_match_ssid = wpa_s->max_match_sets; 2006 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2007 } 2008 params.filter_ssids = os_calloc(num_match_ssid, 2009 sizeof(struct wpa_driver_scan_filter)); 2010 if (params.filter_ssids == NULL) 2011 return -1; 2012 i = 0; 2013 ssid = wpa_s->conf->ssid; 2014 while (ssid) { 2015 if (!wpas_network_disabled(wpa_s, ssid)) { 2016 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2017 params.ssids[params.num_ssids].ssid = 2018 ssid->ssid; 2019 params.ssids[params.num_ssids].ssid_len = 2020 ssid->ssid_len; 2021 params.num_ssids++; 2022 } 2023 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2024 ssid->ssid_len); 2025 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2026 params.num_filter_ssids++; 2027 i++; 2028 if (i == num_match_ssid) 2029 break; 2030 } 2031 ssid = ssid->next; 2032 } 2033 2034 if (wpa_s->conf->filter_rssi) 2035 params.filter_rssi = wpa_s->conf->filter_rssi; 2036 2037 interval = wpa_s->conf->sched_scan_interval ? 2038 wpa_s->conf->sched_scan_interval : 10; 2039 2040 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2041 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2042 params.freqs = wpa_s->manual_sched_scan_freqs; 2043 } 2044 2045 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms, interval); 2046 os_free(params.filter_ssids); 2047 if (ret == 0) 2048 wpa_s->pno = 1; 2049 else 2050 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2051 return ret; 2052 } 2053 2054 2055 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2056 { 2057 int ret = 0; 2058 2059 if (!wpa_s->pno) 2060 return 0; 2061 2062 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2063 2064 wpa_s->pno = 0; 2065 wpa_s->pno_sched_pending = 0; 2066 2067 if (wpa_s->wpa_state == WPA_SCANNING) 2068 wpa_supplicant_req_scan(wpa_s, 0, 0); 2069 2070 return ret; 2071 } 2072
