1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 if (wpa_s->current_ssid != NULL) 40 wpas_notify_network_changed(wpa_s); 41 } 42 wpa_supplicant_initiate_eapol(wpa_s); 43 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 44 "network - generating associated event"); 45 os_memset(&data, 0, sizeof(data)); 46 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 47 } 48 49 50 #ifdef CONFIG_WPS 51 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 52 enum wps_request_type *req_type) 53 { 54 struct wpa_ssid *ssid; 55 int wps = 0; 56 57 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 58 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 59 continue; 60 61 wps = 1; 62 *req_type = wpas_wps_get_req_type(ssid); 63 if (!ssid->eap.phase1) 64 continue; 65 66 if (os_strstr(ssid->eap.phase1, "pbc=1")) 67 return 2; 68 } 69 70 #ifdef CONFIG_P2P 71 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 72 !wpa_s->conf->p2p_disabled) { 73 wpa_s->wps->dev.p2p = 1; 74 if (!wps) { 75 wps = 1; 76 *req_type = WPS_REQ_ENROLLEE_INFO; 77 } 78 } 79 #endif /* CONFIG_P2P */ 80 81 return wps; 82 } 83 #endif /* CONFIG_WPS */ 84 85 86 /** 87 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 88 * @wpa_s: Pointer to wpa_supplicant data 89 * Returns: 0 if no networks are enabled, >0 if networks are enabled 90 * 91 * This function is used to figure out whether any networks (or Interworking 92 * with enabled credentials and auto_interworking) are present in the current 93 * configuration. 94 */ 95 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 96 { 97 struct wpa_ssid *ssid = wpa_s->conf->ssid; 98 int count = 0, disabled = 0; 99 100 if (wpa_s->p2p_mgmt) 101 return 0; /* no normal network profiles on p2p_mgmt interface */ 102 103 while (ssid) { 104 if (!wpas_network_disabled(wpa_s, ssid)) 105 count++; 106 else 107 disabled++; 108 ssid = ssid->next; 109 } 110 if (wpa_s->conf->cred && wpa_s->conf->interworking && 111 wpa_s->conf->auto_interworking) 112 count++; 113 if (count == 0 && disabled > 0) { 114 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 115 "networks)", disabled); 116 } 117 return count; 118 } 119 120 121 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 122 struct wpa_ssid *ssid) 123 { 124 while (ssid) { 125 if (!wpas_network_disabled(wpa_s, ssid)) 126 break; 127 ssid = ssid->next; 128 } 129 130 /* ap_scan=2 mode - try to associate with each SSID. */ 131 if (ssid == NULL) { 132 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 133 "end of scan list - go back to beginning"); 134 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 135 wpa_supplicant_req_scan(wpa_s, 0, 0); 136 return; 137 } 138 if (ssid->next) { 139 /* Continue from the next SSID on the next attempt. */ 140 wpa_s->prev_scan_ssid = ssid; 141 } else { 142 /* Start from the beginning of the SSID list. */ 143 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 144 } 145 wpa_supplicant_associate(wpa_s, NULL, ssid); 146 } 147 148 149 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 150 { 151 struct wpa_supplicant *wpa_s = work->wpa_s; 152 struct wpa_driver_scan_params *params = work->ctx; 153 int ret; 154 155 if (deinit) { 156 if (!work->started) { 157 wpa_scan_free_params(params); 158 return; 159 } 160 wpa_supplicant_notify_scanning(wpa_s, 0); 161 wpas_notify_scan_done(wpa_s, 0); 162 wpa_s->scan_work = NULL; 163 return; 164 } 165 166 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 167 wpa_msg(wpa_s, MSG_INFO, 168 "Failed to assign random MAC address for a scan"); 169 radio_work_done(work); 170 return; 171 } 172 173 wpa_supplicant_notify_scanning(wpa_s, 1); 174 175 if (wpa_s->clear_driver_scan_cache) { 176 wpa_printf(MSG_DEBUG, 177 "Request driver to clear scan cache due to local BSS flush"); 178 params->only_new_results = 1; 179 } 180 ret = wpa_drv_scan(wpa_s, params); 181 wpa_scan_free_params(params); 182 work->ctx = NULL; 183 if (ret) { 184 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 185 186 if (wpa_s->disconnected) 187 retry = 0; 188 189 wpa_supplicant_notify_scanning(wpa_s, 0); 190 wpas_notify_scan_done(wpa_s, 0); 191 if (wpa_s->wpa_state == WPA_SCANNING) 192 wpa_supplicant_set_state(wpa_s, 193 wpa_s->scan_prev_wpa_state); 194 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 195 ret, retry ? " retry=1" : ""); 196 radio_work_done(work); 197 198 if (retry) { 199 /* Restore scan_req since we will try to scan again */ 200 wpa_s->scan_req = wpa_s->last_scan_req; 201 wpa_supplicant_req_scan(wpa_s, 1, 0); 202 } 203 return; 204 } 205 206 os_get_reltime(&wpa_s->scan_trigger_time); 207 wpa_s->scan_runs++; 208 wpa_s->normal_scans++; 209 wpa_s->own_scan_requested = 1; 210 wpa_s->clear_driver_scan_cache = 0; 211 wpa_s->scan_work = work; 212 } 213 214 215 /** 216 * wpa_supplicant_trigger_scan - Request driver to start a scan 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @params: Scan parameters 219 * Returns: 0 on success, -1 on failure 220 */ 221 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 222 struct wpa_driver_scan_params *params) 223 { 224 struct wpa_driver_scan_params *ctx; 225 226 if (wpa_s->scan_work) { 227 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 228 return -1; 229 } 230 231 ctx = wpa_scan_clone_params(params); 232 if (ctx == NULL) 233 return -1; 234 235 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 236 { 237 wpa_scan_free_params(ctx); 238 return -1; 239 } 240 241 return 0; 242 } 243 244 245 static void 246 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 247 { 248 struct wpa_supplicant *wpa_s = eloop_ctx; 249 250 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 251 252 if (wpa_supplicant_req_sched_scan(wpa_s)) 253 wpa_supplicant_req_scan(wpa_s, 0, 0); 254 } 255 256 257 static void 258 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 259 { 260 struct wpa_supplicant *wpa_s = eloop_ctx; 261 262 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 263 264 wpa_s->sched_scan_timed_out = 1; 265 wpa_supplicant_cancel_sched_scan(wpa_s); 266 } 267 268 269 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 270 struct wpa_driver_scan_params *params, 271 int interval) 272 { 273 int ret; 274 275 wpa_supplicant_notify_scanning(wpa_s, 1); 276 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 277 if (ret) 278 wpa_supplicant_notify_scanning(wpa_s, 0); 279 else 280 wpa_s->sched_scanning = 1; 281 282 return ret; 283 } 284 285 286 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 287 { 288 int ret; 289 290 ret = wpa_drv_stop_sched_scan(wpa_s); 291 if (ret) { 292 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 293 /* TODO: what to do if stopping fails? */ 294 return -1; 295 } 296 297 return ret; 298 } 299 300 301 static struct wpa_driver_scan_filter * 302 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 303 { 304 struct wpa_driver_scan_filter *ssids; 305 struct wpa_ssid *ssid; 306 size_t count; 307 308 *num_ssids = 0; 309 if (!conf->filter_ssids) 310 return NULL; 311 312 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 313 if (ssid->ssid && ssid->ssid_len) 314 count++; 315 } 316 if (count == 0) 317 return NULL; 318 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 319 if (ssids == NULL) 320 return NULL; 321 322 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 323 if (!ssid->ssid || !ssid->ssid_len) 324 continue; 325 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 326 ssids[*num_ssids].ssid_len = ssid->ssid_len; 327 (*num_ssids)++; 328 } 329 330 return ssids; 331 } 332 333 334 static void wpa_supplicant_optimize_freqs( 335 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 336 { 337 #ifdef CONFIG_P2P 338 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 339 wpa_s->go_params) { 340 /* Optimize provisioning state scan based on GO information */ 341 if (wpa_s->p2p_in_provisioning < 5 && 342 wpa_s->go_params->freq > 0) { 343 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 344 "preferred frequency %d MHz", 345 wpa_s->go_params->freq); 346 params->freqs = os_calloc(2, sizeof(int)); 347 if (params->freqs) 348 params->freqs[0] = wpa_s->go_params->freq; 349 } else if (wpa_s->p2p_in_provisioning < 8 && 350 wpa_s->go_params->freq_list[0]) { 351 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 352 "channels"); 353 int_array_concat(¶ms->freqs, 354 wpa_s->go_params->freq_list); 355 if (params->freqs) 356 int_array_sort_unique(params->freqs); 357 } 358 wpa_s->p2p_in_provisioning++; 359 } 360 361 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 362 /* 363 * Optimize scan based on GO information during persistent 364 * group reinvocation 365 */ 366 if (wpa_s->p2p_in_invitation < 5 && 367 wpa_s->p2p_invite_go_freq > 0) { 368 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 369 wpa_s->p2p_invite_go_freq); 370 params->freqs = os_calloc(2, sizeof(int)); 371 if (params->freqs) 372 params->freqs[0] = wpa_s->p2p_invite_go_freq; 373 } 374 wpa_s->p2p_in_invitation++; 375 if (wpa_s->p2p_in_invitation > 20) { 376 /* 377 * This should not really happen since the variable is 378 * cleared on group removal, but if it does happen, make 379 * sure we do not get stuck in special invitation scan 380 * mode. 381 */ 382 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 383 wpa_s->p2p_in_invitation = 0; 384 } 385 } 386 #endif /* CONFIG_P2P */ 387 388 #ifdef CONFIG_WPS 389 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 390 /* 391 * Optimize post-provisioning scan based on channel used 392 * during provisioning. 393 */ 394 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 395 "that was used during provisioning", wpa_s->wps_freq); 396 params->freqs = os_calloc(2, sizeof(int)); 397 if (params->freqs) 398 params->freqs[0] = wpa_s->wps_freq; 399 wpa_s->after_wps--; 400 } else if (wpa_s->after_wps) 401 wpa_s->after_wps--; 402 403 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 404 { 405 /* Optimize provisioning scan based on already known channel */ 406 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 407 wpa_s->wps_freq); 408 params->freqs = os_calloc(2, sizeof(int)); 409 if (params->freqs) 410 params->freqs[0] = wpa_s->wps_freq; 411 wpa_s->known_wps_freq = 0; /* only do this once */ 412 } 413 #endif /* CONFIG_WPS */ 414 } 415 416 417 #ifdef CONFIG_INTERWORKING 418 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 419 struct wpabuf *buf) 420 { 421 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 422 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 423 1 + ETH_ALEN); 424 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 425 /* No Venue Info */ 426 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 427 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 428 } 429 #endif /* CONFIG_INTERWORKING */ 430 431 432 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 433 { 434 struct wpabuf *extra_ie = NULL; 435 u8 ext_capab[18]; 436 int ext_capab_len; 437 #ifdef CONFIG_WPS 438 int wps = 0; 439 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 440 #endif /* CONFIG_WPS */ 441 442 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 443 sizeof(ext_capab)); 444 if (ext_capab_len > 0 && 445 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 446 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 447 448 #ifdef CONFIG_INTERWORKING 449 if (wpa_s->conf->interworking && 450 wpabuf_resize(&extra_ie, 100) == 0) 451 wpas_add_interworking_elements(wpa_s, extra_ie); 452 #endif /* CONFIG_INTERWORKING */ 453 454 #ifdef CONFIG_WPS 455 wps = wpas_wps_in_use(wpa_s, &req_type); 456 457 if (wps) { 458 struct wpabuf *wps_ie; 459 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 460 DEV_PW_DEFAULT, 461 &wpa_s->wps->dev, 462 wpa_s->wps->uuid, req_type, 463 0, NULL); 464 if (wps_ie) { 465 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 466 wpabuf_put_buf(extra_ie, wps_ie); 467 wpabuf_free(wps_ie); 468 } 469 } 470 471 #ifdef CONFIG_P2P 472 if (wps) { 473 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 474 if (wpabuf_resize(&extra_ie, ielen) == 0) 475 wpas_p2p_scan_ie(wpa_s, extra_ie); 476 } 477 #endif /* CONFIG_P2P */ 478 479 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 480 481 #endif /* CONFIG_WPS */ 482 483 #ifdef CONFIG_HS20 484 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 485 wpas_hs20_add_indication(extra_ie, -1); 486 #endif /* CONFIG_HS20 */ 487 488 return extra_ie; 489 } 490 491 492 #ifdef CONFIG_P2P 493 494 /* 495 * Check whether there are any enabled networks or credentials that could be 496 * used for a non-P2P connection. 497 */ 498 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 499 { 500 struct wpa_ssid *ssid; 501 502 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 503 if (wpas_network_disabled(wpa_s, ssid)) 504 continue; 505 if (!ssid->p2p_group) 506 return 1; 507 } 508 509 if (wpa_s->conf->cred && wpa_s->conf->interworking && 510 wpa_s->conf->auto_interworking) 511 return 1; 512 513 return 0; 514 } 515 516 #endif /* CONFIG_P2P */ 517 518 519 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 520 u16 num_modes, 521 enum hostapd_hw_mode mode) 522 { 523 u16 i; 524 525 for (i = 0; i < num_modes; i++) { 526 if (modes[i].mode == mode) 527 return &modes[i]; 528 } 529 530 return NULL; 531 } 532 533 534 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 535 enum hostapd_hw_mode band, 536 struct wpa_driver_scan_params *params) 537 { 538 /* Include only supported channels for the specified band */ 539 struct hostapd_hw_modes *mode; 540 int count, i; 541 542 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 543 if (mode == NULL) { 544 /* No channels supported in this band - use empty list */ 545 params->freqs = os_zalloc(sizeof(int)); 546 return; 547 } 548 549 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 550 if (params->freqs == NULL) 551 return; 552 for (count = 0, i = 0; i < mode->num_channels; i++) { 553 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 554 continue; 555 params->freqs[count++] = mode->channels[i].freq; 556 } 557 } 558 559 560 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 561 struct wpa_driver_scan_params *params) 562 { 563 if (wpa_s->hw.modes == NULL) 564 return; /* unknown what channels the driver supports */ 565 if (params->freqs) 566 return; /* already using a limited channel set */ 567 if (wpa_s->setband == WPA_SETBAND_5G) 568 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 569 params); 570 else if (wpa_s->setband == WPA_SETBAND_2G) 571 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 572 params); 573 } 574 575 576 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 577 struct wpa_driver_scan_params *params, 578 size_t max_ssids) 579 { 580 unsigned int i; 581 struct wpa_ssid *ssid; 582 583 for (i = 0; i < wpa_s->scan_id_count; i++) { 584 unsigned int j; 585 586 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 587 if (!ssid || !ssid->scan_ssid) 588 continue; 589 590 for (j = 0; j < params->num_ssids; j++) { 591 if (params->ssids[j].ssid_len == ssid->ssid_len && 592 params->ssids[j].ssid && 593 os_memcmp(params->ssids[j].ssid, ssid->ssid, 594 ssid->ssid_len) == 0) 595 break; 596 } 597 if (j < params->num_ssids) 598 continue; /* already in the list */ 599 600 if (params->num_ssids + 1 > max_ssids) { 601 wpa_printf(MSG_DEBUG, 602 "Over max scan SSIDs for manual request"); 603 break; 604 } 605 606 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 607 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 608 params->ssids[params->num_ssids].ssid = ssid->ssid; 609 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 610 params->num_ssids++; 611 } 612 613 wpa_s->scan_id_count = 0; 614 } 615 616 617 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 618 struct wpa_driver_scan_params *params, 619 size_t max_ssids) 620 { 621 unsigned int i; 622 623 if (wpa_s->ssids_from_scan_req == NULL || 624 wpa_s->num_ssids_from_scan_req == 0) 625 return 0; 626 627 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 628 wpa_s->num_ssids_from_scan_req = max_ssids; 629 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 630 (unsigned int) max_ssids); 631 } 632 633 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 634 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 635 params->ssids[i].ssid_len = 636 wpa_s->ssids_from_scan_req[i].ssid_len; 637 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 638 params->ssids[i].ssid, 639 params->ssids[i].ssid_len); 640 } 641 642 params->num_ssids = wpa_s->num_ssids_from_scan_req; 643 wpa_s->num_ssids_from_scan_req = 0; 644 return 1; 645 } 646 647 648 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 649 { 650 struct wpa_supplicant *wpa_s = eloop_ctx; 651 struct wpa_ssid *ssid; 652 int ret, p2p_in_prog; 653 struct wpabuf *extra_ie = NULL; 654 struct wpa_driver_scan_params params; 655 struct wpa_driver_scan_params *scan_params; 656 size_t max_ssids; 657 int connect_without_scan = 0; 658 659 if (wpa_s->pno || wpa_s->pno_sched_pending) { 660 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 661 return; 662 } 663 664 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 665 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 666 return; 667 } 668 669 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 670 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 671 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 672 return; 673 } 674 675 if (wpa_s->scanning) { 676 /* 677 * If we are already in scanning state, we shall reschedule the 678 * the incoming scan request. 679 */ 680 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 681 wpa_supplicant_req_scan(wpa_s, 1, 0); 682 return; 683 } 684 685 if (!wpa_supplicant_enabled_networks(wpa_s) && 686 wpa_s->scan_req == NORMAL_SCAN_REQ) { 687 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 688 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 689 return; 690 } 691 692 if (wpa_s->conf->ap_scan != 0 && 693 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 694 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 695 "overriding ap_scan configuration"); 696 wpa_s->conf->ap_scan = 0; 697 wpas_notify_ap_scan_changed(wpa_s); 698 } 699 700 if (wpa_s->conf->ap_scan == 0) { 701 wpa_supplicant_gen_assoc_event(wpa_s); 702 return; 703 } 704 705 ssid = NULL; 706 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 707 wpa_s->connect_without_scan) { 708 connect_without_scan = 1; 709 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 710 if (ssid == wpa_s->connect_without_scan) 711 break; 712 } 713 } 714 715 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 716 if (p2p_in_prog && p2p_in_prog != 2 && 717 (!ssid || 718 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 719 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 720 wpa_supplicant_req_scan(wpa_s, 5, 0); 721 return; 722 } 723 724 if (wpa_s->conf->ap_scan == 2) 725 max_ssids = 1; 726 else { 727 max_ssids = wpa_s->max_scan_ssids; 728 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 729 max_ssids = WPAS_MAX_SCAN_SSIDS; 730 } 731 732 wpa_s->last_scan_req = wpa_s->scan_req; 733 wpa_s->scan_req = NORMAL_SCAN_REQ; 734 735 if (connect_without_scan) { 736 wpa_s->connect_without_scan = NULL; 737 if (ssid) { 738 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 739 "without scan step"); 740 wpa_supplicant_associate(wpa_s, NULL, ssid); 741 return; 742 } 743 } 744 745 os_memset(¶ms, 0, sizeof(params)); 746 747 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 748 if (wpa_s->wpa_state == WPA_DISCONNECTED || 749 wpa_s->wpa_state == WPA_INACTIVE) 750 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 751 752 /* 753 * If autoscan has set its own scanning parameters 754 */ 755 if (wpa_s->autoscan_params != NULL) { 756 scan_params = wpa_s->autoscan_params; 757 goto scan; 758 } 759 760 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 761 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 762 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 763 goto ssid_list_set; 764 } 765 766 #ifdef CONFIG_P2P 767 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 768 wpa_s->go_params && !wpa_s->conf->passive_scan) { 769 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 770 wpa_s->p2p_in_provisioning, 771 wpa_s->show_group_started); 772 params.ssids[0].ssid = wpa_s->go_params->ssid; 773 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 774 params.num_ssids = 1; 775 goto ssid_list_set; 776 } 777 778 if (wpa_s->p2p_in_invitation) { 779 if (wpa_s->current_ssid) { 780 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 781 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 782 params.ssids[0].ssid_len = 783 wpa_s->current_ssid->ssid_len; 784 params.num_ssids = 1; 785 } else { 786 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 787 } 788 goto ssid_list_set; 789 } 790 #endif /* CONFIG_P2P */ 791 792 /* Find the starting point from which to continue scanning */ 793 ssid = wpa_s->conf->ssid; 794 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 795 while (ssid) { 796 if (ssid == wpa_s->prev_scan_ssid) { 797 ssid = ssid->next; 798 break; 799 } 800 ssid = ssid->next; 801 } 802 } 803 804 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 805 wpa_s->conf->ap_scan == 2) { 806 wpa_s->connect_without_scan = NULL; 807 wpa_s->prev_scan_wildcard = 0; 808 wpa_supplicant_assoc_try(wpa_s, ssid); 809 return; 810 } else if (wpa_s->conf->ap_scan == 2) { 811 /* 812 * User-initiated scan request in ap_scan == 2; scan with 813 * wildcard SSID. 814 */ 815 ssid = NULL; 816 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 817 /* 818 * Perform single-channel single-SSID scan for 819 * reassociate-to-same-BSS operation. 820 */ 821 /* Setup SSID */ 822 ssid = wpa_s->current_ssid; 823 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 824 ssid->ssid, ssid->ssid_len); 825 params.ssids[0].ssid = ssid->ssid; 826 params.ssids[0].ssid_len = ssid->ssid_len; 827 params.num_ssids = 1; 828 829 /* 830 * Allocate memory for frequency array, allocate one extra 831 * slot for the zero-terminator. 832 */ 833 params.freqs = os_malloc(sizeof(int) * 2); 834 if (params.freqs == NULL) { 835 wpa_dbg(wpa_s, MSG_ERROR, "Memory allocation failed"); 836 return; 837 } 838 params.freqs[0] = wpa_s->assoc_freq; 839 params.freqs[1] = 0; 840 841 /* 842 * Reset the reattach flag so that we fall back to full scan if 843 * this scan fails. 844 */ 845 wpa_s->reattach = 0; 846 } else { 847 struct wpa_ssid *start = ssid, *tssid; 848 int freqs_set = 0; 849 if (ssid == NULL && max_ssids > 1) 850 ssid = wpa_s->conf->ssid; 851 while (ssid) { 852 if (!wpas_network_disabled(wpa_s, ssid) && 853 ssid->scan_ssid) { 854 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 855 ssid->ssid, ssid->ssid_len); 856 params.ssids[params.num_ssids].ssid = 857 ssid->ssid; 858 params.ssids[params.num_ssids].ssid_len = 859 ssid->ssid_len; 860 params.num_ssids++; 861 if (params.num_ssids + 1 >= max_ssids) 862 break; 863 } 864 ssid = ssid->next; 865 if (ssid == start) 866 break; 867 if (ssid == NULL && max_ssids > 1 && 868 start != wpa_s->conf->ssid) 869 ssid = wpa_s->conf->ssid; 870 } 871 872 if (wpa_s->scan_id_count && 873 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 874 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 875 876 for (tssid = wpa_s->conf->ssid; 877 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 878 tssid = tssid->next) { 879 if (wpas_network_disabled(wpa_s, tssid)) 880 continue; 881 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 882 int_array_concat(¶ms.freqs, 883 tssid->scan_freq); 884 } else { 885 os_free(params.freqs); 886 params.freqs = NULL; 887 } 888 freqs_set = 1; 889 } 890 int_array_sort_unique(params.freqs); 891 } 892 893 if (ssid && max_ssids == 1) { 894 /* 895 * If the driver is limited to 1 SSID at a time interleave 896 * wildcard SSID scans with specific SSID scans to avoid 897 * waiting a long time for a wildcard scan. 898 */ 899 if (!wpa_s->prev_scan_wildcard) { 900 params.ssids[0].ssid = NULL; 901 params.ssids[0].ssid_len = 0; 902 wpa_s->prev_scan_wildcard = 1; 903 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 904 "wildcard SSID (Interleave with specific)"); 905 } else { 906 wpa_s->prev_scan_ssid = ssid; 907 wpa_s->prev_scan_wildcard = 0; 908 wpa_dbg(wpa_s, MSG_DEBUG, 909 "Starting AP scan for specific SSID: %s", 910 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 911 } 912 } else if (ssid) { 913 /* max_ssids > 1 */ 914 915 wpa_s->prev_scan_ssid = ssid; 916 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 917 "the scan request"); 918 params.num_ssids++; 919 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 920 wpa_s->manual_scan_passive && params.num_ssids == 0) { 921 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 922 } else if (wpa_s->conf->passive_scan) { 923 wpa_dbg(wpa_s, MSG_DEBUG, 924 "Use passive scan based on configuration"); 925 } else { 926 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 927 params.num_ssids++; 928 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 929 "SSID"); 930 } 931 932 ssid_list_set: 933 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 934 extra_ie = wpa_supplicant_extra_ies(wpa_s); 935 936 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 937 wpa_s->manual_scan_only_new) { 938 wpa_printf(MSG_DEBUG, 939 "Request driver to clear scan cache due to manual only_new=1 scan"); 940 params.only_new_results = 1; 941 } 942 943 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 944 wpa_s->manual_scan_freqs) { 945 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 946 params.freqs = wpa_s->manual_scan_freqs; 947 wpa_s->manual_scan_freqs = NULL; 948 } 949 950 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 951 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 952 "generated frequency list"); 953 params.freqs = wpa_s->next_scan_freqs; 954 } else 955 os_free(wpa_s->next_scan_freqs); 956 wpa_s->next_scan_freqs = NULL; 957 wpa_setband_scan_freqs(wpa_s, ¶ms); 958 959 /* See if user specified frequencies. If so, scan only those. */ 960 if (wpa_s->conf->freq_list && !params.freqs) { 961 wpa_dbg(wpa_s, MSG_DEBUG, 962 "Optimize scan based on conf->freq_list"); 963 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 964 } 965 966 /* Use current associated channel? */ 967 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 968 unsigned int num = wpa_s->num_multichan_concurrent; 969 970 params.freqs = os_calloc(num + 1, sizeof(int)); 971 if (params.freqs) { 972 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 973 if (num > 0) { 974 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 975 "current operating channels since " 976 "scan_cur_freq is enabled"); 977 } else { 978 os_free(params.freqs); 979 params.freqs = NULL; 980 } 981 } 982 } 983 984 params.filter_ssids = wpa_supplicant_build_filter_ssids( 985 wpa_s->conf, ¶ms.num_filter_ssids); 986 if (extra_ie) { 987 params.extra_ies = wpabuf_head(extra_ie); 988 params.extra_ies_len = wpabuf_len(extra_ie); 989 } 990 991 #ifdef CONFIG_P2P 992 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 993 (wpa_s->show_group_started && wpa_s->go_params)) { 994 /* 995 * The interface may not yet be in P2P mode, so we have to 996 * explicitly request P2P probe to disable CCK rates. 997 */ 998 params.p2p_probe = 1; 999 } 1000 #endif /* CONFIG_P2P */ 1001 1002 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { 1003 params.mac_addr_rand = 1; 1004 if (wpa_s->mac_addr_scan) { 1005 params.mac_addr = wpa_s->mac_addr_scan; 1006 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 1007 } 1008 } 1009 1010 scan_params = ¶ms; 1011 1012 scan: 1013 #ifdef CONFIG_P2P 1014 /* 1015 * If the driver does not support multi-channel concurrency and a 1016 * virtual interface that shares the same radio with the wpa_s interface 1017 * is operating there may not be need to scan other channels apart from 1018 * the current operating channel on the other virtual interface. Filter 1019 * out other channels in case we are trying to find a connection for a 1020 * station interface when we are not configured to prefer station 1021 * connection and a concurrent operation is already in process. 1022 */ 1023 if (wpa_s->scan_for_connection && 1024 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1025 !scan_params->freqs && !params.freqs && 1026 wpas_is_p2p_prioritized(wpa_s) && 1027 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1028 non_p2p_network_enabled(wpa_s)) { 1029 unsigned int num = wpa_s->num_multichan_concurrent; 1030 1031 params.freqs = os_calloc(num + 1, sizeof(int)); 1032 if (params.freqs) { 1033 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1034 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1035 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1036 } else { 1037 os_free(params.freqs); 1038 params.freqs = NULL; 1039 } 1040 } 1041 } 1042 #endif /* CONFIG_P2P */ 1043 1044 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1045 1046 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1047 !wpa_s->manual_scan_freqs) { 1048 /* Restore manual_scan_freqs for the next attempt */ 1049 wpa_s->manual_scan_freqs = params.freqs; 1050 params.freqs = NULL; 1051 } 1052 1053 wpabuf_free(extra_ie); 1054 os_free(params.freqs); 1055 os_free(params.filter_ssids); 1056 1057 if (ret) { 1058 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1059 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1060 wpa_supplicant_set_state(wpa_s, 1061 wpa_s->scan_prev_wpa_state); 1062 /* Restore scan_req since we will try to scan again */ 1063 wpa_s->scan_req = wpa_s->last_scan_req; 1064 wpa_supplicant_req_scan(wpa_s, 1, 0); 1065 } else { 1066 wpa_s->scan_for_connection = 0; 1067 #ifdef CONFIG_INTERWORKING 1068 wpa_s->interworking_fast_assoc_tried = 0; 1069 #endif /* CONFIG_INTERWORKING */ 1070 } 1071 } 1072 1073 1074 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1075 { 1076 struct os_reltime remaining, new_int; 1077 int cancelled; 1078 1079 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1080 &remaining); 1081 1082 new_int.sec = sec; 1083 new_int.usec = 0; 1084 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1085 new_int.sec = remaining.sec; 1086 new_int.usec = remaining.usec; 1087 } 1088 1089 if (cancelled) { 1090 eloop_register_timeout(new_int.sec, new_int.usec, 1091 wpa_supplicant_scan, wpa_s, NULL); 1092 } 1093 wpa_s->scan_interval = sec; 1094 } 1095 1096 1097 /** 1098 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1099 * @wpa_s: Pointer to wpa_supplicant data 1100 * @sec: Number of seconds after which to scan 1101 * @usec: Number of microseconds after which to scan 1102 * 1103 * This function is used to schedule a scan for neighboring access points after 1104 * the specified time. 1105 */ 1106 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1107 { 1108 int res; 1109 1110 if (wpa_s->p2p_mgmt) { 1111 wpa_dbg(wpa_s, MSG_DEBUG, 1112 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1113 sec, usec); 1114 return; 1115 } 1116 1117 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1118 NULL); 1119 if (res == 1) { 1120 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1121 sec, usec); 1122 } else if (res == 0) { 1123 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1124 sec, usec); 1125 } else { 1126 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1127 sec, usec); 1128 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1129 } 1130 } 1131 1132 1133 /** 1134 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1135 * @wpa_s: Pointer to wpa_supplicant data 1136 * @sec: Number of seconds after which to scan 1137 * @usec: Number of microseconds after which to scan 1138 * Returns: 0 on success or -1 otherwise 1139 * 1140 * This function is used to schedule periodic scans for neighboring 1141 * access points after the specified time. 1142 */ 1143 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1144 int sec, int usec) 1145 { 1146 if (!wpa_s->sched_scan_supported) 1147 return -1; 1148 1149 eloop_register_timeout(sec, usec, 1150 wpa_supplicant_delayed_sched_scan_timeout, 1151 wpa_s, NULL); 1152 1153 return 0; 1154 } 1155 1156 1157 /** 1158 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1159 * @wpa_s: Pointer to wpa_supplicant data 1160 * Returns: 0 is sched_scan was started or -1 otherwise 1161 * 1162 * This function is used to schedule periodic scans for neighboring 1163 * access points repeating the scan continuously. 1164 */ 1165 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1166 { 1167 struct wpa_driver_scan_params params; 1168 struct wpa_driver_scan_params *scan_params; 1169 enum wpa_states prev_state; 1170 struct wpa_ssid *ssid = NULL; 1171 struct wpabuf *extra_ie = NULL; 1172 int ret; 1173 unsigned int max_sched_scan_ssids; 1174 int wildcard = 0; 1175 int need_ssids; 1176 1177 if (!wpa_s->sched_scan_supported) 1178 return -1; 1179 1180 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1181 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1182 else 1183 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1184 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1185 return -1; 1186 1187 if (wpa_s->sched_scanning) { 1188 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1189 return 0; 1190 } 1191 1192 need_ssids = 0; 1193 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1194 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1195 /* Use wildcard SSID to find this network */ 1196 wildcard = 1; 1197 } else if (!wpas_network_disabled(wpa_s, ssid) && 1198 ssid->ssid_len) 1199 need_ssids++; 1200 1201 #ifdef CONFIG_WPS 1202 if (!wpas_network_disabled(wpa_s, ssid) && 1203 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1204 /* 1205 * Normal scan is more reliable and faster for WPS 1206 * operations and since these are for short periods of 1207 * time, the benefit of trying to use sched_scan would 1208 * be limited. 1209 */ 1210 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1211 "sched_scan for WPS"); 1212 return -1; 1213 } 1214 #endif /* CONFIG_WPS */ 1215 } 1216 if (wildcard) 1217 need_ssids++; 1218 1219 if (wpa_s->normal_scans < 3 && 1220 (need_ssids <= wpa_s->max_scan_ssids || 1221 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1222 /* 1223 * When normal scan can speed up operations, use that for the 1224 * first operations before starting the sched_scan to allow 1225 * user space sleep more. We do this only if the normal scan 1226 * has functionality that is suitable for this or if the 1227 * sched_scan does not have better support for multiple SSIDs. 1228 */ 1229 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1230 "sched_scan for initial scans (normal_scans=%d)", 1231 wpa_s->normal_scans); 1232 return -1; 1233 } 1234 1235 os_memset(¶ms, 0, sizeof(params)); 1236 1237 /* If we can't allocate space for the filters, we just don't filter */ 1238 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1239 sizeof(struct wpa_driver_scan_filter)); 1240 1241 prev_state = wpa_s->wpa_state; 1242 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1243 wpa_s->wpa_state == WPA_INACTIVE) 1244 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1245 1246 if (wpa_s->autoscan_params != NULL) { 1247 scan_params = wpa_s->autoscan_params; 1248 goto scan; 1249 } 1250 1251 /* Find the starting point from which to continue scanning */ 1252 ssid = wpa_s->conf->ssid; 1253 if (wpa_s->prev_sched_ssid) { 1254 while (ssid) { 1255 if (ssid == wpa_s->prev_sched_ssid) { 1256 ssid = ssid->next; 1257 break; 1258 } 1259 ssid = ssid->next; 1260 } 1261 } 1262 1263 if (!ssid || !wpa_s->prev_sched_ssid) { 1264 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1265 if (wpa_s->conf->sched_scan_interval) 1266 wpa_s->sched_scan_interval = 1267 wpa_s->conf->sched_scan_interval; 1268 if (wpa_s->sched_scan_interval == 0) 1269 wpa_s->sched_scan_interval = 10; 1270 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1271 wpa_s->first_sched_scan = 1; 1272 ssid = wpa_s->conf->ssid; 1273 wpa_s->prev_sched_ssid = ssid; 1274 } 1275 1276 if (wildcard) { 1277 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1278 params.num_ssids++; 1279 } 1280 1281 while (ssid) { 1282 if (wpas_network_disabled(wpa_s, ssid)) 1283 goto next; 1284 1285 if (params.num_filter_ssids < wpa_s->max_match_sets && 1286 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1287 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1288 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1289 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1290 ssid->ssid, ssid->ssid_len); 1291 params.filter_ssids[params.num_filter_ssids].ssid_len = 1292 ssid->ssid_len; 1293 params.num_filter_ssids++; 1294 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1295 { 1296 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1297 "filter for sched_scan - drop filter"); 1298 os_free(params.filter_ssids); 1299 params.filter_ssids = NULL; 1300 params.num_filter_ssids = 0; 1301 } 1302 1303 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1304 if (params.num_ssids == max_sched_scan_ssids) 1305 break; /* only room for broadcast SSID */ 1306 wpa_dbg(wpa_s, MSG_DEBUG, 1307 "add to active scan ssid: %s", 1308 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1309 params.ssids[params.num_ssids].ssid = 1310 ssid->ssid; 1311 params.ssids[params.num_ssids].ssid_len = 1312 ssid->ssid_len; 1313 params.num_ssids++; 1314 if (params.num_ssids >= max_sched_scan_ssids) { 1315 wpa_s->prev_sched_ssid = ssid; 1316 do { 1317 ssid = ssid->next; 1318 } while (ssid && 1319 (wpas_network_disabled(wpa_s, ssid) || 1320 !ssid->scan_ssid)); 1321 break; 1322 } 1323 } 1324 1325 next: 1326 wpa_s->prev_sched_ssid = ssid; 1327 ssid = ssid->next; 1328 } 1329 1330 if (params.num_filter_ssids == 0) { 1331 os_free(params.filter_ssids); 1332 params.filter_ssids = NULL; 1333 } 1334 1335 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1336 if (extra_ie) { 1337 params.extra_ies = wpabuf_head(extra_ie); 1338 params.extra_ies_len = wpabuf_len(extra_ie); 1339 } 1340 1341 if (wpa_s->conf->filter_rssi) 1342 params.filter_rssi = wpa_s->conf->filter_rssi; 1343 1344 /* See if user specified frequencies. If so, scan only those. */ 1345 if (wpa_s->conf->freq_list && !params.freqs) { 1346 wpa_dbg(wpa_s, MSG_DEBUG, 1347 "Optimize scan based on conf->freq_list"); 1348 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1349 } 1350 1351 scan_params = ¶ms; 1352 1353 scan: 1354 if (ssid || !wpa_s->first_sched_scan) { 1355 wpa_dbg(wpa_s, MSG_DEBUG, 1356 "Starting sched scan: interval %d timeout %d", 1357 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1358 } else { 1359 wpa_dbg(wpa_s, MSG_DEBUG, 1360 "Starting sched scan: interval %d (no timeout)", 1361 wpa_s->sched_scan_interval); 1362 } 1363 1364 wpa_setband_scan_freqs(wpa_s, scan_params); 1365 1366 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { 1367 params.mac_addr_rand = 1; 1368 if (wpa_s->mac_addr_sched_scan) { 1369 params.mac_addr = wpa_s->mac_addr_sched_scan; 1370 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1371 ETH_ALEN; 1372 } 1373 } 1374 1375 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1376 wpa_s->sched_scan_interval); 1377 wpabuf_free(extra_ie); 1378 os_free(params.filter_ssids); 1379 if (ret) { 1380 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1381 if (prev_state != wpa_s->wpa_state) 1382 wpa_supplicant_set_state(wpa_s, prev_state); 1383 return ret; 1384 } 1385 1386 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1387 if (ssid || !wpa_s->first_sched_scan) { 1388 wpa_s->sched_scan_timed_out = 0; 1389 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1390 wpa_supplicant_sched_scan_timeout, 1391 wpa_s, NULL); 1392 wpa_s->first_sched_scan = 0; 1393 wpa_s->sched_scan_timeout /= 2; 1394 wpa_s->sched_scan_interval *= 2; 1395 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1396 wpa_s->sched_scan_interval = 10; 1397 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1398 } 1399 } 1400 1401 /* If there is no more ssids, start next time from the beginning */ 1402 if (!ssid) 1403 wpa_s->prev_sched_ssid = NULL; 1404 1405 return 0; 1406 } 1407 1408 1409 /** 1410 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1411 * @wpa_s: Pointer to wpa_supplicant data 1412 * 1413 * This function is used to cancel a scan request scheduled with 1414 * wpa_supplicant_req_scan(). 1415 */ 1416 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1417 { 1418 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1419 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1420 } 1421 1422 1423 /** 1424 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1425 * @wpa_s: Pointer to wpa_supplicant data 1426 * 1427 * This function is used to stop a delayed scheduled scan. 1428 */ 1429 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1430 { 1431 if (!wpa_s->sched_scan_supported) 1432 return; 1433 1434 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1435 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1436 wpa_s, NULL); 1437 } 1438 1439 1440 /** 1441 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1442 * @wpa_s: Pointer to wpa_supplicant data 1443 * 1444 * This function is used to stop a periodic scheduled scan. 1445 */ 1446 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1447 { 1448 if (!wpa_s->sched_scanning) 1449 return; 1450 1451 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1452 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1453 wpa_supplicant_stop_sched_scan(wpa_s); 1454 } 1455 1456 1457 /** 1458 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1459 * @wpa_s: Pointer to wpa_supplicant data 1460 * @scanning: Whether scanning is currently in progress 1461 * 1462 * This function is to generate scanning notifycations. It is called whenever 1463 * there may have been a change in scanning (scan started, completed, stopped). 1464 * wpas_notify_scanning() is called whenever the scanning state changed from the 1465 * previously notified state. 1466 */ 1467 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1468 int scanning) 1469 { 1470 if (wpa_s->scanning != scanning) { 1471 wpa_s->scanning = scanning; 1472 wpas_notify_scanning(wpa_s); 1473 } 1474 } 1475 1476 1477 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1478 { 1479 int rate = 0; 1480 const u8 *ie; 1481 int i; 1482 1483 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1484 for (i = 0; ie && i < ie[1]; i++) { 1485 if ((ie[i + 2] & 0x7f) > rate) 1486 rate = ie[i + 2] & 0x7f; 1487 } 1488 1489 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1490 for (i = 0; ie && i < ie[1]; i++) { 1491 if ((ie[i + 2] & 0x7f) > rate) 1492 rate = ie[i + 2] & 0x7f; 1493 } 1494 1495 return rate; 1496 } 1497 1498 1499 /** 1500 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1501 * @res: Scan result entry 1502 * @ie: Information element identitifier (WLAN_EID_*) 1503 * Returns: Pointer to the information element (id field) or %NULL if not found 1504 * 1505 * This function returns the first matching information element in the scan 1506 * result. 1507 */ 1508 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1509 { 1510 const u8 *end, *pos; 1511 1512 pos = (const u8 *) (res + 1); 1513 end = pos + res->ie_len; 1514 1515 while (pos + 1 < end) { 1516 if (pos + 2 + pos[1] > end) 1517 break; 1518 if (pos[0] == ie) 1519 return pos; 1520 pos += 2 + pos[1]; 1521 } 1522 1523 return NULL; 1524 } 1525 1526 1527 /** 1528 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1529 * @res: Scan result entry 1530 * @vendor_type: Vendor type (four octets starting the IE payload) 1531 * Returns: Pointer to the information element (id field) or %NULL if not found 1532 * 1533 * This function returns the first matching information element in the scan 1534 * result. 1535 */ 1536 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1537 u32 vendor_type) 1538 { 1539 const u8 *end, *pos; 1540 1541 pos = (const u8 *) (res + 1); 1542 end = pos + res->ie_len; 1543 1544 while (pos + 1 < end) { 1545 if (pos + 2 + pos[1] > end) 1546 break; 1547 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1548 vendor_type == WPA_GET_BE32(&pos[2])) 1549 return pos; 1550 pos += 2 + pos[1]; 1551 } 1552 1553 return NULL; 1554 } 1555 1556 1557 /** 1558 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1559 * @res: Scan result entry 1560 * @vendor_type: Vendor type (four octets starting the IE payload) 1561 * Returns: Pointer to the information element (id field) or %NULL if not found 1562 * 1563 * This function returns the first matching information element in the scan 1564 * result. 1565 * 1566 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1567 * from Beacon frames instead of either Beacon or Probe Response frames. 1568 */ 1569 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1570 u32 vendor_type) 1571 { 1572 const u8 *end, *pos; 1573 1574 if (res->beacon_ie_len == 0) 1575 return NULL; 1576 1577 pos = (const u8 *) (res + 1); 1578 pos += res->ie_len; 1579 end = pos + res->beacon_ie_len; 1580 1581 while (pos + 1 < end) { 1582 if (pos + 2 + pos[1] > end) 1583 break; 1584 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1585 vendor_type == WPA_GET_BE32(&pos[2])) 1586 return pos; 1587 pos += 2 + pos[1]; 1588 } 1589 1590 return NULL; 1591 } 1592 1593 1594 /** 1595 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1596 * @res: Scan result entry 1597 * @vendor_type: Vendor type (four octets starting the IE payload) 1598 * Returns: Pointer to the information element payload or %NULL if not found 1599 * 1600 * This function returns concatenated payload of possibly fragmented vendor 1601 * specific information elements in the scan result. The caller is responsible 1602 * for freeing the returned buffer. 1603 */ 1604 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1605 u32 vendor_type) 1606 { 1607 struct wpabuf *buf; 1608 const u8 *end, *pos; 1609 1610 buf = wpabuf_alloc(res->ie_len); 1611 if (buf == NULL) 1612 return NULL; 1613 1614 pos = (const u8 *) (res + 1); 1615 end = pos + res->ie_len; 1616 1617 while (pos + 1 < end) { 1618 if (pos + 2 + pos[1] > end) 1619 break; 1620 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1621 vendor_type == WPA_GET_BE32(&pos[2])) 1622 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1623 pos += 2 + pos[1]; 1624 } 1625 1626 if (wpabuf_len(buf) == 0) { 1627 wpabuf_free(buf); 1628 buf = NULL; 1629 } 1630 1631 return buf; 1632 } 1633 1634 1635 /* 1636 * Channels with a great SNR can operate at full rate. What is a great SNR? 1637 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1638 * rule of thumb is that any SNR above 20 is good." This one 1639 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1640 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1641 * conservative value. 1642 */ 1643 #define GREAT_SNR 30 1644 1645 #define IS_5GHZ(n) (n > 4000) 1646 1647 /* Compare function for sorting scan results. Return >0 if @b is considered 1648 * better. */ 1649 static int wpa_scan_result_compar(const void *a, const void *b) 1650 { 1651 #define MIN(a,b) a < b ? a : b 1652 struct wpa_scan_res **_wa = (void *) a; 1653 struct wpa_scan_res **_wb = (void *) b; 1654 struct wpa_scan_res *wa = *_wa; 1655 struct wpa_scan_res *wb = *_wb; 1656 int wpa_a, wpa_b; 1657 int snr_a, snr_b, snr_a_full, snr_b_full; 1658 1659 /* WPA/WPA2 support preferred */ 1660 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1661 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1662 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1663 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1664 1665 if (wpa_b && !wpa_a) 1666 return 1; 1667 if (!wpa_b && wpa_a) 1668 return -1; 1669 1670 /* privacy support preferred */ 1671 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1672 (wb->caps & IEEE80211_CAP_PRIVACY)) 1673 return 1; 1674 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1675 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1676 return -1; 1677 1678 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1679 snr_a_full = wa->snr; 1680 snr_a = MIN(wa->snr, GREAT_SNR); 1681 snr_b_full = wb->snr; 1682 snr_b = MIN(wa->snr, GREAT_SNR); 1683 } else { 1684 /* Level is not in dBm, so we can't calculate 1685 * SNR. Just use raw level (units unknown). */ 1686 snr_a = snr_a_full = wa->level; 1687 snr_b = snr_b_full = wb->level; 1688 } 1689 1690 /* if SNR is close, decide by max rate or frequency band */ 1691 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1692 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1693 if (wa->est_throughput != wb->est_throughput) 1694 return wb->est_throughput - wa->est_throughput; 1695 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1696 return IS_5GHZ(wa->freq) ? -1 : 1; 1697 } 1698 1699 /* all things being equal, use SNR; if SNRs are 1700 * identical, use quality values since some drivers may only report 1701 * that value and leave the signal level zero */ 1702 if (snr_b_full == snr_a_full) 1703 return wb->qual - wa->qual; 1704 return snr_b_full - snr_a_full; 1705 #undef MIN 1706 } 1707 1708 1709 #ifdef CONFIG_WPS 1710 /* Compare function for sorting scan results when searching a WPS AP for 1711 * provisioning. Return >0 if @b is considered better. */ 1712 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1713 { 1714 struct wpa_scan_res **_wa = (void *) a; 1715 struct wpa_scan_res **_wb = (void *) b; 1716 struct wpa_scan_res *wa = *_wa; 1717 struct wpa_scan_res *wb = *_wb; 1718 int uses_wps_a, uses_wps_b; 1719 struct wpabuf *wps_a, *wps_b; 1720 int res; 1721 1722 /* Optimization - check WPS IE existence before allocated memory and 1723 * doing full reassembly. */ 1724 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1725 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1726 if (uses_wps_a && !uses_wps_b) 1727 return -1; 1728 if (!uses_wps_a && uses_wps_b) 1729 return 1; 1730 1731 if (uses_wps_a && uses_wps_b) { 1732 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1733 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1734 res = wps_ap_priority_compar(wps_a, wps_b); 1735 wpabuf_free(wps_a); 1736 wpabuf_free(wps_b); 1737 if (res) 1738 return res; 1739 } 1740 1741 /* 1742 * Do not use current AP security policy as a sorting criteria during 1743 * WPS provisioning step since the AP may get reconfigured at the 1744 * completion of provisioning. 1745 */ 1746 1747 /* all things being equal, use signal level; if signal levels are 1748 * identical, use quality values since some drivers may only report 1749 * that value and leave the signal level zero */ 1750 if (wb->level == wa->level) 1751 return wb->qual - wa->qual; 1752 return wb->level - wa->level; 1753 } 1754 #endif /* CONFIG_WPS */ 1755 1756 1757 static void dump_scan_res(struct wpa_scan_results *scan_res) 1758 { 1759 #ifndef CONFIG_NO_STDOUT_DEBUG 1760 size_t i; 1761 1762 if (scan_res->res == NULL || scan_res->num == 0) 1763 return; 1764 1765 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1766 1767 for (i = 0; i < scan_res->num; i++) { 1768 struct wpa_scan_res *r = scan_res->res[i]; 1769 u8 *pos; 1770 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1771 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1772 1773 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1774 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1775 MAC2STR(r->bssid), r->freq, r->qual, 1776 r->noise, noise_valid ? "" : "~", r->level, 1777 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1778 r->flags, 1779 r->age, r->est_throughput); 1780 } else { 1781 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1782 "noise=%d level=%d flags=0x%x age=%u est=%u", 1783 MAC2STR(r->bssid), r->freq, r->qual, 1784 r->noise, r->level, r->flags, r->age, 1785 r->est_throughput); 1786 } 1787 pos = (u8 *) (r + 1); 1788 if (r->ie_len) 1789 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1790 pos += r->ie_len; 1791 if (r->beacon_ie_len) 1792 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1793 pos, r->beacon_ie_len); 1794 } 1795 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1796 } 1797 1798 1799 /** 1800 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1801 * @wpa_s: Pointer to wpa_supplicant data 1802 * @bssid: BSSID to check 1803 * Returns: 0 if the BSSID is filtered or 1 if not 1804 * 1805 * This function is used to filter out specific BSSIDs from scan reslts mainly 1806 * for testing purposes (SET bssid_filter ctrl_iface command). 1807 */ 1808 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1809 const u8 *bssid) 1810 { 1811 size_t i; 1812 1813 if (wpa_s->bssid_filter == NULL) 1814 return 1; 1815 1816 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1817 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1818 ETH_ALEN) == 0) 1819 return 1; 1820 } 1821 1822 return 0; 1823 } 1824 1825 1826 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1827 struct wpa_scan_results *res) 1828 { 1829 size_t i, j; 1830 1831 if (wpa_s->bssid_filter == NULL) 1832 return; 1833 1834 for (i = 0, j = 0; i < res->num; i++) { 1835 if (wpa_supplicant_filter_bssid_match(wpa_s, 1836 res->res[i]->bssid)) { 1837 res->res[j++] = res->res[i]; 1838 } else { 1839 os_free(res->res[i]); 1840 res->res[i] = NULL; 1841 } 1842 } 1843 1844 if (res->num != j) { 1845 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1846 (int) (res->num - j)); 1847 res->num = j; 1848 } 1849 } 1850 1851 1852 /* 1853 * Noise floor values to use when we have signal strength 1854 * measurements, but no noise floor measurments. These values were 1855 * measured in an office environment with many APs. 1856 */ 1857 #define DEFAULT_NOISE_FLOOR_2GHZ (-89) 1858 #define DEFAULT_NOISE_FLOOR_5GHZ (-92) 1859 1860 static void scan_snr(struct wpa_scan_res *res) 1861 { 1862 if (res->flags & WPA_SCAN_NOISE_INVALID) { 1863 res->noise = IS_5GHZ(res->freq) ? 1864 DEFAULT_NOISE_FLOOR_5GHZ : 1865 DEFAULT_NOISE_FLOOR_2GHZ; 1866 } 1867 1868 if (res->flags & WPA_SCAN_LEVEL_DBM) { 1869 res->snr = res->level - res->noise; 1870 } else { 1871 /* Level is not in dBm, so we can't calculate 1872 * SNR. Just use raw level (units unknown). */ 1873 res->snr = res->level; 1874 } 1875 } 1876 1877 1878 static unsigned int max_ht20_rate(int snr) 1879 { 1880 if (snr < 6) 1881 return 6500; /* HT20 MCS0 */ 1882 if (snr < 8) 1883 return 13000; /* HT20 MCS1 */ 1884 if (snr < 13) 1885 return 19500; /* HT20 MCS2 */ 1886 if (snr < 17) 1887 return 26000; /* HT20 MCS3 */ 1888 if (snr < 20) 1889 return 39000; /* HT20 MCS4 */ 1890 if (snr < 23) 1891 return 52000; /* HT20 MCS5 */ 1892 if (snr < 24) 1893 return 58500; /* HT20 MCS6 */ 1894 return 65000; /* HT20 MCS7 */ 1895 } 1896 1897 1898 static unsigned int max_ht40_rate(int snr) 1899 { 1900 if (snr < 3) 1901 return 13500; /* HT40 MCS0 */ 1902 if (snr < 6) 1903 return 27000; /* HT40 MCS1 */ 1904 if (snr < 10) 1905 return 40500; /* HT40 MCS2 */ 1906 if (snr < 15) 1907 return 54000; /* HT40 MCS3 */ 1908 if (snr < 17) 1909 return 81000; /* HT40 MCS4 */ 1910 if (snr < 22) 1911 return 108000; /* HT40 MCS5 */ 1912 if (snr < 24) 1913 return 121500; /* HT40 MCS6 */ 1914 return 135000; /* HT40 MCS7 */ 1915 } 1916 1917 1918 static unsigned int max_vht80_rate(int snr) 1919 { 1920 if (snr < 1) 1921 return 0; 1922 if (snr < 2) 1923 return 29300; /* VHT80 MCS0 */ 1924 if (snr < 5) 1925 return 58500; /* VHT80 MCS1 */ 1926 if (snr < 9) 1927 return 87800; /* VHT80 MCS2 */ 1928 if (snr < 11) 1929 return 117000; /* VHT80 MCS3 */ 1930 if (snr < 15) 1931 return 175500; /* VHT80 MCS4 */ 1932 if (snr < 16) 1933 return 234000; /* VHT80 MCS5 */ 1934 if (snr < 18) 1935 return 263300; /* VHT80 MCS6 */ 1936 if (snr < 20) 1937 return 292500; /* VHT80 MCS7 */ 1938 if (snr < 22) 1939 return 351000; /* VHT80 MCS8 */ 1940 return 390000; /* VHT80 MCS9 */ 1941 } 1942 1943 1944 static void scan_est_throughput(struct wpa_supplicant *wpa_s, 1945 struct wpa_scan_res *res) 1946 { 1947 enum local_hw_capab capab = wpa_s->hw_capab; 1948 int rate; /* max legacy rate in 500 kb/s units */ 1949 const u8 *ie; 1950 unsigned int est, tmp; 1951 int snr = res->snr; 1952 1953 if (res->est_throughput) 1954 return; 1955 1956 /* Get maximum legacy rate */ 1957 rate = wpa_scan_get_max_rate(res); 1958 1959 /* Limit based on estimated SNR */ 1960 if (rate > 1 * 2 && snr < 1) 1961 rate = 1 * 2; 1962 else if (rate > 2 * 2 && snr < 4) 1963 rate = 2 * 2; 1964 else if (rate > 6 * 2 && snr < 5) 1965 rate = 6 * 2; 1966 else if (rate > 9 * 2 && snr < 6) 1967 rate = 9 * 2; 1968 else if (rate > 12 * 2 && snr < 7) 1969 rate = 12 * 2; 1970 else if (rate > 18 * 2 && snr < 10) 1971 rate = 18 * 2; 1972 else if (rate > 24 * 2 && snr < 11) 1973 rate = 24 * 2; 1974 else if (rate > 36 * 2 && snr < 15) 1975 rate = 36 * 2; 1976 else if (rate > 48 * 2 && snr < 19) 1977 rate = 48 * 2; 1978 else if (rate > 54 * 2 && snr < 21) 1979 rate = 54 * 2; 1980 est = rate * 500; 1981 1982 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 1983 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 1984 if (ie) { 1985 tmp = max_ht20_rate(snr); 1986 if (tmp > est) 1987 est = tmp; 1988 } 1989 } 1990 1991 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 1992 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 1993 if (ie && ie[1] >= 2 && 1994 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 1995 tmp = max_ht40_rate(snr); 1996 if (tmp > est) 1997 est = tmp; 1998 } 1999 } 2000 2001 if (capab == CAPAB_VHT) { 2002 /* Use +1 to assume VHT is always faster than HT */ 2003 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 2004 if (ie) { 2005 tmp = max_ht20_rate(snr) + 1; 2006 if (tmp > est) 2007 est = tmp; 2008 2009 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2010 if (ie && ie[1] >= 2 && 2011 (ie[3] & 2012 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2013 tmp = max_ht40_rate(snr) + 1; 2014 if (tmp > est) 2015 est = tmp; 2016 } 2017 2018 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 2019 if (ie && ie[1] >= 1 && 2020 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 2021 tmp = max_vht80_rate(snr) + 1; 2022 if (tmp > est) 2023 est = tmp; 2024 } 2025 } 2026 } 2027 2028 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2029 2030 res->est_throughput = est; 2031 } 2032 2033 2034 /** 2035 * wpa_supplicant_get_scan_results - Get scan results 2036 * @wpa_s: Pointer to wpa_supplicant data 2037 * @info: Information about what was scanned or %NULL if not available 2038 * @new_scan: Whether a new scan was performed 2039 * Returns: Scan results, %NULL on failure 2040 * 2041 * This function request the current scan results from the driver and updates 2042 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2043 * results with wpa_scan_results_free(). 2044 */ 2045 struct wpa_scan_results * 2046 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2047 struct scan_info *info, int new_scan) 2048 { 2049 struct wpa_scan_results *scan_res; 2050 size_t i; 2051 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2052 2053 scan_res = wpa_drv_get_scan_results2(wpa_s); 2054 if (scan_res == NULL) { 2055 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2056 return NULL; 2057 } 2058 if (scan_res->fetch_time.sec == 0) { 2059 /* 2060 * Make sure we have a valid timestamp if the driver wrapper 2061 * does not set this. 2062 */ 2063 os_get_reltime(&scan_res->fetch_time); 2064 } 2065 filter_scan_res(wpa_s, scan_res); 2066 2067 for (i = 0; i < scan_res->num; i++) { 2068 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2069 2070 scan_snr(scan_res_item); 2071 scan_est_throughput(wpa_s, scan_res_item); 2072 } 2073 2074 #ifdef CONFIG_WPS 2075 if (wpas_wps_searching(wpa_s)) { 2076 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2077 "provisioning rules"); 2078 compar = wpa_scan_result_wps_compar; 2079 } 2080 #endif /* CONFIG_WPS */ 2081 2082 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 2083 compar); 2084 dump_scan_res(scan_res); 2085 2086 wpa_bss_update_start(wpa_s); 2087 for (i = 0; i < scan_res->num; i++) 2088 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2089 &scan_res->fetch_time); 2090 wpa_bss_update_end(wpa_s, info, new_scan); 2091 2092 return scan_res; 2093 } 2094 2095 2096 /** 2097 * wpa_supplicant_update_scan_results - Update scan results from the driver 2098 * @wpa_s: Pointer to wpa_supplicant data 2099 * Returns: 0 on success, -1 on failure 2100 * 2101 * This function updates the BSS table within wpa_supplicant based on the 2102 * currently available scan results from the driver without requesting a new 2103 * scan. This is used in cases where the driver indicates an association 2104 * (including roaming within ESS) and wpa_supplicant does not yet have the 2105 * needed information to complete the connection (e.g., to perform validation 2106 * steps in 4-way handshake). 2107 */ 2108 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2109 { 2110 struct wpa_scan_results *scan_res; 2111 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2112 if (scan_res == NULL) 2113 return -1; 2114 wpa_scan_results_free(scan_res); 2115 2116 return 0; 2117 } 2118 2119 2120 /** 2121 * scan_only_handler - Reports scan results 2122 */ 2123 void scan_only_handler(struct wpa_supplicant *wpa_s, 2124 struct wpa_scan_results *scan_res) 2125 { 2126 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2127 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2128 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2129 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2130 wpa_s->manual_scan_id); 2131 wpa_s->manual_scan_use_id = 0; 2132 } else { 2133 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2134 } 2135 wpas_notify_scan_results(wpa_s); 2136 wpas_notify_scan_done(wpa_s, 1); 2137 if (wpa_s->scan_work) { 2138 struct wpa_radio_work *work = wpa_s->scan_work; 2139 wpa_s->scan_work = NULL; 2140 radio_work_done(work); 2141 } 2142 } 2143 2144 2145 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2146 { 2147 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2148 } 2149 2150 2151 struct wpa_driver_scan_params * 2152 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2153 { 2154 struct wpa_driver_scan_params *params; 2155 size_t i; 2156 u8 *n; 2157 2158 params = os_zalloc(sizeof(*params)); 2159 if (params == NULL) 2160 return NULL; 2161 2162 for (i = 0; i < src->num_ssids; i++) { 2163 if (src->ssids[i].ssid) { 2164 n = os_malloc(src->ssids[i].ssid_len); 2165 if (n == NULL) 2166 goto failed; 2167 os_memcpy(n, src->ssids[i].ssid, 2168 src->ssids[i].ssid_len); 2169 params->ssids[i].ssid = n; 2170 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2171 } 2172 } 2173 params->num_ssids = src->num_ssids; 2174 2175 if (src->extra_ies) { 2176 n = os_malloc(src->extra_ies_len); 2177 if (n == NULL) 2178 goto failed; 2179 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2180 params->extra_ies = n; 2181 params->extra_ies_len = src->extra_ies_len; 2182 } 2183 2184 if (src->freqs) { 2185 int len = int_array_len(src->freqs); 2186 params->freqs = os_malloc((len + 1) * sizeof(int)); 2187 if (params->freqs == NULL) 2188 goto failed; 2189 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2190 } 2191 2192 if (src->filter_ssids) { 2193 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2194 src->num_filter_ssids); 2195 if (params->filter_ssids == NULL) 2196 goto failed; 2197 os_memcpy(params->filter_ssids, src->filter_ssids, 2198 sizeof(*params->filter_ssids) * 2199 src->num_filter_ssids); 2200 params->num_filter_ssids = src->num_filter_ssids; 2201 } 2202 2203 params->filter_rssi = src->filter_rssi; 2204 params->p2p_probe = src->p2p_probe; 2205 params->only_new_results = src->only_new_results; 2206 params->low_priority = src->low_priority; 2207 2208 if (src->mac_addr_rand) { 2209 params->mac_addr_rand = src->mac_addr_rand; 2210 2211 if (src->mac_addr && src->mac_addr_mask) { 2212 u8 *mac_addr; 2213 2214 mac_addr = os_malloc(2 * ETH_ALEN); 2215 if (!mac_addr) 2216 goto failed; 2217 2218 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2219 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2220 ETH_ALEN); 2221 params->mac_addr = mac_addr; 2222 params->mac_addr_mask = mac_addr + ETH_ALEN; 2223 } 2224 } 2225 return params; 2226 2227 failed: 2228 wpa_scan_free_params(params); 2229 return NULL; 2230 } 2231 2232 2233 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2234 { 2235 size_t i; 2236 2237 if (params == NULL) 2238 return; 2239 2240 for (i = 0; i < params->num_ssids; i++) 2241 os_free((u8 *) params->ssids[i].ssid); 2242 os_free((u8 *) params->extra_ies); 2243 os_free(params->freqs); 2244 os_free(params->filter_ssids); 2245 2246 /* 2247 * Note: params->mac_addr_mask points to same memory allocation and 2248 * must not be freed separately. 2249 */ 2250 os_free((u8 *) params->mac_addr); 2251 2252 os_free(params); 2253 } 2254 2255 2256 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2257 { 2258 int ret, interval, prio; 2259 size_t i, num_ssid, num_match_ssid; 2260 struct wpa_ssid *ssid; 2261 struct wpa_driver_scan_params params; 2262 2263 if (!wpa_s->sched_scan_supported) 2264 return -1; 2265 2266 if (wpa_s->pno || wpa_s->pno_sched_pending) 2267 return 0; 2268 2269 if ((wpa_s->wpa_state > WPA_SCANNING) && 2270 (wpa_s->wpa_state <= WPA_COMPLETED)) { 2271 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2272 return -EAGAIN; 2273 } 2274 2275 if (wpa_s->wpa_state == WPA_SCANNING) { 2276 wpa_supplicant_cancel_scan(wpa_s); 2277 if (wpa_s->sched_scanning) { 2278 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2279 "ongoing sched scan"); 2280 wpa_supplicant_cancel_sched_scan(wpa_s); 2281 wpa_s->pno_sched_pending = 1; 2282 return 0; 2283 } 2284 } 2285 2286 os_memset(¶ms, 0, sizeof(params)); 2287 2288 num_ssid = num_match_ssid = 0; 2289 ssid = wpa_s->conf->ssid; 2290 while (ssid) { 2291 if (!wpas_network_disabled(wpa_s, ssid)) { 2292 num_match_ssid++; 2293 if (ssid->scan_ssid) 2294 num_ssid++; 2295 } 2296 ssid = ssid->next; 2297 } 2298 2299 if (num_match_ssid == 0) { 2300 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2301 return -1; 2302 } 2303 2304 if (num_match_ssid > num_ssid) { 2305 params.num_ssids++; /* wildcard */ 2306 num_ssid++; 2307 } 2308 2309 if (num_ssid > WPAS_MAX_SCAN_SSIDS) { 2310 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2311 "%u", WPAS_MAX_SCAN_SSIDS, (unsigned int) num_ssid); 2312 num_ssid = WPAS_MAX_SCAN_SSIDS; 2313 } 2314 2315 if (num_match_ssid > wpa_s->max_match_sets) { 2316 num_match_ssid = wpa_s->max_match_sets; 2317 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2318 } 2319 params.filter_ssids = os_calloc(num_match_ssid, 2320 sizeof(struct wpa_driver_scan_filter)); 2321 if (params.filter_ssids == NULL) 2322 return -1; 2323 2324 i = 0; 2325 prio = 0; 2326 ssid = wpa_s->conf->pssid[prio]; 2327 while (ssid) { 2328 if (!wpas_network_disabled(wpa_s, ssid)) { 2329 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2330 params.ssids[params.num_ssids].ssid = 2331 ssid->ssid; 2332 params.ssids[params.num_ssids].ssid_len = 2333 ssid->ssid_len; 2334 params.num_ssids++; 2335 } 2336 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2337 ssid->ssid_len); 2338 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2339 params.num_filter_ssids++; 2340 i++; 2341 if (i == num_match_ssid) 2342 break; 2343 } 2344 if (ssid->pnext) 2345 ssid = ssid->pnext; 2346 else if (prio + 1 == wpa_s->conf->num_prio) 2347 break; 2348 else 2349 ssid = wpa_s->conf->pssid[++prio]; 2350 } 2351 2352 if (wpa_s->conf->filter_rssi) 2353 params.filter_rssi = wpa_s->conf->filter_rssi; 2354 2355 interval = wpa_s->conf->sched_scan_interval ? 2356 wpa_s->conf->sched_scan_interval : 10; 2357 2358 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2359 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2360 params.freqs = wpa_s->manual_sched_scan_freqs; 2361 } 2362 2363 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { 2364 params.mac_addr_rand = 1; 2365 if (wpa_s->mac_addr_pno) { 2366 params.mac_addr = wpa_s->mac_addr_pno; 2367 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2368 } 2369 } 2370 2371 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms, interval); 2372 os_free(params.filter_ssids); 2373 if (ret == 0) 2374 wpa_s->pno = 1; 2375 else 2376 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2377 return ret; 2378 } 2379 2380 2381 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2382 { 2383 int ret = 0; 2384 2385 if (!wpa_s->pno) 2386 return 0; 2387 2388 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2389 2390 wpa_s->pno = 0; 2391 wpa_s->pno_sched_pending = 0; 2392 2393 if (wpa_s->wpa_state == WPA_SCANNING) 2394 wpa_supplicant_req_scan(wpa_s, 0, 0); 2395 2396 return ret; 2397 } 2398 2399 2400 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2401 unsigned int type) 2402 { 2403 type &= MAC_ADDR_RAND_ALL; 2404 wpa_s->mac_addr_rand_enable &= ~type; 2405 2406 if (type & MAC_ADDR_RAND_SCAN) { 2407 os_free(wpa_s->mac_addr_scan); 2408 wpa_s->mac_addr_scan = NULL; 2409 } 2410 2411 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2412 os_free(wpa_s->mac_addr_sched_scan); 2413 wpa_s->mac_addr_sched_scan = NULL; 2414 } 2415 2416 if (type & MAC_ADDR_RAND_PNO) { 2417 os_free(wpa_s->mac_addr_pno); 2418 wpa_s->mac_addr_pno = NULL; 2419 } 2420 } 2421 2422 2423 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2424 unsigned int type, const u8 *addr, 2425 const u8 *mask) 2426 { 2427 u8 *tmp = NULL; 2428 2429 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2430 2431 if (addr) { 2432 tmp = os_malloc(2 * ETH_ALEN); 2433 if (!tmp) 2434 return -1; 2435 os_memcpy(tmp, addr, ETH_ALEN); 2436 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2437 } 2438 2439 if (type == MAC_ADDR_RAND_SCAN) { 2440 wpa_s->mac_addr_scan = tmp; 2441 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2442 wpa_s->mac_addr_sched_scan = tmp; 2443 } else if (type == MAC_ADDR_RAND_PNO) { 2444 wpa_s->mac_addr_pno = tmp; 2445 } else { 2446 wpa_printf(MSG_INFO, 2447 "scan: Invalid MAC randomization type=0x%x", 2448 type); 2449 os_free(tmp); 2450 return -1; 2451 } 2452 2453 wpa_s->mac_addr_rand_enable |= type; 2454 return 0; 2455 } 2456