1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 if (wpa_s->current_ssid != NULL) 40 wpas_notify_network_changed(wpa_s); 41 } 42 wpa_supplicant_initiate_eapol(wpa_s); 43 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 44 "network - generating associated event"); 45 os_memset(&data, 0, sizeof(data)); 46 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 47 } 48 49 50 #ifdef CONFIG_WPS 51 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 52 enum wps_request_type *req_type) 53 { 54 struct wpa_ssid *ssid; 55 int wps = 0; 56 57 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 58 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 59 continue; 60 61 wps = 1; 62 *req_type = wpas_wps_get_req_type(ssid); 63 if (!ssid->eap.phase1) 64 continue; 65 66 if (os_strstr(ssid->eap.phase1, "pbc=1")) 67 return 2; 68 } 69 70 #ifdef CONFIG_P2P 71 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 72 !wpa_s->conf->p2p_disabled) { 73 wpa_s->wps->dev.p2p = 1; 74 if (!wps) { 75 wps = 1; 76 *req_type = WPS_REQ_ENROLLEE_INFO; 77 } 78 } 79 #endif /* CONFIG_P2P */ 80 81 return wps; 82 } 83 #endif /* CONFIG_WPS */ 84 85 86 /** 87 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 88 * @wpa_s: Pointer to wpa_supplicant data 89 * Returns: 0 if no networks are enabled, >0 if networks are enabled 90 * 91 * This function is used to figure out whether any networks (or Interworking 92 * with enabled credentials and auto_interworking) are present in the current 93 * configuration. 94 */ 95 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 96 { 97 struct wpa_ssid *ssid = wpa_s->conf->ssid; 98 int count = 0, disabled = 0; 99 100 if (wpa_s->p2p_mgmt) 101 return 0; /* no normal network profiles on p2p_mgmt interface */ 102 103 while (ssid) { 104 if (!wpas_network_disabled(wpa_s, ssid)) 105 count++; 106 else 107 disabled++; 108 ssid = ssid->next; 109 } 110 if (wpa_s->conf->cred && wpa_s->conf->interworking && 111 wpa_s->conf->auto_interworking) 112 count++; 113 if (count == 0 && disabled > 0) { 114 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 115 "networks)", disabled); 116 } 117 return count; 118 } 119 120 121 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 122 struct wpa_ssid *ssid) 123 { 124 while (ssid) { 125 if (!wpas_network_disabled(wpa_s, ssid)) 126 break; 127 ssid = ssid->next; 128 } 129 130 /* ap_scan=2 mode - try to associate with each SSID. */ 131 if (ssid == NULL) { 132 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 133 "end of scan list - go back to beginning"); 134 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 135 wpa_supplicant_req_scan(wpa_s, 0, 0); 136 return; 137 } 138 if (ssid->next) { 139 /* Continue from the next SSID on the next attempt. */ 140 wpa_s->prev_scan_ssid = ssid; 141 } else { 142 /* Start from the beginning of the SSID list. */ 143 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 144 } 145 wpa_supplicant_associate(wpa_s, NULL, ssid); 146 } 147 148 149 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 150 { 151 struct wpa_supplicant *wpa_s = work->wpa_s; 152 struct wpa_driver_scan_params *params = work->ctx; 153 int ret; 154 155 if (deinit) { 156 if (!work->started) { 157 wpa_scan_free_params(params); 158 return; 159 } 160 wpa_supplicant_notify_scanning(wpa_s, 0); 161 wpas_notify_scan_done(wpa_s, 0); 162 wpa_s->scan_work = NULL; 163 return; 164 } 165 166 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 167 wpa_msg(wpa_s, MSG_INFO, 168 "Failed to assign random MAC address for a scan"); 169 radio_work_done(work); 170 return; 171 } 172 173 wpa_supplicant_notify_scanning(wpa_s, 1); 174 175 if (wpa_s->clear_driver_scan_cache) { 176 wpa_printf(MSG_DEBUG, 177 "Request driver to clear scan cache due to local BSS flush"); 178 params->only_new_results = 1; 179 } 180 ret = wpa_drv_scan(wpa_s, params); 181 wpa_scan_free_params(params); 182 work->ctx = NULL; 183 if (ret) { 184 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 185 186 if (wpa_s->disconnected) 187 retry = 0; 188 189 wpa_supplicant_notify_scanning(wpa_s, 0); 190 wpas_notify_scan_done(wpa_s, 0); 191 if (wpa_s->wpa_state == WPA_SCANNING) 192 wpa_supplicant_set_state(wpa_s, 193 wpa_s->scan_prev_wpa_state); 194 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 195 ret, retry ? " retry=1" : ""); 196 radio_work_done(work); 197 198 if (retry) { 199 /* Restore scan_req since we will try to scan again */ 200 wpa_s->scan_req = wpa_s->last_scan_req; 201 wpa_supplicant_req_scan(wpa_s, 1, 0); 202 } 203 return; 204 } 205 206 os_get_reltime(&wpa_s->scan_trigger_time); 207 wpa_s->scan_runs++; 208 wpa_s->normal_scans++; 209 wpa_s->own_scan_requested = 1; 210 wpa_s->clear_driver_scan_cache = 0; 211 wpa_s->scan_work = work; 212 } 213 214 215 /** 216 * wpa_supplicant_trigger_scan - Request driver to start a scan 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @params: Scan parameters 219 * Returns: 0 on success, -1 on failure 220 */ 221 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 222 struct wpa_driver_scan_params *params) 223 { 224 struct wpa_driver_scan_params *ctx; 225 226 if (wpa_s->scan_work) { 227 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 228 return -1; 229 } 230 231 ctx = wpa_scan_clone_params(params); 232 if (ctx == NULL) 233 return -1; 234 235 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 236 { 237 wpa_scan_free_params(ctx); 238 return -1; 239 } 240 241 return 0; 242 } 243 244 245 static void 246 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 247 { 248 struct wpa_supplicant *wpa_s = eloop_ctx; 249 250 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 251 252 if (wpa_supplicant_req_sched_scan(wpa_s)) 253 wpa_supplicant_req_scan(wpa_s, 0, 0); 254 } 255 256 257 static void 258 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 259 { 260 struct wpa_supplicant *wpa_s = eloop_ctx; 261 262 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 263 264 wpa_s->sched_scan_timed_out = 1; 265 wpa_supplicant_cancel_sched_scan(wpa_s); 266 } 267 268 269 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 270 struct wpa_driver_scan_params *params) 271 { 272 int ret; 273 274 wpa_supplicant_notify_scanning(wpa_s, 1); 275 ret = wpa_drv_sched_scan(wpa_s, params); 276 if (ret) 277 wpa_supplicant_notify_scanning(wpa_s, 0); 278 else 279 wpa_s->sched_scanning = 1; 280 281 return ret; 282 } 283 284 285 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 286 { 287 int ret; 288 289 ret = wpa_drv_stop_sched_scan(wpa_s); 290 if (ret) { 291 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 292 /* TODO: what to do if stopping fails? */ 293 return -1; 294 } 295 296 return ret; 297 } 298 299 300 static struct wpa_driver_scan_filter * 301 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 302 { 303 struct wpa_driver_scan_filter *ssids; 304 struct wpa_ssid *ssid; 305 size_t count; 306 307 *num_ssids = 0; 308 if (!conf->filter_ssids) 309 return NULL; 310 311 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 312 if (ssid->ssid && ssid->ssid_len) 313 count++; 314 } 315 if (count == 0) 316 return NULL; 317 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 318 if (ssids == NULL) 319 return NULL; 320 321 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 322 if (!ssid->ssid || !ssid->ssid_len) 323 continue; 324 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 325 ssids[*num_ssids].ssid_len = ssid->ssid_len; 326 (*num_ssids)++; 327 } 328 329 return ssids; 330 } 331 332 333 static void wpa_supplicant_optimize_freqs( 334 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 335 { 336 #ifdef CONFIG_P2P 337 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 338 wpa_s->go_params) { 339 /* Optimize provisioning state scan based on GO information */ 340 if (wpa_s->p2p_in_provisioning < 5 && 341 wpa_s->go_params->freq > 0) { 342 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 343 "preferred frequency %d MHz", 344 wpa_s->go_params->freq); 345 params->freqs = os_calloc(2, sizeof(int)); 346 if (params->freqs) 347 params->freqs[0] = wpa_s->go_params->freq; 348 } else if (wpa_s->p2p_in_provisioning < 8 && 349 wpa_s->go_params->freq_list[0]) { 350 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 351 "channels"); 352 int_array_concat(¶ms->freqs, 353 wpa_s->go_params->freq_list); 354 if (params->freqs) 355 int_array_sort_unique(params->freqs); 356 } 357 wpa_s->p2p_in_provisioning++; 358 } 359 360 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 361 /* 362 * Optimize scan based on GO information during persistent 363 * group reinvocation 364 */ 365 if (wpa_s->p2p_in_invitation < 5 && 366 wpa_s->p2p_invite_go_freq > 0) { 367 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 368 wpa_s->p2p_invite_go_freq); 369 params->freqs = os_calloc(2, sizeof(int)); 370 if (params->freqs) 371 params->freqs[0] = wpa_s->p2p_invite_go_freq; 372 } 373 wpa_s->p2p_in_invitation++; 374 if (wpa_s->p2p_in_invitation > 20) { 375 /* 376 * This should not really happen since the variable is 377 * cleared on group removal, but if it does happen, make 378 * sure we do not get stuck in special invitation scan 379 * mode. 380 */ 381 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 382 wpa_s->p2p_in_invitation = 0; 383 } 384 } 385 #endif /* CONFIG_P2P */ 386 387 #ifdef CONFIG_WPS 388 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 389 /* 390 * Optimize post-provisioning scan based on channel used 391 * during provisioning. 392 */ 393 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 394 "that was used during provisioning", wpa_s->wps_freq); 395 params->freqs = os_calloc(2, sizeof(int)); 396 if (params->freqs) 397 params->freqs[0] = wpa_s->wps_freq; 398 wpa_s->after_wps--; 399 } else if (wpa_s->after_wps) 400 wpa_s->after_wps--; 401 402 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 403 { 404 /* Optimize provisioning scan based on already known channel */ 405 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 406 wpa_s->wps_freq); 407 params->freqs = os_calloc(2, sizeof(int)); 408 if (params->freqs) 409 params->freqs[0] = wpa_s->wps_freq; 410 wpa_s->known_wps_freq = 0; /* only do this once */ 411 } 412 #endif /* CONFIG_WPS */ 413 } 414 415 416 #ifdef CONFIG_INTERWORKING 417 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 418 struct wpabuf *buf) 419 { 420 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 421 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 422 1 + ETH_ALEN); 423 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 424 /* No Venue Info */ 425 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 426 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 427 } 428 #endif /* CONFIG_INTERWORKING */ 429 430 431 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 432 { 433 struct wpabuf *extra_ie = NULL; 434 u8 ext_capab[18]; 435 int ext_capab_len; 436 #ifdef CONFIG_WPS 437 int wps = 0; 438 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 439 #endif /* CONFIG_WPS */ 440 441 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 442 sizeof(ext_capab)); 443 if (ext_capab_len > 0 && 444 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 445 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 446 447 #ifdef CONFIG_INTERWORKING 448 if (wpa_s->conf->interworking && 449 wpabuf_resize(&extra_ie, 100) == 0) 450 wpas_add_interworking_elements(wpa_s, extra_ie); 451 #endif /* CONFIG_INTERWORKING */ 452 453 #ifdef CONFIG_WPS 454 wps = wpas_wps_in_use(wpa_s, &req_type); 455 456 if (wps) { 457 struct wpabuf *wps_ie; 458 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 459 DEV_PW_DEFAULT, 460 &wpa_s->wps->dev, 461 wpa_s->wps->uuid, req_type, 462 0, NULL); 463 if (wps_ie) { 464 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 465 wpabuf_put_buf(extra_ie, wps_ie); 466 wpabuf_free(wps_ie); 467 } 468 } 469 470 #ifdef CONFIG_P2P 471 if (wps) { 472 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 473 if (wpabuf_resize(&extra_ie, ielen) == 0) 474 wpas_p2p_scan_ie(wpa_s, extra_ie); 475 } 476 #endif /* CONFIG_P2P */ 477 478 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 479 480 #endif /* CONFIG_WPS */ 481 482 #ifdef CONFIG_HS20 483 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 484 wpas_hs20_add_indication(extra_ie, -1); 485 #endif /* CONFIG_HS20 */ 486 487 #ifdef CONFIG_FST 488 if (wpa_s->fst_ies && 489 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 490 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 491 #endif /* CONFIG_FST */ 492 493 #ifdef CONFIG_MBO 494 /* Send cellular capabilities for potential MBO STAs */ 495 if (wpabuf_resize(&extra_ie, 9) == 0) 496 wpas_mbo_scan_ie(wpa_s, extra_ie); 497 #endif /* CONFIG_MBO */ 498 499 return extra_ie; 500 } 501 502 503 #ifdef CONFIG_P2P 504 505 /* 506 * Check whether there are any enabled networks or credentials that could be 507 * used for a non-P2P connection. 508 */ 509 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 510 { 511 struct wpa_ssid *ssid; 512 513 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 514 if (wpas_network_disabled(wpa_s, ssid)) 515 continue; 516 if (!ssid->p2p_group) 517 return 1; 518 } 519 520 if (wpa_s->conf->cred && wpa_s->conf->interworking && 521 wpa_s->conf->auto_interworking) 522 return 1; 523 524 return 0; 525 } 526 527 #endif /* CONFIG_P2P */ 528 529 530 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 531 enum hostapd_hw_mode band, 532 struct wpa_driver_scan_params *params) 533 { 534 /* Include only supported channels for the specified band */ 535 struct hostapd_hw_modes *mode; 536 int count, i; 537 538 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 539 if (mode == NULL) { 540 /* No channels supported in this band - use empty list */ 541 params->freqs = os_zalloc(sizeof(int)); 542 return; 543 } 544 545 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 546 if (params->freqs == NULL) 547 return; 548 for (count = 0, i = 0; i < mode->num_channels; i++) { 549 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 550 continue; 551 params->freqs[count++] = mode->channels[i].freq; 552 } 553 } 554 555 556 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 557 struct wpa_driver_scan_params *params) 558 { 559 if (wpa_s->hw.modes == NULL) 560 return; /* unknown what channels the driver supports */ 561 if (params->freqs) 562 return; /* already using a limited channel set */ 563 if (wpa_s->setband == WPA_SETBAND_5G) 564 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 565 params); 566 else if (wpa_s->setband == WPA_SETBAND_2G) 567 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 568 params); 569 } 570 571 572 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 573 struct wpa_driver_scan_params *params, 574 size_t max_ssids) 575 { 576 unsigned int i; 577 struct wpa_ssid *ssid; 578 579 for (i = 0; i < wpa_s->scan_id_count; i++) { 580 unsigned int j; 581 582 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 583 if (!ssid || !ssid->scan_ssid) 584 continue; 585 586 for (j = 0; j < params->num_ssids; j++) { 587 if (params->ssids[j].ssid_len == ssid->ssid_len && 588 params->ssids[j].ssid && 589 os_memcmp(params->ssids[j].ssid, ssid->ssid, 590 ssid->ssid_len) == 0) 591 break; 592 } 593 if (j < params->num_ssids) 594 continue; /* already in the list */ 595 596 if (params->num_ssids + 1 > max_ssids) { 597 wpa_printf(MSG_DEBUG, 598 "Over max scan SSIDs for manual request"); 599 break; 600 } 601 602 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 603 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 604 params->ssids[params->num_ssids].ssid = ssid->ssid; 605 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 606 params->num_ssids++; 607 } 608 609 wpa_s->scan_id_count = 0; 610 } 611 612 613 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 614 struct wpa_driver_scan_params *params, 615 size_t max_ssids) 616 { 617 unsigned int i; 618 619 if (wpa_s->ssids_from_scan_req == NULL || 620 wpa_s->num_ssids_from_scan_req == 0) 621 return 0; 622 623 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 624 wpa_s->num_ssids_from_scan_req = max_ssids; 625 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 626 (unsigned int) max_ssids); 627 } 628 629 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 630 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 631 params->ssids[i].ssid_len = 632 wpa_s->ssids_from_scan_req[i].ssid_len; 633 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 634 params->ssids[i].ssid, 635 params->ssids[i].ssid_len); 636 } 637 638 params->num_ssids = wpa_s->num_ssids_from_scan_req; 639 wpa_s->num_ssids_from_scan_req = 0; 640 return 1; 641 } 642 643 644 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 645 { 646 struct wpa_supplicant *wpa_s = eloop_ctx; 647 struct wpa_ssid *ssid; 648 int ret, p2p_in_prog; 649 struct wpabuf *extra_ie = NULL; 650 struct wpa_driver_scan_params params; 651 struct wpa_driver_scan_params *scan_params; 652 size_t max_ssids; 653 int connect_without_scan = 0; 654 655 if (wpa_s->pno || wpa_s->pno_sched_pending) { 656 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 657 return; 658 } 659 660 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 661 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 662 return; 663 } 664 665 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 666 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 667 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 668 return; 669 } 670 671 if (wpa_s->scanning) { 672 /* 673 * If we are already in scanning state, we shall reschedule the 674 * the incoming scan request. 675 */ 676 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 677 wpa_supplicant_req_scan(wpa_s, 1, 0); 678 return; 679 } 680 681 if (!wpa_supplicant_enabled_networks(wpa_s) && 682 wpa_s->scan_req == NORMAL_SCAN_REQ) { 683 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 684 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 685 return; 686 } 687 688 if (wpa_s->conf->ap_scan != 0 && 689 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 690 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 691 "overriding ap_scan configuration"); 692 wpa_s->conf->ap_scan = 0; 693 wpas_notify_ap_scan_changed(wpa_s); 694 } 695 696 if (wpa_s->conf->ap_scan == 0) { 697 wpa_supplicant_gen_assoc_event(wpa_s); 698 return; 699 } 700 701 ssid = NULL; 702 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 703 wpa_s->connect_without_scan) { 704 connect_without_scan = 1; 705 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 706 if (ssid == wpa_s->connect_without_scan) 707 break; 708 } 709 } 710 711 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 712 if (p2p_in_prog && p2p_in_prog != 2 && 713 (!ssid || 714 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 715 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 716 wpa_supplicant_req_scan(wpa_s, 5, 0); 717 return; 718 } 719 720 if (wpa_s->conf->ap_scan == 2) 721 max_ssids = 1; 722 else { 723 max_ssids = wpa_s->max_scan_ssids; 724 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 725 max_ssids = WPAS_MAX_SCAN_SSIDS; 726 } 727 728 wpa_s->last_scan_req = wpa_s->scan_req; 729 wpa_s->scan_req = NORMAL_SCAN_REQ; 730 731 if (connect_without_scan) { 732 wpa_s->connect_without_scan = NULL; 733 if (ssid) { 734 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 735 "without scan step"); 736 wpa_supplicant_associate(wpa_s, NULL, ssid); 737 return; 738 } 739 } 740 741 os_memset(¶ms, 0, sizeof(params)); 742 743 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 744 if (wpa_s->wpa_state == WPA_DISCONNECTED || 745 wpa_s->wpa_state == WPA_INACTIVE) 746 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 747 748 /* 749 * If autoscan has set its own scanning parameters 750 */ 751 if (wpa_s->autoscan_params != NULL) { 752 scan_params = wpa_s->autoscan_params; 753 goto scan; 754 } 755 756 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 757 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 758 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 759 goto ssid_list_set; 760 } 761 762 #ifdef CONFIG_P2P 763 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 764 wpa_s->go_params && !wpa_s->conf->passive_scan) { 765 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 766 wpa_s->p2p_in_provisioning, 767 wpa_s->show_group_started); 768 params.ssids[0].ssid = wpa_s->go_params->ssid; 769 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 770 params.num_ssids = 1; 771 goto ssid_list_set; 772 } 773 774 if (wpa_s->p2p_in_invitation) { 775 if (wpa_s->current_ssid) { 776 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 777 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 778 params.ssids[0].ssid_len = 779 wpa_s->current_ssid->ssid_len; 780 params.num_ssids = 1; 781 } else { 782 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 783 } 784 goto ssid_list_set; 785 } 786 #endif /* CONFIG_P2P */ 787 788 /* Find the starting point from which to continue scanning */ 789 ssid = wpa_s->conf->ssid; 790 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 791 while (ssid) { 792 if (ssid == wpa_s->prev_scan_ssid) { 793 ssid = ssid->next; 794 break; 795 } 796 ssid = ssid->next; 797 } 798 } 799 800 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 801 #ifdef CONFIG_AP 802 !wpa_s->ap_iface && 803 #endif /* CONFIG_AP */ 804 wpa_s->conf->ap_scan == 2) { 805 wpa_s->connect_without_scan = NULL; 806 wpa_s->prev_scan_wildcard = 0; 807 wpa_supplicant_assoc_try(wpa_s, ssid); 808 return; 809 } else if (wpa_s->conf->ap_scan == 2) { 810 /* 811 * User-initiated scan request in ap_scan == 2; scan with 812 * wildcard SSID. 813 */ 814 ssid = NULL; 815 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 816 /* 817 * Perform single-channel single-SSID scan for 818 * reassociate-to-same-BSS operation. 819 */ 820 /* Setup SSID */ 821 ssid = wpa_s->current_ssid; 822 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 823 ssid->ssid, ssid->ssid_len); 824 params.ssids[0].ssid = ssid->ssid; 825 params.ssids[0].ssid_len = ssid->ssid_len; 826 params.num_ssids = 1; 827 828 /* 829 * Allocate memory for frequency array, allocate one extra 830 * slot for the zero-terminator. 831 */ 832 params.freqs = os_malloc(sizeof(int) * 2); 833 if (params.freqs == NULL) { 834 wpa_dbg(wpa_s, MSG_ERROR, "Memory allocation failed"); 835 return; 836 } 837 params.freqs[0] = wpa_s->assoc_freq; 838 params.freqs[1] = 0; 839 840 /* 841 * Reset the reattach flag so that we fall back to full scan if 842 * this scan fails. 843 */ 844 wpa_s->reattach = 0; 845 } else { 846 struct wpa_ssid *start = ssid, *tssid; 847 int freqs_set = 0; 848 if (ssid == NULL && max_ssids > 1) 849 ssid = wpa_s->conf->ssid; 850 while (ssid) { 851 if (!wpas_network_disabled(wpa_s, ssid) && 852 ssid->scan_ssid) { 853 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 854 ssid->ssid, ssid->ssid_len); 855 params.ssids[params.num_ssids].ssid = 856 ssid->ssid; 857 params.ssids[params.num_ssids].ssid_len = 858 ssid->ssid_len; 859 params.num_ssids++; 860 if (params.num_ssids + 1 >= max_ssids) 861 break; 862 } 863 ssid = ssid->next; 864 if (ssid == start) 865 break; 866 if (ssid == NULL && max_ssids > 1 && 867 start != wpa_s->conf->ssid) 868 ssid = wpa_s->conf->ssid; 869 } 870 871 if (wpa_s->scan_id_count && 872 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 873 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 874 875 for (tssid = wpa_s->conf->ssid; 876 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 877 tssid = tssid->next) { 878 if (wpas_network_disabled(wpa_s, tssid)) 879 continue; 880 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 881 int_array_concat(¶ms.freqs, 882 tssid->scan_freq); 883 } else { 884 os_free(params.freqs); 885 params.freqs = NULL; 886 } 887 freqs_set = 1; 888 } 889 int_array_sort_unique(params.freqs); 890 } 891 892 if (ssid && max_ssids == 1) { 893 /* 894 * If the driver is limited to 1 SSID at a time interleave 895 * wildcard SSID scans with specific SSID scans to avoid 896 * waiting a long time for a wildcard scan. 897 */ 898 if (!wpa_s->prev_scan_wildcard) { 899 params.ssids[0].ssid = NULL; 900 params.ssids[0].ssid_len = 0; 901 wpa_s->prev_scan_wildcard = 1; 902 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 903 "wildcard SSID (Interleave with specific)"); 904 } else { 905 wpa_s->prev_scan_ssid = ssid; 906 wpa_s->prev_scan_wildcard = 0; 907 wpa_dbg(wpa_s, MSG_DEBUG, 908 "Starting AP scan for specific SSID: %s", 909 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 910 } 911 } else if (ssid) { 912 /* max_ssids > 1 */ 913 914 wpa_s->prev_scan_ssid = ssid; 915 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 916 "the scan request"); 917 params.num_ssids++; 918 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 919 wpa_s->manual_scan_passive && params.num_ssids == 0) { 920 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 921 } else if (wpa_s->conf->passive_scan) { 922 wpa_dbg(wpa_s, MSG_DEBUG, 923 "Use passive scan based on configuration"); 924 } else { 925 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 926 params.num_ssids++; 927 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 928 "SSID"); 929 } 930 931 ssid_list_set: 932 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 933 extra_ie = wpa_supplicant_extra_ies(wpa_s); 934 935 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 936 wpa_s->manual_scan_only_new) { 937 wpa_printf(MSG_DEBUG, 938 "Request driver to clear scan cache due to manual only_new=1 scan"); 939 params.only_new_results = 1; 940 } 941 942 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 943 wpa_s->manual_scan_freqs) { 944 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 945 params.freqs = wpa_s->manual_scan_freqs; 946 wpa_s->manual_scan_freqs = NULL; 947 } 948 949 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 950 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 951 "generated frequency list"); 952 params.freqs = wpa_s->next_scan_freqs; 953 } else 954 os_free(wpa_s->next_scan_freqs); 955 wpa_s->next_scan_freqs = NULL; 956 wpa_setband_scan_freqs(wpa_s, ¶ms); 957 958 /* See if user specified frequencies. If so, scan only those. */ 959 if (wpa_s->conf->freq_list && !params.freqs) { 960 wpa_dbg(wpa_s, MSG_DEBUG, 961 "Optimize scan based on conf->freq_list"); 962 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 963 } 964 965 /* Use current associated channel? */ 966 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 967 unsigned int num = wpa_s->num_multichan_concurrent; 968 969 params.freqs = os_calloc(num + 1, sizeof(int)); 970 if (params.freqs) { 971 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 972 if (num > 0) { 973 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 974 "current operating channels since " 975 "scan_cur_freq is enabled"); 976 } else { 977 os_free(params.freqs); 978 params.freqs = NULL; 979 } 980 } 981 } 982 983 params.filter_ssids = wpa_supplicant_build_filter_ssids( 984 wpa_s->conf, ¶ms.num_filter_ssids); 985 if (extra_ie) { 986 params.extra_ies = wpabuf_head(extra_ie); 987 params.extra_ies_len = wpabuf_len(extra_ie); 988 } 989 990 #ifdef CONFIG_P2P 991 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 992 (wpa_s->show_group_started && wpa_s->go_params)) { 993 /* 994 * The interface may not yet be in P2P mode, so we have to 995 * explicitly request P2P probe to disable CCK rates. 996 */ 997 params.p2p_probe = 1; 998 } 999 #endif /* CONFIG_P2P */ 1000 1001 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { 1002 params.mac_addr_rand = 1; 1003 if (wpa_s->mac_addr_scan) { 1004 params.mac_addr = wpa_s->mac_addr_scan; 1005 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 1006 } 1007 } 1008 1009 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1010 struct wpa_bss *bss; 1011 1012 params.bssid = wpa_s->next_scan_bssid; 1013 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1014 if (bss && bss->ssid_len && params.num_ssids == 1 && 1015 params.ssids[0].ssid_len == 0) { 1016 params.ssids[0].ssid = bss->ssid; 1017 params.ssids[0].ssid_len = bss->ssid_len; 1018 wpa_dbg(wpa_s, MSG_DEBUG, 1019 "Scan a previously specified BSSID " MACSTR 1020 " and SSID %s", 1021 MAC2STR(params.bssid), 1022 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1023 } else { 1024 wpa_dbg(wpa_s, MSG_DEBUG, 1025 "Scan a previously specified BSSID " MACSTR, 1026 MAC2STR(params.bssid)); 1027 } 1028 } 1029 1030 scan_params = ¶ms; 1031 1032 scan: 1033 #ifdef CONFIG_P2P 1034 /* 1035 * If the driver does not support multi-channel concurrency and a 1036 * virtual interface that shares the same radio with the wpa_s interface 1037 * is operating there may not be need to scan other channels apart from 1038 * the current operating channel on the other virtual interface. Filter 1039 * out other channels in case we are trying to find a connection for a 1040 * station interface when we are not configured to prefer station 1041 * connection and a concurrent operation is already in process. 1042 */ 1043 if (wpa_s->scan_for_connection && 1044 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1045 !scan_params->freqs && !params.freqs && 1046 wpas_is_p2p_prioritized(wpa_s) && 1047 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1048 non_p2p_network_enabled(wpa_s)) { 1049 unsigned int num = wpa_s->num_multichan_concurrent; 1050 1051 params.freqs = os_calloc(num + 1, sizeof(int)); 1052 if (params.freqs) { 1053 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1054 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1055 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1056 } else { 1057 os_free(params.freqs); 1058 params.freqs = NULL; 1059 } 1060 } 1061 } 1062 #endif /* CONFIG_P2P */ 1063 1064 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1065 1066 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1067 !wpa_s->manual_scan_freqs) { 1068 /* Restore manual_scan_freqs for the next attempt */ 1069 wpa_s->manual_scan_freqs = params.freqs; 1070 params.freqs = NULL; 1071 } 1072 1073 wpabuf_free(extra_ie); 1074 os_free(params.freqs); 1075 os_free(params.filter_ssids); 1076 1077 if (ret) { 1078 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1079 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1080 wpa_supplicant_set_state(wpa_s, 1081 wpa_s->scan_prev_wpa_state); 1082 /* Restore scan_req since we will try to scan again */ 1083 wpa_s->scan_req = wpa_s->last_scan_req; 1084 wpa_supplicant_req_scan(wpa_s, 1, 0); 1085 } else { 1086 wpa_s->scan_for_connection = 0; 1087 #ifdef CONFIG_INTERWORKING 1088 wpa_s->interworking_fast_assoc_tried = 0; 1089 #endif /* CONFIG_INTERWORKING */ 1090 if (params.bssid) 1091 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1092 } 1093 } 1094 1095 1096 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1097 { 1098 struct os_reltime remaining, new_int; 1099 int cancelled; 1100 1101 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1102 &remaining); 1103 1104 new_int.sec = sec; 1105 new_int.usec = 0; 1106 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1107 new_int.sec = remaining.sec; 1108 new_int.usec = remaining.usec; 1109 } 1110 1111 if (cancelled) { 1112 eloop_register_timeout(new_int.sec, new_int.usec, 1113 wpa_supplicant_scan, wpa_s, NULL); 1114 } 1115 wpa_s->scan_interval = sec; 1116 } 1117 1118 1119 /** 1120 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1121 * @wpa_s: Pointer to wpa_supplicant data 1122 * @sec: Number of seconds after which to scan 1123 * @usec: Number of microseconds after which to scan 1124 * 1125 * This function is used to schedule a scan for neighboring access points after 1126 * the specified time. 1127 */ 1128 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1129 { 1130 int res; 1131 1132 if (wpa_s->p2p_mgmt) { 1133 wpa_dbg(wpa_s, MSG_DEBUG, 1134 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1135 sec, usec); 1136 return; 1137 } 1138 1139 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1140 NULL); 1141 if (res == 1) { 1142 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1143 sec, usec); 1144 } else if (res == 0) { 1145 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1146 sec, usec); 1147 } else { 1148 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1149 sec, usec); 1150 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1151 } 1152 } 1153 1154 1155 /** 1156 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1157 * @wpa_s: Pointer to wpa_supplicant data 1158 * @sec: Number of seconds after which to scan 1159 * @usec: Number of microseconds after which to scan 1160 * Returns: 0 on success or -1 otherwise 1161 * 1162 * This function is used to schedule periodic scans for neighboring 1163 * access points after the specified time. 1164 */ 1165 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1166 int sec, int usec) 1167 { 1168 if (!wpa_s->sched_scan_supported) 1169 return -1; 1170 1171 eloop_register_timeout(sec, usec, 1172 wpa_supplicant_delayed_sched_scan_timeout, 1173 wpa_s, NULL); 1174 1175 return 0; 1176 } 1177 1178 1179 /** 1180 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1181 * @wpa_s: Pointer to wpa_supplicant data 1182 * Returns: 0 is sched_scan was started or -1 otherwise 1183 * 1184 * This function is used to schedule periodic scans for neighboring 1185 * access points repeating the scan continuously. 1186 */ 1187 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1188 { 1189 struct wpa_driver_scan_params params; 1190 struct wpa_driver_scan_params *scan_params; 1191 enum wpa_states prev_state; 1192 struct wpa_ssid *ssid = NULL; 1193 struct wpabuf *extra_ie = NULL; 1194 int ret; 1195 unsigned int max_sched_scan_ssids; 1196 int wildcard = 0; 1197 int need_ssids; 1198 struct sched_scan_plan scan_plan; 1199 1200 if (!wpa_s->sched_scan_supported) 1201 return -1; 1202 1203 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1204 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1205 else 1206 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1207 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1208 return -1; 1209 1210 if (wpa_s->sched_scanning) { 1211 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1212 return 0; 1213 } 1214 1215 need_ssids = 0; 1216 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1217 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1218 /* Use wildcard SSID to find this network */ 1219 wildcard = 1; 1220 } else if (!wpas_network_disabled(wpa_s, ssid) && 1221 ssid->ssid_len) 1222 need_ssids++; 1223 1224 #ifdef CONFIG_WPS 1225 if (!wpas_network_disabled(wpa_s, ssid) && 1226 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1227 /* 1228 * Normal scan is more reliable and faster for WPS 1229 * operations and since these are for short periods of 1230 * time, the benefit of trying to use sched_scan would 1231 * be limited. 1232 */ 1233 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1234 "sched_scan for WPS"); 1235 return -1; 1236 } 1237 #endif /* CONFIG_WPS */ 1238 } 1239 if (wildcard) 1240 need_ssids++; 1241 1242 if (wpa_s->normal_scans < 3 && 1243 (need_ssids <= wpa_s->max_scan_ssids || 1244 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1245 /* 1246 * When normal scan can speed up operations, use that for the 1247 * first operations before starting the sched_scan to allow 1248 * user space sleep more. We do this only if the normal scan 1249 * has functionality that is suitable for this or if the 1250 * sched_scan does not have better support for multiple SSIDs. 1251 */ 1252 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1253 "sched_scan for initial scans (normal_scans=%d)", 1254 wpa_s->normal_scans); 1255 return -1; 1256 } 1257 1258 os_memset(¶ms, 0, sizeof(params)); 1259 1260 /* If we can't allocate space for the filters, we just don't filter */ 1261 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1262 sizeof(struct wpa_driver_scan_filter)); 1263 1264 prev_state = wpa_s->wpa_state; 1265 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1266 wpa_s->wpa_state == WPA_INACTIVE) 1267 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1268 1269 if (wpa_s->autoscan_params != NULL) { 1270 scan_params = wpa_s->autoscan_params; 1271 goto scan; 1272 } 1273 1274 /* Find the starting point from which to continue scanning */ 1275 ssid = wpa_s->conf->ssid; 1276 if (wpa_s->prev_sched_ssid) { 1277 while (ssid) { 1278 if (ssid == wpa_s->prev_sched_ssid) { 1279 ssid = ssid->next; 1280 break; 1281 } 1282 ssid = ssid->next; 1283 } 1284 } 1285 1286 if (!ssid || !wpa_s->prev_sched_ssid) { 1287 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1288 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1289 wpa_s->first_sched_scan = 1; 1290 ssid = wpa_s->conf->ssid; 1291 wpa_s->prev_sched_ssid = ssid; 1292 } 1293 1294 if (wildcard) { 1295 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1296 params.num_ssids++; 1297 } 1298 1299 while (ssid) { 1300 if (wpas_network_disabled(wpa_s, ssid)) 1301 goto next; 1302 1303 if (params.num_filter_ssids < wpa_s->max_match_sets && 1304 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1305 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1306 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1307 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1308 ssid->ssid, ssid->ssid_len); 1309 params.filter_ssids[params.num_filter_ssids].ssid_len = 1310 ssid->ssid_len; 1311 params.num_filter_ssids++; 1312 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1313 { 1314 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1315 "filter for sched_scan - drop filter"); 1316 os_free(params.filter_ssids); 1317 params.filter_ssids = NULL; 1318 params.num_filter_ssids = 0; 1319 } 1320 1321 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1322 if (params.num_ssids == max_sched_scan_ssids) 1323 break; /* only room for broadcast SSID */ 1324 wpa_dbg(wpa_s, MSG_DEBUG, 1325 "add to active scan ssid: %s", 1326 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1327 params.ssids[params.num_ssids].ssid = 1328 ssid->ssid; 1329 params.ssids[params.num_ssids].ssid_len = 1330 ssid->ssid_len; 1331 params.num_ssids++; 1332 if (params.num_ssids >= max_sched_scan_ssids) { 1333 wpa_s->prev_sched_ssid = ssid; 1334 do { 1335 ssid = ssid->next; 1336 } while (ssid && 1337 (wpas_network_disabled(wpa_s, ssid) || 1338 !ssid->scan_ssid)); 1339 break; 1340 } 1341 } 1342 1343 next: 1344 wpa_s->prev_sched_ssid = ssid; 1345 ssid = ssid->next; 1346 } 1347 1348 if (params.num_filter_ssids == 0) { 1349 os_free(params.filter_ssids); 1350 params.filter_ssids = NULL; 1351 } 1352 1353 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1354 if (extra_ie) { 1355 params.extra_ies = wpabuf_head(extra_ie); 1356 params.extra_ies_len = wpabuf_len(extra_ie); 1357 } 1358 1359 if (wpa_s->conf->filter_rssi) 1360 params.filter_rssi = wpa_s->conf->filter_rssi; 1361 1362 /* See if user specified frequencies. If so, scan only those. */ 1363 if (wpa_s->conf->freq_list && !params.freqs) { 1364 wpa_dbg(wpa_s, MSG_DEBUG, 1365 "Optimize scan based on conf->freq_list"); 1366 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1367 } 1368 1369 scan_params = ¶ms; 1370 1371 scan: 1372 wpa_s->sched_scan_timed_out = 0; 1373 1374 /* 1375 * We cannot support multiple scan plans if the scan request includes 1376 * too many SSID's, so in this case use only the last scan plan and make 1377 * it run infinitely. It will be stopped by the timeout. 1378 */ 1379 if (wpa_s->sched_scan_plans_num == 1 || 1380 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1381 params.sched_scan_plans = wpa_s->sched_scan_plans; 1382 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1383 } else if (wpa_s->sched_scan_plans_num > 1) { 1384 wpa_dbg(wpa_s, MSG_DEBUG, 1385 "Too many SSIDs. Default to using single scheduled_scan plan"); 1386 params.sched_scan_plans = 1387 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1388 1]; 1389 params.sched_scan_plans_num = 1; 1390 } else { 1391 if (wpa_s->conf->sched_scan_interval) 1392 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1393 else 1394 scan_plan.interval = 10; 1395 1396 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1397 wpa_printf(MSG_WARNING, 1398 "Scan interval too long(%u), use the maximum allowed(%u)", 1399 scan_plan.interval, 1400 wpa_s->max_sched_scan_plan_interval); 1401 scan_plan.interval = 1402 wpa_s->max_sched_scan_plan_interval; 1403 } 1404 1405 scan_plan.iterations = 0; 1406 params.sched_scan_plans = &scan_plan; 1407 params.sched_scan_plans_num = 1; 1408 } 1409 1410 if (ssid || !wpa_s->first_sched_scan) { 1411 wpa_dbg(wpa_s, MSG_DEBUG, 1412 "Starting sched scan: interval %u timeout %d", 1413 params.sched_scan_plans[0].interval, 1414 wpa_s->sched_scan_timeout); 1415 } else { 1416 wpa_dbg(wpa_s, MSG_DEBUG, "Starting sched scan (no timeout)"); 1417 } 1418 1419 wpa_setband_scan_freqs(wpa_s, scan_params); 1420 1421 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { 1422 params.mac_addr_rand = 1; 1423 if (wpa_s->mac_addr_sched_scan) { 1424 params.mac_addr = wpa_s->mac_addr_sched_scan; 1425 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1426 ETH_ALEN; 1427 } 1428 } 1429 1430 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1431 wpabuf_free(extra_ie); 1432 os_free(params.filter_ssids); 1433 if (ret) { 1434 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1435 if (prev_state != wpa_s->wpa_state) 1436 wpa_supplicant_set_state(wpa_s, prev_state); 1437 return ret; 1438 } 1439 1440 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1441 if (ssid || !wpa_s->first_sched_scan) { 1442 wpa_s->sched_scan_timed_out = 0; 1443 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1444 wpa_supplicant_sched_scan_timeout, 1445 wpa_s, NULL); 1446 wpa_s->first_sched_scan = 0; 1447 wpa_s->sched_scan_timeout /= 2; 1448 params.sched_scan_plans[0].interval *= 2; 1449 if ((unsigned int) wpa_s->sched_scan_timeout < 1450 params.sched_scan_plans[0].interval || 1451 params.sched_scan_plans[0].interval > 1452 wpa_s->max_sched_scan_plan_interval) { 1453 params.sched_scan_plans[0].interval = 10; 1454 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1455 } 1456 } 1457 1458 /* If there is no more ssids, start next time from the beginning */ 1459 if (!ssid) 1460 wpa_s->prev_sched_ssid = NULL; 1461 1462 return 0; 1463 } 1464 1465 1466 /** 1467 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1468 * @wpa_s: Pointer to wpa_supplicant data 1469 * 1470 * This function is used to cancel a scan request scheduled with 1471 * wpa_supplicant_req_scan(). 1472 */ 1473 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1474 { 1475 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1476 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1477 } 1478 1479 1480 /** 1481 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1482 * @wpa_s: Pointer to wpa_supplicant data 1483 * 1484 * This function is used to stop a delayed scheduled scan. 1485 */ 1486 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1487 { 1488 if (!wpa_s->sched_scan_supported) 1489 return; 1490 1491 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1492 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1493 wpa_s, NULL); 1494 } 1495 1496 1497 /** 1498 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1499 * @wpa_s: Pointer to wpa_supplicant data 1500 * 1501 * This function is used to stop a periodic scheduled scan. 1502 */ 1503 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1504 { 1505 if (!wpa_s->sched_scanning) 1506 return; 1507 1508 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1509 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1510 wpa_supplicant_stop_sched_scan(wpa_s); 1511 } 1512 1513 1514 /** 1515 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1516 * @wpa_s: Pointer to wpa_supplicant data 1517 * @scanning: Whether scanning is currently in progress 1518 * 1519 * This function is to generate scanning notifycations. It is called whenever 1520 * there may have been a change in scanning (scan started, completed, stopped). 1521 * wpas_notify_scanning() is called whenever the scanning state changed from the 1522 * previously notified state. 1523 */ 1524 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1525 int scanning) 1526 { 1527 if (wpa_s->scanning != scanning) { 1528 wpa_s->scanning = scanning; 1529 wpas_notify_scanning(wpa_s); 1530 } 1531 } 1532 1533 1534 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1535 { 1536 int rate = 0; 1537 const u8 *ie; 1538 int i; 1539 1540 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1541 for (i = 0; ie && i < ie[1]; i++) { 1542 if ((ie[i + 2] & 0x7f) > rate) 1543 rate = ie[i + 2] & 0x7f; 1544 } 1545 1546 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1547 for (i = 0; ie && i < ie[1]; i++) { 1548 if ((ie[i + 2] & 0x7f) > rate) 1549 rate = ie[i + 2] & 0x7f; 1550 } 1551 1552 return rate; 1553 } 1554 1555 1556 /** 1557 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1558 * @res: Scan result entry 1559 * @ie: Information element identitifier (WLAN_EID_*) 1560 * Returns: Pointer to the information element (id field) or %NULL if not found 1561 * 1562 * This function returns the first matching information element in the scan 1563 * result. 1564 */ 1565 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1566 { 1567 return get_ie((const u8 *) (res + 1), res->ie_len, ie); 1568 } 1569 1570 1571 /** 1572 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1573 * @res: Scan result entry 1574 * @vendor_type: Vendor type (four octets starting the IE payload) 1575 * Returns: Pointer to the information element (id field) or %NULL if not found 1576 * 1577 * This function returns the first matching information element in the scan 1578 * result. 1579 */ 1580 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1581 u32 vendor_type) 1582 { 1583 const u8 *end, *pos; 1584 1585 pos = (const u8 *) (res + 1); 1586 end = pos + res->ie_len; 1587 1588 while (end - pos > 1) { 1589 if (2 + pos[1] > end - pos) 1590 break; 1591 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1592 vendor_type == WPA_GET_BE32(&pos[2])) 1593 return pos; 1594 pos += 2 + pos[1]; 1595 } 1596 1597 return NULL; 1598 } 1599 1600 1601 /** 1602 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1603 * @res: Scan result entry 1604 * @vendor_type: Vendor type (four octets starting the IE payload) 1605 * Returns: Pointer to the information element (id field) or %NULL if not found 1606 * 1607 * This function returns the first matching information element in the scan 1608 * result. 1609 * 1610 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1611 * from Beacon frames instead of either Beacon or Probe Response frames. 1612 */ 1613 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1614 u32 vendor_type) 1615 { 1616 const u8 *end, *pos; 1617 1618 if (res->beacon_ie_len == 0) 1619 return NULL; 1620 1621 pos = (const u8 *) (res + 1); 1622 pos += res->ie_len; 1623 end = pos + res->beacon_ie_len; 1624 1625 while (end - pos > 1) { 1626 if (2 + pos[1] > end - pos) 1627 break; 1628 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1629 vendor_type == WPA_GET_BE32(&pos[2])) 1630 return pos; 1631 pos += 2 + pos[1]; 1632 } 1633 1634 return NULL; 1635 } 1636 1637 1638 /** 1639 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1640 * @res: Scan result entry 1641 * @vendor_type: Vendor type (four octets starting the IE payload) 1642 * Returns: Pointer to the information element payload or %NULL if not found 1643 * 1644 * This function returns concatenated payload of possibly fragmented vendor 1645 * specific information elements in the scan result. The caller is responsible 1646 * for freeing the returned buffer. 1647 */ 1648 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1649 u32 vendor_type) 1650 { 1651 struct wpabuf *buf; 1652 const u8 *end, *pos; 1653 1654 buf = wpabuf_alloc(res->ie_len); 1655 if (buf == NULL) 1656 return NULL; 1657 1658 pos = (const u8 *) (res + 1); 1659 end = pos + res->ie_len; 1660 1661 while (end - pos > 1) { 1662 if (2 + pos[1] > end - pos) 1663 break; 1664 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1665 vendor_type == WPA_GET_BE32(&pos[2])) 1666 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1667 pos += 2 + pos[1]; 1668 } 1669 1670 if (wpabuf_len(buf) == 0) { 1671 wpabuf_free(buf); 1672 buf = NULL; 1673 } 1674 1675 return buf; 1676 } 1677 1678 1679 /* 1680 * Channels with a great SNR can operate at full rate. What is a great SNR? 1681 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1682 * rule of thumb is that any SNR above 20 is good." This one 1683 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1684 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1685 * conservative value. 1686 */ 1687 #define GREAT_SNR 30 1688 1689 #define IS_5GHZ(n) (n > 4000) 1690 1691 /* Compare function for sorting scan results. Return >0 if @b is considered 1692 * better. */ 1693 static int wpa_scan_result_compar(const void *a, const void *b) 1694 { 1695 #define MIN(a,b) a < b ? a : b 1696 struct wpa_scan_res **_wa = (void *) a; 1697 struct wpa_scan_res **_wb = (void *) b; 1698 struct wpa_scan_res *wa = *_wa; 1699 struct wpa_scan_res *wb = *_wb; 1700 int wpa_a, wpa_b; 1701 int snr_a, snr_b, snr_a_full, snr_b_full; 1702 1703 /* WPA/WPA2 support preferred */ 1704 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1705 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1706 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1707 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1708 1709 if (wpa_b && !wpa_a) 1710 return 1; 1711 if (!wpa_b && wpa_a) 1712 return -1; 1713 1714 /* privacy support preferred */ 1715 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1716 (wb->caps & IEEE80211_CAP_PRIVACY)) 1717 return 1; 1718 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1719 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1720 return -1; 1721 1722 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1723 snr_a_full = wa->snr; 1724 snr_a = MIN(wa->snr, GREAT_SNR); 1725 snr_b_full = wb->snr; 1726 snr_b = MIN(wb->snr, GREAT_SNR); 1727 } else { 1728 /* Level is not in dBm, so we can't calculate 1729 * SNR. Just use raw level (units unknown). */ 1730 snr_a = snr_a_full = wa->level; 1731 snr_b = snr_b_full = wb->level; 1732 } 1733 1734 /* if SNR is close, decide by max rate or frequency band */ 1735 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1736 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1737 if (wa->est_throughput != wb->est_throughput) 1738 return wb->est_throughput - wa->est_throughput; 1739 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1740 return IS_5GHZ(wa->freq) ? -1 : 1; 1741 } 1742 1743 /* all things being equal, use SNR; if SNRs are 1744 * identical, use quality values since some drivers may only report 1745 * that value and leave the signal level zero */ 1746 if (snr_b_full == snr_a_full) 1747 return wb->qual - wa->qual; 1748 return snr_b_full - snr_a_full; 1749 #undef MIN 1750 } 1751 1752 1753 #ifdef CONFIG_WPS 1754 /* Compare function for sorting scan results when searching a WPS AP for 1755 * provisioning. Return >0 if @b is considered better. */ 1756 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1757 { 1758 struct wpa_scan_res **_wa = (void *) a; 1759 struct wpa_scan_res **_wb = (void *) b; 1760 struct wpa_scan_res *wa = *_wa; 1761 struct wpa_scan_res *wb = *_wb; 1762 int uses_wps_a, uses_wps_b; 1763 struct wpabuf *wps_a, *wps_b; 1764 int res; 1765 1766 /* Optimization - check WPS IE existence before allocated memory and 1767 * doing full reassembly. */ 1768 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1769 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1770 if (uses_wps_a && !uses_wps_b) 1771 return -1; 1772 if (!uses_wps_a && uses_wps_b) 1773 return 1; 1774 1775 if (uses_wps_a && uses_wps_b) { 1776 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1777 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1778 res = wps_ap_priority_compar(wps_a, wps_b); 1779 wpabuf_free(wps_a); 1780 wpabuf_free(wps_b); 1781 if (res) 1782 return res; 1783 } 1784 1785 /* 1786 * Do not use current AP security policy as a sorting criteria during 1787 * WPS provisioning step since the AP may get reconfigured at the 1788 * completion of provisioning. 1789 */ 1790 1791 /* all things being equal, use signal level; if signal levels are 1792 * identical, use quality values since some drivers may only report 1793 * that value and leave the signal level zero */ 1794 if (wb->level == wa->level) 1795 return wb->qual - wa->qual; 1796 return wb->level - wa->level; 1797 } 1798 #endif /* CONFIG_WPS */ 1799 1800 1801 static void dump_scan_res(struct wpa_scan_results *scan_res) 1802 { 1803 #ifndef CONFIG_NO_STDOUT_DEBUG 1804 size_t i; 1805 1806 if (scan_res->res == NULL || scan_res->num == 0) 1807 return; 1808 1809 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1810 1811 for (i = 0; i < scan_res->num; i++) { 1812 struct wpa_scan_res *r = scan_res->res[i]; 1813 u8 *pos; 1814 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1815 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1816 1817 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1818 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1819 MAC2STR(r->bssid), r->freq, r->qual, 1820 r->noise, noise_valid ? "" : "~", r->level, 1821 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1822 r->flags, 1823 r->age, r->est_throughput); 1824 } else { 1825 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1826 "noise=%d level=%d flags=0x%x age=%u est=%u", 1827 MAC2STR(r->bssid), r->freq, r->qual, 1828 r->noise, r->level, r->flags, r->age, 1829 r->est_throughput); 1830 } 1831 pos = (u8 *) (r + 1); 1832 if (r->ie_len) 1833 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1834 pos += r->ie_len; 1835 if (r->beacon_ie_len) 1836 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1837 pos, r->beacon_ie_len); 1838 } 1839 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1840 } 1841 1842 1843 /** 1844 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1845 * @wpa_s: Pointer to wpa_supplicant data 1846 * @bssid: BSSID to check 1847 * Returns: 0 if the BSSID is filtered or 1 if not 1848 * 1849 * This function is used to filter out specific BSSIDs from scan reslts mainly 1850 * for testing purposes (SET bssid_filter ctrl_iface command). 1851 */ 1852 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1853 const u8 *bssid) 1854 { 1855 size_t i; 1856 1857 if (wpa_s->bssid_filter == NULL) 1858 return 1; 1859 1860 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1861 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1862 ETH_ALEN) == 0) 1863 return 1; 1864 } 1865 1866 return 0; 1867 } 1868 1869 1870 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1871 struct wpa_scan_results *res) 1872 { 1873 size_t i, j; 1874 1875 if (wpa_s->bssid_filter == NULL) 1876 return; 1877 1878 for (i = 0, j = 0; i < res->num; i++) { 1879 if (wpa_supplicant_filter_bssid_match(wpa_s, 1880 res->res[i]->bssid)) { 1881 res->res[j++] = res->res[i]; 1882 } else { 1883 os_free(res->res[i]); 1884 res->res[i] = NULL; 1885 } 1886 } 1887 1888 if (res->num != j) { 1889 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1890 (int) (res->num - j)); 1891 res->num = j; 1892 } 1893 } 1894 1895 1896 /* 1897 * Noise floor values to use when we have signal strength 1898 * measurements, but no noise floor measurements. These values were 1899 * measured in an office environment with many APs. 1900 */ 1901 #define DEFAULT_NOISE_FLOOR_2GHZ (-89) 1902 #define DEFAULT_NOISE_FLOOR_5GHZ (-92) 1903 1904 static void scan_snr(struct wpa_scan_res *res) 1905 { 1906 if (res->flags & WPA_SCAN_NOISE_INVALID) { 1907 res->noise = IS_5GHZ(res->freq) ? 1908 DEFAULT_NOISE_FLOOR_5GHZ : 1909 DEFAULT_NOISE_FLOOR_2GHZ; 1910 } 1911 1912 if (res->flags & WPA_SCAN_LEVEL_DBM) { 1913 res->snr = res->level - res->noise; 1914 } else { 1915 /* Level is not in dBm, so we can't calculate 1916 * SNR. Just use raw level (units unknown). */ 1917 res->snr = res->level; 1918 } 1919 } 1920 1921 1922 static unsigned int max_ht20_rate(int snr) 1923 { 1924 if (snr < 6) 1925 return 6500; /* HT20 MCS0 */ 1926 if (snr < 8) 1927 return 13000; /* HT20 MCS1 */ 1928 if (snr < 13) 1929 return 19500; /* HT20 MCS2 */ 1930 if (snr < 17) 1931 return 26000; /* HT20 MCS3 */ 1932 if (snr < 20) 1933 return 39000; /* HT20 MCS4 */ 1934 if (snr < 23) 1935 return 52000; /* HT20 MCS5 */ 1936 if (snr < 24) 1937 return 58500; /* HT20 MCS6 */ 1938 return 65000; /* HT20 MCS7 */ 1939 } 1940 1941 1942 static unsigned int max_ht40_rate(int snr) 1943 { 1944 if (snr < 3) 1945 return 13500; /* HT40 MCS0 */ 1946 if (snr < 6) 1947 return 27000; /* HT40 MCS1 */ 1948 if (snr < 10) 1949 return 40500; /* HT40 MCS2 */ 1950 if (snr < 15) 1951 return 54000; /* HT40 MCS3 */ 1952 if (snr < 17) 1953 return 81000; /* HT40 MCS4 */ 1954 if (snr < 22) 1955 return 108000; /* HT40 MCS5 */ 1956 if (snr < 24) 1957 return 121500; /* HT40 MCS6 */ 1958 return 135000; /* HT40 MCS7 */ 1959 } 1960 1961 1962 static unsigned int max_vht80_rate(int snr) 1963 { 1964 if (snr < 1) 1965 return 0; 1966 if (snr < 2) 1967 return 29300; /* VHT80 MCS0 */ 1968 if (snr < 5) 1969 return 58500; /* VHT80 MCS1 */ 1970 if (snr < 9) 1971 return 87800; /* VHT80 MCS2 */ 1972 if (snr < 11) 1973 return 117000; /* VHT80 MCS3 */ 1974 if (snr < 15) 1975 return 175500; /* VHT80 MCS4 */ 1976 if (snr < 16) 1977 return 234000; /* VHT80 MCS5 */ 1978 if (snr < 18) 1979 return 263300; /* VHT80 MCS6 */ 1980 if (snr < 20) 1981 return 292500; /* VHT80 MCS7 */ 1982 if (snr < 22) 1983 return 351000; /* VHT80 MCS8 */ 1984 return 390000; /* VHT80 MCS9 */ 1985 } 1986 1987 1988 static void scan_est_throughput(struct wpa_supplicant *wpa_s, 1989 struct wpa_scan_res *res) 1990 { 1991 enum local_hw_capab capab = wpa_s->hw_capab; 1992 int rate; /* max legacy rate in 500 kb/s units */ 1993 const u8 *ie; 1994 unsigned int est, tmp; 1995 int snr = res->snr; 1996 1997 if (res->est_throughput) 1998 return; 1999 2000 /* Get maximum legacy rate */ 2001 rate = wpa_scan_get_max_rate(res); 2002 2003 /* Limit based on estimated SNR */ 2004 if (rate > 1 * 2 && snr < 1) 2005 rate = 1 * 2; 2006 else if (rate > 2 * 2 && snr < 4) 2007 rate = 2 * 2; 2008 else if (rate > 6 * 2 && snr < 5) 2009 rate = 6 * 2; 2010 else if (rate > 9 * 2 && snr < 6) 2011 rate = 9 * 2; 2012 else if (rate > 12 * 2 && snr < 7) 2013 rate = 12 * 2; 2014 else if (rate > 18 * 2 && snr < 10) 2015 rate = 18 * 2; 2016 else if (rate > 24 * 2 && snr < 11) 2017 rate = 24 * 2; 2018 else if (rate > 36 * 2 && snr < 15) 2019 rate = 36 * 2; 2020 else if (rate > 48 * 2 && snr < 19) 2021 rate = 48 * 2; 2022 else if (rate > 54 * 2 && snr < 21) 2023 rate = 54 * 2; 2024 est = rate * 500; 2025 2026 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2027 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 2028 if (ie) { 2029 tmp = max_ht20_rate(snr); 2030 if (tmp > est) 2031 est = tmp; 2032 } 2033 } 2034 2035 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2036 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2037 if (ie && ie[1] >= 2 && 2038 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2039 tmp = max_ht40_rate(snr); 2040 if (tmp > est) 2041 est = tmp; 2042 } 2043 } 2044 2045 if (capab == CAPAB_VHT) { 2046 /* Use +1 to assume VHT is always faster than HT */ 2047 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 2048 if (ie) { 2049 tmp = max_ht20_rate(snr) + 1; 2050 if (tmp > est) 2051 est = tmp; 2052 2053 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2054 if (ie && ie[1] >= 2 && 2055 (ie[3] & 2056 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2057 tmp = max_ht40_rate(snr) + 1; 2058 if (tmp > est) 2059 est = tmp; 2060 } 2061 2062 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 2063 if (ie && ie[1] >= 1 && 2064 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 2065 tmp = max_vht80_rate(snr) + 1; 2066 if (tmp > est) 2067 est = tmp; 2068 } 2069 } 2070 } 2071 2072 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2073 2074 res->est_throughput = est; 2075 } 2076 2077 2078 /** 2079 * wpa_supplicant_get_scan_results - Get scan results 2080 * @wpa_s: Pointer to wpa_supplicant data 2081 * @info: Information about what was scanned or %NULL if not available 2082 * @new_scan: Whether a new scan was performed 2083 * Returns: Scan results, %NULL on failure 2084 * 2085 * This function request the current scan results from the driver and updates 2086 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2087 * results with wpa_scan_results_free(). 2088 */ 2089 struct wpa_scan_results * 2090 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2091 struct scan_info *info, int new_scan) 2092 { 2093 struct wpa_scan_results *scan_res; 2094 size_t i; 2095 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2096 2097 scan_res = wpa_drv_get_scan_results2(wpa_s); 2098 if (scan_res == NULL) { 2099 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2100 return NULL; 2101 } 2102 if (scan_res->fetch_time.sec == 0) { 2103 /* 2104 * Make sure we have a valid timestamp if the driver wrapper 2105 * does not set this. 2106 */ 2107 os_get_reltime(&scan_res->fetch_time); 2108 } 2109 filter_scan_res(wpa_s, scan_res); 2110 2111 for (i = 0; i < scan_res->num; i++) { 2112 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2113 2114 scan_snr(scan_res_item); 2115 scan_est_throughput(wpa_s, scan_res_item); 2116 } 2117 2118 #ifdef CONFIG_WPS 2119 if (wpas_wps_searching(wpa_s)) { 2120 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2121 "provisioning rules"); 2122 compar = wpa_scan_result_wps_compar; 2123 } 2124 #endif /* CONFIG_WPS */ 2125 2126 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 2127 compar); 2128 dump_scan_res(scan_res); 2129 2130 wpa_bss_update_start(wpa_s); 2131 for (i = 0; i < scan_res->num; i++) 2132 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2133 &scan_res->fetch_time); 2134 wpa_bss_update_end(wpa_s, info, new_scan); 2135 2136 return scan_res; 2137 } 2138 2139 2140 /** 2141 * wpa_supplicant_update_scan_results - Update scan results from the driver 2142 * @wpa_s: Pointer to wpa_supplicant data 2143 * Returns: 0 on success, -1 on failure 2144 * 2145 * This function updates the BSS table within wpa_supplicant based on the 2146 * currently available scan results from the driver without requesting a new 2147 * scan. This is used in cases where the driver indicates an association 2148 * (including roaming within ESS) and wpa_supplicant does not yet have the 2149 * needed information to complete the connection (e.g., to perform validation 2150 * steps in 4-way handshake). 2151 */ 2152 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2153 { 2154 struct wpa_scan_results *scan_res; 2155 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2156 if (scan_res == NULL) 2157 return -1; 2158 wpa_scan_results_free(scan_res); 2159 2160 return 0; 2161 } 2162 2163 2164 /** 2165 * scan_only_handler - Reports scan results 2166 */ 2167 void scan_only_handler(struct wpa_supplicant *wpa_s, 2168 struct wpa_scan_results *scan_res) 2169 { 2170 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2171 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2172 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2173 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2174 wpa_s->manual_scan_id); 2175 wpa_s->manual_scan_use_id = 0; 2176 } else { 2177 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2178 } 2179 wpas_notify_scan_results(wpa_s); 2180 wpas_notify_scan_done(wpa_s, 1); 2181 if (wpa_s->scan_work) { 2182 struct wpa_radio_work *work = wpa_s->scan_work; 2183 wpa_s->scan_work = NULL; 2184 radio_work_done(work); 2185 } 2186 2187 if (wpa_s->wpa_state == WPA_SCANNING) 2188 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 2189 } 2190 2191 2192 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2193 { 2194 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2195 } 2196 2197 2198 struct wpa_driver_scan_params * 2199 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2200 { 2201 struct wpa_driver_scan_params *params; 2202 size_t i; 2203 u8 *n; 2204 2205 params = os_zalloc(sizeof(*params)); 2206 if (params == NULL) 2207 return NULL; 2208 2209 for (i = 0; i < src->num_ssids; i++) { 2210 if (src->ssids[i].ssid) { 2211 n = os_malloc(src->ssids[i].ssid_len); 2212 if (n == NULL) 2213 goto failed; 2214 os_memcpy(n, src->ssids[i].ssid, 2215 src->ssids[i].ssid_len); 2216 params->ssids[i].ssid = n; 2217 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2218 } 2219 } 2220 params->num_ssids = src->num_ssids; 2221 2222 if (src->extra_ies) { 2223 n = os_malloc(src->extra_ies_len); 2224 if (n == NULL) 2225 goto failed; 2226 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2227 params->extra_ies = n; 2228 params->extra_ies_len = src->extra_ies_len; 2229 } 2230 2231 if (src->freqs) { 2232 int len = int_array_len(src->freqs); 2233 params->freqs = os_malloc((len + 1) * sizeof(int)); 2234 if (params->freqs == NULL) 2235 goto failed; 2236 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2237 } 2238 2239 if (src->filter_ssids) { 2240 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2241 src->num_filter_ssids); 2242 if (params->filter_ssids == NULL) 2243 goto failed; 2244 os_memcpy(params->filter_ssids, src->filter_ssids, 2245 sizeof(*params->filter_ssids) * 2246 src->num_filter_ssids); 2247 params->num_filter_ssids = src->num_filter_ssids; 2248 } 2249 2250 params->filter_rssi = src->filter_rssi; 2251 params->p2p_probe = src->p2p_probe; 2252 params->only_new_results = src->only_new_results; 2253 params->low_priority = src->low_priority; 2254 2255 if (src->sched_scan_plans_num > 0) { 2256 params->sched_scan_plans = 2257 os_malloc(sizeof(*src->sched_scan_plans) * 2258 src->sched_scan_plans_num); 2259 if (!params->sched_scan_plans) 2260 goto failed; 2261 2262 os_memcpy(params->sched_scan_plans, src->sched_scan_plans, 2263 sizeof(*src->sched_scan_plans) * 2264 src->sched_scan_plans_num); 2265 params->sched_scan_plans_num = src->sched_scan_plans_num; 2266 } 2267 2268 if (src->mac_addr_rand) { 2269 params->mac_addr_rand = src->mac_addr_rand; 2270 2271 if (src->mac_addr && src->mac_addr_mask) { 2272 u8 *mac_addr; 2273 2274 mac_addr = os_malloc(2 * ETH_ALEN); 2275 if (!mac_addr) 2276 goto failed; 2277 2278 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2279 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2280 ETH_ALEN); 2281 params->mac_addr = mac_addr; 2282 params->mac_addr_mask = mac_addr + ETH_ALEN; 2283 } 2284 } 2285 2286 if (src->bssid) { 2287 u8 *bssid; 2288 2289 bssid = os_malloc(ETH_ALEN); 2290 if (!bssid) 2291 goto failed; 2292 os_memcpy(bssid, src->bssid, ETH_ALEN); 2293 params->bssid = bssid; 2294 } 2295 2296 return params; 2297 2298 failed: 2299 wpa_scan_free_params(params); 2300 return NULL; 2301 } 2302 2303 2304 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2305 { 2306 size_t i; 2307 2308 if (params == NULL) 2309 return; 2310 2311 for (i = 0; i < params->num_ssids; i++) 2312 os_free((u8 *) params->ssids[i].ssid); 2313 os_free((u8 *) params->extra_ies); 2314 os_free(params->freqs); 2315 os_free(params->filter_ssids); 2316 os_free(params->sched_scan_plans); 2317 2318 /* 2319 * Note: params->mac_addr_mask points to same memory allocation and 2320 * must not be freed separately. 2321 */ 2322 os_free((u8 *) params->mac_addr); 2323 2324 os_free((u8 *) params->bssid); 2325 2326 os_free(params); 2327 } 2328 2329 2330 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2331 { 2332 int ret, prio; 2333 size_t i, num_ssid, num_match_ssid; 2334 struct wpa_ssid *ssid; 2335 struct wpa_driver_scan_params params; 2336 struct sched_scan_plan scan_plan; 2337 unsigned int max_sched_scan_ssids; 2338 2339 if (!wpa_s->sched_scan_supported) 2340 return -1; 2341 2342 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 2343 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 2344 else 2345 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 2346 if (max_sched_scan_ssids < 1) 2347 return -1; 2348 2349 if (wpa_s->pno || wpa_s->pno_sched_pending) 2350 return 0; 2351 2352 if ((wpa_s->wpa_state > WPA_SCANNING) && 2353 (wpa_s->wpa_state <= WPA_COMPLETED)) { 2354 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2355 return -EAGAIN; 2356 } 2357 2358 if (wpa_s->wpa_state == WPA_SCANNING) { 2359 wpa_supplicant_cancel_scan(wpa_s); 2360 if (wpa_s->sched_scanning) { 2361 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2362 "ongoing sched scan"); 2363 wpa_supplicant_cancel_sched_scan(wpa_s); 2364 wpa_s->pno_sched_pending = 1; 2365 return 0; 2366 } 2367 } 2368 2369 os_memset(¶ms, 0, sizeof(params)); 2370 2371 num_ssid = num_match_ssid = 0; 2372 ssid = wpa_s->conf->ssid; 2373 while (ssid) { 2374 if (!wpas_network_disabled(wpa_s, ssid)) { 2375 num_match_ssid++; 2376 if (ssid->scan_ssid) 2377 num_ssid++; 2378 } 2379 ssid = ssid->next; 2380 } 2381 2382 if (num_match_ssid == 0) { 2383 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2384 return -1; 2385 } 2386 2387 if (num_match_ssid > num_ssid) { 2388 params.num_ssids++; /* wildcard */ 2389 num_ssid++; 2390 } 2391 2392 if (num_ssid > max_sched_scan_ssids) { 2393 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2394 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 2395 num_ssid = max_sched_scan_ssids; 2396 } 2397 2398 if (num_match_ssid > wpa_s->max_match_sets) { 2399 num_match_ssid = wpa_s->max_match_sets; 2400 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2401 } 2402 params.filter_ssids = os_calloc(num_match_ssid, 2403 sizeof(struct wpa_driver_scan_filter)); 2404 if (params.filter_ssids == NULL) 2405 return -1; 2406 2407 i = 0; 2408 prio = 0; 2409 ssid = wpa_s->conf->pssid[prio]; 2410 while (ssid) { 2411 if (!wpas_network_disabled(wpa_s, ssid)) { 2412 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2413 params.ssids[params.num_ssids].ssid = 2414 ssid->ssid; 2415 params.ssids[params.num_ssids].ssid_len = 2416 ssid->ssid_len; 2417 params.num_ssids++; 2418 } 2419 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2420 ssid->ssid_len); 2421 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2422 params.num_filter_ssids++; 2423 i++; 2424 if (i == num_match_ssid) 2425 break; 2426 } 2427 if (ssid->pnext) 2428 ssid = ssid->pnext; 2429 else if (prio + 1 == wpa_s->conf->num_prio) 2430 break; 2431 else 2432 ssid = wpa_s->conf->pssid[++prio]; 2433 } 2434 2435 if (wpa_s->conf->filter_rssi) 2436 params.filter_rssi = wpa_s->conf->filter_rssi; 2437 2438 if (wpa_s->sched_scan_plans_num) { 2439 params.sched_scan_plans = wpa_s->sched_scan_plans; 2440 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 2441 } else { 2442 /* Set one scan plan that will run infinitely */ 2443 if (wpa_s->conf->sched_scan_interval) 2444 scan_plan.interval = wpa_s->conf->sched_scan_interval; 2445 else 2446 scan_plan.interval = 10; 2447 2448 scan_plan.iterations = 0; 2449 params.sched_scan_plans = &scan_plan; 2450 params.sched_scan_plans_num = 1; 2451 } 2452 2453 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2454 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2455 params.freqs = wpa_s->manual_sched_scan_freqs; 2456 } 2457 2458 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { 2459 params.mac_addr_rand = 1; 2460 if (wpa_s->mac_addr_pno) { 2461 params.mac_addr = wpa_s->mac_addr_pno; 2462 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2463 } 2464 } 2465 2466 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 2467 os_free(params.filter_ssids); 2468 if (ret == 0) 2469 wpa_s->pno = 1; 2470 else 2471 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2472 return ret; 2473 } 2474 2475 2476 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2477 { 2478 int ret = 0; 2479 2480 if (!wpa_s->pno) 2481 return 0; 2482 2483 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2484 2485 wpa_s->pno = 0; 2486 wpa_s->pno_sched_pending = 0; 2487 2488 if (wpa_s->wpa_state == WPA_SCANNING) 2489 wpa_supplicant_req_scan(wpa_s, 0, 0); 2490 2491 return ret; 2492 } 2493 2494 2495 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2496 unsigned int type) 2497 { 2498 type &= MAC_ADDR_RAND_ALL; 2499 wpa_s->mac_addr_rand_enable &= ~type; 2500 2501 if (type & MAC_ADDR_RAND_SCAN) { 2502 os_free(wpa_s->mac_addr_scan); 2503 wpa_s->mac_addr_scan = NULL; 2504 } 2505 2506 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2507 os_free(wpa_s->mac_addr_sched_scan); 2508 wpa_s->mac_addr_sched_scan = NULL; 2509 } 2510 2511 if (type & MAC_ADDR_RAND_PNO) { 2512 os_free(wpa_s->mac_addr_pno); 2513 wpa_s->mac_addr_pno = NULL; 2514 } 2515 } 2516 2517 2518 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2519 unsigned int type, const u8 *addr, 2520 const u8 *mask) 2521 { 2522 u8 *tmp = NULL; 2523 2524 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2525 2526 if (addr) { 2527 tmp = os_malloc(2 * ETH_ALEN); 2528 if (!tmp) 2529 return -1; 2530 os_memcpy(tmp, addr, ETH_ALEN); 2531 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2532 } 2533 2534 if (type == MAC_ADDR_RAND_SCAN) { 2535 wpa_s->mac_addr_scan = tmp; 2536 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2537 wpa_s->mac_addr_sched_scan = tmp; 2538 } else if (type == MAC_ADDR_RAND_PNO) { 2539 wpa_s->mac_addr_pno = tmp; 2540 } else { 2541 wpa_printf(MSG_INFO, 2542 "scan: Invalid MAC randomization type=0x%x", 2543 type); 2544 os_free(tmp); 2545 return -1; 2546 } 2547 2548 wpa_s->mac_addr_rand_enable |= type; 2549 return 0; 2550 } 2551 2552 2553 int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 2554 { 2555 int scan_work = !!wpa_s->scan_work; 2556 2557 #ifdef CONFIG_P2P 2558 scan_work |= !!wpa_s->p2p_scan_work; 2559 #endif /* CONFIG_P2P */ 2560 2561 if (scan_work && wpa_s->own_scan_running) { 2562 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 2563 return wpa_drv_abort_scan(wpa_s); 2564 } 2565 2566 return 0; 2567 } 2568 2569 2570 int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 2571 { 2572 struct sched_scan_plan *scan_plans = NULL; 2573 const char *token, *context = NULL; 2574 unsigned int num = 0; 2575 2576 if (!cmd) 2577 return -1; 2578 2579 if (!cmd[0]) { 2580 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 2581 os_free(wpa_s->sched_scan_plans); 2582 wpa_s->sched_scan_plans = NULL; 2583 wpa_s->sched_scan_plans_num = 0; 2584 return 0; 2585 } 2586 2587 while ((token = cstr_token(cmd, " ", &context))) { 2588 int ret; 2589 struct sched_scan_plan *scan_plan, *n; 2590 2591 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 2592 if (!n) 2593 goto fail; 2594 2595 scan_plans = n; 2596 scan_plan = &scan_plans[num]; 2597 num++; 2598 2599 ret = sscanf(token, "%u:%u", &scan_plan->interval, 2600 &scan_plan->iterations); 2601 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 2602 wpa_printf(MSG_ERROR, 2603 "Invalid sched scan plan input: %s", token); 2604 goto fail; 2605 } 2606 2607 if (!scan_plan->interval) { 2608 wpa_printf(MSG_ERROR, 2609 "scan plan %u: Interval cannot be zero", 2610 num); 2611 goto fail; 2612 } 2613 2614 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 2615 wpa_printf(MSG_WARNING, 2616 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 2617 num, scan_plan->interval, 2618 wpa_s->max_sched_scan_plan_interval); 2619 scan_plan->interval = 2620 wpa_s->max_sched_scan_plan_interval; 2621 } 2622 2623 if (ret == 1) { 2624 scan_plan->iterations = 0; 2625 break; 2626 } 2627 2628 if (!scan_plan->iterations) { 2629 wpa_printf(MSG_ERROR, 2630 "scan plan %u: Number of iterations cannot be zero", 2631 num); 2632 goto fail; 2633 } 2634 2635 if (scan_plan->iterations > 2636 wpa_s->max_sched_scan_plan_iterations) { 2637 wpa_printf(MSG_WARNING, 2638 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 2639 num, scan_plan->iterations, 2640 wpa_s->max_sched_scan_plan_iterations); 2641 scan_plan->iterations = 2642 wpa_s->max_sched_scan_plan_iterations; 2643 } 2644 2645 wpa_printf(MSG_DEBUG, 2646 "scan plan %u: interval=%u iterations=%u", 2647 num, scan_plan->interval, scan_plan->iterations); 2648 } 2649 2650 if (!scan_plans) { 2651 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 2652 goto fail; 2653 } 2654 2655 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 2656 wpa_printf(MSG_ERROR, 2657 "All scan plans but the last must specify a number of iterations"); 2658 goto fail; 2659 } 2660 2661 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 2662 num, scan_plans[num - 1].interval); 2663 2664 if (num > wpa_s->max_sched_scan_plans) { 2665 wpa_printf(MSG_WARNING, 2666 "Too many scheduled scan plans (only %u supported)", 2667 wpa_s->max_sched_scan_plans); 2668 wpa_printf(MSG_WARNING, 2669 "Use only the first %u scan plans, and the last one (in infinite loop)", 2670 wpa_s->max_sched_scan_plans - 1); 2671 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 2672 &scan_plans[num - 1], sizeof(*scan_plans)); 2673 num = wpa_s->max_sched_scan_plans; 2674 } 2675 2676 os_free(wpa_s->sched_scan_plans); 2677 wpa_s->sched_scan_plans = scan_plans; 2678 wpa_s->sched_scan_plans_num = num; 2679 2680 return 0; 2681 2682 fail: 2683 os_free(scan_plans); 2684 wpa_printf(MSG_ERROR, "invalid scan plans list"); 2685 return -1; 2686 } 2687