1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (ssid->eap.phase1 && os_strstr(ssid->eap.phase1, "pbc=1")) 63 return 2; 64 } 65 66 #ifdef CONFIG_P2P 67 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 68 !wpa_s->conf->p2p_disabled) { 69 wpa_s->wps->dev.p2p = 1; 70 if (!wps) { 71 wps = 1; 72 *req_type = WPS_REQ_ENROLLEE_INFO; 73 } 74 } 75 #endif /* CONFIG_P2P */ 76 77 return wps; 78 } 79 #endif /* CONFIG_WPS */ 80 81 82 /** 83 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 84 * @wpa_s: Pointer to wpa_supplicant data 85 * Returns: 0 if no networks are enabled, >0 if networks are enabled 86 * 87 * This function is used to figure out whether any networks (or Interworking 88 * with enabled credentials and auto_interworking) are present in the current 89 * configuration. 90 */ 91 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 92 { 93 struct wpa_ssid *ssid = wpa_s->conf->ssid; 94 int count = 0, disabled = 0; 95 96 if (wpa_s->p2p_mgmt) 97 return 0; /* no normal network profiles on p2p_mgmt interface */ 98 99 while (ssid) { 100 if (!wpas_network_disabled(wpa_s, ssid)) 101 count++; 102 else 103 disabled++; 104 ssid = ssid->next; 105 } 106 if (wpa_s->conf->cred && wpa_s->conf->interworking && 107 wpa_s->conf->auto_interworking) 108 count++; 109 if (count == 0 && disabled > 0) { 110 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 111 "networks)", disabled); 112 } 113 return count; 114 } 115 116 117 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 118 struct wpa_ssid *ssid) 119 { 120 while (ssid) { 121 if (!wpas_network_disabled(wpa_s, ssid)) 122 break; 123 ssid = ssid->next; 124 } 125 126 /* ap_scan=2 mode - try to associate with each SSID. */ 127 if (ssid == NULL) { 128 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 129 "end of scan list - go back to beginning"); 130 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 131 wpa_supplicant_req_scan(wpa_s, 0, 0); 132 return; 133 } 134 if (ssid->next) { 135 /* Continue from the next SSID on the next attempt. */ 136 wpa_s->prev_scan_ssid = ssid; 137 } else { 138 /* Start from the beginning of the SSID list. */ 139 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 140 } 141 wpa_supplicant_associate(wpa_s, NULL, ssid); 142 } 143 144 145 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 146 { 147 struct wpa_supplicant *wpa_s = work->wpa_s; 148 struct wpa_driver_scan_params *params = work->ctx; 149 int ret; 150 151 if (deinit) { 152 if (!work->started) { 153 wpa_scan_free_params(params); 154 return; 155 } 156 wpa_supplicant_notify_scanning(wpa_s, 0); 157 wpas_notify_scan_done(wpa_s, 0); 158 wpa_s->scan_work = NULL; 159 return; 160 } 161 162 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 163 wpa_msg(wpa_s, MSG_INFO, 164 "Failed to assign random MAC address for a scan"); 165 wpa_scan_free_params(params); 166 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 167 radio_work_done(work); 168 return; 169 } 170 171 wpa_supplicant_notify_scanning(wpa_s, 1); 172 173 if (wpa_s->clear_driver_scan_cache) { 174 wpa_printf(MSG_DEBUG, 175 "Request driver to clear scan cache due to local BSS flush"); 176 params->only_new_results = 1; 177 } 178 ret = wpa_drv_scan(wpa_s, params); 179 /* 180 * Store the obtained vendor scan cookie (if any) in wpa_s context. 181 * The current design is to allow only one scan request on each 182 * interface, hence having this scan cookie stored in wpa_s context is 183 * fine for now. 184 * 185 * Revisit this logic if concurrent scan operations per interface 186 * is supported. 187 */ 188 if (ret == 0) 189 wpa_s->curr_scan_cookie = params->scan_cookie; 190 wpa_scan_free_params(params); 191 work->ctx = NULL; 192 if (ret) { 193 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 194 195 if (wpa_s->disconnected) 196 retry = 0; 197 198 wpa_supplicant_notify_scanning(wpa_s, 0); 199 wpas_notify_scan_done(wpa_s, 0); 200 if (wpa_s->wpa_state == WPA_SCANNING) 201 wpa_supplicant_set_state(wpa_s, 202 wpa_s->scan_prev_wpa_state); 203 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 204 ret, retry ? " retry=1" : ""); 205 radio_work_done(work); 206 207 if (retry) { 208 /* Restore scan_req since we will try to scan again */ 209 wpa_s->scan_req = wpa_s->last_scan_req; 210 wpa_supplicant_req_scan(wpa_s, 1, 0); 211 } 212 return; 213 } 214 215 os_get_reltime(&wpa_s->scan_trigger_time); 216 wpa_s->scan_runs++; 217 wpa_s->normal_scans++; 218 wpa_s->own_scan_requested = 1; 219 wpa_s->clear_driver_scan_cache = 0; 220 wpa_s->scan_work = work; 221 } 222 223 224 /** 225 * wpa_supplicant_trigger_scan - Request driver to start a scan 226 * @wpa_s: Pointer to wpa_supplicant data 227 * @params: Scan parameters 228 * Returns: 0 on success, -1 on failure 229 */ 230 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 231 struct wpa_driver_scan_params *params) 232 { 233 struct wpa_driver_scan_params *ctx; 234 235 if (wpa_s->scan_work) { 236 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 237 return -1; 238 } 239 240 ctx = wpa_scan_clone_params(params); 241 if (!ctx || 242 radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 243 { 244 wpa_scan_free_params(ctx); 245 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 246 return -1; 247 } 248 249 return 0; 250 } 251 252 253 static void 254 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 255 { 256 struct wpa_supplicant *wpa_s = eloop_ctx; 257 258 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 259 260 if (wpa_supplicant_req_sched_scan(wpa_s)) 261 wpa_supplicant_req_scan(wpa_s, 0, 0); 262 } 263 264 265 static void 266 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 267 { 268 struct wpa_supplicant *wpa_s = eloop_ctx; 269 270 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 271 272 wpa_s->sched_scan_timed_out = 1; 273 wpa_supplicant_cancel_sched_scan(wpa_s); 274 } 275 276 277 static int 278 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 279 struct wpa_driver_scan_params *params) 280 { 281 int ret; 282 283 wpa_supplicant_notify_scanning(wpa_s, 1); 284 ret = wpa_drv_sched_scan(wpa_s, params); 285 if (ret) 286 wpa_supplicant_notify_scanning(wpa_s, 0); 287 else 288 wpa_s->sched_scanning = 1; 289 290 return ret; 291 } 292 293 294 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 295 { 296 int ret; 297 298 ret = wpa_drv_stop_sched_scan(wpa_s); 299 if (ret) { 300 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 301 /* TODO: what to do if stopping fails? */ 302 return -1; 303 } 304 305 return ret; 306 } 307 308 309 static struct wpa_driver_scan_filter * 310 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 311 { 312 struct wpa_driver_scan_filter *ssids; 313 struct wpa_ssid *ssid; 314 size_t count; 315 316 *num_ssids = 0; 317 if (!conf->filter_ssids) 318 return NULL; 319 320 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 321 if (ssid->ssid && ssid->ssid_len) 322 count++; 323 } 324 if (count == 0) 325 return NULL; 326 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 327 if (ssids == NULL) 328 return NULL; 329 330 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 331 if (!ssid->ssid || !ssid->ssid_len) 332 continue; 333 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 334 ssids[*num_ssids].ssid_len = ssid->ssid_len; 335 (*num_ssids)++; 336 } 337 338 return ssids; 339 } 340 341 342 static void wpa_supplicant_optimize_freqs( 343 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 344 { 345 #ifdef CONFIG_P2P 346 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 347 wpa_s->go_params) { 348 /* Optimize provisioning state scan based on GO information */ 349 if (wpa_s->p2p_in_provisioning < 5 && 350 wpa_s->go_params->freq > 0) { 351 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 352 "preferred frequency %d MHz", 353 wpa_s->go_params->freq); 354 params->freqs = os_calloc(2, sizeof(int)); 355 if (params->freqs) 356 params->freqs[0] = wpa_s->go_params->freq; 357 } else if (wpa_s->p2p_in_provisioning < 8 && 358 wpa_s->go_params->freq_list[0]) { 359 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 360 "channels"); 361 int_array_concat(¶ms->freqs, 362 wpa_s->go_params->freq_list); 363 if (params->freqs) 364 int_array_sort_unique(params->freqs); 365 } 366 wpa_s->p2p_in_provisioning++; 367 } 368 369 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 370 /* 371 * Optimize scan based on GO information during persistent 372 * group reinvocation 373 */ 374 if (wpa_s->p2p_in_invitation < 5 && 375 wpa_s->p2p_invite_go_freq > 0) { 376 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 377 wpa_s->p2p_invite_go_freq); 378 params->freqs = os_calloc(2, sizeof(int)); 379 if (params->freqs) 380 params->freqs[0] = wpa_s->p2p_invite_go_freq; 381 } 382 wpa_s->p2p_in_invitation++; 383 if (wpa_s->p2p_in_invitation > 20) { 384 /* 385 * This should not really happen since the variable is 386 * cleared on group removal, but if it does happen, make 387 * sure we do not get stuck in special invitation scan 388 * mode. 389 */ 390 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 391 wpa_s->p2p_in_invitation = 0; 392 } 393 } 394 #endif /* CONFIG_P2P */ 395 396 #ifdef CONFIG_WPS 397 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 398 /* 399 * Optimize post-provisioning scan based on channel used 400 * during provisioning. 401 */ 402 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 403 "that was used during provisioning", wpa_s->wps_freq); 404 params->freqs = os_calloc(2, sizeof(int)); 405 if (params->freqs) 406 params->freqs[0] = wpa_s->wps_freq; 407 wpa_s->after_wps--; 408 } else if (wpa_s->after_wps) 409 wpa_s->after_wps--; 410 411 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 412 { 413 /* Optimize provisioning scan based on already known channel */ 414 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 415 wpa_s->wps_freq); 416 params->freqs = os_calloc(2, sizeof(int)); 417 if (params->freqs) 418 params->freqs[0] = wpa_s->wps_freq; 419 wpa_s->known_wps_freq = 0; /* only do this once */ 420 } 421 #endif /* CONFIG_WPS */ 422 } 423 424 425 #ifdef CONFIG_INTERWORKING 426 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 427 struct wpabuf *buf) 428 { 429 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 430 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 431 1 + ETH_ALEN); 432 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 433 /* No Venue Info */ 434 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 435 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 436 } 437 #endif /* CONFIG_INTERWORKING */ 438 439 440 void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s) 441 { 442 struct wpabuf *default_ies = NULL; 443 u8 ext_capab[18]; 444 int ext_capab_len; 445 enum wpa_driver_if_type type = WPA_IF_STATION; 446 447 #ifdef CONFIG_P2P 448 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 449 type = WPA_IF_P2P_CLIENT; 450 #endif /* CONFIG_P2P */ 451 452 wpa_drv_get_ext_capa(wpa_s, type); 453 454 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 455 sizeof(ext_capab)); 456 if (ext_capab_len > 0 && 457 wpabuf_resize(&default_ies, ext_capab_len) == 0) 458 wpabuf_put_data(default_ies, ext_capab, ext_capab_len); 459 460 #ifdef CONFIG_MBO 461 /* Send cellular capabilities for potential MBO STAs */ 462 if (wpabuf_resize(&default_ies, 9) == 0) 463 wpas_mbo_scan_ie(wpa_s, default_ies); 464 #endif /* CONFIG_MBO */ 465 466 if (default_ies) 467 wpa_drv_set_default_scan_ies(wpa_s, wpabuf_head(default_ies), 468 wpabuf_len(default_ies)); 469 wpabuf_free(default_ies); 470 } 471 472 473 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 474 { 475 struct wpabuf *extra_ie = NULL; 476 u8 ext_capab[18]; 477 int ext_capab_len; 478 #ifdef CONFIG_WPS 479 int wps = 0; 480 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 481 #endif /* CONFIG_WPS */ 482 483 #ifdef CONFIG_P2P 484 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 485 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT); 486 else 487 #endif /* CONFIG_P2P */ 488 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION); 489 490 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 491 sizeof(ext_capab)); 492 if (ext_capab_len > 0 && 493 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 494 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 495 496 #ifdef CONFIG_INTERWORKING 497 if (wpa_s->conf->interworking && 498 wpabuf_resize(&extra_ie, 100) == 0) 499 wpas_add_interworking_elements(wpa_s, extra_ie); 500 #endif /* CONFIG_INTERWORKING */ 501 502 #ifdef CONFIG_WPS 503 wps = wpas_wps_in_use(wpa_s, &req_type); 504 505 if (wps) { 506 struct wpabuf *wps_ie; 507 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 508 DEV_PW_DEFAULT, 509 &wpa_s->wps->dev, 510 wpa_s->wps->uuid, req_type, 511 0, NULL); 512 if (wps_ie) { 513 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 514 wpabuf_put_buf(extra_ie, wps_ie); 515 wpabuf_free(wps_ie); 516 } 517 } 518 519 #ifdef CONFIG_P2P 520 if (wps) { 521 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 522 if (wpabuf_resize(&extra_ie, ielen) == 0) 523 wpas_p2p_scan_ie(wpa_s, extra_ie); 524 } 525 #endif /* CONFIG_P2P */ 526 527 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 528 529 #endif /* CONFIG_WPS */ 530 531 #ifdef CONFIG_HS20 532 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 533 wpas_hs20_add_indication(extra_ie, -1); 534 #endif /* CONFIG_HS20 */ 535 536 #ifdef CONFIG_FST 537 if (wpa_s->fst_ies && 538 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 539 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 540 #endif /* CONFIG_FST */ 541 542 #ifdef CONFIG_MBO 543 /* Send cellular capabilities for potential MBO STAs */ 544 if (wpabuf_resize(&extra_ie, 9) == 0) 545 wpas_mbo_scan_ie(wpa_s, extra_ie); 546 #endif /* CONFIG_MBO */ 547 548 if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) { 549 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]; 550 551 if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0) 552 wpabuf_put_buf(extra_ie, buf); 553 } 554 555 return extra_ie; 556 } 557 558 559 #ifdef CONFIG_P2P 560 561 /* 562 * Check whether there are any enabled networks or credentials that could be 563 * used for a non-P2P connection. 564 */ 565 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 566 { 567 struct wpa_ssid *ssid; 568 569 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 570 if (wpas_network_disabled(wpa_s, ssid)) 571 continue; 572 if (!ssid->p2p_group) 573 return 1; 574 } 575 576 if (wpa_s->conf->cred && wpa_s->conf->interworking && 577 wpa_s->conf->auto_interworking) 578 return 1; 579 580 return 0; 581 } 582 583 #endif /* CONFIG_P2P */ 584 585 586 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 587 enum hostapd_hw_mode band, 588 struct wpa_driver_scan_params *params) 589 { 590 /* Include only supported channels for the specified band */ 591 struct hostapd_hw_modes *mode; 592 int count, i; 593 594 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 595 if (mode == NULL) { 596 /* No channels supported in this band - use empty list */ 597 params->freqs = os_zalloc(sizeof(int)); 598 return; 599 } 600 601 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 602 if (params->freqs == NULL) 603 return; 604 for (count = 0, i = 0; i < mode->num_channels; i++) { 605 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 606 continue; 607 params->freqs[count++] = mode->channels[i].freq; 608 } 609 } 610 611 612 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 613 struct wpa_driver_scan_params *params) 614 { 615 if (wpa_s->hw.modes == NULL) 616 return; /* unknown what channels the driver supports */ 617 if (params->freqs) 618 return; /* already using a limited channel set */ 619 if (wpa_s->setband == WPA_SETBAND_5G) 620 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 621 params); 622 else if (wpa_s->setband == WPA_SETBAND_2G) 623 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 624 params); 625 } 626 627 628 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 629 struct wpa_driver_scan_params *params, 630 size_t max_ssids) 631 { 632 unsigned int i; 633 struct wpa_ssid *ssid; 634 635 /* 636 * For devices with max_ssids greater than 1, leave the last slot empty 637 * for adding the wildcard scan entry. 638 */ 639 max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids; 640 641 for (i = 0; i < wpa_s->scan_id_count; i++) { 642 unsigned int j; 643 644 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 645 if (!ssid || !ssid->scan_ssid) 646 continue; 647 648 for (j = 0; j < params->num_ssids; j++) { 649 if (params->ssids[j].ssid_len == ssid->ssid_len && 650 params->ssids[j].ssid && 651 os_memcmp(params->ssids[j].ssid, ssid->ssid, 652 ssid->ssid_len) == 0) 653 break; 654 } 655 if (j < params->num_ssids) 656 continue; /* already in the list */ 657 658 if (params->num_ssids + 1 > max_ssids) { 659 wpa_printf(MSG_DEBUG, 660 "Over max scan SSIDs for manual request"); 661 break; 662 } 663 664 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 665 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 666 params->ssids[params->num_ssids].ssid = ssid->ssid; 667 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 668 params->num_ssids++; 669 } 670 671 wpa_s->scan_id_count = 0; 672 } 673 674 675 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 676 struct wpa_driver_scan_params *params, 677 size_t max_ssids) 678 { 679 unsigned int i; 680 681 if (wpa_s->ssids_from_scan_req == NULL || 682 wpa_s->num_ssids_from_scan_req == 0) 683 return 0; 684 685 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 686 wpa_s->num_ssids_from_scan_req = max_ssids; 687 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 688 (unsigned int) max_ssids); 689 } 690 691 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 692 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 693 params->ssids[i].ssid_len = 694 wpa_s->ssids_from_scan_req[i].ssid_len; 695 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 696 params->ssids[i].ssid, 697 params->ssids[i].ssid_len); 698 } 699 700 params->num_ssids = wpa_s->num_ssids_from_scan_req; 701 wpa_s->num_ssids_from_scan_req = 0; 702 return 1; 703 } 704 705 706 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 707 { 708 struct wpa_supplicant *wpa_s = eloop_ctx; 709 struct wpa_ssid *ssid; 710 int ret, p2p_in_prog; 711 struct wpabuf *extra_ie = NULL; 712 struct wpa_driver_scan_params params; 713 struct wpa_driver_scan_params *scan_params; 714 size_t max_ssids; 715 int connect_without_scan = 0; 716 717 wpa_s->ignore_post_flush_scan_res = 0; 718 719 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 720 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 721 return; 722 } 723 724 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 725 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 726 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 727 return; 728 } 729 730 if (wpa_s->scanning) { 731 /* 732 * If we are already in scanning state, we shall reschedule the 733 * the incoming scan request. 734 */ 735 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 736 wpa_supplicant_req_scan(wpa_s, 1, 0); 737 return; 738 } 739 740 if (!wpa_supplicant_enabled_networks(wpa_s) && 741 wpa_s->scan_req == NORMAL_SCAN_REQ) { 742 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 743 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 744 return; 745 } 746 747 if (wpa_s->conf->ap_scan != 0 && 748 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 749 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 750 "overriding ap_scan configuration"); 751 wpa_s->conf->ap_scan = 0; 752 wpas_notify_ap_scan_changed(wpa_s); 753 } 754 755 if (wpa_s->conf->ap_scan == 0) { 756 wpa_supplicant_gen_assoc_event(wpa_s); 757 return; 758 } 759 760 ssid = NULL; 761 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 762 wpa_s->connect_without_scan) { 763 connect_without_scan = 1; 764 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 765 if (ssid == wpa_s->connect_without_scan) 766 break; 767 } 768 } 769 770 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 771 if (p2p_in_prog && p2p_in_prog != 2 && 772 (!ssid || 773 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 774 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 775 wpa_supplicant_req_scan(wpa_s, 5, 0); 776 return; 777 } 778 779 /* 780 * Don't cancel the scan based on ongoing PNO; defer it. Some scans are 781 * used for changing modes inside wpa_supplicant (roaming, 782 * auto-reconnect, etc). Discarding the scan might hurt these processes. 783 * The normal use case for PNO is to suspend the host immediately after 784 * starting PNO, so the periodic 100 ms attempts to run the scan do not 785 * normally happen in practice multiple times, i.e., this is simply 786 * restarting scanning once the host is woken up and PNO stopped. 787 */ 788 if (wpa_s->pno || wpa_s->pno_sched_pending) { 789 wpa_dbg(wpa_s, MSG_DEBUG, "Defer scan - PNO is in progress"); 790 wpa_supplicant_req_scan(wpa_s, 0, 100000); 791 return; 792 } 793 794 if (wpa_s->conf->ap_scan == 2) 795 max_ssids = 1; 796 else { 797 max_ssids = wpa_s->max_scan_ssids; 798 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 799 max_ssids = WPAS_MAX_SCAN_SSIDS; 800 } 801 802 wpa_s->last_scan_req = wpa_s->scan_req; 803 wpa_s->scan_req = NORMAL_SCAN_REQ; 804 805 if (connect_without_scan) { 806 wpa_s->connect_without_scan = NULL; 807 if (ssid) { 808 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 809 "without scan step"); 810 wpa_supplicant_associate(wpa_s, NULL, ssid); 811 return; 812 } 813 } 814 815 os_memset(¶ms, 0, sizeof(params)); 816 817 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 818 if (wpa_s->wpa_state == WPA_DISCONNECTED || 819 wpa_s->wpa_state == WPA_INACTIVE) 820 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 821 822 /* 823 * If autoscan has set its own scanning parameters 824 */ 825 if (wpa_s->autoscan_params != NULL) { 826 scan_params = wpa_s->autoscan_params; 827 goto scan; 828 } 829 830 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 831 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 832 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 833 goto ssid_list_set; 834 } 835 836 #ifdef CONFIG_P2P 837 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 838 wpa_s->go_params && !wpa_s->conf->passive_scan) { 839 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 840 wpa_s->p2p_in_provisioning, 841 wpa_s->show_group_started); 842 params.ssids[0].ssid = wpa_s->go_params->ssid; 843 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 844 params.num_ssids = 1; 845 goto ssid_list_set; 846 } 847 848 if (wpa_s->p2p_in_invitation) { 849 if (wpa_s->current_ssid) { 850 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 851 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 852 params.ssids[0].ssid_len = 853 wpa_s->current_ssid->ssid_len; 854 params.num_ssids = 1; 855 } else { 856 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 857 } 858 goto ssid_list_set; 859 } 860 #endif /* CONFIG_P2P */ 861 862 /* Find the starting point from which to continue scanning */ 863 ssid = wpa_s->conf->ssid; 864 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 865 while (ssid) { 866 if (ssid == wpa_s->prev_scan_ssid) { 867 ssid = ssid->next; 868 break; 869 } 870 ssid = ssid->next; 871 } 872 } 873 874 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 875 #ifdef CONFIG_AP 876 !wpa_s->ap_iface && 877 #endif /* CONFIG_AP */ 878 wpa_s->conf->ap_scan == 2) { 879 wpa_s->connect_without_scan = NULL; 880 wpa_s->prev_scan_wildcard = 0; 881 wpa_supplicant_assoc_try(wpa_s, ssid); 882 return; 883 } else if (wpa_s->conf->ap_scan == 2) { 884 /* 885 * User-initiated scan request in ap_scan == 2; scan with 886 * wildcard SSID. 887 */ 888 ssid = NULL; 889 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 890 /* 891 * Perform single-channel single-SSID scan for 892 * reassociate-to-same-BSS operation. 893 */ 894 /* Setup SSID */ 895 ssid = wpa_s->current_ssid; 896 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 897 ssid->ssid, ssid->ssid_len); 898 params.ssids[0].ssid = ssid->ssid; 899 params.ssids[0].ssid_len = ssid->ssid_len; 900 params.num_ssids = 1; 901 902 /* 903 * Allocate memory for frequency array, allocate one extra 904 * slot for the zero-terminator. 905 */ 906 params.freqs = os_malloc(sizeof(int) * 2); 907 if (params.freqs) { 908 params.freqs[0] = wpa_s->assoc_freq; 909 params.freqs[1] = 0; 910 } 911 912 /* 913 * Reset the reattach flag so that we fall back to full scan if 914 * this scan fails. 915 */ 916 wpa_s->reattach = 0; 917 } else { 918 struct wpa_ssid *start = ssid, *tssid; 919 int freqs_set = 0; 920 if (ssid == NULL && max_ssids > 1) 921 ssid = wpa_s->conf->ssid; 922 while (ssid) { 923 if (!wpas_network_disabled(wpa_s, ssid) && 924 ssid->scan_ssid) { 925 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 926 ssid->ssid, ssid->ssid_len); 927 params.ssids[params.num_ssids].ssid = 928 ssid->ssid; 929 params.ssids[params.num_ssids].ssid_len = 930 ssid->ssid_len; 931 params.num_ssids++; 932 if (params.num_ssids + 1 >= max_ssids) 933 break; 934 } 935 ssid = ssid->next; 936 if (ssid == start) 937 break; 938 if (ssid == NULL && max_ssids > 1 && 939 start != wpa_s->conf->ssid) 940 ssid = wpa_s->conf->ssid; 941 } 942 943 if (wpa_s->scan_id_count && 944 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 945 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 946 947 for (tssid = wpa_s->conf->ssid; 948 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 949 tssid = tssid->next) { 950 if (wpas_network_disabled(wpa_s, tssid)) 951 continue; 952 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 953 int_array_concat(¶ms.freqs, 954 tssid->scan_freq); 955 } else { 956 os_free(params.freqs); 957 params.freqs = NULL; 958 } 959 freqs_set = 1; 960 } 961 int_array_sort_unique(params.freqs); 962 } 963 964 if (ssid && max_ssids == 1) { 965 /* 966 * If the driver is limited to 1 SSID at a time interleave 967 * wildcard SSID scans with specific SSID scans to avoid 968 * waiting a long time for a wildcard scan. 969 */ 970 if (!wpa_s->prev_scan_wildcard) { 971 params.ssids[0].ssid = NULL; 972 params.ssids[0].ssid_len = 0; 973 wpa_s->prev_scan_wildcard = 1; 974 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 975 "wildcard SSID (Interleave with specific)"); 976 } else { 977 wpa_s->prev_scan_ssid = ssid; 978 wpa_s->prev_scan_wildcard = 0; 979 wpa_dbg(wpa_s, MSG_DEBUG, 980 "Starting AP scan for specific SSID: %s", 981 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 982 } 983 } else if (ssid) { 984 /* max_ssids > 1 */ 985 986 wpa_s->prev_scan_ssid = ssid; 987 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 988 "the scan request"); 989 params.num_ssids++; 990 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 991 wpa_s->manual_scan_passive && params.num_ssids == 0) { 992 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 993 } else if (wpa_s->conf->passive_scan) { 994 wpa_dbg(wpa_s, MSG_DEBUG, 995 "Use passive scan based on configuration"); 996 } else { 997 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 998 params.num_ssids++; 999 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 1000 "SSID"); 1001 } 1002 1003 ssid_list_set: 1004 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 1005 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1006 1007 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1008 wpa_s->manual_scan_only_new) { 1009 wpa_printf(MSG_DEBUG, 1010 "Request driver to clear scan cache due to manual only_new=1 scan"); 1011 params.only_new_results = 1; 1012 } 1013 1014 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 1015 wpa_s->manual_scan_freqs) { 1016 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 1017 params.freqs = wpa_s->manual_scan_freqs; 1018 wpa_s->manual_scan_freqs = NULL; 1019 } 1020 1021 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 1022 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 1023 "generated frequency list"); 1024 params.freqs = wpa_s->next_scan_freqs; 1025 } else 1026 os_free(wpa_s->next_scan_freqs); 1027 wpa_s->next_scan_freqs = NULL; 1028 wpa_setband_scan_freqs(wpa_s, ¶ms); 1029 1030 /* See if user specified frequencies. If so, scan only those. */ 1031 if (wpa_s->conf->freq_list && !params.freqs) { 1032 wpa_dbg(wpa_s, MSG_DEBUG, 1033 "Optimize scan based on conf->freq_list"); 1034 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1035 } 1036 1037 /* Use current associated channel? */ 1038 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 1039 unsigned int num = wpa_s->num_multichan_concurrent; 1040 1041 params.freqs = os_calloc(num + 1, sizeof(int)); 1042 if (params.freqs) { 1043 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1044 if (num > 0) { 1045 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 1046 "current operating channels since " 1047 "scan_cur_freq is enabled"); 1048 } else { 1049 os_free(params.freqs); 1050 params.freqs = NULL; 1051 } 1052 } 1053 } 1054 1055 params.filter_ssids = wpa_supplicant_build_filter_ssids( 1056 wpa_s->conf, ¶ms.num_filter_ssids); 1057 if (extra_ie) { 1058 params.extra_ies = wpabuf_head(extra_ie); 1059 params.extra_ies_len = wpabuf_len(extra_ie); 1060 } 1061 1062 #ifdef CONFIG_P2P 1063 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 1064 (wpa_s->show_group_started && wpa_s->go_params)) { 1065 /* 1066 * The interface may not yet be in P2P mode, so we have to 1067 * explicitly request P2P probe to disable CCK rates. 1068 */ 1069 params.p2p_probe = 1; 1070 } 1071 #endif /* CONFIG_P2P */ 1072 1073 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) && 1074 wpa_s->wpa_state <= WPA_SCANNING) { 1075 params.mac_addr_rand = 1; 1076 if (wpa_s->mac_addr_scan) { 1077 params.mac_addr = wpa_s->mac_addr_scan; 1078 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 1079 } 1080 } 1081 1082 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1083 struct wpa_bss *bss; 1084 1085 params.bssid = wpa_s->next_scan_bssid; 1086 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1087 if (bss && bss->ssid_len && params.num_ssids == 1 && 1088 params.ssids[0].ssid_len == 0) { 1089 params.ssids[0].ssid = bss->ssid; 1090 params.ssids[0].ssid_len = bss->ssid_len; 1091 wpa_dbg(wpa_s, MSG_DEBUG, 1092 "Scan a previously specified BSSID " MACSTR 1093 " and SSID %s", 1094 MAC2STR(params.bssid), 1095 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1096 } else { 1097 wpa_dbg(wpa_s, MSG_DEBUG, 1098 "Scan a previously specified BSSID " MACSTR, 1099 MAC2STR(params.bssid)); 1100 } 1101 } 1102 1103 scan_params = ¶ms; 1104 1105 scan: 1106 #ifdef CONFIG_P2P 1107 /* 1108 * If the driver does not support multi-channel concurrency and a 1109 * virtual interface that shares the same radio with the wpa_s interface 1110 * is operating there may not be need to scan other channels apart from 1111 * the current operating channel on the other virtual interface. Filter 1112 * out other channels in case we are trying to find a connection for a 1113 * station interface when we are not configured to prefer station 1114 * connection and a concurrent operation is already in process. 1115 */ 1116 if (wpa_s->scan_for_connection && 1117 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1118 !scan_params->freqs && !params.freqs && 1119 wpas_is_p2p_prioritized(wpa_s) && 1120 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1121 non_p2p_network_enabled(wpa_s)) { 1122 unsigned int num = wpa_s->num_multichan_concurrent; 1123 1124 params.freqs = os_calloc(num + 1, sizeof(int)); 1125 if (params.freqs) { 1126 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1127 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1128 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1129 } else { 1130 os_free(params.freqs); 1131 params.freqs = NULL; 1132 } 1133 } 1134 } 1135 #endif /* CONFIG_P2P */ 1136 1137 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1138 1139 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1140 !wpa_s->manual_scan_freqs) { 1141 /* Restore manual_scan_freqs for the next attempt */ 1142 wpa_s->manual_scan_freqs = params.freqs; 1143 params.freqs = NULL; 1144 } 1145 1146 wpabuf_free(extra_ie); 1147 os_free(params.freqs); 1148 os_free(params.filter_ssids); 1149 1150 if (ret) { 1151 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1152 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1153 wpa_supplicant_set_state(wpa_s, 1154 wpa_s->scan_prev_wpa_state); 1155 /* Restore scan_req since we will try to scan again */ 1156 wpa_s->scan_req = wpa_s->last_scan_req; 1157 wpa_supplicant_req_scan(wpa_s, 1, 0); 1158 } else { 1159 wpa_s->scan_for_connection = 0; 1160 #ifdef CONFIG_INTERWORKING 1161 wpa_s->interworking_fast_assoc_tried = 0; 1162 #endif /* CONFIG_INTERWORKING */ 1163 if (params.bssid) 1164 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1165 } 1166 } 1167 1168 1169 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1170 { 1171 struct os_reltime remaining, new_int; 1172 int cancelled; 1173 1174 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1175 &remaining); 1176 1177 new_int.sec = sec; 1178 new_int.usec = 0; 1179 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1180 new_int.sec = remaining.sec; 1181 new_int.usec = remaining.usec; 1182 } 1183 1184 if (cancelled) { 1185 eloop_register_timeout(new_int.sec, new_int.usec, 1186 wpa_supplicant_scan, wpa_s, NULL); 1187 } 1188 wpa_s->scan_interval = sec; 1189 } 1190 1191 1192 /** 1193 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1194 * @wpa_s: Pointer to wpa_supplicant data 1195 * @sec: Number of seconds after which to scan 1196 * @usec: Number of microseconds after which to scan 1197 * 1198 * This function is used to schedule a scan for neighboring access points after 1199 * the specified time. 1200 */ 1201 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1202 { 1203 int res; 1204 1205 if (wpa_s->p2p_mgmt) { 1206 wpa_dbg(wpa_s, MSG_DEBUG, 1207 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1208 sec, usec); 1209 return; 1210 } 1211 1212 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1213 NULL); 1214 if (res == 1) { 1215 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1216 sec, usec); 1217 } else if (res == 0) { 1218 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1219 sec, usec); 1220 } else { 1221 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1222 sec, usec); 1223 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1224 } 1225 } 1226 1227 1228 /** 1229 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1230 * @wpa_s: Pointer to wpa_supplicant data 1231 * @sec: Number of seconds after which to scan 1232 * @usec: Number of microseconds after which to scan 1233 * Returns: 0 on success or -1 otherwise 1234 * 1235 * This function is used to schedule periodic scans for neighboring 1236 * access points after the specified time. 1237 */ 1238 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1239 int sec, int usec) 1240 { 1241 if (!wpa_s->sched_scan_supported) 1242 return -1; 1243 1244 eloop_register_timeout(sec, usec, 1245 wpa_supplicant_delayed_sched_scan_timeout, 1246 wpa_s, NULL); 1247 1248 return 0; 1249 } 1250 1251 1252 static void 1253 wpa_scan_set_relative_rssi_params(struct wpa_supplicant *wpa_s, 1254 struct wpa_driver_scan_params *params) 1255 { 1256 if (wpa_s->wpa_state != WPA_COMPLETED || 1257 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI) || 1258 wpa_s->srp.relative_rssi_set == 0) 1259 return; 1260 1261 params->relative_rssi_set = 1; 1262 params->relative_rssi = wpa_s->srp.relative_rssi; 1263 1264 if (wpa_s->srp.relative_adjust_rssi == 0) 1265 return; 1266 1267 params->relative_adjust_band = wpa_s->srp.relative_adjust_band; 1268 params->relative_adjust_rssi = wpa_s->srp.relative_adjust_rssi; 1269 } 1270 1271 1272 /** 1273 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1274 * @wpa_s: Pointer to wpa_supplicant data 1275 * Returns: 0 is sched_scan was started or -1 otherwise 1276 * 1277 * This function is used to schedule periodic scans for neighboring 1278 * access points repeating the scan continuously. 1279 */ 1280 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1281 { 1282 struct wpa_driver_scan_params params; 1283 struct wpa_driver_scan_params *scan_params; 1284 enum wpa_states prev_state; 1285 struct wpa_ssid *ssid = NULL; 1286 struct wpabuf *extra_ie = NULL; 1287 int ret; 1288 unsigned int max_sched_scan_ssids; 1289 int wildcard = 0; 1290 int need_ssids; 1291 struct sched_scan_plan scan_plan; 1292 1293 if (!wpa_s->sched_scan_supported) 1294 return -1; 1295 1296 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1297 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1298 else 1299 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1300 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1301 return -1; 1302 1303 wpa_s->sched_scan_stop_req = 0; 1304 1305 if (wpa_s->sched_scanning) { 1306 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1307 return 0; 1308 } 1309 1310 need_ssids = 0; 1311 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1312 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1313 /* Use wildcard SSID to find this network */ 1314 wildcard = 1; 1315 } else if (!wpas_network_disabled(wpa_s, ssid) && 1316 ssid->ssid_len) 1317 need_ssids++; 1318 1319 #ifdef CONFIG_WPS 1320 if (!wpas_network_disabled(wpa_s, ssid) && 1321 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1322 /* 1323 * Normal scan is more reliable and faster for WPS 1324 * operations and since these are for short periods of 1325 * time, the benefit of trying to use sched_scan would 1326 * be limited. 1327 */ 1328 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1329 "sched_scan for WPS"); 1330 return -1; 1331 } 1332 #endif /* CONFIG_WPS */ 1333 } 1334 if (wildcard) 1335 need_ssids++; 1336 1337 if (wpa_s->normal_scans < 3 && 1338 (need_ssids <= wpa_s->max_scan_ssids || 1339 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1340 /* 1341 * When normal scan can speed up operations, use that for the 1342 * first operations before starting the sched_scan to allow 1343 * user space sleep more. We do this only if the normal scan 1344 * has functionality that is suitable for this or if the 1345 * sched_scan does not have better support for multiple SSIDs. 1346 */ 1347 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1348 "sched_scan for initial scans (normal_scans=%d)", 1349 wpa_s->normal_scans); 1350 return -1; 1351 } 1352 1353 os_memset(¶ms, 0, sizeof(params)); 1354 1355 /* If we can't allocate space for the filters, we just don't filter */ 1356 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1357 sizeof(struct wpa_driver_scan_filter)); 1358 1359 prev_state = wpa_s->wpa_state; 1360 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1361 wpa_s->wpa_state == WPA_INACTIVE) 1362 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1363 1364 if (wpa_s->autoscan_params != NULL) { 1365 scan_params = wpa_s->autoscan_params; 1366 goto scan; 1367 } 1368 1369 /* Find the starting point from which to continue scanning */ 1370 ssid = wpa_s->conf->ssid; 1371 if (wpa_s->prev_sched_ssid) { 1372 while (ssid) { 1373 if (ssid == wpa_s->prev_sched_ssid) { 1374 ssid = ssid->next; 1375 break; 1376 } 1377 ssid = ssid->next; 1378 } 1379 } 1380 1381 if (!ssid || !wpa_s->prev_sched_ssid) { 1382 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1383 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1384 wpa_s->first_sched_scan = 1; 1385 ssid = wpa_s->conf->ssid; 1386 wpa_s->prev_sched_ssid = ssid; 1387 } 1388 1389 if (wildcard) { 1390 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1391 params.num_ssids++; 1392 } 1393 1394 while (ssid) { 1395 if (wpas_network_disabled(wpa_s, ssid)) 1396 goto next; 1397 1398 if (params.num_filter_ssids < wpa_s->max_match_sets && 1399 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1400 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1401 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1402 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1403 ssid->ssid, ssid->ssid_len); 1404 params.filter_ssids[params.num_filter_ssids].ssid_len = 1405 ssid->ssid_len; 1406 params.num_filter_ssids++; 1407 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1408 { 1409 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1410 "filter for sched_scan - drop filter"); 1411 os_free(params.filter_ssids); 1412 params.filter_ssids = NULL; 1413 params.num_filter_ssids = 0; 1414 } 1415 1416 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1417 if (params.num_ssids == max_sched_scan_ssids) 1418 break; /* only room for broadcast SSID */ 1419 wpa_dbg(wpa_s, MSG_DEBUG, 1420 "add to active scan ssid: %s", 1421 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1422 params.ssids[params.num_ssids].ssid = 1423 ssid->ssid; 1424 params.ssids[params.num_ssids].ssid_len = 1425 ssid->ssid_len; 1426 params.num_ssids++; 1427 if (params.num_ssids >= max_sched_scan_ssids) { 1428 wpa_s->prev_sched_ssid = ssid; 1429 do { 1430 ssid = ssid->next; 1431 } while (ssid && 1432 (wpas_network_disabled(wpa_s, ssid) || 1433 !ssid->scan_ssid)); 1434 break; 1435 } 1436 } 1437 1438 next: 1439 wpa_s->prev_sched_ssid = ssid; 1440 ssid = ssid->next; 1441 } 1442 1443 if (params.num_filter_ssids == 0) { 1444 os_free(params.filter_ssids); 1445 params.filter_ssids = NULL; 1446 } 1447 1448 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1449 if (extra_ie) { 1450 params.extra_ies = wpabuf_head(extra_ie); 1451 params.extra_ies_len = wpabuf_len(extra_ie); 1452 } 1453 1454 if (wpa_s->conf->filter_rssi) 1455 params.filter_rssi = wpa_s->conf->filter_rssi; 1456 1457 /* See if user specified frequencies. If so, scan only those. */ 1458 if (wpa_s->conf->freq_list && !params.freqs) { 1459 wpa_dbg(wpa_s, MSG_DEBUG, 1460 "Optimize scan based on conf->freq_list"); 1461 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1462 } 1463 1464 scan_params = ¶ms; 1465 1466 scan: 1467 wpa_s->sched_scan_timed_out = 0; 1468 1469 /* 1470 * We cannot support multiple scan plans if the scan request includes 1471 * too many SSID's, so in this case use only the last scan plan and make 1472 * it run infinitely. It will be stopped by the timeout. 1473 */ 1474 if (wpa_s->sched_scan_plans_num == 1 || 1475 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1476 params.sched_scan_plans = wpa_s->sched_scan_plans; 1477 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1478 } else if (wpa_s->sched_scan_plans_num > 1) { 1479 wpa_dbg(wpa_s, MSG_DEBUG, 1480 "Too many SSIDs. Default to using single scheduled_scan plan"); 1481 params.sched_scan_plans = 1482 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1483 1]; 1484 params.sched_scan_plans_num = 1; 1485 } else { 1486 if (wpa_s->conf->sched_scan_interval) 1487 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1488 else 1489 scan_plan.interval = 10; 1490 1491 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1492 wpa_printf(MSG_WARNING, 1493 "Scan interval too long(%u), use the maximum allowed(%u)", 1494 scan_plan.interval, 1495 wpa_s->max_sched_scan_plan_interval); 1496 scan_plan.interval = 1497 wpa_s->max_sched_scan_plan_interval; 1498 } 1499 1500 scan_plan.iterations = 0; 1501 params.sched_scan_plans = &scan_plan; 1502 params.sched_scan_plans_num = 1; 1503 } 1504 1505 if (ssid || !wpa_s->first_sched_scan) { 1506 wpa_dbg(wpa_s, MSG_DEBUG, 1507 "Starting sched scan: interval %u timeout %d", 1508 params.sched_scan_plans[0].interval, 1509 wpa_s->sched_scan_timeout); 1510 } else { 1511 wpa_dbg(wpa_s, MSG_DEBUG, "Starting sched scan (no timeout)"); 1512 } 1513 1514 wpa_setband_scan_freqs(wpa_s, scan_params); 1515 1516 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) && 1517 wpa_s->wpa_state <= WPA_SCANNING) { 1518 params.mac_addr_rand = 1; 1519 if (wpa_s->mac_addr_sched_scan) { 1520 params.mac_addr = wpa_s->mac_addr_sched_scan; 1521 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1522 ETH_ALEN; 1523 } 1524 } 1525 1526 wpa_scan_set_relative_rssi_params(wpa_s, scan_params); 1527 1528 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1529 wpabuf_free(extra_ie); 1530 os_free(params.filter_ssids); 1531 if (ret) { 1532 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1533 if (prev_state != wpa_s->wpa_state) 1534 wpa_supplicant_set_state(wpa_s, prev_state); 1535 return ret; 1536 } 1537 1538 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1539 if (ssid || !wpa_s->first_sched_scan) { 1540 wpa_s->sched_scan_timed_out = 0; 1541 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1542 wpa_supplicant_sched_scan_timeout, 1543 wpa_s, NULL); 1544 wpa_s->first_sched_scan = 0; 1545 wpa_s->sched_scan_timeout /= 2; 1546 params.sched_scan_plans[0].interval *= 2; 1547 if ((unsigned int) wpa_s->sched_scan_timeout < 1548 params.sched_scan_plans[0].interval || 1549 params.sched_scan_plans[0].interval > 1550 wpa_s->max_sched_scan_plan_interval) { 1551 params.sched_scan_plans[0].interval = 10; 1552 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1553 } 1554 } 1555 1556 /* If there is no more ssids, start next time from the beginning */ 1557 if (!ssid) 1558 wpa_s->prev_sched_ssid = NULL; 1559 1560 return 0; 1561 } 1562 1563 1564 /** 1565 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1566 * @wpa_s: Pointer to wpa_supplicant data 1567 * 1568 * This function is used to cancel a scan request scheduled with 1569 * wpa_supplicant_req_scan(). 1570 */ 1571 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1572 { 1573 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1574 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1575 } 1576 1577 1578 /** 1579 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1580 * @wpa_s: Pointer to wpa_supplicant data 1581 * 1582 * This function is used to stop a delayed scheduled scan. 1583 */ 1584 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1585 { 1586 if (!wpa_s->sched_scan_supported) 1587 return; 1588 1589 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1590 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1591 wpa_s, NULL); 1592 } 1593 1594 1595 /** 1596 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1597 * @wpa_s: Pointer to wpa_supplicant data 1598 * 1599 * This function is used to stop a periodic scheduled scan. 1600 */ 1601 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1602 { 1603 if (!wpa_s->sched_scanning) 1604 return; 1605 1606 if (wpa_s->sched_scanning) 1607 wpa_s->sched_scan_stop_req = 1; 1608 1609 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1610 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1611 wpa_supplicant_stop_sched_scan(wpa_s); 1612 } 1613 1614 1615 /** 1616 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1617 * @wpa_s: Pointer to wpa_supplicant data 1618 * @scanning: Whether scanning is currently in progress 1619 * 1620 * This function is to generate scanning notifycations. It is called whenever 1621 * there may have been a change in scanning (scan started, completed, stopped). 1622 * wpas_notify_scanning() is called whenever the scanning state changed from the 1623 * previously notified state. 1624 */ 1625 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1626 int scanning) 1627 { 1628 if (wpa_s->scanning != scanning) { 1629 wpa_s->scanning = scanning; 1630 wpas_notify_scanning(wpa_s); 1631 } 1632 } 1633 1634 1635 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1636 { 1637 int rate = 0; 1638 const u8 *ie; 1639 int i; 1640 1641 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1642 for (i = 0; ie && i < ie[1]; i++) { 1643 if ((ie[i + 2] & 0x7f) > rate) 1644 rate = ie[i + 2] & 0x7f; 1645 } 1646 1647 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1648 for (i = 0; ie && i < ie[1]; i++) { 1649 if ((ie[i + 2] & 0x7f) > rate) 1650 rate = ie[i + 2] & 0x7f; 1651 } 1652 1653 return rate; 1654 } 1655 1656 1657 /** 1658 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1659 * @res: Scan result entry 1660 * @ie: Information element identitifier (WLAN_EID_*) 1661 * Returns: Pointer to the information element (id field) or %NULL if not found 1662 * 1663 * This function returns the first matching information element in the scan 1664 * result. 1665 */ 1666 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1667 { 1668 size_t ie_len = res->ie_len; 1669 1670 /* Use the Beacon frame IEs if res->ie_len is not available */ 1671 if (!ie_len) 1672 ie_len = res->beacon_ie_len; 1673 1674 return get_ie((const u8 *) (res + 1), ie_len, ie); 1675 } 1676 1677 1678 /** 1679 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1680 * @res: Scan result entry 1681 * @vendor_type: Vendor type (four octets starting the IE payload) 1682 * Returns: Pointer to the information element (id field) or %NULL if not found 1683 * 1684 * This function returns the first matching information element in the scan 1685 * result. 1686 */ 1687 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1688 u32 vendor_type) 1689 { 1690 const u8 *end, *pos; 1691 1692 pos = (const u8 *) (res + 1); 1693 end = pos + res->ie_len; 1694 1695 while (end - pos > 1) { 1696 if (2 + pos[1] > end - pos) 1697 break; 1698 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1699 vendor_type == WPA_GET_BE32(&pos[2])) 1700 return pos; 1701 pos += 2 + pos[1]; 1702 } 1703 1704 return NULL; 1705 } 1706 1707 1708 /** 1709 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1710 * @res: Scan result entry 1711 * @vendor_type: Vendor type (four octets starting the IE payload) 1712 * Returns: Pointer to the information element (id field) or %NULL if not found 1713 * 1714 * This function returns the first matching information element in the scan 1715 * result. 1716 * 1717 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1718 * from Beacon frames instead of either Beacon or Probe Response frames. 1719 */ 1720 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1721 u32 vendor_type) 1722 { 1723 const u8 *end, *pos; 1724 1725 if (res->beacon_ie_len == 0) 1726 return NULL; 1727 1728 pos = (const u8 *) (res + 1); 1729 pos += res->ie_len; 1730 end = pos + res->beacon_ie_len; 1731 1732 while (end - pos > 1) { 1733 if (2 + pos[1] > end - pos) 1734 break; 1735 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1736 vendor_type == WPA_GET_BE32(&pos[2])) 1737 return pos; 1738 pos += 2 + pos[1]; 1739 } 1740 1741 return NULL; 1742 } 1743 1744 1745 /** 1746 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1747 * @res: Scan result entry 1748 * @vendor_type: Vendor type (four octets starting the IE payload) 1749 * Returns: Pointer to the information element payload or %NULL if not found 1750 * 1751 * This function returns concatenated payload of possibly fragmented vendor 1752 * specific information elements in the scan result. The caller is responsible 1753 * for freeing the returned buffer. 1754 */ 1755 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1756 u32 vendor_type) 1757 { 1758 struct wpabuf *buf; 1759 const u8 *end, *pos; 1760 1761 buf = wpabuf_alloc(res->ie_len); 1762 if (buf == NULL) 1763 return NULL; 1764 1765 pos = (const u8 *) (res + 1); 1766 end = pos + res->ie_len; 1767 1768 while (end - pos > 1) { 1769 if (2 + pos[1] > end - pos) 1770 break; 1771 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1772 vendor_type == WPA_GET_BE32(&pos[2])) 1773 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1774 pos += 2 + pos[1]; 1775 } 1776 1777 if (wpabuf_len(buf) == 0) { 1778 wpabuf_free(buf); 1779 buf = NULL; 1780 } 1781 1782 return buf; 1783 } 1784 1785 1786 /* 1787 * Channels with a great SNR can operate at full rate. What is a great SNR? 1788 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1789 * rule of thumb is that any SNR above 20 is good." This one 1790 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1791 * recommends 25 as a minimum SNR for 54 Mbps data rate. The estimates used in 1792 * scan_est_throughput() allow even smaller SNR values for the maximum rates 1793 * (21 for 54 Mbps, 22 for VHT80 MCS9, 24 for HT40 and HT20 MCS7). Use 25 as a 1794 * somewhat conservative value here. 1795 */ 1796 #define GREAT_SNR 25 1797 1798 #define IS_5GHZ(n) (n > 4000) 1799 1800 /* Compare function for sorting scan results. Return >0 if @b is considered 1801 * better. */ 1802 static int wpa_scan_result_compar(const void *a, const void *b) 1803 { 1804 #define MIN(a,b) a < b ? a : b 1805 struct wpa_scan_res **_wa = (void *) a; 1806 struct wpa_scan_res **_wb = (void *) b; 1807 struct wpa_scan_res *wa = *_wa; 1808 struct wpa_scan_res *wb = *_wb; 1809 int wpa_a, wpa_b; 1810 int snr_a, snr_b, snr_a_full, snr_b_full; 1811 1812 /* WPA/WPA2 support preferred */ 1813 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1814 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1815 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1816 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1817 1818 if (wpa_b && !wpa_a) 1819 return 1; 1820 if (!wpa_b && wpa_a) 1821 return -1; 1822 1823 /* privacy support preferred */ 1824 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1825 (wb->caps & IEEE80211_CAP_PRIVACY)) 1826 return 1; 1827 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1828 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1829 return -1; 1830 1831 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1832 snr_a_full = wa->snr; 1833 snr_a = MIN(wa->snr, GREAT_SNR); 1834 snr_b_full = wb->snr; 1835 snr_b = MIN(wb->snr, GREAT_SNR); 1836 } else { 1837 /* Level is not in dBm, so we can't calculate 1838 * SNR. Just use raw level (units unknown). */ 1839 snr_a = snr_a_full = wa->level; 1840 snr_b = snr_b_full = wb->level; 1841 } 1842 1843 /* if SNR is close, decide by max rate or frequency band */ 1844 if (snr_a && snr_b && abs(snr_b - snr_a) < 7) { 1845 if (wa->est_throughput != wb->est_throughput) 1846 return wb->est_throughput - wa->est_throughput; 1847 } 1848 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1849 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1850 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1851 return IS_5GHZ(wa->freq) ? -1 : 1; 1852 } 1853 1854 /* all things being equal, use SNR; if SNRs are 1855 * identical, use quality values since some drivers may only report 1856 * that value and leave the signal level zero */ 1857 if (snr_b_full == snr_a_full) 1858 return wb->qual - wa->qual; 1859 return snr_b_full - snr_a_full; 1860 #undef MIN 1861 } 1862 1863 1864 #ifdef CONFIG_WPS 1865 /* Compare function for sorting scan results when searching a WPS AP for 1866 * provisioning. Return >0 if @b is considered better. */ 1867 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1868 { 1869 struct wpa_scan_res **_wa = (void *) a; 1870 struct wpa_scan_res **_wb = (void *) b; 1871 struct wpa_scan_res *wa = *_wa; 1872 struct wpa_scan_res *wb = *_wb; 1873 int uses_wps_a, uses_wps_b; 1874 struct wpabuf *wps_a, *wps_b; 1875 int res; 1876 1877 /* Optimization - check WPS IE existence before allocated memory and 1878 * doing full reassembly. */ 1879 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1880 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1881 if (uses_wps_a && !uses_wps_b) 1882 return -1; 1883 if (!uses_wps_a && uses_wps_b) 1884 return 1; 1885 1886 if (uses_wps_a && uses_wps_b) { 1887 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1888 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1889 res = wps_ap_priority_compar(wps_a, wps_b); 1890 wpabuf_free(wps_a); 1891 wpabuf_free(wps_b); 1892 if (res) 1893 return res; 1894 } 1895 1896 /* 1897 * Do not use current AP security policy as a sorting criteria during 1898 * WPS provisioning step since the AP may get reconfigured at the 1899 * completion of provisioning. 1900 */ 1901 1902 /* all things being equal, use signal level; if signal levels are 1903 * identical, use quality values since some drivers may only report 1904 * that value and leave the signal level zero */ 1905 if (wb->level == wa->level) 1906 return wb->qual - wa->qual; 1907 return wb->level - wa->level; 1908 } 1909 #endif /* CONFIG_WPS */ 1910 1911 1912 static void dump_scan_res(struct wpa_scan_results *scan_res) 1913 { 1914 #ifndef CONFIG_NO_STDOUT_DEBUG 1915 size_t i; 1916 1917 if (scan_res->res == NULL || scan_res->num == 0) 1918 return; 1919 1920 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1921 1922 for (i = 0; i < scan_res->num; i++) { 1923 struct wpa_scan_res *r = scan_res->res[i]; 1924 u8 *pos; 1925 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1926 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1927 1928 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1929 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1930 MAC2STR(r->bssid), r->freq, r->qual, 1931 r->noise, noise_valid ? "" : "~", r->level, 1932 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1933 r->flags, 1934 r->age, r->est_throughput); 1935 } else { 1936 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1937 "noise=%d level=%d flags=0x%x age=%u est=%u", 1938 MAC2STR(r->bssid), r->freq, r->qual, 1939 r->noise, r->level, r->flags, r->age, 1940 r->est_throughput); 1941 } 1942 pos = (u8 *) (r + 1); 1943 if (r->ie_len) 1944 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1945 pos += r->ie_len; 1946 if (r->beacon_ie_len) 1947 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1948 pos, r->beacon_ie_len); 1949 } 1950 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1951 } 1952 1953 1954 /** 1955 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1956 * @wpa_s: Pointer to wpa_supplicant data 1957 * @bssid: BSSID to check 1958 * Returns: 0 if the BSSID is filtered or 1 if not 1959 * 1960 * This function is used to filter out specific BSSIDs from scan reslts mainly 1961 * for testing purposes (SET bssid_filter ctrl_iface command). 1962 */ 1963 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1964 const u8 *bssid) 1965 { 1966 size_t i; 1967 1968 if (wpa_s->bssid_filter == NULL) 1969 return 1; 1970 1971 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1972 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1973 ETH_ALEN) == 0) 1974 return 1; 1975 } 1976 1977 return 0; 1978 } 1979 1980 1981 void filter_scan_res(struct wpa_supplicant *wpa_s, 1982 struct wpa_scan_results *res) 1983 { 1984 size_t i, j; 1985 1986 if (wpa_s->bssid_filter == NULL) 1987 return; 1988 1989 for (i = 0, j = 0; i < res->num; i++) { 1990 if (wpa_supplicant_filter_bssid_match(wpa_s, 1991 res->res[i]->bssid)) { 1992 res->res[j++] = res->res[i]; 1993 } else { 1994 os_free(res->res[i]); 1995 res->res[i] = NULL; 1996 } 1997 } 1998 1999 if (res->num != j) { 2000 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 2001 (int) (res->num - j)); 2002 res->num = j; 2003 } 2004 } 2005 2006 2007 /* 2008 * Noise floor values to use when we have signal strength 2009 * measurements, but no noise floor measurements. These values were 2010 * measured in an office environment with many APs. 2011 */ 2012 #define DEFAULT_NOISE_FLOOR_2GHZ (-89) 2013 #define DEFAULT_NOISE_FLOOR_5GHZ (-92) 2014 2015 void scan_snr(struct wpa_scan_res *res) 2016 { 2017 if (res->flags & WPA_SCAN_NOISE_INVALID) { 2018 res->noise = IS_5GHZ(res->freq) ? 2019 DEFAULT_NOISE_FLOOR_5GHZ : 2020 DEFAULT_NOISE_FLOOR_2GHZ; 2021 } 2022 2023 if (res->flags & WPA_SCAN_LEVEL_DBM) { 2024 res->snr = res->level - res->noise; 2025 } else { 2026 /* Level is not in dBm, so we can't calculate 2027 * SNR. Just use raw level (units unknown). */ 2028 res->snr = res->level; 2029 } 2030 } 2031 2032 2033 static unsigned int max_ht20_rate(int snr) 2034 { 2035 if (snr < 6) 2036 return 6500; /* HT20 MCS0 */ 2037 if (snr < 8) 2038 return 13000; /* HT20 MCS1 */ 2039 if (snr < 13) 2040 return 19500; /* HT20 MCS2 */ 2041 if (snr < 17) 2042 return 26000; /* HT20 MCS3 */ 2043 if (snr < 20) 2044 return 39000; /* HT20 MCS4 */ 2045 if (snr < 23) 2046 return 52000; /* HT20 MCS5 */ 2047 if (snr < 24) 2048 return 58500; /* HT20 MCS6 */ 2049 return 65000; /* HT20 MCS7 */ 2050 } 2051 2052 2053 static unsigned int max_ht40_rate(int snr) 2054 { 2055 if (snr < 3) 2056 return 13500; /* HT40 MCS0 */ 2057 if (snr < 6) 2058 return 27000; /* HT40 MCS1 */ 2059 if (snr < 10) 2060 return 40500; /* HT40 MCS2 */ 2061 if (snr < 15) 2062 return 54000; /* HT40 MCS3 */ 2063 if (snr < 17) 2064 return 81000; /* HT40 MCS4 */ 2065 if (snr < 22) 2066 return 108000; /* HT40 MCS5 */ 2067 if (snr < 24) 2068 return 121500; /* HT40 MCS6 */ 2069 return 135000; /* HT40 MCS7 */ 2070 } 2071 2072 2073 static unsigned int max_vht80_rate(int snr) 2074 { 2075 if (snr < 1) 2076 return 0; 2077 if (snr < 2) 2078 return 29300; /* VHT80 MCS0 */ 2079 if (snr < 5) 2080 return 58500; /* VHT80 MCS1 */ 2081 if (snr < 9) 2082 return 87800; /* VHT80 MCS2 */ 2083 if (snr < 11) 2084 return 117000; /* VHT80 MCS3 */ 2085 if (snr < 15) 2086 return 175500; /* VHT80 MCS4 */ 2087 if (snr < 16) 2088 return 234000; /* VHT80 MCS5 */ 2089 if (snr < 18) 2090 return 263300; /* VHT80 MCS6 */ 2091 if (snr < 20) 2092 return 292500; /* VHT80 MCS7 */ 2093 if (snr < 22) 2094 return 351000; /* VHT80 MCS8 */ 2095 return 390000; /* VHT80 MCS9 */ 2096 } 2097 2098 2099 void scan_est_throughput(struct wpa_supplicant *wpa_s, 2100 struct wpa_scan_res *res) 2101 { 2102 enum local_hw_capab capab = wpa_s->hw_capab; 2103 int rate; /* max legacy rate in 500 kb/s units */ 2104 const u8 *ie; 2105 unsigned int est, tmp; 2106 int snr = res->snr; 2107 2108 if (res->est_throughput) 2109 return; 2110 2111 /* Get maximum legacy rate */ 2112 rate = wpa_scan_get_max_rate(res); 2113 2114 /* Limit based on estimated SNR */ 2115 if (rate > 1 * 2 && snr < 1) 2116 rate = 1 * 2; 2117 else if (rate > 2 * 2 && snr < 4) 2118 rate = 2 * 2; 2119 else if (rate > 6 * 2 && snr < 5) 2120 rate = 6 * 2; 2121 else if (rate > 9 * 2 && snr < 6) 2122 rate = 9 * 2; 2123 else if (rate > 12 * 2 && snr < 7) 2124 rate = 12 * 2; 2125 else if (rate > 18 * 2 && snr < 10) 2126 rate = 18 * 2; 2127 else if (rate > 24 * 2 && snr < 11) 2128 rate = 24 * 2; 2129 else if (rate > 36 * 2 && snr < 15) 2130 rate = 36 * 2; 2131 else if (rate > 48 * 2 && snr < 19) 2132 rate = 48 * 2; 2133 else if (rate > 54 * 2 && snr < 21) 2134 rate = 54 * 2; 2135 est = rate * 500; 2136 2137 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2138 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 2139 if (ie) { 2140 tmp = max_ht20_rate(snr); 2141 if (tmp > est) 2142 est = tmp; 2143 } 2144 } 2145 2146 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2147 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2148 if (ie && ie[1] >= 2 && 2149 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2150 tmp = max_ht40_rate(snr); 2151 if (tmp > est) 2152 est = tmp; 2153 } 2154 } 2155 2156 if (capab == CAPAB_VHT) { 2157 /* Use +1 to assume VHT is always faster than HT */ 2158 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 2159 if (ie) { 2160 tmp = max_ht20_rate(snr) + 1; 2161 if (tmp > est) 2162 est = tmp; 2163 2164 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2165 if (ie && ie[1] >= 2 && 2166 (ie[3] & 2167 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2168 tmp = max_ht40_rate(snr) + 1; 2169 if (tmp > est) 2170 est = tmp; 2171 } 2172 2173 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 2174 if (ie && ie[1] >= 1 && 2175 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 2176 tmp = max_vht80_rate(snr) + 1; 2177 if (tmp > est) 2178 est = tmp; 2179 } 2180 } 2181 } 2182 2183 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2184 2185 res->est_throughput = est; 2186 } 2187 2188 2189 /** 2190 * wpa_supplicant_get_scan_results - Get scan results 2191 * @wpa_s: Pointer to wpa_supplicant data 2192 * @info: Information about what was scanned or %NULL if not available 2193 * @new_scan: Whether a new scan was performed 2194 * Returns: Scan results, %NULL on failure 2195 * 2196 * This function request the current scan results from the driver and updates 2197 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2198 * results with wpa_scan_results_free(). 2199 */ 2200 struct wpa_scan_results * 2201 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2202 struct scan_info *info, int new_scan) 2203 { 2204 struct wpa_scan_results *scan_res; 2205 size_t i; 2206 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2207 2208 scan_res = wpa_drv_get_scan_results2(wpa_s); 2209 if (scan_res == NULL) { 2210 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2211 return NULL; 2212 } 2213 if (scan_res->fetch_time.sec == 0) { 2214 /* 2215 * Make sure we have a valid timestamp if the driver wrapper 2216 * does not set this. 2217 */ 2218 os_get_reltime(&scan_res->fetch_time); 2219 } 2220 filter_scan_res(wpa_s, scan_res); 2221 2222 for (i = 0; i < scan_res->num; i++) { 2223 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2224 2225 scan_snr(scan_res_item); 2226 scan_est_throughput(wpa_s, scan_res_item); 2227 } 2228 2229 #ifdef CONFIG_WPS 2230 if (wpas_wps_searching(wpa_s)) { 2231 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2232 "provisioning rules"); 2233 compar = wpa_scan_result_wps_compar; 2234 } 2235 #endif /* CONFIG_WPS */ 2236 2237 if (scan_res->res) { 2238 qsort(scan_res->res, scan_res->num, 2239 sizeof(struct wpa_scan_res *), compar); 2240 } 2241 dump_scan_res(scan_res); 2242 2243 if (wpa_s->ignore_post_flush_scan_res) { 2244 /* FLUSH command aborted an ongoing scan and these are the 2245 * results from the aborted scan. Do not process the results to 2246 * maintain flushed state. */ 2247 wpa_dbg(wpa_s, MSG_DEBUG, 2248 "Do not update BSS table based on pending post-FLUSH scan results"); 2249 wpa_s->ignore_post_flush_scan_res = 0; 2250 return scan_res; 2251 } 2252 2253 wpa_bss_update_start(wpa_s); 2254 for (i = 0; i < scan_res->num; i++) 2255 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2256 &scan_res->fetch_time); 2257 wpa_bss_update_end(wpa_s, info, new_scan); 2258 2259 return scan_res; 2260 } 2261 2262 2263 /** 2264 * wpa_supplicant_update_scan_results - Update scan results from the driver 2265 * @wpa_s: Pointer to wpa_supplicant data 2266 * Returns: 0 on success, -1 on failure 2267 * 2268 * This function updates the BSS table within wpa_supplicant based on the 2269 * currently available scan results from the driver without requesting a new 2270 * scan. This is used in cases where the driver indicates an association 2271 * (including roaming within ESS) and wpa_supplicant does not yet have the 2272 * needed information to complete the connection (e.g., to perform validation 2273 * steps in 4-way handshake). 2274 */ 2275 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2276 { 2277 struct wpa_scan_results *scan_res; 2278 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2279 if (scan_res == NULL) 2280 return -1; 2281 wpa_scan_results_free(scan_res); 2282 2283 return 0; 2284 } 2285 2286 2287 /** 2288 * scan_only_handler - Reports scan results 2289 */ 2290 void scan_only_handler(struct wpa_supplicant *wpa_s, 2291 struct wpa_scan_results *scan_res) 2292 { 2293 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2294 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2295 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2296 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2297 wpa_s->manual_scan_id); 2298 wpa_s->manual_scan_use_id = 0; 2299 } else { 2300 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2301 } 2302 wpas_notify_scan_results(wpa_s); 2303 wpas_notify_scan_done(wpa_s, 1); 2304 if (wpa_s->scan_work) { 2305 struct wpa_radio_work *work = wpa_s->scan_work; 2306 wpa_s->scan_work = NULL; 2307 radio_work_done(work); 2308 } 2309 2310 if (wpa_s->wpa_state == WPA_SCANNING) 2311 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 2312 } 2313 2314 2315 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2316 { 2317 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2318 } 2319 2320 2321 struct wpa_driver_scan_params * 2322 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2323 { 2324 struct wpa_driver_scan_params *params; 2325 size_t i; 2326 u8 *n; 2327 2328 params = os_zalloc(sizeof(*params)); 2329 if (params == NULL) 2330 return NULL; 2331 2332 for (i = 0; i < src->num_ssids; i++) { 2333 if (src->ssids[i].ssid) { 2334 n = os_malloc(src->ssids[i].ssid_len); 2335 if (n == NULL) 2336 goto failed; 2337 os_memcpy(n, src->ssids[i].ssid, 2338 src->ssids[i].ssid_len); 2339 params->ssids[i].ssid = n; 2340 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2341 } 2342 } 2343 params->num_ssids = src->num_ssids; 2344 2345 if (src->extra_ies) { 2346 n = os_malloc(src->extra_ies_len); 2347 if (n == NULL) 2348 goto failed; 2349 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2350 params->extra_ies = n; 2351 params->extra_ies_len = src->extra_ies_len; 2352 } 2353 2354 if (src->freqs) { 2355 int len = int_array_len(src->freqs); 2356 params->freqs = os_malloc((len + 1) * sizeof(int)); 2357 if (params->freqs == NULL) 2358 goto failed; 2359 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2360 } 2361 2362 if (src->filter_ssids) { 2363 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2364 src->num_filter_ssids); 2365 if (params->filter_ssids == NULL) 2366 goto failed; 2367 os_memcpy(params->filter_ssids, src->filter_ssids, 2368 sizeof(*params->filter_ssids) * 2369 src->num_filter_ssids); 2370 params->num_filter_ssids = src->num_filter_ssids; 2371 } 2372 2373 params->filter_rssi = src->filter_rssi; 2374 params->p2p_probe = src->p2p_probe; 2375 params->only_new_results = src->only_new_results; 2376 params->low_priority = src->low_priority; 2377 params->duration = src->duration; 2378 params->duration_mandatory = src->duration_mandatory; 2379 2380 if (src->sched_scan_plans_num > 0) { 2381 params->sched_scan_plans = 2382 os_malloc(sizeof(*src->sched_scan_plans) * 2383 src->sched_scan_plans_num); 2384 if (!params->sched_scan_plans) 2385 goto failed; 2386 2387 os_memcpy(params->sched_scan_plans, src->sched_scan_plans, 2388 sizeof(*src->sched_scan_plans) * 2389 src->sched_scan_plans_num); 2390 params->sched_scan_plans_num = src->sched_scan_plans_num; 2391 } 2392 2393 if (src->mac_addr_rand) { 2394 params->mac_addr_rand = src->mac_addr_rand; 2395 2396 if (src->mac_addr && src->mac_addr_mask) { 2397 u8 *mac_addr; 2398 2399 mac_addr = os_malloc(2 * ETH_ALEN); 2400 if (!mac_addr) 2401 goto failed; 2402 2403 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2404 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2405 ETH_ALEN); 2406 params->mac_addr = mac_addr; 2407 params->mac_addr_mask = mac_addr + ETH_ALEN; 2408 } 2409 } 2410 2411 if (src->bssid) { 2412 u8 *bssid; 2413 2414 bssid = os_malloc(ETH_ALEN); 2415 if (!bssid) 2416 goto failed; 2417 os_memcpy(bssid, src->bssid, ETH_ALEN); 2418 params->bssid = bssid; 2419 } 2420 2421 params->relative_rssi_set = src->relative_rssi_set; 2422 params->relative_rssi = src->relative_rssi; 2423 params->relative_adjust_band = src->relative_adjust_band; 2424 params->relative_adjust_rssi = src->relative_adjust_rssi; 2425 return params; 2426 2427 failed: 2428 wpa_scan_free_params(params); 2429 return NULL; 2430 } 2431 2432 2433 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2434 { 2435 size_t i; 2436 2437 if (params == NULL) 2438 return; 2439 2440 for (i = 0; i < params->num_ssids; i++) 2441 os_free((u8 *) params->ssids[i].ssid); 2442 os_free((u8 *) params->extra_ies); 2443 os_free(params->freqs); 2444 os_free(params->filter_ssids); 2445 os_free(params->sched_scan_plans); 2446 2447 /* 2448 * Note: params->mac_addr_mask points to same memory allocation and 2449 * must not be freed separately. 2450 */ 2451 os_free((u8 *) params->mac_addr); 2452 2453 os_free((u8 *) params->bssid); 2454 2455 os_free(params); 2456 } 2457 2458 2459 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2460 { 2461 int ret, prio; 2462 size_t i, num_ssid, num_match_ssid; 2463 struct wpa_ssid *ssid; 2464 struct wpa_driver_scan_params params; 2465 struct sched_scan_plan scan_plan; 2466 unsigned int max_sched_scan_ssids; 2467 2468 if (!wpa_s->sched_scan_supported) 2469 return -1; 2470 2471 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 2472 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 2473 else 2474 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 2475 if (max_sched_scan_ssids < 1) 2476 return -1; 2477 2478 if (wpa_s->pno || wpa_s->pno_sched_pending) 2479 return 0; 2480 2481 if ((wpa_s->wpa_state > WPA_SCANNING) && 2482 (wpa_s->wpa_state < WPA_COMPLETED)) { 2483 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2484 return -EAGAIN; 2485 } 2486 2487 if (wpa_s->wpa_state == WPA_SCANNING) { 2488 wpa_supplicant_cancel_scan(wpa_s); 2489 if (wpa_s->sched_scanning) { 2490 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2491 "ongoing sched scan"); 2492 wpa_supplicant_cancel_sched_scan(wpa_s); 2493 wpa_s->pno_sched_pending = 1; 2494 return 0; 2495 } 2496 } 2497 2498 if (wpa_s->sched_scan_stop_req) { 2499 wpa_printf(MSG_DEBUG, 2500 "Schedule PNO after previous sched scan has stopped"); 2501 wpa_s->pno_sched_pending = 1; 2502 return 0; 2503 } 2504 2505 os_memset(¶ms, 0, sizeof(params)); 2506 2507 num_ssid = num_match_ssid = 0; 2508 ssid = wpa_s->conf->ssid; 2509 while (ssid) { 2510 if (!wpas_network_disabled(wpa_s, ssid)) { 2511 num_match_ssid++; 2512 if (ssid->scan_ssid) 2513 num_ssid++; 2514 } 2515 ssid = ssid->next; 2516 } 2517 2518 if (num_match_ssid == 0) { 2519 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2520 return -1; 2521 } 2522 2523 if (num_match_ssid > num_ssid) { 2524 params.num_ssids++; /* wildcard */ 2525 num_ssid++; 2526 } 2527 2528 if (num_ssid > max_sched_scan_ssids) { 2529 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2530 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 2531 num_ssid = max_sched_scan_ssids; 2532 } 2533 2534 if (num_match_ssid > wpa_s->max_match_sets) { 2535 num_match_ssid = wpa_s->max_match_sets; 2536 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2537 } 2538 params.filter_ssids = os_calloc(num_match_ssid, 2539 sizeof(struct wpa_driver_scan_filter)); 2540 if (params.filter_ssids == NULL) 2541 return -1; 2542 2543 i = 0; 2544 prio = 0; 2545 ssid = wpa_s->conf->pssid[prio]; 2546 while (ssid) { 2547 if (!wpas_network_disabled(wpa_s, ssid)) { 2548 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2549 params.ssids[params.num_ssids].ssid = 2550 ssid->ssid; 2551 params.ssids[params.num_ssids].ssid_len = 2552 ssid->ssid_len; 2553 params.num_ssids++; 2554 } 2555 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2556 ssid->ssid_len); 2557 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2558 params.num_filter_ssids++; 2559 i++; 2560 if (i == num_match_ssid) 2561 break; 2562 } 2563 if (ssid->pnext) 2564 ssid = ssid->pnext; 2565 else if (prio + 1 == wpa_s->conf->num_prio) 2566 break; 2567 else 2568 ssid = wpa_s->conf->pssid[++prio]; 2569 } 2570 2571 if (wpa_s->conf->filter_rssi) 2572 params.filter_rssi = wpa_s->conf->filter_rssi; 2573 2574 if (wpa_s->sched_scan_plans_num) { 2575 params.sched_scan_plans = wpa_s->sched_scan_plans; 2576 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 2577 } else { 2578 /* Set one scan plan that will run infinitely */ 2579 if (wpa_s->conf->sched_scan_interval) 2580 scan_plan.interval = wpa_s->conf->sched_scan_interval; 2581 else 2582 scan_plan.interval = 10; 2583 2584 scan_plan.iterations = 0; 2585 params.sched_scan_plans = &scan_plan; 2586 params.sched_scan_plans_num = 1; 2587 } 2588 2589 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2590 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2591 params.freqs = wpa_s->manual_sched_scan_freqs; 2592 } 2593 2594 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) && 2595 wpa_s->wpa_state <= WPA_SCANNING) { 2596 params.mac_addr_rand = 1; 2597 if (wpa_s->mac_addr_pno) { 2598 params.mac_addr = wpa_s->mac_addr_pno; 2599 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2600 } 2601 } 2602 2603 wpa_scan_set_relative_rssi_params(wpa_s, ¶ms); 2604 2605 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 2606 os_free(params.filter_ssids); 2607 if (ret == 0) 2608 wpa_s->pno = 1; 2609 else 2610 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2611 return ret; 2612 } 2613 2614 2615 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2616 { 2617 int ret = 0; 2618 2619 if (!wpa_s->pno) 2620 return 0; 2621 2622 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2623 wpa_s->sched_scan_stop_req = 1; 2624 2625 wpa_s->pno = 0; 2626 wpa_s->pno_sched_pending = 0; 2627 2628 if (wpa_s->wpa_state == WPA_SCANNING) 2629 wpa_supplicant_req_scan(wpa_s, 0, 0); 2630 2631 return ret; 2632 } 2633 2634 2635 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2636 unsigned int type) 2637 { 2638 type &= MAC_ADDR_RAND_ALL; 2639 wpa_s->mac_addr_rand_enable &= ~type; 2640 2641 if (type & MAC_ADDR_RAND_SCAN) { 2642 os_free(wpa_s->mac_addr_scan); 2643 wpa_s->mac_addr_scan = NULL; 2644 } 2645 2646 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2647 os_free(wpa_s->mac_addr_sched_scan); 2648 wpa_s->mac_addr_sched_scan = NULL; 2649 } 2650 2651 if (type & MAC_ADDR_RAND_PNO) { 2652 os_free(wpa_s->mac_addr_pno); 2653 wpa_s->mac_addr_pno = NULL; 2654 } 2655 } 2656 2657 2658 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2659 unsigned int type, const u8 *addr, 2660 const u8 *mask) 2661 { 2662 u8 *tmp = NULL; 2663 2664 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2665 2666 if (addr) { 2667 tmp = os_malloc(2 * ETH_ALEN); 2668 if (!tmp) 2669 return -1; 2670 os_memcpy(tmp, addr, ETH_ALEN); 2671 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2672 } 2673 2674 if (type == MAC_ADDR_RAND_SCAN) { 2675 wpa_s->mac_addr_scan = tmp; 2676 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2677 wpa_s->mac_addr_sched_scan = tmp; 2678 } else if (type == MAC_ADDR_RAND_PNO) { 2679 wpa_s->mac_addr_pno = tmp; 2680 } else { 2681 wpa_printf(MSG_INFO, 2682 "scan: Invalid MAC randomization type=0x%x", 2683 type); 2684 os_free(tmp); 2685 return -1; 2686 } 2687 2688 wpa_s->mac_addr_rand_enable |= type; 2689 return 0; 2690 } 2691 2692 2693 int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 2694 { 2695 struct wpa_radio_work *work; 2696 struct wpa_radio *radio = wpa_s->radio; 2697 2698 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) { 2699 if (work->wpa_s != wpa_s || !work->started || 2700 (os_strcmp(work->type, "scan") != 0 && 2701 os_strcmp(work->type, "p2p-scan") != 0)) 2702 continue; 2703 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 2704 return wpa_drv_abort_scan(wpa_s, wpa_s->curr_scan_cookie); 2705 } 2706 2707 wpa_dbg(wpa_s, MSG_DEBUG, "No ongoing scan/p2p-scan found to abort"); 2708 return -1; 2709 } 2710 2711 2712 int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 2713 { 2714 struct sched_scan_plan *scan_plans = NULL; 2715 const char *token, *context = NULL; 2716 unsigned int num = 0; 2717 2718 if (!cmd) 2719 return -1; 2720 2721 if (!cmd[0]) { 2722 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 2723 os_free(wpa_s->sched_scan_plans); 2724 wpa_s->sched_scan_plans = NULL; 2725 wpa_s->sched_scan_plans_num = 0; 2726 return 0; 2727 } 2728 2729 while ((token = cstr_token(cmd, " ", &context))) { 2730 int ret; 2731 struct sched_scan_plan *scan_plan, *n; 2732 2733 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 2734 if (!n) 2735 goto fail; 2736 2737 scan_plans = n; 2738 scan_plan = &scan_plans[num]; 2739 num++; 2740 2741 ret = sscanf(token, "%u:%u", &scan_plan->interval, 2742 &scan_plan->iterations); 2743 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 2744 wpa_printf(MSG_ERROR, 2745 "Invalid sched scan plan input: %s", token); 2746 goto fail; 2747 } 2748 2749 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 2750 wpa_printf(MSG_WARNING, 2751 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 2752 num, scan_plan->interval, 2753 wpa_s->max_sched_scan_plan_interval); 2754 scan_plan->interval = 2755 wpa_s->max_sched_scan_plan_interval; 2756 } 2757 2758 if (ret == 1) { 2759 scan_plan->iterations = 0; 2760 break; 2761 } 2762 2763 if (!scan_plan->iterations) { 2764 wpa_printf(MSG_ERROR, 2765 "scan plan %u: Number of iterations cannot be zero", 2766 num); 2767 goto fail; 2768 } 2769 2770 if (scan_plan->iterations > 2771 wpa_s->max_sched_scan_plan_iterations) { 2772 wpa_printf(MSG_WARNING, 2773 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 2774 num, scan_plan->iterations, 2775 wpa_s->max_sched_scan_plan_iterations); 2776 scan_plan->iterations = 2777 wpa_s->max_sched_scan_plan_iterations; 2778 } 2779 2780 wpa_printf(MSG_DEBUG, 2781 "scan plan %u: interval=%u iterations=%u", 2782 num, scan_plan->interval, scan_plan->iterations); 2783 } 2784 2785 if (!scan_plans) { 2786 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 2787 goto fail; 2788 } 2789 2790 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 2791 wpa_printf(MSG_ERROR, 2792 "All scan plans but the last must specify a number of iterations"); 2793 goto fail; 2794 } 2795 2796 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 2797 num, scan_plans[num - 1].interval); 2798 2799 if (num > wpa_s->max_sched_scan_plans) { 2800 wpa_printf(MSG_WARNING, 2801 "Too many scheduled scan plans (only %u supported)", 2802 wpa_s->max_sched_scan_plans); 2803 wpa_printf(MSG_WARNING, 2804 "Use only the first %u scan plans, and the last one (in infinite loop)", 2805 wpa_s->max_sched_scan_plans - 1); 2806 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 2807 &scan_plans[num - 1], sizeof(*scan_plans)); 2808 num = wpa_s->max_sched_scan_plans; 2809 } 2810 2811 os_free(wpa_s->sched_scan_plans); 2812 wpa_s->sched_scan_plans = scan_plans; 2813 wpa_s->sched_scan_plans_num = num; 2814 2815 return 0; 2816 2817 fail: 2818 os_free(scan_plans); 2819 wpa_printf(MSG_ERROR, "invalid scan plans list"); 2820 return -1; 2821 } 2822 2823 2824 /** 2825 * wpas_scan_reset_sched_scan - Reset sched_scan state 2826 * @wpa_s: Pointer to wpa_supplicant data 2827 * 2828 * This function is used to cancel a running scheduled scan and to reset an 2829 * internal scan state to continue with a regular scan on the following 2830 * wpa_supplicant_req_scan() calls. 2831 */ 2832 void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s) 2833 { 2834 wpa_s->normal_scans = 0; 2835 if (wpa_s->sched_scanning) { 2836 wpa_s->sched_scan_timed_out = 0; 2837 wpa_s->prev_sched_ssid = NULL; 2838 wpa_supplicant_cancel_sched_scan(wpa_s); 2839 } 2840 } 2841 2842 2843 void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s) 2844 { 2845 /* simulate timeout to restart the sched scan */ 2846 wpa_s->sched_scan_timed_out = 1; 2847 wpa_s->prev_sched_ssid = NULL; 2848 wpa_supplicant_cancel_sched_scan(wpa_s); 2849 } 2850