1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 26 27 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 28 { 29 struct wpa_ssid *ssid; 30 union wpa_event_data data; 31 32 ssid = wpa_supplicant_get_ssid(wpa_s); 33 if (ssid == NULL) 34 return; 35 36 if (wpa_s->current_ssid == NULL) { 37 wpa_s->current_ssid = ssid; 38 if (wpa_s->current_ssid != NULL) 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (!ssid->eap.phase1) 63 continue; 64 65 if (os_strstr(ssid->eap.phase1, "pbc=1")) 66 return 2; 67 } 68 69 #ifdef CONFIG_P2P 70 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 71 !wpa_s->conf->p2p_disabled) { 72 wpa_s->wps->dev.p2p = 1; 73 if (!wps) { 74 wps = 1; 75 *req_type = WPS_REQ_ENROLLEE_INFO; 76 } 77 } 78 #endif /* CONFIG_P2P */ 79 80 return wps; 81 } 82 #endif /* CONFIG_WPS */ 83 84 85 /** 86 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 87 * @wpa_s: Pointer to wpa_supplicant data 88 * Returns: 0 if no networks are enabled, >0 if networks are enabled 89 * 90 * This function is used to figure out whether any networks (or Interworking 91 * with enabled credentials and auto_interworking) are present in the current 92 * configuration. 93 */ 94 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 95 { 96 struct wpa_ssid *ssid = wpa_s->conf->ssid; 97 int count = 0, disabled = 0; 98 while (ssid) { 99 if (!wpas_network_disabled(wpa_s, ssid)) 100 count++; 101 else 102 disabled++; 103 ssid = ssid->next; 104 } 105 if (wpa_s->conf->cred && wpa_s->conf->interworking && 106 wpa_s->conf->auto_interworking) 107 count++; 108 if (count == 0 && disabled > 0) { 109 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 110 "networks)", disabled); 111 } 112 return count; 113 } 114 115 116 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 117 struct wpa_ssid *ssid) 118 { 119 while (ssid) { 120 if (!wpas_network_disabled(wpa_s, ssid)) 121 break; 122 ssid = ssid->next; 123 } 124 125 /* ap_scan=2 mode - try to associate with each SSID. */ 126 if (ssid == NULL) { 127 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 128 "end of scan list - go back to beginning"); 129 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 130 wpa_supplicant_req_scan(wpa_s, 0, 0); 131 return; 132 } 133 if (ssid->next) { 134 /* Continue from the next SSID on the next attempt. */ 135 wpa_s->prev_scan_ssid = ssid; 136 } else { 137 /* Start from the beginning of the SSID list. */ 138 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 139 } 140 wpa_supplicant_associate(wpa_s, NULL, ssid); 141 } 142 143 144 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 145 { 146 struct wpa_supplicant *wpa_s = work->wpa_s; 147 struct wpa_driver_scan_params *params = work->ctx; 148 int ret; 149 150 if (deinit) { 151 wpa_scan_free_params(params); 152 return; 153 } 154 155 wpa_supplicant_notify_scanning(wpa_s, 1); 156 157 if (wpa_s->clear_driver_scan_cache) 158 params->only_new_results = 1; 159 ret = wpa_drv_scan(wpa_s, params); 160 wpa_scan_free_params(params); 161 work->ctx = NULL; 162 if (ret) { 163 wpa_supplicant_notify_scanning(wpa_s, 0); 164 wpas_notify_scan_done(wpa_s, 0); 165 radio_work_done(work); 166 return; 167 } 168 169 os_get_reltime(&wpa_s->scan_trigger_time); 170 wpa_s->scan_runs++; 171 wpa_s->normal_scans++; 172 wpa_s->own_scan_requested = 1; 173 wpa_s->clear_driver_scan_cache = 0; 174 wpa_s->scan_work = work; 175 } 176 177 178 /** 179 * wpa_supplicant_trigger_scan - Request driver to start a scan 180 * @wpa_s: Pointer to wpa_supplicant data 181 * @params: Scan parameters 182 * Returns: 0 on success, -1 on failure 183 */ 184 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 185 struct wpa_driver_scan_params *params) 186 { 187 struct wpa_driver_scan_params *ctx; 188 189 if (wpa_s->scan_work) { 190 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 191 return -1; 192 } 193 194 ctx = wpa_scan_clone_params(params); 195 if (ctx == NULL) 196 return -1; 197 198 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 199 { 200 wpa_scan_free_params(ctx); 201 return -1; 202 } 203 204 return 0; 205 } 206 207 208 static void 209 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 210 { 211 struct wpa_supplicant *wpa_s = eloop_ctx; 212 213 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 214 215 if (wpa_supplicant_req_sched_scan(wpa_s)) 216 wpa_supplicant_req_scan(wpa_s, 0, 0); 217 } 218 219 220 static void 221 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 222 { 223 struct wpa_supplicant *wpa_s = eloop_ctx; 224 225 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 226 227 wpa_s->sched_scan_timed_out = 1; 228 wpa_supplicant_cancel_sched_scan(wpa_s); 229 } 230 231 232 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 233 struct wpa_driver_scan_params *params, 234 int interval) 235 { 236 int ret; 237 238 wpa_supplicant_notify_scanning(wpa_s, 1); 239 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 240 if (ret) 241 wpa_supplicant_notify_scanning(wpa_s, 0); 242 else 243 wpa_s->sched_scanning = 1; 244 245 return ret; 246 } 247 248 249 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 250 { 251 int ret; 252 253 ret = wpa_drv_stop_sched_scan(wpa_s); 254 if (ret) { 255 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 256 /* TODO: what to do if stopping fails? */ 257 return -1; 258 } 259 260 return ret; 261 } 262 263 264 static struct wpa_driver_scan_filter * 265 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 266 { 267 struct wpa_driver_scan_filter *ssids; 268 struct wpa_ssid *ssid; 269 size_t count; 270 271 *num_ssids = 0; 272 if (!conf->filter_ssids) 273 return NULL; 274 275 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 276 if (ssid->ssid && ssid->ssid_len) 277 count++; 278 } 279 if (count == 0) 280 return NULL; 281 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter)); 282 if (ssids == NULL) 283 return NULL; 284 285 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 286 if (!ssid->ssid || !ssid->ssid_len) 287 continue; 288 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 289 ssids[*num_ssids].ssid_len = ssid->ssid_len; 290 (*num_ssids)++; 291 } 292 293 return ssids; 294 } 295 296 297 static void wpa_supplicant_optimize_freqs( 298 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 299 { 300 #ifdef CONFIG_P2P 301 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 302 wpa_s->go_params) { 303 /* Optimize provisioning state scan based on GO information */ 304 if (wpa_s->p2p_in_provisioning < 5 && 305 wpa_s->go_params->freq > 0) { 306 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 307 "preferred frequency %d MHz", 308 wpa_s->go_params->freq); 309 params->freqs = os_zalloc(2 * sizeof(int)); 310 if (params->freqs) 311 params->freqs[0] = wpa_s->go_params->freq; 312 } else if (wpa_s->p2p_in_provisioning < 8 && 313 wpa_s->go_params->freq_list[0]) { 314 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 315 "channels"); 316 int_array_concat(¶ms->freqs, 317 wpa_s->go_params->freq_list); 318 if (params->freqs) 319 int_array_sort_unique(params->freqs); 320 } 321 wpa_s->p2p_in_provisioning++; 322 } 323 #endif /* CONFIG_P2P */ 324 325 #ifdef CONFIG_WPS 326 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 327 /* 328 * Optimize post-provisioning scan based on channel used 329 * during provisioning. 330 */ 331 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 332 "that was used during provisioning", wpa_s->wps_freq); 333 params->freqs = os_zalloc(2 * sizeof(int)); 334 if (params->freqs) 335 params->freqs[0] = wpa_s->wps_freq; 336 wpa_s->after_wps--; 337 } else if (wpa_s->after_wps) 338 wpa_s->after_wps--; 339 340 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 341 { 342 /* Optimize provisioning scan based on already known channel */ 343 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 344 wpa_s->wps_freq); 345 params->freqs = os_zalloc(2 * sizeof(int)); 346 if (params->freqs) 347 params->freqs[0] = wpa_s->wps_freq; 348 wpa_s->known_wps_freq = 0; /* only do this once */ 349 } 350 #endif /* CONFIG_WPS */ 351 } 352 353 354 #ifdef CONFIG_INTERWORKING 355 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 356 struct wpabuf *buf) 357 { 358 if (wpa_s->conf->interworking == 0) 359 return; 360 361 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 362 wpabuf_put_u8(buf, 4); 363 wpabuf_put_u8(buf, 0x00); 364 wpabuf_put_u8(buf, 0x00); 365 wpabuf_put_u8(buf, 0x00); 366 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 367 368 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 369 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 370 1 + ETH_ALEN); 371 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 372 /* No Venue Info */ 373 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 374 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 375 } 376 #endif /* CONFIG_INTERWORKING */ 377 378 379 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 380 { 381 struct wpabuf *extra_ie = NULL; 382 #ifdef CONFIG_WPS 383 int wps = 0; 384 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 385 #endif /* CONFIG_WPS */ 386 387 #ifdef CONFIG_INTERWORKING 388 if (wpa_s->conf->interworking && 389 wpabuf_resize(&extra_ie, 100) == 0) 390 wpas_add_interworking_elements(wpa_s, extra_ie); 391 #endif /* CONFIG_INTERWORKING */ 392 393 #ifdef CONFIG_WPS 394 wps = wpas_wps_in_use(wpa_s, &req_type); 395 396 if (wps) { 397 struct wpabuf *wps_ie; 398 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 399 DEV_PW_DEFAULT, 400 &wpa_s->wps->dev, 401 wpa_s->wps->uuid, req_type, 402 0, NULL); 403 if (wps_ie) { 404 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 405 wpabuf_put_buf(extra_ie, wps_ie); 406 wpabuf_free(wps_ie); 407 } 408 } 409 410 #ifdef CONFIG_P2P 411 if (wps) { 412 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 413 if (wpabuf_resize(&extra_ie, ielen) == 0) 414 wpas_p2p_scan_ie(wpa_s, extra_ie); 415 } 416 #endif /* CONFIG_P2P */ 417 418 #endif /* CONFIG_WPS */ 419 420 #ifdef CONFIG_HS20 421 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 422 wpas_hs20_add_indication(extra_ie); 423 #endif /* CONFIG_HS20 */ 424 425 return extra_ie; 426 } 427 428 429 #ifdef CONFIG_P2P 430 431 /* 432 * Check whether there are any enabled networks or credentials that could be 433 * used for a non-P2P connection. 434 */ 435 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 436 { 437 struct wpa_ssid *ssid; 438 439 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 440 if (wpas_network_disabled(wpa_s, ssid)) 441 continue; 442 if (!ssid->p2p_group) 443 return 1; 444 } 445 446 if (wpa_s->conf->cred && wpa_s->conf->interworking && 447 wpa_s->conf->auto_interworking) 448 return 1; 449 450 return 0; 451 } 452 453 #endif /* CONFIG_P2P */ 454 455 456 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 457 u16 num_modes, 458 enum hostapd_hw_mode mode) 459 { 460 u16 i; 461 462 for (i = 0; i < num_modes; i++) { 463 if (modes[i].mode == mode) 464 return &modes[i]; 465 } 466 467 return NULL; 468 } 469 470 471 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 472 enum hostapd_hw_mode band, 473 struct wpa_driver_scan_params *params) 474 { 475 /* Include only supported channels for the specified band */ 476 struct hostapd_hw_modes *mode; 477 int count, i; 478 479 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 480 if (mode == NULL) { 481 /* No channels supported in this band - use empty list */ 482 params->freqs = os_zalloc(sizeof(int)); 483 return; 484 } 485 486 params->freqs = os_zalloc((mode->num_channels + 1) * sizeof(int)); 487 if (params->freqs == NULL) 488 return; 489 for (count = 0, i = 0; i < mode->num_channels; i++) { 490 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 491 continue; 492 params->freqs[count++] = mode->channels[i].freq; 493 } 494 } 495 496 497 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 498 struct wpa_driver_scan_params *params) 499 { 500 if (wpa_s->hw.modes == NULL) 501 return; /* unknown what channels the driver supports */ 502 if (params->freqs) 503 return; /* already using a limited channel set */ 504 if (wpa_s->setband == WPA_SETBAND_5G) 505 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 506 params); 507 else if (wpa_s->setband == WPA_SETBAND_2G) 508 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 509 params); 510 } 511 512 513 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 514 { 515 struct wpa_supplicant *wpa_s = eloop_ctx; 516 struct wpa_ssid *ssid; 517 int ret; 518 struct wpabuf *extra_ie = NULL; 519 struct wpa_driver_scan_params params; 520 struct wpa_driver_scan_params *scan_params; 521 size_t max_ssids; 522 enum wpa_states prev_state; 523 524 if (wpa_s->pno || wpa_s->pno_sched_pending) { 525 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 526 return; 527 } 528 529 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 530 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 531 return; 532 } 533 534 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 535 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 536 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 537 return; 538 } 539 540 if (wpa_s->scanning) { 541 /* 542 * If we are already in scanning state, we shall reschedule the 543 * the incoming scan request. 544 */ 545 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 546 wpa_supplicant_req_scan(wpa_s, 1, 0); 547 return; 548 } 549 550 if (!wpa_supplicant_enabled_networks(wpa_s) && 551 wpa_s->scan_req == NORMAL_SCAN_REQ) { 552 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 553 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 554 return; 555 } 556 557 if (wpa_s->conf->ap_scan != 0 && 558 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 559 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 560 "overriding ap_scan configuration"); 561 wpa_s->conf->ap_scan = 0; 562 wpas_notify_ap_scan_changed(wpa_s); 563 } 564 565 if (wpa_s->conf->ap_scan == 0) { 566 wpa_supplicant_gen_assoc_event(wpa_s); 567 return; 568 } 569 570 #ifdef CONFIG_P2P 571 if (wpas_p2p_in_progress(wpa_s)) { 572 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 573 wpa_supplicant_req_scan(wpa_s, 5, 0); 574 return; 575 } 576 #endif /* CONFIG_P2P */ 577 578 if (wpa_s->conf->ap_scan == 2) 579 max_ssids = 1; 580 else { 581 max_ssids = wpa_s->max_scan_ssids; 582 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 583 max_ssids = WPAS_MAX_SCAN_SSIDS; 584 } 585 586 wpa_s->last_scan_req = wpa_s->scan_req; 587 wpa_s->scan_req = NORMAL_SCAN_REQ; 588 589 os_memset(¶ms, 0, sizeof(params)); 590 591 prev_state = wpa_s->wpa_state; 592 if (wpa_s->wpa_state == WPA_DISCONNECTED || 593 wpa_s->wpa_state == WPA_INACTIVE) 594 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 595 596 /* 597 * If autoscan has set its own scanning parameters 598 */ 599 if (wpa_s->autoscan_params != NULL) { 600 scan_params = wpa_s->autoscan_params; 601 goto scan; 602 } 603 604 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 605 wpa_s->connect_without_scan) { 606 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 607 if (ssid == wpa_s->connect_without_scan) 608 break; 609 } 610 wpa_s->connect_without_scan = NULL; 611 if (ssid) { 612 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 613 "without scan step"); 614 wpa_supplicant_associate(wpa_s, NULL, ssid); 615 return; 616 } 617 } 618 619 #ifdef CONFIG_P2P 620 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 621 wpa_s->go_params) { 622 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 623 wpa_s->p2p_in_provisioning, 624 wpa_s->show_group_started); 625 params.ssids[0].ssid = wpa_s->go_params->ssid; 626 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 627 params.num_ssids = 1; 628 goto ssid_list_set; 629 } 630 #endif /* CONFIG_P2P */ 631 632 /* Find the starting point from which to continue scanning */ 633 ssid = wpa_s->conf->ssid; 634 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 635 while (ssid) { 636 if (ssid == wpa_s->prev_scan_ssid) { 637 ssid = ssid->next; 638 break; 639 } 640 ssid = ssid->next; 641 } 642 } 643 644 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 645 wpa_s->conf->ap_scan == 2) { 646 wpa_s->connect_without_scan = NULL; 647 wpa_s->prev_scan_wildcard = 0; 648 wpa_supplicant_assoc_try(wpa_s, ssid); 649 return; 650 } else if (wpa_s->conf->ap_scan == 2) { 651 /* 652 * User-initiated scan request in ap_scan == 2; scan with 653 * wildcard SSID. 654 */ 655 ssid = NULL; 656 } else { 657 struct wpa_ssid *start = ssid, *tssid; 658 int freqs_set = 0; 659 if (ssid == NULL && max_ssids > 1) 660 ssid = wpa_s->conf->ssid; 661 while (ssid) { 662 if (!wpas_network_disabled(wpa_s, ssid) && 663 ssid->scan_ssid) { 664 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 665 ssid->ssid, ssid->ssid_len); 666 params.ssids[params.num_ssids].ssid = 667 ssid->ssid; 668 params.ssids[params.num_ssids].ssid_len = 669 ssid->ssid_len; 670 params.num_ssids++; 671 if (params.num_ssids + 1 >= max_ssids) 672 break; 673 } 674 ssid = ssid->next; 675 if (ssid == start) 676 break; 677 if (ssid == NULL && max_ssids > 1 && 678 start != wpa_s->conf->ssid) 679 ssid = wpa_s->conf->ssid; 680 } 681 682 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) { 683 if (wpas_network_disabled(wpa_s, tssid)) 684 continue; 685 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 686 int_array_concat(¶ms.freqs, 687 tssid->scan_freq); 688 } else { 689 os_free(params.freqs); 690 params.freqs = NULL; 691 } 692 freqs_set = 1; 693 } 694 int_array_sort_unique(params.freqs); 695 } 696 697 if (ssid && max_ssids == 1) { 698 /* 699 * If the driver is limited to 1 SSID at a time interleave 700 * wildcard SSID scans with specific SSID scans to avoid 701 * waiting a long time for a wildcard scan. 702 */ 703 if (!wpa_s->prev_scan_wildcard) { 704 params.ssids[0].ssid = NULL; 705 params.ssids[0].ssid_len = 0; 706 wpa_s->prev_scan_wildcard = 1; 707 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 708 "wildcard SSID (Interleave with specific)"); 709 } else { 710 wpa_s->prev_scan_ssid = ssid; 711 wpa_s->prev_scan_wildcard = 0; 712 wpa_dbg(wpa_s, MSG_DEBUG, 713 "Starting AP scan for specific SSID: %s", 714 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 715 } 716 } else if (ssid) { 717 /* max_ssids > 1 */ 718 719 wpa_s->prev_scan_ssid = ssid; 720 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 721 "the scan request"); 722 params.num_ssids++; 723 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 724 wpa_s->manual_scan_passive && params.num_ssids == 0) { 725 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 726 } else { 727 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 728 params.num_ssids++; 729 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 730 "SSID"); 731 } 732 #ifdef CONFIG_P2P 733 ssid_list_set: 734 #endif /* CONFIG_P2P */ 735 736 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 737 extra_ie = wpa_supplicant_extra_ies(wpa_s); 738 739 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 740 wpa_s->manual_scan_only_new) 741 params.only_new_results = 1; 742 743 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 744 wpa_s->manual_scan_freqs) { 745 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 746 params.freqs = wpa_s->manual_scan_freqs; 747 wpa_s->manual_scan_freqs = NULL; 748 } 749 750 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 751 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 752 "generated frequency list"); 753 params.freqs = wpa_s->next_scan_freqs; 754 } else 755 os_free(wpa_s->next_scan_freqs); 756 wpa_s->next_scan_freqs = NULL; 757 wpa_setband_scan_freqs(wpa_s, ¶ms); 758 759 /* See if user specified frequencies. If so, scan only those. */ 760 if (wpa_s->conf->freq_list && !params.freqs) { 761 wpa_dbg(wpa_s, MSG_DEBUG, 762 "Optimize scan based on conf->freq_list"); 763 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 764 } 765 766 /* Use current associated channel? */ 767 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 768 unsigned int num = wpa_s->num_multichan_concurrent; 769 770 params.freqs = os_calloc(num + 1, sizeof(int)); 771 if (params.freqs) { 772 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 773 if (num > 0) { 774 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 775 "current operating channels since " 776 "scan_cur_freq is enabled"); 777 } else { 778 os_free(params.freqs); 779 params.freqs = NULL; 780 } 781 } 782 } 783 784 params.filter_ssids = wpa_supplicant_build_filter_ssids( 785 wpa_s->conf, ¶ms.num_filter_ssids); 786 if (extra_ie) { 787 params.extra_ies = wpabuf_head(extra_ie); 788 params.extra_ies_len = wpabuf_len(extra_ie); 789 } 790 791 #ifdef CONFIG_P2P 792 if (wpa_s->p2p_in_provisioning || 793 (wpa_s->show_group_started && wpa_s->go_params)) { 794 /* 795 * The interface may not yet be in P2P mode, so we have to 796 * explicitly request P2P probe to disable CCK rates. 797 */ 798 params.p2p_probe = 1; 799 } 800 #endif /* CONFIG_P2P */ 801 802 scan_params = ¶ms; 803 804 scan: 805 #ifdef CONFIG_P2P 806 /* 807 * If the driver does not support multi-channel concurrency and a 808 * virtual interface that shares the same radio with the wpa_s interface 809 * is operating there may not be need to scan other channels apart from 810 * the current operating channel on the other virtual interface. Filter 811 * out other channels in case we are trying to find a connection for a 812 * station interface when we are not configured to prefer station 813 * connection and a concurrent operation is already in process. 814 */ 815 if (wpa_s->scan_for_connection && 816 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 817 !scan_params->freqs && !params.freqs && 818 wpas_is_p2p_prioritized(wpa_s) && 819 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 820 non_p2p_network_enabled(wpa_s)) { 821 unsigned int num = wpa_s->num_multichan_concurrent; 822 823 params.freqs = os_calloc(num + 1, sizeof(int)); 824 if (params.freqs) { 825 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 826 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 827 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 828 } else { 829 os_free(params.freqs); 830 params.freqs = NULL; 831 } 832 } 833 } 834 #endif /* CONFIG_P2P */ 835 836 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 837 838 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 839 !wpa_s->manual_scan_freqs) { 840 /* Restore manual_scan_freqs for the next attempt */ 841 wpa_s->manual_scan_freqs = params.freqs; 842 params.freqs = NULL; 843 } 844 845 wpabuf_free(extra_ie); 846 os_free(params.freqs); 847 os_free(params.filter_ssids); 848 849 if (ret) { 850 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 851 if (prev_state != wpa_s->wpa_state) 852 wpa_supplicant_set_state(wpa_s, prev_state); 853 /* Restore scan_req since we will try to scan again */ 854 wpa_s->scan_req = wpa_s->last_scan_req; 855 wpa_supplicant_req_scan(wpa_s, 1, 0); 856 } else { 857 wpa_s->scan_for_connection = 0; 858 } 859 } 860 861 862 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 863 { 864 struct os_reltime remaining, new_int; 865 int cancelled; 866 867 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 868 &remaining); 869 870 new_int.sec = sec; 871 new_int.usec = 0; 872 if (cancelled && os_reltime_before(&remaining, &new_int)) { 873 new_int.sec = remaining.sec; 874 new_int.usec = remaining.usec; 875 } 876 877 if (cancelled) { 878 eloop_register_timeout(new_int.sec, new_int.usec, 879 wpa_supplicant_scan, wpa_s, NULL); 880 } 881 wpa_s->scan_interval = sec; 882 } 883 884 885 /** 886 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 887 * @wpa_s: Pointer to wpa_supplicant data 888 * @sec: Number of seconds after which to scan 889 * @usec: Number of microseconds after which to scan 890 * 891 * This function is used to schedule a scan for neighboring access points after 892 * the specified time. 893 */ 894 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 895 { 896 int res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 897 NULL); 898 if (res == 1) { 899 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 900 sec, usec); 901 } else if (res == 0) { 902 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 903 sec, usec); 904 } else { 905 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 906 sec, usec); 907 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 908 } 909 } 910 911 912 /** 913 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 914 * @wpa_s: Pointer to wpa_supplicant data 915 * @sec: Number of seconds after which to scan 916 * @usec: Number of microseconds after which to scan 917 * Returns: 0 on success or -1 otherwise 918 * 919 * This function is used to schedule periodic scans for neighboring 920 * access points after the specified time. 921 */ 922 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 923 int sec, int usec) 924 { 925 if (!wpa_s->sched_scan_supported) 926 return -1; 927 928 eloop_register_timeout(sec, usec, 929 wpa_supplicant_delayed_sched_scan_timeout, 930 wpa_s, NULL); 931 932 return 0; 933 } 934 935 936 /** 937 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 938 * @wpa_s: Pointer to wpa_supplicant data 939 * Returns: 0 is sched_scan was started or -1 otherwise 940 * 941 * This function is used to schedule periodic scans for neighboring 942 * access points repeating the scan continuously. 943 */ 944 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 945 { 946 struct wpa_driver_scan_params params; 947 struct wpa_driver_scan_params *scan_params; 948 enum wpa_states prev_state; 949 struct wpa_ssid *ssid = NULL; 950 struct wpabuf *extra_ie = NULL; 951 int ret; 952 unsigned int max_sched_scan_ssids; 953 int wildcard = 0; 954 int need_ssids; 955 956 if (!wpa_s->sched_scan_supported) 957 return -1; 958 959 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 960 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 961 else 962 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 963 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 964 return -1; 965 966 if (wpa_s->sched_scanning) { 967 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 968 return 0; 969 } 970 971 need_ssids = 0; 972 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 973 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 974 /* Use wildcard SSID to find this network */ 975 wildcard = 1; 976 } else if (!wpas_network_disabled(wpa_s, ssid) && 977 ssid->ssid_len) 978 need_ssids++; 979 980 #ifdef CONFIG_WPS 981 if (!wpas_network_disabled(wpa_s, ssid) && 982 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 983 /* 984 * Normal scan is more reliable and faster for WPS 985 * operations and since these are for short periods of 986 * time, the benefit of trying to use sched_scan would 987 * be limited. 988 */ 989 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 990 "sched_scan for WPS"); 991 return -1; 992 } 993 #endif /* CONFIG_WPS */ 994 } 995 if (wildcard) 996 need_ssids++; 997 998 if (wpa_s->normal_scans < 3 && 999 (need_ssids <= wpa_s->max_scan_ssids || 1000 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1001 /* 1002 * When normal scan can speed up operations, use that for the 1003 * first operations before starting the sched_scan to allow 1004 * user space sleep more. We do this only if the normal scan 1005 * has functionality that is suitable for this or if the 1006 * sched_scan does not have better support for multiple SSIDs. 1007 */ 1008 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1009 "sched_scan for initial scans (normal_scans=%d)", 1010 wpa_s->normal_scans); 1011 return -1; 1012 } 1013 1014 os_memset(¶ms, 0, sizeof(params)); 1015 1016 /* If we can't allocate space for the filters, we just don't filter */ 1017 params.filter_ssids = os_zalloc(wpa_s->max_match_sets * 1018 sizeof(struct wpa_driver_scan_filter)); 1019 1020 prev_state = wpa_s->wpa_state; 1021 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1022 wpa_s->wpa_state == WPA_INACTIVE) 1023 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1024 1025 if (wpa_s->autoscan_params != NULL) { 1026 scan_params = wpa_s->autoscan_params; 1027 goto scan; 1028 } 1029 1030 /* Find the starting point from which to continue scanning */ 1031 ssid = wpa_s->conf->ssid; 1032 if (wpa_s->prev_sched_ssid) { 1033 while (ssid) { 1034 if (ssid == wpa_s->prev_sched_ssid) { 1035 ssid = ssid->next; 1036 break; 1037 } 1038 ssid = ssid->next; 1039 } 1040 } 1041 1042 if (!ssid || !wpa_s->prev_sched_ssid) { 1043 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1044 if (wpa_s->conf->sched_scan_interval) 1045 wpa_s->sched_scan_interval = 1046 wpa_s->conf->sched_scan_interval; 1047 if (wpa_s->sched_scan_interval == 0) 1048 wpa_s->sched_scan_interval = 10; 1049 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1050 wpa_s->first_sched_scan = 1; 1051 ssid = wpa_s->conf->ssid; 1052 wpa_s->prev_sched_ssid = ssid; 1053 } 1054 1055 if (wildcard) { 1056 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1057 params.num_ssids++; 1058 } 1059 1060 while (ssid) { 1061 if (wpas_network_disabled(wpa_s, ssid)) 1062 goto next; 1063 1064 if (params.num_filter_ssids < wpa_s->max_match_sets && 1065 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1066 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1067 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1068 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1069 ssid->ssid, ssid->ssid_len); 1070 params.filter_ssids[params.num_filter_ssids].ssid_len = 1071 ssid->ssid_len; 1072 params.num_filter_ssids++; 1073 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1074 { 1075 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1076 "filter for sched_scan - drop filter"); 1077 os_free(params.filter_ssids); 1078 params.filter_ssids = NULL; 1079 params.num_filter_ssids = 0; 1080 } 1081 1082 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1083 if (params.num_ssids == max_sched_scan_ssids) 1084 break; /* only room for broadcast SSID */ 1085 wpa_dbg(wpa_s, MSG_DEBUG, 1086 "add to active scan ssid: %s", 1087 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1088 params.ssids[params.num_ssids].ssid = 1089 ssid->ssid; 1090 params.ssids[params.num_ssids].ssid_len = 1091 ssid->ssid_len; 1092 params.num_ssids++; 1093 if (params.num_ssids >= max_sched_scan_ssids) { 1094 wpa_s->prev_sched_ssid = ssid; 1095 do { 1096 ssid = ssid->next; 1097 } while (ssid && 1098 (wpas_network_disabled(wpa_s, ssid) || 1099 !ssid->scan_ssid)); 1100 break; 1101 } 1102 } 1103 1104 next: 1105 wpa_s->prev_sched_ssid = ssid; 1106 ssid = ssid->next; 1107 } 1108 1109 if (params.num_filter_ssids == 0) { 1110 os_free(params.filter_ssids); 1111 params.filter_ssids = NULL; 1112 } 1113 1114 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1115 if (extra_ie) { 1116 params.extra_ies = wpabuf_head(extra_ie); 1117 params.extra_ies_len = wpabuf_len(extra_ie); 1118 } 1119 1120 if (wpa_s->conf->filter_rssi) 1121 params.filter_rssi = wpa_s->conf->filter_rssi; 1122 1123 scan_params = ¶ms; 1124 1125 scan: 1126 if (ssid || !wpa_s->first_sched_scan) { 1127 wpa_dbg(wpa_s, MSG_DEBUG, 1128 "Starting sched scan: interval %d timeout %d", 1129 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1130 } else { 1131 wpa_dbg(wpa_s, MSG_DEBUG, 1132 "Starting sched scan: interval %d (no timeout)", 1133 wpa_s->sched_scan_interval); 1134 } 1135 1136 wpa_setband_scan_freqs(wpa_s, scan_params); 1137 1138 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1139 wpa_s->sched_scan_interval); 1140 wpabuf_free(extra_ie); 1141 os_free(params.filter_ssids); 1142 if (ret) { 1143 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1144 if (prev_state != wpa_s->wpa_state) 1145 wpa_supplicant_set_state(wpa_s, prev_state); 1146 return ret; 1147 } 1148 1149 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1150 if (ssid || !wpa_s->first_sched_scan) { 1151 wpa_s->sched_scan_timed_out = 0; 1152 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1153 wpa_supplicant_sched_scan_timeout, 1154 wpa_s, NULL); 1155 wpa_s->first_sched_scan = 0; 1156 wpa_s->sched_scan_timeout /= 2; 1157 wpa_s->sched_scan_interval *= 2; 1158 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1159 wpa_s->sched_scan_interval = 10; 1160 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1161 } 1162 } 1163 1164 /* If there is no more ssids, start next time from the beginning */ 1165 if (!ssid) 1166 wpa_s->prev_sched_ssid = NULL; 1167 1168 return 0; 1169 } 1170 1171 1172 /** 1173 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1174 * @wpa_s: Pointer to wpa_supplicant data 1175 * 1176 * This function is used to cancel a scan request scheduled with 1177 * wpa_supplicant_req_scan(). 1178 */ 1179 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1180 { 1181 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1182 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1183 } 1184 1185 1186 /** 1187 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1188 * @wpa_s: Pointer to wpa_supplicant data 1189 * 1190 * This function is used to stop a delayed scheduled scan. 1191 */ 1192 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1193 { 1194 if (!wpa_s->sched_scan_supported) 1195 return; 1196 1197 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1198 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1199 wpa_s, NULL); 1200 } 1201 1202 1203 /** 1204 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1205 * @wpa_s: Pointer to wpa_supplicant data 1206 * 1207 * This function is used to stop a periodic scheduled scan. 1208 */ 1209 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1210 { 1211 if (!wpa_s->sched_scanning) 1212 return; 1213 1214 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1215 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1216 wpa_supplicant_stop_sched_scan(wpa_s); 1217 } 1218 1219 1220 /** 1221 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1222 * @wpa_s: Pointer to wpa_supplicant data 1223 * @scanning: Whether scanning is currently in progress 1224 * 1225 * This function is to generate scanning notifycations. It is called whenever 1226 * there may have been a change in scanning (scan started, completed, stopped). 1227 * wpas_notify_scanning() is called whenever the scanning state changed from the 1228 * previously notified state. 1229 */ 1230 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1231 int scanning) 1232 { 1233 if (wpa_s->scanning != scanning) { 1234 wpa_s->scanning = scanning; 1235 wpas_notify_scanning(wpa_s); 1236 } 1237 } 1238 1239 1240 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1241 { 1242 int rate = 0; 1243 const u8 *ie; 1244 int i; 1245 1246 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1247 for (i = 0; ie && i < ie[1]; i++) { 1248 if ((ie[i + 2] & 0x7f) > rate) 1249 rate = ie[i + 2] & 0x7f; 1250 } 1251 1252 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1253 for (i = 0; ie && i < ie[1]; i++) { 1254 if ((ie[i + 2] & 0x7f) > rate) 1255 rate = ie[i + 2] & 0x7f; 1256 } 1257 1258 return rate; 1259 } 1260 1261 1262 /** 1263 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1264 * @res: Scan result entry 1265 * @ie: Information element identitifier (WLAN_EID_*) 1266 * Returns: Pointer to the information element (id field) or %NULL if not found 1267 * 1268 * This function returns the first matching information element in the scan 1269 * result. 1270 */ 1271 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1272 { 1273 const u8 *end, *pos; 1274 1275 pos = (const u8 *) (res + 1); 1276 end = pos + res->ie_len; 1277 1278 while (pos + 1 < end) { 1279 if (pos + 2 + pos[1] > end) 1280 break; 1281 if (pos[0] == ie) 1282 return pos; 1283 pos += 2 + pos[1]; 1284 } 1285 1286 return NULL; 1287 } 1288 1289 1290 /** 1291 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1292 * @res: Scan result entry 1293 * @vendor_type: Vendor type (four octets starting the IE payload) 1294 * Returns: Pointer to the information element (id field) or %NULL if not found 1295 * 1296 * This function returns the first matching information element in the scan 1297 * result. 1298 */ 1299 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1300 u32 vendor_type) 1301 { 1302 const u8 *end, *pos; 1303 1304 pos = (const u8 *) (res + 1); 1305 end = pos + res->ie_len; 1306 1307 while (pos + 1 < end) { 1308 if (pos + 2 + pos[1] > end) 1309 break; 1310 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1311 vendor_type == WPA_GET_BE32(&pos[2])) 1312 return pos; 1313 pos += 2 + pos[1]; 1314 } 1315 1316 return NULL; 1317 } 1318 1319 1320 /** 1321 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1322 * @res: Scan result entry 1323 * @vendor_type: Vendor type (four octets starting the IE payload) 1324 * Returns: Pointer to the information element (id field) or %NULL if not found 1325 * 1326 * This function returns the first matching information element in the scan 1327 * result. 1328 * 1329 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1330 * from Beacon frames instead of either Beacon or Probe Response frames. 1331 */ 1332 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1333 u32 vendor_type) 1334 { 1335 const u8 *end, *pos; 1336 1337 if (res->beacon_ie_len == 0) 1338 return NULL; 1339 1340 pos = (const u8 *) (res + 1); 1341 pos += res->ie_len; 1342 end = pos + res->beacon_ie_len; 1343 1344 while (pos + 1 < end) { 1345 if (pos + 2 + pos[1] > end) 1346 break; 1347 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1348 vendor_type == WPA_GET_BE32(&pos[2])) 1349 return pos; 1350 pos += 2 + pos[1]; 1351 } 1352 1353 return NULL; 1354 } 1355 1356 1357 /** 1358 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1359 * @res: Scan result entry 1360 * @vendor_type: Vendor type (four octets starting the IE payload) 1361 * Returns: Pointer to the information element payload or %NULL if not found 1362 * 1363 * This function returns concatenated payload of possibly fragmented vendor 1364 * specific information elements in the scan result. The caller is responsible 1365 * for freeing the returned buffer. 1366 */ 1367 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1368 u32 vendor_type) 1369 { 1370 struct wpabuf *buf; 1371 const u8 *end, *pos; 1372 1373 buf = wpabuf_alloc(res->ie_len); 1374 if (buf == NULL) 1375 return NULL; 1376 1377 pos = (const u8 *) (res + 1); 1378 end = pos + res->ie_len; 1379 1380 while (pos + 1 < end) { 1381 if (pos + 2 + pos[1] > end) 1382 break; 1383 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1384 vendor_type == WPA_GET_BE32(&pos[2])) 1385 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1386 pos += 2 + pos[1]; 1387 } 1388 1389 if (wpabuf_len(buf) == 0) { 1390 wpabuf_free(buf); 1391 buf = NULL; 1392 } 1393 1394 return buf; 1395 } 1396 1397 1398 /* 1399 * Channels with a great SNR can operate at full rate. What is a great SNR? 1400 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1401 * rule of thumb is that any SNR above 20 is good." This one 1402 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1403 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1404 * conservative value. 1405 */ 1406 #define GREAT_SNR 30 1407 1408 /* Compare function for sorting scan results. Return >0 if @b is considered 1409 * better. */ 1410 static int wpa_scan_result_compar(const void *a, const void *b) 1411 { 1412 #define IS_5GHZ(n) (n > 4000) 1413 #ifndef __DragonFly__ 1414 #define MIN(a,b) a < b ? a : b 1415 #endif 1416 struct wpa_scan_res **_wa = (void *) a; 1417 struct wpa_scan_res **_wb = (void *) b; 1418 struct wpa_scan_res *wa = *_wa; 1419 struct wpa_scan_res *wb = *_wb; 1420 int wpa_a, wpa_b, maxrate_a, maxrate_b; 1421 int snr_a, snr_b; 1422 1423 /* WPA/WPA2 support preferred */ 1424 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1425 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1426 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1427 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1428 1429 if (wpa_b && !wpa_a) 1430 return 1; 1431 if (!wpa_b && wpa_a) 1432 return -1; 1433 1434 /* privacy support preferred */ 1435 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1436 (wb->caps & IEEE80211_CAP_PRIVACY)) 1437 return 1; 1438 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1439 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1440 return -1; 1441 1442 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && 1443 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { 1444 snr_a = MIN(wa->level - wa->noise, GREAT_SNR); 1445 snr_b = MIN(wb->level - wb->noise, GREAT_SNR); 1446 } else { 1447 /* Not suitable information to calculate SNR, so use level */ 1448 snr_a = wa->level; 1449 snr_b = wb->level; 1450 } 1451 1452 /* best/max rate preferred if SNR close enough */ 1453 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1454 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1455 maxrate_a = wpa_scan_get_max_rate(wa); 1456 maxrate_b = wpa_scan_get_max_rate(wb); 1457 if (maxrate_a != maxrate_b) 1458 return maxrate_b - maxrate_a; 1459 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1460 return IS_5GHZ(wa->freq) ? -1 : 1; 1461 } 1462 1463 /* use freq for channel preference */ 1464 1465 /* all things being equal, use SNR; if SNRs are 1466 * identical, use quality values since some drivers may only report 1467 * that value and leave the signal level zero */ 1468 if (snr_b == snr_a) 1469 return wb->qual - wa->qual; 1470 return snr_b - snr_a; 1471 #ifndef __DragonFly__ 1472 #undef MIN 1473 #endif 1474 #undef IS_5GHZ 1475 } 1476 1477 1478 #ifdef CONFIG_WPS 1479 /* Compare function for sorting scan results when searching a WPS AP for 1480 * provisioning. Return >0 if @b is considered better. */ 1481 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1482 { 1483 struct wpa_scan_res **_wa = (void *) a; 1484 struct wpa_scan_res **_wb = (void *) b; 1485 struct wpa_scan_res *wa = *_wa; 1486 struct wpa_scan_res *wb = *_wb; 1487 int uses_wps_a, uses_wps_b; 1488 struct wpabuf *wps_a, *wps_b; 1489 int res; 1490 1491 /* Optimization - check WPS IE existence before allocated memory and 1492 * doing full reassembly. */ 1493 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1494 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1495 if (uses_wps_a && !uses_wps_b) 1496 return -1; 1497 if (!uses_wps_a && uses_wps_b) 1498 return 1; 1499 1500 if (uses_wps_a && uses_wps_b) { 1501 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1502 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1503 res = wps_ap_priority_compar(wps_a, wps_b); 1504 wpabuf_free(wps_a); 1505 wpabuf_free(wps_b); 1506 if (res) 1507 return res; 1508 } 1509 1510 /* 1511 * Do not use current AP security policy as a sorting criteria during 1512 * WPS provisioning step since the AP may get reconfigured at the 1513 * completion of provisioning. 1514 */ 1515 1516 /* all things being equal, use signal level; if signal levels are 1517 * identical, use quality values since some drivers may only report 1518 * that value and leave the signal level zero */ 1519 if (wb->level == wa->level) 1520 return wb->qual - wa->qual; 1521 return wb->level - wa->level; 1522 } 1523 #endif /* CONFIG_WPS */ 1524 1525 1526 static void dump_scan_res(struct wpa_scan_results *scan_res) 1527 { 1528 #ifndef CONFIG_NO_STDOUT_DEBUG 1529 size_t i; 1530 1531 if (scan_res->res == NULL || scan_res->num == 0) 1532 return; 1533 1534 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1535 1536 for (i = 0; i < scan_res->num; i++) { 1537 struct wpa_scan_res *r = scan_res->res[i]; 1538 u8 *pos; 1539 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID)) 1540 == WPA_SCAN_LEVEL_DBM) { 1541 int snr = r->level - r->noise; 1542 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1543 "noise=%d level=%d snr=%d%s flags=0x%x " 1544 "age=%u", 1545 MAC2STR(r->bssid), r->freq, r->qual, 1546 r->noise, r->level, snr, 1547 snr >= GREAT_SNR ? "*" : "", r->flags, 1548 r->age); 1549 } else { 1550 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1551 "noise=%d level=%d flags=0x%x age=%u", 1552 MAC2STR(r->bssid), r->freq, r->qual, 1553 r->noise, r->level, r->flags, r->age); 1554 } 1555 pos = (u8 *) (r + 1); 1556 if (r->ie_len) 1557 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1558 pos += r->ie_len; 1559 if (r->beacon_ie_len) 1560 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1561 pos, r->beacon_ie_len); 1562 } 1563 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1564 } 1565 1566 1567 /** 1568 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1569 * @wpa_s: Pointer to wpa_supplicant data 1570 * @bssid: BSSID to check 1571 * Returns: 0 if the BSSID is filtered or 1 if not 1572 * 1573 * This function is used to filter out specific BSSIDs from scan reslts mainly 1574 * for testing purposes (SET bssid_filter ctrl_iface command). 1575 */ 1576 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1577 const u8 *bssid) 1578 { 1579 size_t i; 1580 1581 if (wpa_s->bssid_filter == NULL) 1582 return 1; 1583 1584 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1585 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1586 ETH_ALEN) == 0) 1587 return 1; 1588 } 1589 1590 return 0; 1591 } 1592 1593 1594 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1595 struct wpa_scan_results *res) 1596 { 1597 size_t i, j; 1598 1599 if (wpa_s->bssid_filter == NULL) 1600 return; 1601 1602 for (i = 0, j = 0; i < res->num; i++) { 1603 if (wpa_supplicant_filter_bssid_match(wpa_s, 1604 res->res[i]->bssid)) { 1605 res->res[j++] = res->res[i]; 1606 } else { 1607 os_free(res->res[i]); 1608 res->res[i] = NULL; 1609 } 1610 } 1611 1612 if (res->num != j) { 1613 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1614 (int) (res->num - j)); 1615 res->num = j; 1616 } 1617 } 1618 1619 1620 /** 1621 * wpa_supplicant_get_scan_results - Get scan results 1622 * @wpa_s: Pointer to wpa_supplicant data 1623 * @info: Information about what was scanned or %NULL if not available 1624 * @new_scan: Whether a new scan was performed 1625 * Returns: Scan results, %NULL on failure 1626 * 1627 * This function request the current scan results from the driver and updates 1628 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 1629 * results with wpa_scan_results_free(). 1630 */ 1631 struct wpa_scan_results * 1632 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 1633 struct scan_info *info, int new_scan) 1634 { 1635 struct wpa_scan_results *scan_res; 1636 size_t i; 1637 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 1638 1639 scan_res = wpa_drv_get_scan_results2(wpa_s); 1640 if (scan_res == NULL) { 1641 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 1642 return NULL; 1643 } 1644 if (scan_res->fetch_time.sec == 0) { 1645 /* 1646 * Make sure we have a valid timestamp if the driver wrapper 1647 * does not set this. 1648 */ 1649 os_get_reltime(&scan_res->fetch_time); 1650 } 1651 filter_scan_res(wpa_s, scan_res); 1652 1653 #ifdef CONFIG_WPS 1654 if (wpas_wps_searching(wpa_s)) { 1655 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 1656 "provisioning rules"); 1657 compar = wpa_scan_result_wps_compar; 1658 } 1659 #endif /* CONFIG_WPS */ 1660 1661 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 1662 compar); 1663 dump_scan_res(scan_res); 1664 1665 wpa_bss_update_start(wpa_s); 1666 for (i = 0; i < scan_res->num; i++) 1667 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 1668 &scan_res->fetch_time); 1669 wpa_bss_update_end(wpa_s, info, new_scan); 1670 1671 return scan_res; 1672 } 1673 1674 1675 /** 1676 * wpa_supplicant_update_scan_results - Update scan results from the driver 1677 * @wpa_s: Pointer to wpa_supplicant data 1678 * Returns: 0 on success, -1 on failure 1679 * 1680 * This function updates the BSS table within wpa_supplicant based on the 1681 * currently available scan results from the driver without requesting a new 1682 * scan. This is used in cases where the driver indicates an association 1683 * (including roaming within ESS) and wpa_supplicant does not yet have the 1684 * needed information to complete the connection (e.g., to perform validation 1685 * steps in 4-way handshake). 1686 */ 1687 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 1688 { 1689 struct wpa_scan_results *scan_res; 1690 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 1691 if (scan_res == NULL) 1692 return -1; 1693 wpa_scan_results_free(scan_res); 1694 1695 return 0; 1696 } 1697 1698 1699 /** 1700 * scan_only_handler - Reports scan results 1701 */ 1702 void scan_only_handler(struct wpa_supplicant *wpa_s, 1703 struct wpa_scan_results *scan_res) 1704 { 1705 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 1706 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1707 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 1708 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 1709 wpa_s->manual_scan_id); 1710 wpa_s->manual_scan_use_id = 0; 1711 } else { 1712 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1713 } 1714 wpas_notify_scan_results(wpa_s); 1715 wpas_notify_scan_done(wpa_s, 1); 1716 if (wpa_s->scan_work) { 1717 struct wpa_radio_work *work = wpa_s->scan_work; 1718 wpa_s->scan_work = NULL; 1719 radio_work_done(work); 1720 } 1721 } 1722 1723 1724 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 1725 { 1726 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 1727 } 1728 1729 1730 struct wpa_driver_scan_params * 1731 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 1732 { 1733 struct wpa_driver_scan_params *params; 1734 size_t i; 1735 u8 *n; 1736 1737 params = os_zalloc(sizeof(*params)); 1738 if (params == NULL) 1739 return NULL; 1740 1741 for (i = 0; i < src->num_ssids; i++) { 1742 if (src->ssids[i].ssid) { 1743 n = os_malloc(src->ssids[i].ssid_len); 1744 if (n == NULL) 1745 goto failed; 1746 os_memcpy(n, src->ssids[i].ssid, 1747 src->ssids[i].ssid_len); 1748 params->ssids[i].ssid = n; 1749 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 1750 } 1751 } 1752 params->num_ssids = src->num_ssids; 1753 1754 if (src->extra_ies) { 1755 n = os_malloc(src->extra_ies_len); 1756 if (n == NULL) 1757 goto failed; 1758 os_memcpy(n, src->extra_ies, src->extra_ies_len); 1759 params->extra_ies = n; 1760 params->extra_ies_len = src->extra_ies_len; 1761 } 1762 1763 if (src->freqs) { 1764 int len = int_array_len(src->freqs); 1765 params->freqs = os_malloc((len + 1) * sizeof(int)); 1766 if (params->freqs == NULL) 1767 goto failed; 1768 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 1769 } 1770 1771 if (src->filter_ssids) { 1772 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 1773 src->num_filter_ssids); 1774 if (params->filter_ssids == NULL) 1775 goto failed; 1776 os_memcpy(params->filter_ssids, src->filter_ssids, 1777 sizeof(*params->filter_ssids) * 1778 src->num_filter_ssids); 1779 params->num_filter_ssids = src->num_filter_ssids; 1780 } 1781 1782 params->filter_rssi = src->filter_rssi; 1783 params->p2p_probe = src->p2p_probe; 1784 params->only_new_results = src->only_new_results; 1785 1786 return params; 1787 1788 failed: 1789 wpa_scan_free_params(params); 1790 return NULL; 1791 } 1792 1793 1794 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 1795 { 1796 size_t i; 1797 1798 if (params == NULL) 1799 return; 1800 1801 for (i = 0; i < params->num_ssids; i++) 1802 os_free((u8 *) params->ssids[i].ssid); 1803 os_free((u8 *) params->extra_ies); 1804 os_free(params->freqs); 1805 os_free(params->filter_ssids); 1806 os_free(params); 1807 } 1808