scan.c revision 4b9d52f502481b258fec743c03a5e957e5605afc
1/* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "utils/eloop.h" 13#include "common/ieee802_11_defs.h" 14#include "common/wpa_ctrl.h" 15#include "config.h" 16#include "wpa_supplicant_i.h" 17#include "driver_i.h" 18#include "wps_supplicant.h" 19#include "p2p_supplicant.h" 20#include "p2p/p2p.h" 21#include "hs20_supplicant.h" 22#include "notify.h" 23#include "bss.h" 24#include "scan.h" 25 26 27static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 28{ 29 struct wpa_ssid *ssid; 30 union wpa_event_data data; 31 32 ssid = wpa_supplicant_get_ssid(wpa_s); 33 if (ssid == NULL) 34 return; 35 36 if (wpa_s->current_ssid == NULL) { 37 wpa_s->current_ssid = ssid; 38 if (wpa_s->current_ssid != NULL) 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46} 47 48 49#ifdef CONFIG_WPS 50static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52{ 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (!ssid->eap.phase1) 63 continue; 64 65 if (os_strstr(ssid->eap.phase1, "pbc=1")) 66 return 2; 67 } 68 69#ifdef CONFIG_P2P 70 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 71 !wpa_s->conf->p2p_disabled) { 72 wpa_s->wps->dev.p2p = 1; 73 if (!wps) { 74 wps = 1; 75 *req_type = WPS_REQ_ENROLLEE_INFO; 76 } 77 } 78#endif /* CONFIG_P2P */ 79 80 return wps; 81} 82#endif /* CONFIG_WPS */ 83 84 85/** 86 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 87 * @wpa_s: Pointer to wpa_supplicant data 88 * Returns: 0 if no networks are enabled, >0 if networks are enabled 89 * 90 * This function is used to figure out whether any networks (or Interworking 91 * with enabled credentials and auto_interworking) are present in the current 92 * configuration. 93 */ 94int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 95{ 96 struct wpa_ssid *ssid = wpa_s->conf->ssid; 97 int count = 0, disabled = 0; 98 while (ssid) { 99 if (!wpas_network_disabled(wpa_s, ssid)) 100 count++; 101 else 102 disabled++; 103 ssid = ssid->next; 104 } 105 if (wpa_s->conf->cred && wpa_s->conf->interworking && 106 wpa_s->conf->auto_interworking) 107 count++; 108 if (count == 0 && disabled > 0) { 109 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 110 "networks)", disabled); 111 } 112 return count; 113} 114 115 116static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 117 struct wpa_ssid *ssid) 118{ 119 while (ssid) { 120 if (!wpas_network_disabled(wpa_s, ssid)) 121 break; 122 ssid = ssid->next; 123 } 124 125 /* ap_scan=2 mode - try to associate with each SSID. */ 126 if (ssid == NULL) { 127 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 128 "end of scan list - go back to beginning"); 129 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 130 wpa_supplicant_req_scan(wpa_s, 0, 0); 131 return; 132 } 133 if (ssid->next) { 134 /* Continue from the next SSID on the next attempt. */ 135 wpa_s->prev_scan_ssid = ssid; 136 } else { 137 /* Start from the beginning of the SSID list. */ 138 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 139 } 140 wpa_supplicant_associate(wpa_s, NULL, ssid); 141} 142 143 144static int int_array_len(const int *a) 145{ 146 int i; 147 for (i = 0; a && a[i]; i++) 148 ; 149 return i; 150} 151 152 153static void int_array_concat(int **res, const int *a) 154{ 155 int reslen, alen, i; 156 int *n; 157 158 reslen = int_array_len(*res); 159 alen = int_array_len(a); 160 161 n = os_realloc_array(*res, reslen + alen + 1, sizeof(int)); 162 if (n == NULL) { 163 os_free(*res); 164 *res = NULL; 165 return; 166 } 167 for (i = 0; i <= alen; i++) 168 n[reslen + i] = a[i]; 169 *res = n; 170} 171 172 173static int freq_cmp(const void *a, const void *b) 174{ 175 int _a = *(int *) a; 176 int _b = *(int *) b; 177 178 if (_a == 0) 179 return 1; 180 if (_b == 0) 181 return -1; 182 return _a - _b; 183} 184 185 186static void int_array_sort_unique(int *a) 187{ 188 int alen; 189 int i, j; 190 191 if (a == NULL) 192 return; 193 194 alen = int_array_len(a); 195 qsort(a, alen, sizeof(int), freq_cmp); 196 197 i = 0; 198 j = 1; 199 while (a[i] && a[j]) { 200 if (a[i] == a[j]) { 201 j++; 202 continue; 203 } 204 a[++i] = a[j++]; 205 } 206 if (a[i]) 207 i++; 208 a[i] = 0; 209} 210 211 212/** 213 * wpa_supplicant_trigger_scan - Request driver to start a scan 214 * @wpa_s: Pointer to wpa_supplicant data 215 * @params: Scan parameters 216 * Returns: 0 on success, -1 on failure 217 */ 218int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 219 struct wpa_driver_scan_params *params) 220{ 221 int ret; 222 223 wpa_supplicant_notify_scanning(wpa_s, 1); 224 225 ret = wpa_drv_scan(wpa_s, params); 226 if (ret) { 227 wpa_supplicant_notify_scanning(wpa_s, 0); 228 wpas_notify_scan_done(wpa_s, 0); 229 } else { 230 wpa_s->scan_runs++; 231 wpa_s->normal_scans++; 232 } 233 234 return ret; 235} 236 237 238static void 239wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 240{ 241 struct wpa_supplicant *wpa_s = eloop_ctx; 242 243 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 244 245 if (wpa_supplicant_req_sched_scan(wpa_s)) 246 wpa_supplicant_req_scan(wpa_s, 0, 0); 247} 248 249 250static void 251wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 252{ 253 struct wpa_supplicant *wpa_s = eloop_ctx; 254 255 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 256 257 wpa_s->sched_scan_timed_out = 1; 258 wpa_supplicant_cancel_sched_scan(wpa_s); 259} 260 261 262static int 263wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 264 struct wpa_driver_scan_params *params, 265 int interval) 266{ 267 int ret; 268#ifndef ANDROID_P2P 269 wpa_supplicant_notify_scanning(wpa_s, 1); 270#endif 271 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 272 if (ret) 273 wpa_supplicant_notify_scanning(wpa_s, 0); 274 else { 275 wpa_s->sched_scanning = 1; 276#ifdef ANDROID_P2P 277 wpa_supplicant_notify_scanning(wpa_s, 1); 278#endif 279 } 280 281 return ret; 282} 283 284 285static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 286{ 287 int ret; 288 289 ret = wpa_drv_stop_sched_scan(wpa_s); 290 if (ret) { 291 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 292 /* TODO: what to do if stopping fails? */ 293 return -1; 294 } 295 296 return ret; 297} 298 299 300static struct wpa_driver_scan_filter * 301wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 302{ 303 struct wpa_driver_scan_filter *ssids; 304 struct wpa_ssid *ssid; 305 size_t count; 306 307 *num_ssids = 0; 308 if (!conf->filter_ssids) 309 return NULL; 310 311 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 312 if (ssid->ssid && ssid->ssid_len) 313 count++; 314 } 315 if (count == 0) 316 return NULL; 317 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter)); 318 if (ssids == NULL) 319 return NULL; 320 321 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 322 if (!ssid->ssid || !ssid->ssid_len) 323 continue; 324 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 325 ssids[*num_ssids].ssid_len = ssid->ssid_len; 326 (*num_ssids)++; 327 } 328 329 return ssids; 330} 331 332 333static void wpa_supplicant_optimize_freqs( 334 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 335{ 336#ifdef CONFIG_P2P 337 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 338 wpa_s->go_params) { 339 /* Optimize provisioning state scan based on GO information */ 340 if (wpa_s->p2p_in_provisioning < 5 && 341 wpa_s->go_params->freq > 0) { 342 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 343 "preferred frequency %d MHz", 344 wpa_s->go_params->freq); 345 params->freqs = os_zalloc(2 * sizeof(int)); 346 if (params->freqs) 347 params->freqs[0] = wpa_s->go_params->freq; 348 } else if (wpa_s->p2p_in_provisioning < 8 && 349 wpa_s->go_params->freq_list[0]) { 350 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 351 "channels"); 352 int_array_concat(¶ms->freqs, 353 wpa_s->go_params->freq_list); 354 if (params->freqs) 355 int_array_sort_unique(params->freqs); 356 } 357 wpa_s->p2p_in_provisioning++; 358 } 359#endif /* CONFIG_P2P */ 360 361#ifdef CONFIG_WPS 362 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 363 /* 364 * Optimize post-provisioning scan based on channel used 365 * during provisioning. 366 */ 367 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 368 "that was used during provisioning", wpa_s->wps_freq); 369 params->freqs = os_zalloc(2 * sizeof(int)); 370 if (params->freqs) 371 params->freqs[0] = wpa_s->wps_freq; 372 wpa_s->after_wps--; 373 } 374 375 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 376 { 377 /* Optimize provisioning scan based on already known channel */ 378 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 379 wpa_s->wps_freq); 380 params->freqs = os_zalloc(2 * sizeof(int)); 381 if (params->freqs) 382 params->freqs[0] = wpa_s->wps_freq; 383 wpa_s->known_wps_freq = 0; /* only do this once */ 384 } 385#endif /* CONFIG_WPS */ 386} 387 388 389#ifdef CONFIG_INTERWORKING 390static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 391 struct wpabuf *buf) 392{ 393 if (wpa_s->conf->interworking == 0) 394 return; 395 396 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 397 wpabuf_put_u8(buf, 4); 398 wpabuf_put_u8(buf, 0x00); 399 wpabuf_put_u8(buf, 0x00); 400 wpabuf_put_u8(buf, 0x00); 401 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 402 403 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 404 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 405 1 + ETH_ALEN); 406 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 407 /* No Venue Info */ 408 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 409 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 410} 411#endif /* CONFIG_INTERWORKING */ 412 413 414static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 415{ 416 struct wpabuf *extra_ie = NULL; 417#ifdef CONFIG_WPS 418 int wps = 0; 419 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 420#endif /* CONFIG_WPS */ 421 422#ifdef CONFIG_INTERWORKING 423 if (wpa_s->conf->interworking && 424 wpabuf_resize(&extra_ie, 100) == 0) 425 wpas_add_interworking_elements(wpa_s, extra_ie); 426#endif /* CONFIG_INTERWORKING */ 427 428#ifdef CONFIG_WPS 429 wps = wpas_wps_in_use(wpa_s, &req_type); 430 431 if (wps) { 432 struct wpabuf *wps_ie; 433 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 434 DEV_PW_DEFAULT, 435 &wpa_s->wps->dev, 436 wpa_s->wps->uuid, req_type, 437 0, NULL); 438 if (wps_ie) { 439 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 440 wpabuf_put_buf(extra_ie, wps_ie); 441 wpabuf_free(wps_ie); 442 } 443 } 444 445#ifdef CONFIG_P2P 446 if (wps) { 447 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 448 if (wpabuf_resize(&extra_ie, ielen) == 0) 449 wpas_p2p_scan_ie(wpa_s, extra_ie); 450 } 451#endif /* CONFIG_P2P */ 452 453#endif /* CONFIG_WPS */ 454 455 return extra_ie; 456} 457 458 459#ifdef CONFIG_P2P 460 461/* 462 * Check whether there are any enabled networks or credentials that could be 463 * used for a non-P2P connection. 464 */ 465static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 466{ 467 struct wpa_ssid *ssid; 468 469 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 470 if (wpas_network_disabled(wpa_s, ssid)) 471 continue; 472 if (!ssid->p2p_group) 473 return 1; 474 } 475 476 if (wpa_s->conf->cred && wpa_s->conf->interworking && 477 wpa_s->conf->auto_interworking) 478 return 1; 479 480 return 0; 481} 482 483 484/* 485 * Find the operating frequency of any other virtual interface that is using 486 * the same radio concurrently. 487 */ 488static int shared_vif_oper_freq(struct wpa_supplicant *wpa_s) 489{ 490 const char *rn, *rn2; 491 struct wpa_supplicant *ifs; 492 u8 bssid[ETH_ALEN]; 493 494 if (!wpa_s->driver->get_radio_name) 495 return -1; 496 497 rn = wpa_s->driver->get_radio_name(wpa_s->drv_priv); 498 if (rn == NULL || rn[0] == '\0') 499 return -1; 500 501 for (ifs = wpa_s->global->ifaces; ifs; ifs = ifs->next) { 502 if (ifs == wpa_s || !ifs->driver->get_radio_name) 503 continue; 504 505 rn2 = ifs->driver->get_radio_name(ifs->drv_priv); 506 if (!rn2 || os_strcmp(rn, rn2) != 0) 507 continue; 508 509 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0) 510 continue; 511 512 if (ifs->current_ssid->mode == WPAS_MODE_AP || 513 ifs->current_ssid->mode == WPAS_MODE_P2P_GO) 514 return ifs->current_ssid->frequency; 515 if (wpa_drv_get_bssid(ifs, bssid) == 0) 516 return ifs->assoc_freq; 517 } 518 519 return 0; 520} 521 522#endif /* CONFIG_P2P */ 523 524 525static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 526{ 527 struct wpa_supplicant *wpa_s = eloop_ctx; 528 struct wpa_ssid *ssid; 529 enum scan_req_type scan_req = NORMAL_SCAN_REQ; 530 int ret; 531 struct wpabuf *extra_ie = NULL; 532 struct wpa_driver_scan_params params; 533 struct wpa_driver_scan_params *scan_params; 534 size_t max_ssids; 535 enum wpa_states prev_state; 536 537 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 538 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 539 return; 540 } 541 542 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 543 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 544 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 545 return; 546 } 547#ifdef ANDROID 548 if (wpa_s->scanning) { 549 /* If we are already in scanning state, we shall ignore this new scan request*/ 550 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - already scanning"); 551 return; 552 } 553#endif 554 if (!wpa_supplicant_enabled_networks(wpa_s) && 555 wpa_s->scan_req == NORMAL_SCAN_REQ) { 556 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 557 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 558#ifdef CONFIG_P2P 559 wpa_s->sta_scan_pending = 0; 560#endif /* CONFIG_P2P */ 561 return; 562 } 563 564 if (wpa_s->conf->ap_scan != 0 && 565 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 566 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 567 "overriding ap_scan configuration"); 568 wpa_s->conf->ap_scan = 0; 569 wpas_notify_ap_scan_changed(wpa_s); 570 } 571 572 if (wpa_s->conf->ap_scan == 0) { 573 wpa_supplicant_gen_assoc_event(wpa_s); 574 return; 575 } 576 577#ifdef CONFIG_P2P 578 if (wpas_p2p_in_progress(wpa_s)) { 579 if (wpa_s->sta_scan_pending && 580 wpas_p2p_in_progress(wpa_s) == 2 && 581 wpa_s->global->p2p_cb_on_scan_complete) { 582 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending station " 583 "mode scan during P2P search"); 584 } else { 585 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan " 586 "while P2P operation is in progress"); 587 wpa_s->sta_scan_pending = 1; 588 wpa_supplicant_req_scan(wpa_s, 5, 0); 589 return; 590 } 591 } 592#endif /* CONFIG_P2P */ 593 594 if (wpa_s->conf->ap_scan == 2) 595 max_ssids = 1; 596 else { 597 max_ssids = wpa_s->max_scan_ssids; 598 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 599 max_ssids = WPAS_MAX_SCAN_SSIDS; 600 } 601 602 scan_req = wpa_s->scan_req; 603 wpa_s->scan_req = NORMAL_SCAN_REQ; 604 605 os_memset(¶ms, 0, sizeof(params)); 606 607 prev_state = wpa_s->wpa_state; 608 if (wpa_s->wpa_state == WPA_DISCONNECTED || 609 wpa_s->wpa_state == WPA_INACTIVE) 610 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 611 612 /* 613 * If autoscan has set its own scanning parameters 614 */ 615 if (wpa_s->autoscan_params != NULL) { 616 scan_params = wpa_s->autoscan_params; 617 goto scan; 618 } 619 620 if (scan_req != MANUAL_SCAN_REQ && wpa_s->connect_without_scan) { 621 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 622 if (ssid == wpa_s->connect_without_scan) 623 break; 624 } 625 wpa_s->connect_without_scan = NULL; 626 if (ssid) { 627 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 628 "without scan step"); 629 wpa_supplicant_associate(wpa_s, NULL, ssid); 630 return; 631 } 632 } 633 634#ifdef CONFIG_P2P 635 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 636 wpa_s->go_params) { 637 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during " 638 "P2P group formation"); 639 params.ssids[0].ssid = wpa_s->go_params->ssid; 640 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 641 params.num_ssids = 1; 642 goto ssid_list_set; 643 } 644#endif /* CONFIG_P2P */ 645 646 /* Find the starting point from which to continue scanning */ 647 ssid = wpa_s->conf->ssid; 648 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 649 while (ssid) { 650 if (ssid == wpa_s->prev_scan_ssid) { 651 ssid = ssid->next; 652 break; 653 } 654 ssid = ssid->next; 655 } 656 } 657 658 if (scan_req != MANUAL_SCAN_REQ && wpa_s->conf->ap_scan == 2) { 659 wpa_s->connect_without_scan = NULL; 660 wpa_s->prev_scan_wildcard = 0; 661 wpa_supplicant_assoc_try(wpa_s, ssid); 662 return; 663#ifndef ANDROID 664 } else if (wpa_s->conf->ap_scan == 2) { 665 /* 666 * User-initiated scan request in ap_scan == 2; scan with 667 * wildcard SSID. 668 */ 669 ssid = NULL; 670#endif 671 } else { 672 struct wpa_ssid *start = ssid, *tssid; 673 int freqs_set = 0; 674 if (ssid == NULL && max_ssids > 1) 675 ssid = wpa_s->conf->ssid; 676 while (ssid) { 677 if (!wpas_network_disabled(wpa_s, ssid) && 678 ssid->scan_ssid) { 679 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 680 ssid->ssid, ssid->ssid_len); 681 params.ssids[params.num_ssids].ssid = 682 ssid->ssid; 683 params.ssids[params.num_ssids].ssid_len = 684 ssid->ssid_len; 685 params.num_ssids++; 686 if (params.num_ssids + 1 >= max_ssids) 687 break; 688 } 689 ssid = ssid->next; 690 if (ssid == start) 691 break; 692 if (ssid == NULL && max_ssids > 1 && 693 start != wpa_s->conf->ssid) 694 ssid = wpa_s->conf->ssid; 695 } 696 697 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) { 698 if (wpas_network_disabled(wpa_s, tssid)) 699 continue; 700 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 701 int_array_concat(¶ms.freqs, 702 tssid->scan_freq); 703 } else { 704 os_free(params.freqs); 705 params.freqs = NULL; 706 } 707 freqs_set = 1; 708 } 709 int_array_sort_unique(params.freqs); 710 } 711 712 if (ssid && max_ssids == 1) { 713 /* 714 * If the driver is limited to 1 SSID at a time interleave 715 * wildcard SSID scans with specific SSID scans to avoid 716 * waiting a long time for a wildcard scan. 717 */ 718 if (!wpa_s->prev_scan_wildcard) { 719 params.ssids[0].ssid = NULL; 720 params.ssids[0].ssid_len = 0; 721 wpa_s->prev_scan_wildcard = 1; 722 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 723 "wildcard SSID (Interleave with specific)"); 724 } else { 725 wpa_s->prev_scan_ssid = ssid; 726 wpa_s->prev_scan_wildcard = 0; 727 wpa_dbg(wpa_s, MSG_DEBUG, 728 "Starting AP scan for specific SSID: %s", 729 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 730 } 731 } else if (ssid) { 732 /* max_ssids > 1 */ 733 734 wpa_s->prev_scan_ssid = ssid; 735 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 736 "the scan request"); 737 params.num_ssids++; 738 } else { 739 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 740 params.num_ssids++; 741 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 742 "SSID"); 743 } 744#ifdef CONFIG_P2P 745ssid_list_set: 746#endif /* CONFIG_P2P */ 747 748 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 749 extra_ie = wpa_supplicant_extra_ies(wpa_s); 750 751#ifdef CONFIG_HS20 752 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 753 wpas_hs20_add_indication(extra_ie); 754#endif /* CONFIG_HS20 */ 755 756 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 757 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 758 "generated frequency list"); 759 params.freqs = wpa_s->next_scan_freqs; 760 } else 761 os_free(wpa_s->next_scan_freqs); 762 wpa_s->next_scan_freqs = NULL; 763 764 params.filter_ssids = wpa_supplicant_build_filter_ssids( 765 wpa_s->conf, ¶ms.num_filter_ssids); 766 if (extra_ie) { 767 params.extra_ies = wpabuf_head(extra_ie); 768 params.extra_ies_len = wpabuf_len(extra_ie); 769 } 770 771#ifdef CONFIG_P2P 772 if (wpa_s->p2p_in_provisioning || 773 (wpa_s->show_group_started && wpa_s->go_params)) { 774 /* 775 * The interface may not yet be in P2P mode, so we have to 776 * explicitly request P2P probe to disable CCK rates. 777 */ 778 params.p2p_probe = 1; 779 } 780#endif /* CONFIG_P2P */ 781 782 scan_params = ¶ms; 783 784scan: 785#ifdef CONFIG_P2P 786 /* 787 * If the driver does not support multi-channel concurrency and a 788 * virtual interface that shares the same radio with the wpa_s interface 789 * is operating there may not be need to scan other channels apart from 790 * the current operating channel on the other virtual interface. Filter 791 * out other channels in case we are trying to find a connection for a 792 * station interface when we are not configured to prefer station 793 * connection and a concurrent operation is already in process. 794 */ 795 if (wpa_s->scan_for_connection && scan_req == NORMAL_SCAN_REQ && 796 !scan_params->freqs && !params.freqs && 797 wpas_is_p2p_prioritized(wpa_s) && 798 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MULTI_CHANNEL_CONCURRENT) && 799 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 800 non_p2p_network_enabled(wpa_s)) { 801 int freq = shared_vif_oper_freq(wpa_s); 802 if (freq > 0) { 803 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only the current " 804 "operating channel (%d MHz) since driver does " 805 "not support multi-channel concurrency", freq); 806 params.freqs = os_zalloc(sizeof(int) * 2); 807 if (params.freqs) 808 params.freqs[0] = freq; 809 scan_params->freqs = params.freqs; 810 } 811 } 812#endif /* CONFIG_P2P */ 813 814 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 815 816 wpabuf_free(extra_ie); 817 os_free(params.freqs); 818 os_free(params.filter_ssids); 819 820 if (ret) { 821 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 822 if (prev_state != wpa_s->wpa_state) 823 wpa_supplicant_set_state(wpa_s, prev_state); 824 /* Restore scan_req since we will try to scan again */ 825 wpa_s->scan_req = scan_req; 826 wpa_supplicant_req_scan(wpa_s, 1, 0); 827 } else { 828 wpa_s->scan_for_connection = 0; 829 } 830} 831 832 833void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 834{ 835 struct os_time remaining, new_int; 836 int cancelled; 837 838 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 839 &remaining); 840 841 new_int.sec = sec; 842 new_int.usec = 0; 843 if (cancelled && os_time_before(&remaining, &new_int)) { 844 new_int.sec = remaining.sec; 845 new_int.usec = remaining.usec; 846 } 847 848 eloop_register_timeout(new_int.sec, new_int.usec, wpa_supplicant_scan, 849 wpa_s, NULL); 850 wpa_s->scan_interval = sec; 851} 852 853 854/** 855 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 856 * @wpa_s: Pointer to wpa_supplicant data 857 * @sec: Number of seconds after which to scan 858 * @usec: Number of microseconds after which to scan 859 * 860 * This function is used to schedule a scan for neighboring access points after 861 * the specified time. 862 */ 863void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 864{ 865#ifndef ANDROID 866 /* If there's at least one network that should be specifically scanned 867 * then don't cancel the scan and reschedule. Some drivers do 868 * background scanning which generates frequent scan results, and that 869 * causes the specific SSID scan to get continually pushed back and 870 * never happen, which causes hidden APs to never get probe-scanned. 871 */ 872 if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) && 873 wpa_s->conf->ap_scan == 1) { 874 struct wpa_ssid *ssid = wpa_s->conf->ssid; 875 876 while (ssid) { 877 if (!wpas_network_disabled(wpa_s, ssid) && 878 ssid->scan_ssid) 879 break; 880 ssid = ssid->next; 881 } 882 if (ssid) { 883 wpa_dbg(wpa_s, MSG_DEBUG, "Not rescheduling scan to " 884 "ensure that specific SSID scans occur"); 885 return; 886 } 887 } 888#endif 889 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec", 890 sec, usec); 891 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 892 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 893} 894 895 896/** 897 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 898 * @wpa_s: Pointer to wpa_supplicant data 899 * @sec: Number of seconds after which to scan 900 * @usec: Number of microseconds after which to scan 901 * Returns: 0 on success or -1 otherwise 902 * 903 * This function is used to schedule periodic scans for neighboring 904 * access points after the specified time. 905 */ 906int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 907 int sec, int usec) 908{ 909 if (!wpa_s->sched_scan_supported) 910 return -1; 911 912 eloop_register_timeout(sec, usec, 913 wpa_supplicant_delayed_sched_scan_timeout, 914 wpa_s, NULL); 915 916 return 0; 917} 918 919 920/** 921 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 922 * @wpa_s: Pointer to wpa_supplicant data 923 * Returns: 0 is sched_scan was started or -1 otherwise 924 * 925 * This function is used to schedule periodic scans for neighboring 926 * access points repeating the scan continuously. 927 */ 928int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 929{ 930 struct wpa_driver_scan_params params; 931 struct wpa_driver_scan_params *scan_params; 932 enum wpa_states prev_state; 933 struct wpa_ssid *ssid = NULL; 934 struct wpabuf *extra_ie = NULL; 935 int ret; 936 unsigned int max_sched_scan_ssids; 937 int wildcard = 0; 938 int need_ssids; 939 940 if (!wpa_s->sched_scan_supported) 941 return -1; 942 943 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 944 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 945 else 946 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 947 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 948 return -1; 949 950 if (wpa_s->sched_scanning) { 951 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 952 return 0; 953 } 954 955 need_ssids = 0; 956 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 957 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 958 /* Use wildcard SSID to find this network */ 959 wildcard = 1; 960 } else if (!wpas_network_disabled(wpa_s, ssid) && 961 ssid->ssid_len) 962 need_ssids++; 963 964#ifdef CONFIG_WPS 965 if (!wpas_network_disabled(wpa_s, ssid) && 966 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 967 /* 968 * Normal scan is more reliable and faster for WPS 969 * operations and since these are for short periods of 970 * time, the benefit of trying to use sched_scan would 971 * be limited. 972 */ 973 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 974 "sched_scan for WPS"); 975 return -1; 976 } 977#endif /* CONFIG_WPS */ 978 } 979 if (wildcard) 980 need_ssids++; 981 982 if (wpa_s->normal_scans < 3 && 983 (need_ssids <= wpa_s->max_scan_ssids || 984 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 985 /* 986 * When normal scan can speed up operations, use that for the 987 * first operations before starting the sched_scan to allow 988 * user space sleep more. We do this only if the normal scan 989 * has functionality that is suitable for this or if the 990 * sched_scan does not have better support for multiple SSIDs. 991 */ 992 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 993 "sched_scan for initial scans (normal_scans=%d)", 994 wpa_s->normal_scans); 995 return -1; 996 } 997 998 os_memset(¶ms, 0, sizeof(params)); 999 1000 /* If we can't allocate space for the filters, we just don't filter */ 1001 params.filter_ssids = os_zalloc(wpa_s->max_match_sets * 1002 sizeof(struct wpa_driver_scan_filter)); 1003 1004 prev_state = wpa_s->wpa_state; 1005#ifndef ANDROID_P2P 1006 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1007 wpa_s->wpa_state == WPA_INACTIVE) 1008 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1009#endif 1010 1011 if (wpa_s->autoscan_params != NULL) { 1012 scan_params = wpa_s->autoscan_params; 1013 goto scan; 1014 } 1015 1016 /* Find the starting point from which to continue scanning */ 1017 ssid = wpa_s->conf->ssid; 1018 if (wpa_s->prev_sched_ssid) { 1019 while (ssid) { 1020 if (ssid == wpa_s->prev_sched_ssid) { 1021 ssid = ssid->next; 1022 break; 1023 } 1024 ssid = ssid->next; 1025 } 1026 } 1027 1028 if (!ssid || !wpa_s->prev_sched_ssid) { 1029 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1030 1031 if (wpa_s->sched_scan_interval == 0) 1032 wpa_s->sched_scan_interval = 10; 1033 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1034 wpa_s->first_sched_scan = 1; 1035 ssid = wpa_s->conf->ssid; 1036 wpa_s->prev_sched_ssid = ssid; 1037 } 1038 1039 if (wildcard) { 1040 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1041 params.num_ssids++; 1042 } 1043 1044 while (ssid) { 1045 if (wpas_network_disabled(wpa_s, ssid)) 1046 goto next; 1047 1048 if (params.num_filter_ssids < wpa_s->max_match_sets && 1049 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1050 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1051 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1052 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1053 ssid->ssid, ssid->ssid_len); 1054 params.filter_ssids[params.num_filter_ssids].ssid_len = 1055 ssid->ssid_len; 1056 params.num_filter_ssids++; 1057 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1058 { 1059 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1060 "filter for sched_scan - drop filter"); 1061 os_free(params.filter_ssids); 1062 params.filter_ssids = NULL; 1063 params.num_filter_ssids = 0; 1064 } 1065 1066 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1067 if (params.num_ssids == max_sched_scan_ssids) 1068 break; /* only room for broadcast SSID */ 1069 wpa_dbg(wpa_s, MSG_DEBUG, 1070 "add to active scan ssid: %s", 1071 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1072 params.ssids[params.num_ssids].ssid = 1073 ssid->ssid; 1074 params.ssids[params.num_ssids].ssid_len = 1075 ssid->ssid_len; 1076 params.num_ssids++; 1077 if (params.num_ssids >= max_sched_scan_ssids) { 1078 wpa_s->prev_sched_ssid = ssid; 1079 do { 1080 ssid = ssid->next; 1081 } while (ssid && 1082 (wpas_network_disabled(wpa_s, ssid) || 1083 !ssid->scan_ssid)); 1084 break; 1085 } 1086 } 1087 1088 next: 1089 wpa_s->prev_sched_ssid = ssid; 1090 ssid = ssid->next; 1091 } 1092 1093 if (params.num_filter_ssids == 0) { 1094 os_free(params.filter_ssids); 1095 params.filter_ssids = NULL; 1096 } 1097 1098 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1099 if (extra_ie) { 1100 params.extra_ies = wpabuf_head(extra_ie); 1101 params.extra_ies_len = wpabuf_len(extra_ie); 1102 } 1103 1104 scan_params = ¶ms; 1105 1106scan: 1107 if (ssid || !wpa_s->first_sched_scan) { 1108 wpa_dbg(wpa_s, MSG_DEBUG, 1109 "Starting sched scan: interval %d timeout %d", 1110 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1111 } else { 1112 wpa_dbg(wpa_s, MSG_DEBUG, 1113 "Starting sched scan: interval %d (no timeout)", 1114 wpa_s->sched_scan_interval); 1115 } 1116 1117 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1118 wpa_s->sched_scan_interval); 1119 wpabuf_free(extra_ie); 1120 os_free(params.filter_ssids); 1121 if (ret) { 1122 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1123 if (prev_state != wpa_s->wpa_state) 1124 wpa_supplicant_set_state(wpa_s, prev_state); 1125 return ret; 1126 } 1127 1128 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1129 if (ssid || !wpa_s->first_sched_scan) { 1130 wpa_s->sched_scan_timed_out = 0; 1131 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1132 wpa_supplicant_sched_scan_timeout, 1133 wpa_s, NULL); 1134 wpa_s->first_sched_scan = 0; 1135 wpa_s->sched_scan_timeout /= 2; 1136 wpa_s->sched_scan_interval *= 2; 1137 } 1138 1139 return 0; 1140} 1141 1142 1143/** 1144 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1145 * @wpa_s: Pointer to wpa_supplicant data 1146 * 1147 * This function is used to cancel a scan request scheduled with 1148 * wpa_supplicant_req_scan(). 1149 */ 1150void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1151{ 1152 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1153 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1154#ifdef ANDROID 1155 wpa_supplicant_notify_scanning(wpa_s, 0); 1156#endif 1157} 1158 1159 1160/** 1161 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1162 * @wpa_s: Pointer to wpa_supplicant data 1163 * 1164 * This function is used to stop a periodic scheduled scan. 1165 */ 1166void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1167{ 1168 if (!wpa_s->sched_scanning) 1169 return; 1170 1171 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1172 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1173 wpa_supplicant_stop_sched_scan(wpa_s); 1174} 1175 1176 1177/** 1178 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1179 * @wpa_s: Pointer to wpa_supplicant data 1180 * @scanning: Whether scanning is currently in progress 1181 * 1182 * This function is to generate scanning notifycations. It is called whenever 1183 * there may have been a change in scanning (scan started, completed, stopped). 1184 * wpas_notify_scanning() is called whenever the scanning state changed from the 1185 * previously notified state. 1186 */ 1187void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1188 int scanning) 1189{ 1190 if (wpa_s->scanning != scanning) { 1191#ifdef ANDROID_P2P 1192 if(!wpa_s->sched_scanning) 1193 wpa_s->scanning = scanning; 1194#else 1195 wpa_s->scanning = scanning; 1196#endif 1197 wpas_notify_scanning(wpa_s); 1198 } 1199} 1200 1201 1202static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1203{ 1204 int rate = 0; 1205 const u8 *ie; 1206 int i; 1207 1208 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1209 for (i = 0; ie && i < ie[1]; i++) { 1210 if ((ie[i + 2] & 0x7f) > rate) 1211 rate = ie[i + 2] & 0x7f; 1212 } 1213 1214 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1215 for (i = 0; ie && i < ie[1]; i++) { 1216 if ((ie[i + 2] & 0x7f) > rate) 1217 rate = ie[i + 2] & 0x7f; 1218 } 1219 1220 return rate; 1221} 1222 1223 1224/** 1225 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1226 * @res: Scan result entry 1227 * @ie: Information element identitifier (WLAN_EID_*) 1228 * Returns: Pointer to the information element (id field) or %NULL if not found 1229 * 1230 * This function returns the first matching information element in the scan 1231 * result. 1232 */ 1233const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1234{ 1235 const u8 *end, *pos; 1236 1237 pos = (const u8 *) (res + 1); 1238 end = pos + res->ie_len; 1239 1240 while (pos + 1 < end) { 1241 if (pos + 2 + pos[1] > end) 1242 break; 1243 if (pos[0] == ie) 1244 return pos; 1245 pos += 2 + pos[1]; 1246 } 1247 1248 return NULL; 1249} 1250 1251 1252/** 1253 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1254 * @res: Scan result entry 1255 * @vendor_type: Vendor type (four octets starting the IE payload) 1256 * Returns: Pointer to the information element (id field) or %NULL if not found 1257 * 1258 * This function returns the first matching information element in the scan 1259 * result. 1260 */ 1261const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1262 u32 vendor_type) 1263{ 1264 const u8 *end, *pos; 1265 1266 pos = (const u8 *) (res + 1); 1267 end = pos + res->ie_len; 1268 1269 while (pos + 1 < end) { 1270 if (pos + 2 + pos[1] > end) 1271 break; 1272 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1273 vendor_type == WPA_GET_BE32(&pos[2])) 1274 return pos; 1275 pos += 2 + pos[1]; 1276 } 1277 1278 return NULL; 1279} 1280 1281 1282/** 1283 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1284 * @res: Scan result entry 1285 * @vendor_type: Vendor type (four octets starting the IE payload) 1286 * Returns: Pointer to the information element payload or %NULL if not found 1287 * 1288 * This function returns concatenated payload of possibly fragmented vendor 1289 * specific information elements in the scan result. The caller is responsible 1290 * for freeing the returned buffer. 1291 */ 1292struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1293 u32 vendor_type) 1294{ 1295 struct wpabuf *buf; 1296 const u8 *end, *pos; 1297 1298 buf = wpabuf_alloc(res->ie_len); 1299 if (buf == NULL) 1300 return NULL; 1301 1302 pos = (const u8 *) (res + 1); 1303 end = pos + res->ie_len; 1304 1305 while (pos + 1 < end) { 1306 if (pos + 2 + pos[1] > end) 1307 break; 1308 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1309 vendor_type == WPA_GET_BE32(&pos[2])) 1310 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1311 pos += 2 + pos[1]; 1312 } 1313 1314 if (wpabuf_len(buf) == 0) { 1315 wpabuf_free(buf); 1316 buf = NULL; 1317 } 1318 1319 return buf; 1320} 1321 1322 1323/* 1324 * Channels with a great SNR can operate at full rate. What is a great SNR? 1325 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1326 * rule of thumb is that any SNR above 20 is good." This one 1327 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1328 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1329 * conservative value. 1330 */ 1331#define GREAT_SNR 30 1332 1333/* Compare function for sorting scan results. Return >0 if @b is considered 1334 * better. */ 1335static int wpa_scan_result_compar(const void *a, const void *b) 1336{ 1337#define IS_5GHZ(n) (n > 4000) 1338#define MIN(a,b) a < b ? a : b 1339 struct wpa_scan_res **_wa = (void *) a; 1340 struct wpa_scan_res **_wb = (void *) b; 1341 struct wpa_scan_res *wa = *_wa; 1342 struct wpa_scan_res *wb = *_wb; 1343 int wpa_a, wpa_b, maxrate_a, maxrate_b; 1344 int snr_a, snr_b; 1345 1346 /* WPA/WPA2 support preferred */ 1347 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1348 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1349 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1350 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1351 1352 if (wpa_b && !wpa_a) 1353 return 1; 1354 if (!wpa_b && wpa_a) 1355 return -1; 1356 1357 /* privacy support preferred */ 1358 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1359 (wb->caps & IEEE80211_CAP_PRIVACY)) 1360 return 1; 1361 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1362 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1363 return -1; 1364 1365 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) && 1366 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) { 1367 snr_a = MIN(wa->level - wa->noise, GREAT_SNR); 1368 snr_b = MIN(wb->level - wb->noise, GREAT_SNR); 1369 } else { 1370 /* Not suitable information to calculate SNR, so use level */ 1371 snr_a = wa->level; 1372 snr_b = wb->level; 1373 } 1374 1375 /* best/max rate preferred if SNR close enough */ 1376 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1377 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1378 maxrate_a = wpa_scan_get_max_rate(wa); 1379 maxrate_b = wpa_scan_get_max_rate(wb); 1380 if (maxrate_a != maxrate_b) 1381 return maxrate_b - maxrate_a; 1382 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1383 return IS_5GHZ(wa->freq) ? -1 : 1; 1384 } 1385 1386 /* use freq for channel preference */ 1387 1388 /* all things being equal, use SNR; if SNRs are 1389 * identical, use quality values since some drivers may only report 1390 * that value and leave the signal level zero */ 1391 if (snr_b == snr_a) 1392 return wb->qual - wa->qual; 1393 return snr_b - snr_a; 1394#undef MIN 1395#undef IS_5GHZ 1396} 1397 1398 1399#ifdef CONFIG_WPS 1400/* Compare function for sorting scan results when searching a WPS AP for 1401 * provisioning. Return >0 if @b is considered better. */ 1402static int wpa_scan_result_wps_compar(const void *a, const void *b) 1403{ 1404 struct wpa_scan_res **_wa = (void *) a; 1405 struct wpa_scan_res **_wb = (void *) b; 1406 struct wpa_scan_res *wa = *_wa; 1407 struct wpa_scan_res *wb = *_wb; 1408 int uses_wps_a, uses_wps_b; 1409 struct wpabuf *wps_a, *wps_b; 1410 int res; 1411 1412 /* Optimization - check WPS IE existence before allocated memory and 1413 * doing full reassembly. */ 1414 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1415 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1416 if (uses_wps_a && !uses_wps_b) 1417 return -1; 1418 if (!uses_wps_a && uses_wps_b) 1419 return 1; 1420 1421 if (uses_wps_a && uses_wps_b) { 1422 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1423 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1424 res = wps_ap_priority_compar(wps_a, wps_b); 1425 wpabuf_free(wps_a); 1426 wpabuf_free(wps_b); 1427 if (res) 1428 return res; 1429 } 1430 1431 /* 1432 * Do not use current AP security policy as a sorting criteria during 1433 * WPS provisioning step since the AP may get reconfigured at the 1434 * completion of provisioning. 1435 */ 1436 1437 /* all things being equal, use signal level; if signal levels are 1438 * identical, use quality values since some drivers may only report 1439 * that value and leave the signal level zero */ 1440 if (wb->level == wa->level) 1441 return wb->qual - wa->qual; 1442 return wb->level - wa->level; 1443} 1444#endif /* CONFIG_WPS */ 1445 1446 1447static void dump_scan_res(struct wpa_scan_results *scan_res) 1448{ 1449#ifndef CONFIG_NO_STDOUT_DEBUG 1450 size_t i; 1451 1452 if (scan_res->res == NULL || scan_res->num == 0) 1453 return; 1454 1455 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1456 1457 for (i = 0; i < scan_res->num; i++) { 1458 struct wpa_scan_res *r = scan_res->res[i]; 1459 u8 *pos; 1460 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID)) 1461 == WPA_SCAN_LEVEL_DBM) { 1462 int snr = r->level - r->noise; 1463 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1464 "noise=%d level=%d snr=%d%s flags=0x%x", 1465 MAC2STR(r->bssid), r->freq, r->qual, 1466 r->noise, r->level, snr, 1467 snr >= GREAT_SNR ? "*" : "", r->flags); 1468 } else { 1469 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1470 "noise=%d level=%d flags=0x%x", 1471 MAC2STR(r->bssid), r->freq, r->qual, 1472 r->noise, r->level, r->flags); 1473 } 1474 pos = (u8 *) (r + 1); 1475 if (r->ie_len) 1476 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1477 pos += r->ie_len; 1478 if (r->beacon_ie_len) 1479 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1480 pos, r->beacon_ie_len); 1481 } 1482#endif /* CONFIG_NO_STDOUT_DEBUG */ 1483} 1484 1485 1486/** 1487 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1488 * @wpa_s: Pointer to wpa_supplicant data 1489 * @bssid: BSSID to check 1490 * Returns: 0 if the BSSID is filtered or 1 if not 1491 * 1492 * This function is used to filter out specific BSSIDs from scan reslts mainly 1493 * for testing purposes (SET bssid_filter ctrl_iface command). 1494 */ 1495int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1496 const u8 *bssid) 1497{ 1498 size_t i; 1499 1500 if (wpa_s->bssid_filter == NULL) 1501 return 1; 1502 1503 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1504 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1505 ETH_ALEN) == 0) 1506 return 1; 1507 } 1508 1509 return 0; 1510} 1511 1512 1513static void filter_scan_res(struct wpa_supplicant *wpa_s, 1514 struct wpa_scan_results *res) 1515{ 1516 size_t i, j; 1517 1518 if (wpa_s->bssid_filter == NULL) 1519 return; 1520 1521 for (i = 0, j = 0; i < res->num; i++) { 1522 if (wpa_supplicant_filter_bssid_match(wpa_s, 1523 res->res[i]->bssid)) { 1524 res->res[j++] = res->res[i]; 1525 } else { 1526 os_free(res->res[i]); 1527 res->res[i] = NULL; 1528 } 1529 } 1530 1531 if (res->num != j) { 1532 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1533 (int) (res->num - j)); 1534 res->num = j; 1535 } 1536} 1537 1538 1539/** 1540 * wpa_supplicant_get_scan_results - Get scan results 1541 * @wpa_s: Pointer to wpa_supplicant data 1542 * @info: Information about what was scanned or %NULL if not available 1543 * @new_scan: Whether a new scan was performed 1544 * Returns: Scan results, %NULL on failure 1545 * 1546 * This function request the current scan results from the driver and updates 1547 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 1548 * results with wpa_scan_results_free(). 1549 */ 1550struct wpa_scan_results * 1551wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 1552 struct scan_info *info, int new_scan) 1553{ 1554 struct wpa_scan_results *scan_res; 1555 size_t i; 1556 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 1557 1558 scan_res = wpa_drv_get_scan_results2(wpa_s); 1559 if (scan_res == NULL) { 1560 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 1561 return NULL; 1562 } 1563 filter_scan_res(wpa_s, scan_res); 1564 1565#ifdef CONFIG_WPS 1566 if (wpas_wps_in_progress(wpa_s)) { 1567 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 1568 "provisioning rules"); 1569 compar = wpa_scan_result_wps_compar; 1570 } 1571#endif /* CONFIG_WPS */ 1572 1573 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 1574 compar); 1575 dump_scan_res(scan_res); 1576 1577 wpa_bss_update_start(wpa_s); 1578 for (i = 0; i < scan_res->num; i++) 1579 wpa_bss_update_scan_res(wpa_s, scan_res->res[i]); 1580 wpa_bss_update_end(wpa_s, info, new_scan); 1581 1582 return scan_res; 1583} 1584 1585 1586/** 1587 * wpa_supplicant_update_scan_results - Update scan results from the driver 1588 * @wpa_s: Pointer to wpa_supplicant data 1589 * Returns: 0 on success, -1 on failure 1590 * 1591 * This function updates the BSS table within wpa_supplicant based on the 1592 * currently available scan results from the driver without requesting a new 1593 * scan. This is used in cases where the driver indicates an association 1594 * (including roaming within ESS) and wpa_supplicant does not yet have the 1595 * needed information to complete the connection (e.g., to perform validation 1596 * steps in 4-way handshake). 1597 */ 1598int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 1599{ 1600 struct wpa_scan_results *scan_res; 1601 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 1602 if (scan_res == NULL) 1603 return -1; 1604 wpa_scan_results_free(scan_res); 1605 1606 return 0; 1607} 1608 1609 1610/** 1611 * scan_only_handler - Reports scan results 1612 */ 1613void scan_only_handler(struct wpa_supplicant *wpa_s, 1614 struct wpa_scan_results *scan_res) 1615{ 1616 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 1617 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 1618 wpas_notify_scan_results(wpa_s); 1619 wpas_notify_scan_done(wpa_s, 1); 1620} 1621