1/* 2 * BSS table 3 * Copyright (c) 2009-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "utils/eloop.h" 13#include "common/ieee802_11_defs.h" 14#include "drivers/driver.h" 15#include "wpa_supplicant_i.h" 16#include "config.h" 17#include "notify.h" 18#include "scan.h" 19#include "bss.h" 20 21 22/** 23 * WPA_BSS_EXPIRATION_PERIOD - Period of expiration run in seconds 24 */ 25#define WPA_BSS_EXPIRATION_PERIOD 10 26 27#define WPA_BSS_FREQ_CHANGED_FLAG BIT(0) 28#define WPA_BSS_SIGNAL_CHANGED_FLAG BIT(1) 29#define WPA_BSS_PRIVACY_CHANGED_FLAG BIT(2) 30#define WPA_BSS_MODE_CHANGED_FLAG BIT(3) 31#define WPA_BSS_WPAIE_CHANGED_FLAG BIT(4) 32#define WPA_BSS_RSNIE_CHANGED_FLAG BIT(5) 33#define WPA_BSS_WPS_CHANGED_FLAG BIT(6) 34#define WPA_BSS_RATES_CHANGED_FLAG BIT(7) 35#define WPA_BSS_IES_CHANGED_FLAG BIT(8) 36 37 38static void wpa_bss_set_hessid(struct wpa_bss *bss) 39{ 40#ifdef CONFIG_INTERWORKING 41 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING); 42 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) { 43 os_memset(bss->hessid, 0, ETH_ALEN); 44 return; 45 } 46 if (ie[1] == 7) 47 os_memcpy(bss->hessid, ie + 3, ETH_ALEN); 48 else 49 os_memcpy(bss->hessid, ie + 5, ETH_ALEN); 50#endif /* CONFIG_INTERWORKING */ 51} 52 53 54/** 55 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry 56 * Returns: Allocated ANQP data structure or %NULL on failure 57 * 58 * The allocated ANQP data structure has its users count set to 1. It may be 59 * shared by multiple BSS entries and each shared entry is freed with 60 * wpa_bss_anqp_free(). 61 */ 62struct wpa_bss_anqp * wpa_bss_anqp_alloc(void) 63{ 64 struct wpa_bss_anqp *anqp; 65 anqp = os_zalloc(sizeof(*anqp)); 66 if (anqp == NULL) 67 return NULL; 68 anqp->users = 1; 69 return anqp; 70} 71 72 73/** 74 * wpa_bss_anqp_clone - Clone an ANQP data structure 75 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() 76 * Returns: Cloned ANQP data structure or %NULL on failure 77 */ 78static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp) 79{ 80 struct wpa_bss_anqp *n; 81 82 n = os_zalloc(sizeof(*n)); 83 if (n == NULL) 84 return NULL; 85 86#define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f) 87#ifdef CONFIG_INTERWORKING 88 ANQP_DUP(venue_name); 89 ANQP_DUP(network_auth_type); 90 ANQP_DUP(roaming_consortium); 91 ANQP_DUP(ip_addr_type_availability); 92 ANQP_DUP(nai_realm); 93 ANQP_DUP(anqp_3gpp); 94 ANQP_DUP(domain_name); 95#endif /* CONFIG_INTERWORKING */ 96#ifdef CONFIG_HS20 97 ANQP_DUP(hs20_operator_friendly_name); 98 ANQP_DUP(hs20_wan_metrics); 99 ANQP_DUP(hs20_connection_capability); 100 ANQP_DUP(hs20_operating_class); 101#endif /* CONFIG_HS20 */ 102#undef ANQP_DUP 103 104 return n; 105} 106 107 108/** 109 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry 110 * @bss: BSS entry 111 * Returns: 0 on success, -1 on failure 112 * 113 * This function ensures the specific BSS entry has an ANQP data structure that 114 * is not shared with any other BSS entry. 115 */ 116int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss) 117{ 118 struct wpa_bss_anqp *anqp; 119 120 if (bss->anqp && bss->anqp->users > 1) { 121 /* allocated, but shared - clone an unshared copy */ 122 anqp = wpa_bss_anqp_clone(bss->anqp); 123 if (anqp == NULL) 124 return -1; 125 anqp->users = 1; 126 bss->anqp->users--; 127 bss->anqp = anqp; 128 return 0; 129 } 130 131 if (bss->anqp) 132 return 0; /* already allocated and not shared */ 133 134 /* not allocated - allocate a new storage area */ 135 bss->anqp = wpa_bss_anqp_alloc(); 136 return bss->anqp ? 0 : -1; 137} 138 139 140/** 141 * wpa_bss_anqp_free - Free an ANQP data structure 142 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone() 143 */ 144static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp) 145{ 146 if (anqp == NULL) 147 return; 148 149 anqp->users--; 150 if (anqp->users > 0) { 151 /* Another BSS entry holds a pointer to this ANQP info */ 152 return; 153 } 154 155#ifdef CONFIG_INTERWORKING 156 wpabuf_free(anqp->venue_name); 157 wpabuf_free(anqp->network_auth_type); 158 wpabuf_free(anqp->roaming_consortium); 159 wpabuf_free(anqp->ip_addr_type_availability); 160 wpabuf_free(anqp->nai_realm); 161 wpabuf_free(anqp->anqp_3gpp); 162 wpabuf_free(anqp->domain_name); 163#endif /* CONFIG_INTERWORKING */ 164#ifdef CONFIG_HS20 165 wpabuf_free(anqp->hs20_operator_friendly_name); 166 wpabuf_free(anqp->hs20_wan_metrics); 167 wpabuf_free(anqp->hs20_connection_capability); 168 wpabuf_free(anqp->hs20_operating_class); 169#endif /* CONFIG_HS20 */ 170 171 os_free(anqp); 172} 173 174 175static void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 176 const char *reason) 177{ 178 if (wpa_s->last_scan_res) { 179 unsigned int i; 180 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 181 if (wpa_s->last_scan_res[i] == bss) { 182 os_memmove(&wpa_s->last_scan_res[i], 183 &wpa_s->last_scan_res[i + 1], 184 (wpa_s->last_scan_res_used - i - 1) 185 * sizeof(struct wpa_bss *)); 186 wpa_s->last_scan_res_used--; 187 break; 188 } 189 } 190 } 191 dl_list_del(&bss->list); 192 dl_list_del(&bss->list_id); 193 wpa_s->num_bss--; 194 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR 195 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid), 196 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason); 197 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id); 198 wpa_bss_anqp_free(bss->anqp); 199 os_free(bss); 200} 201 202 203/** 204 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID 205 * @wpa_s: Pointer to wpa_supplicant data 206 * @bssid: BSSID 207 * @ssid: SSID 208 * @ssid_len: Length of @ssid 209 * Returns: Pointer to the BSS entry or %NULL if not found 210 */ 211struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid, 212 const u8 *ssid, size_t ssid_len) 213{ 214 struct wpa_bss *bss; 215 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 216 return NULL; 217 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 218 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 && 219 bss->ssid_len == ssid_len && 220 os_memcmp(bss->ssid, ssid, ssid_len) == 0) 221 return bss; 222 } 223 return NULL; 224} 225 226 227static void calculate_update_time(const struct os_time *fetch_time, 228 unsigned int age_ms, 229 struct os_time *update_time) 230{ 231 os_time_t usec; 232 233 update_time->sec = fetch_time->sec; 234 update_time->usec = fetch_time->usec; 235 update_time->sec -= age_ms / 1000; 236 usec = (age_ms % 1000) * 1000; 237 if (update_time->usec < usec) { 238 update_time->sec--; 239 update_time->usec += 1000000; 240 } 241 update_time->usec -= usec; 242} 243 244 245static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, 246 struct os_time *fetch_time) 247{ 248 dst->flags = src->flags; 249 os_memcpy(dst->bssid, src->bssid, ETH_ALEN); 250 dst->freq = src->freq; 251 dst->beacon_int = src->beacon_int; 252 dst->caps = src->caps; 253 dst->qual = src->qual; 254 dst->noise = src->noise; 255 dst->level = src->level; 256 dst->tsf = src->tsf; 257 258 calculate_update_time(fetch_time, src->age, &dst->last_update); 259} 260 261 262static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 263{ 264 struct wpa_ssid *ssid; 265 266 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 267 if (ssid->ssid == NULL || ssid->ssid_len == 0) 268 continue; 269 if (ssid->ssid_len == bss->ssid_len && 270 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0) 271 return 1; 272 } 273 274 return 0; 275} 276 277 278static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 279{ 280 return bss == wpa_s->current_bss || 281 os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 || 282 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0; 283} 284 285 286static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s) 287{ 288 struct wpa_bss *bss; 289 290 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 291 if (!wpa_bss_known(wpa_s, bss)) { 292 wpa_bss_remove(wpa_s, bss, __func__); 293 return 0; 294 } 295 } 296 297 return -1; 298} 299 300 301static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s) 302{ 303 struct wpa_bss *bss; 304 305 /* 306 * Remove the oldest entry that does not match with any configured 307 * network. 308 */ 309 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0) 310 return 0; 311 312 /* 313 * Remove the oldest entry that isn't currently in use. 314 */ 315 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 316 if (!wpa_bss_in_use(wpa_s, bss)) { 317 wpa_bss_remove(wpa_s, bss, __func__); 318 return 0; 319 } 320 } 321 322 return -1; 323} 324 325 326static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s, 327 const u8 *ssid, size_t ssid_len, 328 struct wpa_scan_res *res, 329 struct os_time *fetch_time) 330{ 331 struct wpa_bss *bss; 332 333 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len); 334 if (bss == NULL) 335 return NULL; 336 bss->id = wpa_s->bss_next_id++; 337 bss->last_update_idx = wpa_s->bss_update_idx; 338 wpa_bss_copy_res(bss, res, fetch_time); 339 os_memcpy(bss->ssid, ssid, ssid_len); 340 bss->ssid_len = ssid_len; 341 bss->ie_len = res->ie_len; 342 bss->beacon_ie_len = res->beacon_ie_len; 343 os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len); 344 wpa_bss_set_hessid(bss); 345 346 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count && 347 wpa_bss_remove_oldest(wpa_s) != 0) { 348 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d " 349 "because all BSSes are in use. We should normally " 350 "not get here!", (int) wpa_s->num_bss + 1); 351 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1; 352 } 353 354 dl_list_add_tail(&wpa_s->bss, &bss->list); 355 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id); 356 wpa_s->num_bss++; 357 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR 358 " SSID '%s'", 359 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len)); 360 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id); 361 return bss; 362} 363 364 365static int are_ies_equal(const struct wpa_bss *old, 366 const struct wpa_scan_res *new, u32 ie) 367{ 368 const u8 *old_ie, *new_ie; 369 struct wpabuf *old_ie_buff = NULL; 370 struct wpabuf *new_ie_buff = NULL; 371 int new_ie_len, old_ie_len, ret, is_multi; 372 373 switch (ie) { 374 case WPA_IE_VENDOR_TYPE: 375 old_ie = wpa_bss_get_vendor_ie(old, ie); 376 new_ie = wpa_scan_get_vendor_ie(new, ie); 377 is_multi = 0; 378 break; 379 case WPS_IE_VENDOR_TYPE: 380 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie); 381 new_ie_buff = wpa_scan_get_vendor_ie_multi(new, ie); 382 is_multi = 1; 383 break; 384 case WLAN_EID_RSN: 385 case WLAN_EID_SUPP_RATES: 386 case WLAN_EID_EXT_SUPP_RATES: 387 old_ie = wpa_bss_get_ie(old, ie); 388 new_ie = wpa_scan_get_ie(new, ie); 389 is_multi = 0; 390 break; 391 default: 392 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__); 393 return 0; 394 } 395 396 if (is_multi) { 397 /* in case of multiple IEs stored in buffer */ 398 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL; 399 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL; 400 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0; 401 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0; 402 } else { 403 /* in case of single IE */ 404 old_ie_len = old_ie ? old_ie[1] + 2 : 0; 405 new_ie_len = new_ie ? new_ie[1] + 2 : 0; 406 } 407 408 if (!old_ie || !new_ie) 409 ret = !old_ie && !new_ie; 410 else 411 ret = (old_ie_len == new_ie_len && 412 os_memcmp(old_ie, new_ie, old_ie_len) == 0); 413 414 wpabuf_free(old_ie_buff); 415 wpabuf_free(new_ie_buff); 416 417 return ret; 418} 419 420 421static u32 wpa_bss_compare_res(const struct wpa_bss *old, 422 const struct wpa_scan_res *new) 423{ 424 u32 changes = 0; 425 int caps_diff = old->caps ^ new->caps; 426 427 if (old->freq != new->freq) 428 changes |= WPA_BSS_FREQ_CHANGED_FLAG; 429 430 if (old->level != new->level) 431 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG; 432 433 if (caps_diff & IEEE80211_CAP_PRIVACY) 434 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG; 435 436 if (caps_diff & IEEE80211_CAP_IBSS) 437 changes |= WPA_BSS_MODE_CHANGED_FLAG; 438 439 if (old->ie_len == new->ie_len && 440 os_memcmp(old + 1, new + 1, old->ie_len) == 0) 441 return changes; 442 changes |= WPA_BSS_IES_CHANGED_FLAG; 443 444 if (!are_ies_equal(old, new, WPA_IE_VENDOR_TYPE)) 445 changes |= WPA_BSS_WPAIE_CHANGED_FLAG; 446 447 if (!are_ies_equal(old, new, WLAN_EID_RSN)) 448 changes |= WPA_BSS_RSNIE_CHANGED_FLAG; 449 450 if (!are_ies_equal(old, new, WPS_IE_VENDOR_TYPE)) 451 changes |= WPA_BSS_WPS_CHANGED_FLAG; 452 453 if (!are_ies_equal(old, new, WLAN_EID_SUPP_RATES) || 454 !are_ies_equal(old, new, WLAN_EID_EXT_SUPP_RATES)) 455 changes |= WPA_BSS_RATES_CHANGED_FLAG; 456 457 return changes; 458} 459 460 461static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes, 462 const struct wpa_bss *bss) 463{ 464 if (changes & WPA_BSS_FREQ_CHANGED_FLAG) 465 wpas_notify_bss_freq_changed(wpa_s, bss->id); 466 467 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG) 468 wpas_notify_bss_signal_changed(wpa_s, bss->id); 469 470 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG) 471 wpas_notify_bss_privacy_changed(wpa_s, bss->id); 472 473 if (changes & WPA_BSS_MODE_CHANGED_FLAG) 474 wpas_notify_bss_mode_changed(wpa_s, bss->id); 475 476 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG) 477 wpas_notify_bss_wpaie_changed(wpa_s, bss->id); 478 479 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG) 480 wpas_notify_bss_rsnie_changed(wpa_s, bss->id); 481 482 if (changes & WPA_BSS_WPS_CHANGED_FLAG) 483 wpas_notify_bss_wps_changed(wpa_s, bss->id); 484 485 if (changes & WPA_BSS_IES_CHANGED_FLAG) 486 wpas_notify_bss_ies_changed(wpa_s, bss->id); 487 488 if (changes & WPA_BSS_RATES_CHANGED_FLAG) 489 wpas_notify_bss_rates_changed(wpa_s, bss->id); 490} 491 492 493static struct wpa_bss * 494wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 495 struct wpa_scan_res *res, struct os_time *fetch_time) 496{ 497 u32 changes; 498 499 changes = wpa_bss_compare_res(bss, res); 500 bss->scan_miss_count = 0; 501 bss->last_update_idx = wpa_s->bss_update_idx; 502 wpa_bss_copy_res(bss, res, fetch_time); 503 /* Move the entry to the end of the list */ 504 dl_list_del(&bss->list); 505 if (bss->ie_len + bss->beacon_ie_len >= 506 res->ie_len + res->beacon_ie_len) { 507 os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len); 508 bss->ie_len = res->ie_len; 509 bss->beacon_ie_len = res->beacon_ie_len; 510 } else { 511 struct wpa_bss *nbss; 512 struct dl_list *prev = bss->list_id.prev; 513 dl_list_del(&bss->list_id); 514 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + 515 res->beacon_ie_len); 516 if (nbss) { 517 unsigned int i; 518 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 519 if (wpa_s->last_scan_res[i] == bss) { 520 wpa_s->last_scan_res[i] = nbss; 521 break; 522 } 523 } 524 if (wpa_s->current_bss == bss) 525 wpa_s->current_bss = nbss; 526 bss = nbss; 527 os_memcpy(bss + 1, res + 1, 528 res->ie_len + res->beacon_ie_len); 529 bss->ie_len = res->ie_len; 530 bss->beacon_ie_len = res->beacon_ie_len; 531 } 532 dl_list_add(prev, &bss->list_id); 533 } 534 if (changes & WPA_BSS_IES_CHANGED_FLAG) 535 wpa_bss_set_hessid(bss); 536 dl_list_add_tail(&wpa_s->bss, &bss->list); 537 538 notify_bss_changes(wpa_s, changes, bss); 539 540 return bss; 541} 542 543 544/** 545 * wpa_bss_update_start - Start a BSS table update from scan results 546 * @wpa_s: Pointer to wpa_supplicant data 547 * 548 * This function is called at the start of each BSS table update round for new 549 * scan results. The actual scan result entries are indicated with calls to 550 * wpa_bss_update_scan_res() and the update round is finished with a call to 551 * wpa_bss_update_end(). 552 */ 553void wpa_bss_update_start(struct wpa_supplicant *wpa_s) 554{ 555 wpa_s->bss_update_idx++; 556 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u", 557 wpa_s->bss_update_idx); 558 wpa_s->last_scan_res_used = 0; 559} 560 561 562/** 563 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result 564 * @wpa_s: Pointer to wpa_supplicant data 565 * @res: Scan result 566 * @fetch_time: Time when the result was fetched from the driver 567 * 568 * This function updates a BSS table entry (or adds one) based on a scan result. 569 * This is called separately for each scan result between the calls to 570 * wpa_bss_update_start() and wpa_bss_update_end(). 571 */ 572void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, 573 struct wpa_scan_res *res, 574 struct os_time *fetch_time) 575{ 576 const u8 *ssid, *p2p; 577 struct wpa_bss *bss; 578 579 if (wpa_s->conf->ignore_old_scan_res) { 580 struct os_time update; 581 calculate_update_time(fetch_time, res->age, &update); 582 if (os_time_before(&update, &wpa_s->scan_trigger_time)) { 583 struct os_time age; 584 os_time_sub(&wpa_s->scan_trigger_time, &update, &age); 585 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS " 586 "table entry that is %u.%06u seconds older " 587 "than our scan trigger", 588 (unsigned int) age.sec, 589 (unsigned int) age.usec); 590 return; 591 } 592 } 593 594 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID); 595 if (ssid == NULL) { 596 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for " 597 MACSTR, MAC2STR(res->bssid)); 598 return; 599 } 600 if (ssid[1] > 32) { 601 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for " 602 MACSTR, MAC2STR(res->bssid)); 603 return; 604 } 605 606 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE); 607#ifdef CONFIG_P2P 608 if (p2p == NULL && 609 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) { 610 /* 611 * If it's a P2P specific interface, then don't update 612 * the scan result without a P2P IE. 613 */ 614 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR 615 " update for P2P interface", MAC2STR(res->bssid)); 616 return; 617 } 618#endif /* CONFIG_P2P */ 619 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN && 620 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0) 621 return; /* Skip P2P listen discovery results here */ 622 623 /* TODO: add option for ignoring BSSes we are not interested in 624 * (to save memory) */ 625 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); 626 if (bss == NULL) 627 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time); 628 else 629 bss = wpa_bss_update(wpa_s, bss, res, fetch_time); 630 631 if (bss == NULL) 632 return; 633 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) { 634 struct wpa_bss **n; 635 unsigned int siz; 636 if (wpa_s->last_scan_res_size == 0) 637 siz = 32; 638 else 639 siz = wpa_s->last_scan_res_size * 2; 640 n = os_realloc_array(wpa_s->last_scan_res, siz, 641 sizeof(struct wpa_bss *)); 642 if (n == NULL) 643 return; 644 wpa_s->last_scan_res = n; 645 wpa_s->last_scan_res_size = siz; 646 } 647 648 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss; 649} 650 651 652static int wpa_bss_included_in_scan(const struct wpa_bss *bss, 653 const struct scan_info *info) 654{ 655 int found; 656 size_t i; 657 658 if (info == NULL) 659 return 1; 660 661 if (info->num_freqs) { 662 found = 0; 663 for (i = 0; i < info->num_freqs; i++) { 664 if (bss->freq == info->freqs[i]) { 665 found = 1; 666 break; 667 } 668 } 669 if (!found) 670 return 0; 671 } 672 673 if (info->num_ssids) { 674 found = 0; 675 for (i = 0; i < info->num_ssids; i++) { 676 const struct wpa_driver_scan_ssid *s = &info->ssids[i]; 677 if ((s->ssid == NULL || s->ssid_len == 0) || 678 (s->ssid_len == bss->ssid_len && 679 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) == 680 0)) { 681 found = 1; 682 break; 683 } 684 } 685 if (!found) 686 return 0; 687 } 688 689 return 1; 690} 691 692 693/** 694 * wpa_bss_update_end - End a BSS table update from scan results 695 * @wpa_s: Pointer to wpa_supplicant data 696 * @info: Information about scan parameters 697 * @new_scan: Whether this update round was based on a new scan 698 * 699 * This function is called at the end of each BSS table update round for new 700 * scan results. The start of the update was indicated with a call to 701 * wpa_bss_update_start(). 702 */ 703void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info, 704 int new_scan) 705{ 706 struct wpa_bss *bss, *n; 707 708 wpa_s->last_scan_full = 0; 709 os_get_time(&wpa_s->last_scan); 710 if (!new_scan) 711 return; /* do not expire entries without new scan */ 712 713 if (info && !info->aborted && !info->freqs) { 714 size_t i; 715 if (info->num_ssids == 0) { 716 wpa_s->last_scan_full = 1; 717 } else { 718 for (i = 0; i < info->num_ssids; i++) { 719 if (info->ssids[i].ssid == NULL || 720 info->ssids[i].ssid_len == 0) { 721 wpa_s->last_scan_full = 1; 722 break; 723 } 724 } 725 } 726 } 727 728 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 729 if (wpa_bss_in_use(wpa_s, bss)) 730 continue; 731 if (!wpa_bss_included_in_scan(bss, info)) 732 continue; /* expire only BSSes that were scanned */ 733 if (bss->last_update_idx < wpa_s->bss_update_idx) 734 bss->scan_miss_count++; 735 if (bss->scan_miss_count >= 736 wpa_s->conf->bss_expiration_scan_count) { 737 wpa_bss_remove(wpa_s, bss, "no match in scan"); 738 } 739 } 740 741 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%u/%u " 742 "last_scan_full=%d", 743 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size, 744 wpa_s->last_scan_full); 745} 746 747 748/** 749 * wpa_bss_flush_by_age - Flush old BSS entries 750 * @wpa_s: Pointer to wpa_supplicant data 751 * @age: Maximum entry age in seconds 752 * 753 * Remove BSS entries that have not been updated during the last @age seconds. 754 */ 755void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age) 756{ 757 struct wpa_bss *bss, *n; 758 struct os_time t; 759 760 if (dl_list_empty(&wpa_s->bss)) 761 return; 762 763 os_get_time(&t); 764 t.sec -= age; 765 766 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 767 if (wpa_bss_in_use(wpa_s, bss)) 768 continue; 769 770 if (os_time_before(&bss->last_update, &t)) { 771 wpa_bss_remove(wpa_s, bss, __func__); 772 } else 773 break; 774 } 775} 776 777 778static void wpa_bss_timeout(void *eloop_ctx, void *timeout_ctx) 779{ 780 struct wpa_supplicant *wpa_s = eloop_ctx; 781 782 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age); 783 eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0, 784 wpa_bss_timeout, wpa_s, NULL); 785} 786 787 788/** 789 * wpa_bss_init - Initialize BSS table 790 * @wpa_s: Pointer to wpa_supplicant data 791 * Returns: 0 on success, -1 on failure 792 * 793 * This prepares BSS table lists and timer for periodic updates. The BSS table 794 * is deinitialized with wpa_bss_deinit() once not needed anymore. 795 */ 796int wpa_bss_init(struct wpa_supplicant *wpa_s) 797{ 798 dl_list_init(&wpa_s->bss); 799 dl_list_init(&wpa_s->bss_id); 800 eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0, 801 wpa_bss_timeout, wpa_s, NULL); 802 return 0; 803} 804 805 806/** 807 * wpa_bss_flush - Flush all unused BSS entries 808 * @wpa_s: Pointer to wpa_supplicant data 809 */ 810void wpa_bss_flush(struct wpa_supplicant *wpa_s) 811{ 812 struct wpa_bss *bss, *n; 813 814 if (wpa_s->bss.next == NULL) 815 return; /* BSS table not yet initialized */ 816 817 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 818 if (wpa_bss_in_use(wpa_s, bss)) 819 continue; 820 wpa_bss_remove(wpa_s, bss, __func__); 821 } 822} 823 824 825/** 826 * wpa_bss_deinit - Deinitialize BSS table 827 * @wpa_s: Pointer to wpa_supplicant data 828 */ 829void wpa_bss_deinit(struct wpa_supplicant *wpa_s) 830{ 831 eloop_cancel_timeout(wpa_bss_timeout, wpa_s, NULL); 832 wpa_bss_flush(wpa_s); 833} 834 835 836/** 837 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID 838 * @wpa_s: Pointer to wpa_supplicant data 839 * @bssid: BSSID 840 * Returns: Pointer to the BSS entry or %NULL if not found 841 */ 842struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s, 843 const u8 *bssid) 844{ 845 struct wpa_bss *bss; 846 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 847 return NULL; 848 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 849 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0) 850 return bss; 851 } 852 return NULL; 853} 854 855 856/** 857 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID 858 * @wpa_s: Pointer to wpa_supplicant data 859 * @bssid: BSSID 860 * Returns: Pointer to the BSS entry or %NULL if not found 861 * 862 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to 863 * find the entry that has the most recent update. This can help in finding the 864 * correct entry in cases where the SSID of the AP may have changed recently 865 * (e.g., in WPS reconfiguration cases). 866 */ 867struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s, 868 const u8 *bssid) 869{ 870 struct wpa_bss *bss, *found = NULL; 871 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 872 return NULL; 873 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 874 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0) 875 continue; 876 if (found == NULL || 877 os_time_before(&found->last_update, &bss->last_update)) 878 found = bss; 879 } 880 return found; 881} 882 883 884#ifdef CONFIG_P2P 885/** 886 * wpa_bss_get_p2p_dev_addr - Fetch a BSS table entry based on P2P Device Addr 887 * @wpa_s: Pointer to wpa_supplicant data 888 * @dev_addr: P2P Device Address of the GO 889 * Returns: Pointer to the BSS entry or %NULL if not found 890 */ 891struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s, 892 const u8 *dev_addr) 893{ 894 struct wpa_bss *bss; 895 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 896 u8 addr[ETH_ALEN]; 897 if (p2p_parse_dev_addr((const u8 *) (bss + 1), bss->ie_len, 898 addr) == 0 && 899 os_memcmp(addr, dev_addr, ETH_ALEN) == 0) 900 return bss; 901 } 902 return NULL; 903} 904#endif /* CONFIG_P2P */ 905 906 907/** 908 * wpa_bss_get_id - Fetch a BSS table entry based on identifier 909 * @wpa_s: Pointer to wpa_supplicant data 910 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry 911 * Returns: Pointer to the BSS entry or %NULL if not found 912 */ 913struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id) 914{ 915 struct wpa_bss *bss; 916 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 917 if (bss->id == id) 918 return bss; 919 } 920 return NULL; 921} 922 923 924/** 925 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range 926 * @wpa_s: Pointer to wpa_supplicant data 927 * @idf: Smallest allowed identifier assigned for the entry 928 * @idf: Largest allowed identifier assigned for the entry 929 * Returns: Pointer to the BSS entry or %NULL if not found 930 * 931 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the 932 * smallest id value to be fetched within the specified range without the 933 * caller having to know the exact id. 934 */ 935struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s, 936 unsigned int idf, unsigned int idl) 937{ 938 struct wpa_bss *bss; 939 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) { 940 if (bss->id >= idf && bss->id <= idl) 941 return bss; 942 } 943 return NULL; 944} 945 946 947/** 948 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry 949 * @bss: BSS table entry 950 * @ie: Information element identitifier (WLAN_EID_*) 951 * Returns: Pointer to the information element (id field) or %NULL if not found 952 * 953 * This function returns the first matching information element in the BSS 954 * entry. 955 */ 956const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie) 957{ 958 const u8 *end, *pos; 959 960 pos = (const u8 *) (bss + 1); 961 end = pos + bss->ie_len; 962 963 while (pos + 1 < end) { 964 if (pos + 2 + pos[1] > end) 965 break; 966 if (pos[0] == ie) 967 return pos; 968 pos += 2 + pos[1]; 969 } 970 971 return NULL; 972} 973 974 975/** 976 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry 977 * @bss: BSS table entry 978 * @vendor_type: Vendor type (four octets starting the IE payload) 979 * Returns: Pointer to the information element (id field) or %NULL if not found 980 * 981 * This function returns the first matching information element in the BSS 982 * entry. 983 */ 984const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type) 985{ 986 const u8 *end, *pos; 987 988 pos = (const u8 *) (bss + 1); 989 end = pos + bss->ie_len; 990 991 while (pos + 1 < end) { 992 if (pos + 2 + pos[1] > end) 993 break; 994 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 995 vendor_type == WPA_GET_BE32(&pos[2])) 996 return pos; 997 pos += 2 + pos[1]; 998 } 999 1000 return NULL; 1001} 1002 1003 1004/** 1005 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry 1006 * @bss: BSS table entry 1007 * @vendor_type: Vendor type (four octets starting the IE payload) 1008 * Returns: Pointer to the information element payload or %NULL if not found 1009 * 1010 * This function returns concatenated payload of possibly fragmented vendor 1011 * specific information elements in the BSS entry. The caller is responsible for 1012 * freeing the returned buffer. 1013 */ 1014struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss, 1015 u32 vendor_type) 1016{ 1017 struct wpabuf *buf; 1018 const u8 *end, *pos; 1019 1020 buf = wpabuf_alloc(bss->ie_len); 1021 if (buf == NULL) 1022 return NULL; 1023 1024 pos = (const u8 *) (bss + 1); 1025 end = pos + bss->ie_len; 1026 1027 while (pos + 1 < end) { 1028 if (pos + 2 + pos[1] > end) 1029 break; 1030 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1031 vendor_type == WPA_GET_BE32(&pos[2])) 1032 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1033 pos += 2 + pos[1]; 1034 } 1035 1036 if (wpabuf_len(buf) == 0) { 1037 wpabuf_free(buf); 1038 buf = NULL; 1039 } 1040 1041 return buf; 1042} 1043 1044 1045/** 1046 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry 1047 * @bss: BSS table entry 1048 * @vendor_type: Vendor type (four octets starting the IE payload) 1049 * Returns: Pointer to the information element payload or %NULL if not found 1050 * 1051 * This function returns concatenated payload of possibly fragmented vendor 1052 * specific information elements in the BSS entry. The caller is responsible for 1053 * freeing the returned buffer. 1054 * 1055 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only 1056 * from Beacon frames instead of either Beacon or Probe Response frames. 1057 */ 1058struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss, 1059 u32 vendor_type) 1060{ 1061 struct wpabuf *buf; 1062 const u8 *end, *pos; 1063 1064 buf = wpabuf_alloc(bss->beacon_ie_len); 1065 if (buf == NULL) 1066 return NULL; 1067 1068 pos = (const u8 *) (bss + 1); 1069 pos += bss->ie_len; 1070 end = pos + bss->beacon_ie_len; 1071 1072 while (pos + 1 < end) { 1073 if (pos + 2 + pos[1] > end) 1074 break; 1075 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1076 vendor_type == WPA_GET_BE32(&pos[2])) 1077 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1078 pos += 2 + pos[1]; 1079 } 1080 1081 if (wpabuf_len(buf) == 0) { 1082 wpabuf_free(buf); 1083 buf = NULL; 1084 } 1085 1086 return buf; 1087} 1088 1089 1090/** 1091 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS 1092 * @bss: BSS table entry 1093 * Returns: Maximum legacy rate in units of 500 kbps 1094 */ 1095int wpa_bss_get_max_rate(const struct wpa_bss *bss) 1096{ 1097 int rate = 0; 1098 const u8 *ie; 1099 int i; 1100 1101 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1102 for (i = 0; ie && i < ie[1]; i++) { 1103 if ((ie[i + 2] & 0x7f) > rate) 1104 rate = ie[i + 2] & 0x7f; 1105 } 1106 1107 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1108 for (i = 0; ie && i < ie[1]; i++) { 1109 if ((ie[i + 2] & 0x7f) > rate) 1110 rate = ie[i + 2] & 0x7f; 1111 } 1112 1113 return rate; 1114} 1115 1116 1117/** 1118 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS 1119 * @bss: BSS table entry 1120 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps) 1121 * Returns: number of legacy TX rates or -1 on failure 1122 * 1123 * The caller is responsible for freeing the returned buffer with os_free() in 1124 * case of success. 1125 */ 1126int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates) 1127{ 1128 const u8 *ie, *ie2; 1129 int i, j; 1130 unsigned int len; 1131 u8 *r; 1132 1133 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1134 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1135 1136 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0); 1137 1138 r = os_malloc(len); 1139 if (!r) 1140 return -1; 1141 1142 for (i = 0; ie && i < ie[1]; i++) 1143 r[i] = ie[i + 2] & 0x7f; 1144 1145 for (j = 0; ie2 && j < ie2[1]; j++) 1146 r[i + j] = ie2[j + 2] & 0x7f; 1147 1148 *rates = r; 1149 return len; 1150} 1151