1/* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "utils/eloop.h" 13#include "common/ieee802_11_defs.h" 14#include "common/wpa_ctrl.h" 15#include "config.h" 16#include "wpa_supplicant_i.h" 17#include "driver_i.h" 18#include "wps_supplicant.h" 19#include "p2p_supplicant.h" 20#include "p2p/p2p.h" 21#include "hs20_supplicant.h" 22#include "notify.h" 23#include "bss.h" 24#include "scan.h" 25#include "mesh.h" 26 27 28static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29{ 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 if (wpa_s->current_ssid != NULL) 40 wpas_notify_network_changed(wpa_s); 41 } 42 wpa_supplicant_initiate_eapol(wpa_s); 43 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 44 "network - generating associated event"); 45 os_memset(&data, 0, sizeof(data)); 46 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 47} 48 49 50#ifdef CONFIG_WPS 51static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 52 enum wps_request_type *req_type) 53{ 54 struct wpa_ssid *ssid; 55 int wps = 0; 56 57 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 58 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 59 continue; 60 61 wps = 1; 62 *req_type = wpas_wps_get_req_type(ssid); 63 if (!ssid->eap.phase1) 64 continue; 65 66 if (os_strstr(ssid->eap.phase1, "pbc=1")) 67 return 2; 68 } 69 70#ifdef CONFIG_P2P 71 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 72 !wpa_s->conf->p2p_disabled) { 73 wpa_s->wps->dev.p2p = 1; 74 if (!wps) { 75 wps = 1; 76 *req_type = WPS_REQ_ENROLLEE_INFO; 77 } 78 } 79#endif /* CONFIG_P2P */ 80 81 return wps; 82} 83#endif /* CONFIG_WPS */ 84 85 86/** 87 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 88 * @wpa_s: Pointer to wpa_supplicant data 89 * Returns: 0 if no networks are enabled, >0 if networks are enabled 90 * 91 * This function is used to figure out whether any networks (or Interworking 92 * with enabled credentials and auto_interworking) are present in the current 93 * configuration. 94 */ 95int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 96{ 97 struct wpa_ssid *ssid = wpa_s->conf->ssid; 98 int count = 0, disabled = 0; 99 100 if (wpa_s->p2p_mgmt) 101 return 0; /* no normal network profiles on p2p_mgmt interface */ 102 103 while (ssid) { 104 if (!wpas_network_disabled(wpa_s, ssid)) 105 count++; 106 else 107 disabled++; 108 ssid = ssid->next; 109 } 110 if (wpa_s->conf->cred && wpa_s->conf->interworking && 111 wpa_s->conf->auto_interworking) 112 count++; 113 if (count == 0 && disabled > 0) { 114 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 115 "networks)", disabled); 116 } 117 return count; 118} 119 120 121static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 122 struct wpa_ssid *ssid) 123{ 124 while (ssid) { 125 if (!wpas_network_disabled(wpa_s, ssid)) 126 break; 127 ssid = ssid->next; 128 } 129 130 /* ap_scan=2 mode - try to associate with each SSID. */ 131 if (ssid == NULL) { 132 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 133 "end of scan list - go back to beginning"); 134 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 135 wpa_supplicant_req_scan(wpa_s, 0, 0); 136 return; 137 } 138 if (ssid->next) { 139 /* Continue from the next SSID on the next attempt. */ 140 wpa_s->prev_scan_ssid = ssid; 141 } else { 142 /* Start from the beginning of the SSID list. */ 143 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 144 } 145 wpa_supplicant_associate(wpa_s, NULL, ssid); 146} 147 148 149static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 150{ 151 struct wpa_supplicant *wpa_s = work->wpa_s; 152 struct wpa_driver_scan_params *params = work->ctx; 153 int ret; 154 155 if (deinit) { 156 if (!work->started) { 157 wpa_scan_free_params(params); 158 return; 159 } 160 wpa_supplicant_notify_scanning(wpa_s, 0); 161 wpas_notify_scan_done(wpa_s, 0); 162 wpa_s->scan_work = NULL; 163 return; 164 } 165 166 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 167 wpa_msg(wpa_s, MSG_INFO, 168 "Failed to assign random MAC address for a scan"); 169 radio_work_done(work); 170 return; 171 } 172 173 wpa_supplicant_notify_scanning(wpa_s, 1); 174 175 if (wpa_s->clear_driver_scan_cache) { 176 wpa_printf(MSG_DEBUG, 177 "Request driver to clear scan cache due to local BSS flush"); 178 params->only_new_results = 1; 179 } 180 ret = wpa_drv_scan(wpa_s, params); 181 wpa_scan_free_params(params); 182 work->ctx = NULL; 183 if (ret) { 184 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 185 186 if (wpa_s->disconnected) 187 retry = 0; 188 189 wpa_supplicant_notify_scanning(wpa_s, 0); 190 wpas_notify_scan_done(wpa_s, 0); 191 if (wpa_s->wpa_state == WPA_SCANNING) 192 wpa_supplicant_set_state(wpa_s, 193 wpa_s->scan_prev_wpa_state); 194 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 195 ret, retry ? " retry=1" : ""); 196 radio_work_done(work); 197 198 if (retry) { 199 /* Restore scan_req since we will try to scan again */ 200 wpa_s->scan_req = wpa_s->last_scan_req; 201 wpa_supplicant_req_scan(wpa_s, 1, 0); 202 } 203 return; 204 } 205 206 os_get_reltime(&wpa_s->scan_trigger_time); 207 wpa_s->scan_runs++; 208 wpa_s->normal_scans++; 209 wpa_s->own_scan_requested = 1; 210 wpa_s->clear_driver_scan_cache = 0; 211 wpa_s->scan_work = work; 212} 213 214 215/** 216 * wpa_supplicant_trigger_scan - Request driver to start a scan 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @params: Scan parameters 219 * Returns: 0 on success, -1 on failure 220 */ 221int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 222 struct wpa_driver_scan_params *params) 223{ 224 struct wpa_driver_scan_params *ctx; 225 226 if (wpa_s->scan_work) { 227 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 228 return -1; 229 } 230 231 ctx = wpa_scan_clone_params(params); 232 if (ctx == NULL) 233 return -1; 234 235 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 236 { 237 wpa_scan_free_params(ctx); 238 return -1; 239 } 240 241 return 0; 242} 243 244 245static void 246wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 247{ 248 struct wpa_supplicant *wpa_s = eloop_ctx; 249 250 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 251 252 if (wpa_supplicant_req_sched_scan(wpa_s)) 253 wpa_supplicant_req_scan(wpa_s, 0, 0); 254} 255 256 257static void 258wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 259{ 260 struct wpa_supplicant *wpa_s = eloop_ctx; 261 262 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 263 264 wpa_s->sched_scan_timed_out = 1; 265 wpa_supplicant_cancel_sched_scan(wpa_s); 266} 267 268 269int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 270 struct wpa_driver_scan_params *params) 271{ 272 int ret; 273 274 wpa_supplicant_notify_scanning(wpa_s, 1); 275 ret = wpa_drv_sched_scan(wpa_s, params); 276 if (ret) 277 wpa_supplicant_notify_scanning(wpa_s, 0); 278 else 279 wpa_s->sched_scanning = 1; 280 281 return ret; 282} 283 284 285int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 286{ 287 int ret; 288 289 ret = wpa_drv_stop_sched_scan(wpa_s); 290 if (ret) { 291 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 292 /* TODO: what to do if stopping fails? */ 293 return -1; 294 } 295 296 return ret; 297} 298 299 300static struct wpa_driver_scan_filter * 301wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 302{ 303 struct wpa_driver_scan_filter *ssids; 304 struct wpa_ssid *ssid; 305 size_t count; 306 307 *num_ssids = 0; 308 if (!conf->filter_ssids) 309 return NULL; 310 311 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 312 if (ssid->ssid && ssid->ssid_len) 313 count++; 314 } 315 if (count == 0) 316 return NULL; 317 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 318 if (ssids == NULL) 319 return NULL; 320 321 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 322 if (!ssid->ssid || !ssid->ssid_len) 323 continue; 324 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 325 ssids[*num_ssids].ssid_len = ssid->ssid_len; 326 (*num_ssids)++; 327 } 328 329 return ssids; 330} 331 332 333static void wpa_supplicant_optimize_freqs( 334 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 335{ 336#ifdef CONFIG_P2P 337 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 338 wpa_s->go_params) { 339 /* Optimize provisioning state scan based on GO information */ 340 if (wpa_s->p2p_in_provisioning < 5 && 341 wpa_s->go_params->freq > 0) { 342 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 343 "preferred frequency %d MHz", 344 wpa_s->go_params->freq); 345 params->freqs = os_calloc(2, sizeof(int)); 346 if (params->freqs) 347 params->freqs[0] = wpa_s->go_params->freq; 348 } else if (wpa_s->p2p_in_provisioning < 8 && 349 wpa_s->go_params->freq_list[0]) { 350 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 351 "channels"); 352 int_array_concat(¶ms->freqs, 353 wpa_s->go_params->freq_list); 354 if (params->freqs) 355 int_array_sort_unique(params->freqs); 356 } 357 wpa_s->p2p_in_provisioning++; 358 } 359 360 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 361 /* 362 * Optimize scan based on GO information during persistent 363 * group reinvocation 364 */ 365 if (wpa_s->p2p_in_invitation < 5 && 366 wpa_s->p2p_invite_go_freq > 0) { 367 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 368 wpa_s->p2p_invite_go_freq); 369 params->freqs = os_calloc(2, sizeof(int)); 370 if (params->freqs) 371 params->freqs[0] = wpa_s->p2p_invite_go_freq; 372 } 373 wpa_s->p2p_in_invitation++; 374 if (wpa_s->p2p_in_invitation > 20) { 375 /* 376 * This should not really happen since the variable is 377 * cleared on group removal, but if it does happen, make 378 * sure we do not get stuck in special invitation scan 379 * mode. 380 */ 381 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 382 wpa_s->p2p_in_invitation = 0; 383 } 384 } 385#endif /* CONFIG_P2P */ 386 387#ifdef CONFIG_WPS 388 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 389 /* 390 * Optimize post-provisioning scan based on channel used 391 * during provisioning. 392 */ 393 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 394 "that was used during provisioning", wpa_s->wps_freq); 395 params->freqs = os_calloc(2, sizeof(int)); 396 if (params->freqs) 397 params->freqs[0] = wpa_s->wps_freq; 398 wpa_s->after_wps--; 399 } else if (wpa_s->after_wps) 400 wpa_s->after_wps--; 401 402 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 403 { 404 /* Optimize provisioning scan based on already known channel */ 405 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 406 wpa_s->wps_freq); 407 params->freqs = os_calloc(2, sizeof(int)); 408 if (params->freqs) 409 params->freqs[0] = wpa_s->wps_freq; 410 wpa_s->known_wps_freq = 0; /* only do this once */ 411 } 412#endif /* CONFIG_WPS */ 413} 414 415 416#ifdef CONFIG_INTERWORKING 417static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 418 struct wpabuf *buf) 419{ 420 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 421 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 422 1 + ETH_ALEN); 423 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 424 /* No Venue Info */ 425 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 426 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 427} 428#endif /* CONFIG_INTERWORKING */ 429 430 431static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 432{ 433 struct wpabuf *extra_ie = NULL; 434 u8 ext_capab[18]; 435 int ext_capab_len; 436#ifdef CONFIG_WPS 437 int wps = 0; 438 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 439#endif /* CONFIG_WPS */ 440 441 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 442 sizeof(ext_capab)); 443 if (ext_capab_len > 0 && 444 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 445 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 446 447#ifdef CONFIG_INTERWORKING 448 if (wpa_s->conf->interworking && 449 wpabuf_resize(&extra_ie, 100) == 0) 450 wpas_add_interworking_elements(wpa_s, extra_ie); 451#endif /* CONFIG_INTERWORKING */ 452 453#ifdef CONFIG_WPS 454 wps = wpas_wps_in_use(wpa_s, &req_type); 455 456 if (wps) { 457 struct wpabuf *wps_ie; 458 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 459 DEV_PW_DEFAULT, 460 &wpa_s->wps->dev, 461 wpa_s->wps->uuid, req_type, 462 0, NULL); 463 if (wps_ie) { 464 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 465 wpabuf_put_buf(extra_ie, wps_ie); 466 wpabuf_free(wps_ie); 467 } 468 } 469 470#ifdef CONFIG_P2P 471 if (wps) { 472 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 473 if (wpabuf_resize(&extra_ie, ielen) == 0) 474 wpas_p2p_scan_ie(wpa_s, extra_ie); 475 } 476#endif /* CONFIG_P2P */ 477 478 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 479 480#endif /* CONFIG_WPS */ 481 482#ifdef CONFIG_HS20 483 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 484 wpas_hs20_add_indication(extra_ie, -1); 485#endif /* CONFIG_HS20 */ 486 487#ifdef CONFIG_FST 488 if (wpa_s->fst_ies && 489 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 490 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 491#endif /* CONFIG_FST */ 492 493#ifdef CONFIG_MBO 494 /* Send cellular capabilities for potential MBO STAs */ 495 if (wpabuf_resize(&extra_ie, 9) == 0) 496 wpas_mbo_scan_ie(wpa_s, extra_ie); 497#endif /* CONFIG_MBO */ 498 499 return extra_ie; 500} 501 502 503#ifdef CONFIG_P2P 504 505/* 506 * Check whether there are any enabled networks or credentials that could be 507 * used for a non-P2P connection. 508 */ 509static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 510{ 511 struct wpa_ssid *ssid; 512 513 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 514 if (wpas_network_disabled(wpa_s, ssid)) 515 continue; 516 if (!ssid->p2p_group) 517 return 1; 518 } 519 520 if (wpa_s->conf->cred && wpa_s->conf->interworking && 521 wpa_s->conf->auto_interworking) 522 return 1; 523 524 return 0; 525} 526 527#endif /* CONFIG_P2P */ 528 529 530static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 531 enum hostapd_hw_mode band, 532 struct wpa_driver_scan_params *params) 533{ 534 /* Include only supported channels for the specified band */ 535 struct hostapd_hw_modes *mode; 536 int count, i; 537 538 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 539 if (mode == NULL) { 540 /* No channels supported in this band - use empty list */ 541 params->freqs = os_zalloc(sizeof(int)); 542 return; 543 } 544 545 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 546 if (params->freqs == NULL) 547 return; 548 for (count = 0, i = 0; i < mode->num_channels; i++) { 549 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 550 continue; 551 params->freqs[count++] = mode->channels[i].freq; 552 } 553} 554 555 556static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 557 struct wpa_driver_scan_params *params) 558{ 559 if (wpa_s->hw.modes == NULL) 560 return; /* unknown what channels the driver supports */ 561 if (params->freqs) 562 return; /* already using a limited channel set */ 563 if (wpa_s->setband == WPA_SETBAND_5G) 564 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 565 params); 566 else if (wpa_s->setband == WPA_SETBAND_2G) 567 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 568 params); 569} 570 571 572static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 573 struct wpa_driver_scan_params *params, 574 size_t max_ssids) 575{ 576 unsigned int i; 577 struct wpa_ssid *ssid; 578 /* 579 * For devices with |max_ssids| greater than 1, leave the last slot empty 580 * for adding the wildcard scan entry. 581 */ 582 max_ssids = (max_ssids == 1) ? max_ssids : max_ssids - 1; 583 584 for (i = 0; i < wpa_s->scan_id_count; i++) { 585 unsigned int j; 586 587 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 588 if (!ssid || !ssid->scan_ssid) 589 continue; 590 591 for (j = 0; j < params->num_ssids; j++) { 592 if (params->ssids[j].ssid_len == ssid->ssid_len && 593 params->ssids[j].ssid && 594 os_memcmp(params->ssids[j].ssid, ssid->ssid, 595 ssid->ssid_len) == 0) 596 break; 597 } 598 if (j < params->num_ssids) 599 continue; /* already in the list */ 600 601 if (params->num_ssids + 1 > max_ssids) { 602 wpa_printf(MSG_DEBUG, 603 "Over max scan SSIDs for manual request"); 604 break; 605 } 606 607 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 608 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 609 params->ssids[params->num_ssids].ssid = ssid->ssid; 610 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 611 params->num_ssids++; 612 } 613 614 wpa_s->scan_id_count = 0; 615} 616 617 618static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 619 struct wpa_driver_scan_params *params, 620 size_t max_ssids) 621{ 622 unsigned int i; 623 624 if (wpa_s->ssids_from_scan_req == NULL || 625 wpa_s->num_ssids_from_scan_req == 0) 626 return 0; 627 628 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 629 wpa_s->num_ssids_from_scan_req = max_ssids; 630 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 631 (unsigned int) max_ssids); 632 } 633 634 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 635 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 636 params->ssids[i].ssid_len = 637 wpa_s->ssids_from_scan_req[i].ssid_len; 638 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 639 params->ssids[i].ssid, 640 params->ssids[i].ssid_len); 641 } 642 643 params->num_ssids = wpa_s->num_ssids_from_scan_req; 644 wpa_s->num_ssids_from_scan_req = 0; 645 return 1; 646} 647 648 649static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 650{ 651 struct wpa_supplicant *wpa_s = eloop_ctx; 652 struct wpa_ssid *ssid; 653 int ret, p2p_in_prog; 654 struct wpabuf *extra_ie = NULL; 655 struct wpa_driver_scan_params params; 656 struct wpa_driver_scan_params *scan_params; 657 size_t max_ssids; 658 int connect_without_scan = 0; 659 660 if (wpa_s->pno || wpa_s->pno_sched_pending) { 661 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 662 return; 663 } 664 665 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 666 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 667 return; 668 } 669 670 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 671 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 672 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 673 return; 674 } 675 676 if (wpa_s->scanning) { 677 /* 678 * If we are already in scanning state, we shall reschedule the 679 * the incoming scan request. 680 */ 681 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 682 wpa_supplicant_req_scan(wpa_s, 1, 0); 683 return; 684 } 685 686 if (!wpa_supplicant_enabled_networks(wpa_s) && 687 wpa_s->scan_req == NORMAL_SCAN_REQ) { 688 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 689 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 690 return; 691 } 692 693 if (wpa_s->conf->ap_scan != 0 && 694 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 695 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 696 "overriding ap_scan configuration"); 697 wpa_s->conf->ap_scan = 0; 698 wpas_notify_ap_scan_changed(wpa_s); 699 } 700 701 if (wpa_s->conf->ap_scan == 0) { 702 wpa_supplicant_gen_assoc_event(wpa_s); 703 return; 704 } 705 706 ssid = NULL; 707 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 708 wpa_s->connect_without_scan) { 709 connect_without_scan = 1; 710 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 711 if (ssid == wpa_s->connect_without_scan) 712 break; 713 } 714 } 715 716 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 717 if (p2p_in_prog && p2p_in_prog != 2 && 718 (!ssid || 719 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 720 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 721 wpa_supplicant_req_scan(wpa_s, 5, 0); 722 return; 723 } 724 725 if (wpa_s->conf->ap_scan == 2) 726 max_ssids = 1; 727 else { 728 max_ssids = wpa_s->max_scan_ssids; 729 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 730 max_ssids = WPAS_MAX_SCAN_SSIDS; 731 } 732 733 wpa_s->last_scan_req = wpa_s->scan_req; 734 wpa_s->scan_req = NORMAL_SCAN_REQ; 735 736 if (connect_without_scan) { 737 wpa_s->connect_without_scan = NULL; 738 if (ssid) { 739 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 740 "without scan step"); 741 wpa_supplicant_associate(wpa_s, NULL, ssid); 742 return; 743 } 744 } 745 746 os_memset(¶ms, 0, sizeof(params)); 747 748 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 749 if (wpa_s->wpa_state == WPA_DISCONNECTED || 750 wpa_s->wpa_state == WPA_INACTIVE) 751 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 752 753 /* 754 * If autoscan has set its own scanning parameters 755 */ 756 if (wpa_s->autoscan_params != NULL) { 757 scan_params = wpa_s->autoscan_params; 758 goto scan; 759 } 760 761 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 762 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 763 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 764 goto ssid_list_set; 765 } 766 767#ifdef CONFIG_P2P 768 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 769 wpa_s->go_params && !wpa_s->conf->passive_scan) { 770 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 771 wpa_s->p2p_in_provisioning, 772 wpa_s->show_group_started); 773 params.ssids[0].ssid = wpa_s->go_params->ssid; 774 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 775 params.num_ssids = 1; 776 goto ssid_list_set; 777 } 778 779 if (wpa_s->p2p_in_invitation) { 780 if (wpa_s->current_ssid) { 781 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 782 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 783 params.ssids[0].ssid_len = 784 wpa_s->current_ssid->ssid_len; 785 params.num_ssids = 1; 786 } else { 787 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 788 } 789 goto ssid_list_set; 790 } 791#endif /* CONFIG_P2P */ 792 793 /* Find the starting point from which to continue scanning */ 794 ssid = wpa_s->conf->ssid; 795 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 796 while (ssid) { 797 if (ssid == wpa_s->prev_scan_ssid) { 798 ssid = ssid->next; 799 break; 800 } 801 ssid = ssid->next; 802 } 803 } 804 805 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 806#ifdef CONFIG_AP 807 !wpa_s->ap_iface && 808#endif /* CONFIG_AP */ 809 wpa_s->conf->ap_scan == 2) { 810 wpa_s->connect_without_scan = NULL; 811 wpa_s->prev_scan_wildcard = 0; 812 wpa_supplicant_assoc_try(wpa_s, ssid); 813 return; 814 } else if (wpa_s->conf->ap_scan == 2) { 815 /* 816 * User-initiated scan request in ap_scan == 2; scan with 817 * wildcard SSID. 818 */ 819 ssid = NULL; 820 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 821 /* 822 * Perform single-channel single-SSID scan for 823 * reassociate-to-same-BSS operation. 824 */ 825 /* Setup SSID */ 826 ssid = wpa_s->current_ssid; 827 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 828 ssid->ssid, ssid->ssid_len); 829 params.ssids[0].ssid = ssid->ssid; 830 params.ssids[0].ssid_len = ssid->ssid_len; 831 params.num_ssids = 1; 832 833 /* 834 * Allocate memory for frequency array, allocate one extra 835 * slot for the zero-terminator. 836 */ 837 params.freqs = os_malloc(sizeof(int) * 2); 838 if (params.freqs == NULL) { 839 wpa_dbg(wpa_s, MSG_ERROR, "Memory allocation failed"); 840 return; 841 } 842 params.freqs[0] = wpa_s->assoc_freq; 843 params.freqs[1] = 0; 844 845 /* 846 * Reset the reattach flag so that we fall back to full scan if 847 * this scan fails. 848 */ 849 wpa_s->reattach = 0; 850 } else { 851 struct wpa_ssid *start = ssid, *tssid; 852 int freqs_set = 0; 853 if (ssid == NULL && max_ssids > 1) 854 ssid = wpa_s->conf->ssid; 855 while (ssid) { 856 if (!wpas_network_disabled(wpa_s, ssid) && 857 ssid->scan_ssid) { 858 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 859 ssid->ssid, ssid->ssid_len); 860 params.ssids[params.num_ssids].ssid = 861 ssid->ssid; 862 params.ssids[params.num_ssids].ssid_len = 863 ssid->ssid_len; 864 params.num_ssids++; 865 if (params.num_ssids + 1 >= max_ssids) 866 break; 867 } 868 ssid = ssid->next; 869 if (ssid == start) 870 break; 871 if (ssid == NULL && max_ssids > 1 && 872 start != wpa_s->conf->ssid) 873 ssid = wpa_s->conf->ssid; 874 } 875 876 if (wpa_s->scan_id_count && 877 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 878 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 879 880 for (tssid = wpa_s->conf->ssid; 881 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 882 tssid = tssid->next) { 883 if (wpas_network_disabled(wpa_s, tssid)) 884 continue; 885 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 886 int_array_concat(¶ms.freqs, 887 tssid->scan_freq); 888 } else { 889 os_free(params.freqs); 890 params.freqs = NULL; 891 } 892 freqs_set = 1; 893 } 894 int_array_sort_unique(params.freqs); 895 } 896 897 if (ssid && max_ssids == 1) { 898 /* 899 * If the driver is limited to 1 SSID at a time interleave 900 * wildcard SSID scans with specific SSID scans to avoid 901 * waiting a long time for a wildcard scan. 902 */ 903 if (!wpa_s->prev_scan_wildcard) { 904 params.ssids[0].ssid = NULL; 905 params.ssids[0].ssid_len = 0; 906 wpa_s->prev_scan_wildcard = 1; 907 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 908 "wildcard SSID (Interleave with specific)"); 909 } else { 910 wpa_s->prev_scan_ssid = ssid; 911 wpa_s->prev_scan_wildcard = 0; 912 wpa_dbg(wpa_s, MSG_DEBUG, 913 "Starting AP scan for specific SSID: %s", 914 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 915 } 916 } else if (ssid) { 917 /* max_ssids > 1 */ 918 919 wpa_s->prev_scan_ssid = ssid; 920 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 921 "the scan request"); 922 params.num_ssids++; 923 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 924 wpa_s->manual_scan_passive && params.num_ssids == 0) { 925 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 926 } else if (wpa_s->conf->passive_scan) { 927 wpa_dbg(wpa_s, MSG_DEBUG, 928 "Use passive scan based on configuration"); 929 } else { 930 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 931 params.num_ssids++; 932 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 933 "SSID"); 934 } 935 936ssid_list_set: 937 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 938 extra_ie = wpa_supplicant_extra_ies(wpa_s); 939 940 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 941 wpa_s->manual_scan_only_new) { 942 wpa_printf(MSG_DEBUG, 943 "Request driver to clear scan cache due to manual only_new=1 scan"); 944 params.only_new_results = 1; 945 } 946 947 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 948 wpa_s->manual_scan_freqs) { 949 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 950 params.freqs = wpa_s->manual_scan_freqs; 951 wpa_s->manual_scan_freqs = NULL; 952 } 953 954 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 955 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 956 "generated frequency list"); 957 params.freqs = wpa_s->next_scan_freqs; 958 } else 959 os_free(wpa_s->next_scan_freqs); 960 wpa_s->next_scan_freqs = NULL; 961 wpa_setband_scan_freqs(wpa_s, ¶ms); 962 963 /* See if user specified frequencies. If so, scan only those. */ 964 if (wpa_s->conf->freq_list && !params.freqs) { 965 wpa_dbg(wpa_s, MSG_DEBUG, 966 "Optimize scan based on conf->freq_list"); 967 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 968 } 969 970 /* Use current associated channel? */ 971 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 972 unsigned int num = wpa_s->num_multichan_concurrent; 973 974 params.freqs = os_calloc(num + 1, sizeof(int)); 975 if (params.freqs) { 976 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 977 if (num > 0) { 978 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 979 "current operating channels since " 980 "scan_cur_freq is enabled"); 981 } else { 982 os_free(params.freqs); 983 params.freqs = NULL; 984 } 985 } 986 } 987 988 params.filter_ssids = wpa_supplicant_build_filter_ssids( 989 wpa_s->conf, ¶ms.num_filter_ssids); 990 if (extra_ie) { 991 params.extra_ies = wpabuf_head(extra_ie); 992 params.extra_ies_len = wpabuf_len(extra_ie); 993 } 994 995#ifdef CONFIG_P2P 996 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 997 (wpa_s->show_group_started && wpa_s->go_params)) { 998 /* 999 * The interface may not yet be in P2P mode, so we have to 1000 * explicitly request P2P probe to disable CCK rates. 1001 */ 1002 params.p2p_probe = 1; 1003 } 1004#endif /* CONFIG_P2P */ 1005 1006 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { 1007 params.mac_addr_rand = 1; 1008 if (wpa_s->mac_addr_scan) { 1009 params.mac_addr = wpa_s->mac_addr_scan; 1010 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 1011 } 1012 } 1013 1014 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1015 struct wpa_bss *bss; 1016 1017 params.bssid = wpa_s->next_scan_bssid; 1018 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1019 if (bss && bss->ssid_len && params.num_ssids == 1 && 1020 params.ssids[0].ssid_len == 0) { 1021 params.ssids[0].ssid = bss->ssid; 1022 params.ssids[0].ssid_len = bss->ssid_len; 1023 wpa_dbg(wpa_s, MSG_DEBUG, 1024 "Scan a previously specified BSSID " MACSTR 1025 " and SSID %s", 1026 MAC2STR(params.bssid), 1027 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1028 } else { 1029 wpa_dbg(wpa_s, MSG_DEBUG, 1030 "Scan a previously specified BSSID " MACSTR, 1031 MAC2STR(params.bssid)); 1032 } 1033 } 1034 1035 scan_params = ¶ms; 1036 1037scan: 1038#ifdef CONFIG_P2P 1039 /* 1040 * If the driver does not support multi-channel concurrency and a 1041 * virtual interface that shares the same radio with the wpa_s interface 1042 * is operating there may not be need to scan other channels apart from 1043 * the current operating channel on the other virtual interface. Filter 1044 * out other channels in case we are trying to find a connection for a 1045 * station interface when we are not configured to prefer station 1046 * connection and a concurrent operation is already in process. 1047 */ 1048 if (wpa_s->scan_for_connection && 1049 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1050 !scan_params->freqs && !params.freqs && 1051 wpas_is_p2p_prioritized(wpa_s) && 1052 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1053 non_p2p_network_enabled(wpa_s)) { 1054 unsigned int num = wpa_s->num_multichan_concurrent; 1055 1056 params.freqs = os_calloc(num + 1, sizeof(int)); 1057 if (params.freqs) { 1058 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1059 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1060 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1061 } else { 1062 os_free(params.freqs); 1063 params.freqs = NULL; 1064 } 1065 } 1066 } 1067#endif /* CONFIG_P2P */ 1068 1069 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1070 1071 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1072 !wpa_s->manual_scan_freqs) { 1073 /* Restore manual_scan_freqs for the next attempt */ 1074 wpa_s->manual_scan_freqs = params.freqs; 1075 params.freqs = NULL; 1076 } 1077 1078 wpabuf_free(extra_ie); 1079 os_free(params.freqs); 1080 os_free(params.filter_ssids); 1081 1082 if (ret) { 1083 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1084 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1085 wpa_supplicant_set_state(wpa_s, 1086 wpa_s->scan_prev_wpa_state); 1087 /* Restore scan_req since we will try to scan again */ 1088 wpa_s->scan_req = wpa_s->last_scan_req; 1089 wpa_supplicant_req_scan(wpa_s, 1, 0); 1090 } else { 1091 wpa_s->scan_for_connection = 0; 1092#ifdef CONFIG_INTERWORKING 1093 wpa_s->interworking_fast_assoc_tried = 0; 1094#endif /* CONFIG_INTERWORKING */ 1095 if (params.bssid) 1096 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1097 } 1098} 1099 1100 1101void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1102{ 1103 struct os_reltime remaining, new_int; 1104 int cancelled; 1105 1106 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1107 &remaining); 1108 1109 new_int.sec = sec; 1110 new_int.usec = 0; 1111 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1112 new_int.sec = remaining.sec; 1113 new_int.usec = remaining.usec; 1114 } 1115 1116 if (cancelled) { 1117 eloop_register_timeout(new_int.sec, new_int.usec, 1118 wpa_supplicant_scan, wpa_s, NULL); 1119 } 1120 wpa_s->scan_interval = sec; 1121} 1122 1123 1124/** 1125 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1126 * @wpa_s: Pointer to wpa_supplicant data 1127 * @sec: Number of seconds after which to scan 1128 * @usec: Number of microseconds after which to scan 1129 * 1130 * This function is used to schedule a scan for neighboring access points after 1131 * the specified time. 1132 */ 1133void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1134{ 1135 int res; 1136 1137 if (wpa_s->p2p_mgmt) { 1138 wpa_dbg(wpa_s, MSG_DEBUG, 1139 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1140 sec, usec); 1141 return; 1142 } 1143 1144 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1145 NULL); 1146 if (res == 1) { 1147 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1148 sec, usec); 1149 } else if (res == 0) { 1150 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1151 sec, usec); 1152 } else { 1153 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1154 sec, usec); 1155 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1156 } 1157} 1158 1159 1160/** 1161 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1162 * @wpa_s: Pointer to wpa_supplicant data 1163 * @sec: Number of seconds after which to scan 1164 * @usec: Number of microseconds after which to scan 1165 * Returns: 0 on success or -1 otherwise 1166 * 1167 * This function is used to schedule periodic scans for neighboring 1168 * access points after the specified time. 1169 */ 1170int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1171 int sec, int usec) 1172{ 1173 if (!wpa_s->sched_scan_supported) 1174 return -1; 1175 1176 eloop_register_timeout(sec, usec, 1177 wpa_supplicant_delayed_sched_scan_timeout, 1178 wpa_s, NULL); 1179 1180 return 0; 1181} 1182 1183 1184/** 1185 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1186 * @wpa_s: Pointer to wpa_supplicant data 1187 * Returns: 0 is sched_scan was started or -1 otherwise 1188 * 1189 * This function is used to schedule periodic scans for neighboring 1190 * access points repeating the scan continuously. 1191 */ 1192int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1193{ 1194 struct wpa_driver_scan_params params; 1195 struct wpa_driver_scan_params *scan_params; 1196 enum wpa_states prev_state; 1197 struct wpa_ssid *ssid = NULL; 1198 struct wpabuf *extra_ie = NULL; 1199 int ret; 1200 unsigned int max_sched_scan_ssids; 1201 int wildcard = 0; 1202 int need_ssids; 1203 struct sched_scan_plan scan_plan; 1204 1205 if (!wpa_s->sched_scan_supported) 1206 return -1; 1207 1208 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1209 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1210 else 1211 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1212 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1213 return -1; 1214 1215 if (wpa_s->sched_scanning) { 1216 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1217 return 0; 1218 } 1219 1220 need_ssids = 0; 1221 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1222 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1223 /* Use wildcard SSID to find this network */ 1224 wildcard = 1; 1225 } else if (!wpas_network_disabled(wpa_s, ssid) && 1226 ssid->ssid_len) 1227 need_ssids++; 1228 1229#ifdef CONFIG_WPS 1230 if (!wpas_network_disabled(wpa_s, ssid) && 1231 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1232 /* 1233 * Normal scan is more reliable and faster for WPS 1234 * operations and since these are for short periods of 1235 * time, the benefit of trying to use sched_scan would 1236 * be limited. 1237 */ 1238 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1239 "sched_scan for WPS"); 1240 return -1; 1241 } 1242#endif /* CONFIG_WPS */ 1243 } 1244 if (wildcard) 1245 need_ssids++; 1246 1247 if (wpa_s->normal_scans < 3 && 1248 (need_ssids <= wpa_s->max_scan_ssids || 1249 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1250 /* 1251 * When normal scan can speed up operations, use that for the 1252 * first operations before starting the sched_scan to allow 1253 * user space sleep more. We do this only if the normal scan 1254 * has functionality that is suitable for this or if the 1255 * sched_scan does not have better support for multiple SSIDs. 1256 */ 1257 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1258 "sched_scan for initial scans (normal_scans=%d)", 1259 wpa_s->normal_scans); 1260 return -1; 1261 } 1262 1263 os_memset(¶ms, 0, sizeof(params)); 1264 1265 /* If we can't allocate space for the filters, we just don't filter */ 1266 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1267 sizeof(struct wpa_driver_scan_filter)); 1268 1269 prev_state = wpa_s->wpa_state; 1270 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1271 wpa_s->wpa_state == WPA_INACTIVE) 1272 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1273 1274 if (wpa_s->autoscan_params != NULL) { 1275 scan_params = wpa_s->autoscan_params; 1276 goto scan; 1277 } 1278 1279 /* Find the starting point from which to continue scanning */ 1280 ssid = wpa_s->conf->ssid; 1281 if (wpa_s->prev_sched_ssid) { 1282 while (ssid) { 1283 if (ssid == wpa_s->prev_sched_ssid) { 1284 ssid = ssid->next; 1285 break; 1286 } 1287 ssid = ssid->next; 1288 } 1289 } 1290 1291 if (!ssid || !wpa_s->prev_sched_ssid) { 1292 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1293 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1294 wpa_s->first_sched_scan = 1; 1295 ssid = wpa_s->conf->ssid; 1296 wpa_s->prev_sched_ssid = ssid; 1297 } 1298 1299 if (wildcard) { 1300 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1301 params.num_ssids++; 1302 } 1303 1304 while (ssid) { 1305 if (wpas_network_disabled(wpa_s, ssid)) 1306 goto next; 1307 1308 if (params.num_filter_ssids < wpa_s->max_match_sets && 1309 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1310 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1311 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1312 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1313 ssid->ssid, ssid->ssid_len); 1314 params.filter_ssids[params.num_filter_ssids].ssid_len = 1315 ssid->ssid_len; 1316 params.num_filter_ssids++; 1317 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1318 { 1319 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1320 "filter for sched_scan - drop filter"); 1321 os_free(params.filter_ssids); 1322 params.filter_ssids = NULL; 1323 params.num_filter_ssids = 0; 1324 } 1325 1326 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1327 if (params.num_ssids == max_sched_scan_ssids) 1328 break; /* only room for broadcast SSID */ 1329 wpa_dbg(wpa_s, MSG_DEBUG, 1330 "add to active scan ssid: %s", 1331 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1332 params.ssids[params.num_ssids].ssid = 1333 ssid->ssid; 1334 params.ssids[params.num_ssids].ssid_len = 1335 ssid->ssid_len; 1336 params.num_ssids++; 1337 if (params.num_ssids >= max_sched_scan_ssids) { 1338 wpa_s->prev_sched_ssid = ssid; 1339 do { 1340 ssid = ssid->next; 1341 } while (ssid && 1342 (wpas_network_disabled(wpa_s, ssid) || 1343 !ssid->scan_ssid)); 1344 break; 1345 } 1346 } 1347 1348 next: 1349 wpa_s->prev_sched_ssid = ssid; 1350 ssid = ssid->next; 1351 } 1352 1353 if (params.num_filter_ssids == 0) { 1354 os_free(params.filter_ssids); 1355 params.filter_ssids = NULL; 1356 } 1357 1358 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1359 if (extra_ie) { 1360 params.extra_ies = wpabuf_head(extra_ie); 1361 params.extra_ies_len = wpabuf_len(extra_ie); 1362 } 1363 1364 if (wpa_s->conf->filter_rssi) 1365 params.filter_rssi = wpa_s->conf->filter_rssi; 1366 1367 /* See if user specified frequencies. If so, scan only those. */ 1368 if (wpa_s->conf->freq_list && !params.freqs) { 1369 wpa_dbg(wpa_s, MSG_DEBUG, 1370 "Optimize scan based on conf->freq_list"); 1371 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1372 } 1373 1374 scan_params = ¶ms; 1375 1376scan: 1377 wpa_s->sched_scan_timed_out = 0; 1378 1379 /* 1380 * We cannot support multiple scan plans if the scan request includes 1381 * too many SSID's, so in this case use only the last scan plan and make 1382 * it run infinitely. It will be stopped by the timeout. 1383 */ 1384 if (wpa_s->sched_scan_plans_num == 1 || 1385 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1386 params.sched_scan_plans = wpa_s->sched_scan_plans; 1387 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1388 } else if (wpa_s->sched_scan_plans_num > 1) { 1389 wpa_dbg(wpa_s, MSG_DEBUG, 1390 "Too many SSIDs. Default to using single scheduled_scan plan"); 1391 params.sched_scan_plans = 1392 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1393 1]; 1394 params.sched_scan_plans_num = 1; 1395 } else { 1396 if (wpa_s->conf->sched_scan_interval) 1397 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1398 else 1399 scan_plan.interval = 10; 1400 1401 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1402 wpa_printf(MSG_WARNING, 1403 "Scan interval too long(%u), use the maximum allowed(%u)", 1404 scan_plan.interval, 1405 wpa_s->max_sched_scan_plan_interval); 1406 scan_plan.interval = 1407 wpa_s->max_sched_scan_plan_interval; 1408 } 1409 1410 scan_plan.iterations = 0; 1411 params.sched_scan_plans = &scan_plan; 1412 params.sched_scan_plans_num = 1; 1413 } 1414 1415 if (ssid || !wpa_s->first_sched_scan) { 1416 wpa_dbg(wpa_s, MSG_DEBUG, 1417 "Starting sched scan: interval %u timeout %d", 1418 params.sched_scan_plans[0].interval, 1419 wpa_s->sched_scan_timeout); 1420 } else { 1421 wpa_dbg(wpa_s, MSG_DEBUG, "Starting sched scan (no timeout)"); 1422 } 1423 1424 wpa_setband_scan_freqs(wpa_s, scan_params); 1425 1426 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { 1427 params.mac_addr_rand = 1; 1428 if (wpa_s->mac_addr_sched_scan) { 1429 params.mac_addr = wpa_s->mac_addr_sched_scan; 1430 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1431 ETH_ALEN; 1432 } 1433 } 1434 1435 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1436 wpabuf_free(extra_ie); 1437 os_free(params.filter_ssids); 1438 if (ret) { 1439 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1440 if (prev_state != wpa_s->wpa_state) 1441 wpa_supplicant_set_state(wpa_s, prev_state); 1442 return ret; 1443 } 1444 1445 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1446 if (ssid || !wpa_s->first_sched_scan) { 1447 wpa_s->sched_scan_timed_out = 0; 1448 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1449 wpa_supplicant_sched_scan_timeout, 1450 wpa_s, NULL); 1451 wpa_s->first_sched_scan = 0; 1452 wpa_s->sched_scan_timeout /= 2; 1453 params.sched_scan_plans[0].interval *= 2; 1454 if ((unsigned int) wpa_s->sched_scan_timeout < 1455 params.sched_scan_plans[0].interval || 1456 params.sched_scan_plans[0].interval > 1457 wpa_s->max_sched_scan_plan_interval) { 1458 params.sched_scan_plans[0].interval = 10; 1459 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1460 } 1461 } 1462 1463 /* If there is no more ssids, start next time from the beginning */ 1464 if (!ssid) 1465 wpa_s->prev_sched_ssid = NULL; 1466 1467 return 0; 1468} 1469 1470 1471/** 1472 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1473 * @wpa_s: Pointer to wpa_supplicant data 1474 * 1475 * This function is used to cancel a scan request scheduled with 1476 * wpa_supplicant_req_scan(). 1477 */ 1478void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1479{ 1480 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1481 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1482} 1483 1484 1485/** 1486 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1487 * @wpa_s: Pointer to wpa_supplicant data 1488 * 1489 * This function is used to stop a delayed scheduled scan. 1490 */ 1491void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1492{ 1493 if (!wpa_s->sched_scan_supported) 1494 return; 1495 1496 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1497 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1498 wpa_s, NULL); 1499} 1500 1501 1502/** 1503 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1504 * @wpa_s: Pointer to wpa_supplicant data 1505 * 1506 * This function is used to stop a periodic scheduled scan. 1507 */ 1508void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1509{ 1510 if (!wpa_s->sched_scanning) 1511 return; 1512 1513 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1514 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1515 wpa_supplicant_stop_sched_scan(wpa_s); 1516} 1517 1518 1519/** 1520 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1521 * @wpa_s: Pointer to wpa_supplicant data 1522 * @scanning: Whether scanning is currently in progress 1523 * 1524 * This function is to generate scanning notifycations. It is called whenever 1525 * there may have been a change in scanning (scan started, completed, stopped). 1526 * wpas_notify_scanning() is called whenever the scanning state changed from the 1527 * previously notified state. 1528 */ 1529void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1530 int scanning) 1531{ 1532 if (wpa_s->scanning != scanning) { 1533 wpa_s->scanning = scanning; 1534 wpas_notify_scanning(wpa_s); 1535 } 1536} 1537 1538 1539static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1540{ 1541 int rate = 0; 1542 const u8 *ie; 1543 int i; 1544 1545 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1546 for (i = 0; ie && i < ie[1]; i++) { 1547 if ((ie[i + 2] & 0x7f) > rate) 1548 rate = ie[i + 2] & 0x7f; 1549 } 1550 1551 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1552 for (i = 0; ie && i < ie[1]; i++) { 1553 if ((ie[i + 2] & 0x7f) > rate) 1554 rate = ie[i + 2] & 0x7f; 1555 } 1556 1557 return rate; 1558} 1559 1560 1561/** 1562 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1563 * @res: Scan result entry 1564 * @ie: Information element identitifier (WLAN_EID_*) 1565 * Returns: Pointer to the information element (id field) or %NULL if not found 1566 * 1567 * This function returns the first matching information element in the scan 1568 * result. 1569 */ 1570const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1571{ 1572 return get_ie((const u8 *) (res + 1), res->ie_len, ie); 1573} 1574 1575 1576/** 1577 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1578 * @res: Scan result entry 1579 * @vendor_type: Vendor type (four octets starting the IE payload) 1580 * Returns: Pointer to the information element (id field) or %NULL if not found 1581 * 1582 * This function returns the first matching information element in the scan 1583 * result. 1584 */ 1585const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1586 u32 vendor_type) 1587{ 1588 const u8 *end, *pos; 1589 1590 pos = (const u8 *) (res + 1); 1591 end = pos + res->ie_len; 1592 1593 while (end - pos > 1) { 1594 if (2 + pos[1] > end - pos) 1595 break; 1596 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1597 vendor_type == WPA_GET_BE32(&pos[2])) 1598 return pos; 1599 pos += 2 + pos[1]; 1600 } 1601 1602 return NULL; 1603} 1604 1605 1606/** 1607 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1608 * @res: Scan result entry 1609 * @vendor_type: Vendor type (four octets starting the IE payload) 1610 * Returns: Pointer to the information element (id field) or %NULL if not found 1611 * 1612 * This function returns the first matching information element in the scan 1613 * result. 1614 * 1615 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1616 * from Beacon frames instead of either Beacon or Probe Response frames. 1617 */ 1618const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1619 u32 vendor_type) 1620{ 1621 const u8 *end, *pos; 1622 1623 if (res->beacon_ie_len == 0) 1624 return NULL; 1625 1626 pos = (const u8 *) (res + 1); 1627 pos += res->ie_len; 1628 end = pos + res->beacon_ie_len; 1629 1630 while (end - pos > 1) { 1631 if (2 + pos[1] > end - pos) 1632 break; 1633 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1634 vendor_type == WPA_GET_BE32(&pos[2])) 1635 return pos; 1636 pos += 2 + pos[1]; 1637 } 1638 1639 return NULL; 1640} 1641 1642 1643/** 1644 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1645 * @res: Scan result entry 1646 * @vendor_type: Vendor type (four octets starting the IE payload) 1647 * Returns: Pointer to the information element payload or %NULL if not found 1648 * 1649 * This function returns concatenated payload of possibly fragmented vendor 1650 * specific information elements in the scan result. The caller is responsible 1651 * for freeing the returned buffer. 1652 */ 1653struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1654 u32 vendor_type) 1655{ 1656 struct wpabuf *buf; 1657 const u8 *end, *pos; 1658 1659 buf = wpabuf_alloc(res->ie_len); 1660 if (buf == NULL) 1661 return NULL; 1662 1663 pos = (const u8 *) (res + 1); 1664 end = pos + res->ie_len; 1665 1666 while (end - pos > 1) { 1667 if (2 + pos[1] > end - pos) 1668 break; 1669 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1670 vendor_type == WPA_GET_BE32(&pos[2])) 1671 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1672 pos += 2 + pos[1]; 1673 } 1674 1675 if (wpabuf_len(buf) == 0) { 1676 wpabuf_free(buf); 1677 buf = NULL; 1678 } 1679 1680 return buf; 1681} 1682 1683 1684/* 1685 * Channels with a great SNR can operate at full rate. What is a great SNR? 1686 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1687 * rule of thumb is that any SNR above 20 is good." This one 1688 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1689 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1690 * conservative value. 1691 */ 1692#define GREAT_SNR 30 1693 1694#define IS_5GHZ(n) (n > 4000) 1695 1696/* Compare function for sorting scan results. Return >0 if @b is considered 1697 * better. */ 1698static int wpa_scan_result_compar(const void *a, const void *b) 1699{ 1700#define MIN(a,b) a < b ? a : b 1701 struct wpa_scan_res **_wa = (void *) a; 1702 struct wpa_scan_res **_wb = (void *) b; 1703 struct wpa_scan_res *wa = *_wa; 1704 struct wpa_scan_res *wb = *_wb; 1705 int wpa_a, wpa_b; 1706 int snr_a, snr_b, snr_a_full, snr_b_full; 1707 1708 /* WPA/WPA2 support preferred */ 1709 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1710 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1711 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1712 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1713 1714 if (wpa_b && !wpa_a) 1715 return 1; 1716 if (!wpa_b && wpa_a) 1717 return -1; 1718 1719 /* privacy support preferred */ 1720 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1721 (wb->caps & IEEE80211_CAP_PRIVACY)) 1722 return 1; 1723 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1724 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1725 return -1; 1726 1727 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1728 snr_a_full = wa->snr; 1729 snr_a = MIN(wa->snr, GREAT_SNR); 1730 snr_b_full = wb->snr; 1731 snr_b = MIN(wb->snr, GREAT_SNR); 1732 } else { 1733 /* Level is not in dBm, so we can't calculate 1734 * SNR. Just use raw level (units unknown). */ 1735 snr_a = snr_a_full = wa->level; 1736 snr_b = snr_b_full = wb->level; 1737 } 1738 1739 /* if SNR is close, decide by max rate or frequency band */ 1740 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1741 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1742 if (wa->est_throughput != wb->est_throughput) 1743 return wb->est_throughput - wa->est_throughput; 1744 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1745 return IS_5GHZ(wa->freq) ? -1 : 1; 1746 } 1747 1748 /* all things being equal, use SNR; if SNRs are 1749 * identical, use quality values since some drivers may only report 1750 * that value and leave the signal level zero */ 1751 if (snr_b_full == snr_a_full) 1752 return wb->qual - wa->qual; 1753 return snr_b_full - snr_a_full; 1754#undef MIN 1755} 1756 1757 1758#ifdef CONFIG_WPS 1759/* Compare function for sorting scan results when searching a WPS AP for 1760 * provisioning. Return >0 if @b is considered better. */ 1761static int wpa_scan_result_wps_compar(const void *a, const void *b) 1762{ 1763 struct wpa_scan_res **_wa = (void *) a; 1764 struct wpa_scan_res **_wb = (void *) b; 1765 struct wpa_scan_res *wa = *_wa; 1766 struct wpa_scan_res *wb = *_wb; 1767 int uses_wps_a, uses_wps_b; 1768 struct wpabuf *wps_a, *wps_b; 1769 int res; 1770 1771 /* Optimization - check WPS IE existence before allocated memory and 1772 * doing full reassembly. */ 1773 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1774 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1775 if (uses_wps_a && !uses_wps_b) 1776 return -1; 1777 if (!uses_wps_a && uses_wps_b) 1778 return 1; 1779 1780 if (uses_wps_a && uses_wps_b) { 1781 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1782 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1783 res = wps_ap_priority_compar(wps_a, wps_b); 1784 wpabuf_free(wps_a); 1785 wpabuf_free(wps_b); 1786 if (res) 1787 return res; 1788 } 1789 1790 /* 1791 * Do not use current AP security policy as a sorting criteria during 1792 * WPS provisioning step since the AP may get reconfigured at the 1793 * completion of provisioning. 1794 */ 1795 1796 /* all things being equal, use signal level; if signal levels are 1797 * identical, use quality values since some drivers may only report 1798 * that value and leave the signal level zero */ 1799 if (wb->level == wa->level) 1800 return wb->qual - wa->qual; 1801 return wb->level - wa->level; 1802} 1803#endif /* CONFIG_WPS */ 1804 1805 1806static void dump_scan_res(struct wpa_scan_results *scan_res) 1807{ 1808#ifndef CONFIG_NO_STDOUT_DEBUG 1809 size_t i; 1810 1811 if (scan_res->res == NULL || scan_res->num == 0) 1812 return; 1813 1814 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1815 1816 for (i = 0; i < scan_res->num; i++) { 1817 struct wpa_scan_res *r = scan_res->res[i]; 1818 u8 *pos; 1819 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1820 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1821 1822 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1823 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1824 MAC2STR(r->bssid), r->freq, r->qual, 1825 r->noise, noise_valid ? "" : "~", r->level, 1826 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1827 r->flags, 1828 r->age, r->est_throughput); 1829 } else { 1830 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1831 "noise=%d level=%d flags=0x%x age=%u est=%u", 1832 MAC2STR(r->bssid), r->freq, r->qual, 1833 r->noise, r->level, r->flags, r->age, 1834 r->est_throughput); 1835 } 1836 pos = (u8 *) (r + 1); 1837 if (r->ie_len) 1838 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1839 pos += r->ie_len; 1840 if (r->beacon_ie_len) 1841 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1842 pos, r->beacon_ie_len); 1843 } 1844#endif /* CONFIG_NO_STDOUT_DEBUG */ 1845} 1846 1847 1848/** 1849 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1850 * @wpa_s: Pointer to wpa_supplicant data 1851 * @bssid: BSSID to check 1852 * Returns: 0 if the BSSID is filtered or 1 if not 1853 * 1854 * This function is used to filter out specific BSSIDs from scan reslts mainly 1855 * for testing purposes (SET bssid_filter ctrl_iface command). 1856 */ 1857int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1858 const u8 *bssid) 1859{ 1860 size_t i; 1861 1862 if (wpa_s->bssid_filter == NULL) 1863 return 1; 1864 1865 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1866 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1867 ETH_ALEN) == 0) 1868 return 1; 1869 } 1870 1871 return 0; 1872} 1873 1874 1875static void filter_scan_res(struct wpa_supplicant *wpa_s, 1876 struct wpa_scan_results *res) 1877{ 1878 size_t i, j; 1879 1880 if (wpa_s->bssid_filter == NULL) 1881 return; 1882 1883 for (i = 0, j = 0; i < res->num; i++) { 1884 if (wpa_supplicant_filter_bssid_match(wpa_s, 1885 res->res[i]->bssid)) { 1886 res->res[j++] = res->res[i]; 1887 } else { 1888 os_free(res->res[i]); 1889 res->res[i] = NULL; 1890 } 1891 } 1892 1893 if (res->num != j) { 1894 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1895 (int) (res->num - j)); 1896 res->num = j; 1897 } 1898} 1899 1900 1901/* 1902 * Noise floor values to use when we have signal strength 1903 * measurements, but no noise floor measurements. These values were 1904 * measured in an office environment with many APs. 1905 */ 1906#define DEFAULT_NOISE_FLOOR_2GHZ (-89) 1907#define DEFAULT_NOISE_FLOOR_5GHZ (-92) 1908 1909static void scan_snr(struct wpa_scan_res *res) 1910{ 1911 if (res->flags & WPA_SCAN_NOISE_INVALID) { 1912 res->noise = IS_5GHZ(res->freq) ? 1913 DEFAULT_NOISE_FLOOR_5GHZ : 1914 DEFAULT_NOISE_FLOOR_2GHZ; 1915 } 1916 1917 if (res->flags & WPA_SCAN_LEVEL_DBM) { 1918 res->snr = res->level - res->noise; 1919 } else { 1920 /* Level is not in dBm, so we can't calculate 1921 * SNR. Just use raw level (units unknown). */ 1922 res->snr = res->level; 1923 } 1924} 1925 1926 1927static unsigned int max_ht20_rate(int snr) 1928{ 1929 if (snr < 6) 1930 return 6500; /* HT20 MCS0 */ 1931 if (snr < 8) 1932 return 13000; /* HT20 MCS1 */ 1933 if (snr < 13) 1934 return 19500; /* HT20 MCS2 */ 1935 if (snr < 17) 1936 return 26000; /* HT20 MCS3 */ 1937 if (snr < 20) 1938 return 39000; /* HT20 MCS4 */ 1939 if (snr < 23) 1940 return 52000; /* HT20 MCS5 */ 1941 if (snr < 24) 1942 return 58500; /* HT20 MCS6 */ 1943 return 65000; /* HT20 MCS7 */ 1944} 1945 1946 1947static unsigned int max_ht40_rate(int snr) 1948{ 1949 if (snr < 3) 1950 return 13500; /* HT40 MCS0 */ 1951 if (snr < 6) 1952 return 27000; /* HT40 MCS1 */ 1953 if (snr < 10) 1954 return 40500; /* HT40 MCS2 */ 1955 if (snr < 15) 1956 return 54000; /* HT40 MCS3 */ 1957 if (snr < 17) 1958 return 81000; /* HT40 MCS4 */ 1959 if (snr < 22) 1960 return 108000; /* HT40 MCS5 */ 1961 if (snr < 24) 1962 return 121500; /* HT40 MCS6 */ 1963 return 135000; /* HT40 MCS7 */ 1964} 1965 1966 1967static unsigned int max_vht80_rate(int snr) 1968{ 1969 if (snr < 1) 1970 return 0; 1971 if (snr < 2) 1972 return 29300; /* VHT80 MCS0 */ 1973 if (snr < 5) 1974 return 58500; /* VHT80 MCS1 */ 1975 if (snr < 9) 1976 return 87800; /* VHT80 MCS2 */ 1977 if (snr < 11) 1978 return 117000; /* VHT80 MCS3 */ 1979 if (snr < 15) 1980 return 175500; /* VHT80 MCS4 */ 1981 if (snr < 16) 1982 return 234000; /* VHT80 MCS5 */ 1983 if (snr < 18) 1984 return 263300; /* VHT80 MCS6 */ 1985 if (snr < 20) 1986 return 292500; /* VHT80 MCS7 */ 1987 if (snr < 22) 1988 return 351000; /* VHT80 MCS8 */ 1989 return 390000; /* VHT80 MCS9 */ 1990} 1991 1992 1993static void scan_est_throughput(struct wpa_supplicant *wpa_s, 1994 struct wpa_scan_res *res) 1995{ 1996 enum local_hw_capab capab = wpa_s->hw_capab; 1997 int rate; /* max legacy rate in 500 kb/s units */ 1998 const u8 *ie; 1999 unsigned int est, tmp; 2000 int snr = res->snr; 2001 2002 if (res->est_throughput) 2003 return; 2004 2005 /* Get maximum legacy rate */ 2006 rate = wpa_scan_get_max_rate(res); 2007 2008 /* Limit based on estimated SNR */ 2009 if (rate > 1 * 2 && snr < 1) 2010 rate = 1 * 2; 2011 else if (rate > 2 * 2 && snr < 4) 2012 rate = 2 * 2; 2013 else if (rate > 6 * 2 && snr < 5) 2014 rate = 6 * 2; 2015 else if (rate > 9 * 2 && snr < 6) 2016 rate = 9 * 2; 2017 else if (rate > 12 * 2 && snr < 7) 2018 rate = 12 * 2; 2019 else if (rate > 18 * 2 && snr < 10) 2020 rate = 18 * 2; 2021 else if (rate > 24 * 2 && snr < 11) 2022 rate = 24 * 2; 2023 else if (rate > 36 * 2 && snr < 15) 2024 rate = 36 * 2; 2025 else if (rate > 48 * 2 && snr < 19) 2026 rate = 48 * 2; 2027 else if (rate > 54 * 2 && snr < 21) 2028 rate = 54 * 2; 2029 est = rate * 500; 2030 2031 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2032 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 2033 if (ie) { 2034 tmp = max_ht20_rate(snr); 2035 if (tmp > est) 2036 est = tmp; 2037 } 2038 } 2039 2040 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2041 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2042 if (ie && ie[1] >= 2 && 2043 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2044 tmp = max_ht40_rate(snr); 2045 if (tmp > est) 2046 est = tmp; 2047 } 2048 } 2049 2050 if (capab == CAPAB_VHT) { 2051 /* Use +1 to assume VHT is always faster than HT */ 2052 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 2053 if (ie) { 2054 tmp = max_ht20_rate(snr) + 1; 2055 if (tmp > est) 2056 est = tmp; 2057 2058 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2059 if (ie && ie[1] >= 2 && 2060 (ie[3] & 2061 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2062 tmp = max_ht40_rate(snr) + 1; 2063 if (tmp > est) 2064 est = tmp; 2065 } 2066 2067 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 2068 if (ie && ie[1] >= 1 && 2069 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 2070 tmp = max_vht80_rate(snr) + 1; 2071 if (tmp > est) 2072 est = tmp; 2073 } 2074 } 2075 } 2076 2077 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2078 2079 res->est_throughput = est; 2080} 2081 2082 2083/** 2084 * wpa_supplicant_get_scan_results - Get scan results 2085 * @wpa_s: Pointer to wpa_supplicant data 2086 * @info: Information about what was scanned or %NULL if not available 2087 * @new_scan: Whether a new scan was performed 2088 * Returns: Scan results, %NULL on failure 2089 * 2090 * This function request the current scan results from the driver and updates 2091 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2092 * results with wpa_scan_results_free(). 2093 */ 2094struct wpa_scan_results * 2095wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2096 struct scan_info *info, int new_scan) 2097{ 2098 struct wpa_scan_results *scan_res; 2099 size_t i; 2100 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2101 2102 scan_res = wpa_drv_get_scan_results2(wpa_s); 2103 if (scan_res == NULL) { 2104 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2105 return NULL; 2106 } 2107 if (scan_res->fetch_time.sec == 0) { 2108 /* 2109 * Make sure we have a valid timestamp if the driver wrapper 2110 * does not set this. 2111 */ 2112 os_get_reltime(&scan_res->fetch_time); 2113 } 2114 filter_scan_res(wpa_s, scan_res); 2115 2116 for (i = 0; i < scan_res->num; i++) { 2117 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2118 2119 scan_snr(scan_res_item); 2120 scan_est_throughput(wpa_s, scan_res_item); 2121 } 2122 2123#ifdef CONFIG_WPS 2124 if (wpas_wps_searching(wpa_s)) { 2125 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2126 "provisioning rules"); 2127 compar = wpa_scan_result_wps_compar; 2128 } 2129#endif /* CONFIG_WPS */ 2130 2131 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 2132 compar); 2133 dump_scan_res(scan_res); 2134 2135 wpa_bss_update_start(wpa_s); 2136 for (i = 0; i < scan_res->num; i++) 2137 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2138 &scan_res->fetch_time); 2139 wpa_bss_update_end(wpa_s, info, new_scan); 2140 2141 return scan_res; 2142} 2143 2144 2145/** 2146 * wpa_supplicant_update_scan_results - Update scan results from the driver 2147 * @wpa_s: Pointer to wpa_supplicant data 2148 * Returns: 0 on success, -1 on failure 2149 * 2150 * This function updates the BSS table within wpa_supplicant based on the 2151 * currently available scan results from the driver without requesting a new 2152 * scan. This is used in cases where the driver indicates an association 2153 * (including roaming within ESS) and wpa_supplicant does not yet have the 2154 * needed information to complete the connection (e.g., to perform validation 2155 * steps in 4-way handshake). 2156 */ 2157int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2158{ 2159 struct wpa_scan_results *scan_res; 2160 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2161 if (scan_res == NULL) 2162 return -1; 2163 wpa_scan_results_free(scan_res); 2164 2165 return 0; 2166} 2167 2168 2169/** 2170 * scan_only_handler - Reports scan results 2171 */ 2172void scan_only_handler(struct wpa_supplicant *wpa_s, 2173 struct wpa_scan_results *scan_res) 2174{ 2175 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2176 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2177 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2178 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2179 wpa_s->manual_scan_id); 2180 wpa_s->manual_scan_use_id = 0; 2181 } else { 2182 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2183 } 2184 wpas_notify_scan_results(wpa_s); 2185 wpas_notify_scan_done(wpa_s, 1); 2186 if (wpa_s->scan_work) { 2187 struct wpa_radio_work *work = wpa_s->scan_work; 2188 wpa_s->scan_work = NULL; 2189 radio_work_done(work); 2190 } 2191 2192 if (wpa_s->wpa_state == WPA_SCANNING) 2193 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 2194} 2195 2196 2197int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2198{ 2199 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2200} 2201 2202 2203struct wpa_driver_scan_params * 2204wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2205{ 2206 struct wpa_driver_scan_params *params; 2207 size_t i; 2208 u8 *n; 2209 2210 params = os_zalloc(sizeof(*params)); 2211 if (params == NULL) 2212 return NULL; 2213 2214 for (i = 0; i < src->num_ssids; i++) { 2215 if (src->ssids[i].ssid) { 2216 n = os_malloc(src->ssids[i].ssid_len); 2217 if (n == NULL) 2218 goto failed; 2219 os_memcpy(n, src->ssids[i].ssid, 2220 src->ssids[i].ssid_len); 2221 params->ssids[i].ssid = n; 2222 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2223 } 2224 } 2225 params->num_ssids = src->num_ssids; 2226 2227 if (src->extra_ies) { 2228 n = os_malloc(src->extra_ies_len); 2229 if (n == NULL) 2230 goto failed; 2231 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2232 params->extra_ies = n; 2233 params->extra_ies_len = src->extra_ies_len; 2234 } 2235 2236 if (src->freqs) { 2237 int len = int_array_len(src->freqs); 2238 params->freqs = os_malloc((len + 1) * sizeof(int)); 2239 if (params->freqs == NULL) 2240 goto failed; 2241 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2242 } 2243 2244 if (src->filter_ssids) { 2245 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2246 src->num_filter_ssids); 2247 if (params->filter_ssids == NULL) 2248 goto failed; 2249 os_memcpy(params->filter_ssids, src->filter_ssids, 2250 sizeof(*params->filter_ssids) * 2251 src->num_filter_ssids); 2252 params->num_filter_ssids = src->num_filter_ssids; 2253 } 2254 2255 params->filter_rssi = src->filter_rssi; 2256 params->p2p_probe = src->p2p_probe; 2257 params->only_new_results = src->only_new_results; 2258 params->low_priority = src->low_priority; 2259 2260 if (src->sched_scan_plans_num > 0) { 2261 params->sched_scan_plans = 2262 os_malloc(sizeof(*src->sched_scan_plans) * 2263 src->sched_scan_plans_num); 2264 if (!params->sched_scan_plans) 2265 goto failed; 2266 2267 os_memcpy(params->sched_scan_plans, src->sched_scan_plans, 2268 sizeof(*src->sched_scan_plans) * 2269 src->sched_scan_plans_num); 2270 params->sched_scan_plans_num = src->sched_scan_plans_num; 2271 } 2272 2273 if (src->mac_addr_rand) { 2274 params->mac_addr_rand = src->mac_addr_rand; 2275 2276 if (src->mac_addr && src->mac_addr_mask) { 2277 u8 *mac_addr; 2278 2279 mac_addr = os_malloc(2 * ETH_ALEN); 2280 if (!mac_addr) 2281 goto failed; 2282 2283 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2284 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2285 ETH_ALEN); 2286 params->mac_addr = mac_addr; 2287 params->mac_addr_mask = mac_addr + ETH_ALEN; 2288 } 2289 } 2290 2291 if (src->bssid) { 2292 u8 *bssid; 2293 2294 bssid = os_malloc(ETH_ALEN); 2295 if (!bssid) 2296 goto failed; 2297 os_memcpy(bssid, src->bssid, ETH_ALEN); 2298 params->bssid = bssid; 2299 } 2300 2301 return params; 2302 2303failed: 2304 wpa_scan_free_params(params); 2305 return NULL; 2306} 2307 2308 2309void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2310{ 2311 size_t i; 2312 2313 if (params == NULL) 2314 return; 2315 2316 for (i = 0; i < params->num_ssids; i++) 2317 os_free((u8 *) params->ssids[i].ssid); 2318 os_free((u8 *) params->extra_ies); 2319 os_free(params->freqs); 2320 os_free(params->filter_ssids); 2321 os_free(params->sched_scan_plans); 2322 2323 /* 2324 * Note: params->mac_addr_mask points to same memory allocation and 2325 * must not be freed separately. 2326 */ 2327 os_free((u8 *) params->mac_addr); 2328 2329 os_free((u8 *) params->bssid); 2330 2331 os_free(params); 2332} 2333 2334 2335int wpas_start_pno(struct wpa_supplicant *wpa_s) 2336{ 2337 int ret, prio; 2338 size_t i, num_ssid, num_match_ssid; 2339 struct wpa_ssid *ssid; 2340 struct wpa_driver_scan_params params; 2341 struct sched_scan_plan scan_plan; 2342 unsigned int max_sched_scan_ssids; 2343 2344 if (!wpa_s->sched_scan_supported) 2345 return -1; 2346 2347 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 2348 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 2349 else 2350 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 2351 if (max_sched_scan_ssids < 1) 2352 return -1; 2353 2354 if (wpa_s->pno || wpa_s->pno_sched_pending) 2355 return 0; 2356 2357 if ((wpa_s->wpa_state > WPA_SCANNING) && 2358 (wpa_s->wpa_state <= WPA_COMPLETED)) { 2359 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2360 return -EAGAIN; 2361 } 2362 2363 if (wpa_s->wpa_state == WPA_SCANNING) { 2364 wpa_supplicant_cancel_scan(wpa_s); 2365 if (wpa_s->sched_scanning) { 2366 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2367 "ongoing sched scan"); 2368 wpa_supplicant_cancel_sched_scan(wpa_s); 2369 wpa_s->pno_sched_pending = 1; 2370 return 0; 2371 } 2372 } 2373 2374 os_memset(¶ms, 0, sizeof(params)); 2375 2376 num_ssid = num_match_ssid = 0; 2377 ssid = wpa_s->conf->ssid; 2378 while (ssid) { 2379 if (!wpas_network_disabled(wpa_s, ssid)) { 2380 num_match_ssid++; 2381 if (ssid->scan_ssid) 2382 num_ssid++; 2383 } 2384 ssid = ssid->next; 2385 } 2386 2387 if (num_match_ssid == 0) { 2388 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2389 return -1; 2390 } 2391 2392 if (num_match_ssid > num_ssid) { 2393 params.num_ssids++; /* wildcard */ 2394 num_ssid++; 2395 } 2396 2397 if (num_ssid > max_sched_scan_ssids) { 2398 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2399 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 2400 num_ssid = max_sched_scan_ssids; 2401 } 2402 2403 if (num_match_ssid > wpa_s->max_match_sets) { 2404 num_match_ssid = wpa_s->max_match_sets; 2405 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2406 } 2407 params.filter_ssids = os_calloc(num_match_ssid, 2408 sizeof(struct wpa_driver_scan_filter)); 2409 if (params.filter_ssids == NULL) 2410 return -1; 2411 2412 i = 0; 2413 prio = 0; 2414 ssid = wpa_s->conf->pssid[prio]; 2415 while (ssid) { 2416 if (!wpas_network_disabled(wpa_s, ssid)) { 2417 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2418 params.ssids[params.num_ssids].ssid = 2419 ssid->ssid; 2420 params.ssids[params.num_ssids].ssid_len = 2421 ssid->ssid_len; 2422 params.num_ssids++; 2423 } 2424 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2425 ssid->ssid_len); 2426 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2427 params.num_filter_ssids++; 2428 i++; 2429 if (i == num_match_ssid) 2430 break; 2431 } 2432 if (ssid->pnext) 2433 ssid = ssid->pnext; 2434 else if (prio + 1 == wpa_s->conf->num_prio) 2435 break; 2436 else 2437 ssid = wpa_s->conf->pssid[++prio]; 2438 } 2439 2440 if (wpa_s->conf->filter_rssi) 2441 params.filter_rssi = wpa_s->conf->filter_rssi; 2442 2443 if (wpa_s->sched_scan_plans_num) { 2444 params.sched_scan_plans = wpa_s->sched_scan_plans; 2445 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 2446 } else { 2447 /* Set one scan plan that will run infinitely */ 2448 if (wpa_s->conf->sched_scan_interval) 2449 scan_plan.interval = wpa_s->conf->sched_scan_interval; 2450 else 2451 scan_plan.interval = 10; 2452 2453 scan_plan.iterations = 0; 2454 params.sched_scan_plans = &scan_plan; 2455 params.sched_scan_plans_num = 1; 2456 } 2457 2458 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2459 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2460 params.freqs = wpa_s->manual_sched_scan_freqs; 2461 } 2462 2463 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { 2464 params.mac_addr_rand = 1; 2465 if (wpa_s->mac_addr_pno) { 2466 params.mac_addr = wpa_s->mac_addr_pno; 2467 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2468 } 2469 } 2470 2471 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 2472 os_free(params.filter_ssids); 2473 if (ret == 0) 2474 wpa_s->pno = 1; 2475 else 2476 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2477 return ret; 2478} 2479 2480 2481int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2482{ 2483 int ret = 0; 2484 2485 if (!wpa_s->pno) 2486 return 0; 2487 2488 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2489 2490 wpa_s->pno = 0; 2491 wpa_s->pno_sched_pending = 0; 2492 2493 if (wpa_s->wpa_state == WPA_SCANNING) 2494 wpa_supplicant_req_scan(wpa_s, 0, 0); 2495 2496 return ret; 2497} 2498 2499 2500void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2501 unsigned int type) 2502{ 2503 type &= MAC_ADDR_RAND_ALL; 2504 wpa_s->mac_addr_rand_enable &= ~type; 2505 2506 if (type & MAC_ADDR_RAND_SCAN) { 2507 os_free(wpa_s->mac_addr_scan); 2508 wpa_s->mac_addr_scan = NULL; 2509 } 2510 2511 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2512 os_free(wpa_s->mac_addr_sched_scan); 2513 wpa_s->mac_addr_sched_scan = NULL; 2514 } 2515 2516 if (type & MAC_ADDR_RAND_PNO) { 2517 os_free(wpa_s->mac_addr_pno); 2518 wpa_s->mac_addr_pno = NULL; 2519 } 2520} 2521 2522 2523int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2524 unsigned int type, const u8 *addr, 2525 const u8 *mask) 2526{ 2527 u8 *tmp = NULL; 2528 2529 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2530 2531 if (addr) { 2532 tmp = os_malloc(2 * ETH_ALEN); 2533 if (!tmp) 2534 return -1; 2535 os_memcpy(tmp, addr, ETH_ALEN); 2536 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2537 } 2538 2539 if (type == MAC_ADDR_RAND_SCAN) { 2540 wpa_s->mac_addr_scan = tmp; 2541 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2542 wpa_s->mac_addr_sched_scan = tmp; 2543 } else if (type == MAC_ADDR_RAND_PNO) { 2544 wpa_s->mac_addr_pno = tmp; 2545 } else { 2546 wpa_printf(MSG_INFO, 2547 "scan: Invalid MAC randomization type=0x%x", 2548 type); 2549 os_free(tmp); 2550 return -1; 2551 } 2552 2553 wpa_s->mac_addr_rand_enable |= type; 2554 return 0; 2555} 2556 2557 2558int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 2559{ 2560 int scan_work = !!wpa_s->scan_work; 2561 2562#ifdef CONFIG_P2P 2563 scan_work |= !!wpa_s->p2p_scan_work; 2564#endif /* CONFIG_P2P */ 2565 2566 if (scan_work && wpa_s->own_scan_running) { 2567 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 2568 return wpa_drv_abort_scan(wpa_s); 2569 } 2570 2571 return 0; 2572} 2573 2574 2575int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 2576{ 2577 struct sched_scan_plan *scan_plans = NULL; 2578 const char *token, *context = NULL; 2579 unsigned int num = 0; 2580 2581 if (!cmd) 2582 return -1; 2583 2584 if (!cmd[0]) { 2585 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 2586 os_free(wpa_s->sched_scan_plans); 2587 wpa_s->sched_scan_plans = NULL; 2588 wpa_s->sched_scan_plans_num = 0; 2589 return 0; 2590 } 2591 2592 while ((token = cstr_token(cmd, " ", &context))) { 2593 int ret; 2594 struct sched_scan_plan *scan_plan, *n; 2595 2596 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 2597 if (!n) 2598 goto fail; 2599 2600 scan_plans = n; 2601 scan_plan = &scan_plans[num]; 2602 num++; 2603 2604 ret = sscanf(token, "%u:%u", &scan_plan->interval, 2605 &scan_plan->iterations); 2606 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 2607 wpa_printf(MSG_ERROR, 2608 "Invalid sched scan plan input: %s", token); 2609 goto fail; 2610 } 2611 2612 if (!scan_plan->interval) { 2613 wpa_printf(MSG_ERROR, 2614 "scan plan %u: Interval cannot be zero", 2615 num); 2616 goto fail; 2617 } 2618 2619 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 2620 wpa_printf(MSG_WARNING, 2621 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 2622 num, scan_plan->interval, 2623 wpa_s->max_sched_scan_plan_interval); 2624 scan_plan->interval = 2625 wpa_s->max_sched_scan_plan_interval; 2626 } 2627 2628 if (ret == 1) { 2629 scan_plan->iterations = 0; 2630 break; 2631 } 2632 2633 if (!scan_plan->iterations) { 2634 wpa_printf(MSG_ERROR, 2635 "scan plan %u: Number of iterations cannot be zero", 2636 num); 2637 goto fail; 2638 } 2639 2640 if (scan_plan->iterations > 2641 wpa_s->max_sched_scan_plan_iterations) { 2642 wpa_printf(MSG_WARNING, 2643 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 2644 num, scan_plan->iterations, 2645 wpa_s->max_sched_scan_plan_iterations); 2646 scan_plan->iterations = 2647 wpa_s->max_sched_scan_plan_iterations; 2648 } 2649 2650 wpa_printf(MSG_DEBUG, 2651 "scan plan %u: interval=%u iterations=%u", 2652 num, scan_plan->interval, scan_plan->iterations); 2653 } 2654 2655 if (!scan_plans) { 2656 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 2657 goto fail; 2658 } 2659 2660 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 2661 wpa_printf(MSG_ERROR, 2662 "All scan plans but the last must specify a number of iterations"); 2663 goto fail; 2664 } 2665 2666 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 2667 num, scan_plans[num - 1].interval); 2668 2669 if (num > wpa_s->max_sched_scan_plans) { 2670 wpa_printf(MSG_WARNING, 2671 "Too many scheduled scan plans (only %u supported)", 2672 wpa_s->max_sched_scan_plans); 2673 wpa_printf(MSG_WARNING, 2674 "Use only the first %u scan plans, and the last one (in infinite loop)", 2675 wpa_s->max_sched_scan_plans - 1); 2676 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 2677 &scan_plans[num - 1], sizeof(*scan_plans)); 2678 num = wpa_s->max_sched_scan_plans; 2679 } 2680 2681 os_free(wpa_s->sched_scan_plans); 2682 wpa_s->sched_scan_plans = scan_plans; 2683 wpa_s->sched_scan_plans_num = num; 2684 2685 return 0; 2686 2687fail: 2688 os_free(scan_plans); 2689 wpa_printf(MSG_ERROR, "invalid scan plans list"); 2690 return -1; 2691} 2692