1 /* 2 * BSS table 3 * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "drivers/driver.h" 15 #include "eap_peer/eap.h" 16 #include "wpa_supplicant_i.h" 17 #include "config.h" 18 #include "notify.h" 19 #include "scan.h" 20 #include "bss.h" 21 22 static void wpa_bss_set_hessid(struct wpa_bss *bss) 23 { 24 #ifdef CONFIG_INTERWORKING 25 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING); 26 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) { 27 os_memset(bss->hessid, 0, ETH_ALEN); 28 return; 29 } 30 if (ie[1] == 7) 31 os_memcpy(bss->hessid, ie + 3, ETH_ALEN); 32 else 33 os_memcpy(bss->hessid, ie + 5, ETH_ALEN); 34 #endif /* CONFIG_INTERWORKING */ 35 } 36 37 38 /** 39 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry 40 * Returns: Allocated ANQP data structure or %NULL on failure 41 * 42 * The allocated ANQP data structure has its users count set to 1. It may be 43 * shared by multiple BSS entries and each shared entry is freed with 44 * wpa_bss_anqp_free(). 45 */ 46 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void) 47 { 48 struct wpa_bss_anqp *anqp; 49 anqp = os_zalloc(sizeof(*anqp)); 50 if (anqp == NULL) 51 return NULL; 52 #ifdef CONFIG_INTERWORKING 53 dl_list_init(&anqp->anqp_elems); 54 #endif /* CONFIG_INTERWORKING */ 55 anqp->users = 1; 56 return anqp; 57 } 58 59 60 /** 61 * wpa_bss_anqp_clone - Clone an ANQP data structure 62 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() 63 * Returns: Cloned ANQP data structure or %NULL on failure 64 */ 65 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp) 66 { 67 struct wpa_bss_anqp *n; 68 69 n = os_zalloc(sizeof(*n)); 70 if (n == NULL) 71 return NULL; 72 73 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f) 74 #ifdef CONFIG_INTERWORKING 75 dl_list_init(&n->anqp_elems); 76 ANQP_DUP(capability_list); 77 ANQP_DUP(venue_name); 78 ANQP_DUP(network_auth_type); 79 ANQP_DUP(roaming_consortium); 80 ANQP_DUP(ip_addr_type_availability); 81 ANQP_DUP(nai_realm); 82 ANQP_DUP(anqp_3gpp); 83 ANQP_DUP(domain_name); 84 ANQP_DUP(fils_realm_info); 85 #endif /* CONFIG_INTERWORKING */ 86 #ifdef CONFIG_HS20 87 ANQP_DUP(hs20_capability_list); 88 ANQP_DUP(hs20_operator_friendly_name); 89 ANQP_DUP(hs20_wan_metrics); 90 ANQP_DUP(hs20_connection_capability); 91 ANQP_DUP(hs20_operating_class); 92 ANQP_DUP(hs20_osu_providers_list); 93 ANQP_DUP(hs20_operator_icon_metadata); 94 ANQP_DUP(hs20_osu_providers_nai_list); 95 #endif /* CONFIG_HS20 */ 96 #undef ANQP_DUP 97 98 return n; 99 } 100 101 102 /** 103 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry 104 * @bss: BSS entry 105 * Returns: 0 on success, -1 on failure 106 * 107 * This function ensures the specific BSS entry has an ANQP data structure that 108 * is not shared with any other BSS entry. 109 */ 110 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss) 111 { 112 struct wpa_bss_anqp *anqp; 113 114 if (bss->anqp && bss->anqp->users > 1) { 115 /* allocated, but shared - clone an unshared copy */ 116 anqp = wpa_bss_anqp_clone(bss->anqp); 117 if (anqp == NULL) 118 return -1; 119 anqp->users = 1; 120 bss->anqp->users--; 121 bss->anqp = anqp; 122 return 0; 123 } 124 125 if (bss->anqp) 126 return 0; /* already allocated and not shared */ 127 128 /* not allocated - allocate a new storage area */ 129 bss->anqp = wpa_bss_anqp_alloc(); 130 return bss->anqp ? 0 : -1; 131 } 132 133 134 /** 135 * wpa_bss_anqp_free - Free an ANQP data structure 136 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone() 137 */ 138 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp) 139 { 140 #ifdef CONFIG_INTERWORKING 141 struct wpa_bss_anqp_elem *elem; 142 #endif /* CONFIG_INTERWORKING */ 143 144 if (anqp == NULL) 145 return; 146 147 anqp->users--; 148 if (anqp->users > 0) { 149 /* Another BSS entry holds a pointer to this ANQP info */ 150 return; 151 } 152 153 #ifdef CONFIG_INTERWORKING 154 wpabuf_free(anqp->capability_list); 155 wpabuf_free(anqp->venue_name); 156 wpabuf_free(anqp->network_auth_type); 157 wpabuf_free(anqp->roaming_consortium); 158 wpabuf_free(anqp->ip_addr_type_availability); 159 wpabuf_free(anqp->nai_realm); 160 wpabuf_free(anqp->anqp_3gpp); 161 wpabuf_free(anqp->domain_name); 162 wpabuf_free(anqp->fils_realm_info); 163 164 while ((elem = dl_list_first(&anqp->anqp_elems, 165 struct wpa_bss_anqp_elem, list))) { 166 dl_list_del(&elem->list); 167 wpabuf_free(elem->payload); 168 os_free(elem); 169 } 170 #endif /* CONFIG_INTERWORKING */ 171 #ifdef CONFIG_HS20 172 wpabuf_free(anqp->hs20_capability_list); 173 wpabuf_free(anqp->hs20_operator_friendly_name); 174 wpabuf_free(anqp->hs20_wan_metrics); 175 wpabuf_free(anqp->hs20_connection_capability); 176 wpabuf_free(anqp->hs20_operating_class); 177 wpabuf_free(anqp->hs20_osu_providers_list); 178 wpabuf_free(anqp->hs20_operator_icon_metadata); 179 wpabuf_free(anqp->hs20_osu_providers_nai_list); 180 #endif /* CONFIG_HS20 */ 181 182 os_free(anqp); 183 } 184 185 186 static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s, 187 struct wpa_bss *old_bss, 188 struct wpa_bss *new_bss) 189 { 190 struct wpa_radio_work *work; 191 struct wpa_connect_work *cwork; 192 193 work = radio_work_pending(wpa_s, "sme-connect"); 194 if (!work) 195 work = radio_work_pending(wpa_s, "connect"); 196 if (!work) 197 return; 198 199 cwork = work->ctx; 200 if (cwork->bss != old_bss) 201 return; 202 203 wpa_printf(MSG_DEBUG, 204 "Update BSS pointer for the pending connect radio work"); 205 cwork->bss = new_bss; 206 if (!new_bss) 207 cwork->bss_removed = 1; 208 } 209 210 211 void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 212 const char *reason) 213 { 214 if (wpa_s->last_scan_res) { 215 unsigned int i; 216 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 217 if (wpa_s->last_scan_res[i] == bss) { 218 os_memmove(&wpa_s->last_scan_res[i], 219 &wpa_s->last_scan_res[i + 1], 220 (wpa_s->last_scan_res_used - i - 1) 221 * sizeof(struct wpa_bss *)); 222 wpa_s->last_scan_res_used--; 223 break; 224 } 225 } 226 } 227 wpa_bss_update_pending_connect(wpa_s, bss, NULL); 228 dl_list_del(&bss->list); 229 dl_list_del(&bss->list_id); 230 wpa_s->num_bss--; 231 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR 232 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid), 233 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason); 234 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id); 235 wpa_bss_anqp_free(bss->anqp); 236 os_free(bss); 237 } 238 239 240 /** 241 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID 242 * @wpa_s: Pointer to wpa_supplicant data 243 * @bssid: BSSID 244 * @ssid: SSID 245 * @ssid_len: Length of @ssid 246 * Returns: Pointer to the BSS entry or %NULL if not found 247 */ 248 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid, 249 const u8 *ssid, size_t ssid_len) 250 { 251 struct wpa_bss *bss; 252 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 253 return NULL; 254 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 255 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 && 256 bss->ssid_len == ssid_len && 257 os_memcmp(bss->ssid, ssid, ssid_len) == 0) 258 return bss; 259 } 260 return NULL; 261 } 262 263 264 void calculate_update_time(const struct os_reltime *fetch_time, 265 unsigned int age_ms, 266 struct os_reltime *update_time) 267 { 268 os_time_t usec; 269 270 update_time->sec = fetch_time->sec; 271 update_time->usec = fetch_time->usec; 272 update_time->sec -= age_ms / 1000; 273 usec = (age_ms % 1000) * 1000; 274 if (update_time->usec < usec) { 275 update_time->sec--; 276 update_time->usec += 1000000; 277 } 278 update_time->usec -= usec; 279 } 280 281 282 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, 283 struct os_reltime *fetch_time) 284 { 285 dst->flags = src->flags; 286 os_memcpy(dst->bssid, src->bssid, ETH_ALEN); 287 dst->freq = src->freq; 288 dst->beacon_int = src->beacon_int; 289 dst->caps = src->caps; 290 dst->qual = src->qual; 291 dst->noise = src->noise; 292 dst->level = src->level; 293 dst->tsf = src->tsf; 294 dst->est_throughput = src->est_throughput; 295 dst->snr = src->snr; 296 297 calculate_update_time(fetch_time, src->age, &dst->last_update); 298 } 299 300 301 static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s, 302 struct wpa_bss *bss) 303 { 304 #ifdef CONFIG_WPS 305 struct wpa_ssid *ssid; 306 struct wpabuf *wps_ie; 307 int pbc = 0, ret; 308 309 wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); 310 if (!wps_ie) 311 return 0; 312 313 if (wps_is_selected_pbc_registrar(wps_ie)) { 314 pbc = 1; 315 } else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { 316 wpabuf_free(wps_ie); 317 return 0; 318 } 319 320 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 321 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 322 continue; 323 if (ssid->ssid_len && 324 (ssid->ssid_len != bss->ssid_len || 325 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0)) 326 continue; 327 328 if (pbc) 329 ret = eap_is_wps_pbc_enrollee(&ssid->eap); 330 else 331 ret = eap_is_wps_pin_enrollee(&ssid->eap); 332 wpabuf_free(wps_ie); 333 return ret; 334 } 335 wpabuf_free(wps_ie); 336 #endif /* CONFIG_WPS */ 337 338 return 0; 339 } 340 341 342 static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s, 343 struct wpa_bss *bss) 344 { 345 #ifdef CONFIG_P2P 346 u8 addr[ETH_ALEN]; 347 348 if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr, 349 ETH_ALEN) == 0) 350 return true; 351 if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) && 352 p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 && 353 os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0) 354 return true; 355 #endif /* CONFIG_P2P */ 356 return false; 357 } 358 359 360 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 361 { 362 struct wpa_ssid *ssid; 363 364 if (is_p2p_pending_bss(wpa_s, bss)) 365 return 1; 366 367 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 368 if (ssid->ssid == NULL || ssid->ssid_len == 0) 369 continue; 370 if (ssid->ssid_len == bss->ssid_len && 371 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0) 372 return 1; 373 } 374 375 return 0; 376 } 377 378 379 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 380 { 381 if (bss == wpa_s->current_bss) 382 return 1; 383 384 if (wpa_s->current_bss && 385 (bss->ssid_len != wpa_s->current_bss->ssid_len || 386 os_memcmp(bss->ssid, wpa_s->current_bss->ssid, 387 bss->ssid_len) != 0)) 388 return 0; /* SSID has changed */ 389 390 return !is_zero_ether_addr(bss->bssid) && 391 (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 || 392 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0); 393 } 394 395 396 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s) 397 { 398 struct wpa_bss *bss; 399 400 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 401 if (!wpa_bss_known(wpa_s, bss) && 402 !wpa_bss_is_wps_candidate(wpa_s, bss)) { 403 wpa_bss_remove(wpa_s, bss, __func__); 404 return 0; 405 } 406 } 407 408 return -1; 409 } 410 411 412 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s) 413 { 414 struct wpa_bss *bss; 415 416 /* 417 * Remove the oldest entry that does not match with any configured 418 * network. 419 */ 420 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0) 421 return 0; 422 423 /* 424 * Remove the oldest entry that isn't currently in use. 425 */ 426 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 427 if (!wpa_bss_in_use(wpa_s, bss)) { 428 wpa_bss_remove(wpa_s, bss, __func__); 429 return 0; 430 } 431 } 432 433 return -1; 434 } 435 436 437 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s, 438 const u8 *ssid, size_t ssid_len, 439 struct wpa_scan_res *res, 440 struct os_reltime *fetch_time) 441 { 442 struct wpa_bss *bss; 443 char extra[50]; 444 445 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len); 446 if (bss == NULL) 447 return NULL; 448 bss->id = wpa_s->bss_next_id++; 449 bss->last_update_idx = wpa_s->bss_update_idx; 450 wpa_bss_copy_res(bss, res, fetch_time); 451 os_memcpy(bss->ssid, ssid, ssid_len); 452 bss->ssid_len = ssid_len; 453 bss->ie_len = res->ie_len; 454 bss->beacon_ie_len = res->beacon_ie_len; 455 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len); 456 wpa_bss_set_hessid(bss); 457 458 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count && 459 wpa_bss_remove_oldest(wpa_s) != 0) { 460 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d " 461 "because all BSSes are in use. We should normally " 462 "not get here!", (int) wpa_s->num_bss + 1); 463 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1; 464 } 465 466 dl_list_add_tail(&wpa_s->bss, &bss->list); 467 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id); 468 wpa_s->num_bss++; 469 if (!is_zero_ether_addr(bss->hessid)) 470 os_snprintf(extra, sizeof(extra), " HESSID " MACSTR, 471 MAC2STR(bss->hessid)); 472 else 473 extra[0] = '\0'; 474 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR 475 " SSID '%s' freq %d%s", 476 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len), 477 bss->freq, extra); 478 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id); 479 return bss; 480 } 481 482 483 static int are_ies_equal(const struct wpa_bss *old, 484 const struct wpa_scan_res *new_res, u32 ie) 485 { 486 const u8 *old_ie, *new_ie; 487 struct wpabuf *old_ie_buff = NULL; 488 struct wpabuf *new_ie_buff = NULL; 489 int new_ie_len, old_ie_len, ret, is_multi; 490 491 switch (ie) { 492 case WPA_IE_VENDOR_TYPE: 493 old_ie = wpa_bss_get_vendor_ie(old, ie); 494 new_ie = wpa_scan_get_vendor_ie(new_res, ie); 495 is_multi = 0; 496 break; 497 case WPS_IE_VENDOR_TYPE: 498 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie); 499 new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie); 500 is_multi = 1; 501 break; 502 case WLAN_EID_RSN: 503 case WLAN_EID_SUPP_RATES: 504 case WLAN_EID_EXT_SUPP_RATES: 505 old_ie = wpa_bss_get_ie(old, ie); 506 new_ie = wpa_scan_get_ie(new_res, ie); 507 is_multi = 0; 508 break; 509 default: 510 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__); 511 return 0; 512 } 513 514 if (is_multi) { 515 /* in case of multiple IEs stored in buffer */ 516 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL; 517 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL; 518 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0; 519 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0; 520 } else { 521 /* in case of single IE */ 522 old_ie_len = old_ie ? old_ie[1] + 2 : 0; 523 new_ie_len = new_ie ? new_ie[1] + 2 : 0; 524 } 525 526 if (!old_ie || !new_ie) 527 ret = !old_ie && !new_ie; 528 else 529 ret = (old_ie_len == new_ie_len && 530 os_memcmp(old_ie, new_ie, old_ie_len) == 0); 531 532 wpabuf_free(old_ie_buff); 533 wpabuf_free(new_ie_buff); 534 535 return ret; 536 } 537 538 539 static u32 wpa_bss_compare_res(const struct wpa_bss *old, 540 const struct wpa_scan_res *new_res) 541 { 542 u32 changes = 0; 543 int caps_diff = old->caps ^ new_res->caps; 544 545 if (old->freq != new_res->freq) 546 changes |= WPA_BSS_FREQ_CHANGED_FLAG; 547 548 if (old->level != new_res->level) 549 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG; 550 551 if (caps_diff & IEEE80211_CAP_PRIVACY) 552 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG; 553 554 if (caps_diff & IEEE80211_CAP_IBSS) 555 changes |= WPA_BSS_MODE_CHANGED_FLAG; 556 557 if (old->ie_len == new_res->ie_len && 558 os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0) 559 return changes; 560 changes |= WPA_BSS_IES_CHANGED_FLAG; 561 562 if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE)) 563 changes |= WPA_BSS_WPAIE_CHANGED_FLAG; 564 565 if (!are_ies_equal(old, new_res, WLAN_EID_RSN)) 566 changes |= WPA_BSS_RSNIE_CHANGED_FLAG; 567 568 if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE)) 569 changes |= WPA_BSS_WPS_CHANGED_FLAG; 570 571 if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) || 572 !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES)) 573 changes |= WPA_BSS_RATES_CHANGED_FLAG; 574 575 return changes; 576 } 577 578 579 void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes, 580 const struct wpa_bss *bss) 581 { 582 if (changes & WPA_BSS_FREQ_CHANGED_FLAG) 583 wpas_notify_bss_freq_changed(wpa_s, bss->id); 584 585 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG) 586 wpas_notify_bss_signal_changed(wpa_s, bss->id); 587 588 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG) 589 wpas_notify_bss_privacy_changed(wpa_s, bss->id); 590 591 if (changes & WPA_BSS_MODE_CHANGED_FLAG) 592 wpas_notify_bss_mode_changed(wpa_s, bss->id); 593 594 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG) 595 wpas_notify_bss_wpaie_changed(wpa_s, bss->id); 596 597 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG) 598 wpas_notify_bss_rsnie_changed(wpa_s, bss->id); 599 600 if (changes & WPA_BSS_WPS_CHANGED_FLAG) 601 wpas_notify_bss_wps_changed(wpa_s, bss->id); 602 603 if (changes & WPA_BSS_IES_CHANGED_FLAG) 604 wpas_notify_bss_ies_changed(wpa_s, bss->id); 605 606 if (changes & WPA_BSS_RATES_CHANGED_FLAG) 607 wpas_notify_bss_rates_changed(wpa_s, bss->id); 608 609 wpas_notify_bss_seen(wpa_s, bss->id); 610 } 611 612 613 static struct wpa_bss * 614 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 615 struct wpa_scan_res *res, struct os_reltime *fetch_time) 616 { 617 u32 changes; 618 619 if (bss->last_update_idx == wpa_s->bss_update_idx) { 620 struct os_reltime update_time; 621 622 /* 623 * Some drivers (e.g., cfg80211) include multiple BSS entries 624 * for the same BSS if that BSS's channel changes. The BSS list 625 * implementation in wpa_supplicant does not do that and we need 626 * to filter out the obsolete results here to make sure only the 627 * most current BSS information remains in the table. 628 */ 629 wpa_printf(MSG_DEBUG, "BSS: " MACSTR 630 " has multiple entries in the scan results - select the most current one", 631 MAC2STR(bss->bssid)); 632 calculate_update_time(fetch_time, res->age, &update_time); 633 wpa_printf(MSG_DEBUG, 634 "Previous last_update: %u.%06u (freq %d%s)", 635 (unsigned int) bss->last_update.sec, 636 (unsigned int) bss->last_update.usec, 637 bss->freq, 638 (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : ""); 639 wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)", 640 (unsigned int) update_time.sec, 641 (unsigned int) update_time.usec, 642 res->freq, 643 (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : ""); 644 if ((bss->flags & WPA_BSS_ASSOCIATED) || 645 (!(res->flags & WPA_SCAN_ASSOCIATED) && 646 !os_reltime_before(&bss->last_update, &update_time))) { 647 wpa_printf(MSG_DEBUG, 648 "Ignore this BSS entry since the previous update looks more current"); 649 return bss; 650 } 651 wpa_printf(MSG_DEBUG, 652 "Accept this BSS entry since it looks more current than the previous update"); 653 } 654 655 changes = wpa_bss_compare_res(bss, res); 656 if (changes & WPA_BSS_FREQ_CHANGED_FLAG) 657 wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d", 658 MAC2STR(bss->bssid), bss->freq, res->freq); 659 bss->scan_miss_count = 0; 660 bss->last_update_idx = wpa_s->bss_update_idx; 661 wpa_bss_copy_res(bss, res, fetch_time); 662 /* Move the entry to the end of the list */ 663 dl_list_del(&bss->list); 664 #ifdef CONFIG_P2P 665 if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) && 666 !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) { 667 /* 668 * This can happen when non-P2P station interface runs a scan 669 * without P2P IE in the Probe Request frame. P2P GO would reply 670 * to that with a Probe Response that does not include P2P IE. 671 * Do not update the IEs in this BSS entry to avoid such loss of 672 * information that may be needed for P2P operations to 673 * determine group information. 674 */ 675 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for " 676 MACSTR " since that would remove P2P IE information", 677 MAC2STR(bss->bssid)); 678 } else 679 #endif /* CONFIG_P2P */ 680 if (bss->ie_len + bss->beacon_ie_len >= 681 res->ie_len + res->beacon_ie_len) { 682 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len); 683 bss->ie_len = res->ie_len; 684 bss->beacon_ie_len = res->beacon_ie_len; 685 } else { 686 struct wpa_bss *nbss; 687 struct dl_list *prev = bss->list_id.prev; 688 dl_list_del(&bss->list_id); 689 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + 690 res->beacon_ie_len); 691 if (nbss) { 692 unsigned int i; 693 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 694 if (wpa_s->last_scan_res[i] == bss) { 695 wpa_s->last_scan_res[i] = nbss; 696 break; 697 } 698 } 699 if (wpa_s->current_bss == bss) 700 wpa_s->current_bss = nbss; 701 wpa_bss_update_pending_connect(wpa_s, bss, nbss); 702 bss = nbss; 703 os_memcpy(bss->ies, res + 1, 704 res->ie_len + res->beacon_ie_len); 705 bss->ie_len = res->ie_len; 706 bss->beacon_ie_len = res->beacon_ie_len; 707 } 708 dl_list_add(prev, &bss->list_id); 709 } 710 if (changes & WPA_BSS_IES_CHANGED_FLAG) 711 wpa_bss_set_hessid(bss); 712 dl_list_add_tail(&wpa_s->bss, &bss->list); 713 714 notify_bss_changes(wpa_s, changes, bss); 715 716 return bss; 717 } 718 719 720 /** 721 * wpa_bss_update_start - Start a BSS table update from scan results 722 * @wpa_s: Pointer to wpa_supplicant data 723 * 724 * This function is called at the start of each BSS table update round for new 725 * scan results. The actual scan result entries are indicated with calls to 726 * wpa_bss_update_scan_res() and the update round is finished with a call to 727 * wpa_bss_update_end(). 728 */ 729 void wpa_bss_update_start(struct wpa_supplicant *wpa_s) 730 { 731 wpa_s->bss_update_idx++; 732 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u", 733 wpa_s->bss_update_idx); 734 wpa_s->last_scan_res_used = 0; 735 } 736 737 738 /** 739 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result 740 * @wpa_s: Pointer to wpa_supplicant data 741 * @res: Scan result 742 * @fetch_time: Time when the result was fetched from the driver 743 * 744 * This function updates a BSS table entry (or adds one) based on a scan result. 745 * This is called separately for each scan result between the calls to 746 * wpa_bss_update_start() and wpa_bss_update_end(). 747 */ 748 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, 749 struct wpa_scan_res *res, 750 struct os_reltime *fetch_time) 751 { 752 const u8 *ssid, *p2p, *mesh; 753 struct wpa_bss *bss; 754 755 if (wpa_s->conf->ignore_old_scan_res) { 756 struct os_reltime update; 757 calculate_update_time(fetch_time, res->age, &update); 758 if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) { 759 struct os_reltime age; 760 os_reltime_sub(&wpa_s->scan_trigger_time, &update, 761 &age); 762 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS " 763 "table entry that is %u.%06u seconds older " 764 "than our scan trigger", 765 (unsigned int) age.sec, 766 (unsigned int) age.usec); 767 return; 768 } 769 } 770 771 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID); 772 if (ssid == NULL) { 773 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for " 774 MACSTR, MAC2STR(res->bssid)); 775 return; 776 } 777 if (ssid[1] > SSID_MAX_LEN) { 778 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for " 779 MACSTR, MAC2STR(res->bssid)); 780 return; 781 } 782 783 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE); 784 #ifdef CONFIG_P2P 785 if (p2p == NULL && 786 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) { 787 /* 788 * If it's a P2P specific interface, then don't update 789 * the scan result without a P2P IE. 790 */ 791 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR 792 " update for P2P interface", MAC2STR(res->bssid)); 793 return; 794 } 795 #endif /* CONFIG_P2P */ 796 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN && 797 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0) 798 return; /* Skip P2P listen discovery results here */ 799 800 /* TODO: add option for ignoring BSSes we are not interested in 801 * (to save memory) */ 802 803 mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID); 804 if (mesh && mesh[1] <= SSID_MAX_LEN) 805 ssid = mesh; 806 807 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); 808 if (bss == NULL) 809 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time); 810 else { 811 bss = wpa_bss_update(wpa_s, bss, res, fetch_time); 812 if (wpa_s->last_scan_res) { 813 unsigned int i; 814 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 815 if (bss == wpa_s->last_scan_res[i]) { 816 /* Already in the list */ 817 return; 818 } 819 } 820 } 821 } 822 823 if (bss == NULL) 824 return; 825 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) { 826 struct wpa_bss **n; 827 unsigned int siz; 828 if (wpa_s->last_scan_res_size == 0) 829 siz = 32; 830 else 831 siz = wpa_s->last_scan_res_size * 2; 832 n = os_realloc_array(wpa_s->last_scan_res, siz, 833 sizeof(struct wpa_bss *)); 834 if (n == NULL) 835 return; 836 wpa_s->last_scan_res = n; 837 wpa_s->last_scan_res_size = siz; 838 } 839 840 if (wpa_s->last_scan_res) 841 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss; 842 } 843 844 845 static int wpa_bss_included_in_scan(const struct wpa_bss *bss, 846 const struct scan_info *info) 847 { 848 int found; 849 size_t i; 850 851 if (info == NULL) 852 return 1; 853 854 if (info->num_freqs) { 855 found = 0; 856 for (i = 0; i < info->num_freqs; i++) { 857 if (bss->freq == info->freqs[i]) { 858 found = 1; 859 break; 860 } 861 } 862 if (!found) 863 return 0; 864 } 865 866 if (info->num_ssids) { 867 found = 0; 868 for (i = 0; i < info->num_ssids; i++) { 869 const struct wpa_driver_scan_ssid *s = &info->ssids[i]; 870 if ((s->ssid == NULL || s->ssid_len == 0) || 871 (s->ssid_len == bss->ssid_len && 872 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) == 873 0)) { 874 found = 1; 875 break; 876 } 877 } 878 if (!found) 879 return 0; 880 } 881 882 return 1; 883 } 884 885 886 /** 887 * wpa_bss_update_end - End a BSS table update from scan results 888 * @wpa_s: Pointer to wpa_supplicant data 889 * @info: Information about scan parameters 890 * @new_scan: Whether this update round was based on a new scan 891 * 892 * This function is called at the end of each BSS table update round for new 893 * scan results. The start of the update was indicated with a call to 894 * wpa_bss_update_start(). 895 */ 896 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info, 897 int new_scan) 898 { 899 struct wpa_bss *bss, *n; 900 901 os_get_reltime(&wpa_s->last_scan); 902 if ((info && info->aborted) || !new_scan) 903 return; /* do not expire entries without new scan */ 904 905 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 906 if (wpa_bss_in_use(wpa_s, bss)) 907 continue; 908 if (!wpa_bss_included_in_scan(bss, info)) 909 continue; /* expire only BSSes that were scanned */ 910 if (bss->last_update_idx < wpa_s->bss_update_idx) 911 bss->scan_miss_count++; 912 if (bss->scan_miss_count >= 913 wpa_s->conf->bss_expiration_scan_count) { 914 wpa_bss_remove(wpa_s, bss, "no match in scan"); 915 } 916 } 917 918 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu", 919 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size); 920 } 921 922 923 /** 924 * wpa_bss_flush_by_age - Flush old BSS entries 925 * @wpa_s: Pointer to wpa_supplicant data 926 * @age: Maximum entry age in seconds 927 * 928 * Remove BSS entries that have not been updated during the last @age seconds. 929 */ 930 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age) 931 { 932 struct wpa_bss *bss, *n; 933 struct os_reltime t; 934 935 if (dl_list_empty(&wpa_s->bss)) 936 return; 937 938 os_get_reltime(&t); 939 t.sec -= age; 940 941 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 942 if (wpa_bss_in_use(wpa_s, bss)) 943 continue; 944 945 if (os_reltime_before(&bss->last_update, &t)) { 946 wpa_bss_remove(wpa_s, bss, __func__); 947 } else 948 break; 949 } 950 } 951 952 953 /** 954 * wpa_bss_init - Initialize BSS table 955 * @wpa_s: Pointer to wpa_supplicant data 956 * Returns: 0 on success, -1 on failure 957 * 958 * This prepares BSS table lists and timer for periodic updates. The BSS table 959 * is deinitialized with wpa_bss_deinit() once not needed anymore. 960 */ 961 int wpa_bss_init(struct wpa_supplicant *wpa_s) 962 { 963 dl_list_init(&wpa_s->bss); 964 dl_list_init(&wpa_s->bss_id); 965 return 0; 966 } 967 968 969 /** 970 * wpa_bss_flush - Flush all unused BSS entries 971 * @wpa_s: Pointer to wpa_supplicant data 972 */ 973 void wpa_bss_flush(struct wpa_supplicant *wpa_s) 974 { 975 struct wpa_bss *bss, *n; 976 977 wpa_s->clear_driver_scan_cache = 1; 978 979 if (wpa_s->bss.next == NULL) 980 return; /* BSS table not yet initialized */ 981 982 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 983 if (wpa_bss_in_use(wpa_s, bss)) 984 continue; 985 wpa_bss_remove(wpa_s, bss, __func__); 986 } 987 } 988 989 990 /** 991 * wpa_bss_deinit - Deinitialize BSS table 992 * @wpa_s: Pointer to wpa_supplicant data 993 */ 994 void wpa_bss_deinit(struct wpa_supplicant *wpa_s) 995 { 996 wpa_bss_flush(wpa_s); 997 } 998 999 1000 /** 1001 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID 1002 * @wpa_s: Pointer to wpa_supplicant data 1003 * @bssid: BSSID 1004 * Returns: Pointer to the BSS entry or %NULL if not found 1005 */ 1006 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s, 1007 const u8 *bssid) 1008 { 1009 struct wpa_bss *bss; 1010 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 1011 return NULL; 1012 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 1013 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0) 1014 return bss; 1015 } 1016 return NULL; 1017 } 1018 1019 1020 /** 1021 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID 1022 * @wpa_s: Pointer to wpa_supplicant data 1023 * @bssid: BSSID 1024 * Returns: Pointer to the BSS entry or %NULL if not found 1025 * 1026 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to 1027 * find the entry that has the most recent update. This can help in finding the 1028 * correct entry in cases where the SSID of the AP may have changed recently 1029 * (e.g., in WPS reconfiguration cases). 1030 */ 1031 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s, 1032 const u8 *bssid) 1033 { 1034 struct wpa_bss *bss, *found = NULL; 1035 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 1036 return NULL; 1037 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 1038 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0) 1039 continue; 1040 if (found == NULL || 1041 os_reltime_before(&found->last_update, &bss->last_update)) 1042 found = bss; 1043 } 1044 return found; 1045 } 1046 1047 1048 #ifdef CONFIG_P2P 1049 /** 1050 * wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr 1051 * @wpa_s: Pointer to wpa_supplicant data 1052 * @dev_addr: P2P Device Address of the GO 1053 * Returns: Pointer to the BSS entry or %NULL if not found 1054 * 1055 * This function tries to find the entry that has the most recent update. This 1056 * can help in finding the correct entry in cases where the SSID of the P2P 1057 * Device may have changed recently. 1058 */ 1059 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s, 1060 const u8 *dev_addr) 1061 { 1062 struct wpa_bss *bss, *found = NULL; 1063 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 1064 u8 addr[ETH_ALEN]; 1065 if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, 1066 addr) != 0 || 1067 os_memcmp(addr, dev_addr, ETH_ALEN) != 0) 1068 continue; 1069 if (!found || 1070 os_reltime_before(&found->last_update, &bss->last_update)) 1071 found = bss; 1072 } 1073 return found; 1074 } 1075 #endif /* CONFIG_P2P */ 1076 1077 1078 /** 1079 * wpa_bss_get_id - Fetch a BSS table entry based on identifier 1080 * @wpa_s: Pointer to wpa_supplicant data 1081 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry 1082 * Returns: Pointer to the BSS entry or %NULL if not found 1083 */ 1084 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id) 1085 { 1086 struct wpa_bss *bss; 1087 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1088 if (bss->id == id) 1089 return bss; 1090 } 1091 return NULL; 1092 } 1093 1094 1095 /** 1096 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range 1097 * @wpa_s: Pointer to wpa_supplicant data 1098 * @idf: Smallest allowed identifier assigned for the entry 1099 * @idf: Largest allowed identifier assigned for the entry 1100 * Returns: Pointer to the BSS entry or %NULL if not found 1101 * 1102 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the 1103 * smallest id value to be fetched within the specified range without the 1104 * caller having to know the exact id. 1105 */ 1106 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s, 1107 unsigned int idf, unsigned int idl) 1108 { 1109 struct wpa_bss *bss; 1110 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) { 1111 if (bss->id >= idf && bss->id <= idl) 1112 return bss; 1113 } 1114 return NULL; 1115 } 1116 1117 1118 /** 1119 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry 1120 * @bss: BSS table entry 1121 * @ie: Information element identitifier (WLAN_EID_*) 1122 * Returns: Pointer to the information element (id field) or %NULL if not found 1123 * 1124 * This function returns the first matching information element in the BSS 1125 * entry. 1126 */ 1127 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie) 1128 { 1129 return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie); 1130 } 1131 1132 1133 /** 1134 * wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry 1135 * @bss: BSS table entry 1136 * @ext: Information element extension identifier (WLAN_EID_EXT_*) 1137 * Returns: Pointer to the information element (id field) or %NULL if not found 1138 * 1139 * This function returns the first matching information element in the BSS 1140 * entry. 1141 */ 1142 const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext) 1143 { 1144 return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext); 1145 } 1146 1147 1148 /** 1149 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry 1150 * @bss: BSS table entry 1151 * @vendor_type: Vendor type (four octets starting the IE payload) 1152 * Returns: Pointer to the information element (id field) or %NULL if not found 1153 * 1154 * This function returns the first matching information element in the BSS 1155 * entry. 1156 */ 1157 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type) 1158 { 1159 const u8 *ies; 1160 const struct element *elem; 1161 1162 ies = wpa_bss_ie_ptr(bss); 1163 1164 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) { 1165 if (elem->datalen >= 4 && 1166 vendor_type == WPA_GET_BE32(elem->data)) 1167 return &elem->id; 1168 } 1169 1170 return NULL; 1171 } 1172 1173 1174 /** 1175 * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry 1176 * @bss: BSS table entry 1177 * @vendor_type: Vendor type (four octets starting the IE payload) 1178 * Returns: Pointer to the information element (id field) or %NULL if not found 1179 * 1180 * This function returns the first matching information element in the BSS 1181 * entry. 1182 * 1183 * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only 1184 * from Beacon frames instead of either Beacon or Probe Response frames. 1185 */ 1186 const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss, 1187 u32 vendor_type) 1188 { 1189 const u8 *ies; 1190 const struct element *elem; 1191 1192 if (bss->beacon_ie_len == 0) 1193 return NULL; 1194 1195 ies = wpa_bss_ie_ptr(bss); 1196 ies += bss->ie_len; 1197 1198 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, 1199 bss->beacon_ie_len) { 1200 if (elem->datalen >= 4 && 1201 vendor_type == WPA_GET_BE32(elem->data)) 1202 return &elem->id; 1203 } 1204 1205 return NULL; 1206 } 1207 1208 1209 /** 1210 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry 1211 * @bss: BSS table entry 1212 * @vendor_type: Vendor type (four octets starting the IE payload) 1213 * Returns: Pointer to the information element payload or %NULL if not found 1214 * 1215 * This function returns concatenated payload of possibly fragmented vendor 1216 * specific information elements in the BSS entry. The caller is responsible for 1217 * freeing the returned buffer. 1218 */ 1219 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss, 1220 u32 vendor_type) 1221 { 1222 struct wpabuf *buf; 1223 const u8 *end, *pos; 1224 1225 buf = wpabuf_alloc(bss->ie_len); 1226 if (buf == NULL) 1227 return NULL; 1228 1229 pos = wpa_bss_ie_ptr(bss); 1230 end = pos + bss->ie_len; 1231 1232 while (end - pos > 1) { 1233 u8 ie, len; 1234 1235 ie = pos[0]; 1236 len = pos[1]; 1237 if (len > end - pos - 2) 1238 break; 1239 pos += 2; 1240 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 && 1241 vendor_type == WPA_GET_BE32(pos)) 1242 wpabuf_put_data(buf, pos + 4, len - 4); 1243 pos += len; 1244 } 1245 1246 if (wpabuf_len(buf) == 0) { 1247 wpabuf_free(buf); 1248 buf = NULL; 1249 } 1250 1251 return buf; 1252 } 1253 1254 1255 /** 1256 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry 1257 * @bss: BSS table entry 1258 * @vendor_type: Vendor type (four octets starting the IE payload) 1259 * Returns: Pointer to the information element payload or %NULL if not found 1260 * 1261 * This function returns concatenated payload of possibly fragmented vendor 1262 * specific information elements in the BSS entry. The caller is responsible for 1263 * freeing the returned buffer. 1264 * 1265 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only 1266 * from Beacon frames instead of either Beacon or Probe Response frames. 1267 */ 1268 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss, 1269 u32 vendor_type) 1270 { 1271 struct wpabuf *buf; 1272 const u8 *end, *pos; 1273 1274 buf = wpabuf_alloc(bss->beacon_ie_len); 1275 if (buf == NULL) 1276 return NULL; 1277 1278 pos = wpa_bss_ie_ptr(bss); 1279 pos += bss->ie_len; 1280 end = pos + bss->beacon_ie_len; 1281 1282 while (end - pos > 1) { 1283 if (2 + pos[1] > end - pos) 1284 break; 1285 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1286 vendor_type == WPA_GET_BE32(&pos[2])) 1287 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1288 pos += 2 + pos[1]; 1289 } 1290 1291 if (wpabuf_len(buf) == 0) { 1292 wpabuf_free(buf); 1293 buf = NULL; 1294 } 1295 1296 return buf; 1297 } 1298 1299 1300 /** 1301 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS 1302 * @bss: BSS table entry 1303 * Returns: Maximum legacy rate in units of 500 kbps 1304 */ 1305 int wpa_bss_get_max_rate(const struct wpa_bss *bss) 1306 { 1307 int rate = 0; 1308 const u8 *ie; 1309 int i; 1310 1311 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1312 for (i = 0; ie && i < ie[1]; i++) { 1313 if ((ie[i + 2] & 0x7f) > rate) 1314 rate = ie[i + 2] & 0x7f; 1315 } 1316 1317 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1318 for (i = 0; ie && i < ie[1]; i++) { 1319 if ((ie[i + 2] & 0x7f) > rate) 1320 rate = ie[i + 2] & 0x7f; 1321 } 1322 1323 return rate; 1324 } 1325 1326 1327 /** 1328 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS 1329 * @bss: BSS table entry 1330 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps) 1331 * Returns: number of legacy TX rates or -1 on failure 1332 * 1333 * The caller is responsible for freeing the returned buffer with os_free() in 1334 * case of success. 1335 */ 1336 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates) 1337 { 1338 const u8 *ie, *ie2; 1339 int i, j; 1340 unsigned int len; 1341 u8 *r; 1342 1343 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1344 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1345 1346 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0); 1347 1348 r = os_malloc(len); 1349 if (!r) 1350 return -1; 1351 1352 for (i = 0; ie && i < ie[1]; i++) 1353 r[i] = ie[i + 2] & 0x7f; 1354 1355 for (j = 0; ie2 && j < ie2[1]; j++) 1356 r[i + j] = ie2[j + 2] & 0x7f; 1357 1358 *rates = r; 1359 return len; 1360 } 1361 1362 1363 #ifdef CONFIG_FILS 1364 const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss) 1365 { 1366 const u8 *ie; 1367 1368 if (bss) { 1369 ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION); 1370 if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7)) 1371 return ie + 4; 1372 } 1373 1374 return NULL; 1375 } 1376 #endif /* CONFIG_FILS */ 1377 1378 1379 int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab) 1380 { 1381 if (!bss) 1382 return 0; 1383 return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB), 1384 capab); 1385 } 1386