1 /* 2 * BSS table 3 * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "drivers/driver.h" 15 #include "eap_peer/eap.h" 16 #include "wpa_supplicant_i.h" 17 #include "config.h" 18 #include "notify.h" 19 #include "scan.h" 20 #include "bss.h" 21 22 23 #define WPA_BSS_FREQ_CHANGED_FLAG BIT(0) 24 #define WPA_BSS_SIGNAL_CHANGED_FLAG BIT(1) 25 #define WPA_BSS_PRIVACY_CHANGED_FLAG BIT(2) 26 #define WPA_BSS_MODE_CHANGED_FLAG BIT(3) 27 #define WPA_BSS_WPAIE_CHANGED_FLAG BIT(4) 28 #define WPA_BSS_RSNIE_CHANGED_FLAG BIT(5) 29 #define WPA_BSS_WPS_CHANGED_FLAG BIT(6) 30 #define WPA_BSS_RATES_CHANGED_FLAG BIT(7) 31 #define WPA_BSS_IES_CHANGED_FLAG BIT(8) 32 33 34 static void wpa_bss_set_hessid(struct wpa_bss *bss) 35 { 36 #ifdef CONFIG_INTERWORKING 37 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING); 38 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) { 39 os_memset(bss->hessid, 0, ETH_ALEN); 40 return; 41 } 42 if (ie[1] == 7) 43 os_memcpy(bss->hessid, ie + 3, ETH_ALEN); 44 else 45 os_memcpy(bss->hessid, ie + 5, ETH_ALEN); 46 #endif /* CONFIG_INTERWORKING */ 47 } 48 49 50 /** 51 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry 52 * Returns: Allocated ANQP data structure or %NULL on failure 53 * 54 * The allocated ANQP data structure has its users count set to 1. It may be 55 * shared by multiple BSS entries and each shared entry is freed with 56 * wpa_bss_anqp_free(). 57 */ 58 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void) 59 { 60 struct wpa_bss_anqp *anqp; 61 anqp = os_zalloc(sizeof(*anqp)); 62 if (anqp == NULL) 63 return NULL; 64 #ifdef CONFIG_INTERWORKING 65 dl_list_init(&anqp->anqp_elems); 66 #endif /* CONFIG_INTERWORKING */ 67 anqp->users = 1; 68 return anqp; 69 } 70 71 72 /** 73 * wpa_bss_anqp_clone - Clone an ANQP data structure 74 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() 75 * Returns: Cloned ANQP data structure or %NULL on failure 76 */ 77 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp) 78 { 79 struct wpa_bss_anqp *n; 80 81 n = os_zalloc(sizeof(*n)); 82 if (n == NULL) 83 return NULL; 84 85 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f) 86 #ifdef CONFIG_INTERWORKING 87 dl_list_init(&n->anqp_elems); 88 ANQP_DUP(capability_list); 89 ANQP_DUP(venue_name); 90 ANQP_DUP(network_auth_type); 91 ANQP_DUP(roaming_consortium); 92 ANQP_DUP(ip_addr_type_availability); 93 ANQP_DUP(nai_realm); 94 ANQP_DUP(anqp_3gpp); 95 ANQP_DUP(domain_name); 96 ANQP_DUP(fils_realm_info); 97 #endif /* CONFIG_INTERWORKING */ 98 #ifdef CONFIG_HS20 99 ANQP_DUP(hs20_capability_list); 100 ANQP_DUP(hs20_operator_friendly_name); 101 ANQP_DUP(hs20_wan_metrics); 102 ANQP_DUP(hs20_connection_capability); 103 ANQP_DUP(hs20_operating_class); 104 ANQP_DUP(hs20_osu_providers_list); 105 ANQP_DUP(hs20_operator_icon_metadata); 106 ANQP_DUP(hs20_osu_providers_nai_list); 107 #endif /* CONFIG_HS20 */ 108 #undef ANQP_DUP 109 110 return n; 111 } 112 113 114 /** 115 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry 116 * @bss: BSS entry 117 * Returns: 0 on success, -1 on failure 118 * 119 * This function ensures the specific BSS entry has an ANQP data structure that 120 * is not shared with any other BSS entry. 121 */ 122 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss) 123 { 124 struct wpa_bss_anqp *anqp; 125 126 if (bss->anqp && bss->anqp->users > 1) { 127 /* allocated, but shared - clone an unshared copy */ 128 anqp = wpa_bss_anqp_clone(bss->anqp); 129 if (anqp == NULL) 130 return -1; 131 anqp->users = 1; 132 bss->anqp->users--; 133 bss->anqp = anqp; 134 return 0; 135 } 136 137 if (bss->anqp) 138 return 0; /* already allocated and not shared */ 139 140 /* not allocated - allocate a new storage area */ 141 bss->anqp = wpa_bss_anqp_alloc(); 142 return bss->anqp ? 0 : -1; 143 } 144 145 146 /** 147 * wpa_bss_anqp_free - Free an ANQP data structure 148 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone() 149 */ 150 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp) 151 { 152 #ifdef CONFIG_INTERWORKING 153 struct wpa_bss_anqp_elem *elem; 154 #endif /* CONFIG_INTERWORKING */ 155 156 if (anqp == NULL) 157 return; 158 159 anqp->users--; 160 if (anqp->users > 0) { 161 /* Another BSS entry holds a pointer to this ANQP info */ 162 return; 163 } 164 165 #ifdef CONFIG_INTERWORKING 166 wpabuf_free(anqp->capability_list); 167 wpabuf_free(anqp->venue_name); 168 wpabuf_free(anqp->network_auth_type); 169 wpabuf_free(anqp->roaming_consortium); 170 wpabuf_free(anqp->ip_addr_type_availability); 171 wpabuf_free(anqp->nai_realm); 172 wpabuf_free(anqp->anqp_3gpp); 173 wpabuf_free(anqp->domain_name); 174 wpabuf_free(anqp->fils_realm_info); 175 176 while ((elem = dl_list_first(&anqp->anqp_elems, 177 struct wpa_bss_anqp_elem, list))) { 178 dl_list_del(&elem->list); 179 wpabuf_free(elem->payload); 180 os_free(elem); 181 } 182 #endif /* CONFIG_INTERWORKING */ 183 #ifdef CONFIG_HS20 184 wpabuf_free(anqp->hs20_capability_list); 185 wpabuf_free(anqp->hs20_operator_friendly_name); 186 wpabuf_free(anqp->hs20_wan_metrics); 187 wpabuf_free(anqp->hs20_connection_capability); 188 wpabuf_free(anqp->hs20_operating_class); 189 wpabuf_free(anqp->hs20_osu_providers_list); 190 wpabuf_free(anqp->hs20_operator_icon_metadata); 191 wpabuf_free(anqp->hs20_osu_providers_nai_list); 192 #endif /* CONFIG_HS20 */ 193 194 os_free(anqp); 195 } 196 197 198 static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s, 199 struct wpa_bss *old_bss, 200 struct wpa_bss *new_bss) 201 { 202 struct wpa_radio_work *work; 203 struct wpa_connect_work *cwork; 204 205 work = radio_work_pending(wpa_s, "sme-connect"); 206 if (!work) 207 work = radio_work_pending(wpa_s, "connect"); 208 if (!work) 209 return; 210 211 cwork = work->ctx; 212 if (cwork->bss != old_bss) 213 return; 214 215 wpa_printf(MSG_DEBUG, 216 "Update BSS pointer for the pending connect radio work"); 217 cwork->bss = new_bss; 218 if (!new_bss) 219 cwork->bss_removed = 1; 220 } 221 222 223 void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 224 const char *reason) 225 { 226 if (wpa_s->last_scan_res) { 227 unsigned int i; 228 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 229 if (wpa_s->last_scan_res[i] == bss) { 230 os_memmove(&wpa_s->last_scan_res[i], 231 &wpa_s->last_scan_res[i + 1], 232 (wpa_s->last_scan_res_used - i - 1) 233 * sizeof(struct wpa_bss *)); 234 wpa_s->last_scan_res_used--; 235 break; 236 } 237 } 238 } 239 wpa_bss_update_pending_connect(wpa_s, bss, NULL); 240 dl_list_del(&bss->list); 241 dl_list_del(&bss->list_id); 242 wpa_s->num_bss--; 243 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR 244 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid), 245 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason); 246 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id); 247 wpa_bss_anqp_free(bss->anqp); 248 os_free(bss); 249 } 250 251 252 /** 253 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID 254 * @wpa_s: Pointer to wpa_supplicant data 255 * @bssid: BSSID 256 * @ssid: SSID 257 * @ssid_len: Length of @ssid 258 * Returns: Pointer to the BSS entry or %NULL if not found 259 */ 260 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid, 261 const u8 *ssid, size_t ssid_len) 262 { 263 struct wpa_bss *bss; 264 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 265 return NULL; 266 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 267 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 && 268 bss->ssid_len == ssid_len && 269 os_memcmp(bss->ssid, ssid, ssid_len) == 0) 270 return bss; 271 } 272 return NULL; 273 } 274 275 276 void calculate_update_time(const struct os_reltime *fetch_time, 277 unsigned int age_ms, 278 struct os_reltime *update_time) 279 { 280 os_time_t usec; 281 282 update_time->sec = fetch_time->sec; 283 update_time->usec = fetch_time->usec; 284 update_time->sec -= age_ms / 1000; 285 usec = (age_ms % 1000) * 1000; 286 if (update_time->usec < usec) { 287 update_time->sec--; 288 update_time->usec += 1000000; 289 } 290 update_time->usec -= usec; 291 } 292 293 294 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, 295 struct os_reltime *fetch_time) 296 { 297 dst->flags = src->flags; 298 os_memcpy(dst->bssid, src->bssid, ETH_ALEN); 299 dst->freq = src->freq; 300 dst->beacon_int = src->beacon_int; 301 dst->caps = src->caps; 302 dst->qual = src->qual; 303 dst->noise = src->noise; 304 dst->level = src->level; 305 dst->tsf = src->tsf; 306 dst->est_throughput = src->est_throughput; 307 dst->snr = src->snr; 308 309 calculate_update_time(fetch_time, src->age, &dst->last_update); 310 } 311 312 313 static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s, 314 struct wpa_bss *bss) 315 { 316 #ifdef CONFIG_WPS 317 struct wpa_ssid *ssid; 318 struct wpabuf *wps_ie; 319 int pbc = 0, ret; 320 321 wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE); 322 if (!wps_ie) 323 return 0; 324 325 if (wps_is_selected_pbc_registrar(wps_ie)) { 326 pbc = 1; 327 } else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) { 328 wpabuf_free(wps_ie); 329 return 0; 330 } 331 332 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 333 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 334 continue; 335 if (ssid->ssid_len && 336 (ssid->ssid_len != bss->ssid_len || 337 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0)) 338 continue; 339 340 if (pbc) 341 ret = eap_is_wps_pbc_enrollee(&ssid->eap); 342 else 343 ret = eap_is_wps_pin_enrollee(&ssid->eap); 344 wpabuf_free(wps_ie); 345 return ret; 346 } 347 wpabuf_free(wps_ie); 348 #endif /* CONFIG_WPS */ 349 350 return 0; 351 } 352 353 354 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 355 { 356 struct wpa_ssid *ssid; 357 358 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 359 if (ssid->ssid == NULL || ssid->ssid_len == 0) 360 continue; 361 if (ssid->ssid_len == bss->ssid_len && 362 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0) 363 return 1; 364 } 365 366 return 0; 367 } 368 369 370 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) 371 { 372 if (bss == wpa_s->current_bss) 373 return 1; 374 375 if (wpa_s->current_bss && 376 (bss->ssid_len != wpa_s->current_bss->ssid_len || 377 os_memcmp(bss->ssid, wpa_s->current_bss->ssid, 378 bss->ssid_len) != 0)) 379 return 0; /* SSID has changed */ 380 381 return !is_zero_ether_addr(bss->bssid) && 382 (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 || 383 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0); 384 } 385 386 387 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s) 388 { 389 struct wpa_bss *bss; 390 391 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 392 if (!wpa_bss_known(wpa_s, bss) && 393 !wpa_bss_is_wps_candidate(wpa_s, bss)) { 394 wpa_bss_remove(wpa_s, bss, __func__); 395 return 0; 396 } 397 } 398 399 return -1; 400 } 401 402 403 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s) 404 { 405 struct wpa_bss *bss; 406 407 /* 408 * Remove the oldest entry that does not match with any configured 409 * network. 410 */ 411 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0) 412 return 0; 413 414 /* 415 * Remove the oldest entry that isn't currently in use. 416 */ 417 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 418 if (!wpa_bss_in_use(wpa_s, bss)) { 419 wpa_bss_remove(wpa_s, bss, __func__); 420 return 0; 421 } 422 } 423 424 return -1; 425 } 426 427 428 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s, 429 const u8 *ssid, size_t ssid_len, 430 struct wpa_scan_res *res, 431 struct os_reltime *fetch_time) 432 { 433 struct wpa_bss *bss; 434 435 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len); 436 if (bss == NULL) 437 return NULL; 438 bss->id = wpa_s->bss_next_id++; 439 bss->last_update_idx = wpa_s->bss_update_idx; 440 wpa_bss_copy_res(bss, res, fetch_time); 441 os_memcpy(bss->ssid, ssid, ssid_len); 442 bss->ssid_len = ssid_len; 443 bss->ie_len = res->ie_len; 444 bss->beacon_ie_len = res->beacon_ie_len; 445 os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len); 446 wpa_bss_set_hessid(bss); 447 448 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count && 449 wpa_bss_remove_oldest(wpa_s) != 0) { 450 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d " 451 "because all BSSes are in use. We should normally " 452 "not get here!", (int) wpa_s->num_bss + 1); 453 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1; 454 } 455 456 dl_list_add_tail(&wpa_s->bss, &bss->list); 457 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id); 458 wpa_s->num_bss++; 459 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR 460 " SSID '%s' freq %d", 461 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len), 462 bss->freq); 463 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id); 464 return bss; 465 } 466 467 468 static int are_ies_equal(const struct wpa_bss *old, 469 const struct wpa_scan_res *new_res, u32 ie) 470 { 471 const u8 *old_ie, *new_ie; 472 struct wpabuf *old_ie_buff = NULL; 473 struct wpabuf *new_ie_buff = NULL; 474 int new_ie_len, old_ie_len, ret, is_multi; 475 476 switch (ie) { 477 case WPA_IE_VENDOR_TYPE: 478 old_ie = wpa_bss_get_vendor_ie(old, ie); 479 new_ie = wpa_scan_get_vendor_ie(new_res, ie); 480 is_multi = 0; 481 break; 482 case WPS_IE_VENDOR_TYPE: 483 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie); 484 new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie); 485 is_multi = 1; 486 break; 487 case WLAN_EID_RSN: 488 case WLAN_EID_SUPP_RATES: 489 case WLAN_EID_EXT_SUPP_RATES: 490 old_ie = wpa_bss_get_ie(old, ie); 491 new_ie = wpa_scan_get_ie(new_res, ie); 492 is_multi = 0; 493 break; 494 default: 495 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__); 496 return 0; 497 } 498 499 if (is_multi) { 500 /* in case of multiple IEs stored in buffer */ 501 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL; 502 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL; 503 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0; 504 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0; 505 } else { 506 /* in case of single IE */ 507 old_ie_len = old_ie ? old_ie[1] + 2 : 0; 508 new_ie_len = new_ie ? new_ie[1] + 2 : 0; 509 } 510 511 if (!old_ie || !new_ie) 512 ret = !old_ie && !new_ie; 513 else 514 ret = (old_ie_len == new_ie_len && 515 os_memcmp(old_ie, new_ie, old_ie_len) == 0); 516 517 wpabuf_free(old_ie_buff); 518 wpabuf_free(new_ie_buff); 519 520 return ret; 521 } 522 523 524 static u32 wpa_bss_compare_res(const struct wpa_bss *old, 525 const struct wpa_scan_res *new_res) 526 { 527 u32 changes = 0; 528 int caps_diff = old->caps ^ new_res->caps; 529 530 if (old->freq != new_res->freq) 531 changes |= WPA_BSS_FREQ_CHANGED_FLAG; 532 533 if (old->level != new_res->level) 534 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG; 535 536 if (caps_diff & IEEE80211_CAP_PRIVACY) 537 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG; 538 539 if (caps_diff & IEEE80211_CAP_IBSS) 540 changes |= WPA_BSS_MODE_CHANGED_FLAG; 541 542 if (old->ie_len == new_res->ie_len && 543 os_memcmp(old + 1, new_res + 1, old->ie_len) == 0) 544 return changes; 545 changes |= WPA_BSS_IES_CHANGED_FLAG; 546 547 if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE)) 548 changes |= WPA_BSS_WPAIE_CHANGED_FLAG; 549 550 if (!are_ies_equal(old, new_res, WLAN_EID_RSN)) 551 changes |= WPA_BSS_RSNIE_CHANGED_FLAG; 552 553 if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE)) 554 changes |= WPA_BSS_WPS_CHANGED_FLAG; 555 556 if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) || 557 !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES)) 558 changes |= WPA_BSS_RATES_CHANGED_FLAG; 559 560 return changes; 561 } 562 563 564 static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes, 565 const struct wpa_bss *bss) 566 { 567 if (changes & WPA_BSS_FREQ_CHANGED_FLAG) 568 wpas_notify_bss_freq_changed(wpa_s, bss->id); 569 570 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG) 571 wpas_notify_bss_signal_changed(wpa_s, bss->id); 572 573 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG) 574 wpas_notify_bss_privacy_changed(wpa_s, bss->id); 575 576 if (changes & WPA_BSS_MODE_CHANGED_FLAG) 577 wpas_notify_bss_mode_changed(wpa_s, bss->id); 578 579 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG) 580 wpas_notify_bss_wpaie_changed(wpa_s, bss->id); 581 582 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG) 583 wpas_notify_bss_rsnie_changed(wpa_s, bss->id); 584 585 if (changes & WPA_BSS_WPS_CHANGED_FLAG) 586 wpas_notify_bss_wps_changed(wpa_s, bss->id); 587 588 if (changes & WPA_BSS_IES_CHANGED_FLAG) 589 wpas_notify_bss_ies_changed(wpa_s, bss->id); 590 591 if (changes & WPA_BSS_RATES_CHANGED_FLAG) 592 wpas_notify_bss_rates_changed(wpa_s, bss->id); 593 594 wpas_notify_bss_seen(wpa_s, bss->id); 595 } 596 597 598 static struct wpa_bss * 599 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss, 600 struct wpa_scan_res *res, struct os_reltime *fetch_time) 601 { 602 u32 changes; 603 604 if (bss->last_update_idx == wpa_s->bss_update_idx) { 605 struct os_reltime update_time; 606 607 /* 608 * Some drivers (e.g., cfg80211) include multiple BSS entries 609 * for the same BSS if that BSS's channel changes. The BSS list 610 * implementation in wpa_supplicant does not do that and we need 611 * to filter out the obsolete results here to make sure only the 612 * most current BSS information remains in the table. 613 */ 614 wpa_printf(MSG_DEBUG, "BSS: " MACSTR 615 " has multiple entries in the scan results - select the most current one", 616 MAC2STR(bss->bssid)); 617 calculate_update_time(fetch_time, res->age, &update_time); 618 wpa_printf(MSG_DEBUG, 619 "Previous last_update: %u.%06u (freq %d%s)", 620 (unsigned int) bss->last_update.sec, 621 (unsigned int) bss->last_update.usec, 622 bss->freq, 623 (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : ""); 624 wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)", 625 (unsigned int) update_time.sec, 626 (unsigned int) update_time.usec, 627 res->freq, 628 (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : ""); 629 if ((bss->flags & WPA_BSS_ASSOCIATED) || 630 (!(res->flags & WPA_SCAN_ASSOCIATED) && 631 !os_reltime_before(&bss->last_update, &update_time))) { 632 wpa_printf(MSG_DEBUG, 633 "Ignore this BSS entry since the previous update looks more current"); 634 return bss; 635 } 636 wpa_printf(MSG_DEBUG, 637 "Accept this BSS entry since it looks more current than the previous update"); 638 } 639 640 changes = wpa_bss_compare_res(bss, res); 641 if (changes & WPA_BSS_FREQ_CHANGED_FLAG) 642 wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d", 643 MAC2STR(bss->bssid), bss->freq, res->freq); 644 bss->scan_miss_count = 0; 645 bss->last_update_idx = wpa_s->bss_update_idx; 646 wpa_bss_copy_res(bss, res, fetch_time); 647 /* Move the entry to the end of the list */ 648 dl_list_del(&bss->list); 649 #ifdef CONFIG_P2P 650 if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) && 651 !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) { 652 /* 653 * This can happen when non-P2P station interface runs a scan 654 * without P2P IE in the Probe Request frame. P2P GO would reply 655 * to that with a Probe Response that does not include P2P IE. 656 * Do not update the IEs in this BSS entry to avoid such loss of 657 * information that may be needed for P2P operations to 658 * determine group information. 659 */ 660 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for " 661 MACSTR " since that would remove P2P IE information", 662 MAC2STR(bss->bssid)); 663 } else 664 #endif /* CONFIG_P2P */ 665 if (bss->ie_len + bss->beacon_ie_len >= 666 res->ie_len + res->beacon_ie_len) { 667 os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len); 668 bss->ie_len = res->ie_len; 669 bss->beacon_ie_len = res->beacon_ie_len; 670 } else { 671 struct wpa_bss *nbss; 672 struct dl_list *prev = bss->list_id.prev; 673 dl_list_del(&bss->list_id); 674 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len + 675 res->beacon_ie_len); 676 if (nbss) { 677 unsigned int i; 678 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 679 if (wpa_s->last_scan_res[i] == bss) { 680 wpa_s->last_scan_res[i] = nbss; 681 break; 682 } 683 } 684 if (wpa_s->current_bss == bss) 685 wpa_s->current_bss = nbss; 686 wpa_bss_update_pending_connect(wpa_s, bss, nbss); 687 bss = nbss; 688 os_memcpy(bss + 1, res + 1, 689 res->ie_len + res->beacon_ie_len); 690 bss->ie_len = res->ie_len; 691 bss->beacon_ie_len = res->beacon_ie_len; 692 } 693 dl_list_add(prev, &bss->list_id); 694 } 695 if (changes & WPA_BSS_IES_CHANGED_FLAG) 696 wpa_bss_set_hessid(bss); 697 dl_list_add_tail(&wpa_s->bss, &bss->list); 698 699 notify_bss_changes(wpa_s, changes, bss); 700 701 return bss; 702 } 703 704 705 /** 706 * wpa_bss_update_start - Start a BSS table update from scan results 707 * @wpa_s: Pointer to wpa_supplicant data 708 * 709 * This function is called at the start of each BSS table update round for new 710 * scan results. The actual scan result entries are indicated with calls to 711 * wpa_bss_update_scan_res() and the update round is finished with a call to 712 * wpa_bss_update_end(). 713 */ 714 void wpa_bss_update_start(struct wpa_supplicant *wpa_s) 715 { 716 wpa_s->bss_update_idx++; 717 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u", 718 wpa_s->bss_update_idx); 719 wpa_s->last_scan_res_used = 0; 720 } 721 722 723 /** 724 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result 725 * @wpa_s: Pointer to wpa_supplicant data 726 * @res: Scan result 727 * @fetch_time: Time when the result was fetched from the driver 728 * 729 * This function updates a BSS table entry (or adds one) based on a scan result. 730 * This is called separately for each scan result between the calls to 731 * wpa_bss_update_start() and wpa_bss_update_end(). 732 */ 733 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s, 734 struct wpa_scan_res *res, 735 struct os_reltime *fetch_time) 736 { 737 const u8 *ssid, *p2p, *mesh; 738 struct wpa_bss *bss; 739 740 if (wpa_s->conf->ignore_old_scan_res) { 741 struct os_reltime update; 742 calculate_update_time(fetch_time, res->age, &update); 743 if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) { 744 struct os_reltime age; 745 os_reltime_sub(&wpa_s->scan_trigger_time, &update, 746 &age); 747 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS " 748 "table entry that is %u.%06u seconds older " 749 "than our scan trigger", 750 (unsigned int) age.sec, 751 (unsigned int) age.usec); 752 return; 753 } 754 } 755 756 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID); 757 if (ssid == NULL) { 758 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for " 759 MACSTR, MAC2STR(res->bssid)); 760 return; 761 } 762 if (ssid[1] > SSID_MAX_LEN) { 763 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for " 764 MACSTR, MAC2STR(res->bssid)); 765 return; 766 } 767 768 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE); 769 #ifdef CONFIG_P2P 770 if (p2p == NULL && 771 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) { 772 /* 773 * If it's a P2P specific interface, then don't update 774 * the scan result without a P2P IE. 775 */ 776 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR 777 " update for P2P interface", MAC2STR(res->bssid)); 778 return; 779 } 780 #endif /* CONFIG_P2P */ 781 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN && 782 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0) 783 return; /* Skip P2P listen discovery results here */ 784 785 /* TODO: add option for ignoring BSSes we are not interested in 786 * (to save memory) */ 787 788 mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID); 789 if (mesh && mesh[1] <= SSID_MAX_LEN) 790 ssid = mesh; 791 792 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]); 793 if (bss == NULL) 794 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time); 795 else { 796 bss = wpa_bss_update(wpa_s, bss, res, fetch_time); 797 if (wpa_s->last_scan_res) { 798 unsigned int i; 799 for (i = 0; i < wpa_s->last_scan_res_used; i++) { 800 if (bss == wpa_s->last_scan_res[i]) { 801 /* Already in the list */ 802 return; 803 } 804 } 805 } 806 } 807 808 if (bss == NULL) 809 return; 810 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) { 811 struct wpa_bss **n; 812 unsigned int siz; 813 if (wpa_s->last_scan_res_size == 0) 814 siz = 32; 815 else 816 siz = wpa_s->last_scan_res_size * 2; 817 n = os_realloc_array(wpa_s->last_scan_res, siz, 818 sizeof(struct wpa_bss *)); 819 if (n == NULL) 820 return; 821 wpa_s->last_scan_res = n; 822 wpa_s->last_scan_res_size = siz; 823 } 824 825 if (wpa_s->last_scan_res) 826 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss; 827 } 828 829 830 static int wpa_bss_included_in_scan(const struct wpa_bss *bss, 831 const struct scan_info *info) 832 { 833 int found; 834 size_t i; 835 836 if (info == NULL) 837 return 1; 838 839 if (info->num_freqs) { 840 found = 0; 841 for (i = 0; i < info->num_freqs; i++) { 842 if (bss->freq == info->freqs[i]) { 843 found = 1; 844 break; 845 } 846 } 847 if (!found) 848 return 0; 849 } 850 851 if (info->num_ssids) { 852 found = 0; 853 for (i = 0; i < info->num_ssids; i++) { 854 const struct wpa_driver_scan_ssid *s = &info->ssids[i]; 855 if ((s->ssid == NULL || s->ssid_len == 0) || 856 (s->ssid_len == bss->ssid_len && 857 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) == 858 0)) { 859 found = 1; 860 break; 861 } 862 } 863 if (!found) 864 return 0; 865 } 866 867 return 1; 868 } 869 870 871 /** 872 * wpa_bss_update_end - End a BSS table update from scan results 873 * @wpa_s: Pointer to wpa_supplicant data 874 * @info: Information about scan parameters 875 * @new_scan: Whether this update round was based on a new scan 876 * 877 * This function is called at the end of each BSS table update round for new 878 * scan results. The start of the update was indicated with a call to 879 * wpa_bss_update_start(). 880 */ 881 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info, 882 int new_scan) 883 { 884 struct wpa_bss *bss, *n; 885 886 os_get_reltime(&wpa_s->last_scan); 887 if ((info && info->aborted) || !new_scan) 888 return; /* do not expire entries without new scan */ 889 890 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 891 if (wpa_bss_in_use(wpa_s, bss)) 892 continue; 893 if (!wpa_bss_included_in_scan(bss, info)) 894 continue; /* expire only BSSes that were scanned */ 895 if (bss->last_update_idx < wpa_s->bss_update_idx) 896 bss->scan_miss_count++; 897 if (bss->scan_miss_count >= 898 wpa_s->conf->bss_expiration_scan_count) { 899 wpa_bss_remove(wpa_s, bss, "no match in scan"); 900 } 901 } 902 903 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%u/%u", 904 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size); 905 } 906 907 908 /** 909 * wpa_bss_flush_by_age - Flush old BSS entries 910 * @wpa_s: Pointer to wpa_supplicant data 911 * @age: Maximum entry age in seconds 912 * 913 * Remove BSS entries that have not been updated during the last @age seconds. 914 */ 915 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age) 916 { 917 struct wpa_bss *bss, *n; 918 struct os_reltime t; 919 920 if (dl_list_empty(&wpa_s->bss)) 921 return; 922 923 os_get_reltime(&t); 924 t.sec -= age; 925 926 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 927 if (wpa_bss_in_use(wpa_s, bss)) 928 continue; 929 930 if (os_reltime_before(&bss->last_update, &t)) { 931 wpa_bss_remove(wpa_s, bss, __func__); 932 } else 933 break; 934 } 935 } 936 937 938 /** 939 * wpa_bss_init - Initialize BSS table 940 * @wpa_s: Pointer to wpa_supplicant data 941 * Returns: 0 on success, -1 on failure 942 * 943 * This prepares BSS table lists and timer for periodic updates. The BSS table 944 * is deinitialized with wpa_bss_deinit() once not needed anymore. 945 */ 946 int wpa_bss_init(struct wpa_supplicant *wpa_s) 947 { 948 dl_list_init(&wpa_s->bss); 949 dl_list_init(&wpa_s->bss_id); 950 return 0; 951 } 952 953 954 /** 955 * wpa_bss_flush - Flush all unused BSS entries 956 * @wpa_s: Pointer to wpa_supplicant data 957 */ 958 void wpa_bss_flush(struct wpa_supplicant *wpa_s) 959 { 960 struct wpa_bss *bss, *n; 961 962 wpa_s->clear_driver_scan_cache = 1; 963 964 if (wpa_s->bss.next == NULL) 965 return; /* BSS table not yet initialized */ 966 967 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) { 968 if (wpa_bss_in_use(wpa_s, bss)) 969 continue; 970 wpa_bss_remove(wpa_s, bss, __func__); 971 } 972 } 973 974 975 /** 976 * wpa_bss_deinit - Deinitialize BSS table 977 * @wpa_s: Pointer to wpa_supplicant data 978 */ 979 void wpa_bss_deinit(struct wpa_supplicant *wpa_s) 980 { 981 wpa_bss_flush(wpa_s); 982 } 983 984 985 /** 986 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID 987 * @wpa_s: Pointer to wpa_supplicant data 988 * @bssid: BSSID 989 * Returns: Pointer to the BSS entry or %NULL if not found 990 */ 991 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s, 992 const u8 *bssid) 993 { 994 struct wpa_bss *bss; 995 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 996 return NULL; 997 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 998 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0) 999 return bss; 1000 } 1001 return NULL; 1002 } 1003 1004 1005 /** 1006 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID 1007 * @wpa_s: Pointer to wpa_supplicant data 1008 * @bssid: BSSID 1009 * Returns: Pointer to the BSS entry or %NULL if not found 1010 * 1011 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to 1012 * find the entry that has the most recent update. This can help in finding the 1013 * correct entry in cases where the SSID of the AP may have changed recently 1014 * (e.g., in WPS reconfiguration cases). 1015 */ 1016 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s, 1017 const u8 *bssid) 1018 { 1019 struct wpa_bss *bss, *found = NULL; 1020 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid)) 1021 return NULL; 1022 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 1023 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0) 1024 continue; 1025 if (found == NULL || 1026 os_reltime_before(&found->last_update, &bss->last_update)) 1027 found = bss; 1028 } 1029 return found; 1030 } 1031 1032 1033 #ifdef CONFIG_P2P 1034 /** 1035 * wpa_bss_get_p2p_dev_addr - Fetch a BSS table entry based on P2P Device Addr 1036 * @wpa_s: Pointer to wpa_supplicant data 1037 * @dev_addr: P2P Device Address of the GO 1038 * Returns: Pointer to the BSS entry or %NULL if not found 1039 */ 1040 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s, 1041 const u8 *dev_addr) 1042 { 1043 struct wpa_bss *bss; 1044 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) { 1045 u8 addr[ETH_ALEN]; 1046 if (p2p_parse_dev_addr((const u8 *) (bss + 1), bss->ie_len, 1047 addr) == 0 && 1048 os_memcmp(addr, dev_addr, ETH_ALEN) == 0) 1049 return bss; 1050 } 1051 return NULL; 1052 } 1053 #endif /* CONFIG_P2P */ 1054 1055 1056 /** 1057 * wpa_bss_get_id - Fetch a BSS table entry based on identifier 1058 * @wpa_s: Pointer to wpa_supplicant data 1059 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry 1060 * Returns: Pointer to the BSS entry or %NULL if not found 1061 */ 1062 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id) 1063 { 1064 struct wpa_bss *bss; 1065 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 1066 if (bss->id == id) 1067 return bss; 1068 } 1069 return NULL; 1070 } 1071 1072 1073 /** 1074 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range 1075 * @wpa_s: Pointer to wpa_supplicant data 1076 * @idf: Smallest allowed identifier assigned for the entry 1077 * @idf: Largest allowed identifier assigned for the entry 1078 * Returns: Pointer to the BSS entry or %NULL if not found 1079 * 1080 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the 1081 * smallest id value to be fetched within the specified range without the 1082 * caller having to know the exact id. 1083 */ 1084 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s, 1085 unsigned int idf, unsigned int idl) 1086 { 1087 struct wpa_bss *bss; 1088 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) { 1089 if (bss->id >= idf && bss->id <= idl) 1090 return bss; 1091 } 1092 return NULL; 1093 } 1094 1095 1096 /** 1097 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry 1098 * @bss: BSS table entry 1099 * @ie: Information element identitifier (WLAN_EID_*) 1100 * Returns: Pointer to the information element (id field) or %NULL if not found 1101 * 1102 * This function returns the first matching information element in the BSS 1103 * entry. 1104 */ 1105 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie) 1106 { 1107 return get_ie((const u8 *) (bss + 1), bss->ie_len, ie); 1108 } 1109 1110 1111 /** 1112 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry 1113 * @bss: BSS table entry 1114 * @vendor_type: Vendor type (four octets starting the IE payload) 1115 * Returns: Pointer to the information element (id field) or %NULL if not found 1116 * 1117 * This function returns the first matching information element in the BSS 1118 * entry. 1119 */ 1120 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type) 1121 { 1122 const u8 *end, *pos; 1123 1124 pos = (const u8 *) (bss + 1); 1125 end = pos + bss->ie_len; 1126 1127 while (end - pos > 1) { 1128 if (2 + pos[1] > end - pos) 1129 break; 1130 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1131 vendor_type == WPA_GET_BE32(&pos[2])) 1132 return pos; 1133 pos += 2 + pos[1]; 1134 } 1135 1136 return NULL; 1137 } 1138 1139 1140 /** 1141 * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry 1142 * @bss: BSS table entry 1143 * @vendor_type: Vendor type (four octets starting the IE payload) 1144 * Returns: Pointer to the information element (id field) or %NULL if not found 1145 * 1146 * This function returns the first matching information element in the BSS 1147 * entry. 1148 * 1149 * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only 1150 * from Beacon frames instead of either Beacon or Probe Response frames. 1151 */ 1152 const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss, 1153 u32 vendor_type) 1154 { 1155 const u8 *end, *pos; 1156 1157 if (bss->beacon_ie_len == 0) 1158 return NULL; 1159 1160 pos = (const u8 *) (bss + 1); 1161 pos += bss->ie_len; 1162 end = pos + bss->beacon_ie_len; 1163 1164 while (end - pos > 1) { 1165 if (2 + pos[1] > end - pos) 1166 break; 1167 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1168 vendor_type == WPA_GET_BE32(&pos[2])) 1169 return pos; 1170 pos += 2 + pos[1]; 1171 } 1172 1173 return NULL; 1174 } 1175 1176 1177 /** 1178 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry 1179 * @bss: BSS table entry 1180 * @vendor_type: Vendor type (four octets starting the IE payload) 1181 * Returns: Pointer to the information element payload or %NULL if not found 1182 * 1183 * This function returns concatenated payload of possibly fragmented vendor 1184 * specific information elements in the BSS entry. The caller is responsible for 1185 * freeing the returned buffer. 1186 */ 1187 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss, 1188 u32 vendor_type) 1189 { 1190 struct wpabuf *buf; 1191 const u8 *end, *pos; 1192 1193 buf = wpabuf_alloc(bss->ie_len); 1194 if (buf == NULL) 1195 return NULL; 1196 1197 pos = (const u8 *) (bss + 1); 1198 end = pos + bss->ie_len; 1199 1200 while (end - pos > 1) { 1201 if (2 + pos[1] > end - pos) 1202 break; 1203 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1204 vendor_type == WPA_GET_BE32(&pos[2])) 1205 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1206 pos += 2 + pos[1]; 1207 } 1208 1209 if (wpabuf_len(buf) == 0) { 1210 wpabuf_free(buf); 1211 buf = NULL; 1212 } 1213 1214 return buf; 1215 } 1216 1217 1218 /** 1219 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry 1220 * @bss: BSS table entry 1221 * @vendor_type: Vendor type (four octets starting the IE payload) 1222 * Returns: Pointer to the information element payload or %NULL if not found 1223 * 1224 * This function returns concatenated payload of possibly fragmented vendor 1225 * specific information elements in the BSS entry. The caller is responsible for 1226 * freeing the returned buffer. 1227 * 1228 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only 1229 * from Beacon frames instead of either Beacon or Probe Response frames. 1230 */ 1231 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss, 1232 u32 vendor_type) 1233 { 1234 struct wpabuf *buf; 1235 const u8 *end, *pos; 1236 1237 buf = wpabuf_alloc(bss->beacon_ie_len); 1238 if (buf == NULL) 1239 return NULL; 1240 1241 pos = (const u8 *) (bss + 1); 1242 pos += bss->ie_len; 1243 end = pos + bss->beacon_ie_len; 1244 1245 while (end - pos > 1) { 1246 if (2 + pos[1] > end - pos) 1247 break; 1248 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1249 vendor_type == WPA_GET_BE32(&pos[2])) 1250 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1251 pos += 2 + pos[1]; 1252 } 1253 1254 if (wpabuf_len(buf) == 0) { 1255 wpabuf_free(buf); 1256 buf = NULL; 1257 } 1258 1259 return buf; 1260 } 1261 1262 1263 /** 1264 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS 1265 * @bss: BSS table entry 1266 * Returns: Maximum legacy rate in units of 500 kbps 1267 */ 1268 int wpa_bss_get_max_rate(const struct wpa_bss *bss) 1269 { 1270 int rate = 0; 1271 const u8 *ie; 1272 int i; 1273 1274 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1275 for (i = 0; ie && i < ie[1]; i++) { 1276 if ((ie[i + 2] & 0x7f) > rate) 1277 rate = ie[i + 2] & 0x7f; 1278 } 1279 1280 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1281 for (i = 0; ie && i < ie[1]; i++) { 1282 if ((ie[i + 2] & 0x7f) > rate) 1283 rate = ie[i + 2] & 0x7f; 1284 } 1285 1286 return rate; 1287 } 1288 1289 1290 /** 1291 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS 1292 * @bss: BSS table entry 1293 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps) 1294 * Returns: number of legacy TX rates or -1 on failure 1295 * 1296 * The caller is responsible for freeing the returned buffer with os_free() in 1297 * case of success. 1298 */ 1299 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates) 1300 { 1301 const u8 *ie, *ie2; 1302 int i, j; 1303 unsigned int len; 1304 u8 *r; 1305 1306 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES); 1307 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES); 1308 1309 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0); 1310 1311 r = os_malloc(len); 1312 if (!r) 1313 return -1; 1314 1315 for (i = 0; ie && i < ie[1]; i++) 1316 r[i] = ie[i + 2] & 0x7f; 1317 1318 for (j = 0; ie2 && j < ie2[1]; j++) 1319 r[i + j] = ie2[j + 2] & 0x7f; 1320 1321 *rates = r; 1322 return len; 1323 } 1324 1325 1326 #ifdef CONFIG_FILS 1327 const u8 * wpa_bss_get_fils_cache_id(struct wpa_bss *bss) 1328 { 1329 const u8 *ie; 1330 1331 if (bss) { 1332 ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION); 1333 if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7)) 1334 return ie + 4; 1335 } 1336 1337 return NULL; 1338 } 1339 #endif /* CONFIG_FILS */ 1340 1341 1342 int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab) 1343 { 1344 return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB), 1345 capab); 1346 } 1347