1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s); 28 29 30 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 31 { 32 struct wpa_ssid *ssid; 33 union wpa_event_data data; 34 35 ssid = wpa_supplicant_get_ssid(wpa_s); 36 if (ssid == NULL) 37 return; 38 39 if (wpa_s->current_ssid == NULL) { 40 wpa_s->current_ssid = ssid; 41 wpas_notify_network_changed(wpa_s); 42 } 43 wpa_supplicant_initiate_eapol(wpa_s); 44 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 45 "network - generating associated event"); 46 os_memset(&data, 0, sizeof(data)); 47 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 48 } 49 50 51 #ifdef CONFIG_WPS 52 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 53 enum wps_request_type *req_type) 54 { 55 struct wpa_ssid *ssid; 56 int wps = 0; 57 58 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 59 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 60 continue; 61 62 wps = 1; 63 *req_type = wpas_wps_get_req_type(ssid); 64 if (ssid->eap.phase1 && os_strstr(ssid->eap.phase1, "pbc=1")) 65 return 2; 66 } 67 68 #ifdef CONFIG_P2P 69 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 70 !wpa_s->conf->p2p_disabled) { 71 wpa_s->wps->dev.p2p = 1; 72 if (!wps) { 73 wps = 1; 74 *req_type = WPS_REQ_ENROLLEE_INFO; 75 } 76 } 77 #endif /* CONFIG_P2P */ 78 79 return wps; 80 } 81 #endif /* CONFIG_WPS */ 82 83 84 static int wpa_setup_mac_addr_rand_params(struct wpa_driver_scan_params *params, 85 const u8 *mac_addr) 86 { 87 u8 *tmp; 88 89 if (params->mac_addr) { 90 params->mac_addr_mask = NULL; 91 os_free(params->mac_addr); 92 params->mac_addr = NULL; 93 } 94 95 params->mac_addr_rand = 1; 96 97 if (!mac_addr) 98 return 0; 99 100 tmp = os_malloc(2 * ETH_ALEN); 101 if (!tmp) 102 return -1; 103 104 os_memcpy(tmp, mac_addr, 2 * ETH_ALEN); 105 params->mac_addr = tmp; 106 params->mac_addr_mask = tmp + ETH_ALEN; 107 return 0; 108 } 109 110 111 /** 112 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 113 * @wpa_s: Pointer to wpa_supplicant data 114 * Returns: 0 if no networks are enabled, >0 if networks are enabled 115 * 116 * This function is used to figure out whether any networks (or Interworking 117 * with enabled credentials and auto_interworking) are present in the current 118 * configuration. 119 */ 120 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 121 { 122 struct wpa_ssid *ssid = wpa_s->conf->ssid; 123 int count = 0, disabled = 0; 124 125 if (wpa_s->p2p_mgmt) 126 return 0; /* no normal network profiles on p2p_mgmt interface */ 127 128 while (ssid) { 129 if (!wpas_network_disabled(wpa_s, ssid)) 130 count++; 131 else 132 disabled++; 133 ssid = ssid->next; 134 } 135 if (wpa_s->conf->cred && wpa_s->conf->interworking && 136 wpa_s->conf->auto_interworking) 137 count++; 138 if (count == 0 && disabled > 0) { 139 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 140 "networks)", disabled); 141 } 142 return count; 143 } 144 145 146 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 147 struct wpa_ssid *ssid) 148 { 149 int min_temp_disabled = 0; 150 151 while (ssid) { 152 if (!wpas_network_disabled(wpa_s, ssid)) { 153 int temp_disabled = wpas_temp_disabled(wpa_s, ssid); 154 155 if (temp_disabled <= 0) 156 break; 157 158 if (!min_temp_disabled || 159 temp_disabled < min_temp_disabled) 160 min_temp_disabled = temp_disabled; 161 } 162 ssid = ssid->next; 163 } 164 165 /* ap_scan=2 mode - try to associate with each SSID. */ 166 if (ssid == NULL) { 167 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 168 "end of scan list - go back to beginning"); 169 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 170 wpa_supplicant_req_scan(wpa_s, min_temp_disabled, 0); 171 return; 172 } 173 if (ssid->next) { 174 /* Continue from the next SSID on the next attempt. */ 175 wpa_s->prev_scan_ssid = ssid; 176 } else { 177 /* Start from the beginning of the SSID list. */ 178 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 179 } 180 wpa_supplicant_associate(wpa_s, NULL, ssid); 181 } 182 183 184 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 185 { 186 struct wpa_supplicant *wpa_s = work->wpa_s; 187 struct wpa_driver_scan_params *params = work->ctx; 188 int ret; 189 190 if (deinit) { 191 if (!work->started) { 192 wpa_scan_free_params(params); 193 return; 194 } 195 wpa_supplicant_notify_scanning(wpa_s, 0); 196 wpas_notify_scan_done(wpa_s, 0); 197 wpa_s->scan_work = NULL; 198 return; 199 } 200 201 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) && 202 wpa_s->wpa_state <= WPA_SCANNING) 203 wpa_setup_mac_addr_rand_params(params, wpa_s->mac_addr_scan); 204 205 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 206 wpa_msg(wpa_s, MSG_INFO, 207 "Failed to assign random MAC address for a scan"); 208 wpa_scan_free_params(params); 209 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 210 radio_work_done(work); 211 return; 212 } 213 214 wpa_supplicant_notify_scanning(wpa_s, 1); 215 216 if (wpa_s->clear_driver_scan_cache) { 217 wpa_printf(MSG_DEBUG, 218 "Request driver to clear scan cache due to local BSS flush"); 219 params->only_new_results = 1; 220 } 221 ret = wpa_drv_scan(wpa_s, params); 222 /* 223 * Store the obtained vendor scan cookie (if any) in wpa_s context. 224 * The current design is to allow only one scan request on each 225 * interface, hence having this scan cookie stored in wpa_s context is 226 * fine for now. 227 * 228 * Revisit this logic if concurrent scan operations per interface 229 * is supported. 230 */ 231 if (ret == 0) 232 wpa_s->curr_scan_cookie = params->scan_cookie; 233 wpa_scan_free_params(params); 234 work->ctx = NULL; 235 if (ret) { 236 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ && 237 !wpa_s->beacon_rep_data.token; 238 239 if (wpa_s->disconnected) 240 retry = 0; 241 242 /* do not retry if operation is not supported */ 243 if (ret == -EOPNOTSUPP) 244 retry = 0; 245 246 wpa_supplicant_notify_scanning(wpa_s, 0); 247 wpas_notify_scan_done(wpa_s, 0); 248 if (wpa_s->wpa_state == WPA_SCANNING) 249 wpa_supplicant_set_state(wpa_s, 250 wpa_s->scan_prev_wpa_state); 251 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 252 ret, retry ? " retry=1" : ""); 253 radio_work_done(work); 254 255 if (retry) { 256 /* Restore scan_req since we will try to scan again */ 257 wpa_s->scan_req = wpa_s->last_scan_req; 258 wpa_supplicant_req_scan(wpa_s, 1, 0); 259 } else if (wpa_s->scan_res_handler) { 260 /* Clear the scan_res_handler */ 261 wpa_s->scan_res_handler = NULL; 262 } 263 264 #ifndef CONFIG_NO_RRM 265 if (wpa_s->beacon_rep_data.token) 266 wpas_rrm_refuse_request(wpa_s); 267 #endif /* CONFIG_NO_RRM */ 268 269 return; 270 } 271 272 os_get_reltime(&wpa_s->scan_trigger_time); 273 wpa_s->scan_runs++; 274 wpa_s->normal_scans++; 275 wpa_s->own_scan_requested = 1; 276 wpa_s->clear_driver_scan_cache = 0; 277 wpa_s->scan_work = work; 278 } 279 280 281 /** 282 * wpa_supplicant_trigger_scan - Request driver to start a scan 283 * @wpa_s: Pointer to wpa_supplicant data 284 * @params: Scan parameters 285 * @default_ies: Whether or not to use the default IEs in the Probe Request 286 * frames. Note that this will free any existing IEs set in @params, so this 287 * shouldn't be set if the IEs have already been set with 288 * wpa_supplicant_extra_ies(). Otherwise, wpabuf_free() will lead to a 289 * double-free. 290 * @next: Whether or not to perform this scan as the next radio work 291 * Returns: 0 on success, -1 on failure 292 */ 293 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 294 struct wpa_driver_scan_params *params, 295 bool default_ies, bool next) 296 { 297 struct wpa_driver_scan_params *ctx; 298 struct wpabuf *ies = NULL; 299 300 if (wpa_s->scan_work) { 301 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 302 return -1; 303 } 304 305 if (default_ies) { 306 if (params->extra_ies_len) { 307 os_free((u8 *) params->extra_ies); 308 params->extra_ies = NULL; 309 params->extra_ies_len = 0; 310 } 311 ies = wpa_supplicant_extra_ies(wpa_s); 312 if (ies) { 313 params->extra_ies = wpabuf_head(ies); 314 params->extra_ies_len = wpabuf_len(ies); 315 } 316 } 317 ctx = wpa_scan_clone_params(params); 318 if (ies) { 319 wpabuf_free(ies); 320 params->extra_ies = NULL; 321 params->extra_ies_len = 0; 322 } 323 wpa_s->last_scan_all_chan = !params->freqs; 324 wpa_s->last_scan_non_coloc_6ghz = params->non_coloc_6ghz; 325 326 if (wpa_s->crossed_6ghz_dom) { 327 wpa_printf(MSG_DEBUG, "First scan after crossing 6 GHz domain"); 328 wpa_s->crossed_6ghz_dom = false; 329 } 330 331 if (!ctx || 332 radio_add_work(wpa_s, 0, "scan", next, wpas_trigger_scan_cb, 333 ctx) < 0) { 334 wpa_scan_free_params(ctx); 335 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 336 return -1; 337 } 338 339 wpa_s->wps_scan_done = false; 340 341 return 0; 342 } 343 344 345 static void 346 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 347 { 348 struct wpa_supplicant *wpa_s = eloop_ctx; 349 350 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 351 352 if (wpa_supplicant_req_sched_scan(wpa_s)) 353 wpa_supplicant_req_scan(wpa_s, 0, 0); 354 } 355 356 357 static void 358 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 359 { 360 struct wpa_supplicant *wpa_s = eloop_ctx; 361 362 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 363 364 wpa_s->sched_scan_timed_out = 1; 365 wpa_supplicant_cancel_sched_scan(wpa_s); 366 } 367 368 369 static int 370 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 371 struct wpa_driver_scan_params *params) 372 { 373 int ret; 374 375 wpa_supplicant_notify_scanning(wpa_s, 1); 376 ret = wpa_drv_sched_scan(wpa_s, params); 377 if (ret) 378 wpa_supplicant_notify_scanning(wpa_s, 0); 379 else 380 wpa_s->sched_scanning = 1; 381 382 return ret; 383 } 384 385 386 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 387 { 388 int ret; 389 390 ret = wpa_drv_stop_sched_scan(wpa_s); 391 if (ret) { 392 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 393 /* TODO: what to do if stopping fails? */ 394 return -1; 395 } 396 397 return ret; 398 } 399 400 401 static struct wpa_driver_scan_filter * 402 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 403 { 404 struct wpa_driver_scan_filter *ssids; 405 struct wpa_ssid *ssid; 406 size_t count; 407 408 *num_ssids = 0; 409 if (!conf->filter_ssids) 410 return NULL; 411 412 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 413 if (ssid->ssid && ssid->ssid_len) 414 count++; 415 } 416 if (count == 0) 417 return NULL; 418 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 419 if (ssids == NULL) 420 return NULL; 421 422 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 423 if (!ssid->ssid || !ssid->ssid_len) 424 continue; 425 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 426 ssids[*num_ssids].ssid_len = ssid->ssid_len; 427 (*num_ssids)++; 428 } 429 430 return ssids; 431 } 432 433 434 static void wpa_supplicant_optimize_freqs( 435 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 436 { 437 #ifdef CONFIG_P2P 438 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 439 wpa_s->go_params) { 440 /* Optimize provisioning state scan based on GO information */ 441 if (wpa_s->p2p_in_provisioning < 5 && 442 wpa_s->go_params->freq > 0) { 443 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 444 "preferred frequency %d MHz", 445 wpa_s->go_params->freq); 446 params->freqs = os_calloc(2, sizeof(int)); 447 if (params->freqs) 448 params->freqs[0] = wpa_s->go_params->freq; 449 } else if (wpa_s->p2p_in_provisioning < 8 && 450 wpa_s->go_params->freq_list[0]) { 451 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 452 "channels"); 453 int_array_concat(¶ms->freqs, 454 wpa_s->go_params->freq_list); 455 if (params->freqs) 456 int_array_sort_unique(params->freqs); 457 } 458 wpa_s->p2p_in_provisioning++; 459 } 460 461 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 462 struct wpa_ssid *ssid = wpa_s->current_ssid; 463 464 /* 465 * Perform a single-channel scan if the GO has already been 466 * discovered on another non-P2P interface. Note that a scan 467 * initiated by a P2P interface (e.g., the device interface) 468 * should already have sufficient IEs and scan results will be 469 * fetched on interface creation in that case. 470 */ 471 if (wpa_s->p2p_in_invitation == 1 && ssid) { 472 struct wpa_supplicant *ifs; 473 struct wpa_bss *bss = NULL; 474 const u8 *bssid = ssid->bssid_set ? ssid->bssid : NULL; 475 476 dl_list_for_each(ifs, &wpa_s->radio->ifaces, 477 struct wpa_supplicant, radio_list) { 478 bss = wpa_bss_get(ifs, bssid, ssid->ssid, 479 ssid->ssid_len); 480 if (bss) 481 break; 482 } 483 if (bss && !disabled_freq(wpa_s, bss->freq)) { 484 params->freqs = os_calloc(2, sizeof(int)); 485 if (params->freqs) { 486 wpa_dbg(wpa_s, MSG_DEBUG, 487 "P2P: Scan only the known GO frequency %d MHz during invitation", 488 bss->freq); 489 params->freqs[0] = bss->freq; 490 } 491 } 492 } 493 494 /* 495 * Optimize scan based on GO information during persistent 496 * group reinvocation 497 */ 498 if (!params->freqs && wpa_s->p2p_in_invitation < 5 && 499 wpa_s->p2p_invite_go_freq > 0) { 500 if (wpa_s->p2p_invite_go_freq == 2 || 501 wpa_s->p2p_invite_go_freq == 5) { 502 enum hostapd_hw_mode mode; 503 504 wpa_dbg(wpa_s, MSG_DEBUG, 505 "P2P: Scan only GO preferred band %d GHz during invitation", 506 wpa_s->p2p_invite_go_freq); 507 508 if (!wpa_s->hw.modes) 509 return; 510 mode = wpa_s->p2p_invite_go_freq == 5 ? 511 HOSTAPD_MODE_IEEE80211A : 512 HOSTAPD_MODE_IEEE80211G; 513 if (wpa_s->p2p_in_invitation <= 2) 514 wpa_add_scan_freqs_list(wpa_s, mode, 515 params, false, 516 false, true); 517 if (!params->freqs || params->freqs[0] == 0) 518 wpa_add_scan_freqs_list(wpa_s, mode, 519 params, false, 520 false, false); 521 } else { 522 wpa_dbg(wpa_s, MSG_DEBUG, 523 "P2P: Scan only GO preferred frequency %d MHz during invitation", 524 wpa_s->p2p_invite_go_freq); 525 params->freqs = os_calloc(2, sizeof(int)); 526 if (params->freqs) 527 params->freqs[0] = 528 wpa_s->p2p_invite_go_freq; 529 } 530 } 531 wpa_s->p2p_in_invitation++; 532 if (wpa_s->p2p_in_invitation > 20) { 533 /* 534 * This should not really happen since the variable is 535 * cleared on group removal, but if it does happen, make 536 * sure we do not get stuck in special invitation scan 537 * mode. 538 */ 539 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 540 wpa_s->p2p_in_invitation = 0; 541 wpa_s->p2p_retry_limit = 0; 542 } 543 } 544 #endif /* CONFIG_P2P */ 545 546 #ifdef CONFIG_WPS 547 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 548 /* 549 * Optimize post-provisioning scan based on channel used 550 * during provisioning. 551 */ 552 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 553 "that was used during provisioning", wpa_s->wps_freq); 554 params->freqs = os_calloc(2, sizeof(int)); 555 if (params->freqs) 556 params->freqs[0] = wpa_s->wps_freq; 557 wpa_s->after_wps--; 558 } else if (wpa_s->after_wps) 559 wpa_s->after_wps--; 560 561 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 562 { 563 /* Optimize provisioning scan based on already known channel */ 564 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 565 wpa_s->wps_freq); 566 params->freqs = os_calloc(2, sizeof(int)); 567 if (params->freqs) 568 params->freqs[0] = wpa_s->wps_freq; 569 wpa_s->known_wps_freq = 0; /* only do this once */ 570 } 571 #endif /* CONFIG_WPS */ 572 } 573 574 575 #ifdef CONFIG_INTERWORKING 576 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 577 struct wpabuf *buf) 578 { 579 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 580 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 581 1 + ETH_ALEN); 582 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 583 /* No Venue Info */ 584 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 585 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 586 } 587 #endif /* CONFIG_INTERWORKING */ 588 589 590 #ifdef CONFIG_MBO 591 static void wpas_fils_req_param_add_max_channel(struct wpa_supplicant *wpa_s, 592 struct wpabuf **ie) 593 { 594 if (wpabuf_resize(ie, 5)) { 595 wpa_printf(MSG_DEBUG, 596 "Failed to allocate space for FILS Request Parameters element"); 597 return; 598 } 599 600 /* FILS Request Parameters element */ 601 wpabuf_put_u8(*ie, WLAN_EID_EXTENSION); 602 wpabuf_put_u8(*ie, 3); /* FILS Request attribute length */ 603 wpabuf_put_u8(*ie, WLAN_EID_EXT_FILS_REQ_PARAMS); 604 /* Parameter control bitmap */ 605 wpabuf_put_u8(*ie, 0); 606 /* Max Channel Time field - contains the value of MaxChannelTime 607 * parameter of the MLME-SCAN.request primitive represented in units of 608 * TUs, as an unsigned integer. A Max Channel Time field value of 255 609 * is used to indicate any duration of more than 254 TUs, or an 610 * unspecified or unknown duration. (IEEE Std 802.11ai-2016, 9.4.2.178) 611 */ 612 wpabuf_put_u8(*ie, 255); 613 } 614 #endif /* CONFIG_MBO */ 615 616 617 void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s) 618 { 619 struct wpabuf *default_ies = NULL; 620 u8 ext_capab[18]; 621 int ext_capab_len, frame_id; 622 enum wpa_driver_if_type type = WPA_IF_STATION; 623 624 #ifdef CONFIG_P2P 625 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 626 type = WPA_IF_P2P_CLIENT; 627 #endif /* CONFIG_P2P */ 628 629 wpa_drv_get_ext_capa(wpa_s, type); 630 631 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 632 sizeof(ext_capab), NULL); 633 if (ext_capab_len > 0 && 634 wpabuf_resize(&default_ies, ext_capab_len) == 0) 635 wpabuf_put_data(default_ies, ext_capab, ext_capab_len); 636 637 #ifdef CONFIG_MBO 638 if (wpa_s->enable_oce & OCE_STA) 639 wpas_fils_req_param_add_max_channel(wpa_s, &default_ies); 640 /* Send MBO and OCE capabilities */ 641 if (wpabuf_resize(&default_ies, 12) == 0) 642 wpas_mbo_scan_ie(wpa_s, default_ies); 643 #endif /* CONFIG_MBO */ 644 645 if (type == WPA_IF_P2P_CLIENT) 646 frame_id = VENDOR_ELEM_PROBE_REQ_P2P; 647 else 648 frame_id = VENDOR_ELEM_PROBE_REQ; 649 650 if (wpa_s->vendor_elem[frame_id]) { 651 size_t len; 652 653 len = wpabuf_len(wpa_s->vendor_elem[frame_id]); 654 if (len > 0 && wpabuf_resize(&default_ies, len) == 0) 655 wpabuf_put_buf(default_ies, 656 wpa_s->vendor_elem[frame_id]); 657 } 658 659 if (default_ies) 660 wpa_drv_set_default_scan_ies(wpa_s, wpabuf_head(default_ies), 661 wpabuf_len(default_ies)); 662 wpabuf_free(default_ies); 663 } 664 665 666 static struct wpabuf * wpa_supplicant_ml_probe_ie(int mld_id, u16 links) 667 { 668 struct wpabuf *extra_ie; 669 u16 control = MULTI_LINK_CONTROL_TYPE_PROBE_REQ; 670 size_t len = 3 + 4 + 4 * MAX_NUM_MLD_LINKS; 671 u8 link_id; 672 u8 *len_pos; 673 674 if (mld_id >= 0) { 675 control |= EHT_ML_PRES_BM_PROBE_REQ_AP_MLD_ID; 676 len++; 677 } 678 679 extra_ie = wpabuf_alloc(len); 680 if (!extra_ie) 681 return NULL; 682 683 wpabuf_put_u8(extra_ie, WLAN_EID_EXTENSION); 684 len_pos = wpabuf_put(extra_ie, 1); 685 wpabuf_put_u8(extra_ie, WLAN_EID_EXT_MULTI_LINK); 686 687 wpabuf_put_le16(extra_ie, control); 688 689 /* common info length and MLD ID (if requested) */ 690 if (mld_id >= 0) { 691 wpabuf_put_u8(extra_ie, 2); 692 wpabuf_put_u8(extra_ie, mld_id); 693 694 wpa_printf(MSG_DEBUG, "MLD: ML probe targeted at MLD ID %d", 695 mld_id); 696 } else { 697 wpabuf_put_u8(extra_ie, 1); 698 699 wpa_printf(MSG_DEBUG, "MLD: ML probe targeted at receiving AP"); 700 } 701 702 if (!links) 703 wpa_printf(MSG_DEBUG, "MLD: Probing all links"); 704 else 705 wpa_printf(MSG_DEBUG, "MLD: Probing links 0x%04x", links); 706 707 for_each_link(links, link_id) { 708 wpabuf_put_u8(extra_ie, EHT_ML_SUB_ELEM_PER_STA_PROFILE); 709 710 /* Subelement length includes only the control */ 711 wpabuf_put_u8(extra_ie, 2); 712 713 control = link_id | EHT_PER_STA_CTRL_COMPLETE_PROFILE_MSK; 714 715 wpabuf_put_le16(extra_ie, control); 716 } 717 718 *len_pos = (u8 *) wpabuf_put(extra_ie, 0) - len_pos - 1; 719 720 return extra_ie; 721 } 722 723 724 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 725 { 726 struct wpabuf *extra_ie = NULL; 727 u8 ext_capab[18]; 728 int ext_capab_len; 729 #ifdef CONFIG_WPS 730 int wps = 0; 731 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 732 #endif /* CONFIG_WPS */ 733 734 if (!is_zero_ether_addr(wpa_s->ml_probe_bssid)) { 735 extra_ie = wpa_supplicant_ml_probe_ie(wpa_s->ml_probe_mld_id, 736 wpa_s->ml_probe_links); 737 738 /* No other elements should be included in the probe request */ 739 wpa_printf(MSG_DEBUG, "MLD: Scan including only ML element"); 740 return extra_ie; 741 } 742 743 #ifdef CONFIG_P2P 744 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 745 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT); 746 else 747 #endif /* CONFIG_P2P */ 748 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION); 749 750 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 751 sizeof(ext_capab), NULL); 752 if (ext_capab_len > 0 && 753 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 754 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 755 756 #ifdef CONFIG_INTERWORKING 757 if (wpa_s->conf->interworking && 758 wpabuf_resize(&extra_ie, 100) == 0) 759 wpas_add_interworking_elements(wpa_s, extra_ie); 760 #endif /* CONFIG_INTERWORKING */ 761 762 #ifdef CONFIG_MBO 763 if (wpa_s->enable_oce & OCE_STA) 764 wpas_fils_req_param_add_max_channel(wpa_s, &extra_ie); 765 #endif /* CONFIG_MBO */ 766 767 #ifdef CONFIG_WPS 768 wps = wpas_wps_in_use(wpa_s, &req_type); 769 770 if (wps) { 771 struct wpabuf *wps_ie; 772 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 773 DEV_PW_DEFAULT, 774 &wpa_s->wps->dev, 775 wpa_s->wps->uuid, req_type, 776 0, NULL); 777 if (wps_ie) { 778 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 779 wpabuf_put_buf(extra_ie, wps_ie); 780 wpabuf_free(wps_ie); 781 } 782 } 783 784 #ifdef CONFIG_P2P 785 if (wps) { 786 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 787 if (wpabuf_resize(&extra_ie, ielen) == 0) 788 wpas_p2p_scan_ie(wpa_s, extra_ie); 789 } 790 #endif /* CONFIG_P2P */ 791 792 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 793 794 #endif /* CONFIG_WPS */ 795 796 #ifdef CONFIG_HS20 797 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 9) == 0) 798 wpas_hs20_add_indication(extra_ie, -1, 0); 799 #endif /* CONFIG_HS20 */ 800 801 #ifdef CONFIG_FST 802 if (wpa_s->fst_ies && 803 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 804 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 805 #endif /* CONFIG_FST */ 806 807 #ifdef CONFIG_MBO 808 /* Send MBO and OCE capabilities */ 809 if (wpabuf_resize(&extra_ie, 12) == 0) 810 wpas_mbo_scan_ie(wpa_s, extra_ie); 811 #endif /* CONFIG_MBO */ 812 813 if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) { 814 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]; 815 816 if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0) 817 wpabuf_put_buf(extra_ie, buf); 818 } 819 820 return extra_ie; 821 } 822 823 824 #ifdef CONFIG_P2P 825 826 /* 827 * Check whether there are any enabled networks or credentials that could be 828 * used for a non-P2P connection. 829 */ 830 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 831 { 832 struct wpa_ssid *ssid; 833 834 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 835 if (wpas_network_disabled(wpa_s, ssid)) 836 continue; 837 if (!ssid->p2p_group) 838 return 1; 839 } 840 841 if (wpa_s->conf->cred && wpa_s->conf->interworking && 842 wpa_s->conf->auto_interworking) 843 return 1; 844 845 return 0; 846 } 847 848 #endif /* CONFIG_P2P */ 849 850 851 int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s, 852 enum hostapd_hw_mode band, 853 struct wpa_driver_scan_params *params, 854 bool is_6ghz, bool only_6ghz_psc, 855 bool exclude_radar) 856 { 857 /* Include only supported channels for the specified band */ 858 struct hostapd_hw_modes *mode; 859 int num_chans = 0; 860 int *freqs, i; 861 862 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band, is_6ghz); 863 if (!mode || !mode->num_channels) 864 return -1; 865 866 if (params->freqs) { 867 while (params->freqs[num_chans]) 868 num_chans++; 869 } 870 871 freqs = os_realloc(params->freqs, 872 (num_chans + mode->num_channels + 1) * sizeof(int)); 873 if (!freqs) 874 return -1; 875 876 params->freqs = freqs; 877 for (i = 0; i < mode->num_channels; i++) { 878 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 879 continue; 880 if (exclude_radar && 881 (mode->channels[i].flag & HOSTAPD_CHAN_RADAR)) 882 continue; 883 884 if (is_6ghz && only_6ghz_psc && 885 !is_6ghz_psc_frequency(mode->channels[i].freq)) 886 continue; 887 888 params->freqs[num_chans++] = mode->channels[i].freq; 889 } 890 params->freqs[num_chans] = 0; 891 892 return 0; 893 } 894 895 896 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 897 struct wpa_driver_scan_params *params) 898 { 899 if (wpa_s->hw.modes == NULL) 900 return; /* unknown what channels the driver supports */ 901 if (params->freqs) 902 return; /* already using a limited channel set */ 903 904 if (wpa_s->setband_mask & WPA_SETBAND_5G) 905 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params, 906 false, false, false); 907 if (wpa_s->setband_mask & WPA_SETBAND_2G) 908 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, params, 909 false, false, false); 910 if (wpa_s->setband_mask & WPA_SETBAND_6G) 911 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params, 912 true, false, false); 913 } 914 915 916 static void wpa_add_scan_ssid(struct wpa_supplicant *wpa_s, 917 struct wpa_driver_scan_params *params, 918 size_t max_ssids, const u8 *ssid, size_t ssid_len) 919 { 920 unsigned int j; 921 922 for (j = 0; j < params->num_ssids; j++) { 923 if (params->ssids[j].ssid_len == ssid_len && 924 params->ssids[j].ssid && 925 os_memcmp(params->ssids[j].ssid, ssid, ssid_len) == 0) 926 return; /* already in the list */ 927 } 928 929 if (params->num_ssids + 1 > max_ssids) { 930 wpa_printf(MSG_DEBUG, "Over max scan SSIDs for manual request"); 931 return; 932 } 933 934 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 935 wpa_ssid_txt(ssid, ssid_len)); 936 937 params->ssids[params->num_ssids].ssid = ssid; 938 params->ssids[params->num_ssids].ssid_len = ssid_len; 939 params->num_ssids++; 940 } 941 942 943 static void wpa_add_owe_scan_ssid(struct wpa_supplicant *wpa_s, 944 struct wpa_driver_scan_params *params, 945 struct wpa_ssid *ssid, size_t max_ssids) 946 { 947 #ifdef CONFIG_OWE 948 struct wpa_bss *bss; 949 950 if (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE)) 951 return; 952 953 wpa_printf(MSG_DEBUG, "OWE: Look for transition mode AP. ssid=%s", 954 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 955 956 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 957 const u8 *owe, *pos, *end; 958 const u8 *owe_ssid; 959 size_t owe_ssid_len; 960 961 if (bss->ssid_len != ssid->ssid_len || 962 os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) != 0) 963 continue; 964 965 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE); 966 if (!owe || owe[1] < 4) 967 continue; 968 969 pos = owe + 6; 970 end = owe + 2 + owe[1]; 971 972 /* Must include BSSID and ssid_len */ 973 if (end - pos < ETH_ALEN + 1) 974 return; 975 976 /* Skip BSSID */ 977 pos += ETH_ALEN; 978 owe_ssid_len = *pos++; 979 owe_ssid = pos; 980 981 if ((size_t) (end - pos) < owe_ssid_len || 982 owe_ssid_len > SSID_MAX_LEN) 983 return; 984 985 wpa_printf(MSG_DEBUG, 986 "OWE: scan_ssids: transition mode OWE ssid=%s", 987 wpa_ssid_txt(owe_ssid, owe_ssid_len)); 988 989 wpa_add_scan_ssid(wpa_s, params, max_ssids, 990 owe_ssid, owe_ssid_len); 991 return; 992 } 993 #endif /* CONFIG_OWE */ 994 } 995 996 997 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 998 struct wpa_driver_scan_params *params, 999 size_t max_ssids) 1000 { 1001 unsigned int i; 1002 struct wpa_ssid *ssid; 1003 1004 /* 1005 * For devices with max_ssids greater than 1, leave the last slot empty 1006 * for adding the wildcard scan entry. 1007 */ 1008 max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids; 1009 1010 for (i = 0; i < wpa_s->scan_id_count; i++) { 1011 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 1012 if (!ssid) 1013 continue; 1014 if (ssid->scan_ssid) 1015 wpa_add_scan_ssid(wpa_s, params, max_ssids, 1016 ssid->ssid, ssid->ssid_len); 1017 /* 1018 * Also add the SSID of the OWE BSS, to allow discovery of 1019 * transition mode APs more quickly. 1020 */ 1021 wpa_add_owe_scan_ssid(wpa_s, params, ssid, max_ssids); 1022 } 1023 1024 wpa_s->scan_id_count = 0; 1025 } 1026 1027 1028 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 1029 struct wpa_driver_scan_params *params, 1030 size_t max_ssids) 1031 { 1032 unsigned int i; 1033 1034 if (wpa_s->ssids_from_scan_req == NULL || 1035 wpa_s->num_ssids_from_scan_req == 0) 1036 return 0; 1037 1038 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 1039 wpa_s->num_ssids_from_scan_req = max_ssids; 1040 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 1041 (unsigned int) max_ssids); 1042 } 1043 1044 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 1045 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 1046 params->ssids[i].ssid_len = 1047 wpa_s->ssids_from_scan_req[i].ssid_len; 1048 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 1049 params->ssids[i].ssid, 1050 params->ssids[i].ssid_len); 1051 } 1052 1053 params->num_ssids = wpa_s->num_ssids_from_scan_req; 1054 wpa_s->num_ssids_from_scan_req = 0; 1055 return 1; 1056 } 1057 1058 1059 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 1060 { 1061 struct wpa_supplicant *wpa_s = eloop_ctx; 1062 struct wpa_ssid *ssid; 1063 int ret, p2p_in_prog; 1064 struct wpabuf *extra_ie = NULL; 1065 struct wpa_driver_scan_params params; 1066 struct wpa_driver_scan_params *scan_params; 1067 size_t max_ssids; 1068 int connect_without_scan = 0; 1069 1070 wpa_s->ignore_post_flush_scan_res = 0; 1071 1072 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 1073 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 1074 return; 1075 } 1076 1077 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 1078 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 1079 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 1080 return; 1081 } 1082 1083 if (wpa_s->scanning) { 1084 /* 1085 * If we are already in scanning state, we shall reschedule the 1086 * the incoming scan request. 1087 */ 1088 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 1089 wpa_supplicant_req_scan(wpa_s, 1, 0); 1090 return; 1091 } 1092 1093 if (!wpa_supplicant_enabled_networks(wpa_s) && 1094 wpa_s->scan_req == NORMAL_SCAN_REQ) { 1095 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 1096 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 1097 return; 1098 } 1099 1100 if (wpa_s->conf->ap_scan != 0 && 1101 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 1102 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 1103 "overriding ap_scan configuration"); 1104 wpa_s->conf->ap_scan = 0; 1105 wpas_notify_ap_scan_changed(wpa_s); 1106 } 1107 1108 if (wpa_s->conf->ap_scan == 0) { 1109 wpa_supplicant_gen_assoc_event(wpa_s); 1110 return; 1111 } 1112 1113 ssid = NULL; 1114 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 1115 wpa_s->connect_without_scan) { 1116 connect_without_scan = 1; 1117 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1118 if (ssid == wpa_s->connect_without_scan) 1119 break; 1120 } 1121 } 1122 1123 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 1124 if (p2p_in_prog && p2p_in_prog != 2 && 1125 (!ssid || 1126 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 1127 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 1128 wpa_supplicant_req_scan(wpa_s, 5, 0); 1129 return; 1130 } 1131 1132 /* 1133 * Don't cancel the scan based on ongoing PNO; defer it. Some scans are 1134 * used for changing modes inside wpa_supplicant (roaming, 1135 * auto-reconnect, etc). Discarding the scan might hurt these processes. 1136 * The normal use case for PNO is to suspend the host immediately after 1137 * starting PNO, so the periodic 100 ms attempts to run the scan do not 1138 * normally happen in practice multiple times, i.e., this is simply 1139 * restarting scanning once the host is woken up and PNO stopped. 1140 */ 1141 if (wpa_s->pno || wpa_s->pno_sched_pending) { 1142 wpa_dbg(wpa_s, MSG_DEBUG, "Defer scan - PNO is in progress"); 1143 wpa_supplicant_req_scan(wpa_s, 0, 100000); 1144 return; 1145 } 1146 1147 if (wpa_s->conf->ap_scan == 2) 1148 max_ssids = 1; 1149 else { 1150 max_ssids = wpa_s->max_scan_ssids; 1151 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 1152 max_ssids = WPAS_MAX_SCAN_SSIDS; 1153 } 1154 1155 wpa_s->last_scan_req = wpa_s->scan_req; 1156 wpa_s->scan_req = NORMAL_SCAN_REQ; 1157 1158 if (connect_without_scan) { 1159 wpa_s->connect_without_scan = NULL; 1160 if (ssid) { 1161 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 1162 "without scan step"); 1163 wpa_supplicant_associate(wpa_s, NULL, ssid); 1164 return; 1165 } 1166 } 1167 1168 os_memset(¶ms, 0, sizeof(params)); 1169 1170 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 1171 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1172 wpa_s->wpa_state == WPA_INACTIVE) 1173 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1174 1175 /* 1176 * If autoscan has set its own scanning parameters 1177 */ 1178 if (wpa_s->autoscan_params != NULL) { 1179 scan_params = wpa_s->autoscan_params; 1180 goto scan; 1181 } 1182 1183 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1184 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 1185 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 1186 goto ssid_list_set; 1187 } 1188 1189 #ifdef CONFIG_P2P 1190 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 1191 wpa_s->go_params && !wpa_s->conf->passive_scan) { 1192 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 1193 wpa_s->p2p_in_provisioning, 1194 wpa_s->show_group_started); 1195 params.ssids[0].ssid = wpa_s->go_params->ssid; 1196 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 1197 params.num_ssids = 1; 1198 params.bssid = wpa_s->go_params->peer_interface_addr; 1199 wpa_printf(MSG_DEBUG, "P2P: Use specific BSSID " MACSTR 1200 " (peer interface address) for scan", 1201 MAC2STR(params.bssid)); 1202 goto ssid_list_set; 1203 } 1204 1205 if (wpa_s->p2p_in_invitation) { 1206 if (wpa_s->current_ssid) { 1207 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 1208 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 1209 params.ssids[0].ssid_len = 1210 wpa_s->current_ssid->ssid_len; 1211 params.num_ssids = 1; 1212 if (wpa_s->current_ssid->bssid_set) { 1213 params.bssid = wpa_s->current_ssid->bssid; 1214 wpa_printf(MSG_DEBUG, "P2P: Use specific BSSID " 1215 MACSTR " for scan", 1216 MAC2STR(params.bssid)); 1217 } 1218 } else { 1219 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 1220 } 1221 goto ssid_list_set; 1222 } 1223 #endif /* CONFIG_P2P */ 1224 1225 /* Find the starting point from which to continue scanning */ 1226 ssid = wpa_s->conf->ssid; 1227 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 1228 while (ssid) { 1229 if (ssid == wpa_s->prev_scan_ssid) { 1230 ssid = ssid->next; 1231 break; 1232 } 1233 ssid = ssid->next; 1234 } 1235 } 1236 1237 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 1238 #ifdef CONFIG_AP 1239 !wpa_s->ap_iface && 1240 #endif /* CONFIG_AP */ 1241 wpa_s->conf->ap_scan == 2) { 1242 wpa_s->connect_without_scan = NULL; 1243 wpa_s->prev_scan_wildcard = 0; 1244 wpa_supplicant_assoc_try(wpa_s, ssid); 1245 return; 1246 } else if (wpa_s->conf->ap_scan == 2) { 1247 /* 1248 * User-initiated scan request in ap_scan == 2; scan with 1249 * wildcard SSID. 1250 */ 1251 ssid = NULL; 1252 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 1253 /* 1254 * Perform single-channel single-SSID scan for 1255 * reassociate-to-same-BSS operation. 1256 */ 1257 /* Setup SSID */ 1258 ssid = wpa_s->current_ssid; 1259 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 1260 ssid->ssid, ssid->ssid_len); 1261 params.ssids[0].ssid = ssid->ssid; 1262 params.ssids[0].ssid_len = ssid->ssid_len; 1263 params.num_ssids = 1; 1264 1265 /* 1266 * Allocate memory for frequency array, allocate one extra 1267 * slot for the zero-terminator. 1268 */ 1269 params.freqs = os_malloc(sizeof(int) * 2); 1270 if (params.freqs) { 1271 params.freqs[0] = wpa_s->assoc_freq; 1272 params.freqs[1] = 0; 1273 } 1274 1275 /* 1276 * Reset the reattach flag so that we fall back to full scan if 1277 * this scan fails. 1278 */ 1279 wpa_s->reattach = 0; 1280 } else { 1281 struct wpa_ssid *start = ssid, *tssid; 1282 int freqs_set = 0; 1283 if (ssid == NULL && max_ssids > 1) 1284 ssid = wpa_s->conf->ssid; 1285 while (ssid) { 1286 if (!wpas_network_disabled(wpa_s, ssid) && 1287 ssid->scan_ssid) { 1288 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 1289 ssid->ssid, ssid->ssid_len); 1290 params.ssids[params.num_ssids].ssid = 1291 ssid->ssid; 1292 params.ssids[params.num_ssids].ssid_len = 1293 ssid->ssid_len; 1294 params.num_ssids++; 1295 if (params.num_ssids + 1 >= max_ssids) 1296 break; 1297 } 1298 1299 if (!wpas_network_disabled(wpa_s, ssid)) { 1300 /* 1301 * Also add the SSID of the OWE BSS, to allow 1302 * discovery of transition mode APs more 1303 * quickly. 1304 */ 1305 wpa_add_owe_scan_ssid(wpa_s, ¶ms, ssid, 1306 max_ssids); 1307 } 1308 1309 ssid = ssid->next; 1310 if (ssid == start) 1311 break; 1312 if (ssid == NULL && max_ssids > 1 && 1313 start != wpa_s->conf->ssid) 1314 ssid = wpa_s->conf->ssid; 1315 } 1316 1317 if (wpa_s->scan_id_count && 1318 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 1319 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 1320 1321 for (tssid = wpa_s->conf->ssid; 1322 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 1323 tssid = tssid->next) { 1324 if (wpas_network_disabled(wpa_s, tssid)) 1325 continue; 1326 if (((params.freqs || !freqs_set) && 1327 tssid->scan_freq) && 1328 int_array_len(params.freqs) < 100) { 1329 int_array_concat(¶ms.freqs, 1330 tssid->scan_freq); 1331 } else { 1332 os_free(params.freqs); 1333 params.freqs = NULL; 1334 } 1335 freqs_set = 1; 1336 } 1337 int_array_sort_unique(params.freqs); 1338 } 1339 1340 if (ssid && max_ssids == 1) { 1341 /* 1342 * If the driver is limited to 1 SSID at a time interleave 1343 * wildcard SSID scans with specific SSID scans to avoid 1344 * waiting a long time for a wildcard scan. 1345 */ 1346 if (!wpa_s->prev_scan_wildcard) { 1347 params.ssids[0].ssid = NULL; 1348 params.ssids[0].ssid_len = 0; 1349 wpa_s->prev_scan_wildcard = 1; 1350 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 1351 "wildcard SSID (Interleave with specific)"); 1352 } else { 1353 wpa_s->prev_scan_ssid = ssid; 1354 wpa_s->prev_scan_wildcard = 0; 1355 wpa_dbg(wpa_s, MSG_DEBUG, 1356 "Starting AP scan for specific SSID: %s", 1357 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1358 } 1359 } else if (ssid) { 1360 /* max_ssids > 1 */ 1361 1362 wpa_s->prev_scan_ssid = ssid; 1363 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 1364 "the scan request"); 1365 params.num_ssids++; 1366 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1367 wpa_s->manual_scan_passive && params.num_ssids == 0) { 1368 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 1369 } else if (wpa_s->conf->passive_scan) { 1370 wpa_dbg(wpa_s, MSG_DEBUG, 1371 "Use passive scan based on configuration"); 1372 } else { 1373 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 1374 params.num_ssids++; 1375 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 1376 "SSID"); 1377 } 1378 1379 ssid_list_set: 1380 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 1381 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1382 1383 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1384 wpa_s->manual_scan_only_new) { 1385 wpa_printf(MSG_DEBUG, 1386 "Request driver to clear scan cache due to manual only_new=1 scan"); 1387 params.only_new_results = 1; 1388 } 1389 1390 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 1391 wpa_s->manual_scan_freqs) { 1392 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 1393 params.freqs = wpa_s->manual_scan_freqs; 1394 wpa_s->manual_scan_freqs = NULL; 1395 } 1396 1397 if (params.freqs == NULL && wpa_s->select_network_scan_freqs) { 1398 wpa_dbg(wpa_s, MSG_DEBUG, 1399 "Limit select_network scan to specified channels"); 1400 params.freqs = wpa_s->select_network_scan_freqs; 1401 wpa_s->select_network_scan_freqs = NULL; 1402 } 1403 1404 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 1405 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 1406 "generated frequency list"); 1407 params.freqs = wpa_s->next_scan_freqs; 1408 } else 1409 os_free(wpa_s->next_scan_freqs); 1410 wpa_s->next_scan_freqs = NULL; 1411 wpa_setband_scan_freqs(wpa_s, ¶ms); 1412 1413 /* See if user specified frequencies. If so, scan only those. */ 1414 if (wpa_s->last_scan_req == INITIAL_SCAN_REQ && 1415 wpa_s->conf->initial_freq_list && !params.freqs) { 1416 wpa_dbg(wpa_s, MSG_DEBUG, 1417 "Optimize scan based on conf->initial_freq_list"); 1418 int_array_concat(¶ms.freqs, wpa_s->conf->initial_freq_list); 1419 } else if (wpa_s->conf->freq_list && !params.freqs) { 1420 wpa_dbg(wpa_s, MSG_DEBUG, 1421 "Optimize scan based on conf->freq_list"); 1422 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1423 } 1424 1425 /* Use current associated channel? */ 1426 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 1427 unsigned int num = wpa_s->num_multichan_concurrent; 1428 1429 params.freqs = os_calloc(num + 1, sizeof(int)); 1430 if (params.freqs) { 1431 num = get_shared_radio_freqs(wpa_s, params.freqs, num, 1432 false); 1433 if (num > 0) { 1434 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 1435 "current operating channels since " 1436 "scan_cur_freq is enabled"); 1437 } else { 1438 os_free(params.freqs); 1439 params.freqs = NULL; 1440 } 1441 } 1442 } 1443 1444 #ifdef CONFIG_MBO 1445 if (wpa_s->enable_oce & OCE_STA) 1446 params.oce_scan = 1; 1447 #endif /* CONFIG_MBO */ 1448 1449 params.filter_ssids = wpa_supplicant_build_filter_ssids( 1450 wpa_s->conf, ¶ms.num_filter_ssids); 1451 if (extra_ie) { 1452 params.extra_ies = wpabuf_head(extra_ie); 1453 params.extra_ies_len = wpabuf_len(extra_ie); 1454 } 1455 1456 #ifdef CONFIG_P2P 1457 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 1458 (wpa_s->show_group_started && wpa_s->go_params)) { 1459 /* 1460 * The interface may not yet be in P2P mode, so we have to 1461 * explicitly request P2P probe to disable CCK rates. 1462 */ 1463 params.p2p_probe = 1; 1464 } 1465 #endif /* CONFIG_P2P */ 1466 1467 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) && 1468 wpa_s->wpa_state <= WPA_SCANNING) 1469 wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_scan); 1470 1471 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1472 struct wpa_bss *bss; 1473 1474 params.bssid = wpa_s->next_scan_bssid; 1475 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1476 if (!wpa_s->next_scan_bssid_wildcard_ssid && 1477 bss && bss->ssid_len && params.num_ssids == 1 && 1478 params.ssids[0].ssid_len == 0) { 1479 params.ssids[0].ssid = bss->ssid; 1480 params.ssids[0].ssid_len = bss->ssid_len; 1481 wpa_dbg(wpa_s, MSG_DEBUG, 1482 "Scan a previously specified BSSID " MACSTR 1483 " and SSID %s", 1484 MAC2STR(params.bssid), 1485 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1486 } else { 1487 wpa_dbg(wpa_s, MSG_DEBUG, 1488 "Scan a previously specified BSSID " MACSTR, 1489 MAC2STR(params.bssid)); 1490 } 1491 } else if (!is_zero_ether_addr(wpa_s->ml_probe_bssid)) { 1492 wpa_printf(MSG_DEBUG, "Scanning for ML probe request"); 1493 params.bssid = wpa_s->ml_probe_bssid; 1494 params.min_probe_req_content = true; 1495 } 1496 1497 1498 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1499 wpa_s->manual_non_coloc_6ghz) { 1500 wpa_dbg(wpa_s, MSG_DEBUG, "Collocated 6 GHz logic is disabled"); 1501 params.non_coloc_6ghz = 1; 1502 } 1503 1504 scan_params = ¶ms; 1505 1506 scan: 1507 #ifdef CONFIG_P2P 1508 /* 1509 * If the driver does not support multi-channel concurrency and a 1510 * virtual interface that shares the same radio with the wpa_s interface 1511 * is operating there may not be need to scan other channels apart from 1512 * the current operating channel on the other virtual interface. Filter 1513 * out other channels in case we are trying to find a connection for a 1514 * station interface when we are not configured to prefer station 1515 * connection and a concurrent operation is already in process. 1516 */ 1517 if (wpa_s->scan_for_connection && 1518 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1519 !scan_params->freqs && !params.freqs && 1520 wpas_is_p2p_prioritized(wpa_s) && 1521 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1522 non_p2p_network_enabled(wpa_s)) { 1523 unsigned int num = wpa_s->num_multichan_concurrent; 1524 1525 params.freqs = os_calloc(num + 1, sizeof(int)); 1526 if (params.freqs) { 1527 /* 1528 * Exclude the operating frequency of the current 1529 * interface since we're looking to transition off of 1530 * it. 1531 */ 1532 num = get_shared_radio_freqs(wpa_s, params.freqs, num, 1533 true); 1534 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1535 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1536 } else { 1537 os_free(params.freqs); 1538 params.freqs = NULL; 1539 } 1540 } 1541 } 1542 1543 if (!params.freqs && wpas_is_6ghz_supported(wpa_s, true) && 1544 (wpa_s->p2p_in_invitation || wpa_s->p2p_in_provisioning)) 1545 wpas_p2p_scan_freqs(wpa_s, ¶ms, true); 1546 #endif /* CONFIG_P2P */ 1547 1548 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params, false, false); 1549 1550 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1551 !wpa_s->manual_scan_freqs) { 1552 /* Restore manual_scan_freqs for the next attempt */ 1553 wpa_s->manual_scan_freqs = params.freqs; 1554 params.freqs = NULL; 1555 } 1556 1557 wpabuf_free(extra_ie); 1558 os_free(params.freqs); 1559 os_free(params.filter_ssids); 1560 os_free(params.mac_addr); 1561 1562 if (ret) { 1563 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1564 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1565 wpa_supplicant_set_state(wpa_s, 1566 wpa_s->scan_prev_wpa_state); 1567 /* Restore scan_req since we will try to scan again */ 1568 wpa_s->scan_req = wpa_s->last_scan_req; 1569 wpa_supplicant_req_scan(wpa_s, 1, 0); 1570 } else { 1571 wpa_s->scan_for_connection = 0; 1572 #ifdef CONFIG_INTERWORKING 1573 wpa_s->interworking_fast_assoc_tried = 0; 1574 #endif /* CONFIG_INTERWORKING */ 1575 wpa_s->next_scan_bssid_wildcard_ssid = 0; 1576 if (params.bssid) 1577 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1578 } 1579 1580 wpa_s->ml_probe_mld_id = -1; 1581 wpa_s->ml_probe_links = 0; 1582 os_memset(wpa_s->ml_probe_bssid, 0, sizeof(wpa_s->ml_probe_bssid)); 1583 } 1584 1585 1586 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1587 { 1588 struct os_reltime remaining, new_int; 1589 int cancelled; 1590 1591 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1592 &remaining); 1593 1594 new_int.sec = sec; 1595 new_int.usec = 0; 1596 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1597 new_int.sec = remaining.sec; 1598 new_int.usec = remaining.usec; 1599 } 1600 1601 if (cancelled) { 1602 eloop_register_timeout(new_int.sec, new_int.usec, 1603 wpa_supplicant_scan, wpa_s, NULL); 1604 } 1605 wpa_s->scan_interval = sec; 1606 } 1607 1608 1609 /** 1610 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1611 * @wpa_s: Pointer to wpa_supplicant data 1612 * @sec: Number of seconds after which to scan 1613 * @usec: Number of microseconds after which to scan 1614 * 1615 * This function is used to schedule a scan for neighboring access points after 1616 * the specified time. 1617 */ 1618 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1619 { 1620 int res; 1621 1622 if (wpa_s->p2p_mgmt) { 1623 wpa_dbg(wpa_s, MSG_DEBUG, 1624 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1625 sec, usec); 1626 return; 1627 } 1628 1629 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1630 NULL); 1631 if (res == 1) { 1632 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1633 sec, usec); 1634 } else if (res == 0) { 1635 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1636 sec, usec); 1637 } else { 1638 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1639 sec, usec); 1640 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1641 } 1642 } 1643 1644 1645 /** 1646 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1647 * @wpa_s: Pointer to wpa_supplicant data 1648 * @sec: Number of seconds after which to scan 1649 * @usec: Number of microseconds after which to scan 1650 * Returns: 0 on success or -1 otherwise 1651 * 1652 * This function is used to schedule periodic scans for neighboring 1653 * access points after the specified time. 1654 */ 1655 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1656 int sec, int usec) 1657 { 1658 if (!wpa_s->sched_scan_supported) 1659 return -1; 1660 1661 eloop_register_timeout(sec, usec, 1662 wpa_supplicant_delayed_sched_scan_timeout, 1663 wpa_s, NULL); 1664 1665 return 0; 1666 } 1667 1668 1669 static void 1670 wpa_scan_set_relative_rssi_params(struct wpa_supplicant *wpa_s, 1671 struct wpa_driver_scan_params *params) 1672 { 1673 if (wpa_s->wpa_state != WPA_COMPLETED || 1674 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI) || 1675 wpa_s->srp.relative_rssi_set == 0) 1676 return; 1677 1678 params->relative_rssi_set = 1; 1679 params->relative_rssi = wpa_s->srp.relative_rssi; 1680 1681 if (wpa_s->srp.relative_adjust_rssi == 0) 1682 return; 1683 1684 params->relative_adjust_band = wpa_s->srp.relative_adjust_band; 1685 params->relative_adjust_rssi = wpa_s->srp.relative_adjust_rssi; 1686 } 1687 1688 1689 /** 1690 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1691 * @wpa_s: Pointer to wpa_supplicant data 1692 * Returns: 0 is sched_scan was started or -1 otherwise 1693 * 1694 * This function is used to schedule periodic scans for neighboring 1695 * access points repeating the scan continuously. 1696 */ 1697 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1698 { 1699 struct wpa_driver_scan_params params; 1700 struct wpa_driver_scan_params *scan_params; 1701 enum wpa_states prev_state; 1702 struct wpa_ssid *ssid = NULL; 1703 struct wpabuf *extra_ie = NULL; 1704 int ret; 1705 unsigned int max_sched_scan_ssids; 1706 int wildcard = 0; 1707 int need_ssids; 1708 struct sched_scan_plan scan_plan; 1709 1710 if (!wpa_s->sched_scan_supported) 1711 return -1; 1712 1713 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1714 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1715 else 1716 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1717 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1718 return -1; 1719 1720 wpa_s->sched_scan_stop_req = 0; 1721 1722 if (wpa_s->sched_scanning) { 1723 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1724 return 0; 1725 } 1726 1727 need_ssids = 0; 1728 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1729 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1730 /* Use wildcard SSID to find this network */ 1731 wildcard = 1; 1732 } else if (!wpas_network_disabled(wpa_s, ssid) && 1733 ssid->ssid_len) 1734 need_ssids++; 1735 1736 #ifdef CONFIG_WPS 1737 if (!wpas_network_disabled(wpa_s, ssid) && 1738 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1739 /* 1740 * Normal scan is more reliable and faster for WPS 1741 * operations and since these are for short periods of 1742 * time, the benefit of trying to use sched_scan would 1743 * be limited. 1744 */ 1745 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1746 "sched_scan for WPS"); 1747 return -1; 1748 } 1749 #endif /* CONFIG_WPS */ 1750 } 1751 if (wildcard) 1752 need_ssids++; 1753 1754 if (wpa_s->normal_scans < 3 && 1755 (need_ssids <= wpa_s->max_scan_ssids || 1756 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1757 /* 1758 * When normal scan can speed up operations, use that for the 1759 * first operations before starting the sched_scan to allow 1760 * user space sleep more. We do this only if the normal scan 1761 * has functionality that is suitable for this or if the 1762 * sched_scan does not have better support for multiple SSIDs. 1763 */ 1764 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1765 "sched_scan for initial scans (normal_scans=%d)", 1766 wpa_s->normal_scans); 1767 return -1; 1768 } 1769 1770 os_memset(¶ms, 0, sizeof(params)); 1771 1772 /* If we can't allocate space for the filters, we just don't filter */ 1773 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1774 sizeof(struct wpa_driver_scan_filter)); 1775 1776 prev_state = wpa_s->wpa_state; 1777 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1778 wpa_s->wpa_state == WPA_INACTIVE) 1779 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1780 1781 if (wpa_s->autoscan_params != NULL) { 1782 scan_params = wpa_s->autoscan_params; 1783 goto scan; 1784 } 1785 1786 /* Find the starting point from which to continue scanning */ 1787 ssid = wpa_s->conf->ssid; 1788 if (wpa_s->prev_sched_ssid) { 1789 while (ssid) { 1790 if (ssid == wpa_s->prev_sched_ssid) { 1791 ssid = ssid->next; 1792 break; 1793 } 1794 ssid = ssid->next; 1795 } 1796 } 1797 1798 if (!ssid || !wpa_s->prev_sched_ssid) { 1799 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1800 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1801 wpa_s->first_sched_scan = 1; 1802 ssid = wpa_s->conf->ssid; 1803 wpa_s->prev_sched_ssid = ssid; 1804 } 1805 1806 if (wildcard) { 1807 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1808 params.num_ssids++; 1809 } 1810 1811 while (ssid) { 1812 if (wpas_network_disabled(wpa_s, ssid)) 1813 goto next; 1814 1815 if (params.num_filter_ssids < wpa_s->max_match_sets && 1816 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1817 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1818 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1819 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1820 ssid->ssid, ssid->ssid_len); 1821 params.filter_ssids[params.num_filter_ssids].ssid_len = 1822 ssid->ssid_len; 1823 params.num_filter_ssids++; 1824 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1825 { 1826 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1827 "filter for sched_scan - drop filter"); 1828 os_free(params.filter_ssids); 1829 params.filter_ssids = NULL; 1830 params.num_filter_ssids = 0; 1831 } 1832 1833 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1834 if (params.num_ssids == max_sched_scan_ssids) 1835 break; /* only room for broadcast SSID */ 1836 wpa_dbg(wpa_s, MSG_DEBUG, 1837 "add to active scan ssid: %s", 1838 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1839 params.ssids[params.num_ssids].ssid = 1840 ssid->ssid; 1841 params.ssids[params.num_ssids].ssid_len = 1842 ssid->ssid_len; 1843 params.num_ssids++; 1844 if (params.num_ssids >= max_sched_scan_ssids) { 1845 wpa_s->prev_sched_ssid = ssid; 1846 do { 1847 ssid = ssid->next; 1848 } while (ssid && 1849 (wpas_network_disabled(wpa_s, ssid) || 1850 !ssid->scan_ssid)); 1851 break; 1852 } 1853 } 1854 1855 next: 1856 wpa_s->prev_sched_ssid = ssid; 1857 ssid = ssid->next; 1858 } 1859 1860 if (params.num_filter_ssids == 0) { 1861 os_free(params.filter_ssids); 1862 params.filter_ssids = NULL; 1863 } 1864 1865 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1866 if (extra_ie) { 1867 params.extra_ies = wpabuf_head(extra_ie); 1868 params.extra_ies_len = wpabuf_len(extra_ie); 1869 } 1870 1871 if (wpa_s->conf->filter_rssi) 1872 params.filter_rssi = wpa_s->conf->filter_rssi; 1873 1874 /* See if user specified frequencies. If so, scan only those. */ 1875 if (wpa_s->conf->freq_list && !params.freqs) { 1876 wpa_dbg(wpa_s, MSG_DEBUG, 1877 "Optimize scan based on conf->freq_list"); 1878 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1879 } 1880 1881 #ifdef CONFIG_MBO 1882 if (wpa_s->enable_oce & OCE_STA) 1883 params.oce_scan = 1; 1884 #endif /* CONFIG_MBO */ 1885 1886 scan_params = ¶ms; 1887 1888 scan: 1889 wpa_s->sched_scan_timed_out = 0; 1890 1891 /* 1892 * We cannot support multiple scan plans if the scan request includes 1893 * too many SSID's, so in this case use only the last scan plan and make 1894 * it run infinitely. It will be stopped by the timeout. 1895 */ 1896 if (wpa_s->sched_scan_plans_num == 1 || 1897 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1898 params.sched_scan_plans = wpa_s->sched_scan_plans; 1899 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1900 } else if (wpa_s->sched_scan_plans_num > 1) { 1901 wpa_dbg(wpa_s, MSG_DEBUG, 1902 "Too many SSIDs. Default to using single scheduled_scan plan"); 1903 params.sched_scan_plans = 1904 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1905 1]; 1906 params.sched_scan_plans_num = 1; 1907 } else { 1908 if (wpa_s->conf->sched_scan_interval) 1909 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1910 else 1911 scan_plan.interval = 10; 1912 1913 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1914 wpa_printf(MSG_WARNING, 1915 "Scan interval too long(%u), use the maximum allowed(%u)", 1916 scan_plan.interval, 1917 wpa_s->max_sched_scan_plan_interval); 1918 scan_plan.interval = 1919 wpa_s->max_sched_scan_plan_interval; 1920 } 1921 1922 scan_plan.iterations = 0; 1923 params.sched_scan_plans = &scan_plan; 1924 params.sched_scan_plans_num = 1; 1925 } 1926 1927 params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay; 1928 1929 if (ssid || !wpa_s->first_sched_scan) { 1930 wpa_dbg(wpa_s, MSG_DEBUG, 1931 "Starting sched scan after %u seconds: interval %u timeout %d", 1932 params.sched_scan_start_delay, 1933 params.sched_scan_plans[0].interval, 1934 wpa_s->sched_scan_timeout); 1935 } else { 1936 wpa_dbg(wpa_s, MSG_DEBUG, 1937 "Starting sched scan after %u seconds (no timeout)", 1938 params.sched_scan_start_delay); 1939 } 1940 1941 wpa_setband_scan_freqs(wpa_s, scan_params); 1942 1943 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) && 1944 wpa_s->wpa_state <= WPA_SCANNING) 1945 wpa_setup_mac_addr_rand_params(¶ms, 1946 wpa_s->mac_addr_sched_scan); 1947 1948 wpa_scan_set_relative_rssi_params(wpa_s, scan_params); 1949 1950 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1951 wpabuf_free(extra_ie); 1952 os_free(params.filter_ssids); 1953 os_free(params.mac_addr); 1954 if (ret) { 1955 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1956 if (prev_state != wpa_s->wpa_state) 1957 wpa_supplicant_set_state(wpa_s, prev_state); 1958 return ret; 1959 } 1960 1961 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1962 if (ssid || !wpa_s->first_sched_scan) { 1963 wpa_s->sched_scan_timed_out = 0; 1964 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1965 wpa_supplicant_sched_scan_timeout, 1966 wpa_s, NULL); 1967 wpa_s->first_sched_scan = 0; 1968 wpa_s->sched_scan_timeout /= 2; 1969 params.sched_scan_plans[0].interval *= 2; 1970 if ((unsigned int) wpa_s->sched_scan_timeout < 1971 params.sched_scan_plans[0].interval || 1972 params.sched_scan_plans[0].interval > 1973 wpa_s->max_sched_scan_plan_interval) { 1974 params.sched_scan_plans[0].interval = 10; 1975 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1976 } 1977 } 1978 1979 /* If there is no more ssids, start next time from the beginning */ 1980 if (!ssid) 1981 wpa_s->prev_sched_ssid = NULL; 1982 1983 return 0; 1984 } 1985 1986 1987 /** 1988 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1989 * @wpa_s: Pointer to wpa_supplicant data 1990 * 1991 * This function is used to cancel a scan request scheduled with 1992 * wpa_supplicant_req_scan(). 1993 */ 1994 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1995 { 1996 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1997 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1998 } 1999 2000 2001 /** 2002 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 2003 * @wpa_s: Pointer to wpa_supplicant data 2004 * 2005 * This function is used to stop a delayed scheduled scan. 2006 */ 2007 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 2008 { 2009 if (!wpa_s->sched_scan_supported) 2010 return; 2011 2012 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 2013 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 2014 wpa_s, NULL); 2015 } 2016 2017 2018 /** 2019 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 2020 * @wpa_s: Pointer to wpa_supplicant data 2021 * 2022 * This function is used to stop a periodic scheduled scan. 2023 */ 2024 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 2025 { 2026 if (!wpa_s->sched_scanning) 2027 return; 2028 2029 if (wpa_s->sched_scanning) 2030 wpa_s->sched_scan_stop_req = 1; 2031 2032 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 2033 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 2034 wpa_supplicant_stop_sched_scan(wpa_s); 2035 } 2036 2037 2038 /** 2039 * wpa_supplicant_notify_scanning - Indicate possible scan state change 2040 * @wpa_s: Pointer to wpa_supplicant data 2041 * @scanning: Whether scanning is currently in progress 2042 * 2043 * This function is to generate scanning notifycations. It is called whenever 2044 * there may have been a change in scanning (scan started, completed, stopped). 2045 * wpas_notify_scanning() is called whenever the scanning state changed from the 2046 * previously notified state. 2047 */ 2048 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 2049 int scanning) 2050 { 2051 if (wpa_s->scanning != scanning) { 2052 wpa_s->scanning = scanning; 2053 wpas_notify_scanning(wpa_s); 2054 } 2055 } 2056 2057 2058 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 2059 { 2060 int rate = 0; 2061 const u8 *ie; 2062 int i; 2063 2064 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 2065 for (i = 0; ie && i < ie[1]; i++) { 2066 if ((ie[i + 2] & 0x7f) > rate) 2067 rate = ie[i + 2] & 0x7f; 2068 } 2069 2070 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 2071 for (i = 0; ie && i < ie[1]; i++) { 2072 if ((ie[i + 2] & 0x7f) > rate) 2073 rate = ie[i + 2] & 0x7f; 2074 } 2075 2076 return rate; 2077 } 2078 2079 2080 /** 2081 * wpa_scan_get_ie - Fetch a specified information element from a scan result 2082 * @res: Scan result entry 2083 * @ie: Information element identitifier (WLAN_EID_*) 2084 * Returns: Pointer to the information element (id field) or %NULL if not found 2085 * 2086 * This function returns the first matching information element in the scan 2087 * result. 2088 */ 2089 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 2090 { 2091 size_t ie_len = res->ie_len; 2092 2093 /* Use the Beacon frame IEs if res->ie_len is not available */ 2094 if (!ie_len) 2095 ie_len = res->beacon_ie_len; 2096 2097 return get_ie((const u8 *) (res + 1), ie_len, ie); 2098 } 2099 2100 2101 const u8 * wpa_scan_get_ml_ie(const struct wpa_scan_res *res, u8 type) 2102 { 2103 size_t ie_len = res->ie_len; 2104 2105 /* Use the Beacon frame IEs if res->ie_len is not available */ 2106 if (!ie_len) 2107 ie_len = res->beacon_ie_len; 2108 2109 return get_ml_ie((const u8 *) (res + 1), ie_len, type); 2110 } 2111 2112 2113 /** 2114 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 2115 * @res: Scan result entry 2116 * @vendor_type: Vendor type (four octets starting the IE payload) 2117 * Returns: Pointer to the information element (id field) or %NULL if not found 2118 * 2119 * This function returns the first matching information element in the scan 2120 * result. 2121 */ 2122 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 2123 u32 vendor_type) 2124 { 2125 const u8 *ies; 2126 const struct element *elem; 2127 2128 ies = (const u8 *) (res + 1); 2129 2130 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, res->ie_len) { 2131 if (elem->datalen >= 4 && 2132 vendor_type == WPA_GET_BE32(elem->data)) 2133 return &elem->id; 2134 } 2135 2136 return NULL; 2137 } 2138 2139 2140 /** 2141 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 2142 * @res: Scan result entry 2143 * @vendor_type: Vendor type (four octets starting the IE payload) 2144 * Returns: Pointer to the information element (id field) or %NULL if not found 2145 * 2146 * This function returns the first matching information element in the scan 2147 * result. 2148 * 2149 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 2150 * from Beacon frames instead of either Beacon or Probe Response frames. 2151 */ 2152 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 2153 u32 vendor_type) 2154 { 2155 const u8 *ies; 2156 const struct element *elem; 2157 2158 if (res->beacon_ie_len == 0) 2159 return NULL; 2160 2161 ies = (const u8 *) (res + 1); 2162 ies += res->ie_len; 2163 2164 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, 2165 res->beacon_ie_len) { 2166 if (elem->datalen >= 4 && 2167 vendor_type == WPA_GET_BE32(elem->data)) 2168 return &elem->id; 2169 } 2170 2171 return NULL; 2172 } 2173 2174 2175 /** 2176 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 2177 * @res: Scan result entry 2178 * @vendor_type: Vendor type (four octets starting the IE payload) 2179 * Returns: Pointer to the information element payload or %NULL if not found 2180 * 2181 * This function returns concatenated payload of possibly fragmented vendor 2182 * specific information elements in the scan result. The caller is responsible 2183 * for freeing the returned buffer. 2184 */ 2185 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 2186 u32 vendor_type) 2187 { 2188 struct wpabuf *buf; 2189 const u8 *end, *pos; 2190 2191 buf = wpabuf_alloc(res->ie_len); 2192 if (buf == NULL) 2193 return NULL; 2194 2195 pos = (const u8 *) (res + 1); 2196 end = pos + res->ie_len; 2197 2198 while (end - pos > 1) { 2199 u8 ie, len; 2200 2201 ie = pos[0]; 2202 len = pos[1]; 2203 if (len > end - pos - 2) 2204 break; 2205 pos += 2; 2206 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 && 2207 vendor_type == WPA_GET_BE32(pos)) 2208 wpabuf_put_data(buf, pos + 4, len - 4); 2209 pos += len; 2210 } 2211 2212 if (wpabuf_len(buf) == 0) { 2213 wpabuf_free(buf); 2214 buf = NULL; 2215 } 2216 2217 return buf; 2218 } 2219 2220 2221 static int wpas_channel_width_offset(enum chan_width cw) 2222 { 2223 switch (cw) { 2224 case CHAN_WIDTH_40: 2225 return 1; 2226 case CHAN_WIDTH_80: 2227 return 2; 2228 case CHAN_WIDTH_80P80: 2229 case CHAN_WIDTH_160: 2230 return 3; 2231 case CHAN_WIDTH_320: 2232 return 4; 2233 default: 2234 return 0; 2235 } 2236 } 2237 2238 2239 /** 2240 * wpas_channel_width_tx_pwr - Calculate the max transmit power at the channel 2241 * width 2242 * @ies: Information elements 2243 * @ies_len: Length of elements 2244 * @cw: The channel width 2245 * Returns: The max transmit power at the channel width, TX_POWER_NO_CONSTRAINT 2246 * if it is not constrained. 2247 * 2248 * This function is only used to estimate the actual signal RSSI when associated 2249 * based on the beacon RSSI at the STA. Beacon frames are transmitted on 20 MHz 2250 * channels, while the Data frames usually use higher channel width. Therefore 2251 * their RSSIs may be different. Assuming there is a fixed gap between the TX 2252 * power limit of the STA defined by the Transmit Power Envelope element and the 2253 * TX power of the AP, the difference in the TX power of X MHz and Y MHz at the 2254 * STA equals to the difference at the AP, and the difference in the signal RSSI 2255 * at the STA. tx_pwr is a floating point number in the standard, but the error 2256 * of casting to int is trivial in comparing two BSSes. 2257 */ 2258 static int wpas_channel_width_tx_pwr(const u8 *ies, size_t ies_len, 2259 enum chan_width cw) 2260 { 2261 int offset = wpas_channel_width_offset(cw); 2262 const struct element *elem; 2263 int max_tx_power = TX_POWER_NO_CONSTRAINT, tx_pwr = 0; 2264 2265 for_each_element_id(elem, WLAN_EID_TRANSMIT_POWER_ENVELOPE, ies, 2266 ies_len) { 2267 int max_tx_pwr_count; 2268 enum max_tx_pwr_interpretation tx_pwr_intrpn; 2269 enum reg_6g_client_type client_type; 2270 2271 if (elem->datalen < 1) 2272 continue; 2273 2274 /* 2275 * IEEE Std 802.11ax-2021, 9.4.2.161 (Transmit Power Envelope 2276 * element) defines Maximum Transmit Power Count (B0-B2), 2277 * Maximum Transmit Power Interpretation (B3-B5), and Maximum 2278 * Transmit Power Category (B6-B7). 2279 */ 2280 max_tx_pwr_count = elem->data[0] & 0x07; 2281 tx_pwr_intrpn = (elem->data[0] >> 3) & 0x07; 2282 client_type = (elem->data[0] >> 6) & 0x03; 2283 2284 if (client_type != REG_DEFAULT_CLIENT) 2285 continue; 2286 2287 if (tx_pwr_intrpn == LOCAL_EIRP || 2288 tx_pwr_intrpn == REGULATORY_CLIENT_EIRP) { 2289 int offs; 2290 2291 max_tx_pwr_count = MIN(max_tx_pwr_count, 3); 2292 offs = MIN(offset, max_tx_pwr_count) + 1; 2293 if (elem->datalen <= offs) 2294 continue; 2295 tx_pwr = (signed char) elem->data[offs]; 2296 /* 2297 * Maximum Transmit Power subfield is encoded as an 2298 * 8-bit 2s complement signed integer in the range -64 2299 * dBm to 63 dBm with a 0.5 dB step. 63.5 dBm means no 2300 * local maximum transmit power constraint. 2301 */ 2302 if (tx_pwr == 127) 2303 continue; 2304 tx_pwr /= 2; 2305 max_tx_power = MIN(max_tx_power, tx_pwr); 2306 } else if (tx_pwr_intrpn == LOCAL_EIRP_PSD || 2307 tx_pwr_intrpn == REGULATORY_CLIENT_EIRP_PSD) { 2308 if (elem->datalen < 2) 2309 continue; 2310 2311 tx_pwr = (signed char) elem->data[1]; 2312 /* 2313 * Maximum Transmit PSD subfield is encoded as an 8-bit 2314 * 2s complement signed integer. -128 indicates that the 2315 * corresponding 20 MHz channel cannot be used for 2316 * transmission. +127 indicates that no maximum PSD 2317 * limit is specified for the corresponding 20 MHz 2318 * channel. 2319 */ 2320 if (tx_pwr == 127 || tx_pwr == -128) 2321 continue; 2322 2323 /* 2324 * The Maximum Transmit PSD subfield indicates the 2325 * maximum transmit PSD for the 20 MHz channel. Suppose 2326 * the PSD value is X dBm/MHz, the TX power of N MHz is 2327 * X + 10*log10(N) = X + 10*log10(20) + 10*log10(N/20) = 2328 * X + 13 + 3*log2(N/20) 2329 */ 2330 tx_pwr = tx_pwr / 2 + 13 + offset * 3; 2331 max_tx_power = MIN(max_tx_power, tx_pwr); 2332 } 2333 } 2334 2335 return max_tx_power; 2336 } 2337 2338 2339 /** 2340 * Estimate the RSSI bump of channel width |cw| with respect to 20 MHz channel. 2341 * If the TX power has no constraint, it is unable to estimate the RSSI bump. 2342 */ 2343 int wpas_channel_width_rssi_bump(const u8 *ies, size_t ies_len, 2344 enum chan_width cw) 2345 { 2346 int max_20mhz_tx_pwr = wpas_channel_width_tx_pwr(ies, ies_len, 2347 CHAN_WIDTH_20); 2348 int max_cw_tx_pwr = wpas_channel_width_tx_pwr(ies, ies_len, cw); 2349 2350 return (max_20mhz_tx_pwr == TX_POWER_NO_CONSTRAINT || 2351 max_cw_tx_pwr == TX_POWER_NO_CONSTRAINT) ? 2352 0 : (max_cw_tx_pwr - max_20mhz_tx_pwr); 2353 } 2354 2355 2356 int wpas_adjust_snr_by_chanwidth(const u8 *ies, size_t ies_len, 2357 enum chan_width max_cw, int snr) 2358 { 2359 int rssi_bump = wpas_channel_width_rssi_bump(ies, ies_len, max_cw); 2360 /* 2361 * The noise has uniform power spectral density (PSD) across the 2362 * frequency band, its power is proportional to the channel width. 2363 * Suppose the PSD of noise is X dBm/MHz, the noise power of N MHz is 2364 * X + 10*log10(N), and the noise power bump with respect to 20 MHz is 2365 * 10*log10(N) - 10*log10(20) = 10*log10(N/20) = 3*log2(N/20) 2366 */ 2367 int noise_bump = 3 * wpas_channel_width_offset(max_cw); 2368 2369 return snr + rssi_bump - noise_bump; 2370 } 2371 2372 2373 /* Compare function for sorting scan results. Return >0 if @b is considered 2374 * better. */ 2375 static int wpa_scan_result_compar(const void *a, const void *b) 2376 { 2377 struct wpa_scan_res **_wa = (void *) a; 2378 struct wpa_scan_res **_wb = (void *) b; 2379 struct wpa_scan_res *wa = *_wa; 2380 struct wpa_scan_res *wb = *_wb; 2381 int wpa_a, wpa_b; 2382 int snr_a, snr_b, snr_a_full, snr_b_full; 2383 size_t ies_len; 2384 const u8 *rsne_a, *rsne_b; 2385 2386 /* WPA/WPA2 support preferred */ 2387 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 2388 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 2389 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 2390 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 2391 2392 if (wpa_b && !wpa_a) 2393 return 1; 2394 if (!wpa_b && wpa_a) 2395 return -1; 2396 2397 /* privacy support preferred */ 2398 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 2399 (wb->caps & IEEE80211_CAP_PRIVACY)) 2400 return 1; 2401 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 2402 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 2403 return -1; 2404 2405 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 2406 /* 2407 * The scan result estimates SNR over 20 MHz, while Data frames 2408 * usually use wider channel width. The TX power and noise power 2409 * are both affected by the channel width. 2410 */ 2411 ies_len = wa->ie_len ? wa->ie_len : wa->beacon_ie_len; 2412 snr_a_full = wpas_adjust_snr_by_chanwidth((const u8 *) (wa + 1), 2413 ies_len, wa->max_cw, 2414 wa->snr); 2415 snr_a = MIN(snr_a_full, GREAT_SNR); 2416 ies_len = wb->ie_len ? wb->ie_len : wb->beacon_ie_len; 2417 snr_b_full = wpas_adjust_snr_by_chanwidth((const u8 *) (wb + 1), 2418 ies_len, wb->max_cw, 2419 wb->snr); 2420 snr_b = MIN(snr_b_full, GREAT_SNR); 2421 } else { 2422 /* Level is not in dBm, so we can't calculate 2423 * SNR. Just use raw level (units unknown). */ 2424 snr_a = snr_a_full = wa->level; 2425 snr_b = snr_b_full = wb->level; 2426 } 2427 2428 /* If SNR of a SAE BSS is good or at least as high as the PSK BSS, 2429 * prefer SAE over PSK for mixed WPA3-Personal transition mode and 2430 * WPA2-Personal deployments */ 2431 rsne_a = wpa_scan_get_ie(wa, WLAN_EID_RSN); 2432 rsne_b = wpa_scan_get_ie(wb, WLAN_EID_RSN); 2433 if (rsne_a && rsne_b) { 2434 struct wpa_ie_data data; 2435 bool psk_a = false, psk_b = false, sae_a = false, sae_b = false; 2436 2437 if (wpa_parse_wpa_ie_rsn(rsne_a, 2 + rsne_a[1], &data) == 0) { 2438 psk_a = wpa_key_mgmt_wpa_psk_no_sae(data.key_mgmt); 2439 sae_a = wpa_key_mgmt_sae(data.key_mgmt); 2440 } 2441 if (wpa_parse_wpa_ie_rsn(rsne_b, 2 + rsne_b[1], &data) == 0) { 2442 psk_b = wpa_key_mgmt_wpa_psk_no_sae(data.key_mgmt); 2443 sae_b = wpa_key_mgmt_sae(data.key_mgmt); 2444 } 2445 2446 if (sae_a && !sae_b && psk_b && 2447 (snr_a >= GREAT_SNR || snr_a >= snr_b)) 2448 return -1; 2449 if (sae_b && !sae_a && psk_a && 2450 (snr_b >= GREAT_SNR || snr_b >= snr_a)) 2451 return 1; 2452 } 2453 2454 /* If SNR is close, decide by max rate or frequency band. For cases 2455 * involving the 6 GHz band, use the throughput estimate irrespective 2456 * of the SNR difference since the LPI/VLP rules may result in 2457 * significant differences in SNR for cases where the estimated 2458 * throughput can be considerably higher with the lower SNR. */ 2459 if (snr_a && snr_b && (abs(snr_b - snr_a) < 7 || 2460 is_6ghz_freq(wa->freq) || 2461 is_6ghz_freq(wb->freq))) { 2462 if (wa->est_throughput != wb->est_throughput) 2463 return (int) wb->est_throughput - 2464 (int) wa->est_throughput; 2465 } 2466 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 2467 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 2468 if (is_6ghz_freq(wa->freq) ^ is_6ghz_freq(wb->freq)) 2469 return is_6ghz_freq(wa->freq) ? -1 : 1; 2470 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 2471 return IS_5GHZ(wa->freq) ? -1 : 1; 2472 } 2473 2474 /* all things being equal, use SNR; if SNRs are 2475 * identical, use quality values since some drivers may only report 2476 * that value and leave the signal level zero */ 2477 if (snr_b_full == snr_a_full) 2478 return wb->qual - wa->qual; 2479 return snr_b_full - snr_a_full; 2480 } 2481 2482 2483 #ifdef CONFIG_WPS 2484 /* Compare function for sorting scan results when searching a WPS AP for 2485 * provisioning. Return >0 if @b is considered better. */ 2486 static int wpa_scan_result_wps_compar(const void *a, const void *b) 2487 { 2488 struct wpa_scan_res **_wa = (void *) a; 2489 struct wpa_scan_res **_wb = (void *) b; 2490 struct wpa_scan_res *wa = *_wa; 2491 struct wpa_scan_res *wb = *_wb; 2492 int uses_wps_a, uses_wps_b; 2493 struct wpabuf *wps_a, *wps_b; 2494 int res; 2495 2496 /* Optimization - check WPS IE existence before allocated memory and 2497 * doing full reassembly. */ 2498 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 2499 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 2500 if (uses_wps_a && !uses_wps_b) 2501 return -1; 2502 if (!uses_wps_a && uses_wps_b) 2503 return 1; 2504 2505 if (uses_wps_a && uses_wps_b) { 2506 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 2507 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 2508 res = wps_ap_priority_compar(wps_a, wps_b); 2509 wpabuf_free(wps_a); 2510 wpabuf_free(wps_b); 2511 if (res) 2512 return res; 2513 } 2514 2515 /* 2516 * Do not use current AP security policy as a sorting criteria during 2517 * WPS provisioning step since the AP may get reconfigured at the 2518 * completion of provisioning. 2519 */ 2520 2521 /* all things being equal, use signal level; if signal levels are 2522 * identical, use quality values since some drivers may only report 2523 * that value and leave the signal level zero */ 2524 if (wb->level == wa->level) 2525 return wb->qual - wa->qual; 2526 return wb->level - wa->level; 2527 } 2528 #endif /* CONFIG_WPS */ 2529 2530 2531 static void dump_scan_res(struct wpa_scan_results *scan_res) 2532 { 2533 #ifndef CONFIG_NO_STDOUT_DEBUG 2534 size_t i; 2535 2536 if (scan_res->res == NULL || scan_res->num == 0) 2537 return; 2538 2539 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 2540 2541 for (i = 0; i < scan_res->num; i++) { 2542 struct wpa_scan_res *r = scan_res->res[i]; 2543 u8 *pos; 2544 const u8 *ssid_ie, *ssid = NULL; 2545 size_t ssid_len = 0; 2546 2547 ssid_ie = wpa_scan_get_ie(r, WLAN_EID_SSID); 2548 if (ssid_ie) { 2549 ssid = ssid_ie + 2; 2550 ssid_len = ssid_ie[1]; 2551 } 2552 2553 if (r->flags & WPA_SCAN_LEVEL_DBM) { 2554 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 2555 2556 wpa_printf(MSG_EXCESSIVE, MACSTR 2557 " ssid=%s freq=%d qual=%d noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 2558 MAC2STR(r->bssid), 2559 wpa_ssid_txt(ssid, ssid_len), 2560 r->freq, r->qual, 2561 r->noise, noise_valid ? "" : "~", r->level, 2562 r->snr, r->snr >= GREAT_SNR ? "*" : "", 2563 r->flags, 2564 r->age, r->est_throughput); 2565 } else { 2566 wpa_printf(MSG_EXCESSIVE, MACSTR 2567 " ssid=%s freq=%d qual=%d noise=%d level=%d flags=0x%x age=%u est=%u", 2568 MAC2STR(r->bssid), 2569 wpa_ssid_txt(ssid, ssid_len), 2570 r->freq, r->qual, 2571 r->noise, r->level, r->flags, r->age, 2572 r->est_throughput); 2573 } 2574 pos = (u8 *) (r + 1); 2575 if (r->ie_len) 2576 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 2577 pos += r->ie_len; 2578 if (r->beacon_ie_len) 2579 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 2580 pos, r->beacon_ie_len); 2581 } 2582 #endif /* CONFIG_NO_STDOUT_DEBUG */ 2583 } 2584 2585 2586 /** 2587 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 2588 * @wpa_s: Pointer to wpa_supplicant data 2589 * @bssid: BSSID to check 2590 * Returns: 0 if the BSSID is filtered or 1 if not 2591 * 2592 * This function is used to filter out specific BSSIDs from scan reslts mainly 2593 * for testing purposes (SET bssid_filter ctrl_iface command). 2594 */ 2595 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 2596 const u8 *bssid) 2597 { 2598 size_t i; 2599 2600 if (wpa_s->bssid_filter == NULL) 2601 return 1; 2602 2603 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 2604 if (ether_addr_equal(wpa_s->bssid_filter + i * ETH_ALEN, bssid)) 2605 return 1; 2606 } 2607 2608 return 0; 2609 } 2610 2611 2612 static void filter_scan_res(struct wpa_supplicant *wpa_s, 2613 struct wpa_scan_results *res) 2614 { 2615 size_t i, j; 2616 2617 if (wpa_s->bssid_filter == NULL) 2618 return; 2619 2620 for (i = 0, j = 0; i < res->num; i++) { 2621 if (wpa_supplicant_filter_bssid_match(wpa_s, 2622 res->res[i]->bssid)) { 2623 res->res[j++] = res->res[i]; 2624 } else { 2625 os_free(res->res[i]); 2626 res->res[i] = NULL; 2627 } 2628 } 2629 2630 if (res->num != j) { 2631 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 2632 (int) (res->num - j)); 2633 res->num = j; 2634 } 2635 } 2636 2637 2638 void scan_snr(struct wpa_scan_res *res) 2639 { 2640 if (res->flags & WPA_SCAN_NOISE_INVALID) { 2641 res->noise = is_6ghz_freq(res->freq) ? 2642 DEFAULT_NOISE_FLOOR_6GHZ : 2643 (IS_5GHZ(res->freq) ? 2644 DEFAULT_NOISE_FLOOR_5GHZ : DEFAULT_NOISE_FLOOR_2GHZ); 2645 } 2646 2647 if (res->flags & WPA_SCAN_LEVEL_DBM) { 2648 res->snr = res->level - res->noise; 2649 } else { 2650 /* Level is not in dBm, so we can't calculate 2651 * SNR. Just use raw level (units unknown). */ 2652 res->snr = res->level; 2653 } 2654 } 2655 2656 2657 /* Minimum SNR required to achieve a certain bitrate. */ 2658 struct minsnr_bitrate_entry { 2659 int minsnr; 2660 unsigned int bitrate; /* in Mbps */ 2661 }; 2662 2663 /* VHT needs to be enabled in order to achieve MCS8 and MCS9 rates. */ 2664 static const int vht_mcs = 8; 2665 2666 static const struct minsnr_bitrate_entry vht20_table[] = { 2667 { 0, 0 }, 2668 { 2, 6500 }, /* HT20 MCS0 */ 2669 { 5, 13000 }, /* HT20 MCS1 */ 2670 { 9, 19500 }, /* HT20 MCS2 */ 2671 { 11, 26000 }, /* HT20 MCS3 */ 2672 { 15, 39000 }, /* HT20 MCS4 */ 2673 { 18, 52000 }, /* HT20 MCS5 */ 2674 { 20, 58500 }, /* HT20 MCS6 */ 2675 { 25, 65000 }, /* HT20 MCS7 */ 2676 { 29, 78000 }, /* VHT20 MCS8 */ 2677 { -1, 78000 } /* SNR > 29 */ 2678 }; 2679 2680 static const struct minsnr_bitrate_entry vht40_table[] = { 2681 { 0, 0 }, 2682 { 5, 13500 }, /* HT40 MCS0 */ 2683 { 8, 27000 }, /* HT40 MCS1 */ 2684 { 12, 40500 }, /* HT40 MCS2 */ 2685 { 14, 54000 }, /* HT40 MCS3 */ 2686 { 18, 81000 }, /* HT40 MCS4 */ 2687 { 21, 108000 }, /* HT40 MCS5 */ 2688 { 23, 121500 }, /* HT40 MCS6 */ 2689 { 28, 135000 }, /* HT40 MCS7 */ 2690 { 32, 162000 }, /* VHT40 MCS8 */ 2691 { 34, 180000 }, /* VHT40 MCS9 */ 2692 { -1, 180000 } /* SNR > 34 */ 2693 }; 2694 2695 static const struct minsnr_bitrate_entry vht80_table[] = { 2696 { 0, 0 }, 2697 { 8, 29300 }, /* VHT80 MCS0 */ 2698 { 11, 58500 }, /* VHT80 MCS1 */ 2699 { 15, 87800 }, /* VHT80 MCS2 */ 2700 { 17, 117000 }, /* VHT80 MCS3 */ 2701 { 21, 175500 }, /* VHT80 MCS4 */ 2702 { 24, 234000 }, /* VHT80 MCS5 */ 2703 { 26, 263300 }, /* VHT80 MCS6 */ 2704 { 31, 292500 }, /* VHT80 MCS7 */ 2705 { 35, 351000 }, /* VHT80 MCS8 */ 2706 { 37, 390000 }, /* VHT80 MCS9 */ 2707 { -1, 390000 } /* SNR > 37 */ 2708 }; 2709 2710 2711 static const struct minsnr_bitrate_entry vht160_table[] = { 2712 { 0, 0 }, 2713 { 11, 58500 }, /* VHT160 MCS0 */ 2714 { 14, 117000 }, /* VHT160 MCS1 */ 2715 { 18, 175500 }, /* VHT160 MCS2 */ 2716 { 20, 234000 }, /* VHT160 MCS3 */ 2717 { 24, 351000 }, /* VHT160 MCS4 */ 2718 { 27, 468000 }, /* VHT160 MCS5 */ 2719 { 29, 526500 }, /* VHT160 MCS6 */ 2720 { 34, 585000 }, /* VHT160 MCS7 */ 2721 { 38, 702000 }, /* VHT160 MCS8 */ 2722 { 40, 780000 }, /* VHT160 MCS9 */ 2723 { -1, 780000 } /* SNR > 37 */ 2724 }; 2725 2726 /* EHT needs to be enabled in order to achieve MCS12 and MCS13 rates. */ 2727 #define EHT_MCS 12 2728 2729 static const struct minsnr_bitrate_entry he20_table[] = { 2730 { 0, 0 }, 2731 { 2, 8600 }, /* HE20 MCS0 */ 2732 { 5, 17200 }, /* HE20 MCS1 */ 2733 { 9, 25800 }, /* HE20 MCS2 */ 2734 { 11, 34400 }, /* HE20 MCS3 */ 2735 { 15, 51600 }, /* HE20 MCS4 */ 2736 { 18, 68800 }, /* HE20 MCS5 */ 2737 { 20, 77400 }, /* HE20 MCS6 */ 2738 { 25, 86000 }, /* HE20 MCS7 */ 2739 { 29, 103200 }, /* HE20 MCS8 */ 2740 { 31, 114700 }, /* HE20 MCS9 */ 2741 { 34, 129000 }, /* HE20 MCS10 */ 2742 { 36, 143400 }, /* HE20 MCS11 */ 2743 { 39, 154900 }, /* EHT20 MCS12 */ 2744 { 42, 172100 }, /* EHT20 MCS13 */ 2745 { -1, 172100 } /* SNR > 42 */ 2746 }; 2747 2748 static const struct minsnr_bitrate_entry he40_table[] = { 2749 { 0, 0 }, 2750 { 5, 17200 }, /* HE40 MCS0 */ 2751 { 8, 34400 }, /* HE40 MCS1 */ 2752 { 12, 51600 }, /* HE40 MCS2 */ 2753 { 14, 68800 }, /* HE40 MCS3 */ 2754 { 18, 103200 }, /* HE40 MCS4 */ 2755 { 21, 137600 }, /* HE40 MCS5 */ 2756 { 23, 154900 }, /* HE40 MCS6 */ 2757 { 28, 172100 }, /* HE40 MCS7 */ 2758 { 32, 206500 }, /* HE40 MCS8 */ 2759 { 34, 229400 }, /* HE40 MCS9 */ 2760 { 37, 258100 }, /* HE40 MCS10 */ 2761 { 39, 286800 }, /* HE40 MCS11 */ 2762 { 42, 309500 }, /* EHT40 MCS12 */ 2763 { 45, 344100 }, /* EHT40 MCS13 */ 2764 { -1, 344100 } /* SNR > 45 */ 2765 }; 2766 2767 static const struct minsnr_bitrate_entry he80_table[] = { 2768 { 0, 0 }, 2769 { 8, 36000 }, /* HE80 MCS0 */ 2770 { 11, 72100 }, /* HE80 MCS1 */ 2771 { 15, 108100 }, /* HE80 MCS2 */ 2772 { 17, 144100 }, /* HE80 MCS3 */ 2773 { 21, 216200 }, /* HE80 MCS4 */ 2774 { 24, 288200 }, /* HE80 MCS5 */ 2775 { 26, 324300 }, /* HE80 MCS6 */ 2776 { 31, 360300 }, /* HE80 MCS7 */ 2777 { 35, 432400 }, /* HE80 MCS8 */ 2778 { 37, 480400 }, /* HE80 MCS9 */ 2779 { 40, 540400 }, /* HE80 MCS10 */ 2780 { 42, 600500 }, /* HE80 MCS11 */ 2781 { 45, 648500 }, /* EHT80 MCS12 */ 2782 { 48, 720600 }, /* EHT80 MCS13 */ 2783 { -1, 720600 } /* SNR > 48 */ 2784 }; 2785 2786 2787 static const struct minsnr_bitrate_entry he160_table[] = { 2788 { 0, 0 }, 2789 { 11, 72100 }, /* HE160 MCS0 */ 2790 { 14, 144100 }, /* HE160 MCS1 */ 2791 { 18, 216200 }, /* HE160 MCS2 */ 2792 { 20, 288200 }, /* HE160 MCS3 */ 2793 { 24, 432400 }, /* HE160 MCS4 */ 2794 { 27, 576500 }, /* HE160 MCS5 */ 2795 { 29, 648500 }, /* HE160 MCS6 */ 2796 { 34, 720600 }, /* HE160 MCS7 */ 2797 { 38, 864700 }, /* HE160 MCS8 */ 2798 { 40, 960800 }, /* HE160 MCS9 */ 2799 { 43, 1080900 }, /* HE160 MCS10 */ 2800 { 45, 1201000 }, /* HE160 MCS11 */ 2801 { 48, 1297100 }, /* EHT160 MCS12 */ 2802 { 51, 1441200 }, /* EHT160 MCS13 */ 2803 { -1, 1441200 } /* SNR > 51 */ 2804 }; 2805 2806 /* See IEEE P802.11be/D2.0, Table 36-86: EHT-MCSs for 4x996-tone RU, NSS,u = 1 2807 */ 2808 static const struct minsnr_bitrate_entry eht320_table[] = { 2809 { 0, 0 }, 2810 { 14, 144100 }, /* EHT320 MCS0 */ 2811 { 17, 288200 }, /* EHT320 MCS1 */ 2812 { 21, 432400 }, /* EHT320 MCS2 */ 2813 { 23, 576500 }, /* EHT320 MCS3 */ 2814 { 27, 864700 }, /* EHT320 MCS4 */ 2815 { 30, 1152900 }, /* EHT320 MCS5 */ 2816 { 32, 1297100 }, /* EHT320 MCS6 */ 2817 { 37, 1441200 }, /* EHT320 MCS7 */ 2818 { 41, 1729400 }, /* EHT320 MCS8 */ 2819 { 43, 1921500 }, /* EHT320 MCS9 */ 2820 { 46, 2161800 }, /* EHT320 MCS10 */ 2821 { 48, 2401900 }, /* EHT320 MCS11 */ 2822 { 51, 2594100 }, /* EHT320 MCS12 */ 2823 { 54, 2882400 }, /* EHT320 MCS13 */ 2824 { -1, 2882400 } /* SNR > 54 */ 2825 }; 2826 2827 static unsigned int interpolate_rate(int snr, int snr0, int snr1, 2828 int rate0, int rate1) 2829 { 2830 return rate0 + (snr - snr0) * (rate1 - rate0) / (snr1 - snr0); 2831 } 2832 2833 2834 static unsigned int max_rate(const struct minsnr_bitrate_entry table[], 2835 int snr, bool vht) 2836 { 2837 const struct minsnr_bitrate_entry *prev, *entry = table; 2838 2839 while ((entry->minsnr != -1) && 2840 (snr >= entry->minsnr) && 2841 (vht || entry - table <= vht_mcs)) 2842 entry++; 2843 if (entry == table) 2844 return entry->bitrate; 2845 prev = entry - 1; 2846 if (entry->minsnr == -1 || (!vht && entry - table > vht_mcs)) 2847 return prev->bitrate; 2848 return interpolate_rate(snr, prev->minsnr, entry->minsnr, prev->bitrate, 2849 entry->bitrate); 2850 } 2851 2852 2853 static unsigned int max_ht20_rate(int snr, bool vht) 2854 { 2855 return max_rate(vht20_table, snr, vht); 2856 } 2857 2858 2859 static unsigned int max_ht40_rate(int snr, bool vht) 2860 { 2861 return max_rate(vht40_table, snr, vht); 2862 } 2863 2864 2865 static unsigned int max_vht80_rate(int snr) 2866 { 2867 return max_rate(vht80_table, snr, 1); 2868 } 2869 2870 2871 static unsigned int max_vht160_rate(int snr) 2872 { 2873 return max_rate(vht160_table, snr, 1); 2874 } 2875 2876 2877 static unsigned int max_he_eht_rate(const struct minsnr_bitrate_entry table[], 2878 int snr, bool eht) 2879 { 2880 const struct minsnr_bitrate_entry *prev, *entry = table; 2881 2882 while (entry->minsnr != -1 && snr >= entry->minsnr && 2883 (eht || entry - table <= EHT_MCS)) 2884 entry++; 2885 if (entry == table) 2886 return 0; 2887 prev = entry - 1; 2888 if (entry->minsnr == -1 || (!eht && entry - table > EHT_MCS)) 2889 return prev->bitrate; 2890 return interpolate_rate(snr, prev->minsnr, entry->minsnr, 2891 prev->bitrate, entry->bitrate); 2892 } 2893 2894 2895 unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, 2896 const u8 *ies, size_t ies_len, int rate, 2897 int snr, int freq, enum chan_width *max_cw) 2898 { 2899 struct hostapd_hw_modes *hw_mode; 2900 unsigned int est, tmp; 2901 const u8 *ie; 2902 /* 2903 * No need to apply a bump to the noise here because the 2904 * minsnr_bitrate_entry tables are based on MCS tables where this has 2905 * been taken into account. 2906 */ 2907 int adjusted_snr; 2908 bool ht40 = false, vht80 = false, vht160 = false; 2909 2910 /* Limit based on estimated SNR */ 2911 if (rate > 1 * 2 && snr < 1) 2912 rate = 1 * 2; 2913 else if (rate > 2 * 2 && snr < 4) 2914 rate = 2 * 2; 2915 else if (rate > 6 * 2 && snr < 5) 2916 rate = 6 * 2; 2917 else if (rate > 9 * 2 && snr < 6) 2918 rate = 9 * 2; 2919 else if (rate > 12 * 2 && snr < 7) 2920 rate = 12 * 2; 2921 else if (rate > 12 * 2 && snr < 8) 2922 rate = 14 * 2; 2923 else if (rate > 12 * 2 && snr < 9) 2924 rate = 16 * 2; 2925 else if (rate > 18 * 2 && snr < 10) 2926 rate = 18 * 2; 2927 else if (rate > 24 * 2 && snr < 11) 2928 rate = 24 * 2; 2929 else if (rate > 24 * 2 && snr < 12) 2930 rate = 27 * 2; 2931 else if (rate > 24 * 2 && snr < 13) 2932 rate = 30 * 2; 2933 else if (rate > 24 * 2 && snr < 14) 2934 rate = 33 * 2; 2935 else if (rate > 36 * 2 && snr < 15) 2936 rate = 36 * 2; 2937 else if (rate > 36 * 2 && snr < 16) 2938 rate = 39 * 2; 2939 else if (rate > 36 * 2 && snr < 17) 2940 rate = 42 * 2; 2941 else if (rate > 36 * 2 && snr < 18) 2942 rate = 45 * 2; 2943 else if (rate > 48 * 2 && snr < 19) 2944 rate = 48 * 2; 2945 else if (rate > 48 * 2 && snr < 20) 2946 rate = 51 * 2; 2947 else if (rate > 54 * 2 && snr < 21) 2948 rate = 54 * 2; 2949 est = rate * 500; 2950 2951 hw_mode = get_mode_with_freq(wpa_s->hw.modes, wpa_s->hw.num_modes, 2952 freq); 2953 2954 if (hw_mode && hw_mode->ht_capab) { 2955 ie = get_ie(ies, ies_len, WLAN_EID_HT_CAP); 2956 if (ie) { 2957 *max_cw = CHAN_WIDTH_20; 2958 tmp = max_ht20_rate(snr, false); 2959 if (tmp > est) 2960 est = tmp; 2961 } 2962 } 2963 2964 ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION); 2965 if (ie && ie[1] >= 2 && 2966 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) 2967 ht40 = true; 2968 2969 if (hw_mode && 2970 (hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) { 2971 if (ht40) { 2972 *max_cw = CHAN_WIDTH_40; 2973 adjusted_snr = snr + 2974 wpas_channel_width_rssi_bump(ies, ies_len, 2975 CHAN_WIDTH_40); 2976 tmp = max_ht40_rate(adjusted_snr, false); 2977 if (tmp > est) 2978 est = tmp; 2979 } 2980 } 2981 2982 /* Determine VHT BSS bandwidth based on IEEE Std 802.11-2020, 2983 * Table 11-23 (VHT BSS bandwidth) */ 2984 ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION); 2985 if (ie && ie[1] >= 3) { 2986 u8 cw = ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK; 2987 u8 seg0 = ie[3]; 2988 u8 seg1 = ie[4]; 2989 2990 if (cw) 2991 vht80 = true; 2992 if (cw == 2 || 2993 (cw == 3 && (seg1 > 0 && abs(seg1 - seg0) == 16))) 2994 vht160 = true; 2995 if (cw == 1 && 2996 ((seg1 > 0 && abs(seg1 - seg0) == 8) || 2997 (seg1 > 0 && abs(seg1 - seg0) == 16))) 2998 vht160 = true; 2999 } 3000 3001 if (hw_mode && hw_mode->vht_capab) { 3002 /* Use +1 to assume VHT is always faster than HT */ 3003 ie = get_ie(ies, ies_len, WLAN_EID_VHT_CAP); 3004 if (ie) { 3005 if (*max_cw == CHAN_WIDTH_UNKNOWN) 3006 *max_cw = CHAN_WIDTH_20; 3007 tmp = max_ht20_rate(snr, true) + 1; 3008 if (tmp > est) 3009 est = tmp; 3010 3011 if (ht40) { 3012 *max_cw = CHAN_WIDTH_40; 3013 adjusted_snr = snr + 3014 wpas_channel_width_rssi_bump( 3015 ies, ies_len, CHAN_WIDTH_40); 3016 tmp = max_ht40_rate(adjusted_snr, true) + 1; 3017 if (tmp > est) 3018 est = tmp; 3019 } 3020 3021 if (vht80) { 3022 *max_cw = CHAN_WIDTH_80; 3023 adjusted_snr = snr + 3024 wpas_channel_width_rssi_bump( 3025 ies, ies_len, CHAN_WIDTH_80); 3026 tmp = max_vht80_rate(adjusted_snr) + 1; 3027 if (tmp > est) 3028 est = tmp; 3029 } 3030 3031 if (vht160 && 3032 (hw_mode->vht_capab & 3033 (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ | 3034 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) { 3035 *max_cw = CHAN_WIDTH_160; 3036 adjusted_snr = snr + 3037 wpas_channel_width_rssi_bump( 3038 ies, ies_len, CHAN_WIDTH_160); 3039 tmp = max_vht160_rate(adjusted_snr) + 1; 3040 if (tmp > est) 3041 est = tmp; 3042 } 3043 } 3044 } 3045 3046 if (hw_mode && hw_mode->he_capab[IEEE80211_MODE_INFRA].he_supported) { 3047 /* Use +2 to assume HE is always faster than HT/VHT */ 3048 struct ieee80211_he_capabilities *he; 3049 struct ieee80211_eht_capabilities *eht; 3050 struct he_capabilities *own_he; 3051 u8 cw, boost = 2; 3052 const u8 *eht_ie; 3053 bool is_eht = false; 3054 3055 ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_HE_CAPABILITIES); 3056 if (!ie || (ie[1] < 1 + IEEE80211_HE_CAPAB_MIN_LEN)) 3057 return est; 3058 he = (struct ieee80211_he_capabilities *) &ie[3]; 3059 own_he = &hw_mode->he_capab[IEEE80211_MODE_INFRA]; 3060 3061 /* Use +3 to assume EHT is always faster than HE */ 3062 if (hw_mode->eht_capab[IEEE80211_MODE_INFRA].eht_supported) { 3063 eht_ie = get_ie_ext(ies, ies_len, 3064 WLAN_EID_EXT_EHT_CAPABILITIES); 3065 if (eht_ie && 3066 (eht_ie[1] >= 1 + IEEE80211_EHT_CAPAB_MIN_LEN)) { 3067 is_eht = true; 3068 boost = 3; 3069 } 3070 } 3071 3072 if (*max_cw == CHAN_WIDTH_UNKNOWN) 3073 *max_cw = CHAN_WIDTH_20; 3074 tmp = max_he_eht_rate(he20_table, snr, is_eht) + boost; 3075 if (tmp > est) 3076 est = tmp; 3077 3078 cw = he->he_phy_capab_info[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] & 3079 own_he->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX]; 3080 if ((cw & 3081 (IS_2P4GHZ(freq) ? 3082 HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G : 3083 HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) && ht40) { 3084 if (*max_cw == CHAN_WIDTH_UNKNOWN || 3085 *max_cw < CHAN_WIDTH_40) 3086 *max_cw = CHAN_WIDTH_40; 3087 adjusted_snr = snr + wpas_channel_width_rssi_bump( 3088 ies, ies_len, CHAN_WIDTH_40); 3089 tmp = max_he_eht_rate(he40_table, adjusted_snr, 3090 is_eht) + boost; 3091 if (tmp > est) 3092 est = tmp; 3093 } 3094 3095 if (!IS_2P4GHZ(freq) && 3096 (cw & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G) && 3097 (!IS_5GHZ(freq) || vht80)) { 3098 if (*max_cw == CHAN_WIDTH_UNKNOWN || 3099 *max_cw < CHAN_WIDTH_80) 3100 *max_cw = CHAN_WIDTH_80; 3101 adjusted_snr = snr + wpas_channel_width_rssi_bump( 3102 ies, ies_len, CHAN_WIDTH_80); 3103 tmp = max_he_eht_rate(he80_table, adjusted_snr, 3104 is_eht) + boost; 3105 if (tmp > est) 3106 est = tmp; 3107 } 3108 3109 if (!IS_2P4GHZ(freq) && 3110 (cw & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | 3111 HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G)) && 3112 (!IS_5GHZ(freq) || vht160)) { 3113 if (*max_cw == CHAN_WIDTH_UNKNOWN || 3114 *max_cw < CHAN_WIDTH_160) 3115 *max_cw = CHAN_WIDTH_160; 3116 adjusted_snr = snr + wpas_channel_width_rssi_bump( 3117 ies, ies_len, CHAN_WIDTH_160); 3118 tmp = max_he_eht_rate(he160_table, adjusted_snr, 3119 is_eht) + boost; 3120 if (tmp > est) 3121 est = tmp; 3122 } 3123 3124 if (!is_eht) 3125 return est; 3126 3127 eht = (struct ieee80211_eht_capabilities *) &eht_ie[3]; 3128 3129 if (is_6ghz_freq(freq) && 3130 (eht->phy_cap[EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_IDX] & 3131 EHT_PHYCAP_320MHZ_IN_6GHZ_SUPPORT_MASK)) { 3132 if (*max_cw == CHAN_WIDTH_UNKNOWN || 3133 *max_cw < CHAN_WIDTH_320) 3134 *max_cw = CHAN_WIDTH_320; 3135 adjusted_snr = snr + wpas_channel_width_rssi_bump( 3136 ies, ies_len, CHAN_WIDTH_320); 3137 tmp = max_he_eht_rate(eht320_table, adjusted_snr, true); 3138 if (tmp > est) 3139 est = tmp; 3140 } 3141 } 3142 3143 return est; 3144 } 3145 3146 3147 void scan_est_throughput(struct wpa_supplicant *wpa_s, 3148 struct wpa_scan_res *res) 3149 { 3150 int rate; /* max legacy rate in 500 kb/s units */ 3151 int snr = res->snr; 3152 const u8 *ies = (const void *) (res + 1); 3153 size_t ie_len = res->ie_len; 3154 3155 if (res->est_throughput) 3156 return; 3157 3158 /* Get maximum legacy rate */ 3159 rate = wpa_scan_get_max_rate(res); 3160 3161 if (!ie_len) 3162 ie_len = res->beacon_ie_len; 3163 res->est_throughput = wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, 3164 res->freq, &res->max_cw); 3165 3166 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 3167 } 3168 3169 3170 /** 3171 * wpa_supplicant_get_scan_results - Get scan results 3172 * @wpa_s: Pointer to wpa_supplicant data 3173 * @info: Information about what was scanned or %NULL if not available 3174 * @new_scan: Whether a new scan was performed 3175 * @bssid: Return BSS entries only for a single BSSID, %NULL for all 3176 * Returns: Scan results, %NULL on failure 3177 * 3178 * This function request the current scan results from the driver and updates 3179 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 3180 * results with wpa_scan_results_free(). 3181 */ 3182 struct wpa_scan_results * 3183 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 3184 struct scan_info *info, int new_scan, 3185 const u8 *bssid) 3186 { 3187 struct wpa_scan_results *scan_res; 3188 size_t i; 3189 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 3190 3191 scan_res = wpa_drv_get_scan_results(wpa_s, bssid); 3192 if (scan_res == NULL) { 3193 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 3194 return NULL; 3195 } 3196 if (scan_res->fetch_time.sec == 0) { 3197 /* 3198 * Make sure we have a valid timestamp if the driver wrapper 3199 * does not set this. 3200 */ 3201 os_get_reltime(&scan_res->fetch_time); 3202 } 3203 filter_scan_res(wpa_s, scan_res); 3204 3205 for (i = 0; i < scan_res->num; i++) { 3206 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 3207 3208 scan_snr(scan_res_item); 3209 scan_est_throughput(wpa_s, scan_res_item); 3210 } 3211 3212 #ifdef CONFIG_WPS 3213 if (wpas_wps_searching(wpa_s)) { 3214 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 3215 "provisioning rules"); 3216 compar = wpa_scan_result_wps_compar; 3217 } 3218 #endif /* CONFIG_WPS */ 3219 3220 if (scan_res->res) { 3221 qsort(scan_res->res, scan_res->num, 3222 sizeof(struct wpa_scan_res *), compar); 3223 } 3224 dump_scan_res(scan_res); 3225 3226 if (wpa_s->ignore_post_flush_scan_res) { 3227 /* FLUSH command aborted an ongoing scan and these are the 3228 * results from the aborted scan. Do not process the results to 3229 * maintain flushed state. */ 3230 wpa_dbg(wpa_s, MSG_DEBUG, 3231 "Do not update BSS table based on pending post-FLUSH scan results"); 3232 wpa_s->ignore_post_flush_scan_res = 0; 3233 return scan_res; 3234 } 3235 3236 wpa_bss_update_start(wpa_s); 3237 for (i = 0; i < scan_res->num; i++) 3238 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 3239 &scan_res->fetch_time); 3240 wpa_bss_update_end(wpa_s, info, new_scan); 3241 3242 return scan_res; 3243 } 3244 3245 3246 /** 3247 * wpa_supplicant_update_scan_results - Update scan results from the driver 3248 * @wpa_s: Pointer to wpa_supplicant data 3249 * @bssid: Update BSS entries only for a single BSSID, %NULL for all 3250 * Returns: 0 on success, -1 on failure 3251 * 3252 * This function updates the BSS table within wpa_supplicant based on the 3253 * currently available scan results from the driver without requesting a new 3254 * scan. This is used in cases where the driver indicates an association 3255 * (including roaming within ESS) and wpa_supplicant does not yet have the 3256 * needed information to complete the connection (e.g., to perform validation 3257 * steps in 4-way handshake). 3258 */ 3259 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s, 3260 const u8 *bssid) 3261 { 3262 struct wpa_scan_results *scan_res; 3263 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0, bssid); 3264 if (scan_res == NULL) 3265 return -1; 3266 wpa_scan_results_free(scan_res); 3267 3268 return 0; 3269 } 3270 3271 3272 /** 3273 * scan_only_handler - Reports scan results 3274 */ 3275 void scan_only_handler(struct wpa_supplicant *wpa_s, 3276 struct wpa_scan_results *scan_res) 3277 { 3278 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 3279 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 3280 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 3281 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 3282 wpa_s->manual_scan_id); 3283 wpa_s->manual_scan_use_id = 0; 3284 } else { 3285 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 3286 } 3287 wpas_notify_scan_results(wpa_s); 3288 wpas_notify_scan_done(wpa_s, 1); 3289 if (wpa_s->scan_work) { 3290 struct wpa_radio_work *work = wpa_s->scan_work; 3291 wpa_s->scan_work = NULL; 3292 radio_work_done(work); 3293 } 3294 3295 if (wpa_s->wpa_state == WPA_SCANNING) 3296 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 3297 } 3298 3299 3300 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 3301 { 3302 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 3303 } 3304 3305 3306 struct wpa_driver_scan_params * 3307 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 3308 { 3309 struct wpa_driver_scan_params *params; 3310 size_t i; 3311 u8 *n; 3312 3313 params = os_zalloc(sizeof(*params)); 3314 if (params == NULL) 3315 return NULL; 3316 3317 for (i = 0; i < src->num_ssids; i++) { 3318 if (src->ssids[i].ssid) { 3319 n = os_memdup(src->ssids[i].ssid, 3320 src->ssids[i].ssid_len); 3321 if (n == NULL) 3322 goto failed; 3323 params->ssids[i].ssid = n; 3324 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 3325 } 3326 } 3327 params->num_ssids = src->num_ssids; 3328 3329 if (src->extra_ies) { 3330 n = os_memdup(src->extra_ies, src->extra_ies_len); 3331 if (n == NULL) 3332 goto failed; 3333 params->extra_ies = n; 3334 params->extra_ies_len = src->extra_ies_len; 3335 } 3336 3337 if (src->freqs) { 3338 int len = int_array_len(src->freqs); 3339 params->freqs = os_memdup(src->freqs, (len + 1) * sizeof(int)); 3340 if (params->freqs == NULL) 3341 goto failed; 3342 } 3343 3344 if (src->filter_ssids) { 3345 params->filter_ssids = os_memdup(src->filter_ssids, 3346 sizeof(*params->filter_ssids) * 3347 src->num_filter_ssids); 3348 if (params->filter_ssids == NULL) 3349 goto failed; 3350 params->num_filter_ssids = src->num_filter_ssids; 3351 } 3352 3353 params->filter_rssi = src->filter_rssi; 3354 params->p2p_probe = src->p2p_probe; 3355 params->only_new_results = src->only_new_results; 3356 params->low_priority = src->low_priority; 3357 params->duration = src->duration; 3358 params->duration_mandatory = src->duration_mandatory; 3359 params->oce_scan = src->oce_scan; 3360 params->link_id = src->link_id; 3361 3362 if (src->sched_scan_plans_num > 0) { 3363 params->sched_scan_plans = 3364 os_memdup(src->sched_scan_plans, 3365 sizeof(*src->sched_scan_plans) * 3366 src->sched_scan_plans_num); 3367 if (!params->sched_scan_plans) 3368 goto failed; 3369 3370 params->sched_scan_plans_num = src->sched_scan_plans_num; 3371 } 3372 3373 if (src->mac_addr_rand && 3374 wpa_setup_mac_addr_rand_params(params, src->mac_addr)) 3375 goto failed; 3376 3377 if (src->bssid) { 3378 u8 *bssid; 3379 3380 bssid = os_memdup(src->bssid, ETH_ALEN); 3381 if (!bssid) 3382 goto failed; 3383 params->bssid = bssid; 3384 } 3385 3386 params->relative_rssi_set = src->relative_rssi_set; 3387 params->relative_rssi = src->relative_rssi; 3388 params->relative_adjust_band = src->relative_adjust_band; 3389 params->relative_adjust_rssi = src->relative_adjust_rssi; 3390 params->p2p_include_6ghz = src->p2p_include_6ghz; 3391 params->non_coloc_6ghz = src->non_coloc_6ghz; 3392 params->min_probe_req_content = src->min_probe_req_content; 3393 return params; 3394 3395 failed: 3396 wpa_scan_free_params(params); 3397 return NULL; 3398 } 3399 3400 3401 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 3402 { 3403 size_t i; 3404 3405 if (params == NULL) 3406 return; 3407 3408 for (i = 0; i < params->num_ssids; i++) 3409 os_free((u8 *) params->ssids[i].ssid); 3410 os_free((u8 *) params->extra_ies); 3411 os_free(params->freqs); 3412 os_free(params->filter_ssids); 3413 os_free(params->sched_scan_plans); 3414 3415 /* 3416 * Note: params->mac_addr_mask points to same memory allocation and 3417 * must not be freed separately. 3418 */ 3419 os_free((u8 *) params->mac_addr); 3420 3421 os_free((u8 *) params->bssid); 3422 3423 os_free(params); 3424 } 3425 3426 3427 int wpas_start_pno(struct wpa_supplicant *wpa_s) 3428 { 3429 int ret; 3430 size_t prio, i, num_ssid, num_match_ssid; 3431 struct wpa_ssid *ssid; 3432 struct wpa_driver_scan_params params; 3433 struct sched_scan_plan scan_plan; 3434 unsigned int max_sched_scan_ssids; 3435 3436 if (!wpa_s->sched_scan_supported) 3437 return -1; 3438 3439 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 3440 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 3441 else 3442 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 3443 if (max_sched_scan_ssids < 1) 3444 return -1; 3445 3446 if (wpa_s->pno || wpa_s->pno_sched_pending) 3447 return 0; 3448 3449 if ((wpa_s->wpa_state > WPA_SCANNING) && 3450 (wpa_s->wpa_state < WPA_COMPLETED)) { 3451 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 3452 return -EAGAIN; 3453 } 3454 3455 if (wpa_s->wpa_state == WPA_SCANNING) { 3456 wpa_supplicant_cancel_scan(wpa_s); 3457 if (wpa_s->sched_scanning) { 3458 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 3459 "ongoing sched scan"); 3460 wpa_supplicant_cancel_sched_scan(wpa_s); 3461 wpa_s->pno_sched_pending = 1; 3462 return 0; 3463 } 3464 } 3465 3466 if (wpa_s->sched_scan_stop_req) { 3467 wpa_printf(MSG_DEBUG, 3468 "Schedule PNO after previous sched scan has stopped"); 3469 wpa_s->pno_sched_pending = 1; 3470 return 0; 3471 } 3472 3473 os_memset(¶ms, 0, sizeof(params)); 3474 3475 num_ssid = num_match_ssid = 0; 3476 ssid = wpa_s->conf->ssid; 3477 while (ssid) { 3478 if (!wpas_network_disabled(wpa_s, ssid)) { 3479 num_match_ssid++; 3480 if (ssid->scan_ssid) 3481 num_ssid++; 3482 } 3483 ssid = ssid->next; 3484 } 3485 3486 if (num_match_ssid == 0) { 3487 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 3488 return -1; 3489 } 3490 3491 if (num_match_ssid > num_ssid) { 3492 params.num_ssids++; /* wildcard */ 3493 num_ssid++; 3494 } 3495 3496 if (num_ssid > max_sched_scan_ssids) { 3497 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 3498 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 3499 num_ssid = max_sched_scan_ssids; 3500 } 3501 3502 if (num_match_ssid > wpa_s->max_match_sets) { 3503 num_match_ssid = wpa_s->max_match_sets; 3504 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 3505 } 3506 params.filter_ssids = os_calloc(num_match_ssid, 3507 sizeof(struct wpa_driver_scan_filter)); 3508 if (params.filter_ssids == NULL) 3509 return -1; 3510 3511 i = 0; 3512 prio = 0; 3513 ssid = wpa_s->conf->pssid[prio]; 3514 while (ssid) { 3515 if (!wpas_network_disabled(wpa_s, ssid)) { 3516 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 3517 params.ssids[params.num_ssids].ssid = 3518 ssid->ssid; 3519 params.ssids[params.num_ssids].ssid_len = 3520 ssid->ssid_len; 3521 params.num_ssids++; 3522 } 3523 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 3524 ssid->ssid_len); 3525 params.filter_ssids[i].ssid_len = ssid->ssid_len; 3526 params.num_filter_ssids++; 3527 i++; 3528 if (i == num_match_ssid) 3529 break; 3530 } 3531 if (ssid->pnext) 3532 ssid = ssid->pnext; 3533 else if (prio + 1 == wpa_s->conf->num_prio) 3534 break; 3535 else 3536 ssid = wpa_s->conf->pssid[++prio]; 3537 } 3538 3539 if (wpa_s->conf->filter_rssi) 3540 params.filter_rssi = wpa_s->conf->filter_rssi; 3541 3542 if (wpa_s->sched_scan_plans_num) { 3543 params.sched_scan_plans = wpa_s->sched_scan_plans; 3544 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 3545 } else { 3546 /* Set one scan plan that will run infinitely */ 3547 if (wpa_s->conf->sched_scan_interval) 3548 scan_plan.interval = wpa_s->conf->sched_scan_interval; 3549 else 3550 scan_plan.interval = 10; 3551 3552 scan_plan.iterations = 0; 3553 params.sched_scan_plans = &scan_plan; 3554 params.sched_scan_plans_num = 1; 3555 } 3556 3557 params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay; 3558 3559 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 3560 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 3561 params.freqs = wpa_s->manual_sched_scan_freqs; 3562 } 3563 3564 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) && 3565 wpa_s->wpa_state <= WPA_SCANNING) 3566 wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_pno); 3567 3568 wpa_scan_set_relative_rssi_params(wpa_s, ¶ms); 3569 3570 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 3571 os_free(params.filter_ssids); 3572 os_free(params.mac_addr); 3573 if (ret == 0) 3574 wpa_s->pno = 1; 3575 else 3576 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 3577 return ret; 3578 } 3579 3580 3581 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 3582 { 3583 int ret = 0; 3584 3585 if (!wpa_s->pno) 3586 return 0; 3587 3588 ret = wpa_supplicant_stop_sched_scan(wpa_s); 3589 wpa_s->sched_scan_stop_req = 1; 3590 3591 wpa_s->pno = 0; 3592 wpa_s->pno_sched_pending = 0; 3593 3594 if (wpa_s->wpa_state == WPA_SCANNING) 3595 wpa_supplicant_req_scan(wpa_s, 0, 0); 3596 3597 return ret; 3598 } 3599 3600 3601 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 3602 unsigned int type) 3603 { 3604 type &= MAC_ADDR_RAND_ALL; 3605 wpa_s->mac_addr_rand_enable &= ~type; 3606 3607 if (type & MAC_ADDR_RAND_SCAN) { 3608 os_free(wpa_s->mac_addr_scan); 3609 wpa_s->mac_addr_scan = NULL; 3610 } 3611 3612 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 3613 os_free(wpa_s->mac_addr_sched_scan); 3614 wpa_s->mac_addr_sched_scan = NULL; 3615 } 3616 3617 if (type & MAC_ADDR_RAND_PNO) { 3618 os_free(wpa_s->mac_addr_pno); 3619 wpa_s->mac_addr_pno = NULL; 3620 } 3621 } 3622 3623 3624 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 3625 unsigned int type, const u8 *addr, 3626 const u8 *mask) 3627 { 3628 u8 *tmp = NULL; 3629 3630 if ((wpa_s->mac_addr_rand_supported & type) != type ) { 3631 wpa_printf(MSG_INFO, 3632 "scan: MAC randomization type %u != supported=%u", 3633 type, wpa_s->mac_addr_rand_supported); 3634 return -1; 3635 } 3636 3637 wpas_mac_addr_rand_scan_clear(wpa_s, type); 3638 3639 if (addr) { 3640 tmp = os_malloc(2 * ETH_ALEN); 3641 if (!tmp) 3642 return -1; 3643 os_memcpy(tmp, addr, ETH_ALEN); 3644 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 3645 } 3646 3647 if (type == MAC_ADDR_RAND_SCAN) { 3648 wpa_s->mac_addr_scan = tmp; 3649 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 3650 wpa_s->mac_addr_sched_scan = tmp; 3651 } else if (type == MAC_ADDR_RAND_PNO) { 3652 wpa_s->mac_addr_pno = tmp; 3653 } else { 3654 wpa_printf(MSG_INFO, 3655 "scan: Invalid MAC randomization type=0x%x", 3656 type); 3657 os_free(tmp); 3658 return -1; 3659 } 3660 3661 wpa_s->mac_addr_rand_enable |= type; 3662 return 0; 3663 } 3664 3665 3666 int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s, 3667 unsigned int type, u8 *mask) 3668 { 3669 const u8 *to_copy; 3670 3671 if ((wpa_s->mac_addr_rand_enable & type) != type) 3672 return -1; 3673 3674 if (type == MAC_ADDR_RAND_SCAN) { 3675 to_copy = wpa_s->mac_addr_scan; 3676 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 3677 to_copy = wpa_s->mac_addr_sched_scan; 3678 } else if (type == MAC_ADDR_RAND_PNO) { 3679 to_copy = wpa_s->mac_addr_pno; 3680 } else { 3681 wpa_printf(MSG_DEBUG, 3682 "scan: Invalid MAC randomization type=0x%x", 3683 type); 3684 return -1; 3685 } 3686 3687 os_memcpy(mask, to_copy + ETH_ALEN, ETH_ALEN); 3688 return 0; 3689 } 3690 3691 3692 int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 3693 { 3694 struct wpa_radio_work *work; 3695 struct wpa_radio *radio = wpa_s->radio; 3696 3697 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) { 3698 if (work->wpa_s != wpa_s || !work->started || 3699 (os_strcmp(work->type, "scan") != 0 && 3700 os_strcmp(work->type, "p2p-scan") != 0)) 3701 continue; 3702 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 3703 return wpa_drv_abort_scan(wpa_s, wpa_s->curr_scan_cookie); 3704 } 3705 3706 wpa_dbg(wpa_s, MSG_DEBUG, "No ongoing scan/p2p-scan found to abort"); 3707 return -1; 3708 } 3709 3710 3711 int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 3712 { 3713 struct sched_scan_plan *scan_plans = NULL; 3714 const char *token, *context = NULL; 3715 unsigned int num = 0; 3716 3717 if (!cmd) 3718 return -1; 3719 3720 if (!cmd[0]) { 3721 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 3722 os_free(wpa_s->sched_scan_plans); 3723 wpa_s->sched_scan_plans = NULL; 3724 wpa_s->sched_scan_plans_num = 0; 3725 return 0; 3726 } 3727 3728 while ((token = cstr_token(cmd, " ", &context))) { 3729 int ret; 3730 struct sched_scan_plan *scan_plan, *n; 3731 3732 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 3733 if (!n) 3734 goto fail; 3735 3736 scan_plans = n; 3737 scan_plan = &scan_plans[num]; 3738 num++; 3739 3740 ret = sscanf(token, "%u:%u", &scan_plan->interval, 3741 &scan_plan->iterations); 3742 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 3743 wpa_printf(MSG_ERROR, 3744 "Invalid sched scan plan input: %s", token); 3745 goto fail; 3746 } 3747 3748 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 3749 wpa_printf(MSG_WARNING, 3750 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 3751 num, scan_plan->interval, 3752 wpa_s->max_sched_scan_plan_interval); 3753 scan_plan->interval = 3754 wpa_s->max_sched_scan_plan_interval; 3755 } 3756 3757 if (ret == 1) { 3758 scan_plan->iterations = 0; 3759 break; 3760 } 3761 3762 if (!scan_plan->iterations) { 3763 wpa_printf(MSG_ERROR, 3764 "scan plan %u: Number of iterations cannot be zero", 3765 num); 3766 goto fail; 3767 } 3768 3769 if (scan_plan->iterations > 3770 wpa_s->max_sched_scan_plan_iterations) { 3771 wpa_printf(MSG_WARNING, 3772 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 3773 num, scan_plan->iterations, 3774 wpa_s->max_sched_scan_plan_iterations); 3775 scan_plan->iterations = 3776 wpa_s->max_sched_scan_plan_iterations; 3777 } 3778 3779 wpa_printf(MSG_DEBUG, 3780 "scan plan %u: interval=%u iterations=%u", 3781 num, scan_plan->interval, scan_plan->iterations); 3782 } 3783 3784 if (!scan_plans) { 3785 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 3786 goto fail; 3787 } 3788 3789 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 3790 wpa_printf(MSG_ERROR, 3791 "All scan plans but the last must specify a number of iterations"); 3792 goto fail; 3793 } 3794 3795 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 3796 num, scan_plans[num - 1].interval); 3797 3798 if (num > wpa_s->max_sched_scan_plans) { 3799 wpa_printf(MSG_WARNING, 3800 "Too many scheduled scan plans (only %u supported)", 3801 wpa_s->max_sched_scan_plans); 3802 wpa_printf(MSG_WARNING, 3803 "Use only the first %u scan plans, and the last one (in infinite loop)", 3804 wpa_s->max_sched_scan_plans - 1); 3805 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 3806 &scan_plans[num - 1], sizeof(*scan_plans)); 3807 num = wpa_s->max_sched_scan_plans; 3808 } 3809 3810 os_free(wpa_s->sched_scan_plans); 3811 wpa_s->sched_scan_plans = scan_plans; 3812 wpa_s->sched_scan_plans_num = num; 3813 3814 return 0; 3815 3816 fail: 3817 os_free(scan_plans); 3818 wpa_printf(MSG_ERROR, "invalid scan plans list"); 3819 return -1; 3820 } 3821 3822 3823 /** 3824 * wpas_scan_reset_sched_scan - Reset sched_scan state 3825 * @wpa_s: Pointer to wpa_supplicant data 3826 * 3827 * This function is used to cancel a running scheduled scan and to reset an 3828 * internal scan state to continue with a regular scan on the following 3829 * wpa_supplicant_req_scan() calls. 3830 */ 3831 void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s) 3832 { 3833 wpa_s->normal_scans = 0; 3834 if (wpa_s->sched_scanning) { 3835 wpa_s->sched_scan_timed_out = 0; 3836 wpa_s->prev_sched_ssid = NULL; 3837 wpa_supplicant_cancel_sched_scan(wpa_s); 3838 } 3839 } 3840 3841 3842 void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s) 3843 { 3844 /* simulate timeout to restart the sched scan */ 3845 wpa_s->sched_scan_timed_out = 1; 3846 wpa_s->prev_sched_ssid = NULL; 3847 wpa_supplicant_cancel_sched_scan(wpa_s); 3848 } 3849