1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (ssid->eap.phase1 && os_strstr(ssid->eap.phase1, "pbc=1")) 63 return 2; 64 } 65 66 #ifdef CONFIG_P2P 67 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 68 !wpa_s->conf->p2p_disabled) { 69 wpa_s->wps->dev.p2p = 1; 70 if (!wps) { 71 wps = 1; 72 *req_type = WPS_REQ_ENROLLEE_INFO; 73 } 74 } 75 #endif /* CONFIG_P2P */ 76 77 return wps; 78 } 79 #endif /* CONFIG_WPS */ 80 81 82 /** 83 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 84 * @wpa_s: Pointer to wpa_supplicant data 85 * Returns: 0 if no networks are enabled, >0 if networks are enabled 86 * 87 * This function is used to figure out whether any networks (or Interworking 88 * with enabled credentials and auto_interworking) are present in the current 89 * configuration. 90 */ 91 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 92 { 93 struct wpa_ssid *ssid = wpa_s->conf->ssid; 94 int count = 0, disabled = 0; 95 96 if (wpa_s->p2p_mgmt) 97 return 0; /* no normal network profiles on p2p_mgmt interface */ 98 99 while (ssid) { 100 if (!wpas_network_disabled(wpa_s, ssid)) 101 count++; 102 else 103 disabled++; 104 ssid = ssid->next; 105 } 106 if (wpa_s->conf->cred && wpa_s->conf->interworking && 107 wpa_s->conf->auto_interworking) 108 count++; 109 if (count == 0 && disabled > 0) { 110 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 111 "networks)", disabled); 112 } 113 return count; 114 } 115 116 117 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 118 struct wpa_ssid *ssid) 119 { 120 while (ssid) { 121 if (!wpas_network_disabled(wpa_s, ssid)) 122 break; 123 ssid = ssid->next; 124 } 125 126 /* ap_scan=2 mode - try to associate with each SSID. */ 127 if (ssid == NULL) { 128 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 129 "end of scan list - go back to beginning"); 130 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 131 wpa_supplicant_req_scan(wpa_s, 0, 0); 132 return; 133 } 134 if (ssid->next) { 135 /* Continue from the next SSID on the next attempt. */ 136 wpa_s->prev_scan_ssid = ssid; 137 } else { 138 /* Start from the beginning of the SSID list. */ 139 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 140 } 141 wpa_supplicant_associate(wpa_s, NULL, ssid); 142 } 143 144 145 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 146 { 147 struct wpa_supplicant *wpa_s = work->wpa_s; 148 struct wpa_driver_scan_params *params = work->ctx; 149 int ret; 150 151 if (deinit) { 152 if (!work->started) { 153 wpa_scan_free_params(params); 154 return; 155 } 156 wpa_supplicant_notify_scanning(wpa_s, 0); 157 wpas_notify_scan_done(wpa_s, 0); 158 wpa_s->scan_work = NULL; 159 return; 160 } 161 162 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 163 wpa_msg(wpa_s, MSG_INFO, 164 "Failed to assign random MAC address for a scan"); 165 wpa_scan_free_params(params); 166 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 167 radio_work_done(work); 168 return; 169 } 170 171 wpa_supplicant_notify_scanning(wpa_s, 1); 172 173 if (wpa_s->clear_driver_scan_cache) { 174 wpa_printf(MSG_DEBUG, 175 "Request driver to clear scan cache due to local BSS flush"); 176 params->only_new_results = 1; 177 } 178 ret = wpa_drv_scan(wpa_s, params); 179 wpa_scan_free_params(params); 180 work->ctx = NULL; 181 if (ret) { 182 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 183 184 if (wpa_s->disconnected) 185 retry = 0; 186 187 wpa_supplicant_notify_scanning(wpa_s, 0); 188 wpas_notify_scan_done(wpa_s, 0); 189 if (wpa_s->wpa_state == WPA_SCANNING) 190 wpa_supplicant_set_state(wpa_s, 191 wpa_s->scan_prev_wpa_state); 192 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 193 ret, retry ? " retry=1" : ""); 194 radio_work_done(work); 195 196 if (retry) { 197 /* Restore scan_req since we will try to scan again */ 198 wpa_s->scan_req = wpa_s->last_scan_req; 199 wpa_supplicant_req_scan(wpa_s, 1, 0); 200 } 201 return; 202 } 203 204 os_get_reltime(&wpa_s->scan_trigger_time); 205 wpa_s->scan_runs++; 206 wpa_s->normal_scans++; 207 wpa_s->own_scan_requested = 1; 208 wpa_s->clear_driver_scan_cache = 0; 209 wpa_s->scan_work = work; 210 } 211 212 213 /** 214 * wpa_supplicant_trigger_scan - Request driver to start a scan 215 * @wpa_s: Pointer to wpa_supplicant data 216 * @params: Scan parameters 217 * Returns: 0 on success, -1 on failure 218 */ 219 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 220 struct wpa_driver_scan_params *params) 221 { 222 struct wpa_driver_scan_params *ctx; 223 224 if (wpa_s->scan_work) { 225 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 226 return -1; 227 } 228 229 ctx = wpa_scan_clone_params(params); 230 if (!ctx || 231 radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 232 { 233 wpa_scan_free_params(ctx); 234 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 235 return -1; 236 } 237 238 return 0; 239 } 240 241 242 static void 243 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 244 { 245 struct wpa_supplicant *wpa_s = eloop_ctx; 246 247 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 248 249 if (wpa_supplicant_req_sched_scan(wpa_s)) 250 wpa_supplicant_req_scan(wpa_s, 0, 0); 251 } 252 253 254 static void 255 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 256 { 257 struct wpa_supplicant *wpa_s = eloop_ctx; 258 259 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 260 261 wpa_s->sched_scan_timed_out = 1; 262 wpa_supplicant_cancel_sched_scan(wpa_s); 263 } 264 265 266 static int 267 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 268 struct wpa_driver_scan_params *params) 269 { 270 int ret; 271 272 wpa_supplicant_notify_scanning(wpa_s, 1); 273 ret = wpa_drv_sched_scan(wpa_s, params); 274 if (ret) 275 wpa_supplicant_notify_scanning(wpa_s, 0); 276 else 277 wpa_s->sched_scanning = 1; 278 279 return ret; 280 } 281 282 283 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 284 { 285 int ret; 286 287 ret = wpa_drv_stop_sched_scan(wpa_s); 288 if (ret) { 289 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 290 /* TODO: what to do if stopping fails? */ 291 return -1; 292 } 293 294 return ret; 295 } 296 297 298 static struct wpa_driver_scan_filter * 299 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 300 { 301 struct wpa_driver_scan_filter *ssids; 302 struct wpa_ssid *ssid; 303 size_t count; 304 305 *num_ssids = 0; 306 if (!conf->filter_ssids) 307 return NULL; 308 309 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 310 if (ssid->ssid && ssid->ssid_len) 311 count++; 312 } 313 if (count == 0) 314 return NULL; 315 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 316 if (ssids == NULL) 317 return NULL; 318 319 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 320 if (!ssid->ssid || !ssid->ssid_len) 321 continue; 322 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 323 ssids[*num_ssids].ssid_len = ssid->ssid_len; 324 (*num_ssids)++; 325 } 326 327 return ssids; 328 } 329 330 331 static void wpa_supplicant_optimize_freqs( 332 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 333 { 334 #ifdef CONFIG_P2P 335 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 336 wpa_s->go_params) { 337 /* Optimize provisioning state scan based on GO information */ 338 if (wpa_s->p2p_in_provisioning < 5 && 339 wpa_s->go_params->freq > 0) { 340 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 341 "preferred frequency %d MHz", 342 wpa_s->go_params->freq); 343 params->freqs = os_calloc(2, sizeof(int)); 344 if (params->freqs) 345 params->freqs[0] = wpa_s->go_params->freq; 346 } else if (wpa_s->p2p_in_provisioning < 8 && 347 wpa_s->go_params->freq_list[0]) { 348 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 349 "channels"); 350 int_array_concat(¶ms->freqs, 351 wpa_s->go_params->freq_list); 352 if (params->freqs) 353 int_array_sort_unique(params->freqs); 354 } 355 wpa_s->p2p_in_provisioning++; 356 } 357 358 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 359 /* 360 * Optimize scan based on GO information during persistent 361 * group reinvocation 362 */ 363 if (wpa_s->p2p_in_invitation < 5 && 364 wpa_s->p2p_invite_go_freq > 0) { 365 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 366 wpa_s->p2p_invite_go_freq); 367 params->freqs = os_calloc(2, sizeof(int)); 368 if (params->freqs) 369 params->freqs[0] = wpa_s->p2p_invite_go_freq; 370 } 371 wpa_s->p2p_in_invitation++; 372 if (wpa_s->p2p_in_invitation > 20) { 373 /* 374 * This should not really happen since the variable is 375 * cleared on group removal, but if it does happen, make 376 * sure we do not get stuck in special invitation scan 377 * mode. 378 */ 379 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 380 wpa_s->p2p_in_invitation = 0; 381 } 382 } 383 #endif /* CONFIG_P2P */ 384 385 #ifdef CONFIG_WPS 386 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 387 /* 388 * Optimize post-provisioning scan based on channel used 389 * during provisioning. 390 */ 391 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 392 "that was used during provisioning", wpa_s->wps_freq); 393 params->freqs = os_calloc(2, sizeof(int)); 394 if (params->freqs) 395 params->freqs[0] = wpa_s->wps_freq; 396 wpa_s->after_wps--; 397 } else if (wpa_s->after_wps) 398 wpa_s->after_wps--; 399 400 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 401 { 402 /* Optimize provisioning scan based on already known channel */ 403 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 404 wpa_s->wps_freq); 405 params->freqs = os_calloc(2, sizeof(int)); 406 if (params->freqs) 407 params->freqs[0] = wpa_s->wps_freq; 408 wpa_s->known_wps_freq = 0; /* only do this once */ 409 } 410 #endif /* CONFIG_WPS */ 411 } 412 413 414 #ifdef CONFIG_INTERWORKING 415 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 416 struct wpabuf *buf) 417 { 418 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 419 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 420 1 + ETH_ALEN); 421 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 422 /* No Venue Info */ 423 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 424 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 425 } 426 #endif /* CONFIG_INTERWORKING */ 427 428 429 void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s) 430 { 431 struct wpabuf *default_ies = NULL; 432 u8 ext_capab[18]; 433 int ext_capab_len; 434 enum wpa_driver_if_type type = WPA_IF_STATION; 435 436 #ifdef CONFIG_P2P 437 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 438 type = WPA_IF_P2P_CLIENT; 439 #endif /* CONFIG_P2P */ 440 441 wpa_drv_get_ext_capa(wpa_s, type); 442 443 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 444 sizeof(ext_capab)); 445 if (ext_capab_len > 0 && 446 wpabuf_resize(&default_ies, ext_capab_len) == 0) 447 wpabuf_put_data(default_ies, ext_capab, ext_capab_len); 448 449 #ifdef CONFIG_MBO 450 /* Send cellular capabilities for potential MBO STAs */ 451 if (wpabuf_resize(&default_ies, 9) == 0) 452 wpas_mbo_scan_ie(wpa_s, default_ies); 453 #endif /* CONFIG_MBO */ 454 455 if (default_ies) 456 wpa_drv_set_default_scan_ies(wpa_s, wpabuf_head(default_ies), 457 wpabuf_len(default_ies)); 458 wpabuf_free(default_ies); 459 } 460 461 462 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 463 { 464 struct wpabuf *extra_ie = NULL; 465 u8 ext_capab[18]; 466 int ext_capab_len; 467 #ifdef CONFIG_WPS 468 int wps = 0; 469 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 470 #endif /* CONFIG_WPS */ 471 472 #ifdef CONFIG_P2P 473 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 474 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT); 475 else 476 #endif /* CONFIG_P2P */ 477 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION); 478 479 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 480 sizeof(ext_capab)); 481 if (ext_capab_len > 0 && 482 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 483 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 484 485 #ifdef CONFIG_INTERWORKING 486 if (wpa_s->conf->interworking && 487 wpabuf_resize(&extra_ie, 100) == 0) 488 wpas_add_interworking_elements(wpa_s, extra_ie); 489 #endif /* CONFIG_INTERWORKING */ 490 491 #ifdef CONFIG_WPS 492 wps = wpas_wps_in_use(wpa_s, &req_type); 493 494 if (wps) { 495 struct wpabuf *wps_ie; 496 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 497 DEV_PW_DEFAULT, 498 &wpa_s->wps->dev, 499 wpa_s->wps->uuid, req_type, 500 0, NULL); 501 if (wps_ie) { 502 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 503 wpabuf_put_buf(extra_ie, wps_ie); 504 wpabuf_free(wps_ie); 505 } 506 } 507 508 #ifdef CONFIG_P2P 509 if (wps) { 510 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 511 if (wpabuf_resize(&extra_ie, ielen) == 0) 512 wpas_p2p_scan_ie(wpa_s, extra_ie); 513 } 514 #endif /* CONFIG_P2P */ 515 516 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 517 518 #endif /* CONFIG_WPS */ 519 520 #ifdef CONFIG_HS20 521 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 522 wpas_hs20_add_indication(extra_ie, -1); 523 #endif /* CONFIG_HS20 */ 524 525 #ifdef CONFIG_FST 526 if (wpa_s->fst_ies && 527 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 528 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 529 #endif /* CONFIG_FST */ 530 531 #ifdef CONFIG_MBO 532 /* Send cellular capabilities for potential MBO STAs */ 533 if (wpabuf_resize(&extra_ie, 9) == 0) 534 wpas_mbo_scan_ie(wpa_s, extra_ie); 535 #endif /* CONFIG_MBO */ 536 537 if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) { 538 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]; 539 540 if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0) 541 wpabuf_put_buf(extra_ie, buf); 542 } 543 544 return extra_ie; 545 } 546 547 548 #ifdef CONFIG_P2P 549 550 /* 551 * Check whether there are any enabled networks or credentials that could be 552 * used for a non-P2P connection. 553 */ 554 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 555 { 556 struct wpa_ssid *ssid; 557 558 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 559 if (wpas_network_disabled(wpa_s, ssid)) 560 continue; 561 if (!ssid->p2p_group) 562 return 1; 563 } 564 565 if (wpa_s->conf->cred && wpa_s->conf->interworking && 566 wpa_s->conf->auto_interworking) 567 return 1; 568 569 return 0; 570 } 571 572 #endif /* CONFIG_P2P */ 573 574 575 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 576 enum hostapd_hw_mode band, 577 struct wpa_driver_scan_params *params) 578 { 579 /* Include only supported channels for the specified band */ 580 struct hostapd_hw_modes *mode; 581 int count, i; 582 583 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 584 if (mode == NULL) { 585 /* No channels supported in this band - use empty list */ 586 params->freqs = os_zalloc(sizeof(int)); 587 return; 588 } 589 590 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 591 if (params->freqs == NULL) 592 return; 593 for (count = 0, i = 0; i < mode->num_channels; i++) { 594 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 595 continue; 596 params->freqs[count++] = mode->channels[i].freq; 597 } 598 } 599 600 601 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 602 struct wpa_driver_scan_params *params) 603 { 604 if (wpa_s->hw.modes == NULL) 605 return; /* unknown what channels the driver supports */ 606 if (params->freqs) 607 return; /* already using a limited channel set */ 608 if (wpa_s->setband == WPA_SETBAND_5G) 609 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 610 params); 611 else if (wpa_s->setband == WPA_SETBAND_2G) 612 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 613 params); 614 } 615 616 617 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 618 struct wpa_driver_scan_params *params, 619 size_t max_ssids) 620 { 621 unsigned int i; 622 struct wpa_ssid *ssid; 623 624 /* 625 * For devices with max_ssids greater than 1, leave the last slot empty 626 * for adding the wildcard scan entry. 627 */ 628 max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids; 629 630 for (i = 0; i < wpa_s->scan_id_count; i++) { 631 unsigned int j; 632 633 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 634 if (!ssid || !ssid->scan_ssid) 635 continue; 636 637 for (j = 0; j < params->num_ssids; j++) { 638 if (params->ssids[j].ssid_len == ssid->ssid_len && 639 params->ssids[j].ssid && 640 os_memcmp(params->ssids[j].ssid, ssid->ssid, 641 ssid->ssid_len) == 0) 642 break; 643 } 644 if (j < params->num_ssids) 645 continue; /* already in the list */ 646 647 if (params->num_ssids + 1 > max_ssids) { 648 wpa_printf(MSG_DEBUG, 649 "Over max scan SSIDs for manual request"); 650 break; 651 } 652 653 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 654 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 655 params->ssids[params->num_ssids].ssid = ssid->ssid; 656 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 657 params->num_ssids++; 658 } 659 660 wpa_s->scan_id_count = 0; 661 } 662 663 664 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 665 struct wpa_driver_scan_params *params, 666 size_t max_ssids) 667 { 668 unsigned int i; 669 670 if (wpa_s->ssids_from_scan_req == NULL || 671 wpa_s->num_ssids_from_scan_req == 0) 672 return 0; 673 674 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 675 wpa_s->num_ssids_from_scan_req = max_ssids; 676 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 677 (unsigned int) max_ssids); 678 } 679 680 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 681 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 682 params->ssids[i].ssid_len = 683 wpa_s->ssids_from_scan_req[i].ssid_len; 684 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 685 params->ssids[i].ssid, 686 params->ssids[i].ssid_len); 687 } 688 689 params->num_ssids = wpa_s->num_ssids_from_scan_req; 690 wpa_s->num_ssids_from_scan_req = 0; 691 return 1; 692 } 693 694 695 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 696 { 697 struct wpa_supplicant *wpa_s = eloop_ctx; 698 struct wpa_ssid *ssid; 699 int ret, p2p_in_prog; 700 struct wpabuf *extra_ie = NULL; 701 struct wpa_driver_scan_params params; 702 struct wpa_driver_scan_params *scan_params; 703 size_t max_ssids; 704 int connect_without_scan = 0; 705 706 if (wpa_s->pno || wpa_s->pno_sched_pending) { 707 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 708 return; 709 } 710 711 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 712 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 713 return; 714 } 715 716 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 717 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 718 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 719 return; 720 } 721 722 if (wpa_s->scanning) { 723 /* 724 * If we are already in scanning state, we shall reschedule the 725 * the incoming scan request. 726 */ 727 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 728 wpa_supplicant_req_scan(wpa_s, 1, 0); 729 return; 730 } 731 732 if (!wpa_supplicant_enabled_networks(wpa_s) && 733 wpa_s->scan_req == NORMAL_SCAN_REQ) { 734 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 735 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 736 return; 737 } 738 739 if (wpa_s->conf->ap_scan != 0 && 740 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 741 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 742 "overriding ap_scan configuration"); 743 wpa_s->conf->ap_scan = 0; 744 wpas_notify_ap_scan_changed(wpa_s); 745 } 746 747 if (wpa_s->conf->ap_scan == 0) { 748 wpa_supplicant_gen_assoc_event(wpa_s); 749 return; 750 } 751 752 ssid = NULL; 753 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 754 wpa_s->connect_without_scan) { 755 connect_without_scan = 1; 756 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 757 if (ssid == wpa_s->connect_without_scan) 758 break; 759 } 760 } 761 762 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 763 if (p2p_in_prog && p2p_in_prog != 2 && 764 (!ssid || 765 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 766 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 767 wpa_supplicant_req_scan(wpa_s, 5, 0); 768 return; 769 } 770 771 if (wpa_s->conf->ap_scan == 2) 772 max_ssids = 1; 773 else { 774 max_ssids = wpa_s->max_scan_ssids; 775 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 776 max_ssids = WPAS_MAX_SCAN_SSIDS; 777 } 778 779 wpa_s->last_scan_req = wpa_s->scan_req; 780 wpa_s->scan_req = NORMAL_SCAN_REQ; 781 782 if (connect_without_scan) { 783 wpa_s->connect_without_scan = NULL; 784 if (ssid) { 785 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 786 "without scan step"); 787 wpa_supplicant_associate(wpa_s, NULL, ssid); 788 return; 789 } 790 } 791 792 os_memset(¶ms, 0, sizeof(params)); 793 794 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 795 if (wpa_s->wpa_state == WPA_DISCONNECTED || 796 wpa_s->wpa_state == WPA_INACTIVE) 797 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 798 799 /* 800 * If autoscan has set its own scanning parameters 801 */ 802 if (wpa_s->autoscan_params != NULL) { 803 scan_params = wpa_s->autoscan_params; 804 goto scan; 805 } 806 807 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 808 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 809 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 810 goto ssid_list_set; 811 } 812 813 #ifdef CONFIG_P2P 814 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 815 wpa_s->go_params && !wpa_s->conf->passive_scan) { 816 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 817 wpa_s->p2p_in_provisioning, 818 wpa_s->show_group_started); 819 params.ssids[0].ssid = wpa_s->go_params->ssid; 820 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 821 params.num_ssids = 1; 822 goto ssid_list_set; 823 } 824 825 if (wpa_s->p2p_in_invitation) { 826 if (wpa_s->current_ssid) { 827 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 828 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 829 params.ssids[0].ssid_len = 830 wpa_s->current_ssid->ssid_len; 831 params.num_ssids = 1; 832 } else { 833 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 834 } 835 goto ssid_list_set; 836 } 837 #endif /* CONFIG_P2P */ 838 839 /* Find the starting point from which to continue scanning */ 840 ssid = wpa_s->conf->ssid; 841 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 842 while (ssid) { 843 if (ssid == wpa_s->prev_scan_ssid) { 844 ssid = ssid->next; 845 break; 846 } 847 ssid = ssid->next; 848 } 849 } 850 851 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 852 #ifdef CONFIG_AP 853 !wpa_s->ap_iface && 854 #endif /* CONFIG_AP */ 855 wpa_s->conf->ap_scan == 2) { 856 wpa_s->connect_without_scan = NULL; 857 wpa_s->prev_scan_wildcard = 0; 858 wpa_supplicant_assoc_try(wpa_s, ssid); 859 return; 860 } else if (wpa_s->conf->ap_scan == 2) { 861 /* 862 * User-initiated scan request in ap_scan == 2; scan with 863 * wildcard SSID. 864 */ 865 ssid = NULL; 866 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 867 /* 868 * Perform single-channel single-SSID scan for 869 * reassociate-to-same-BSS operation. 870 */ 871 /* Setup SSID */ 872 ssid = wpa_s->current_ssid; 873 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 874 ssid->ssid, ssid->ssid_len); 875 params.ssids[0].ssid = ssid->ssid; 876 params.ssids[0].ssid_len = ssid->ssid_len; 877 params.num_ssids = 1; 878 879 /* 880 * Allocate memory for frequency array, allocate one extra 881 * slot for the zero-terminator. 882 */ 883 params.freqs = os_malloc(sizeof(int) * 2); 884 if (params.freqs) { 885 params.freqs[0] = wpa_s->assoc_freq; 886 params.freqs[1] = 0; 887 } 888 889 /* 890 * Reset the reattach flag so that we fall back to full scan if 891 * this scan fails. 892 */ 893 wpa_s->reattach = 0; 894 } else { 895 struct wpa_ssid *start = ssid, *tssid; 896 int freqs_set = 0; 897 if (ssid == NULL && max_ssids > 1) 898 ssid = wpa_s->conf->ssid; 899 while (ssid) { 900 if (!wpas_network_disabled(wpa_s, ssid) && 901 ssid->scan_ssid) { 902 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 903 ssid->ssid, ssid->ssid_len); 904 params.ssids[params.num_ssids].ssid = 905 ssid->ssid; 906 params.ssids[params.num_ssids].ssid_len = 907 ssid->ssid_len; 908 params.num_ssids++; 909 if (params.num_ssids + 1 >= max_ssids) 910 break; 911 } 912 ssid = ssid->next; 913 if (ssid == start) 914 break; 915 if (ssid == NULL && max_ssids > 1 && 916 start != wpa_s->conf->ssid) 917 ssid = wpa_s->conf->ssid; 918 } 919 920 if (wpa_s->scan_id_count && 921 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 922 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 923 924 for (tssid = wpa_s->conf->ssid; 925 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 926 tssid = tssid->next) { 927 if (wpas_network_disabled(wpa_s, tssid)) 928 continue; 929 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 930 int_array_concat(¶ms.freqs, 931 tssid->scan_freq); 932 } else { 933 os_free(params.freqs); 934 params.freqs = NULL; 935 } 936 freqs_set = 1; 937 } 938 int_array_sort_unique(params.freqs); 939 } 940 941 if (ssid && max_ssids == 1) { 942 /* 943 * If the driver is limited to 1 SSID at a time interleave 944 * wildcard SSID scans with specific SSID scans to avoid 945 * waiting a long time for a wildcard scan. 946 */ 947 if (!wpa_s->prev_scan_wildcard) { 948 params.ssids[0].ssid = NULL; 949 params.ssids[0].ssid_len = 0; 950 wpa_s->prev_scan_wildcard = 1; 951 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 952 "wildcard SSID (Interleave with specific)"); 953 } else { 954 wpa_s->prev_scan_ssid = ssid; 955 wpa_s->prev_scan_wildcard = 0; 956 wpa_dbg(wpa_s, MSG_DEBUG, 957 "Starting AP scan for specific SSID: %s", 958 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 959 } 960 } else if (ssid) { 961 /* max_ssids > 1 */ 962 963 wpa_s->prev_scan_ssid = ssid; 964 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 965 "the scan request"); 966 params.num_ssids++; 967 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 968 wpa_s->manual_scan_passive && params.num_ssids == 0) { 969 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 970 } else if (wpa_s->conf->passive_scan) { 971 wpa_dbg(wpa_s, MSG_DEBUG, 972 "Use passive scan based on configuration"); 973 } else { 974 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 975 params.num_ssids++; 976 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 977 "SSID"); 978 } 979 980 ssid_list_set: 981 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 982 extra_ie = wpa_supplicant_extra_ies(wpa_s); 983 984 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 985 wpa_s->manual_scan_only_new) { 986 wpa_printf(MSG_DEBUG, 987 "Request driver to clear scan cache due to manual only_new=1 scan"); 988 params.only_new_results = 1; 989 } 990 991 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 992 wpa_s->manual_scan_freqs) { 993 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 994 params.freqs = wpa_s->manual_scan_freqs; 995 wpa_s->manual_scan_freqs = NULL; 996 } 997 998 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 999 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 1000 "generated frequency list"); 1001 params.freqs = wpa_s->next_scan_freqs; 1002 } else 1003 os_free(wpa_s->next_scan_freqs); 1004 wpa_s->next_scan_freqs = NULL; 1005 wpa_setband_scan_freqs(wpa_s, ¶ms); 1006 1007 /* See if user specified frequencies. If so, scan only those. */ 1008 if (wpa_s->conf->freq_list && !params.freqs) { 1009 wpa_dbg(wpa_s, MSG_DEBUG, 1010 "Optimize scan based on conf->freq_list"); 1011 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1012 } 1013 1014 /* Use current associated channel? */ 1015 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 1016 unsigned int num = wpa_s->num_multichan_concurrent; 1017 1018 params.freqs = os_calloc(num + 1, sizeof(int)); 1019 if (params.freqs) { 1020 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1021 if (num > 0) { 1022 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 1023 "current operating channels since " 1024 "scan_cur_freq is enabled"); 1025 } else { 1026 os_free(params.freqs); 1027 params.freqs = NULL; 1028 } 1029 } 1030 } 1031 1032 params.filter_ssids = wpa_supplicant_build_filter_ssids( 1033 wpa_s->conf, ¶ms.num_filter_ssids); 1034 if (extra_ie) { 1035 params.extra_ies = wpabuf_head(extra_ie); 1036 params.extra_ies_len = wpabuf_len(extra_ie); 1037 } 1038 1039 #ifdef CONFIG_P2P 1040 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 1041 (wpa_s->show_group_started && wpa_s->go_params)) { 1042 /* 1043 * The interface may not yet be in P2P mode, so we have to 1044 * explicitly request P2P probe to disable CCK rates. 1045 */ 1046 params.p2p_probe = 1; 1047 } 1048 #endif /* CONFIG_P2P */ 1049 1050 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { 1051 params.mac_addr_rand = 1; 1052 if (wpa_s->mac_addr_scan) { 1053 params.mac_addr = wpa_s->mac_addr_scan; 1054 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 1055 } 1056 } 1057 1058 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1059 struct wpa_bss *bss; 1060 1061 params.bssid = wpa_s->next_scan_bssid; 1062 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1063 if (bss && bss->ssid_len && params.num_ssids == 1 && 1064 params.ssids[0].ssid_len == 0) { 1065 params.ssids[0].ssid = bss->ssid; 1066 params.ssids[0].ssid_len = bss->ssid_len; 1067 wpa_dbg(wpa_s, MSG_DEBUG, 1068 "Scan a previously specified BSSID " MACSTR 1069 " and SSID %s", 1070 MAC2STR(params.bssid), 1071 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1072 } else { 1073 wpa_dbg(wpa_s, MSG_DEBUG, 1074 "Scan a previously specified BSSID " MACSTR, 1075 MAC2STR(params.bssid)); 1076 } 1077 } 1078 1079 scan_params = ¶ms; 1080 1081 scan: 1082 #ifdef CONFIG_P2P 1083 /* 1084 * If the driver does not support multi-channel concurrency and a 1085 * virtual interface that shares the same radio with the wpa_s interface 1086 * is operating there may not be need to scan other channels apart from 1087 * the current operating channel on the other virtual interface. Filter 1088 * out other channels in case we are trying to find a connection for a 1089 * station interface when we are not configured to prefer station 1090 * connection and a concurrent operation is already in process. 1091 */ 1092 if (wpa_s->scan_for_connection && 1093 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1094 !scan_params->freqs && !params.freqs && 1095 wpas_is_p2p_prioritized(wpa_s) && 1096 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1097 non_p2p_network_enabled(wpa_s)) { 1098 unsigned int num = wpa_s->num_multichan_concurrent; 1099 1100 params.freqs = os_calloc(num + 1, sizeof(int)); 1101 if (params.freqs) { 1102 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1103 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1104 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1105 } else { 1106 os_free(params.freqs); 1107 params.freqs = NULL; 1108 } 1109 } 1110 } 1111 #endif /* CONFIG_P2P */ 1112 1113 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1114 1115 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1116 !wpa_s->manual_scan_freqs) { 1117 /* Restore manual_scan_freqs for the next attempt */ 1118 wpa_s->manual_scan_freqs = params.freqs; 1119 params.freqs = NULL; 1120 } 1121 1122 wpabuf_free(extra_ie); 1123 os_free(params.freqs); 1124 os_free(params.filter_ssids); 1125 1126 if (ret) { 1127 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1128 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1129 wpa_supplicant_set_state(wpa_s, 1130 wpa_s->scan_prev_wpa_state); 1131 /* Restore scan_req since we will try to scan again */ 1132 wpa_s->scan_req = wpa_s->last_scan_req; 1133 wpa_supplicant_req_scan(wpa_s, 1, 0); 1134 } else { 1135 wpa_s->scan_for_connection = 0; 1136 #ifdef CONFIG_INTERWORKING 1137 wpa_s->interworking_fast_assoc_tried = 0; 1138 #endif /* CONFIG_INTERWORKING */ 1139 if (params.bssid) 1140 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1141 } 1142 } 1143 1144 1145 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1146 { 1147 struct os_reltime remaining, new_int; 1148 int cancelled; 1149 1150 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1151 &remaining); 1152 1153 new_int.sec = sec; 1154 new_int.usec = 0; 1155 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1156 new_int.sec = remaining.sec; 1157 new_int.usec = remaining.usec; 1158 } 1159 1160 if (cancelled) { 1161 eloop_register_timeout(new_int.sec, new_int.usec, 1162 wpa_supplicant_scan, wpa_s, NULL); 1163 } 1164 wpa_s->scan_interval = sec; 1165 } 1166 1167 1168 /** 1169 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1170 * @wpa_s: Pointer to wpa_supplicant data 1171 * @sec: Number of seconds after which to scan 1172 * @usec: Number of microseconds after which to scan 1173 * 1174 * This function is used to schedule a scan for neighboring access points after 1175 * the specified time. 1176 */ 1177 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1178 { 1179 int res; 1180 1181 if (wpa_s->p2p_mgmt) { 1182 wpa_dbg(wpa_s, MSG_DEBUG, 1183 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1184 sec, usec); 1185 return; 1186 } 1187 1188 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1189 NULL); 1190 if (res == 1) { 1191 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1192 sec, usec); 1193 } else if (res == 0) { 1194 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1195 sec, usec); 1196 } else { 1197 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1198 sec, usec); 1199 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1200 } 1201 } 1202 1203 1204 /** 1205 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1206 * @wpa_s: Pointer to wpa_supplicant data 1207 * @sec: Number of seconds after which to scan 1208 * @usec: Number of microseconds after which to scan 1209 * Returns: 0 on success or -1 otherwise 1210 * 1211 * This function is used to schedule periodic scans for neighboring 1212 * access points after the specified time. 1213 */ 1214 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1215 int sec, int usec) 1216 { 1217 if (!wpa_s->sched_scan_supported) 1218 return -1; 1219 1220 eloop_register_timeout(sec, usec, 1221 wpa_supplicant_delayed_sched_scan_timeout, 1222 wpa_s, NULL); 1223 1224 return 0; 1225 } 1226 1227 1228 /** 1229 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1230 * @wpa_s: Pointer to wpa_supplicant data 1231 * Returns: 0 is sched_scan was started or -1 otherwise 1232 * 1233 * This function is used to schedule periodic scans for neighboring 1234 * access points repeating the scan continuously. 1235 */ 1236 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1237 { 1238 struct wpa_driver_scan_params params; 1239 struct wpa_driver_scan_params *scan_params; 1240 enum wpa_states prev_state; 1241 struct wpa_ssid *ssid = NULL; 1242 struct wpabuf *extra_ie = NULL; 1243 int ret; 1244 unsigned int max_sched_scan_ssids; 1245 int wildcard = 0; 1246 int need_ssids; 1247 struct sched_scan_plan scan_plan; 1248 1249 if (!wpa_s->sched_scan_supported) 1250 return -1; 1251 1252 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1253 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1254 else 1255 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1256 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1257 return -1; 1258 1259 wpa_s->sched_scan_stop_req = 0; 1260 1261 if (wpa_s->sched_scanning) { 1262 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1263 return 0; 1264 } 1265 1266 need_ssids = 0; 1267 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1268 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1269 /* Use wildcard SSID to find this network */ 1270 wildcard = 1; 1271 } else if (!wpas_network_disabled(wpa_s, ssid) && 1272 ssid->ssid_len) 1273 need_ssids++; 1274 1275 #ifdef CONFIG_WPS 1276 if (!wpas_network_disabled(wpa_s, ssid) && 1277 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1278 /* 1279 * Normal scan is more reliable and faster for WPS 1280 * operations and since these are for short periods of 1281 * time, the benefit of trying to use sched_scan would 1282 * be limited. 1283 */ 1284 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1285 "sched_scan for WPS"); 1286 return -1; 1287 } 1288 #endif /* CONFIG_WPS */ 1289 } 1290 if (wildcard) 1291 need_ssids++; 1292 1293 if (wpa_s->normal_scans < 3 && 1294 (need_ssids <= wpa_s->max_scan_ssids || 1295 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1296 /* 1297 * When normal scan can speed up operations, use that for the 1298 * first operations before starting the sched_scan to allow 1299 * user space sleep more. We do this only if the normal scan 1300 * has functionality that is suitable for this or if the 1301 * sched_scan does not have better support for multiple SSIDs. 1302 */ 1303 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1304 "sched_scan for initial scans (normal_scans=%d)", 1305 wpa_s->normal_scans); 1306 return -1; 1307 } 1308 1309 os_memset(¶ms, 0, sizeof(params)); 1310 1311 /* If we can't allocate space for the filters, we just don't filter */ 1312 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1313 sizeof(struct wpa_driver_scan_filter)); 1314 1315 prev_state = wpa_s->wpa_state; 1316 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1317 wpa_s->wpa_state == WPA_INACTIVE) 1318 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1319 1320 if (wpa_s->autoscan_params != NULL) { 1321 scan_params = wpa_s->autoscan_params; 1322 goto scan; 1323 } 1324 1325 /* Find the starting point from which to continue scanning */ 1326 ssid = wpa_s->conf->ssid; 1327 if (wpa_s->prev_sched_ssid) { 1328 while (ssid) { 1329 if (ssid == wpa_s->prev_sched_ssid) { 1330 ssid = ssid->next; 1331 break; 1332 } 1333 ssid = ssid->next; 1334 } 1335 } 1336 1337 if (!ssid || !wpa_s->prev_sched_ssid) { 1338 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1339 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1340 wpa_s->first_sched_scan = 1; 1341 ssid = wpa_s->conf->ssid; 1342 wpa_s->prev_sched_ssid = ssid; 1343 } 1344 1345 if (wildcard) { 1346 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1347 params.num_ssids++; 1348 } 1349 1350 while (ssid) { 1351 if (wpas_network_disabled(wpa_s, ssid)) 1352 goto next; 1353 1354 if (params.num_filter_ssids < wpa_s->max_match_sets && 1355 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1356 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1357 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1358 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1359 ssid->ssid, ssid->ssid_len); 1360 params.filter_ssids[params.num_filter_ssids].ssid_len = 1361 ssid->ssid_len; 1362 params.num_filter_ssids++; 1363 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1364 { 1365 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1366 "filter for sched_scan - drop filter"); 1367 os_free(params.filter_ssids); 1368 params.filter_ssids = NULL; 1369 params.num_filter_ssids = 0; 1370 } 1371 1372 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1373 if (params.num_ssids == max_sched_scan_ssids) 1374 break; /* only room for broadcast SSID */ 1375 wpa_dbg(wpa_s, MSG_DEBUG, 1376 "add to active scan ssid: %s", 1377 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1378 params.ssids[params.num_ssids].ssid = 1379 ssid->ssid; 1380 params.ssids[params.num_ssids].ssid_len = 1381 ssid->ssid_len; 1382 params.num_ssids++; 1383 if (params.num_ssids >= max_sched_scan_ssids) { 1384 wpa_s->prev_sched_ssid = ssid; 1385 do { 1386 ssid = ssid->next; 1387 } while (ssid && 1388 (wpas_network_disabled(wpa_s, ssid) || 1389 !ssid->scan_ssid)); 1390 break; 1391 } 1392 } 1393 1394 next: 1395 wpa_s->prev_sched_ssid = ssid; 1396 ssid = ssid->next; 1397 } 1398 1399 if (params.num_filter_ssids == 0) { 1400 os_free(params.filter_ssids); 1401 params.filter_ssids = NULL; 1402 } 1403 1404 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1405 if (extra_ie) { 1406 params.extra_ies = wpabuf_head(extra_ie); 1407 params.extra_ies_len = wpabuf_len(extra_ie); 1408 } 1409 1410 if (wpa_s->conf->filter_rssi) 1411 params.filter_rssi = wpa_s->conf->filter_rssi; 1412 1413 /* See if user specified frequencies. If so, scan only those. */ 1414 if (wpa_s->conf->freq_list && !params.freqs) { 1415 wpa_dbg(wpa_s, MSG_DEBUG, 1416 "Optimize scan based on conf->freq_list"); 1417 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1418 } 1419 1420 scan_params = ¶ms; 1421 1422 scan: 1423 wpa_s->sched_scan_timed_out = 0; 1424 1425 /* 1426 * We cannot support multiple scan plans if the scan request includes 1427 * too many SSID's, so in this case use only the last scan plan and make 1428 * it run infinitely. It will be stopped by the timeout. 1429 */ 1430 if (wpa_s->sched_scan_plans_num == 1 || 1431 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1432 params.sched_scan_plans = wpa_s->sched_scan_plans; 1433 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1434 } else if (wpa_s->sched_scan_plans_num > 1) { 1435 wpa_dbg(wpa_s, MSG_DEBUG, 1436 "Too many SSIDs. Default to using single scheduled_scan plan"); 1437 params.sched_scan_plans = 1438 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1439 1]; 1440 params.sched_scan_plans_num = 1; 1441 } else { 1442 if (wpa_s->conf->sched_scan_interval) 1443 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1444 else 1445 scan_plan.interval = 10; 1446 1447 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1448 wpa_printf(MSG_WARNING, 1449 "Scan interval too long(%u), use the maximum allowed(%u)", 1450 scan_plan.interval, 1451 wpa_s->max_sched_scan_plan_interval); 1452 scan_plan.interval = 1453 wpa_s->max_sched_scan_plan_interval; 1454 } 1455 1456 scan_plan.iterations = 0; 1457 params.sched_scan_plans = &scan_plan; 1458 params.sched_scan_plans_num = 1; 1459 } 1460 1461 if (ssid || !wpa_s->first_sched_scan) { 1462 wpa_dbg(wpa_s, MSG_DEBUG, 1463 "Starting sched scan: interval %u timeout %d", 1464 params.sched_scan_plans[0].interval, 1465 wpa_s->sched_scan_timeout); 1466 } else { 1467 wpa_dbg(wpa_s, MSG_DEBUG, "Starting sched scan (no timeout)"); 1468 } 1469 1470 wpa_setband_scan_freqs(wpa_s, scan_params); 1471 1472 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { 1473 params.mac_addr_rand = 1; 1474 if (wpa_s->mac_addr_sched_scan) { 1475 params.mac_addr = wpa_s->mac_addr_sched_scan; 1476 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1477 ETH_ALEN; 1478 } 1479 } 1480 1481 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1482 wpabuf_free(extra_ie); 1483 os_free(params.filter_ssids); 1484 if (ret) { 1485 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1486 if (prev_state != wpa_s->wpa_state) 1487 wpa_supplicant_set_state(wpa_s, prev_state); 1488 return ret; 1489 } 1490 1491 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1492 if (ssid || !wpa_s->first_sched_scan) { 1493 wpa_s->sched_scan_timed_out = 0; 1494 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1495 wpa_supplicant_sched_scan_timeout, 1496 wpa_s, NULL); 1497 wpa_s->first_sched_scan = 0; 1498 wpa_s->sched_scan_timeout /= 2; 1499 params.sched_scan_plans[0].interval *= 2; 1500 if ((unsigned int) wpa_s->sched_scan_timeout < 1501 params.sched_scan_plans[0].interval || 1502 params.sched_scan_plans[0].interval > 1503 wpa_s->max_sched_scan_plan_interval) { 1504 params.sched_scan_plans[0].interval = 10; 1505 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1506 } 1507 } 1508 1509 /* If there is no more ssids, start next time from the beginning */ 1510 if (!ssid) 1511 wpa_s->prev_sched_ssid = NULL; 1512 1513 return 0; 1514 } 1515 1516 1517 /** 1518 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1519 * @wpa_s: Pointer to wpa_supplicant data 1520 * 1521 * This function is used to cancel a scan request scheduled with 1522 * wpa_supplicant_req_scan(). 1523 */ 1524 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1525 { 1526 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1527 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1528 } 1529 1530 1531 /** 1532 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1533 * @wpa_s: Pointer to wpa_supplicant data 1534 * 1535 * This function is used to stop a delayed scheduled scan. 1536 */ 1537 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1538 { 1539 if (!wpa_s->sched_scan_supported) 1540 return; 1541 1542 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1543 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1544 wpa_s, NULL); 1545 } 1546 1547 1548 /** 1549 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1550 * @wpa_s: Pointer to wpa_supplicant data 1551 * 1552 * This function is used to stop a periodic scheduled scan. 1553 */ 1554 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1555 { 1556 if (!wpa_s->sched_scanning) 1557 return; 1558 1559 if (wpa_s->sched_scanning) 1560 wpa_s->sched_scan_stop_req = 1; 1561 1562 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1563 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1564 wpa_supplicant_stop_sched_scan(wpa_s); 1565 } 1566 1567 1568 /** 1569 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1570 * @wpa_s: Pointer to wpa_supplicant data 1571 * @scanning: Whether scanning is currently in progress 1572 * 1573 * This function is to generate scanning notifycations. It is called whenever 1574 * there may have been a change in scanning (scan started, completed, stopped). 1575 * wpas_notify_scanning() is called whenever the scanning state changed from the 1576 * previously notified state. 1577 */ 1578 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1579 int scanning) 1580 { 1581 if (wpa_s->scanning != scanning) { 1582 wpa_s->scanning = scanning; 1583 wpas_notify_scanning(wpa_s); 1584 } 1585 } 1586 1587 1588 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1589 { 1590 int rate = 0; 1591 const u8 *ie; 1592 int i; 1593 1594 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1595 for (i = 0; ie && i < ie[1]; i++) { 1596 if ((ie[i + 2] & 0x7f) > rate) 1597 rate = ie[i + 2] & 0x7f; 1598 } 1599 1600 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1601 for (i = 0; ie && i < ie[1]; i++) { 1602 if ((ie[i + 2] & 0x7f) > rate) 1603 rate = ie[i + 2] & 0x7f; 1604 } 1605 1606 return rate; 1607 } 1608 1609 1610 /** 1611 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1612 * @res: Scan result entry 1613 * @ie: Information element identitifier (WLAN_EID_*) 1614 * Returns: Pointer to the information element (id field) or %NULL if not found 1615 * 1616 * This function returns the first matching information element in the scan 1617 * result. 1618 */ 1619 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1620 { 1621 return get_ie((const u8 *) (res + 1), res->ie_len, ie); 1622 } 1623 1624 1625 /** 1626 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1627 * @res: Scan result entry 1628 * @vendor_type: Vendor type (four octets starting the IE payload) 1629 * Returns: Pointer to the information element (id field) or %NULL if not found 1630 * 1631 * This function returns the first matching information element in the scan 1632 * result. 1633 */ 1634 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1635 u32 vendor_type) 1636 { 1637 const u8 *end, *pos; 1638 1639 pos = (const u8 *) (res + 1); 1640 end = pos + res->ie_len; 1641 1642 while (end - pos > 1) { 1643 if (2 + pos[1] > end - pos) 1644 break; 1645 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1646 vendor_type == WPA_GET_BE32(&pos[2])) 1647 return pos; 1648 pos += 2 + pos[1]; 1649 } 1650 1651 return NULL; 1652 } 1653 1654 1655 /** 1656 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1657 * @res: Scan result entry 1658 * @vendor_type: Vendor type (four octets starting the IE payload) 1659 * Returns: Pointer to the information element (id field) or %NULL if not found 1660 * 1661 * This function returns the first matching information element in the scan 1662 * result. 1663 * 1664 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1665 * from Beacon frames instead of either Beacon or Probe Response frames. 1666 */ 1667 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1668 u32 vendor_type) 1669 { 1670 const u8 *end, *pos; 1671 1672 if (res->beacon_ie_len == 0) 1673 return NULL; 1674 1675 pos = (const u8 *) (res + 1); 1676 pos += res->ie_len; 1677 end = pos + res->beacon_ie_len; 1678 1679 while (end - pos > 1) { 1680 if (2 + pos[1] > end - pos) 1681 break; 1682 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1683 vendor_type == WPA_GET_BE32(&pos[2])) 1684 return pos; 1685 pos += 2 + pos[1]; 1686 } 1687 1688 return NULL; 1689 } 1690 1691 1692 /** 1693 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1694 * @res: Scan result entry 1695 * @vendor_type: Vendor type (four octets starting the IE payload) 1696 * Returns: Pointer to the information element payload or %NULL if not found 1697 * 1698 * This function returns concatenated payload of possibly fragmented vendor 1699 * specific information elements in the scan result. The caller is responsible 1700 * for freeing the returned buffer. 1701 */ 1702 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1703 u32 vendor_type) 1704 { 1705 struct wpabuf *buf; 1706 const u8 *end, *pos; 1707 1708 buf = wpabuf_alloc(res->ie_len); 1709 if (buf == NULL) 1710 return NULL; 1711 1712 pos = (const u8 *) (res + 1); 1713 end = pos + res->ie_len; 1714 1715 while (end - pos > 1) { 1716 if (2 + pos[1] > end - pos) 1717 break; 1718 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1719 vendor_type == WPA_GET_BE32(&pos[2])) 1720 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1721 pos += 2 + pos[1]; 1722 } 1723 1724 if (wpabuf_len(buf) == 0) { 1725 wpabuf_free(buf); 1726 buf = NULL; 1727 } 1728 1729 return buf; 1730 } 1731 1732 1733 /* 1734 * Channels with a great SNR can operate at full rate. What is a great SNR? 1735 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1736 * rule of thumb is that any SNR above 20 is good." This one 1737 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1738 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1739 * conservative value. 1740 */ 1741 #define GREAT_SNR 30 1742 1743 #define IS_5GHZ(n) (n > 4000) 1744 1745 /* Compare function for sorting scan results. Return >0 if @b is considered 1746 * better. */ 1747 static int wpa_scan_result_compar(const void *a, const void *b) 1748 { 1749 #define MIN(a,b) a < b ? a : b 1750 struct wpa_scan_res **_wa = (void *) a; 1751 struct wpa_scan_res **_wb = (void *) b; 1752 struct wpa_scan_res *wa = *_wa; 1753 struct wpa_scan_res *wb = *_wb; 1754 int wpa_a, wpa_b; 1755 int snr_a, snr_b, snr_a_full, snr_b_full; 1756 1757 /* WPA/WPA2 support preferred */ 1758 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1759 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1760 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1761 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1762 1763 if (wpa_b && !wpa_a) 1764 return 1; 1765 if (!wpa_b && wpa_a) 1766 return -1; 1767 1768 /* privacy support preferred */ 1769 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1770 (wb->caps & IEEE80211_CAP_PRIVACY)) 1771 return 1; 1772 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1773 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1774 return -1; 1775 1776 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1777 snr_a_full = wa->snr; 1778 snr_a = MIN(wa->snr, GREAT_SNR); 1779 snr_b_full = wb->snr; 1780 snr_b = MIN(wb->snr, GREAT_SNR); 1781 } else { 1782 /* Level is not in dBm, so we can't calculate 1783 * SNR. Just use raw level (units unknown). */ 1784 snr_a = snr_a_full = wa->level; 1785 snr_b = snr_b_full = wb->level; 1786 } 1787 1788 /* if SNR is close, decide by max rate or frequency band */ 1789 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1790 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1791 if (wa->est_throughput != wb->est_throughput) 1792 return wb->est_throughput - wa->est_throughput; 1793 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1794 return IS_5GHZ(wa->freq) ? -1 : 1; 1795 } 1796 1797 /* all things being equal, use SNR; if SNRs are 1798 * identical, use quality values since some drivers may only report 1799 * that value and leave the signal level zero */ 1800 if (snr_b_full == snr_a_full) 1801 return wb->qual - wa->qual; 1802 return snr_b_full - snr_a_full; 1803 #undef MIN 1804 } 1805 1806 1807 #ifdef CONFIG_WPS 1808 /* Compare function for sorting scan results when searching a WPS AP for 1809 * provisioning. Return >0 if @b is considered better. */ 1810 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1811 { 1812 struct wpa_scan_res **_wa = (void *) a; 1813 struct wpa_scan_res **_wb = (void *) b; 1814 struct wpa_scan_res *wa = *_wa; 1815 struct wpa_scan_res *wb = *_wb; 1816 int uses_wps_a, uses_wps_b; 1817 struct wpabuf *wps_a, *wps_b; 1818 int res; 1819 1820 /* Optimization - check WPS IE existence before allocated memory and 1821 * doing full reassembly. */ 1822 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1823 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1824 if (uses_wps_a && !uses_wps_b) 1825 return -1; 1826 if (!uses_wps_a && uses_wps_b) 1827 return 1; 1828 1829 if (uses_wps_a && uses_wps_b) { 1830 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1831 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1832 res = wps_ap_priority_compar(wps_a, wps_b); 1833 wpabuf_free(wps_a); 1834 wpabuf_free(wps_b); 1835 if (res) 1836 return res; 1837 } 1838 1839 /* 1840 * Do not use current AP security policy as a sorting criteria during 1841 * WPS provisioning step since the AP may get reconfigured at the 1842 * completion of provisioning. 1843 */ 1844 1845 /* all things being equal, use signal level; if signal levels are 1846 * identical, use quality values since some drivers may only report 1847 * that value and leave the signal level zero */ 1848 if (wb->level == wa->level) 1849 return wb->qual - wa->qual; 1850 return wb->level - wa->level; 1851 } 1852 #endif /* CONFIG_WPS */ 1853 1854 1855 static void dump_scan_res(struct wpa_scan_results *scan_res) 1856 { 1857 #ifndef CONFIG_NO_STDOUT_DEBUG 1858 size_t i; 1859 1860 if (scan_res->res == NULL || scan_res->num == 0) 1861 return; 1862 1863 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1864 1865 for (i = 0; i < scan_res->num; i++) { 1866 struct wpa_scan_res *r = scan_res->res[i]; 1867 u8 *pos; 1868 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1869 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1870 1871 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1872 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1873 MAC2STR(r->bssid), r->freq, r->qual, 1874 r->noise, noise_valid ? "" : "~", r->level, 1875 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1876 r->flags, 1877 r->age, r->est_throughput); 1878 } else { 1879 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1880 "noise=%d level=%d flags=0x%x age=%u est=%u", 1881 MAC2STR(r->bssid), r->freq, r->qual, 1882 r->noise, r->level, r->flags, r->age, 1883 r->est_throughput); 1884 } 1885 pos = (u8 *) (r + 1); 1886 if (r->ie_len) 1887 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1888 pos += r->ie_len; 1889 if (r->beacon_ie_len) 1890 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1891 pos, r->beacon_ie_len); 1892 } 1893 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1894 } 1895 1896 1897 /** 1898 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1899 * @wpa_s: Pointer to wpa_supplicant data 1900 * @bssid: BSSID to check 1901 * Returns: 0 if the BSSID is filtered or 1 if not 1902 * 1903 * This function is used to filter out specific BSSIDs from scan reslts mainly 1904 * for testing purposes (SET bssid_filter ctrl_iface command). 1905 */ 1906 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1907 const u8 *bssid) 1908 { 1909 size_t i; 1910 1911 if (wpa_s->bssid_filter == NULL) 1912 return 1; 1913 1914 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1915 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1916 ETH_ALEN) == 0) 1917 return 1; 1918 } 1919 1920 return 0; 1921 } 1922 1923 1924 void filter_scan_res(struct wpa_supplicant *wpa_s, 1925 struct wpa_scan_results *res) 1926 { 1927 size_t i, j; 1928 1929 if (wpa_s->bssid_filter == NULL) 1930 return; 1931 1932 for (i = 0, j = 0; i < res->num; i++) { 1933 if (wpa_supplicant_filter_bssid_match(wpa_s, 1934 res->res[i]->bssid)) { 1935 res->res[j++] = res->res[i]; 1936 } else { 1937 os_free(res->res[i]); 1938 res->res[i] = NULL; 1939 } 1940 } 1941 1942 if (res->num != j) { 1943 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1944 (int) (res->num - j)); 1945 res->num = j; 1946 } 1947 } 1948 1949 1950 /* 1951 * Noise floor values to use when we have signal strength 1952 * measurements, but no noise floor measurements. These values were 1953 * measured in an office environment with many APs. 1954 */ 1955 #define DEFAULT_NOISE_FLOOR_2GHZ (-89) 1956 #define DEFAULT_NOISE_FLOOR_5GHZ (-92) 1957 1958 void scan_snr(struct wpa_scan_res *res) 1959 { 1960 if (res->flags & WPA_SCAN_NOISE_INVALID) { 1961 res->noise = IS_5GHZ(res->freq) ? 1962 DEFAULT_NOISE_FLOOR_5GHZ : 1963 DEFAULT_NOISE_FLOOR_2GHZ; 1964 } 1965 1966 if (res->flags & WPA_SCAN_LEVEL_DBM) { 1967 res->snr = res->level - res->noise; 1968 } else { 1969 /* Level is not in dBm, so we can't calculate 1970 * SNR. Just use raw level (units unknown). */ 1971 res->snr = res->level; 1972 } 1973 } 1974 1975 1976 static unsigned int max_ht20_rate(int snr) 1977 { 1978 if (snr < 6) 1979 return 6500; /* HT20 MCS0 */ 1980 if (snr < 8) 1981 return 13000; /* HT20 MCS1 */ 1982 if (snr < 13) 1983 return 19500; /* HT20 MCS2 */ 1984 if (snr < 17) 1985 return 26000; /* HT20 MCS3 */ 1986 if (snr < 20) 1987 return 39000; /* HT20 MCS4 */ 1988 if (snr < 23) 1989 return 52000; /* HT20 MCS5 */ 1990 if (snr < 24) 1991 return 58500; /* HT20 MCS6 */ 1992 return 65000; /* HT20 MCS7 */ 1993 } 1994 1995 1996 static unsigned int max_ht40_rate(int snr) 1997 { 1998 if (snr < 3) 1999 return 13500; /* HT40 MCS0 */ 2000 if (snr < 6) 2001 return 27000; /* HT40 MCS1 */ 2002 if (snr < 10) 2003 return 40500; /* HT40 MCS2 */ 2004 if (snr < 15) 2005 return 54000; /* HT40 MCS3 */ 2006 if (snr < 17) 2007 return 81000; /* HT40 MCS4 */ 2008 if (snr < 22) 2009 return 108000; /* HT40 MCS5 */ 2010 if (snr < 24) 2011 return 121500; /* HT40 MCS6 */ 2012 return 135000; /* HT40 MCS7 */ 2013 } 2014 2015 2016 static unsigned int max_vht80_rate(int snr) 2017 { 2018 if (snr < 1) 2019 return 0; 2020 if (snr < 2) 2021 return 29300; /* VHT80 MCS0 */ 2022 if (snr < 5) 2023 return 58500; /* VHT80 MCS1 */ 2024 if (snr < 9) 2025 return 87800; /* VHT80 MCS2 */ 2026 if (snr < 11) 2027 return 117000; /* VHT80 MCS3 */ 2028 if (snr < 15) 2029 return 175500; /* VHT80 MCS4 */ 2030 if (snr < 16) 2031 return 234000; /* VHT80 MCS5 */ 2032 if (snr < 18) 2033 return 263300; /* VHT80 MCS6 */ 2034 if (snr < 20) 2035 return 292500; /* VHT80 MCS7 */ 2036 if (snr < 22) 2037 return 351000; /* VHT80 MCS8 */ 2038 return 390000; /* VHT80 MCS9 */ 2039 } 2040 2041 2042 void scan_est_throughput(struct wpa_supplicant *wpa_s, 2043 struct wpa_scan_res *res) 2044 { 2045 enum local_hw_capab capab = wpa_s->hw_capab; 2046 int rate; /* max legacy rate in 500 kb/s units */ 2047 const u8 *ie; 2048 unsigned int est, tmp; 2049 int snr = res->snr; 2050 2051 if (res->est_throughput) 2052 return; 2053 2054 /* Get maximum legacy rate */ 2055 rate = wpa_scan_get_max_rate(res); 2056 2057 /* Limit based on estimated SNR */ 2058 if (rate > 1 * 2 && snr < 1) 2059 rate = 1 * 2; 2060 else if (rate > 2 * 2 && snr < 4) 2061 rate = 2 * 2; 2062 else if (rate > 6 * 2 && snr < 5) 2063 rate = 6 * 2; 2064 else if (rate > 9 * 2 && snr < 6) 2065 rate = 9 * 2; 2066 else if (rate > 12 * 2 && snr < 7) 2067 rate = 12 * 2; 2068 else if (rate > 18 * 2 && snr < 10) 2069 rate = 18 * 2; 2070 else if (rate > 24 * 2 && snr < 11) 2071 rate = 24 * 2; 2072 else if (rate > 36 * 2 && snr < 15) 2073 rate = 36 * 2; 2074 else if (rate > 48 * 2 && snr < 19) 2075 rate = 48 * 2; 2076 else if (rate > 54 * 2 && snr < 21) 2077 rate = 54 * 2; 2078 est = rate * 500; 2079 2080 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2081 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 2082 if (ie) { 2083 tmp = max_ht20_rate(snr); 2084 if (tmp > est) 2085 est = tmp; 2086 } 2087 } 2088 2089 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 2090 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2091 if (ie && ie[1] >= 2 && 2092 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2093 tmp = max_ht40_rate(snr); 2094 if (tmp > est) 2095 est = tmp; 2096 } 2097 } 2098 2099 if (capab == CAPAB_VHT) { 2100 /* Use +1 to assume VHT is always faster than HT */ 2101 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 2102 if (ie) { 2103 tmp = max_ht20_rate(snr) + 1; 2104 if (tmp > est) 2105 est = tmp; 2106 2107 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 2108 if (ie && ie[1] >= 2 && 2109 (ie[3] & 2110 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2111 tmp = max_ht40_rate(snr) + 1; 2112 if (tmp > est) 2113 est = tmp; 2114 } 2115 2116 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 2117 if (ie && ie[1] >= 1 && 2118 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 2119 tmp = max_vht80_rate(snr) + 1; 2120 if (tmp > est) 2121 est = tmp; 2122 } 2123 } 2124 } 2125 2126 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2127 2128 res->est_throughput = est; 2129 } 2130 2131 2132 /** 2133 * wpa_supplicant_get_scan_results - Get scan results 2134 * @wpa_s: Pointer to wpa_supplicant data 2135 * @info: Information about what was scanned or %NULL if not available 2136 * @new_scan: Whether a new scan was performed 2137 * Returns: Scan results, %NULL on failure 2138 * 2139 * This function request the current scan results from the driver and updates 2140 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2141 * results with wpa_scan_results_free(). 2142 */ 2143 struct wpa_scan_results * 2144 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2145 struct scan_info *info, int new_scan) 2146 { 2147 struct wpa_scan_results *scan_res; 2148 size_t i; 2149 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2150 2151 scan_res = wpa_drv_get_scan_results2(wpa_s); 2152 if (scan_res == NULL) { 2153 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2154 return NULL; 2155 } 2156 if (scan_res->fetch_time.sec == 0) { 2157 /* 2158 * Make sure we have a valid timestamp if the driver wrapper 2159 * does not set this. 2160 */ 2161 os_get_reltime(&scan_res->fetch_time); 2162 } 2163 filter_scan_res(wpa_s, scan_res); 2164 2165 for (i = 0; i < scan_res->num; i++) { 2166 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2167 2168 scan_snr(scan_res_item); 2169 scan_est_throughput(wpa_s, scan_res_item); 2170 } 2171 2172 #ifdef CONFIG_WPS 2173 if (wpas_wps_searching(wpa_s)) { 2174 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2175 "provisioning rules"); 2176 compar = wpa_scan_result_wps_compar; 2177 } 2178 #endif /* CONFIG_WPS */ 2179 2180 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 2181 compar); 2182 dump_scan_res(scan_res); 2183 2184 wpa_bss_update_start(wpa_s); 2185 for (i = 0; i < scan_res->num; i++) 2186 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2187 &scan_res->fetch_time); 2188 wpa_bss_update_end(wpa_s, info, new_scan); 2189 2190 return scan_res; 2191 } 2192 2193 2194 /** 2195 * wpa_supplicant_update_scan_results - Update scan results from the driver 2196 * @wpa_s: Pointer to wpa_supplicant data 2197 * Returns: 0 on success, -1 on failure 2198 * 2199 * This function updates the BSS table within wpa_supplicant based on the 2200 * currently available scan results from the driver without requesting a new 2201 * scan. This is used in cases where the driver indicates an association 2202 * (including roaming within ESS) and wpa_supplicant does not yet have the 2203 * needed information to complete the connection (e.g., to perform validation 2204 * steps in 4-way handshake). 2205 */ 2206 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2207 { 2208 struct wpa_scan_results *scan_res; 2209 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2210 if (scan_res == NULL) 2211 return -1; 2212 wpa_scan_results_free(scan_res); 2213 2214 return 0; 2215 } 2216 2217 2218 /** 2219 * scan_only_handler - Reports scan results 2220 */ 2221 void scan_only_handler(struct wpa_supplicant *wpa_s, 2222 struct wpa_scan_results *scan_res) 2223 { 2224 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2225 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2226 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2227 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2228 wpa_s->manual_scan_id); 2229 wpa_s->manual_scan_use_id = 0; 2230 } else { 2231 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2232 } 2233 wpas_notify_scan_results(wpa_s); 2234 wpas_notify_scan_done(wpa_s, 1); 2235 if (wpa_s->scan_work) { 2236 struct wpa_radio_work *work = wpa_s->scan_work; 2237 wpa_s->scan_work = NULL; 2238 radio_work_done(work); 2239 } 2240 2241 if (wpa_s->wpa_state == WPA_SCANNING) 2242 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 2243 } 2244 2245 2246 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2247 { 2248 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2249 } 2250 2251 2252 struct wpa_driver_scan_params * 2253 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2254 { 2255 struct wpa_driver_scan_params *params; 2256 size_t i; 2257 u8 *n; 2258 2259 params = os_zalloc(sizeof(*params)); 2260 if (params == NULL) 2261 return NULL; 2262 2263 for (i = 0; i < src->num_ssids; i++) { 2264 if (src->ssids[i].ssid) { 2265 n = os_malloc(src->ssids[i].ssid_len); 2266 if (n == NULL) 2267 goto failed; 2268 os_memcpy(n, src->ssids[i].ssid, 2269 src->ssids[i].ssid_len); 2270 params->ssids[i].ssid = n; 2271 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2272 } 2273 } 2274 params->num_ssids = src->num_ssids; 2275 2276 if (src->extra_ies) { 2277 n = os_malloc(src->extra_ies_len); 2278 if (n == NULL) 2279 goto failed; 2280 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2281 params->extra_ies = n; 2282 params->extra_ies_len = src->extra_ies_len; 2283 } 2284 2285 if (src->freqs) { 2286 int len = int_array_len(src->freqs); 2287 params->freqs = os_malloc((len + 1) * sizeof(int)); 2288 if (params->freqs == NULL) 2289 goto failed; 2290 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2291 } 2292 2293 if (src->filter_ssids) { 2294 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2295 src->num_filter_ssids); 2296 if (params->filter_ssids == NULL) 2297 goto failed; 2298 os_memcpy(params->filter_ssids, src->filter_ssids, 2299 sizeof(*params->filter_ssids) * 2300 src->num_filter_ssids); 2301 params->num_filter_ssids = src->num_filter_ssids; 2302 } 2303 2304 params->filter_rssi = src->filter_rssi; 2305 params->p2p_probe = src->p2p_probe; 2306 params->only_new_results = src->only_new_results; 2307 params->low_priority = src->low_priority; 2308 2309 if (src->sched_scan_plans_num > 0) { 2310 params->sched_scan_plans = 2311 os_malloc(sizeof(*src->sched_scan_plans) * 2312 src->sched_scan_plans_num); 2313 if (!params->sched_scan_plans) 2314 goto failed; 2315 2316 os_memcpy(params->sched_scan_plans, src->sched_scan_plans, 2317 sizeof(*src->sched_scan_plans) * 2318 src->sched_scan_plans_num); 2319 params->sched_scan_plans_num = src->sched_scan_plans_num; 2320 } 2321 2322 if (src->mac_addr_rand) { 2323 params->mac_addr_rand = src->mac_addr_rand; 2324 2325 if (src->mac_addr && src->mac_addr_mask) { 2326 u8 *mac_addr; 2327 2328 mac_addr = os_malloc(2 * ETH_ALEN); 2329 if (!mac_addr) 2330 goto failed; 2331 2332 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2333 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2334 ETH_ALEN); 2335 params->mac_addr = mac_addr; 2336 params->mac_addr_mask = mac_addr + ETH_ALEN; 2337 } 2338 } 2339 2340 if (src->bssid) { 2341 u8 *bssid; 2342 2343 bssid = os_malloc(ETH_ALEN); 2344 if (!bssid) 2345 goto failed; 2346 os_memcpy(bssid, src->bssid, ETH_ALEN); 2347 params->bssid = bssid; 2348 } 2349 2350 return params; 2351 2352 failed: 2353 wpa_scan_free_params(params); 2354 return NULL; 2355 } 2356 2357 2358 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2359 { 2360 size_t i; 2361 2362 if (params == NULL) 2363 return; 2364 2365 for (i = 0; i < params->num_ssids; i++) 2366 os_free((u8 *) params->ssids[i].ssid); 2367 os_free((u8 *) params->extra_ies); 2368 os_free(params->freqs); 2369 os_free(params->filter_ssids); 2370 os_free(params->sched_scan_plans); 2371 2372 /* 2373 * Note: params->mac_addr_mask points to same memory allocation and 2374 * must not be freed separately. 2375 */ 2376 os_free((u8 *) params->mac_addr); 2377 2378 os_free((u8 *) params->bssid); 2379 2380 os_free(params); 2381 } 2382 2383 2384 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2385 { 2386 int ret, prio; 2387 size_t i, num_ssid, num_match_ssid; 2388 struct wpa_ssid *ssid; 2389 struct wpa_driver_scan_params params; 2390 struct sched_scan_plan scan_plan; 2391 unsigned int max_sched_scan_ssids; 2392 2393 if (!wpa_s->sched_scan_supported) 2394 return -1; 2395 2396 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 2397 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 2398 else 2399 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 2400 if (max_sched_scan_ssids < 1) 2401 return -1; 2402 2403 if (wpa_s->pno || wpa_s->pno_sched_pending) 2404 return 0; 2405 2406 if ((wpa_s->wpa_state > WPA_SCANNING) && 2407 (wpa_s->wpa_state <= WPA_COMPLETED)) { 2408 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2409 return -EAGAIN; 2410 } 2411 2412 if (wpa_s->wpa_state == WPA_SCANNING) { 2413 wpa_supplicant_cancel_scan(wpa_s); 2414 if (wpa_s->sched_scanning) { 2415 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2416 "ongoing sched scan"); 2417 wpa_supplicant_cancel_sched_scan(wpa_s); 2418 wpa_s->pno_sched_pending = 1; 2419 return 0; 2420 } 2421 } 2422 2423 if (wpa_s->sched_scan_stop_req) { 2424 wpa_printf(MSG_DEBUG, 2425 "Schedule PNO after previous sched scan has stopped"); 2426 wpa_s->pno_sched_pending = 1; 2427 return 0; 2428 } 2429 2430 os_memset(¶ms, 0, sizeof(params)); 2431 2432 num_ssid = num_match_ssid = 0; 2433 ssid = wpa_s->conf->ssid; 2434 while (ssid) { 2435 if (!wpas_network_disabled(wpa_s, ssid)) { 2436 num_match_ssid++; 2437 if (ssid->scan_ssid) 2438 num_ssid++; 2439 } 2440 ssid = ssid->next; 2441 } 2442 2443 if (num_match_ssid == 0) { 2444 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2445 return -1; 2446 } 2447 2448 if (num_match_ssid > num_ssid) { 2449 params.num_ssids++; /* wildcard */ 2450 num_ssid++; 2451 } 2452 2453 if (num_ssid > max_sched_scan_ssids) { 2454 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2455 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 2456 num_ssid = max_sched_scan_ssids; 2457 } 2458 2459 if (num_match_ssid > wpa_s->max_match_sets) { 2460 num_match_ssid = wpa_s->max_match_sets; 2461 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2462 } 2463 params.filter_ssids = os_calloc(num_match_ssid, 2464 sizeof(struct wpa_driver_scan_filter)); 2465 if (params.filter_ssids == NULL) 2466 return -1; 2467 2468 i = 0; 2469 prio = 0; 2470 ssid = wpa_s->conf->pssid[prio]; 2471 while (ssid) { 2472 if (!wpas_network_disabled(wpa_s, ssid)) { 2473 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2474 params.ssids[params.num_ssids].ssid = 2475 ssid->ssid; 2476 params.ssids[params.num_ssids].ssid_len = 2477 ssid->ssid_len; 2478 params.num_ssids++; 2479 } 2480 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2481 ssid->ssid_len); 2482 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2483 params.num_filter_ssids++; 2484 i++; 2485 if (i == num_match_ssid) 2486 break; 2487 } 2488 if (ssid->pnext) 2489 ssid = ssid->pnext; 2490 else if (prio + 1 == wpa_s->conf->num_prio) 2491 break; 2492 else 2493 ssid = wpa_s->conf->pssid[++prio]; 2494 } 2495 2496 if (wpa_s->conf->filter_rssi) 2497 params.filter_rssi = wpa_s->conf->filter_rssi; 2498 2499 if (wpa_s->sched_scan_plans_num) { 2500 params.sched_scan_plans = wpa_s->sched_scan_plans; 2501 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 2502 } else { 2503 /* Set one scan plan that will run infinitely */ 2504 if (wpa_s->conf->sched_scan_interval) 2505 scan_plan.interval = wpa_s->conf->sched_scan_interval; 2506 else 2507 scan_plan.interval = 10; 2508 2509 scan_plan.iterations = 0; 2510 params.sched_scan_plans = &scan_plan; 2511 params.sched_scan_plans_num = 1; 2512 } 2513 2514 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2515 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2516 params.freqs = wpa_s->manual_sched_scan_freqs; 2517 } 2518 2519 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { 2520 params.mac_addr_rand = 1; 2521 if (wpa_s->mac_addr_pno) { 2522 params.mac_addr = wpa_s->mac_addr_pno; 2523 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2524 } 2525 } 2526 2527 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 2528 os_free(params.filter_ssids); 2529 if (ret == 0) 2530 wpa_s->pno = 1; 2531 else 2532 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2533 return ret; 2534 } 2535 2536 2537 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2538 { 2539 int ret = 0; 2540 2541 if (!wpa_s->pno) 2542 return 0; 2543 2544 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2545 wpa_s->sched_scan_stop_req = 1; 2546 2547 wpa_s->pno = 0; 2548 wpa_s->pno_sched_pending = 0; 2549 2550 if (wpa_s->wpa_state == WPA_SCANNING) 2551 wpa_supplicant_req_scan(wpa_s, 0, 0); 2552 2553 return ret; 2554 } 2555 2556 2557 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2558 unsigned int type) 2559 { 2560 type &= MAC_ADDR_RAND_ALL; 2561 wpa_s->mac_addr_rand_enable &= ~type; 2562 2563 if (type & MAC_ADDR_RAND_SCAN) { 2564 os_free(wpa_s->mac_addr_scan); 2565 wpa_s->mac_addr_scan = NULL; 2566 } 2567 2568 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2569 os_free(wpa_s->mac_addr_sched_scan); 2570 wpa_s->mac_addr_sched_scan = NULL; 2571 } 2572 2573 if (type & MAC_ADDR_RAND_PNO) { 2574 os_free(wpa_s->mac_addr_pno); 2575 wpa_s->mac_addr_pno = NULL; 2576 } 2577 } 2578 2579 2580 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2581 unsigned int type, const u8 *addr, 2582 const u8 *mask) 2583 { 2584 u8 *tmp = NULL; 2585 2586 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2587 2588 if (addr) { 2589 tmp = os_malloc(2 * ETH_ALEN); 2590 if (!tmp) 2591 return -1; 2592 os_memcpy(tmp, addr, ETH_ALEN); 2593 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2594 } 2595 2596 if (type == MAC_ADDR_RAND_SCAN) { 2597 wpa_s->mac_addr_scan = tmp; 2598 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2599 wpa_s->mac_addr_sched_scan = tmp; 2600 } else if (type == MAC_ADDR_RAND_PNO) { 2601 wpa_s->mac_addr_pno = tmp; 2602 } else { 2603 wpa_printf(MSG_INFO, 2604 "scan: Invalid MAC randomization type=0x%x", 2605 type); 2606 os_free(tmp); 2607 return -1; 2608 } 2609 2610 wpa_s->mac_addr_rand_enable |= type; 2611 return 0; 2612 } 2613 2614 2615 int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 2616 { 2617 int scan_work = !!wpa_s->scan_work; 2618 2619 #ifdef CONFIG_P2P 2620 scan_work |= !!wpa_s->p2p_scan_work; 2621 #endif /* CONFIG_P2P */ 2622 2623 if (scan_work && wpa_s->own_scan_running) { 2624 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 2625 return wpa_drv_abort_scan(wpa_s); 2626 } 2627 2628 return 0; 2629 } 2630 2631 2632 int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 2633 { 2634 struct sched_scan_plan *scan_plans = NULL; 2635 const char *token, *context = NULL; 2636 unsigned int num = 0; 2637 2638 if (!cmd) 2639 return -1; 2640 2641 if (!cmd[0]) { 2642 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 2643 os_free(wpa_s->sched_scan_plans); 2644 wpa_s->sched_scan_plans = NULL; 2645 wpa_s->sched_scan_plans_num = 0; 2646 return 0; 2647 } 2648 2649 while ((token = cstr_token(cmd, " ", &context))) { 2650 int ret; 2651 struct sched_scan_plan *scan_plan, *n; 2652 2653 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 2654 if (!n) 2655 goto fail; 2656 2657 scan_plans = n; 2658 scan_plan = &scan_plans[num]; 2659 num++; 2660 2661 ret = sscanf(token, "%u:%u", &scan_plan->interval, 2662 &scan_plan->iterations); 2663 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 2664 wpa_printf(MSG_ERROR, 2665 "Invalid sched scan plan input: %s", token); 2666 goto fail; 2667 } 2668 2669 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 2670 wpa_printf(MSG_WARNING, 2671 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 2672 num, scan_plan->interval, 2673 wpa_s->max_sched_scan_plan_interval); 2674 scan_plan->interval = 2675 wpa_s->max_sched_scan_plan_interval; 2676 } 2677 2678 if (ret == 1) { 2679 scan_plan->iterations = 0; 2680 break; 2681 } 2682 2683 if (!scan_plan->iterations) { 2684 wpa_printf(MSG_ERROR, 2685 "scan plan %u: Number of iterations cannot be zero", 2686 num); 2687 goto fail; 2688 } 2689 2690 if (scan_plan->iterations > 2691 wpa_s->max_sched_scan_plan_iterations) { 2692 wpa_printf(MSG_WARNING, 2693 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 2694 num, scan_plan->iterations, 2695 wpa_s->max_sched_scan_plan_iterations); 2696 scan_plan->iterations = 2697 wpa_s->max_sched_scan_plan_iterations; 2698 } 2699 2700 wpa_printf(MSG_DEBUG, 2701 "scan plan %u: interval=%u iterations=%u", 2702 num, scan_plan->interval, scan_plan->iterations); 2703 } 2704 2705 if (!scan_plans) { 2706 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 2707 goto fail; 2708 } 2709 2710 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 2711 wpa_printf(MSG_ERROR, 2712 "All scan plans but the last must specify a number of iterations"); 2713 goto fail; 2714 } 2715 2716 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 2717 num, scan_plans[num - 1].interval); 2718 2719 if (num > wpa_s->max_sched_scan_plans) { 2720 wpa_printf(MSG_WARNING, 2721 "Too many scheduled scan plans (only %u supported)", 2722 wpa_s->max_sched_scan_plans); 2723 wpa_printf(MSG_WARNING, 2724 "Use only the first %u scan plans, and the last one (in infinite loop)", 2725 wpa_s->max_sched_scan_plans - 1); 2726 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 2727 &scan_plans[num - 1], sizeof(*scan_plans)); 2728 num = wpa_s->max_sched_scan_plans; 2729 } 2730 2731 os_free(wpa_s->sched_scan_plans); 2732 wpa_s->sched_scan_plans = scan_plans; 2733 wpa_s->sched_scan_plans_num = num; 2734 2735 return 0; 2736 2737 fail: 2738 os_free(scan_plans); 2739 wpa_printf(MSG_ERROR, "invalid scan plans list"); 2740 return -1; 2741 } 2742 2743 2744 /** 2745 * wpas_scan_reset_sched_scan - Reset sched_scan state 2746 * @wpa_s: Pointer to wpa_supplicant data 2747 * 2748 * This function is used to cancel a running scheduled scan and to reset an 2749 * internal scan state to continue with a regular scan on the following 2750 * wpa_supplicant_req_scan() calls. 2751 */ 2752 void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s) 2753 { 2754 wpa_s->normal_scans = 0; 2755 if (wpa_s->sched_scanning) { 2756 wpa_s->sched_scan_timed_out = 0; 2757 wpa_s->prev_sched_ssid = NULL; 2758 wpa_supplicant_cancel_sched_scan(wpa_s); 2759 } 2760 } 2761 2762 2763 void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s) 2764 { 2765 /* simulate timeout to restart the sched scan */ 2766 wpa_s->sched_scan_timed_out = 1; 2767 wpa_s->prev_sched_ssid = NULL; 2768 wpa_supplicant_cancel_sched_scan(wpa_s); 2769 } 2770