1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 wpas_notify_network_changed(wpa_s); 40 } 41 wpa_supplicant_initiate_eapol(wpa_s); 42 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 43 "network - generating associated event"); 44 os_memset(&data, 0, sizeof(data)); 45 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 46 } 47 48 49 #ifdef CONFIG_WPS 50 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 51 enum wps_request_type *req_type) 52 { 53 struct wpa_ssid *ssid; 54 int wps = 0; 55 56 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 57 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 58 continue; 59 60 wps = 1; 61 *req_type = wpas_wps_get_req_type(ssid); 62 if (ssid->eap.phase1 && os_strstr(ssid->eap.phase1, "pbc=1")) 63 return 2; 64 } 65 66 #ifdef CONFIG_P2P 67 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 68 !wpa_s->conf->p2p_disabled) { 69 wpa_s->wps->dev.p2p = 1; 70 if (!wps) { 71 wps = 1; 72 *req_type = WPS_REQ_ENROLLEE_INFO; 73 } 74 } 75 #endif /* CONFIG_P2P */ 76 77 return wps; 78 } 79 #endif /* CONFIG_WPS */ 80 81 82 static int wpa_setup_mac_addr_rand_params(struct wpa_driver_scan_params *params, 83 const u8 *mac_addr) 84 { 85 u8 *tmp; 86 87 if (params->mac_addr) { 88 params->mac_addr_mask = NULL; 89 os_free(params->mac_addr); 90 params->mac_addr = NULL; 91 } 92 93 params->mac_addr_rand = 1; 94 95 if (!mac_addr) 96 return 0; 97 98 tmp = os_malloc(2 * ETH_ALEN); 99 if (!tmp) 100 return -1; 101 102 os_memcpy(tmp, mac_addr, 2 * ETH_ALEN); 103 params->mac_addr = tmp; 104 params->mac_addr_mask = tmp + ETH_ALEN; 105 return 0; 106 } 107 108 109 /** 110 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 111 * @wpa_s: Pointer to wpa_supplicant data 112 * Returns: 0 if no networks are enabled, >0 if networks are enabled 113 * 114 * This function is used to figure out whether any networks (or Interworking 115 * with enabled credentials and auto_interworking) are present in the current 116 * configuration. 117 */ 118 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 119 { 120 struct wpa_ssid *ssid = wpa_s->conf->ssid; 121 int count = 0, disabled = 0; 122 123 if (wpa_s->p2p_mgmt) 124 return 0; /* no normal network profiles on p2p_mgmt interface */ 125 126 while (ssid) { 127 if (!wpas_network_disabled(wpa_s, ssid)) 128 count++; 129 else 130 disabled++; 131 ssid = ssid->next; 132 } 133 if (wpa_s->conf->cred && wpa_s->conf->interworking && 134 wpa_s->conf->auto_interworking) 135 count++; 136 if (count == 0 && disabled > 0) { 137 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 138 "networks)", disabled); 139 } 140 return count; 141 } 142 143 144 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 145 struct wpa_ssid *ssid) 146 { 147 int min_temp_disabled = 0; 148 149 while (ssid) { 150 if (!wpas_network_disabled(wpa_s, ssid)) { 151 int temp_disabled = wpas_temp_disabled(wpa_s, ssid); 152 153 if (temp_disabled <= 0) 154 break; 155 156 if (!min_temp_disabled || 157 temp_disabled < min_temp_disabled) 158 min_temp_disabled = temp_disabled; 159 } 160 ssid = ssid->next; 161 } 162 163 /* ap_scan=2 mode - try to associate with each SSID. */ 164 if (ssid == NULL) { 165 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 166 "end of scan list - go back to beginning"); 167 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 168 wpa_supplicant_req_scan(wpa_s, min_temp_disabled, 0); 169 return; 170 } 171 if (ssid->next) { 172 /* Continue from the next SSID on the next attempt. */ 173 wpa_s->prev_scan_ssid = ssid; 174 } else { 175 /* Start from the beginning of the SSID list. */ 176 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 177 } 178 wpa_supplicant_associate(wpa_s, NULL, ssid); 179 } 180 181 182 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 183 { 184 struct wpa_supplicant *wpa_s = work->wpa_s; 185 struct wpa_driver_scan_params *params = work->ctx; 186 int ret; 187 188 if (deinit) { 189 if (!work->started) { 190 wpa_scan_free_params(params); 191 return; 192 } 193 wpa_supplicant_notify_scanning(wpa_s, 0); 194 wpas_notify_scan_done(wpa_s, 0); 195 wpa_s->scan_work = NULL; 196 return; 197 } 198 199 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) && 200 wpa_s->wpa_state <= WPA_SCANNING) 201 wpa_setup_mac_addr_rand_params(params, wpa_s->mac_addr_scan); 202 203 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 204 wpa_msg(wpa_s, MSG_INFO, 205 "Failed to assign random MAC address for a scan"); 206 wpa_scan_free_params(params); 207 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 208 radio_work_done(work); 209 return; 210 } 211 212 wpa_supplicant_notify_scanning(wpa_s, 1); 213 214 if (wpa_s->clear_driver_scan_cache) { 215 wpa_printf(MSG_DEBUG, 216 "Request driver to clear scan cache due to local BSS flush"); 217 params->only_new_results = 1; 218 } 219 ret = wpa_drv_scan(wpa_s, params); 220 /* 221 * Store the obtained vendor scan cookie (if any) in wpa_s context. 222 * The current design is to allow only one scan request on each 223 * interface, hence having this scan cookie stored in wpa_s context is 224 * fine for now. 225 * 226 * Revisit this logic if concurrent scan operations per interface 227 * is supported. 228 */ 229 if (ret == 0) 230 wpa_s->curr_scan_cookie = params->scan_cookie; 231 wpa_scan_free_params(params); 232 work->ctx = NULL; 233 if (ret) { 234 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ && 235 !wpa_s->beacon_rep_data.token; 236 237 if (wpa_s->disconnected) 238 retry = 0; 239 240 /* do not retry if operation is not supported */ 241 if (ret == -EOPNOTSUPP) 242 retry = 0; 243 244 wpa_supplicant_notify_scanning(wpa_s, 0); 245 wpas_notify_scan_done(wpa_s, 0); 246 if (wpa_s->wpa_state == WPA_SCANNING) 247 wpa_supplicant_set_state(wpa_s, 248 wpa_s->scan_prev_wpa_state); 249 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 250 ret, retry ? " retry=1" : ""); 251 radio_work_done(work); 252 253 if (retry) { 254 /* Restore scan_req since we will try to scan again */ 255 wpa_s->scan_req = wpa_s->last_scan_req; 256 wpa_supplicant_req_scan(wpa_s, 1, 0); 257 } else if (wpa_s->scan_res_handler) { 258 /* Clear the scan_res_handler */ 259 wpa_s->scan_res_handler = NULL; 260 } 261 262 if (wpa_s->beacon_rep_data.token) 263 wpas_rrm_refuse_request(wpa_s); 264 265 return; 266 } 267 268 os_get_reltime(&wpa_s->scan_trigger_time); 269 wpa_s->scan_runs++; 270 wpa_s->normal_scans++; 271 wpa_s->own_scan_requested = 1; 272 wpa_s->clear_driver_scan_cache = 0; 273 wpa_s->scan_work = work; 274 } 275 276 277 /** 278 * wpa_supplicant_trigger_scan - Request driver to start a scan 279 * @wpa_s: Pointer to wpa_supplicant data 280 * @params: Scan parameters 281 * Returns: 0 on success, -1 on failure 282 */ 283 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 284 struct wpa_driver_scan_params *params) 285 { 286 struct wpa_driver_scan_params *ctx; 287 288 if (wpa_s->scan_work) { 289 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 290 return -1; 291 } 292 293 ctx = wpa_scan_clone_params(params); 294 if (!ctx || 295 radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 296 { 297 wpa_scan_free_params(ctx); 298 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=-1"); 299 return -1; 300 } 301 302 return 0; 303 } 304 305 306 static void 307 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 308 { 309 struct wpa_supplicant *wpa_s = eloop_ctx; 310 311 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 312 313 if (wpa_supplicant_req_sched_scan(wpa_s)) 314 wpa_supplicant_req_scan(wpa_s, 0, 0); 315 } 316 317 318 static void 319 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 320 { 321 struct wpa_supplicant *wpa_s = eloop_ctx; 322 323 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 324 325 wpa_s->sched_scan_timed_out = 1; 326 wpa_supplicant_cancel_sched_scan(wpa_s); 327 } 328 329 330 static int 331 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 332 struct wpa_driver_scan_params *params) 333 { 334 int ret; 335 336 wpa_supplicant_notify_scanning(wpa_s, 1); 337 ret = wpa_drv_sched_scan(wpa_s, params); 338 if (ret) 339 wpa_supplicant_notify_scanning(wpa_s, 0); 340 else 341 wpa_s->sched_scanning = 1; 342 343 return ret; 344 } 345 346 347 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 348 { 349 int ret; 350 351 ret = wpa_drv_stop_sched_scan(wpa_s); 352 if (ret) { 353 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 354 /* TODO: what to do if stopping fails? */ 355 return -1; 356 } 357 358 return ret; 359 } 360 361 362 static struct wpa_driver_scan_filter * 363 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 364 { 365 struct wpa_driver_scan_filter *ssids; 366 struct wpa_ssid *ssid; 367 size_t count; 368 369 *num_ssids = 0; 370 if (!conf->filter_ssids) 371 return NULL; 372 373 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 374 if (ssid->ssid && ssid->ssid_len) 375 count++; 376 } 377 if (count == 0) 378 return NULL; 379 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 380 if (ssids == NULL) 381 return NULL; 382 383 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 384 if (!ssid->ssid || !ssid->ssid_len) 385 continue; 386 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 387 ssids[*num_ssids].ssid_len = ssid->ssid_len; 388 (*num_ssids)++; 389 } 390 391 return ssids; 392 } 393 394 395 #ifdef CONFIG_P2P 396 static bool is_6ghz_supported(struct wpa_supplicant *wpa_s) 397 { 398 struct hostapd_channel_data *chnl; 399 int i, j; 400 401 for (i = 0; i < wpa_s->hw.num_modes; i++) { 402 if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211A) { 403 chnl = wpa_s->hw.modes[i].channels; 404 for (j = 0; j < wpa_s->hw.modes[i].num_channels; j++) { 405 if (chnl[j].flag & HOSTAPD_CHAN_DISABLED) 406 continue; 407 if (is_6ghz_freq(chnl[j].freq)) 408 return true; 409 } 410 } 411 } 412 413 return false; 414 } 415 #endif /* CONFIG_P2P */ 416 417 418 static void wpa_supplicant_optimize_freqs( 419 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 420 { 421 #ifdef CONFIG_P2P 422 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 423 wpa_s->go_params) { 424 /* Optimize provisioning state scan based on GO information */ 425 if (wpa_s->p2p_in_provisioning < 5 && 426 wpa_s->go_params->freq > 0) { 427 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 428 "preferred frequency %d MHz", 429 wpa_s->go_params->freq); 430 params->freqs = os_calloc(2, sizeof(int)); 431 if (params->freqs) 432 params->freqs[0] = wpa_s->go_params->freq; 433 } else if (wpa_s->p2p_in_provisioning < 8 && 434 wpa_s->go_params->freq_list[0]) { 435 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 436 "channels"); 437 int_array_concat(¶ms->freqs, 438 wpa_s->go_params->freq_list); 439 if (params->freqs) 440 int_array_sort_unique(params->freqs); 441 } 442 wpa_s->p2p_in_provisioning++; 443 } 444 445 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 446 /* 447 * Optimize scan based on GO information during persistent 448 * group reinvocation 449 */ 450 if (wpa_s->p2p_in_invitation < 5 && 451 wpa_s->p2p_invite_go_freq > 0) { 452 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 453 wpa_s->p2p_invite_go_freq); 454 params->freqs = os_calloc(2, sizeof(int)); 455 if (params->freqs) 456 params->freqs[0] = wpa_s->p2p_invite_go_freq; 457 } 458 wpa_s->p2p_in_invitation++; 459 if (wpa_s->p2p_in_invitation > 20) { 460 /* 461 * This should not really happen since the variable is 462 * cleared on group removal, but if it does happen, make 463 * sure we do not get stuck in special invitation scan 464 * mode. 465 */ 466 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 467 wpa_s->p2p_in_invitation = 0; 468 } 469 } 470 #endif /* CONFIG_P2P */ 471 472 #ifdef CONFIG_WPS 473 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 474 /* 475 * Optimize post-provisioning scan based on channel used 476 * during provisioning. 477 */ 478 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 479 "that was used during provisioning", wpa_s->wps_freq); 480 params->freqs = os_calloc(2, sizeof(int)); 481 if (params->freqs) 482 params->freqs[0] = wpa_s->wps_freq; 483 wpa_s->after_wps--; 484 } else if (wpa_s->after_wps) 485 wpa_s->after_wps--; 486 487 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 488 { 489 /* Optimize provisioning scan based on already known channel */ 490 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 491 wpa_s->wps_freq); 492 params->freqs = os_calloc(2, sizeof(int)); 493 if (params->freqs) 494 params->freqs[0] = wpa_s->wps_freq; 495 wpa_s->known_wps_freq = 0; /* only do this once */ 496 } 497 #endif /* CONFIG_WPS */ 498 } 499 500 501 #ifdef CONFIG_INTERWORKING 502 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 503 struct wpabuf *buf) 504 { 505 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 506 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 507 1 + ETH_ALEN); 508 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 509 /* No Venue Info */ 510 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 511 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 512 } 513 #endif /* CONFIG_INTERWORKING */ 514 515 516 #ifdef CONFIG_MBO 517 static void wpas_fils_req_param_add_max_channel(struct wpa_supplicant *wpa_s, 518 struct wpabuf **ie) 519 { 520 if (wpabuf_resize(ie, 5)) { 521 wpa_printf(MSG_DEBUG, 522 "Failed to allocate space for FILS Request Parameters element"); 523 return; 524 } 525 526 /* FILS Request Parameters element */ 527 wpabuf_put_u8(*ie, WLAN_EID_EXTENSION); 528 wpabuf_put_u8(*ie, 3); /* FILS Request attribute length */ 529 wpabuf_put_u8(*ie, WLAN_EID_EXT_FILS_REQ_PARAMS); 530 /* Parameter control bitmap */ 531 wpabuf_put_u8(*ie, 0); 532 /* Max Channel Time field - contains the value of MaxChannelTime 533 * parameter of the MLME-SCAN.request primitive represented in units of 534 * TUs, as an unsigned integer. A Max Channel Time field value of 255 535 * is used to indicate any duration of more than 254 TUs, or an 536 * unspecified or unknown duration. (IEEE Std 802.11ai-2016, 9.4.2.178) 537 */ 538 wpabuf_put_u8(*ie, 255); 539 } 540 #endif /* CONFIG_MBO */ 541 542 543 void wpa_supplicant_set_default_scan_ies(struct wpa_supplicant *wpa_s) 544 { 545 struct wpabuf *default_ies = NULL; 546 u8 ext_capab[18]; 547 int ext_capab_len, frame_id; 548 enum wpa_driver_if_type type = WPA_IF_STATION; 549 550 #ifdef CONFIG_P2P 551 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 552 type = WPA_IF_P2P_CLIENT; 553 #endif /* CONFIG_P2P */ 554 555 wpa_drv_get_ext_capa(wpa_s, type); 556 557 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 558 sizeof(ext_capab)); 559 if (ext_capab_len > 0 && 560 wpabuf_resize(&default_ies, ext_capab_len) == 0) 561 wpabuf_put_data(default_ies, ext_capab, ext_capab_len); 562 563 #ifdef CONFIG_MBO 564 if (wpa_s->enable_oce & OCE_STA) 565 wpas_fils_req_param_add_max_channel(wpa_s, &default_ies); 566 /* Send MBO and OCE capabilities */ 567 if (wpabuf_resize(&default_ies, 12) == 0) 568 wpas_mbo_scan_ie(wpa_s, default_ies); 569 #endif /* CONFIG_MBO */ 570 571 if (type == WPA_IF_P2P_CLIENT) 572 frame_id = VENDOR_ELEM_PROBE_REQ_P2P; 573 else 574 frame_id = VENDOR_ELEM_PROBE_REQ; 575 576 if (wpa_s->vendor_elem[frame_id]) { 577 size_t len; 578 579 len = wpabuf_len(wpa_s->vendor_elem[frame_id]); 580 if (len > 0 && wpabuf_resize(&default_ies, len) == 0) 581 wpabuf_put_buf(default_ies, 582 wpa_s->vendor_elem[frame_id]); 583 } 584 585 if (default_ies) 586 wpa_drv_set_default_scan_ies(wpa_s, wpabuf_head(default_ies), 587 wpabuf_len(default_ies)); 588 wpabuf_free(default_ies); 589 } 590 591 592 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 593 { 594 struct wpabuf *extra_ie = NULL; 595 u8 ext_capab[18]; 596 int ext_capab_len; 597 #ifdef CONFIG_WPS 598 int wps = 0; 599 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 600 #endif /* CONFIG_WPS */ 601 602 #ifdef CONFIG_P2P 603 if (wpa_s->p2p_group_interface == P2P_GROUP_INTERFACE_CLIENT) 604 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT); 605 else 606 #endif /* CONFIG_P2P */ 607 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION); 608 609 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab, 610 sizeof(ext_capab)); 611 if (ext_capab_len > 0 && 612 wpabuf_resize(&extra_ie, ext_capab_len) == 0) 613 wpabuf_put_data(extra_ie, ext_capab, ext_capab_len); 614 615 #ifdef CONFIG_INTERWORKING 616 if (wpa_s->conf->interworking && 617 wpabuf_resize(&extra_ie, 100) == 0) 618 wpas_add_interworking_elements(wpa_s, extra_ie); 619 #endif /* CONFIG_INTERWORKING */ 620 621 #ifdef CONFIG_MBO 622 if (wpa_s->enable_oce & OCE_STA) 623 wpas_fils_req_param_add_max_channel(wpa_s, &extra_ie); 624 #endif /* CONFIG_MBO */ 625 626 #ifdef CONFIG_WPS 627 wps = wpas_wps_in_use(wpa_s, &req_type); 628 629 if (wps) { 630 struct wpabuf *wps_ie; 631 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 632 DEV_PW_DEFAULT, 633 &wpa_s->wps->dev, 634 wpa_s->wps->uuid, req_type, 635 0, NULL); 636 if (wps_ie) { 637 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 638 wpabuf_put_buf(extra_ie, wps_ie); 639 wpabuf_free(wps_ie); 640 } 641 } 642 643 #ifdef CONFIG_P2P 644 if (wps) { 645 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 646 if (wpabuf_resize(&extra_ie, ielen) == 0) 647 wpas_p2p_scan_ie(wpa_s, extra_ie); 648 } 649 #endif /* CONFIG_P2P */ 650 651 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 652 653 #endif /* CONFIG_WPS */ 654 655 #ifdef CONFIG_HS20 656 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 9) == 0) 657 wpas_hs20_add_indication(extra_ie, -1, 0); 658 #endif /* CONFIG_HS20 */ 659 660 #ifdef CONFIG_FST 661 if (wpa_s->fst_ies && 662 wpabuf_resize(&extra_ie, wpabuf_len(wpa_s->fst_ies)) == 0) 663 wpabuf_put_buf(extra_ie, wpa_s->fst_ies); 664 #endif /* CONFIG_FST */ 665 666 #ifdef CONFIG_MBO 667 /* Send MBO and OCE capabilities */ 668 if (wpabuf_resize(&extra_ie, 12) == 0) 669 wpas_mbo_scan_ie(wpa_s, extra_ie); 670 #endif /* CONFIG_MBO */ 671 672 if (wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]) { 673 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_PROBE_REQ]; 674 675 if (wpabuf_resize(&extra_ie, wpabuf_len(buf)) == 0) 676 wpabuf_put_buf(extra_ie, buf); 677 } 678 679 return extra_ie; 680 } 681 682 683 #ifdef CONFIG_P2P 684 685 /* 686 * Check whether there are any enabled networks or credentials that could be 687 * used for a non-P2P connection. 688 */ 689 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 690 { 691 struct wpa_ssid *ssid; 692 693 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 694 if (wpas_network_disabled(wpa_s, ssid)) 695 continue; 696 if (!ssid->p2p_group) 697 return 1; 698 } 699 700 if (wpa_s->conf->cred && wpa_s->conf->interworking && 701 wpa_s->conf->auto_interworking) 702 return 1; 703 704 return 0; 705 } 706 707 #endif /* CONFIG_P2P */ 708 709 710 int wpa_add_scan_freqs_list(struct wpa_supplicant *wpa_s, 711 enum hostapd_hw_mode band, 712 struct wpa_driver_scan_params *params, bool is_6ghz) 713 { 714 /* Include only supported channels for the specified band */ 715 struct hostapd_hw_modes *mode; 716 int num_chans = 0; 717 int *freqs, i; 718 719 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band, is_6ghz); 720 if (!mode) 721 return -1; 722 723 if (params->freqs) { 724 while (params->freqs[num_chans]) 725 num_chans++; 726 } 727 728 freqs = os_realloc(params->freqs, 729 (num_chans + mode->num_channels + 1) * sizeof(int)); 730 if (!freqs) 731 return -1; 732 733 params->freqs = freqs; 734 for (i = 0; i < mode->num_channels; i++) { 735 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 736 continue; 737 params->freqs[num_chans++] = mode->channels[i].freq; 738 } 739 params->freqs[num_chans] = 0; 740 741 return 0; 742 } 743 744 745 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 746 struct wpa_driver_scan_params *params) 747 { 748 if (wpa_s->hw.modes == NULL) 749 return; /* unknown what channels the driver supports */ 750 if (params->freqs) 751 return; /* already using a limited channel set */ 752 753 if (wpa_s->setband_mask & WPA_SETBAND_5G) 754 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params, 755 false); 756 if (wpa_s->setband_mask & WPA_SETBAND_2G) 757 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, params, 758 false); 759 if (wpa_s->setband_mask & WPA_SETBAND_6G) 760 wpa_add_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, params, 761 true); 762 } 763 764 765 static void wpa_add_scan_ssid(struct wpa_supplicant *wpa_s, 766 struct wpa_driver_scan_params *params, 767 size_t max_ssids, const u8 *ssid, size_t ssid_len) 768 { 769 unsigned int j; 770 771 for (j = 0; j < params->num_ssids; j++) { 772 if (params->ssids[j].ssid_len == ssid_len && 773 params->ssids[j].ssid && 774 os_memcmp(params->ssids[j].ssid, ssid, ssid_len) == 0) 775 return; /* already in the list */ 776 } 777 778 if (params->num_ssids + 1 > max_ssids) { 779 wpa_printf(MSG_DEBUG, "Over max scan SSIDs for manual request"); 780 return; 781 } 782 783 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 784 wpa_ssid_txt(ssid, ssid_len)); 785 786 params->ssids[params->num_ssids].ssid = ssid; 787 params->ssids[params->num_ssids].ssid_len = ssid_len; 788 params->num_ssids++; 789 } 790 791 792 static void wpa_add_owe_scan_ssid(struct wpa_supplicant *wpa_s, 793 struct wpa_driver_scan_params *params, 794 struct wpa_ssid *ssid, size_t max_ssids) 795 { 796 #ifdef CONFIG_OWE 797 struct wpa_bss *bss; 798 799 if (!(ssid->key_mgmt & WPA_KEY_MGMT_OWE)) 800 return; 801 802 wpa_printf(MSG_DEBUG, "OWE: Look for transition mode AP. ssid=%s", 803 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 804 805 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 806 const u8 *owe, *pos, *end; 807 const u8 *owe_ssid; 808 size_t owe_ssid_len; 809 810 if (bss->ssid_len != ssid->ssid_len || 811 os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) != 0) 812 continue; 813 814 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE); 815 if (!owe || owe[1] < 4) 816 continue; 817 818 pos = owe + 6; 819 end = owe + 2 + owe[1]; 820 821 /* Must include BSSID and ssid_len */ 822 if (end - pos < ETH_ALEN + 1) 823 return; 824 825 /* Skip BSSID */ 826 pos += ETH_ALEN; 827 owe_ssid_len = *pos++; 828 owe_ssid = pos; 829 830 if ((size_t) (end - pos) < owe_ssid_len || 831 owe_ssid_len > SSID_MAX_LEN) 832 return; 833 834 wpa_printf(MSG_DEBUG, 835 "OWE: scan_ssids: transition mode OWE ssid=%s", 836 wpa_ssid_txt(owe_ssid, owe_ssid_len)); 837 838 wpa_add_scan_ssid(wpa_s, params, max_ssids, 839 owe_ssid, owe_ssid_len); 840 return; 841 } 842 #endif /* CONFIG_OWE */ 843 } 844 845 846 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 847 struct wpa_driver_scan_params *params, 848 size_t max_ssids) 849 { 850 unsigned int i; 851 struct wpa_ssid *ssid; 852 853 /* 854 * For devices with max_ssids greater than 1, leave the last slot empty 855 * for adding the wildcard scan entry. 856 */ 857 max_ssids = max_ssids > 1 ? max_ssids - 1 : max_ssids; 858 859 for (i = 0; i < wpa_s->scan_id_count; i++) { 860 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 861 if (!ssid) 862 continue; 863 if (ssid->scan_ssid) 864 wpa_add_scan_ssid(wpa_s, params, max_ssids, 865 ssid->ssid, ssid->ssid_len); 866 /* 867 * Also add the SSID of the OWE BSS, to allow discovery of 868 * transition mode APs more quickly. 869 */ 870 wpa_add_owe_scan_ssid(wpa_s, params, ssid, max_ssids); 871 } 872 873 wpa_s->scan_id_count = 0; 874 } 875 876 877 static int wpa_set_ssids_from_scan_req(struct wpa_supplicant *wpa_s, 878 struct wpa_driver_scan_params *params, 879 size_t max_ssids) 880 { 881 unsigned int i; 882 883 if (wpa_s->ssids_from_scan_req == NULL || 884 wpa_s->num_ssids_from_scan_req == 0) 885 return 0; 886 887 if (wpa_s->num_ssids_from_scan_req > max_ssids) { 888 wpa_s->num_ssids_from_scan_req = max_ssids; 889 wpa_printf(MSG_DEBUG, "Over max scan SSIDs from scan req: %u", 890 (unsigned int) max_ssids); 891 } 892 893 for (i = 0; i < wpa_s->num_ssids_from_scan_req; i++) { 894 params->ssids[i].ssid = wpa_s->ssids_from_scan_req[i].ssid; 895 params->ssids[i].ssid_len = 896 wpa_s->ssids_from_scan_req[i].ssid_len; 897 wpa_hexdump_ascii(MSG_DEBUG, "specific SSID", 898 params->ssids[i].ssid, 899 params->ssids[i].ssid_len); 900 } 901 902 params->num_ssids = wpa_s->num_ssids_from_scan_req; 903 wpa_s->num_ssids_from_scan_req = 0; 904 return 1; 905 } 906 907 908 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 909 { 910 struct wpa_supplicant *wpa_s = eloop_ctx; 911 struct wpa_ssid *ssid; 912 int ret, p2p_in_prog; 913 struct wpabuf *extra_ie = NULL; 914 struct wpa_driver_scan_params params; 915 struct wpa_driver_scan_params *scan_params; 916 size_t max_ssids; 917 int connect_without_scan = 0; 918 919 wpa_s->ignore_post_flush_scan_res = 0; 920 921 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 922 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 923 return; 924 } 925 926 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 927 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 928 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 929 return; 930 } 931 932 if (wpa_s->scanning) { 933 /* 934 * If we are already in scanning state, we shall reschedule the 935 * the incoming scan request. 936 */ 937 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 938 wpa_supplicant_req_scan(wpa_s, 1, 0); 939 return; 940 } 941 942 if (!wpa_supplicant_enabled_networks(wpa_s) && 943 wpa_s->scan_req == NORMAL_SCAN_REQ) { 944 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 945 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 946 return; 947 } 948 949 if (wpa_s->conf->ap_scan != 0 && 950 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 951 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 952 "overriding ap_scan configuration"); 953 wpa_s->conf->ap_scan = 0; 954 wpas_notify_ap_scan_changed(wpa_s); 955 } 956 957 if (wpa_s->conf->ap_scan == 0) { 958 wpa_supplicant_gen_assoc_event(wpa_s); 959 return; 960 } 961 962 ssid = NULL; 963 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 964 wpa_s->connect_without_scan) { 965 connect_without_scan = 1; 966 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 967 if (ssid == wpa_s->connect_without_scan) 968 break; 969 } 970 } 971 972 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 973 if (p2p_in_prog && p2p_in_prog != 2 && 974 (!ssid || 975 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 976 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 977 wpa_supplicant_req_scan(wpa_s, 5, 0); 978 return; 979 } 980 981 /* 982 * Don't cancel the scan based on ongoing PNO; defer it. Some scans are 983 * used for changing modes inside wpa_supplicant (roaming, 984 * auto-reconnect, etc). Discarding the scan might hurt these processes. 985 * The normal use case for PNO is to suspend the host immediately after 986 * starting PNO, so the periodic 100 ms attempts to run the scan do not 987 * normally happen in practice multiple times, i.e., this is simply 988 * restarting scanning once the host is woken up and PNO stopped. 989 */ 990 if (wpa_s->pno || wpa_s->pno_sched_pending) { 991 wpa_dbg(wpa_s, MSG_DEBUG, "Defer scan - PNO is in progress"); 992 wpa_supplicant_req_scan(wpa_s, 0, 100000); 993 return; 994 } 995 996 if (wpa_s->conf->ap_scan == 2) 997 max_ssids = 1; 998 else { 999 max_ssids = wpa_s->max_scan_ssids; 1000 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 1001 max_ssids = WPAS_MAX_SCAN_SSIDS; 1002 } 1003 1004 wpa_s->last_scan_req = wpa_s->scan_req; 1005 wpa_s->scan_req = NORMAL_SCAN_REQ; 1006 1007 if (connect_without_scan) { 1008 wpa_s->connect_without_scan = NULL; 1009 if (ssid) { 1010 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 1011 "without scan step"); 1012 wpa_supplicant_associate(wpa_s, NULL, ssid); 1013 return; 1014 } 1015 } 1016 1017 os_memset(¶ms, 0, sizeof(params)); 1018 1019 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 1020 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1021 wpa_s->wpa_state == WPA_INACTIVE) 1022 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1023 1024 /* 1025 * If autoscan has set its own scanning parameters 1026 */ 1027 if (wpa_s->autoscan_params != NULL) { 1028 scan_params = wpa_s->autoscan_params; 1029 goto scan; 1030 } 1031 1032 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1033 wpa_set_ssids_from_scan_req(wpa_s, ¶ms, max_ssids)) { 1034 wpa_printf(MSG_DEBUG, "Use specific SSIDs from SCAN command"); 1035 goto ssid_list_set; 1036 } 1037 1038 #ifdef CONFIG_P2P 1039 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 1040 wpa_s->go_params && !wpa_s->conf->passive_scan) { 1041 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 1042 wpa_s->p2p_in_provisioning, 1043 wpa_s->show_group_started); 1044 params.ssids[0].ssid = wpa_s->go_params->ssid; 1045 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 1046 params.num_ssids = 1; 1047 goto ssid_list_set; 1048 } 1049 1050 if (wpa_s->p2p_in_invitation) { 1051 if (wpa_s->current_ssid) { 1052 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 1053 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 1054 params.ssids[0].ssid_len = 1055 wpa_s->current_ssid->ssid_len; 1056 params.num_ssids = 1; 1057 } else { 1058 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 1059 } 1060 goto ssid_list_set; 1061 } 1062 #endif /* CONFIG_P2P */ 1063 1064 /* Find the starting point from which to continue scanning */ 1065 ssid = wpa_s->conf->ssid; 1066 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 1067 while (ssid) { 1068 if (ssid == wpa_s->prev_scan_ssid) { 1069 ssid = ssid->next; 1070 break; 1071 } 1072 ssid = ssid->next; 1073 } 1074 } 1075 1076 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 1077 #ifdef CONFIG_AP 1078 !wpa_s->ap_iface && 1079 #endif /* CONFIG_AP */ 1080 wpa_s->conf->ap_scan == 2) { 1081 wpa_s->connect_without_scan = NULL; 1082 wpa_s->prev_scan_wildcard = 0; 1083 wpa_supplicant_assoc_try(wpa_s, ssid); 1084 return; 1085 } else if (wpa_s->conf->ap_scan == 2) { 1086 /* 1087 * User-initiated scan request in ap_scan == 2; scan with 1088 * wildcard SSID. 1089 */ 1090 ssid = NULL; 1091 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 1092 /* 1093 * Perform single-channel single-SSID scan for 1094 * reassociate-to-same-BSS operation. 1095 */ 1096 /* Setup SSID */ 1097 ssid = wpa_s->current_ssid; 1098 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 1099 ssid->ssid, ssid->ssid_len); 1100 params.ssids[0].ssid = ssid->ssid; 1101 params.ssids[0].ssid_len = ssid->ssid_len; 1102 params.num_ssids = 1; 1103 1104 /* 1105 * Allocate memory for frequency array, allocate one extra 1106 * slot for the zero-terminator. 1107 */ 1108 params.freqs = os_malloc(sizeof(int) * 2); 1109 if (params.freqs) { 1110 params.freqs[0] = wpa_s->assoc_freq; 1111 params.freqs[1] = 0; 1112 } 1113 1114 /* 1115 * Reset the reattach flag so that we fall back to full scan if 1116 * this scan fails. 1117 */ 1118 wpa_s->reattach = 0; 1119 } else { 1120 struct wpa_ssid *start = ssid, *tssid; 1121 int freqs_set = 0; 1122 if (ssid == NULL && max_ssids > 1) 1123 ssid = wpa_s->conf->ssid; 1124 while (ssid) { 1125 if (!wpas_network_disabled(wpa_s, ssid) && 1126 ssid->scan_ssid) { 1127 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 1128 ssid->ssid, ssid->ssid_len); 1129 params.ssids[params.num_ssids].ssid = 1130 ssid->ssid; 1131 params.ssids[params.num_ssids].ssid_len = 1132 ssid->ssid_len; 1133 params.num_ssids++; 1134 if (params.num_ssids + 1 >= max_ssids) 1135 break; 1136 } 1137 1138 if (!wpas_network_disabled(wpa_s, ssid)) { 1139 /* 1140 * Also add the SSID of the OWE BSS, to allow 1141 * discovery of transition mode APs more 1142 * quickly. 1143 */ 1144 wpa_add_owe_scan_ssid(wpa_s, ¶ms, ssid, 1145 max_ssids); 1146 } 1147 1148 ssid = ssid->next; 1149 if (ssid == start) 1150 break; 1151 if (ssid == NULL && max_ssids > 1 && 1152 start != wpa_s->conf->ssid) 1153 ssid = wpa_s->conf->ssid; 1154 } 1155 1156 if (wpa_s->scan_id_count && 1157 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 1158 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 1159 1160 for (tssid = wpa_s->conf->ssid; 1161 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 1162 tssid = tssid->next) { 1163 if (wpas_network_disabled(wpa_s, tssid)) 1164 continue; 1165 if (((params.freqs || !freqs_set) && 1166 tssid->scan_freq) && 1167 int_array_len(params.freqs) < 100) { 1168 int_array_concat(¶ms.freqs, 1169 tssid->scan_freq); 1170 } else { 1171 os_free(params.freqs); 1172 params.freqs = NULL; 1173 } 1174 freqs_set = 1; 1175 } 1176 int_array_sort_unique(params.freqs); 1177 } 1178 1179 if (ssid && max_ssids == 1) { 1180 /* 1181 * If the driver is limited to 1 SSID at a time interleave 1182 * wildcard SSID scans with specific SSID scans to avoid 1183 * waiting a long time for a wildcard scan. 1184 */ 1185 if (!wpa_s->prev_scan_wildcard) { 1186 params.ssids[0].ssid = NULL; 1187 params.ssids[0].ssid_len = 0; 1188 wpa_s->prev_scan_wildcard = 1; 1189 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 1190 "wildcard SSID (Interleave with specific)"); 1191 } else { 1192 wpa_s->prev_scan_ssid = ssid; 1193 wpa_s->prev_scan_wildcard = 0; 1194 wpa_dbg(wpa_s, MSG_DEBUG, 1195 "Starting AP scan for specific SSID: %s", 1196 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1197 } 1198 } else if (ssid) { 1199 /* max_ssids > 1 */ 1200 1201 wpa_s->prev_scan_ssid = ssid; 1202 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 1203 "the scan request"); 1204 params.num_ssids++; 1205 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1206 wpa_s->manual_scan_passive && params.num_ssids == 0) { 1207 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 1208 } else if (wpa_s->conf->passive_scan) { 1209 wpa_dbg(wpa_s, MSG_DEBUG, 1210 "Use passive scan based on configuration"); 1211 } else { 1212 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 1213 params.num_ssids++; 1214 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 1215 "SSID"); 1216 } 1217 1218 ssid_list_set: 1219 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 1220 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1221 1222 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 1223 wpa_s->manual_scan_only_new) { 1224 wpa_printf(MSG_DEBUG, 1225 "Request driver to clear scan cache due to manual only_new=1 scan"); 1226 params.only_new_results = 1; 1227 } 1228 1229 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 1230 wpa_s->manual_scan_freqs) { 1231 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 1232 params.freqs = wpa_s->manual_scan_freqs; 1233 wpa_s->manual_scan_freqs = NULL; 1234 } 1235 1236 if (params.freqs == NULL && wpa_s->select_network_scan_freqs) { 1237 wpa_dbg(wpa_s, MSG_DEBUG, 1238 "Limit select_network scan to specified channels"); 1239 params.freqs = wpa_s->select_network_scan_freqs; 1240 wpa_s->select_network_scan_freqs = NULL; 1241 } 1242 1243 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 1244 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 1245 "generated frequency list"); 1246 params.freqs = wpa_s->next_scan_freqs; 1247 } else 1248 os_free(wpa_s->next_scan_freqs); 1249 wpa_s->next_scan_freqs = NULL; 1250 wpa_setband_scan_freqs(wpa_s, ¶ms); 1251 1252 /* See if user specified frequencies. If so, scan only those. */ 1253 if (wpa_s->last_scan_req == INITIAL_SCAN_REQ && 1254 wpa_s->conf->initial_freq_list && !params.freqs) { 1255 wpa_dbg(wpa_s, MSG_DEBUG, 1256 "Optimize scan based on conf->initial_freq_list"); 1257 int_array_concat(¶ms.freqs, wpa_s->conf->initial_freq_list); 1258 } else if (wpa_s->conf->freq_list && !params.freqs) { 1259 wpa_dbg(wpa_s, MSG_DEBUG, 1260 "Optimize scan based on conf->freq_list"); 1261 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1262 } 1263 1264 /* Use current associated channel? */ 1265 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 1266 unsigned int num = wpa_s->num_multichan_concurrent; 1267 1268 params.freqs = os_calloc(num + 1, sizeof(int)); 1269 if (params.freqs) { 1270 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1271 if (num > 0) { 1272 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 1273 "current operating channels since " 1274 "scan_cur_freq is enabled"); 1275 } else { 1276 os_free(params.freqs); 1277 params.freqs = NULL; 1278 } 1279 } 1280 } 1281 1282 #ifdef CONFIG_MBO 1283 if (wpa_s->enable_oce & OCE_STA) 1284 params.oce_scan = 1; 1285 #endif /* CONFIG_MBO */ 1286 1287 params.filter_ssids = wpa_supplicant_build_filter_ssids( 1288 wpa_s->conf, ¶ms.num_filter_ssids); 1289 if (extra_ie) { 1290 params.extra_ies = wpabuf_head(extra_ie); 1291 params.extra_ies_len = wpabuf_len(extra_ie); 1292 } 1293 1294 #ifdef CONFIG_P2P 1295 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 1296 (wpa_s->show_group_started && wpa_s->go_params)) { 1297 /* 1298 * The interface may not yet be in P2P mode, so we have to 1299 * explicitly request P2P probe to disable CCK rates. 1300 */ 1301 params.p2p_probe = 1; 1302 } 1303 #endif /* CONFIG_P2P */ 1304 1305 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) && 1306 wpa_s->wpa_state <= WPA_SCANNING) 1307 wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_scan); 1308 1309 if (!is_zero_ether_addr(wpa_s->next_scan_bssid)) { 1310 struct wpa_bss *bss; 1311 1312 params.bssid = wpa_s->next_scan_bssid; 1313 bss = wpa_bss_get_bssid_latest(wpa_s, params.bssid); 1314 if (!wpa_s->next_scan_bssid_wildcard_ssid && 1315 bss && bss->ssid_len && params.num_ssids == 1 && 1316 params.ssids[0].ssid_len == 0) { 1317 params.ssids[0].ssid = bss->ssid; 1318 params.ssids[0].ssid_len = bss->ssid_len; 1319 wpa_dbg(wpa_s, MSG_DEBUG, 1320 "Scan a previously specified BSSID " MACSTR 1321 " and SSID %s", 1322 MAC2STR(params.bssid), 1323 wpa_ssid_txt(bss->ssid, bss->ssid_len)); 1324 } else { 1325 wpa_dbg(wpa_s, MSG_DEBUG, 1326 "Scan a previously specified BSSID " MACSTR, 1327 MAC2STR(params.bssid)); 1328 } 1329 } 1330 1331 scan_params = ¶ms; 1332 1333 scan: 1334 #ifdef CONFIG_P2P 1335 /* 1336 * If the driver does not support multi-channel concurrency and a 1337 * virtual interface that shares the same radio with the wpa_s interface 1338 * is operating there may not be need to scan other channels apart from 1339 * the current operating channel on the other virtual interface. Filter 1340 * out other channels in case we are trying to find a connection for a 1341 * station interface when we are not configured to prefer station 1342 * connection and a concurrent operation is already in process. 1343 */ 1344 if (wpa_s->scan_for_connection && 1345 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 1346 !scan_params->freqs && !params.freqs && 1347 wpas_is_p2p_prioritized(wpa_s) && 1348 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1349 non_p2p_network_enabled(wpa_s)) { 1350 unsigned int num = wpa_s->num_multichan_concurrent; 1351 1352 params.freqs = os_calloc(num + 1, sizeof(int)); 1353 if (params.freqs) { 1354 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1355 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1356 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1357 } else { 1358 os_free(params.freqs); 1359 params.freqs = NULL; 1360 } 1361 } 1362 } 1363 1364 if (!params.freqs && 1365 (wpa_s->p2p_in_invitation || wpa_s->p2p_in_provisioning) && 1366 !is_p2p_allow_6ghz(wpa_s->global->p2p) && 1367 is_6ghz_supported(wpa_s)) { 1368 int i; 1369 1370 /* Exclude 5 GHz channels from the full scan for P2P connection 1371 * since the 6 GHz band is disabled for P2P uses. */ 1372 wpa_printf(MSG_DEBUG, 1373 "P2P: 6 GHz disabled - update the scan frequency list"); 1374 for (i = 0; i < wpa_s->hw.num_modes; i++) { 1375 if (wpa_s->hw.modes[i].num_channels == 0) 1376 continue; 1377 if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211G) 1378 wpa_add_scan_freqs_list( 1379 wpa_s, HOSTAPD_MODE_IEEE80211G, 1380 ¶ms, false); 1381 if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211A) 1382 wpa_add_scan_freqs_list( 1383 wpa_s, HOSTAPD_MODE_IEEE80211A, 1384 ¶ms, false); 1385 if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211AD) 1386 wpa_add_scan_freqs_list( 1387 wpa_s, HOSTAPD_MODE_IEEE80211AD, 1388 ¶ms, false); 1389 } 1390 } 1391 #endif /* CONFIG_P2P */ 1392 1393 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1394 1395 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1396 !wpa_s->manual_scan_freqs) { 1397 /* Restore manual_scan_freqs for the next attempt */ 1398 wpa_s->manual_scan_freqs = params.freqs; 1399 params.freqs = NULL; 1400 } 1401 1402 wpabuf_free(extra_ie); 1403 os_free(params.freqs); 1404 os_free(params.filter_ssids); 1405 os_free(params.mac_addr); 1406 1407 if (ret) { 1408 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1409 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1410 wpa_supplicant_set_state(wpa_s, 1411 wpa_s->scan_prev_wpa_state); 1412 /* Restore scan_req since we will try to scan again */ 1413 wpa_s->scan_req = wpa_s->last_scan_req; 1414 wpa_supplicant_req_scan(wpa_s, 1, 0); 1415 } else { 1416 wpa_s->scan_for_connection = 0; 1417 #ifdef CONFIG_INTERWORKING 1418 wpa_s->interworking_fast_assoc_tried = 0; 1419 #endif /* CONFIG_INTERWORKING */ 1420 wpa_s->next_scan_bssid_wildcard_ssid = 0; 1421 if (params.bssid) 1422 os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN); 1423 } 1424 } 1425 1426 1427 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1428 { 1429 struct os_reltime remaining, new_int; 1430 int cancelled; 1431 1432 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1433 &remaining); 1434 1435 new_int.sec = sec; 1436 new_int.usec = 0; 1437 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1438 new_int.sec = remaining.sec; 1439 new_int.usec = remaining.usec; 1440 } 1441 1442 if (cancelled) { 1443 eloop_register_timeout(new_int.sec, new_int.usec, 1444 wpa_supplicant_scan, wpa_s, NULL); 1445 } 1446 wpa_s->scan_interval = sec; 1447 } 1448 1449 1450 /** 1451 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1452 * @wpa_s: Pointer to wpa_supplicant data 1453 * @sec: Number of seconds after which to scan 1454 * @usec: Number of microseconds after which to scan 1455 * 1456 * This function is used to schedule a scan for neighboring access points after 1457 * the specified time. 1458 */ 1459 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1460 { 1461 int res; 1462 1463 if (wpa_s->p2p_mgmt) { 1464 wpa_dbg(wpa_s, MSG_DEBUG, 1465 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1466 sec, usec); 1467 return; 1468 } 1469 1470 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1471 NULL); 1472 if (res == 1) { 1473 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1474 sec, usec); 1475 } else if (res == 0) { 1476 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1477 sec, usec); 1478 } else { 1479 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1480 sec, usec); 1481 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1482 } 1483 } 1484 1485 1486 /** 1487 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1488 * @wpa_s: Pointer to wpa_supplicant data 1489 * @sec: Number of seconds after which to scan 1490 * @usec: Number of microseconds after which to scan 1491 * Returns: 0 on success or -1 otherwise 1492 * 1493 * This function is used to schedule periodic scans for neighboring 1494 * access points after the specified time. 1495 */ 1496 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1497 int sec, int usec) 1498 { 1499 if (!wpa_s->sched_scan_supported) 1500 return -1; 1501 1502 eloop_register_timeout(sec, usec, 1503 wpa_supplicant_delayed_sched_scan_timeout, 1504 wpa_s, NULL); 1505 1506 return 0; 1507 } 1508 1509 1510 static void 1511 wpa_scan_set_relative_rssi_params(struct wpa_supplicant *wpa_s, 1512 struct wpa_driver_scan_params *params) 1513 { 1514 if (wpa_s->wpa_state != WPA_COMPLETED || 1515 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SCHED_SCAN_RELATIVE_RSSI) || 1516 wpa_s->srp.relative_rssi_set == 0) 1517 return; 1518 1519 params->relative_rssi_set = 1; 1520 params->relative_rssi = wpa_s->srp.relative_rssi; 1521 1522 if (wpa_s->srp.relative_adjust_rssi == 0) 1523 return; 1524 1525 params->relative_adjust_band = wpa_s->srp.relative_adjust_band; 1526 params->relative_adjust_rssi = wpa_s->srp.relative_adjust_rssi; 1527 } 1528 1529 1530 /** 1531 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1532 * @wpa_s: Pointer to wpa_supplicant data 1533 * Returns: 0 is sched_scan was started or -1 otherwise 1534 * 1535 * This function is used to schedule periodic scans for neighboring 1536 * access points repeating the scan continuously. 1537 */ 1538 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1539 { 1540 struct wpa_driver_scan_params params; 1541 struct wpa_driver_scan_params *scan_params; 1542 enum wpa_states prev_state; 1543 struct wpa_ssid *ssid = NULL; 1544 struct wpabuf *extra_ie = NULL; 1545 int ret; 1546 unsigned int max_sched_scan_ssids; 1547 int wildcard = 0; 1548 int need_ssids; 1549 struct sched_scan_plan scan_plan; 1550 1551 if (!wpa_s->sched_scan_supported) 1552 return -1; 1553 1554 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1555 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1556 else 1557 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1558 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1559 return -1; 1560 1561 wpa_s->sched_scan_stop_req = 0; 1562 1563 if (wpa_s->sched_scanning) { 1564 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1565 return 0; 1566 } 1567 1568 need_ssids = 0; 1569 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1570 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1571 /* Use wildcard SSID to find this network */ 1572 wildcard = 1; 1573 } else if (!wpas_network_disabled(wpa_s, ssid) && 1574 ssid->ssid_len) 1575 need_ssids++; 1576 1577 #ifdef CONFIG_WPS 1578 if (!wpas_network_disabled(wpa_s, ssid) && 1579 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1580 /* 1581 * Normal scan is more reliable and faster for WPS 1582 * operations and since these are for short periods of 1583 * time, the benefit of trying to use sched_scan would 1584 * be limited. 1585 */ 1586 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1587 "sched_scan for WPS"); 1588 return -1; 1589 } 1590 #endif /* CONFIG_WPS */ 1591 } 1592 if (wildcard) 1593 need_ssids++; 1594 1595 if (wpa_s->normal_scans < 3 && 1596 (need_ssids <= wpa_s->max_scan_ssids || 1597 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1598 /* 1599 * When normal scan can speed up operations, use that for the 1600 * first operations before starting the sched_scan to allow 1601 * user space sleep more. We do this only if the normal scan 1602 * has functionality that is suitable for this or if the 1603 * sched_scan does not have better support for multiple SSIDs. 1604 */ 1605 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1606 "sched_scan for initial scans (normal_scans=%d)", 1607 wpa_s->normal_scans); 1608 return -1; 1609 } 1610 1611 os_memset(¶ms, 0, sizeof(params)); 1612 1613 /* If we can't allocate space for the filters, we just don't filter */ 1614 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1615 sizeof(struct wpa_driver_scan_filter)); 1616 1617 prev_state = wpa_s->wpa_state; 1618 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1619 wpa_s->wpa_state == WPA_INACTIVE) 1620 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1621 1622 if (wpa_s->autoscan_params != NULL) { 1623 scan_params = wpa_s->autoscan_params; 1624 goto scan; 1625 } 1626 1627 /* Find the starting point from which to continue scanning */ 1628 ssid = wpa_s->conf->ssid; 1629 if (wpa_s->prev_sched_ssid) { 1630 while (ssid) { 1631 if (ssid == wpa_s->prev_sched_ssid) { 1632 ssid = ssid->next; 1633 break; 1634 } 1635 ssid = ssid->next; 1636 } 1637 } 1638 1639 if (!ssid || !wpa_s->prev_sched_ssid) { 1640 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1641 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1642 wpa_s->first_sched_scan = 1; 1643 ssid = wpa_s->conf->ssid; 1644 wpa_s->prev_sched_ssid = ssid; 1645 } 1646 1647 if (wildcard) { 1648 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1649 params.num_ssids++; 1650 } 1651 1652 while (ssid) { 1653 if (wpas_network_disabled(wpa_s, ssid)) 1654 goto next; 1655 1656 if (params.num_filter_ssids < wpa_s->max_match_sets && 1657 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1658 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1659 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1660 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1661 ssid->ssid, ssid->ssid_len); 1662 params.filter_ssids[params.num_filter_ssids].ssid_len = 1663 ssid->ssid_len; 1664 params.num_filter_ssids++; 1665 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1666 { 1667 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1668 "filter for sched_scan - drop filter"); 1669 os_free(params.filter_ssids); 1670 params.filter_ssids = NULL; 1671 params.num_filter_ssids = 0; 1672 } 1673 1674 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1675 if (params.num_ssids == max_sched_scan_ssids) 1676 break; /* only room for broadcast SSID */ 1677 wpa_dbg(wpa_s, MSG_DEBUG, 1678 "add to active scan ssid: %s", 1679 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1680 params.ssids[params.num_ssids].ssid = 1681 ssid->ssid; 1682 params.ssids[params.num_ssids].ssid_len = 1683 ssid->ssid_len; 1684 params.num_ssids++; 1685 if (params.num_ssids >= max_sched_scan_ssids) { 1686 wpa_s->prev_sched_ssid = ssid; 1687 do { 1688 ssid = ssid->next; 1689 } while (ssid && 1690 (wpas_network_disabled(wpa_s, ssid) || 1691 !ssid->scan_ssid)); 1692 break; 1693 } 1694 } 1695 1696 next: 1697 wpa_s->prev_sched_ssid = ssid; 1698 ssid = ssid->next; 1699 } 1700 1701 if (params.num_filter_ssids == 0) { 1702 os_free(params.filter_ssids); 1703 params.filter_ssids = NULL; 1704 } 1705 1706 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1707 if (extra_ie) { 1708 params.extra_ies = wpabuf_head(extra_ie); 1709 params.extra_ies_len = wpabuf_len(extra_ie); 1710 } 1711 1712 if (wpa_s->conf->filter_rssi) 1713 params.filter_rssi = wpa_s->conf->filter_rssi; 1714 1715 /* See if user specified frequencies. If so, scan only those. */ 1716 if (wpa_s->conf->freq_list && !params.freqs) { 1717 wpa_dbg(wpa_s, MSG_DEBUG, 1718 "Optimize scan based on conf->freq_list"); 1719 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1720 } 1721 1722 #ifdef CONFIG_MBO 1723 if (wpa_s->enable_oce & OCE_STA) 1724 params.oce_scan = 1; 1725 #endif /* CONFIG_MBO */ 1726 1727 scan_params = ¶ms; 1728 1729 scan: 1730 wpa_s->sched_scan_timed_out = 0; 1731 1732 /* 1733 * We cannot support multiple scan plans if the scan request includes 1734 * too many SSID's, so in this case use only the last scan plan and make 1735 * it run infinitely. It will be stopped by the timeout. 1736 */ 1737 if (wpa_s->sched_scan_plans_num == 1 || 1738 (wpa_s->sched_scan_plans_num && !ssid && wpa_s->first_sched_scan)) { 1739 params.sched_scan_plans = wpa_s->sched_scan_plans; 1740 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 1741 } else if (wpa_s->sched_scan_plans_num > 1) { 1742 wpa_dbg(wpa_s, MSG_DEBUG, 1743 "Too many SSIDs. Default to using single scheduled_scan plan"); 1744 params.sched_scan_plans = 1745 &wpa_s->sched_scan_plans[wpa_s->sched_scan_plans_num - 1746 1]; 1747 params.sched_scan_plans_num = 1; 1748 } else { 1749 if (wpa_s->conf->sched_scan_interval) 1750 scan_plan.interval = wpa_s->conf->sched_scan_interval; 1751 else 1752 scan_plan.interval = 10; 1753 1754 if (scan_plan.interval > wpa_s->max_sched_scan_plan_interval) { 1755 wpa_printf(MSG_WARNING, 1756 "Scan interval too long(%u), use the maximum allowed(%u)", 1757 scan_plan.interval, 1758 wpa_s->max_sched_scan_plan_interval); 1759 scan_plan.interval = 1760 wpa_s->max_sched_scan_plan_interval; 1761 } 1762 1763 scan_plan.iterations = 0; 1764 params.sched_scan_plans = &scan_plan; 1765 params.sched_scan_plans_num = 1; 1766 } 1767 1768 params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay; 1769 1770 if (ssid || !wpa_s->first_sched_scan) { 1771 wpa_dbg(wpa_s, MSG_DEBUG, 1772 "Starting sched scan after %u seconds: interval %u timeout %d", 1773 params.sched_scan_start_delay, 1774 params.sched_scan_plans[0].interval, 1775 wpa_s->sched_scan_timeout); 1776 } else { 1777 wpa_dbg(wpa_s, MSG_DEBUG, 1778 "Starting sched scan after %u seconds (no timeout)", 1779 params.sched_scan_start_delay); 1780 } 1781 1782 wpa_setband_scan_freqs(wpa_s, scan_params); 1783 1784 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) && 1785 wpa_s->wpa_state <= WPA_SCANNING) 1786 wpa_setup_mac_addr_rand_params(¶ms, 1787 wpa_s->mac_addr_sched_scan); 1788 1789 wpa_scan_set_relative_rssi_params(wpa_s, scan_params); 1790 1791 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params); 1792 wpabuf_free(extra_ie); 1793 os_free(params.filter_ssids); 1794 os_free(params.mac_addr); 1795 if (ret) { 1796 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1797 if (prev_state != wpa_s->wpa_state) 1798 wpa_supplicant_set_state(wpa_s, prev_state); 1799 return ret; 1800 } 1801 1802 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1803 if (ssid || !wpa_s->first_sched_scan) { 1804 wpa_s->sched_scan_timed_out = 0; 1805 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1806 wpa_supplicant_sched_scan_timeout, 1807 wpa_s, NULL); 1808 wpa_s->first_sched_scan = 0; 1809 wpa_s->sched_scan_timeout /= 2; 1810 params.sched_scan_plans[0].interval *= 2; 1811 if ((unsigned int) wpa_s->sched_scan_timeout < 1812 params.sched_scan_plans[0].interval || 1813 params.sched_scan_plans[0].interval > 1814 wpa_s->max_sched_scan_plan_interval) { 1815 params.sched_scan_plans[0].interval = 10; 1816 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1817 } 1818 } 1819 1820 /* If there is no more ssids, start next time from the beginning */ 1821 if (!ssid) 1822 wpa_s->prev_sched_ssid = NULL; 1823 1824 return 0; 1825 } 1826 1827 1828 /** 1829 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1830 * @wpa_s: Pointer to wpa_supplicant data 1831 * 1832 * This function is used to cancel a scan request scheduled with 1833 * wpa_supplicant_req_scan(). 1834 */ 1835 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1836 { 1837 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1838 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1839 } 1840 1841 1842 /** 1843 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1844 * @wpa_s: Pointer to wpa_supplicant data 1845 * 1846 * This function is used to stop a delayed scheduled scan. 1847 */ 1848 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1849 { 1850 if (!wpa_s->sched_scan_supported) 1851 return; 1852 1853 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1854 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1855 wpa_s, NULL); 1856 } 1857 1858 1859 /** 1860 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1861 * @wpa_s: Pointer to wpa_supplicant data 1862 * 1863 * This function is used to stop a periodic scheduled scan. 1864 */ 1865 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1866 { 1867 if (!wpa_s->sched_scanning) 1868 return; 1869 1870 if (wpa_s->sched_scanning) 1871 wpa_s->sched_scan_stop_req = 1; 1872 1873 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1874 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1875 wpa_supplicant_stop_sched_scan(wpa_s); 1876 } 1877 1878 1879 /** 1880 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1881 * @wpa_s: Pointer to wpa_supplicant data 1882 * @scanning: Whether scanning is currently in progress 1883 * 1884 * This function is to generate scanning notifycations. It is called whenever 1885 * there may have been a change in scanning (scan started, completed, stopped). 1886 * wpas_notify_scanning() is called whenever the scanning state changed from the 1887 * previously notified state. 1888 */ 1889 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1890 int scanning) 1891 { 1892 if (wpa_s->scanning != scanning) { 1893 wpa_s->scanning = scanning; 1894 wpas_notify_scanning(wpa_s); 1895 } 1896 } 1897 1898 1899 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1900 { 1901 int rate = 0; 1902 const u8 *ie; 1903 int i; 1904 1905 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1906 for (i = 0; ie && i < ie[1]; i++) { 1907 if ((ie[i + 2] & 0x7f) > rate) 1908 rate = ie[i + 2] & 0x7f; 1909 } 1910 1911 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1912 for (i = 0; ie && i < ie[1]; i++) { 1913 if ((ie[i + 2] & 0x7f) > rate) 1914 rate = ie[i + 2] & 0x7f; 1915 } 1916 1917 return rate; 1918 } 1919 1920 1921 /** 1922 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1923 * @res: Scan result entry 1924 * @ie: Information element identitifier (WLAN_EID_*) 1925 * Returns: Pointer to the information element (id field) or %NULL if not found 1926 * 1927 * This function returns the first matching information element in the scan 1928 * result. 1929 */ 1930 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1931 { 1932 size_t ie_len = res->ie_len; 1933 1934 /* Use the Beacon frame IEs if res->ie_len is not available */ 1935 if (!ie_len) 1936 ie_len = res->beacon_ie_len; 1937 1938 return get_ie((const u8 *) (res + 1), ie_len, ie); 1939 } 1940 1941 1942 /** 1943 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1944 * @res: Scan result entry 1945 * @vendor_type: Vendor type (four octets starting the IE payload) 1946 * Returns: Pointer to the information element (id field) or %NULL if not found 1947 * 1948 * This function returns the first matching information element in the scan 1949 * result. 1950 */ 1951 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1952 u32 vendor_type) 1953 { 1954 const u8 *ies; 1955 const struct element *elem; 1956 1957 ies = (const u8 *) (res + 1); 1958 1959 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, res->ie_len) { 1960 if (elem->datalen >= 4 && 1961 vendor_type == WPA_GET_BE32(elem->data)) 1962 return &elem->id; 1963 } 1964 1965 return NULL; 1966 } 1967 1968 1969 /** 1970 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1971 * @res: Scan result entry 1972 * @vendor_type: Vendor type (four octets starting the IE payload) 1973 * Returns: Pointer to the information element (id field) or %NULL if not found 1974 * 1975 * This function returns the first matching information element in the scan 1976 * result. 1977 * 1978 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1979 * from Beacon frames instead of either Beacon or Probe Response frames. 1980 */ 1981 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1982 u32 vendor_type) 1983 { 1984 const u8 *ies; 1985 const struct element *elem; 1986 1987 if (res->beacon_ie_len == 0) 1988 return NULL; 1989 1990 ies = (const u8 *) (res + 1); 1991 ies += res->ie_len; 1992 1993 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, 1994 res->beacon_ie_len) { 1995 if (elem->datalen >= 4 && 1996 vendor_type == WPA_GET_BE32(elem->data)) 1997 return &elem->id; 1998 } 1999 2000 return NULL; 2001 } 2002 2003 2004 /** 2005 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 2006 * @res: Scan result entry 2007 * @vendor_type: Vendor type (four octets starting the IE payload) 2008 * Returns: Pointer to the information element payload or %NULL if not found 2009 * 2010 * This function returns concatenated payload of possibly fragmented vendor 2011 * specific information elements in the scan result. The caller is responsible 2012 * for freeing the returned buffer. 2013 */ 2014 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 2015 u32 vendor_type) 2016 { 2017 struct wpabuf *buf; 2018 const u8 *end, *pos; 2019 2020 buf = wpabuf_alloc(res->ie_len); 2021 if (buf == NULL) 2022 return NULL; 2023 2024 pos = (const u8 *) (res + 1); 2025 end = pos + res->ie_len; 2026 2027 while (end - pos > 1) { 2028 u8 ie, len; 2029 2030 ie = pos[0]; 2031 len = pos[1]; 2032 if (len > end - pos - 2) 2033 break; 2034 pos += 2; 2035 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 && 2036 vendor_type == WPA_GET_BE32(pos)) 2037 wpabuf_put_data(buf, pos + 4, len - 4); 2038 pos += len; 2039 } 2040 2041 if (wpabuf_len(buf) == 0) { 2042 wpabuf_free(buf); 2043 buf = NULL; 2044 } 2045 2046 return buf; 2047 } 2048 2049 2050 /* Compare function for sorting scan results. Return >0 if @b is considered 2051 * better. */ 2052 static int wpa_scan_result_compar(const void *a, const void *b) 2053 { 2054 #define MIN(a,b) a < b ? a : b 2055 struct wpa_scan_res **_wa = (void *) a; 2056 struct wpa_scan_res **_wb = (void *) b; 2057 struct wpa_scan_res *wa = *_wa; 2058 struct wpa_scan_res *wb = *_wb; 2059 int wpa_a, wpa_b; 2060 int snr_a, snr_b, snr_a_full, snr_b_full; 2061 2062 /* WPA/WPA2 support preferred */ 2063 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 2064 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 2065 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 2066 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 2067 2068 if (wpa_b && !wpa_a) 2069 return 1; 2070 if (!wpa_b && wpa_a) 2071 return -1; 2072 2073 /* privacy support preferred */ 2074 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 2075 (wb->caps & IEEE80211_CAP_PRIVACY)) 2076 return 1; 2077 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 2078 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 2079 return -1; 2080 2081 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 2082 snr_a_full = wa->snr; 2083 snr_a = MIN(wa->snr, GREAT_SNR); 2084 snr_b_full = wb->snr; 2085 snr_b = MIN(wb->snr, GREAT_SNR); 2086 } else { 2087 /* Level is not in dBm, so we can't calculate 2088 * SNR. Just use raw level (units unknown). */ 2089 snr_a = snr_a_full = wa->level; 2090 snr_b = snr_b_full = wb->level; 2091 } 2092 2093 /* If SNR is close, decide by max rate or frequency band. For cases 2094 * involving the 6 GHz band, use the throughput estimate irrespective 2095 * of the SNR difference since the LPI/VLP rules may result in 2096 * significant differences in SNR for cases where the estimated 2097 * throughput can be considerably higher with the lower SNR. */ 2098 if (snr_a && snr_b && (abs(snr_b - snr_a) < 7 || 2099 is_6ghz_freq(wa->freq) || 2100 is_6ghz_freq(wb->freq))) { 2101 if (wa->est_throughput != wb->est_throughput) 2102 return (int) wb->est_throughput - 2103 (int) wa->est_throughput; 2104 } 2105 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 2106 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 2107 if (is_6ghz_freq(wa->freq) ^ is_6ghz_freq(wb->freq)) 2108 return is_6ghz_freq(wa->freq) ? -1 : 1; 2109 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 2110 return IS_5GHZ(wa->freq) ? -1 : 1; 2111 } 2112 2113 /* all things being equal, use SNR; if SNRs are 2114 * identical, use quality values since some drivers may only report 2115 * that value and leave the signal level zero */ 2116 if (snr_b_full == snr_a_full) 2117 return wb->qual - wa->qual; 2118 return snr_b_full - snr_a_full; 2119 #undef MIN 2120 } 2121 2122 2123 #ifdef CONFIG_WPS 2124 /* Compare function for sorting scan results when searching a WPS AP for 2125 * provisioning. Return >0 if @b is considered better. */ 2126 static int wpa_scan_result_wps_compar(const void *a, const void *b) 2127 { 2128 struct wpa_scan_res **_wa = (void *) a; 2129 struct wpa_scan_res **_wb = (void *) b; 2130 struct wpa_scan_res *wa = *_wa; 2131 struct wpa_scan_res *wb = *_wb; 2132 int uses_wps_a, uses_wps_b; 2133 struct wpabuf *wps_a, *wps_b; 2134 int res; 2135 2136 /* Optimization - check WPS IE existence before allocated memory and 2137 * doing full reassembly. */ 2138 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 2139 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 2140 if (uses_wps_a && !uses_wps_b) 2141 return -1; 2142 if (!uses_wps_a && uses_wps_b) 2143 return 1; 2144 2145 if (uses_wps_a && uses_wps_b) { 2146 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 2147 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 2148 res = wps_ap_priority_compar(wps_a, wps_b); 2149 wpabuf_free(wps_a); 2150 wpabuf_free(wps_b); 2151 if (res) 2152 return res; 2153 } 2154 2155 /* 2156 * Do not use current AP security policy as a sorting criteria during 2157 * WPS provisioning step since the AP may get reconfigured at the 2158 * completion of provisioning. 2159 */ 2160 2161 /* all things being equal, use signal level; if signal levels are 2162 * identical, use quality values since some drivers may only report 2163 * that value and leave the signal level zero */ 2164 if (wb->level == wa->level) 2165 return wb->qual - wa->qual; 2166 return wb->level - wa->level; 2167 } 2168 #endif /* CONFIG_WPS */ 2169 2170 2171 static void dump_scan_res(struct wpa_scan_results *scan_res) 2172 { 2173 #ifndef CONFIG_NO_STDOUT_DEBUG 2174 size_t i; 2175 2176 if (scan_res->res == NULL || scan_res->num == 0) 2177 return; 2178 2179 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 2180 2181 for (i = 0; i < scan_res->num; i++) { 2182 struct wpa_scan_res *r = scan_res->res[i]; 2183 u8 *pos; 2184 if (r->flags & WPA_SCAN_LEVEL_DBM) { 2185 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 2186 2187 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 2188 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 2189 MAC2STR(r->bssid), r->freq, r->qual, 2190 r->noise, noise_valid ? "" : "~", r->level, 2191 r->snr, r->snr >= GREAT_SNR ? "*" : "", 2192 r->flags, 2193 r->age, r->est_throughput); 2194 } else { 2195 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 2196 "noise=%d level=%d flags=0x%x age=%u est=%u", 2197 MAC2STR(r->bssid), r->freq, r->qual, 2198 r->noise, r->level, r->flags, r->age, 2199 r->est_throughput); 2200 } 2201 pos = (u8 *) (r + 1); 2202 if (r->ie_len) 2203 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 2204 pos += r->ie_len; 2205 if (r->beacon_ie_len) 2206 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 2207 pos, r->beacon_ie_len); 2208 } 2209 #endif /* CONFIG_NO_STDOUT_DEBUG */ 2210 } 2211 2212 2213 /** 2214 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 2215 * @wpa_s: Pointer to wpa_supplicant data 2216 * @bssid: BSSID to check 2217 * Returns: 0 if the BSSID is filtered or 1 if not 2218 * 2219 * This function is used to filter out specific BSSIDs from scan reslts mainly 2220 * for testing purposes (SET bssid_filter ctrl_iface command). 2221 */ 2222 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 2223 const u8 *bssid) 2224 { 2225 size_t i; 2226 2227 if (wpa_s->bssid_filter == NULL) 2228 return 1; 2229 2230 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 2231 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 2232 ETH_ALEN) == 0) 2233 return 1; 2234 } 2235 2236 return 0; 2237 } 2238 2239 2240 void filter_scan_res(struct wpa_supplicant *wpa_s, 2241 struct wpa_scan_results *res) 2242 { 2243 size_t i, j; 2244 2245 if (wpa_s->bssid_filter == NULL) 2246 return; 2247 2248 for (i = 0, j = 0; i < res->num; i++) { 2249 if (wpa_supplicant_filter_bssid_match(wpa_s, 2250 res->res[i]->bssid)) { 2251 res->res[j++] = res->res[i]; 2252 } else { 2253 os_free(res->res[i]); 2254 res->res[i] = NULL; 2255 } 2256 } 2257 2258 if (res->num != j) { 2259 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 2260 (int) (res->num - j)); 2261 res->num = j; 2262 } 2263 } 2264 2265 2266 void scan_snr(struct wpa_scan_res *res) 2267 { 2268 if (res->flags & WPA_SCAN_NOISE_INVALID) { 2269 res->noise = is_6ghz_freq(res->freq) ? 2270 DEFAULT_NOISE_FLOOR_6GHZ : 2271 (IS_5GHZ(res->freq) ? 2272 DEFAULT_NOISE_FLOOR_5GHZ : DEFAULT_NOISE_FLOOR_2GHZ); 2273 } 2274 2275 if (res->flags & WPA_SCAN_LEVEL_DBM) { 2276 res->snr = res->level - res->noise; 2277 } else { 2278 /* Level is not in dBm, so we can't calculate 2279 * SNR. Just use raw level (units unknown). */ 2280 res->snr = res->level; 2281 } 2282 } 2283 2284 2285 /* Minimum SNR required to achieve a certain bitrate. */ 2286 struct minsnr_bitrate_entry { 2287 int minsnr; 2288 unsigned int bitrate; /* in Mbps */ 2289 }; 2290 2291 /* VHT needs to be enabled in order to achieve MCS8 and MCS9 rates. */ 2292 static const int vht_mcs = 8; 2293 2294 static const struct minsnr_bitrate_entry vht20_table[] = { 2295 { 0, 0 }, 2296 { 2, 6500 }, /* HT20 MCS0 */ 2297 { 5, 13000 }, /* HT20 MCS1 */ 2298 { 9, 19500 }, /* HT20 MCS2 */ 2299 { 11, 26000 }, /* HT20 MCS3 */ 2300 { 15, 39000 }, /* HT20 MCS4 */ 2301 { 18, 52000 }, /* HT20 MCS5 */ 2302 { 20, 58500 }, /* HT20 MCS6 */ 2303 { 25, 65000 }, /* HT20 MCS7 */ 2304 { 29, 78000 }, /* VHT20 MCS8 */ 2305 { -1, 78000 } /* SNR > 29 */ 2306 }; 2307 2308 static const struct minsnr_bitrate_entry vht40_table[] = { 2309 { 0, 0 }, 2310 { 5, 13500 }, /* HT40 MCS0 */ 2311 { 8, 27000 }, /* HT40 MCS1 */ 2312 { 12, 40500 }, /* HT40 MCS2 */ 2313 { 14, 54000 }, /* HT40 MCS3 */ 2314 { 18, 81000 }, /* HT40 MCS4 */ 2315 { 21, 108000 }, /* HT40 MCS5 */ 2316 { 23, 121500 }, /* HT40 MCS6 */ 2317 { 28, 135000 }, /* HT40 MCS7 */ 2318 { 32, 162000 }, /* VHT40 MCS8 */ 2319 { 34, 180000 }, /* VHT40 MCS9 */ 2320 { -1, 180000 } /* SNR > 34 */ 2321 }; 2322 2323 static const struct minsnr_bitrate_entry vht80_table[] = { 2324 { 0, 0 }, 2325 { 8, 29300 }, /* VHT80 MCS0 */ 2326 { 11, 58500 }, /* VHT80 MCS1 */ 2327 { 15, 87800 }, /* VHT80 MCS2 */ 2328 { 17, 117000 }, /* VHT80 MCS3 */ 2329 { 21, 175500 }, /* VHT80 MCS4 */ 2330 { 24, 234000 }, /* VHT80 MCS5 */ 2331 { 26, 263300 }, /* VHT80 MCS6 */ 2332 { 31, 292500 }, /* VHT80 MCS7 */ 2333 { 35, 351000 }, /* VHT80 MCS8 */ 2334 { 37, 390000 }, /* VHT80 MCS9 */ 2335 { -1, 390000 } /* SNR > 37 */ 2336 }; 2337 2338 2339 static const struct minsnr_bitrate_entry vht160_table[] = { 2340 { 0, 0 }, 2341 { 11, 58500 }, /* VHT160 MCS0 */ 2342 { 14, 117000 }, /* VHT160 MCS1 */ 2343 { 18, 175500 }, /* VHT160 MCS2 */ 2344 { 20, 234000 }, /* VHT160 MCS3 */ 2345 { 24, 351000 }, /* VHT160 MCS4 */ 2346 { 27, 468000 }, /* VHT160 MCS5 */ 2347 { 29, 526500 }, /* VHT160 MCS6 */ 2348 { 34, 585000 }, /* VHT160 MCS7 */ 2349 { 38, 702000 }, /* VHT160 MCS8 */ 2350 { 40, 780000 }, /* VHT160 MCS9 */ 2351 { -1, 780000 } /* SNR > 37 */ 2352 }; 2353 2354 2355 static const struct minsnr_bitrate_entry he20_table[] = { 2356 { 0, 0 }, 2357 { 2, 8600 }, /* HE20 MCS0 */ 2358 { 5, 17200 }, /* HE20 MCS1 */ 2359 { 9, 25800 }, /* HE20 MCS2 */ 2360 { 11, 34400 }, /* HE20 MCS3 */ 2361 { 15, 51600 }, /* HE20 MCS4 */ 2362 { 18, 68800 }, /* HE20 MCS5 */ 2363 { 20, 77400 }, /* HE20 MCS6 */ 2364 { 25, 86000 }, /* HE20 MCS7 */ 2365 { 29, 103200 }, /* HE20 MCS8 */ 2366 { 31, 114700 }, /* HE20 MCS9 */ 2367 { 34, 129000 }, /* HE20 MCS10 */ 2368 { 36, 143400 }, /* HE20 MCS11 */ 2369 { -1, 143400 } /* SNR > 29 */ 2370 }; 2371 2372 static const struct minsnr_bitrate_entry he40_table[] = { 2373 { 0, 0 }, 2374 { 5, 17200 }, /* HE40 MCS0 */ 2375 { 8, 34400 }, /* HE40 MCS1 */ 2376 { 12, 51600 }, /* HE40 MCS2 */ 2377 { 14, 68800 }, /* HE40 MCS3 */ 2378 { 18, 103200 }, /* HE40 MCS4 */ 2379 { 21, 137600 }, /* HE40 MCS5 */ 2380 { 23, 154900 }, /* HE40 MCS6 */ 2381 { 28, 172100 }, /* HE40 MCS7 */ 2382 { 32, 206500 }, /* HE40 MCS8 */ 2383 { 34, 229400 }, /* HE40 MCS9 */ 2384 { 37, 258100 }, /* HE40 MCS10 */ 2385 { 39, 286800 }, /* HE40 MCS11 */ 2386 { -1, 286800 } /* SNR > 34 */ 2387 }; 2388 2389 static const struct minsnr_bitrate_entry he80_table[] = { 2390 { 0, 0 }, 2391 { 8, 36000 }, /* HE80 MCS0 */ 2392 { 11, 72100 }, /* HE80 MCS1 */ 2393 { 15, 108100 }, /* HE80 MCS2 */ 2394 { 17, 144100 }, /* HE80 MCS3 */ 2395 { 21, 216200 }, /* HE80 MCS4 */ 2396 { 24, 288200 }, /* HE80 MCS5 */ 2397 { 26, 324300 }, /* HE80 MCS6 */ 2398 { 31, 360300 }, /* HE80 MCS7 */ 2399 { 35, 432400 }, /* HE80 MCS8 */ 2400 { 37, 480400 }, /* HE80 MCS9 */ 2401 { 40, 540400 }, /* HE80 MCS10 */ 2402 { 42, 600500 }, /* HE80 MCS11 */ 2403 { -1, 600500 } /* SNR > 37 */ 2404 }; 2405 2406 2407 static const struct minsnr_bitrate_entry he160_table[] = { 2408 { 0, 0 }, 2409 { 11, 72100 }, /* HE160 MCS0 */ 2410 { 14, 144100 }, /* HE160 MCS1 */ 2411 { 18, 216200 }, /* HE160 MCS2 */ 2412 { 20, 288200 }, /* HE160 MCS3 */ 2413 { 24, 432400 }, /* HE160 MCS4 */ 2414 { 27, 576500 }, /* HE160 MCS5 */ 2415 { 29, 648500 }, /* HE160 MCS6 */ 2416 { 34, 720600 }, /* HE160 MCS7 */ 2417 { 38, 864700 }, /* HE160 MCS8 */ 2418 { 40, 960800 }, /* HE160 MCS9 */ 2419 { 43, 1080900 }, /* HE160 MCS10 */ 2420 { 45, 1201000 }, /* HE160 MCS11 */ 2421 { -1, 1201000 } /* SNR > 37 */ 2422 }; 2423 2424 2425 static unsigned int interpolate_rate(int snr, int snr0, int snr1, 2426 int rate0, int rate1) 2427 { 2428 return rate0 + (snr - snr0) * (rate1 - rate0) / (snr1 - snr0); 2429 } 2430 2431 2432 static unsigned int max_rate(const struct minsnr_bitrate_entry table[], 2433 int snr, bool vht) 2434 { 2435 const struct minsnr_bitrate_entry *prev, *entry = table; 2436 2437 while ((entry->minsnr != -1) && 2438 (snr >= entry->minsnr) && 2439 (vht || entry - table <= vht_mcs)) 2440 entry++; 2441 if (entry == table) 2442 return entry->bitrate; 2443 prev = entry - 1; 2444 if (entry->minsnr == -1 || (!vht && entry - table > vht_mcs)) 2445 return prev->bitrate; 2446 return interpolate_rate(snr, prev->minsnr, entry->minsnr, prev->bitrate, 2447 entry->bitrate); 2448 } 2449 2450 2451 static unsigned int max_ht20_rate(int snr, bool vht) 2452 { 2453 return max_rate(vht20_table, snr, vht); 2454 } 2455 2456 2457 static unsigned int max_ht40_rate(int snr, bool vht) 2458 { 2459 return max_rate(vht40_table, snr, vht); 2460 } 2461 2462 2463 static unsigned int max_vht80_rate(int snr) 2464 { 2465 return max_rate(vht80_table, snr, 1); 2466 } 2467 2468 2469 static unsigned int max_vht160_rate(int snr) 2470 { 2471 return max_rate(vht160_table, snr, 1); 2472 } 2473 2474 2475 static unsigned int max_he_rate(const struct minsnr_bitrate_entry table[], 2476 int snr) 2477 { 2478 const struct minsnr_bitrate_entry *prev, *entry = table; 2479 2480 while (entry->minsnr != -1 && snr >= entry->minsnr) 2481 entry++; 2482 if (entry == table) 2483 return 0; 2484 prev = entry - 1; 2485 if (entry->minsnr == -1) 2486 return prev->bitrate; 2487 return interpolate_rate(snr, prev->minsnr, entry->minsnr, 2488 prev->bitrate, entry->bitrate); 2489 } 2490 2491 2492 unsigned int wpas_get_est_tpt(const struct wpa_supplicant *wpa_s, 2493 const u8 *ies, size_t ies_len, int rate, 2494 int snr, int freq) 2495 { 2496 struct hostapd_hw_modes *hw_mode; 2497 unsigned int est, tmp; 2498 const u8 *ie; 2499 2500 /* Limit based on estimated SNR */ 2501 if (rate > 1 * 2 && snr < 1) 2502 rate = 1 * 2; 2503 else if (rate > 2 * 2 && snr < 4) 2504 rate = 2 * 2; 2505 else if (rate > 6 * 2 && snr < 5) 2506 rate = 6 * 2; 2507 else if (rate > 9 * 2 && snr < 6) 2508 rate = 9 * 2; 2509 else if (rate > 12 * 2 && snr < 7) 2510 rate = 12 * 2; 2511 else if (rate > 12 * 2 && snr < 8) 2512 rate = 14 * 2; 2513 else if (rate > 12 * 2 && snr < 9) 2514 rate = 16 * 2; 2515 else if (rate > 18 * 2 && snr < 10) 2516 rate = 18 * 2; 2517 else if (rate > 24 * 2 && snr < 11) 2518 rate = 24 * 2; 2519 else if (rate > 24 * 2 && snr < 12) 2520 rate = 27 * 2; 2521 else if (rate > 24 * 2 && snr < 13) 2522 rate = 30 * 2; 2523 else if (rate > 24 * 2 && snr < 14) 2524 rate = 33 * 2; 2525 else if (rate > 36 * 2 && snr < 15) 2526 rate = 36 * 2; 2527 else if (rate > 36 * 2 && snr < 16) 2528 rate = 39 * 2; 2529 else if (rate > 36 * 2 && snr < 17) 2530 rate = 42 * 2; 2531 else if (rate > 36 * 2 && snr < 18) 2532 rate = 45 * 2; 2533 else if (rate > 48 * 2 && snr < 19) 2534 rate = 48 * 2; 2535 else if (rate > 48 * 2 && snr < 20) 2536 rate = 51 * 2; 2537 else if (rate > 54 * 2 && snr < 21) 2538 rate = 54 * 2; 2539 est = rate * 500; 2540 2541 hw_mode = get_mode_with_freq(wpa_s->hw.modes, wpa_s->hw.num_modes, 2542 freq); 2543 2544 if (hw_mode && hw_mode->ht_capab) { 2545 ie = get_ie(ies, ies_len, WLAN_EID_HT_CAP); 2546 if (ie) { 2547 tmp = max_ht20_rate(snr, false); 2548 if (tmp > est) 2549 est = tmp; 2550 } 2551 } 2552 2553 if (hw_mode && 2554 (hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) { 2555 ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION); 2556 if (ie && ie[1] >= 2 && 2557 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2558 tmp = max_ht40_rate(snr, false); 2559 if (tmp > est) 2560 est = tmp; 2561 } 2562 } 2563 2564 if (hw_mode && hw_mode->vht_capab) { 2565 /* Use +1 to assume VHT is always faster than HT */ 2566 ie = get_ie(ies, ies_len, WLAN_EID_VHT_CAP); 2567 if (ie) { 2568 bool vht80 = false, vht160 = false; 2569 2570 tmp = max_ht20_rate(snr, true) + 1; 2571 if (tmp > est) 2572 est = tmp; 2573 2574 ie = get_ie(ies, ies_len, WLAN_EID_HT_OPERATION); 2575 if (ie && ie[1] >= 2 && 2576 (ie[3] & 2577 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 2578 tmp = max_ht40_rate(snr, true) + 1; 2579 if (tmp > est) 2580 est = tmp; 2581 } 2582 2583 /* Determine VHT BSS bandwidth based on IEEE Std 2584 * 802.11-2020, Table 11-23 (VHT BSs bandwidth) */ 2585 ie = get_ie(ies, ies_len, WLAN_EID_VHT_OPERATION); 2586 if (ie && ie[1] >= 3) { 2587 u8 cw = ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK; 2588 u8 seg0 = ie[3]; 2589 u8 seg1 = ie[4]; 2590 2591 if (cw) 2592 vht80 = true; 2593 if (cw == 2 || 2594 (cw == 3 && 2595 (seg1 > 0 && abs(seg1 - seg0) == 16))) 2596 vht160 = true; 2597 if (cw == 1 && 2598 ((seg1 > 0 && abs(seg1 - seg0) == 8) || 2599 (seg1 > 0 && abs(seg1 - seg0) == 16))) 2600 vht160 = true; 2601 } 2602 2603 if (vht80) { 2604 tmp = max_vht80_rate(snr) + 1; 2605 if (tmp > est) 2606 est = tmp; 2607 } 2608 2609 if (vht160 && 2610 (hw_mode->vht_capab & 2611 (VHT_CAP_SUPP_CHAN_WIDTH_160MHZ | 2612 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ))) { 2613 tmp = max_vht160_rate(snr) + 1; 2614 if (tmp > est) 2615 est = tmp; 2616 } 2617 } 2618 } 2619 2620 if (hw_mode && hw_mode->he_capab[IEEE80211_MODE_INFRA].he_supported) { 2621 /* Use +2 to assume HE is always faster than HT/VHT */ 2622 struct ieee80211_he_capabilities *he; 2623 struct he_capabilities *own_he; 2624 u8 cw; 2625 2626 ie = get_ie_ext(ies, ies_len, WLAN_EID_EXT_HE_CAPABILITIES); 2627 if (!ie || (ie[1] < 1 + IEEE80211_HE_CAPAB_MIN_LEN)) 2628 return est; 2629 he = (struct ieee80211_he_capabilities *) &ie[3]; 2630 own_he = &hw_mode->he_capab[IEEE80211_MODE_INFRA]; 2631 2632 tmp = max_he_rate(he20_table, snr) + 2; 2633 if (tmp > est) 2634 est = tmp; 2635 2636 cw = he->he_phy_capab_info[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] & 2637 own_he->phy_cap[HE_PHYCAP_CHANNEL_WIDTH_SET_IDX]; 2638 if (cw & 2639 (IS_2P4GHZ(freq) ? HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_IN_2G : 2640 HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) { 2641 tmp = max_he_rate(he40_table, snr) + 2; 2642 if (tmp > est) 2643 est = tmp; 2644 } 2645 2646 if (!IS_2P4GHZ(freq) && 2647 (cw & HE_PHYCAP_CHANNEL_WIDTH_SET_40MHZ_80MHZ_IN_5G)) { 2648 tmp = max_he_rate(he80_table, snr) + 2; 2649 if (tmp > est) 2650 est = tmp; 2651 } 2652 2653 if (!IS_2P4GHZ(freq) && 2654 (cw & (HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G | 2655 HE_PHYCAP_CHANNEL_WIDTH_SET_80PLUS80MHZ_IN_5G))) { 2656 tmp = max_he_rate(he160_table, snr) + 2; 2657 if (tmp > est) 2658 est = tmp; 2659 } 2660 } 2661 2662 return est; 2663 } 2664 2665 2666 void scan_est_throughput(struct wpa_supplicant *wpa_s, 2667 struct wpa_scan_res *res) 2668 { 2669 int rate; /* max legacy rate in 500 kb/s units */ 2670 int snr = res->snr; 2671 const u8 *ies = (const void *) (res + 1); 2672 size_t ie_len = res->ie_len; 2673 2674 if (res->est_throughput) 2675 return; 2676 2677 /* Get maximum legacy rate */ 2678 rate = wpa_scan_get_max_rate(res); 2679 2680 if (!ie_len) 2681 ie_len = res->beacon_ie_len; 2682 res->est_throughput = 2683 wpas_get_est_tpt(wpa_s, ies, ie_len, rate, snr, res->freq); 2684 2685 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2686 } 2687 2688 2689 /** 2690 * wpa_supplicant_get_scan_results - Get scan results 2691 * @wpa_s: Pointer to wpa_supplicant data 2692 * @info: Information about what was scanned or %NULL if not available 2693 * @new_scan: Whether a new scan was performed 2694 * Returns: Scan results, %NULL on failure 2695 * 2696 * This function request the current scan results from the driver and updates 2697 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2698 * results with wpa_scan_results_free(). 2699 */ 2700 struct wpa_scan_results * 2701 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2702 struct scan_info *info, int new_scan) 2703 { 2704 struct wpa_scan_results *scan_res; 2705 size_t i; 2706 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2707 2708 scan_res = wpa_drv_get_scan_results2(wpa_s); 2709 if (scan_res == NULL) { 2710 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2711 return NULL; 2712 } 2713 if (scan_res->fetch_time.sec == 0) { 2714 /* 2715 * Make sure we have a valid timestamp if the driver wrapper 2716 * does not set this. 2717 */ 2718 os_get_reltime(&scan_res->fetch_time); 2719 } 2720 filter_scan_res(wpa_s, scan_res); 2721 2722 for (i = 0; i < scan_res->num; i++) { 2723 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2724 2725 scan_snr(scan_res_item); 2726 scan_est_throughput(wpa_s, scan_res_item); 2727 } 2728 2729 #ifdef CONFIG_WPS 2730 if (wpas_wps_searching(wpa_s)) { 2731 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2732 "provisioning rules"); 2733 compar = wpa_scan_result_wps_compar; 2734 } 2735 #endif /* CONFIG_WPS */ 2736 2737 if (scan_res->res) { 2738 qsort(scan_res->res, scan_res->num, 2739 sizeof(struct wpa_scan_res *), compar); 2740 } 2741 dump_scan_res(scan_res); 2742 2743 if (wpa_s->ignore_post_flush_scan_res) { 2744 /* FLUSH command aborted an ongoing scan and these are the 2745 * results from the aborted scan. Do not process the results to 2746 * maintain flushed state. */ 2747 wpa_dbg(wpa_s, MSG_DEBUG, 2748 "Do not update BSS table based on pending post-FLUSH scan results"); 2749 wpa_s->ignore_post_flush_scan_res = 0; 2750 return scan_res; 2751 } 2752 2753 wpa_bss_update_start(wpa_s); 2754 for (i = 0; i < scan_res->num; i++) 2755 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2756 &scan_res->fetch_time); 2757 wpa_bss_update_end(wpa_s, info, new_scan); 2758 2759 return scan_res; 2760 } 2761 2762 2763 /** 2764 * wpa_supplicant_update_scan_results - Update scan results from the driver 2765 * @wpa_s: Pointer to wpa_supplicant data 2766 * Returns: 0 on success, -1 on failure 2767 * 2768 * This function updates the BSS table within wpa_supplicant based on the 2769 * currently available scan results from the driver without requesting a new 2770 * scan. This is used in cases where the driver indicates an association 2771 * (including roaming within ESS) and wpa_supplicant does not yet have the 2772 * needed information to complete the connection (e.g., to perform validation 2773 * steps in 4-way handshake). 2774 */ 2775 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2776 { 2777 struct wpa_scan_results *scan_res; 2778 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2779 if (scan_res == NULL) 2780 return -1; 2781 wpa_scan_results_free(scan_res); 2782 2783 return 0; 2784 } 2785 2786 2787 /** 2788 * scan_only_handler - Reports scan results 2789 */ 2790 void scan_only_handler(struct wpa_supplicant *wpa_s, 2791 struct wpa_scan_results *scan_res) 2792 { 2793 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2794 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2795 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2796 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2797 wpa_s->manual_scan_id); 2798 wpa_s->manual_scan_use_id = 0; 2799 } else { 2800 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2801 } 2802 wpas_notify_scan_results(wpa_s); 2803 wpas_notify_scan_done(wpa_s, 1); 2804 if (wpa_s->scan_work) { 2805 struct wpa_radio_work *work = wpa_s->scan_work; 2806 wpa_s->scan_work = NULL; 2807 radio_work_done(work); 2808 } 2809 2810 if (wpa_s->wpa_state == WPA_SCANNING) 2811 wpa_supplicant_set_state(wpa_s, wpa_s->scan_prev_wpa_state); 2812 } 2813 2814 2815 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2816 { 2817 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2818 } 2819 2820 2821 struct wpa_driver_scan_params * 2822 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2823 { 2824 struct wpa_driver_scan_params *params; 2825 size_t i; 2826 u8 *n; 2827 2828 params = os_zalloc(sizeof(*params)); 2829 if (params == NULL) 2830 return NULL; 2831 2832 for (i = 0; i < src->num_ssids; i++) { 2833 if (src->ssids[i].ssid) { 2834 n = os_memdup(src->ssids[i].ssid, 2835 src->ssids[i].ssid_len); 2836 if (n == NULL) 2837 goto failed; 2838 params->ssids[i].ssid = n; 2839 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2840 } 2841 } 2842 params->num_ssids = src->num_ssids; 2843 2844 if (src->extra_ies) { 2845 n = os_memdup(src->extra_ies, src->extra_ies_len); 2846 if (n == NULL) 2847 goto failed; 2848 params->extra_ies = n; 2849 params->extra_ies_len = src->extra_ies_len; 2850 } 2851 2852 if (src->freqs) { 2853 int len = int_array_len(src->freqs); 2854 params->freqs = os_memdup(src->freqs, (len + 1) * sizeof(int)); 2855 if (params->freqs == NULL) 2856 goto failed; 2857 } 2858 2859 if (src->filter_ssids) { 2860 params->filter_ssids = os_memdup(src->filter_ssids, 2861 sizeof(*params->filter_ssids) * 2862 src->num_filter_ssids); 2863 if (params->filter_ssids == NULL) 2864 goto failed; 2865 params->num_filter_ssids = src->num_filter_ssids; 2866 } 2867 2868 params->filter_rssi = src->filter_rssi; 2869 params->p2p_probe = src->p2p_probe; 2870 params->only_new_results = src->only_new_results; 2871 params->low_priority = src->low_priority; 2872 params->duration = src->duration; 2873 params->duration_mandatory = src->duration_mandatory; 2874 params->oce_scan = src->oce_scan; 2875 2876 if (src->sched_scan_plans_num > 0) { 2877 params->sched_scan_plans = 2878 os_memdup(src->sched_scan_plans, 2879 sizeof(*src->sched_scan_plans) * 2880 src->sched_scan_plans_num); 2881 if (!params->sched_scan_plans) 2882 goto failed; 2883 2884 params->sched_scan_plans_num = src->sched_scan_plans_num; 2885 } 2886 2887 if (src->mac_addr_rand && 2888 wpa_setup_mac_addr_rand_params(params, src->mac_addr)) 2889 goto failed; 2890 2891 if (src->bssid) { 2892 u8 *bssid; 2893 2894 bssid = os_memdup(src->bssid, ETH_ALEN); 2895 if (!bssid) 2896 goto failed; 2897 params->bssid = bssid; 2898 } 2899 2900 params->relative_rssi_set = src->relative_rssi_set; 2901 params->relative_rssi = src->relative_rssi; 2902 params->relative_adjust_band = src->relative_adjust_band; 2903 params->relative_adjust_rssi = src->relative_adjust_rssi; 2904 params->p2p_include_6ghz = src->p2p_include_6ghz; 2905 return params; 2906 2907 failed: 2908 wpa_scan_free_params(params); 2909 return NULL; 2910 } 2911 2912 2913 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2914 { 2915 size_t i; 2916 2917 if (params == NULL) 2918 return; 2919 2920 for (i = 0; i < params->num_ssids; i++) 2921 os_free((u8 *) params->ssids[i].ssid); 2922 os_free((u8 *) params->extra_ies); 2923 os_free(params->freqs); 2924 os_free(params->filter_ssids); 2925 os_free(params->sched_scan_plans); 2926 2927 /* 2928 * Note: params->mac_addr_mask points to same memory allocation and 2929 * must not be freed separately. 2930 */ 2931 os_free((u8 *) params->mac_addr); 2932 2933 os_free((u8 *) params->bssid); 2934 2935 os_free(params); 2936 } 2937 2938 2939 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2940 { 2941 int ret; 2942 size_t prio, i, num_ssid, num_match_ssid; 2943 struct wpa_ssid *ssid; 2944 struct wpa_driver_scan_params params; 2945 struct sched_scan_plan scan_plan; 2946 unsigned int max_sched_scan_ssids; 2947 2948 if (!wpa_s->sched_scan_supported) 2949 return -1; 2950 2951 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 2952 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 2953 else 2954 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 2955 if (max_sched_scan_ssids < 1) 2956 return -1; 2957 2958 if (wpa_s->pno || wpa_s->pno_sched_pending) 2959 return 0; 2960 2961 if ((wpa_s->wpa_state > WPA_SCANNING) && 2962 (wpa_s->wpa_state < WPA_COMPLETED)) { 2963 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2964 return -EAGAIN; 2965 } 2966 2967 if (wpa_s->wpa_state == WPA_SCANNING) { 2968 wpa_supplicant_cancel_scan(wpa_s); 2969 if (wpa_s->sched_scanning) { 2970 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2971 "ongoing sched scan"); 2972 wpa_supplicant_cancel_sched_scan(wpa_s); 2973 wpa_s->pno_sched_pending = 1; 2974 return 0; 2975 } 2976 } 2977 2978 if (wpa_s->sched_scan_stop_req) { 2979 wpa_printf(MSG_DEBUG, 2980 "Schedule PNO after previous sched scan has stopped"); 2981 wpa_s->pno_sched_pending = 1; 2982 return 0; 2983 } 2984 2985 os_memset(¶ms, 0, sizeof(params)); 2986 2987 num_ssid = num_match_ssid = 0; 2988 ssid = wpa_s->conf->ssid; 2989 while (ssid) { 2990 if (!wpas_network_disabled(wpa_s, ssid)) { 2991 num_match_ssid++; 2992 if (ssid->scan_ssid) 2993 num_ssid++; 2994 } 2995 ssid = ssid->next; 2996 } 2997 2998 if (num_match_ssid == 0) { 2999 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 3000 return -1; 3001 } 3002 3003 if (num_match_ssid > num_ssid) { 3004 params.num_ssids++; /* wildcard */ 3005 num_ssid++; 3006 } 3007 3008 if (num_ssid > max_sched_scan_ssids) { 3009 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 3010 "%u", max_sched_scan_ssids, (unsigned int) num_ssid); 3011 num_ssid = max_sched_scan_ssids; 3012 } 3013 3014 if (num_match_ssid > wpa_s->max_match_sets) { 3015 num_match_ssid = wpa_s->max_match_sets; 3016 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 3017 } 3018 params.filter_ssids = os_calloc(num_match_ssid, 3019 sizeof(struct wpa_driver_scan_filter)); 3020 if (params.filter_ssids == NULL) 3021 return -1; 3022 3023 i = 0; 3024 prio = 0; 3025 ssid = wpa_s->conf->pssid[prio]; 3026 while (ssid) { 3027 if (!wpas_network_disabled(wpa_s, ssid)) { 3028 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 3029 params.ssids[params.num_ssids].ssid = 3030 ssid->ssid; 3031 params.ssids[params.num_ssids].ssid_len = 3032 ssid->ssid_len; 3033 params.num_ssids++; 3034 } 3035 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 3036 ssid->ssid_len); 3037 params.filter_ssids[i].ssid_len = ssid->ssid_len; 3038 params.num_filter_ssids++; 3039 i++; 3040 if (i == num_match_ssid) 3041 break; 3042 } 3043 if (ssid->pnext) 3044 ssid = ssid->pnext; 3045 else if (prio + 1 == wpa_s->conf->num_prio) 3046 break; 3047 else 3048 ssid = wpa_s->conf->pssid[++prio]; 3049 } 3050 3051 if (wpa_s->conf->filter_rssi) 3052 params.filter_rssi = wpa_s->conf->filter_rssi; 3053 3054 if (wpa_s->sched_scan_plans_num) { 3055 params.sched_scan_plans = wpa_s->sched_scan_plans; 3056 params.sched_scan_plans_num = wpa_s->sched_scan_plans_num; 3057 } else { 3058 /* Set one scan plan that will run infinitely */ 3059 if (wpa_s->conf->sched_scan_interval) 3060 scan_plan.interval = wpa_s->conf->sched_scan_interval; 3061 else 3062 scan_plan.interval = 10; 3063 3064 scan_plan.iterations = 0; 3065 params.sched_scan_plans = &scan_plan; 3066 params.sched_scan_plans_num = 1; 3067 } 3068 3069 params.sched_scan_start_delay = wpa_s->conf->sched_scan_start_delay; 3070 3071 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 3072 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 3073 params.freqs = wpa_s->manual_sched_scan_freqs; 3074 } 3075 3076 if ((wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) && 3077 wpa_s->wpa_state <= WPA_SCANNING) 3078 wpa_setup_mac_addr_rand_params(¶ms, wpa_s->mac_addr_pno); 3079 3080 wpa_scan_set_relative_rssi_params(wpa_s, ¶ms); 3081 3082 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms); 3083 os_free(params.filter_ssids); 3084 os_free(params.mac_addr); 3085 if (ret == 0) 3086 wpa_s->pno = 1; 3087 else 3088 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 3089 return ret; 3090 } 3091 3092 3093 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 3094 { 3095 int ret = 0; 3096 3097 if (!wpa_s->pno) 3098 return 0; 3099 3100 ret = wpa_supplicant_stop_sched_scan(wpa_s); 3101 wpa_s->sched_scan_stop_req = 1; 3102 3103 wpa_s->pno = 0; 3104 wpa_s->pno_sched_pending = 0; 3105 3106 if (wpa_s->wpa_state == WPA_SCANNING) 3107 wpa_supplicant_req_scan(wpa_s, 0, 0); 3108 3109 return ret; 3110 } 3111 3112 3113 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 3114 unsigned int type) 3115 { 3116 type &= MAC_ADDR_RAND_ALL; 3117 wpa_s->mac_addr_rand_enable &= ~type; 3118 3119 if (type & MAC_ADDR_RAND_SCAN) { 3120 os_free(wpa_s->mac_addr_scan); 3121 wpa_s->mac_addr_scan = NULL; 3122 } 3123 3124 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 3125 os_free(wpa_s->mac_addr_sched_scan); 3126 wpa_s->mac_addr_sched_scan = NULL; 3127 } 3128 3129 if (type & MAC_ADDR_RAND_PNO) { 3130 os_free(wpa_s->mac_addr_pno); 3131 wpa_s->mac_addr_pno = NULL; 3132 } 3133 } 3134 3135 3136 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 3137 unsigned int type, const u8 *addr, 3138 const u8 *mask) 3139 { 3140 u8 *tmp = NULL; 3141 3142 if ((wpa_s->mac_addr_rand_supported & type) != type ) { 3143 wpa_printf(MSG_INFO, 3144 "scan: MAC randomization type %u != supported=%u", 3145 type, wpa_s->mac_addr_rand_supported); 3146 return -1; 3147 } 3148 3149 wpas_mac_addr_rand_scan_clear(wpa_s, type); 3150 3151 if (addr) { 3152 tmp = os_malloc(2 * ETH_ALEN); 3153 if (!tmp) 3154 return -1; 3155 os_memcpy(tmp, addr, ETH_ALEN); 3156 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 3157 } 3158 3159 if (type == MAC_ADDR_RAND_SCAN) { 3160 wpa_s->mac_addr_scan = tmp; 3161 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 3162 wpa_s->mac_addr_sched_scan = tmp; 3163 } else if (type == MAC_ADDR_RAND_PNO) { 3164 wpa_s->mac_addr_pno = tmp; 3165 } else { 3166 wpa_printf(MSG_INFO, 3167 "scan: Invalid MAC randomization type=0x%x", 3168 type); 3169 os_free(tmp); 3170 return -1; 3171 } 3172 3173 wpa_s->mac_addr_rand_enable |= type; 3174 return 0; 3175 } 3176 3177 3178 int wpas_mac_addr_rand_scan_get_mask(struct wpa_supplicant *wpa_s, 3179 unsigned int type, u8 *mask) 3180 { 3181 const u8 *to_copy; 3182 3183 if ((wpa_s->mac_addr_rand_enable & type) != type) 3184 return -1; 3185 3186 if (type == MAC_ADDR_RAND_SCAN) { 3187 to_copy = wpa_s->mac_addr_scan; 3188 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 3189 to_copy = wpa_s->mac_addr_sched_scan; 3190 } else if (type == MAC_ADDR_RAND_PNO) { 3191 to_copy = wpa_s->mac_addr_pno; 3192 } else { 3193 wpa_printf(MSG_DEBUG, 3194 "scan: Invalid MAC randomization type=0x%x", 3195 type); 3196 return -1; 3197 } 3198 3199 os_memcpy(mask, to_copy + ETH_ALEN, ETH_ALEN); 3200 return 0; 3201 } 3202 3203 3204 int wpas_abort_ongoing_scan(struct wpa_supplicant *wpa_s) 3205 { 3206 struct wpa_radio_work *work; 3207 struct wpa_radio *radio = wpa_s->radio; 3208 3209 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) { 3210 if (work->wpa_s != wpa_s || !work->started || 3211 (os_strcmp(work->type, "scan") != 0 && 3212 os_strcmp(work->type, "p2p-scan") != 0)) 3213 continue; 3214 wpa_dbg(wpa_s, MSG_DEBUG, "Abort an ongoing scan"); 3215 return wpa_drv_abort_scan(wpa_s, wpa_s->curr_scan_cookie); 3216 } 3217 3218 wpa_dbg(wpa_s, MSG_DEBUG, "No ongoing scan/p2p-scan found to abort"); 3219 return -1; 3220 } 3221 3222 3223 int wpas_sched_scan_plans_set(struct wpa_supplicant *wpa_s, const char *cmd) 3224 { 3225 struct sched_scan_plan *scan_plans = NULL; 3226 const char *token, *context = NULL; 3227 unsigned int num = 0; 3228 3229 if (!cmd) 3230 return -1; 3231 3232 if (!cmd[0]) { 3233 wpa_printf(MSG_DEBUG, "Clear sched scan plans"); 3234 os_free(wpa_s->sched_scan_plans); 3235 wpa_s->sched_scan_plans = NULL; 3236 wpa_s->sched_scan_plans_num = 0; 3237 return 0; 3238 } 3239 3240 while ((token = cstr_token(cmd, " ", &context))) { 3241 int ret; 3242 struct sched_scan_plan *scan_plan, *n; 3243 3244 n = os_realloc_array(scan_plans, num + 1, sizeof(*scan_plans)); 3245 if (!n) 3246 goto fail; 3247 3248 scan_plans = n; 3249 scan_plan = &scan_plans[num]; 3250 num++; 3251 3252 ret = sscanf(token, "%u:%u", &scan_plan->interval, 3253 &scan_plan->iterations); 3254 if (ret <= 0 || ret > 2 || !scan_plan->interval) { 3255 wpa_printf(MSG_ERROR, 3256 "Invalid sched scan plan input: %s", token); 3257 goto fail; 3258 } 3259 3260 if (scan_plan->interval > wpa_s->max_sched_scan_plan_interval) { 3261 wpa_printf(MSG_WARNING, 3262 "scan plan %u: Scan interval too long(%u), use the maximum allowed(%u)", 3263 num, scan_plan->interval, 3264 wpa_s->max_sched_scan_plan_interval); 3265 scan_plan->interval = 3266 wpa_s->max_sched_scan_plan_interval; 3267 } 3268 3269 if (ret == 1) { 3270 scan_plan->iterations = 0; 3271 break; 3272 } 3273 3274 if (!scan_plan->iterations) { 3275 wpa_printf(MSG_ERROR, 3276 "scan plan %u: Number of iterations cannot be zero", 3277 num); 3278 goto fail; 3279 } 3280 3281 if (scan_plan->iterations > 3282 wpa_s->max_sched_scan_plan_iterations) { 3283 wpa_printf(MSG_WARNING, 3284 "scan plan %u: Too many iterations(%u), use the maximum allowed(%u)", 3285 num, scan_plan->iterations, 3286 wpa_s->max_sched_scan_plan_iterations); 3287 scan_plan->iterations = 3288 wpa_s->max_sched_scan_plan_iterations; 3289 } 3290 3291 wpa_printf(MSG_DEBUG, 3292 "scan plan %u: interval=%u iterations=%u", 3293 num, scan_plan->interval, scan_plan->iterations); 3294 } 3295 3296 if (!scan_plans) { 3297 wpa_printf(MSG_ERROR, "Invalid scan plans entry"); 3298 goto fail; 3299 } 3300 3301 if (cstr_token(cmd, " ", &context) || scan_plans[num - 1].iterations) { 3302 wpa_printf(MSG_ERROR, 3303 "All scan plans but the last must specify a number of iterations"); 3304 goto fail; 3305 } 3306 3307 wpa_printf(MSG_DEBUG, "scan plan %u (last plan): interval=%u", 3308 num, scan_plans[num - 1].interval); 3309 3310 if (num > wpa_s->max_sched_scan_plans) { 3311 wpa_printf(MSG_WARNING, 3312 "Too many scheduled scan plans (only %u supported)", 3313 wpa_s->max_sched_scan_plans); 3314 wpa_printf(MSG_WARNING, 3315 "Use only the first %u scan plans, and the last one (in infinite loop)", 3316 wpa_s->max_sched_scan_plans - 1); 3317 os_memcpy(&scan_plans[wpa_s->max_sched_scan_plans - 1], 3318 &scan_plans[num - 1], sizeof(*scan_plans)); 3319 num = wpa_s->max_sched_scan_plans; 3320 } 3321 3322 os_free(wpa_s->sched_scan_plans); 3323 wpa_s->sched_scan_plans = scan_plans; 3324 wpa_s->sched_scan_plans_num = num; 3325 3326 return 0; 3327 3328 fail: 3329 os_free(scan_plans); 3330 wpa_printf(MSG_ERROR, "invalid scan plans list"); 3331 return -1; 3332 } 3333 3334 3335 /** 3336 * wpas_scan_reset_sched_scan - Reset sched_scan state 3337 * @wpa_s: Pointer to wpa_supplicant data 3338 * 3339 * This function is used to cancel a running scheduled scan and to reset an 3340 * internal scan state to continue with a regular scan on the following 3341 * wpa_supplicant_req_scan() calls. 3342 */ 3343 void wpas_scan_reset_sched_scan(struct wpa_supplicant *wpa_s) 3344 { 3345 wpa_s->normal_scans = 0; 3346 if (wpa_s->sched_scanning) { 3347 wpa_s->sched_scan_timed_out = 0; 3348 wpa_s->prev_sched_ssid = NULL; 3349 wpa_supplicant_cancel_sched_scan(wpa_s); 3350 } 3351 } 3352 3353 3354 void wpas_scan_restart_sched_scan(struct wpa_supplicant *wpa_s) 3355 { 3356 /* simulate timeout to restart the sched scan */ 3357 wpa_s->sched_scan_timed_out = 1; 3358 wpa_s->prev_sched_ssid = NULL; 3359 wpa_supplicant_cancel_sched_scan(wpa_s); 3360 } 3361