1 /* 2 * WPA Supplicant - Scanning 3 * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/wpa_ctrl.h" 15 #include "config.h" 16 #include "wpa_supplicant_i.h" 17 #include "driver_i.h" 18 #include "wps_supplicant.h" 19 #include "p2p_supplicant.h" 20 #include "p2p/p2p.h" 21 #include "hs20_supplicant.h" 22 #include "notify.h" 23 #include "bss.h" 24 #include "scan.h" 25 #include "mesh.h" 26 27 28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s) 29 { 30 struct wpa_ssid *ssid; 31 union wpa_event_data data; 32 33 ssid = wpa_supplicant_get_ssid(wpa_s); 34 if (ssid == NULL) 35 return; 36 37 if (wpa_s->current_ssid == NULL) { 38 wpa_s->current_ssid = ssid; 39 if (wpa_s->current_ssid != NULL) 40 wpas_notify_network_changed(wpa_s); 41 } 42 wpa_supplicant_initiate_eapol(wpa_s); 43 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured " 44 "network - generating associated event"); 45 os_memset(&data, 0, sizeof(data)); 46 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data); 47 } 48 49 50 #ifdef CONFIG_WPS 51 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s, 52 enum wps_request_type *req_type) 53 { 54 struct wpa_ssid *ssid; 55 int wps = 0; 56 57 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 58 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS)) 59 continue; 60 61 wps = 1; 62 *req_type = wpas_wps_get_req_type(ssid); 63 if (!ssid->eap.phase1) 64 continue; 65 66 if (os_strstr(ssid->eap.phase1, "pbc=1")) 67 return 2; 68 } 69 70 #ifdef CONFIG_P2P 71 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p && 72 !wpa_s->conf->p2p_disabled) { 73 wpa_s->wps->dev.p2p = 1; 74 if (!wps) { 75 wps = 1; 76 *req_type = WPS_REQ_ENROLLEE_INFO; 77 } 78 } 79 #endif /* CONFIG_P2P */ 80 81 return wps; 82 } 83 #endif /* CONFIG_WPS */ 84 85 86 /** 87 * wpa_supplicant_enabled_networks - Check whether there are enabled networks 88 * @wpa_s: Pointer to wpa_supplicant data 89 * Returns: 0 if no networks are enabled, >0 if networks are enabled 90 * 91 * This function is used to figure out whether any networks (or Interworking 92 * with enabled credentials and auto_interworking) are present in the current 93 * configuration. 94 */ 95 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s) 96 { 97 struct wpa_ssid *ssid = wpa_s->conf->ssid; 98 int count = 0, disabled = 0; 99 100 if (wpa_s->p2p_mgmt) 101 return 0; /* no normal network profiles on p2p_mgmt interface */ 102 103 while (ssid) { 104 if (!wpas_network_disabled(wpa_s, ssid)) 105 count++; 106 else 107 disabled++; 108 ssid = ssid->next; 109 } 110 if (wpa_s->conf->cred && wpa_s->conf->interworking && 111 wpa_s->conf->auto_interworking) 112 count++; 113 if (count == 0 && disabled > 0) { 114 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled " 115 "networks)", disabled); 116 } 117 return count; 118 } 119 120 121 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s, 122 struct wpa_ssid *ssid) 123 { 124 while (ssid) { 125 if (!wpas_network_disabled(wpa_s, ssid)) 126 break; 127 ssid = ssid->next; 128 } 129 130 /* ap_scan=2 mode - try to associate with each SSID. */ 131 if (ssid == NULL) { 132 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached " 133 "end of scan list - go back to beginning"); 134 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 135 wpa_supplicant_req_scan(wpa_s, 0, 0); 136 return; 137 } 138 if (ssid->next) { 139 /* Continue from the next SSID on the next attempt. */ 140 wpa_s->prev_scan_ssid = ssid; 141 } else { 142 /* Start from the beginning of the SSID list. */ 143 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 144 } 145 wpa_supplicant_associate(wpa_s, NULL, ssid); 146 } 147 148 149 static void wpas_trigger_scan_cb(struct wpa_radio_work *work, int deinit) 150 { 151 struct wpa_supplicant *wpa_s = work->wpa_s; 152 struct wpa_driver_scan_params *params = work->ctx; 153 int ret; 154 155 if (deinit) { 156 if (!work->started) { 157 wpa_scan_free_params(params); 158 return; 159 } 160 wpa_supplicant_notify_scanning(wpa_s, 0); 161 wpas_notify_scan_done(wpa_s, 0); 162 wpa_s->scan_work = NULL; 163 return; 164 } 165 166 if (wpas_update_random_addr_disassoc(wpa_s) < 0) { 167 wpa_msg(wpa_s, MSG_INFO, 168 "Failed to assign random MAC address for a scan"); 169 radio_work_done(work); 170 return; 171 } 172 173 wpa_supplicant_notify_scanning(wpa_s, 1); 174 175 if (wpa_s->clear_driver_scan_cache) { 176 wpa_printf(MSG_DEBUG, 177 "Request driver to clear scan cache due to local BSS flush"); 178 params->only_new_results = 1; 179 } 180 ret = wpa_drv_scan(wpa_s, params); 181 wpa_scan_free_params(params); 182 work->ctx = NULL; 183 if (ret) { 184 int retry = wpa_s->last_scan_req != MANUAL_SCAN_REQ; 185 186 if (wpa_s->disconnected) 187 retry = 0; 188 189 wpa_supplicant_notify_scanning(wpa_s, 0); 190 wpas_notify_scan_done(wpa_s, 0); 191 if (wpa_s->wpa_state == WPA_SCANNING) 192 wpa_supplicant_set_state(wpa_s, 193 wpa_s->scan_prev_wpa_state); 194 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_FAILED "ret=%d%s", 195 ret, retry ? " retry=1" : ""); 196 radio_work_done(work); 197 198 if (retry) { 199 /* Restore scan_req since we will try to scan again */ 200 wpa_s->scan_req = wpa_s->last_scan_req; 201 wpa_supplicant_req_scan(wpa_s, 1, 0); 202 } 203 return; 204 } 205 206 os_get_reltime(&wpa_s->scan_trigger_time); 207 wpa_s->scan_runs++; 208 wpa_s->normal_scans++; 209 wpa_s->own_scan_requested = 1; 210 wpa_s->clear_driver_scan_cache = 0; 211 wpa_s->scan_work = work; 212 } 213 214 215 /** 216 * wpa_supplicant_trigger_scan - Request driver to start a scan 217 * @wpa_s: Pointer to wpa_supplicant data 218 * @params: Scan parameters 219 * Returns: 0 on success, -1 on failure 220 */ 221 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s, 222 struct wpa_driver_scan_params *params) 223 { 224 struct wpa_driver_scan_params *ctx; 225 226 if (wpa_s->scan_work) { 227 wpa_dbg(wpa_s, MSG_INFO, "Reject scan trigger since one is already pending"); 228 return -1; 229 } 230 231 ctx = wpa_scan_clone_params(params); 232 if (ctx == NULL) 233 return -1; 234 235 if (radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx) < 0) 236 { 237 wpa_scan_free_params(ctx); 238 return -1; 239 } 240 241 return 0; 242 } 243 244 245 static void 246 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 247 { 248 struct wpa_supplicant *wpa_s = eloop_ctx; 249 250 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan"); 251 252 if (wpa_supplicant_req_sched_scan(wpa_s)) 253 wpa_supplicant_req_scan(wpa_s, 0, 0); 254 } 255 256 257 static void 258 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx) 259 { 260 struct wpa_supplicant *wpa_s = eloop_ctx; 261 262 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it"); 263 264 wpa_s->sched_scan_timed_out = 1; 265 wpa_supplicant_cancel_sched_scan(wpa_s); 266 } 267 268 269 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s, 270 struct wpa_driver_scan_params *params, 271 int interval) 272 { 273 int ret; 274 275 wpa_supplicant_notify_scanning(wpa_s, 1); 276 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000); 277 if (ret) 278 wpa_supplicant_notify_scanning(wpa_s, 0); 279 else 280 wpa_s->sched_scanning = 1; 281 282 return ret; 283 } 284 285 286 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s) 287 { 288 int ret; 289 290 ret = wpa_drv_stop_sched_scan(wpa_s); 291 if (ret) { 292 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!"); 293 /* TODO: what to do if stopping fails? */ 294 return -1; 295 } 296 297 return ret; 298 } 299 300 301 static struct wpa_driver_scan_filter * 302 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids) 303 { 304 struct wpa_driver_scan_filter *ssids; 305 struct wpa_ssid *ssid; 306 size_t count; 307 308 *num_ssids = 0; 309 if (!conf->filter_ssids) 310 return NULL; 311 312 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) { 313 if (ssid->ssid && ssid->ssid_len) 314 count++; 315 } 316 if (count == 0) 317 return NULL; 318 ssids = os_calloc(count, sizeof(struct wpa_driver_scan_filter)); 319 if (ssids == NULL) 320 return NULL; 321 322 for (ssid = conf->ssid; ssid; ssid = ssid->next) { 323 if (!ssid->ssid || !ssid->ssid_len) 324 continue; 325 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len); 326 ssids[*num_ssids].ssid_len = ssid->ssid_len; 327 (*num_ssids)++; 328 } 329 330 return ssids; 331 } 332 333 334 static void wpa_supplicant_optimize_freqs( 335 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params) 336 { 337 #ifdef CONFIG_P2P 338 if (params->freqs == NULL && wpa_s->p2p_in_provisioning && 339 wpa_s->go_params) { 340 /* Optimize provisioning state scan based on GO information */ 341 if (wpa_s->p2p_in_provisioning < 5 && 342 wpa_s->go_params->freq > 0) { 343 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO " 344 "preferred frequency %d MHz", 345 wpa_s->go_params->freq); 346 params->freqs = os_calloc(2, sizeof(int)); 347 if (params->freqs) 348 params->freqs[0] = wpa_s->go_params->freq; 349 } else if (wpa_s->p2p_in_provisioning < 8 && 350 wpa_s->go_params->freq_list[0]) { 351 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common " 352 "channels"); 353 int_array_concat(¶ms->freqs, 354 wpa_s->go_params->freq_list); 355 if (params->freqs) 356 int_array_sort_unique(params->freqs); 357 } 358 wpa_s->p2p_in_provisioning++; 359 } 360 361 if (params->freqs == NULL && wpa_s->p2p_in_invitation) { 362 /* 363 * Optimize scan based on GO information during persistent 364 * group reinvocation 365 */ 366 if (wpa_s->p2p_in_invitation < 5 && 367 wpa_s->p2p_invite_go_freq > 0) { 368 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO preferred frequency %d MHz during invitation", 369 wpa_s->p2p_invite_go_freq); 370 params->freqs = os_calloc(2, sizeof(int)); 371 if (params->freqs) 372 params->freqs[0] = wpa_s->p2p_invite_go_freq; 373 } 374 wpa_s->p2p_in_invitation++; 375 if (wpa_s->p2p_in_invitation > 20) { 376 /* 377 * This should not really happen since the variable is 378 * cleared on group removal, but if it does happen, make 379 * sure we do not get stuck in special invitation scan 380 * mode. 381 */ 382 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Clear p2p_in_invitation"); 383 wpa_s->p2p_in_invitation = 0; 384 } 385 } 386 #endif /* CONFIG_P2P */ 387 388 #ifdef CONFIG_WPS 389 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) { 390 /* 391 * Optimize post-provisioning scan based on channel used 392 * during provisioning. 393 */ 394 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz " 395 "that was used during provisioning", wpa_s->wps_freq); 396 params->freqs = os_calloc(2, sizeof(int)); 397 if (params->freqs) 398 params->freqs[0] = wpa_s->wps_freq; 399 wpa_s->after_wps--; 400 } else if (wpa_s->after_wps) 401 wpa_s->after_wps--; 402 403 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq) 404 { 405 /* Optimize provisioning scan based on already known channel */ 406 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz", 407 wpa_s->wps_freq); 408 params->freqs = os_calloc(2, sizeof(int)); 409 if (params->freqs) 410 params->freqs[0] = wpa_s->wps_freq; 411 wpa_s->known_wps_freq = 0; /* only do this once */ 412 } 413 #endif /* CONFIG_WPS */ 414 } 415 416 417 #ifdef CONFIG_INTERWORKING 418 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s, 419 struct wpabuf *buf) 420 { 421 if (wpa_s->conf->interworking == 0) 422 return; 423 424 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB); 425 wpabuf_put_u8(buf, 6); 426 wpabuf_put_u8(buf, 0x00); 427 wpabuf_put_u8(buf, 0x00); 428 wpabuf_put_u8(buf, 0x00); 429 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */ 430 wpabuf_put_u8(buf, 0x00); 431 #ifdef CONFIG_HS20 432 wpabuf_put_u8(buf, 0x40); /* Bit 46 - WNM-Notification */ 433 #else /* CONFIG_HS20 */ 434 wpabuf_put_u8(buf, 0x00); 435 #endif /* CONFIG_HS20 */ 436 437 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING); 438 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 : 439 1 + ETH_ALEN); 440 wpabuf_put_u8(buf, wpa_s->conf->access_network_type); 441 /* No Venue Info */ 442 if (!is_zero_ether_addr(wpa_s->conf->hessid)) 443 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN); 444 } 445 #endif /* CONFIG_INTERWORKING */ 446 447 448 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s) 449 { 450 struct wpabuf *extra_ie = NULL; 451 #ifdef CONFIG_WPS 452 int wps = 0; 453 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO; 454 #endif /* CONFIG_WPS */ 455 456 #ifdef CONFIG_INTERWORKING 457 if (wpa_s->conf->interworking && 458 wpabuf_resize(&extra_ie, 100) == 0) 459 wpas_add_interworking_elements(wpa_s, extra_ie); 460 #endif /* CONFIG_INTERWORKING */ 461 462 #ifdef CONFIG_WPS 463 wps = wpas_wps_in_use(wpa_s, &req_type); 464 465 if (wps) { 466 struct wpabuf *wps_ie; 467 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON : 468 DEV_PW_DEFAULT, 469 &wpa_s->wps->dev, 470 wpa_s->wps->uuid, req_type, 471 0, NULL); 472 if (wps_ie) { 473 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0) 474 wpabuf_put_buf(extra_ie, wps_ie); 475 wpabuf_free(wps_ie); 476 } 477 } 478 479 #ifdef CONFIG_P2P 480 if (wps) { 481 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p); 482 if (wpabuf_resize(&extra_ie, ielen) == 0) 483 wpas_p2p_scan_ie(wpa_s, extra_ie); 484 } 485 #endif /* CONFIG_P2P */ 486 487 wpa_supplicant_mesh_add_scan_ie(wpa_s, &extra_ie); 488 489 #endif /* CONFIG_WPS */ 490 491 #ifdef CONFIG_HS20 492 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0) 493 wpas_hs20_add_indication(extra_ie, -1); 494 #endif /* CONFIG_HS20 */ 495 496 return extra_ie; 497 } 498 499 500 #ifdef CONFIG_P2P 501 502 /* 503 * Check whether there are any enabled networks or credentials that could be 504 * used for a non-P2P connection. 505 */ 506 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s) 507 { 508 struct wpa_ssid *ssid; 509 510 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 511 if (wpas_network_disabled(wpa_s, ssid)) 512 continue; 513 if (!ssid->p2p_group) 514 return 1; 515 } 516 517 if (wpa_s->conf->cred && wpa_s->conf->interworking && 518 wpa_s->conf->auto_interworking) 519 return 1; 520 521 return 0; 522 } 523 524 #endif /* CONFIG_P2P */ 525 526 527 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 528 u16 num_modes, 529 enum hostapd_hw_mode mode) 530 { 531 u16 i; 532 533 for (i = 0; i < num_modes; i++) { 534 if (modes[i].mode == mode) 535 return &modes[i]; 536 } 537 538 return NULL; 539 } 540 541 542 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 543 enum hostapd_hw_mode band, 544 struct wpa_driver_scan_params *params) 545 { 546 /* Include only supported channels for the specified band */ 547 struct hostapd_hw_modes *mode; 548 int count, i; 549 550 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 551 if (mode == NULL) { 552 /* No channels supported in this band - use empty list */ 553 params->freqs = os_zalloc(sizeof(int)); 554 return; 555 } 556 557 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 558 if (params->freqs == NULL) 559 return; 560 for (count = 0, i = 0; i < mode->num_channels; i++) { 561 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 562 continue; 563 params->freqs[count++] = mode->channels[i].freq; 564 } 565 } 566 567 568 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s, 569 struct wpa_driver_scan_params *params) 570 { 571 if (wpa_s->hw.modes == NULL) 572 return; /* unknown what channels the driver supports */ 573 if (params->freqs) 574 return; /* already using a limited channel set */ 575 if (wpa_s->setband == WPA_SETBAND_5G) 576 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A, 577 params); 578 else if (wpa_s->setband == WPA_SETBAND_2G) 579 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, 580 params); 581 } 582 583 584 static void wpa_set_scan_ssids(struct wpa_supplicant *wpa_s, 585 struct wpa_driver_scan_params *params, 586 size_t max_ssids) 587 { 588 unsigned int i; 589 struct wpa_ssid *ssid; 590 591 for (i = 0; i < wpa_s->scan_id_count; i++) { 592 unsigned int j; 593 594 ssid = wpa_config_get_network(wpa_s->conf, wpa_s->scan_id[i]); 595 if (!ssid || !ssid->scan_ssid) 596 continue; 597 598 for (j = 0; j < params->num_ssids; j++) { 599 if (params->ssids[j].ssid_len == ssid->ssid_len && 600 params->ssids[j].ssid && 601 os_memcmp(params->ssids[j].ssid, ssid->ssid, 602 ssid->ssid_len) == 0) 603 break; 604 } 605 if (j < params->num_ssids) 606 continue; /* already in the list */ 607 608 if (params->num_ssids + 1 > max_ssids) { 609 wpa_printf(MSG_DEBUG, 610 "Over max scan SSIDs for manual request"); 611 break; 612 } 613 614 wpa_printf(MSG_DEBUG, "Scan SSID (manual request): %s", 615 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 616 params->ssids[params->num_ssids].ssid = ssid->ssid; 617 params->ssids[params->num_ssids].ssid_len = ssid->ssid_len; 618 params->num_ssids++; 619 } 620 621 wpa_s->scan_id_count = 0; 622 } 623 624 625 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx) 626 { 627 struct wpa_supplicant *wpa_s = eloop_ctx; 628 struct wpa_ssid *ssid; 629 int ret, p2p_in_prog; 630 struct wpabuf *extra_ie = NULL; 631 struct wpa_driver_scan_params params; 632 struct wpa_driver_scan_params *scan_params; 633 size_t max_ssids; 634 int connect_without_scan = 0; 635 636 if (wpa_s->pno || wpa_s->pno_sched_pending) { 637 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - PNO is in progress"); 638 return; 639 } 640 641 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) { 642 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled"); 643 return; 644 } 645 646 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) { 647 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan"); 648 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 649 return; 650 } 651 652 if (wpa_s->scanning) { 653 /* 654 * If we are already in scanning state, we shall reschedule the 655 * the incoming scan request. 656 */ 657 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req"); 658 wpa_supplicant_req_scan(wpa_s, 1, 0); 659 return; 660 } 661 662 if (!wpa_supplicant_enabled_networks(wpa_s) && 663 wpa_s->scan_req == NORMAL_SCAN_REQ) { 664 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan"); 665 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE); 666 return; 667 } 668 669 if (wpa_s->conf->ap_scan != 0 && 670 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) { 671 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - " 672 "overriding ap_scan configuration"); 673 wpa_s->conf->ap_scan = 0; 674 wpas_notify_ap_scan_changed(wpa_s); 675 } 676 677 if (wpa_s->conf->ap_scan == 0) { 678 wpa_supplicant_gen_assoc_event(wpa_s); 679 return; 680 } 681 682 ssid = NULL; 683 if (wpa_s->scan_req != MANUAL_SCAN_REQ && 684 wpa_s->connect_without_scan) { 685 connect_without_scan = 1; 686 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 687 if (ssid == wpa_s->connect_without_scan) 688 break; 689 } 690 } 691 692 p2p_in_prog = wpas_p2p_in_progress(wpa_s); 693 if (p2p_in_prog && p2p_in_prog != 2 && 694 (!ssid || 695 (ssid->mode != WPAS_MODE_AP && ssid->mode != WPAS_MODE_P2P_GO))) { 696 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan while P2P operation is in progress"); 697 wpa_supplicant_req_scan(wpa_s, 5, 0); 698 return; 699 } 700 701 if (wpa_s->conf->ap_scan == 2) 702 max_ssids = 1; 703 else { 704 max_ssids = wpa_s->max_scan_ssids; 705 if (max_ssids > WPAS_MAX_SCAN_SSIDS) 706 max_ssids = WPAS_MAX_SCAN_SSIDS; 707 } 708 709 wpa_s->last_scan_req = wpa_s->scan_req; 710 wpa_s->scan_req = NORMAL_SCAN_REQ; 711 712 if (connect_without_scan) { 713 wpa_s->connect_without_scan = NULL; 714 if (ssid) { 715 wpa_printf(MSG_DEBUG, "Start a pre-selected network " 716 "without scan step"); 717 wpa_supplicant_associate(wpa_s, NULL, ssid); 718 return; 719 } 720 } 721 722 os_memset(¶ms, 0, sizeof(params)); 723 724 wpa_s->scan_prev_wpa_state = wpa_s->wpa_state; 725 if (wpa_s->wpa_state == WPA_DISCONNECTED || 726 wpa_s->wpa_state == WPA_INACTIVE) 727 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 728 729 /* 730 * If autoscan has set its own scanning parameters 731 */ 732 if (wpa_s->autoscan_params != NULL) { 733 scan_params = wpa_s->autoscan_params; 734 goto scan; 735 } 736 737 #ifdef CONFIG_P2P 738 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) && 739 wpa_s->go_params && !wpa_s->conf->passive_scan) { 740 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)", 741 wpa_s->p2p_in_provisioning, 742 wpa_s->show_group_started); 743 params.ssids[0].ssid = wpa_s->go_params->ssid; 744 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len; 745 params.num_ssids = 1; 746 goto ssid_list_set; 747 } 748 749 if (wpa_s->p2p_in_invitation) { 750 if (wpa_s->current_ssid) { 751 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during invitation"); 752 params.ssids[0].ssid = wpa_s->current_ssid->ssid; 753 params.ssids[0].ssid_len = 754 wpa_s->current_ssid->ssid_len; 755 params.num_ssids = 1; 756 } else { 757 wpa_printf(MSG_DEBUG, "P2P: No specific SSID known for scan during invitation"); 758 } 759 goto ssid_list_set; 760 } 761 #endif /* CONFIG_P2P */ 762 763 /* Find the starting point from which to continue scanning */ 764 ssid = wpa_s->conf->ssid; 765 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) { 766 while (ssid) { 767 if (ssid == wpa_s->prev_scan_ssid) { 768 ssid = ssid->next; 769 break; 770 } 771 ssid = ssid->next; 772 } 773 } 774 775 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ && 776 wpa_s->conf->ap_scan == 2) { 777 wpa_s->connect_without_scan = NULL; 778 wpa_s->prev_scan_wildcard = 0; 779 wpa_supplicant_assoc_try(wpa_s, ssid); 780 return; 781 } else if (wpa_s->conf->ap_scan == 2) { 782 /* 783 * User-initiated scan request in ap_scan == 2; scan with 784 * wildcard SSID. 785 */ 786 ssid = NULL; 787 } else if (wpa_s->reattach && wpa_s->current_ssid != NULL) { 788 /* 789 * Perform single-channel single-SSID scan for 790 * reassociate-to-same-BSS operation. 791 */ 792 /* Setup SSID */ 793 ssid = wpa_s->current_ssid; 794 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 795 ssid->ssid, ssid->ssid_len); 796 params.ssids[0].ssid = ssid->ssid; 797 params.ssids[0].ssid_len = ssid->ssid_len; 798 params.num_ssids = 1; 799 800 /* 801 * Allocate memory for frequency array, allocate one extra 802 * slot for the zero-terminator. 803 */ 804 params.freqs = os_malloc(sizeof(int) * 2); 805 if (params.freqs == NULL) { 806 wpa_dbg(wpa_s, MSG_ERROR, "Memory allocation failed"); 807 return; 808 } 809 params.freqs[0] = wpa_s->assoc_freq; 810 params.freqs[1] = 0; 811 812 /* 813 * Reset the reattach flag so that we fall back to full scan if 814 * this scan fails. 815 */ 816 wpa_s->reattach = 0; 817 } else { 818 struct wpa_ssid *start = ssid, *tssid; 819 int freqs_set = 0; 820 if (ssid == NULL && max_ssids > 1) 821 ssid = wpa_s->conf->ssid; 822 while (ssid) { 823 if (!wpas_network_disabled(wpa_s, ssid) && 824 ssid->scan_ssid) { 825 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID", 826 ssid->ssid, ssid->ssid_len); 827 params.ssids[params.num_ssids].ssid = 828 ssid->ssid; 829 params.ssids[params.num_ssids].ssid_len = 830 ssid->ssid_len; 831 params.num_ssids++; 832 if (params.num_ssids + 1 >= max_ssids) 833 break; 834 } 835 ssid = ssid->next; 836 if (ssid == start) 837 break; 838 if (ssid == NULL && max_ssids > 1 && 839 start != wpa_s->conf->ssid) 840 ssid = wpa_s->conf->ssid; 841 } 842 843 if (wpa_s->scan_id_count && 844 wpa_s->last_scan_req == MANUAL_SCAN_REQ) 845 wpa_set_scan_ssids(wpa_s, ¶ms, max_ssids); 846 847 for (tssid = wpa_s->conf->ssid; 848 wpa_s->last_scan_req != MANUAL_SCAN_REQ && tssid; 849 tssid = tssid->next) { 850 if (wpas_network_disabled(wpa_s, tssid)) 851 continue; 852 if ((params.freqs || !freqs_set) && tssid->scan_freq) { 853 int_array_concat(¶ms.freqs, 854 tssid->scan_freq); 855 } else { 856 os_free(params.freqs); 857 params.freqs = NULL; 858 } 859 freqs_set = 1; 860 } 861 int_array_sort_unique(params.freqs); 862 } 863 864 if (ssid && max_ssids == 1) { 865 /* 866 * If the driver is limited to 1 SSID at a time interleave 867 * wildcard SSID scans with specific SSID scans to avoid 868 * waiting a long time for a wildcard scan. 869 */ 870 if (!wpa_s->prev_scan_wildcard) { 871 params.ssids[0].ssid = NULL; 872 params.ssids[0].ssid_len = 0; 873 wpa_s->prev_scan_wildcard = 1; 874 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for " 875 "wildcard SSID (Interleave with specific)"); 876 } else { 877 wpa_s->prev_scan_ssid = ssid; 878 wpa_s->prev_scan_wildcard = 0; 879 wpa_dbg(wpa_s, MSG_DEBUG, 880 "Starting AP scan for specific SSID: %s", 881 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 882 } 883 } else if (ssid) { 884 /* max_ssids > 1 */ 885 886 wpa_s->prev_scan_ssid = ssid; 887 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in " 888 "the scan request"); 889 params.num_ssids++; 890 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 891 wpa_s->manual_scan_passive && params.num_ssids == 0) { 892 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request"); 893 } else if (wpa_s->conf->passive_scan) { 894 wpa_dbg(wpa_s, MSG_DEBUG, 895 "Use passive scan based on configuration"); 896 } else { 897 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN; 898 params.num_ssids++; 899 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard " 900 "SSID"); 901 } 902 #ifdef CONFIG_P2P 903 ssid_list_set: 904 #endif /* CONFIG_P2P */ 905 906 wpa_supplicant_optimize_freqs(wpa_s, ¶ms); 907 extra_ie = wpa_supplicant_extra_ies(wpa_s); 908 909 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 910 wpa_s->manual_scan_only_new) { 911 wpa_printf(MSG_DEBUG, 912 "Request driver to clear scan cache due to manual only_new=1 scan"); 913 params.only_new_results = 1; 914 } 915 916 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL && 917 wpa_s->manual_scan_freqs) { 918 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels"); 919 params.freqs = wpa_s->manual_scan_freqs; 920 wpa_s->manual_scan_freqs = NULL; 921 } 922 923 if (params.freqs == NULL && wpa_s->next_scan_freqs) { 924 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously " 925 "generated frequency list"); 926 params.freqs = wpa_s->next_scan_freqs; 927 } else 928 os_free(wpa_s->next_scan_freqs); 929 wpa_s->next_scan_freqs = NULL; 930 wpa_setband_scan_freqs(wpa_s, ¶ms); 931 932 /* See if user specified frequencies. If so, scan only those. */ 933 if (wpa_s->conf->freq_list && !params.freqs) { 934 wpa_dbg(wpa_s, MSG_DEBUG, 935 "Optimize scan based on conf->freq_list"); 936 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 937 } 938 939 /* Use current associated channel? */ 940 if (wpa_s->conf->scan_cur_freq && !params.freqs) { 941 unsigned int num = wpa_s->num_multichan_concurrent; 942 943 params.freqs = os_calloc(num + 1, sizeof(int)); 944 if (params.freqs) { 945 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 946 if (num > 0) { 947 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the " 948 "current operating channels since " 949 "scan_cur_freq is enabled"); 950 } else { 951 os_free(params.freqs); 952 params.freqs = NULL; 953 } 954 } 955 } 956 957 params.filter_ssids = wpa_supplicant_build_filter_ssids( 958 wpa_s->conf, ¶ms.num_filter_ssids); 959 if (extra_ie) { 960 params.extra_ies = wpabuf_head(extra_ie); 961 params.extra_ies_len = wpabuf_len(extra_ie); 962 } 963 964 #ifdef CONFIG_P2P 965 if (wpa_s->p2p_in_provisioning || wpa_s->p2p_in_invitation || 966 (wpa_s->show_group_started && wpa_s->go_params)) { 967 /* 968 * The interface may not yet be in P2P mode, so we have to 969 * explicitly request P2P probe to disable CCK rates. 970 */ 971 params.p2p_probe = 1; 972 } 973 #endif /* CONFIG_P2P */ 974 975 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCAN) { 976 params.mac_addr_rand = 1; 977 if (wpa_s->mac_addr_scan) { 978 params.mac_addr = wpa_s->mac_addr_scan; 979 params.mac_addr_mask = wpa_s->mac_addr_scan + ETH_ALEN; 980 } 981 } 982 983 scan_params = ¶ms; 984 985 scan: 986 #ifdef CONFIG_P2P 987 /* 988 * If the driver does not support multi-channel concurrency and a 989 * virtual interface that shares the same radio with the wpa_s interface 990 * is operating there may not be need to scan other channels apart from 991 * the current operating channel on the other virtual interface. Filter 992 * out other channels in case we are trying to find a connection for a 993 * station interface when we are not configured to prefer station 994 * connection and a concurrent operation is already in process. 995 */ 996 if (wpa_s->scan_for_connection && 997 wpa_s->last_scan_req == NORMAL_SCAN_REQ && 998 !scan_params->freqs && !params.freqs && 999 wpas_is_p2p_prioritized(wpa_s) && 1000 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE && 1001 non_p2p_network_enabled(wpa_s)) { 1002 unsigned int num = wpa_s->num_multichan_concurrent; 1003 1004 params.freqs = os_calloc(num + 1, sizeof(int)); 1005 if (params.freqs) { 1006 num = get_shared_radio_freqs(wpa_s, params.freqs, num); 1007 if (num > 0 && num == wpa_s->num_multichan_concurrent) { 1008 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used"); 1009 } else { 1010 os_free(params.freqs); 1011 params.freqs = NULL; 1012 } 1013 } 1014 } 1015 #endif /* CONFIG_P2P */ 1016 1017 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params); 1018 1019 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs && 1020 !wpa_s->manual_scan_freqs) { 1021 /* Restore manual_scan_freqs for the next attempt */ 1022 wpa_s->manual_scan_freqs = params.freqs; 1023 params.freqs = NULL; 1024 } 1025 1026 wpabuf_free(extra_ie); 1027 os_free(params.freqs); 1028 os_free(params.filter_ssids); 1029 1030 if (ret) { 1031 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan"); 1032 if (wpa_s->scan_prev_wpa_state != wpa_s->wpa_state) 1033 wpa_supplicant_set_state(wpa_s, 1034 wpa_s->scan_prev_wpa_state); 1035 /* Restore scan_req since we will try to scan again */ 1036 wpa_s->scan_req = wpa_s->last_scan_req; 1037 wpa_supplicant_req_scan(wpa_s, 1, 0); 1038 } else { 1039 wpa_s->scan_for_connection = 0; 1040 #ifdef CONFIG_INTERWORKING 1041 wpa_s->interworking_fast_assoc_tried = 0; 1042 #endif /* CONFIG_INTERWORKING */ 1043 } 1044 } 1045 1046 1047 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec) 1048 { 1049 struct os_reltime remaining, new_int; 1050 int cancelled; 1051 1052 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL, 1053 &remaining); 1054 1055 new_int.sec = sec; 1056 new_int.usec = 0; 1057 if (cancelled && os_reltime_before(&remaining, &new_int)) { 1058 new_int.sec = remaining.sec; 1059 new_int.usec = remaining.usec; 1060 } 1061 1062 if (cancelled) { 1063 eloop_register_timeout(new_int.sec, new_int.usec, 1064 wpa_supplicant_scan, wpa_s, NULL); 1065 } 1066 wpa_s->scan_interval = sec; 1067 } 1068 1069 1070 /** 1071 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points 1072 * @wpa_s: Pointer to wpa_supplicant data 1073 * @sec: Number of seconds after which to scan 1074 * @usec: Number of microseconds after which to scan 1075 * 1076 * This function is used to schedule a scan for neighboring access points after 1077 * the specified time. 1078 */ 1079 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec) 1080 { 1081 int res; 1082 1083 if (wpa_s->p2p_mgmt) { 1084 wpa_dbg(wpa_s, MSG_DEBUG, 1085 "Ignore scan request (%d.%06d sec) on p2p_mgmt interface", 1086 sec, usec); 1087 return; 1088 } 1089 1090 res = eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, 1091 NULL); 1092 if (res == 1) { 1093 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d.%06d sec", 1094 sec, usec); 1095 } else if (res == 0) { 1096 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore new scan request for %d.%06d sec since an earlier request is scheduled to trigger sooner", 1097 sec, usec); 1098 } else { 1099 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d.%06d sec", 1100 sec, usec); 1101 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL); 1102 } 1103 } 1104 1105 1106 /** 1107 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan 1108 * @wpa_s: Pointer to wpa_supplicant data 1109 * @sec: Number of seconds after which to scan 1110 * @usec: Number of microseconds after which to scan 1111 * Returns: 0 on success or -1 otherwise 1112 * 1113 * This function is used to schedule periodic scans for neighboring 1114 * access points after the specified time. 1115 */ 1116 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s, 1117 int sec, int usec) 1118 { 1119 if (!wpa_s->sched_scan_supported) 1120 return -1; 1121 1122 eloop_register_timeout(sec, usec, 1123 wpa_supplicant_delayed_sched_scan_timeout, 1124 wpa_s, NULL); 1125 1126 return 0; 1127 } 1128 1129 1130 /** 1131 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan 1132 * @wpa_s: Pointer to wpa_supplicant data 1133 * Returns: 0 is sched_scan was started or -1 otherwise 1134 * 1135 * This function is used to schedule periodic scans for neighboring 1136 * access points repeating the scan continuously. 1137 */ 1138 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s) 1139 { 1140 struct wpa_driver_scan_params params; 1141 struct wpa_driver_scan_params *scan_params; 1142 enum wpa_states prev_state; 1143 struct wpa_ssid *ssid = NULL; 1144 struct wpabuf *extra_ie = NULL; 1145 int ret; 1146 unsigned int max_sched_scan_ssids; 1147 int wildcard = 0; 1148 int need_ssids; 1149 1150 if (!wpa_s->sched_scan_supported) 1151 return -1; 1152 1153 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS) 1154 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS; 1155 else 1156 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids; 1157 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload) 1158 return -1; 1159 1160 if (wpa_s->sched_scanning) { 1161 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning"); 1162 return 0; 1163 } 1164 1165 need_ssids = 0; 1166 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1167 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) { 1168 /* Use wildcard SSID to find this network */ 1169 wildcard = 1; 1170 } else if (!wpas_network_disabled(wpa_s, ssid) && 1171 ssid->ssid_len) 1172 need_ssids++; 1173 1174 #ifdef CONFIG_WPS 1175 if (!wpas_network_disabled(wpa_s, ssid) && 1176 ssid->key_mgmt == WPA_KEY_MGMT_WPS) { 1177 /* 1178 * Normal scan is more reliable and faster for WPS 1179 * operations and since these are for short periods of 1180 * time, the benefit of trying to use sched_scan would 1181 * be limited. 1182 */ 1183 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1184 "sched_scan for WPS"); 1185 return -1; 1186 } 1187 #endif /* CONFIG_WPS */ 1188 } 1189 if (wildcard) 1190 need_ssids++; 1191 1192 if (wpa_s->normal_scans < 3 && 1193 (need_ssids <= wpa_s->max_scan_ssids || 1194 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) { 1195 /* 1196 * When normal scan can speed up operations, use that for the 1197 * first operations before starting the sched_scan to allow 1198 * user space sleep more. We do this only if the normal scan 1199 * has functionality that is suitable for this or if the 1200 * sched_scan does not have better support for multiple SSIDs. 1201 */ 1202 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of " 1203 "sched_scan for initial scans (normal_scans=%d)", 1204 wpa_s->normal_scans); 1205 return -1; 1206 } 1207 1208 os_memset(¶ms, 0, sizeof(params)); 1209 1210 /* If we can't allocate space for the filters, we just don't filter */ 1211 params.filter_ssids = os_calloc(wpa_s->max_match_sets, 1212 sizeof(struct wpa_driver_scan_filter)); 1213 1214 prev_state = wpa_s->wpa_state; 1215 if (wpa_s->wpa_state == WPA_DISCONNECTED || 1216 wpa_s->wpa_state == WPA_INACTIVE) 1217 wpa_supplicant_set_state(wpa_s, WPA_SCANNING); 1218 1219 if (wpa_s->autoscan_params != NULL) { 1220 scan_params = wpa_s->autoscan_params; 1221 goto scan; 1222 } 1223 1224 /* Find the starting point from which to continue scanning */ 1225 ssid = wpa_s->conf->ssid; 1226 if (wpa_s->prev_sched_ssid) { 1227 while (ssid) { 1228 if (ssid == wpa_s->prev_sched_ssid) { 1229 ssid = ssid->next; 1230 break; 1231 } 1232 ssid = ssid->next; 1233 } 1234 } 1235 1236 if (!ssid || !wpa_s->prev_sched_ssid) { 1237 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list"); 1238 if (wpa_s->conf->sched_scan_interval) 1239 wpa_s->sched_scan_interval = 1240 wpa_s->conf->sched_scan_interval; 1241 if (wpa_s->sched_scan_interval == 0) 1242 wpa_s->sched_scan_interval = 10; 1243 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1244 wpa_s->first_sched_scan = 1; 1245 ssid = wpa_s->conf->ssid; 1246 wpa_s->prev_sched_ssid = ssid; 1247 } 1248 1249 if (wildcard) { 1250 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan"); 1251 params.num_ssids++; 1252 } 1253 1254 while (ssid) { 1255 if (wpas_network_disabled(wpa_s, ssid)) 1256 goto next; 1257 1258 if (params.num_filter_ssids < wpa_s->max_match_sets && 1259 params.filter_ssids && ssid->ssid && ssid->ssid_len) { 1260 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s", 1261 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1262 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid, 1263 ssid->ssid, ssid->ssid_len); 1264 params.filter_ssids[params.num_filter_ssids].ssid_len = 1265 ssid->ssid_len; 1266 params.num_filter_ssids++; 1267 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len) 1268 { 1269 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID " 1270 "filter for sched_scan - drop filter"); 1271 os_free(params.filter_ssids); 1272 params.filter_ssids = NULL; 1273 params.num_filter_ssids = 0; 1274 } 1275 1276 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) { 1277 if (params.num_ssids == max_sched_scan_ssids) 1278 break; /* only room for broadcast SSID */ 1279 wpa_dbg(wpa_s, MSG_DEBUG, 1280 "add to active scan ssid: %s", 1281 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 1282 params.ssids[params.num_ssids].ssid = 1283 ssid->ssid; 1284 params.ssids[params.num_ssids].ssid_len = 1285 ssid->ssid_len; 1286 params.num_ssids++; 1287 if (params.num_ssids >= max_sched_scan_ssids) { 1288 wpa_s->prev_sched_ssid = ssid; 1289 do { 1290 ssid = ssid->next; 1291 } while (ssid && 1292 (wpas_network_disabled(wpa_s, ssid) || 1293 !ssid->scan_ssid)); 1294 break; 1295 } 1296 } 1297 1298 next: 1299 wpa_s->prev_sched_ssid = ssid; 1300 ssid = ssid->next; 1301 } 1302 1303 if (params.num_filter_ssids == 0) { 1304 os_free(params.filter_ssids); 1305 params.filter_ssids = NULL; 1306 } 1307 1308 extra_ie = wpa_supplicant_extra_ies(wpa_s); 1309 if (extra_ie) { 1310 params.extra_ies = wpabuf_head(extra_ie); 1311 params.extra_ies_len = wpabuf_len(extra_ie); 1312 } 1313 1314 if (wpa_s->conf->filter_rssi) 1315 params.filter_rssi = wpa_s->conf->filter_rssi; 1316 1317 /* See if user specified frequencies. If so, scan only those. */ 1318 if (wpa_s->conf->freq_list && !params.freqs) { 1319 wpa_dbg(wpa_s, MSG_DEBUG, 1320 "Optimize scan based on conf->freq_list"); 1321 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list); 1322 } 1323 1324 scan_params = ¶ms; 1325 1326 scan: 1327 if (ssid || !wpa_s->first_sched_scan) { 1328 wpa_dbg(wpa_s, MSG_DEBUG, 1329 "Starting sched scan: interval %d timeout %d", 1330 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout); 1331 } else { 1332 wpa_dbg(wpa_s, MSG_DEBUG, 1333 "Starting sched scan: interval %d (no timeout)", 1334 wpa_s->sched_scan_interval); 1335 } 1336 1337 wpa_setband_scan_freqs(wpa_s, scan_params); 1338 1339 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_SCHED_SCAN) { 1340 params.mac_addr_rand = 1; 1341 if (wpa_s->mac_addr_sched_scan) { 1342 params.mac_addr = wpa_s->mac_addr_sched_scan; 1343 params.mac_addr_mask = wpa_s->mac_addr_sched_scan + 1344 ETH_ALEN; 1345 } 1346 } 1347 1348 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params, 1349 wpa_s->sched_scan_interval); 1350 wpabuf_free(extra_ie); 1351 os_free(params.filter_ssids); 1352 if (ret) { 1353 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan"); 1354 if (prev_state != wpa_s->wpa_state) 1355 wpa_supplicant_set_state(wpa_s, prev_state); 1356 return ret; 1357 } 1358 1359 /* If we have more SSIDs to scan, add a timeout so we scan them too */ 1360 if (ssid || !wpa_s->first_sched_scan) { 1361 wpa_s->sched_scan_timed_out = 0; 1362 eloop_register_timeout(wpa_s->sched_scan_timeout, 0, 1363 wpa_supplicant_sched_scan_timeout, 1364 wpa_s, NULL); 1365 wpa_s->first_sched_scan = 0; 1366 wpa_s->sched_scan_timeout /= 2; 1367 wpa_s->sched_scan_interval *= 2; 1368 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) { 1369 wpa_s->sched_scan_interval = 10; 1370 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2; 1371 } 1372 } 1373 1374 /* If there is no more ssids, start next time from the beginning */ 1375 if (!ssid) 1376 wpa_s->prev_sched_ssid = NULL; 1377 1378 return 0; 1379 } 1380 1381 1382 /** 1383 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request 1384 * @wpa_s: Pointer to wpa_supplicant data 1385 * 1386 * This function is used to cancel a scan request scheduled with 1387 * wpa_supplicant_req_scan(). 1388 */ 1389 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s) 1390 { 1391 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request"); 1392 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL); 1393 } 1394 1395 1396 /** 1397 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan 1398 * @wpa_s: Pointer to wpa_supplicant data 1399 * 1400 * This function is used to stop a delayed scheduled scan. 1401 */ 1402 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s) 1403 { 1404 if (!wpa_s->sched_scan_supported) 1405 return; 1406 1407 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan"); 1408 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout, 1409 wpa_s, NULL); 1410 } 1411 1412 1413 /** 1414 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans 1415 * @wpa_s: Pointer to wpa_supplicant data 1416 * 1417 * This function is used to stop a periodic scheduled scan. 1418 */ 1419 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s) 1420 { 1421 if (!wpa_s->sched_scanning) 1422 return; 1423 1424 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan"); 1425 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL); 1426 wpa_supplicant_stop_sched_scan(wpa_s); 1427 } 1428 1429 1430 /** 1431 * wpa_supplicant_notify_scanning - Indicate possible scan state change 1432 * @wpa_s: Pointer to wpa_supplicant data 1433 * @scanning: Whether scanning is currently in progress 1434 * 1435 * This function is to generate scanning notifycations. It is called whenever 1436 * there may have been a change in scanning (scan started, completed, stopped). 1437 * wpas_notify_scanning() is called whenever the scanning state changed from the 1438 * previously notified state. 1439 */ 1440 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s, 1441 int scanning) 1442 { 1443 if (wpa_s->scanning != scanning) { 1444 wpa_s->scanning = scanning; 1445 wpas_notify_scanning(wpa_s); 1446 } 1447 } 1448 1449 1450 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res) 1451 { 1452 int rate = 0; 1453 const u8 *ie; 1454 int i; 1455 1456 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES); 1457 for (i = 0; ie && i < ie[1]; i++) { 1458 if ((ie[i + 2] & 0x7f) > rate) 1459 rate = ie[i + 2] & 0x7f; 1460 } 1461 1462 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES); 1463 for (i = 0; ie && i < ie[1]; i++) { 1464 if ((ie[i + 2] & 0x7f) > rate) 1465 rate = ie[i + 2] & 0x7f; 1466 } 1467 1468 return rate; 1469 } 1470 1471 1472 /** 1473 * wpa_scan_get_ie - Fetch a specified information element from a scan result 1474 * @res: Scan result entry 1475 * @ie: Information element identitifier (WLAN_EID_*) 1476 * Returns: Pointer to the information element (id field) or %NULL if not found 1477 * 1478 * This function returns the first matching information element in the scan 1479 * result. 1480 */ 1481 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie) 1482 { 1483 const u8 *end, *pos; 1484 1485 pos = (const u8 *) (res + 1); 1486 end = pos + res->ie_len; 1487 1488 while (pos + 1 < end) { 1489 if (pos + 2 + pos[1] > end) 1490 break; 1491 if (pos[0] == ie) 1492 return pos; 1493 pos += 2 + pos[1]; 1494 } 1495 1496 return NULL; 1497 } 1498 1499 1500 /** 1501 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result 1502 * @res: Scan result entry 1503 * @vendor_type: Vendor type (four octets starting the IE payload) 1504 * Returns: Pointer to the information element (id field) or %NULL if not found 1505 * 1506 * This function returns the first matching information element in the scan 1507 * result. 1508 */ 1509 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res, 1510 u32 vendor_type) 1511 { 1512 const u8 *end, *pos; 1513 1514 pos = (const u8 *) (res + 1); 1515 end = pos + res->ie_len; 1516 1517 while (pos + 1 < end) { 1518 if (pos + 2 + pos[1] > end) 1519 break; 1520 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1521 vendor_type == WPA_GET_BE32(&pos[2])) 1522 return pos; 1523 pos += 2 + pos[1]; 1524 } 1525 1526 return NULL; 1527 } 1528 1529 1530 /** 1531 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result 1532 * @res: Scan result entry 1533 * @vendor_type: Vendor type (four octets starting the IE payload) 1534 * Returns: Pointer to the information element (id field) or %NULL if not found 1535 * 1536 * This function returns the first matching information element in the scan 1537 * result. 1538 * 1539 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only 1540 * from Beacon frames instead of either Beacon or Probe Response frames. 1541 */ 1542 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res, 1543 u32 vendor_type) 1544 { 1545 const u8 *end, *pos; 1546 1547 if (res->beacon_ie_len == 0) 1548 return NULL; 1549 1550 pos = (const u8 *) (res + 1); 1551 pos += res->ie_len; 1552 end = pos + res->beacon_ie_len; 1553 1554 while (pos + 1 < end) { 1555 if (pos + 2 + pos[1] > end) 1556 break; 1557 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1558 vendor_type == WPA_GET_BE32(&pos[2])) 1559 return pos; 1560 pos += 2 + pos[1]; 1561 } 1562 1563 return NULL; 1564 } 1565 1566 1567 /** 1568 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result 1569 * @res: Scan result entry 1570 * @vendor_type: Vendor type (four octets starting the IE payload) 1571 * Returns: Pointer to the information element payload or %NULL if not found 1572 * 1573 * This function returns concatenated payload of possibly fragmented vendor 1574 * specific information elements in the scan result. The caller is responsible 1575 * for freeing the returned buffer. 1576 */ 1577 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res, 1578 u32 vendor_type) 1579 { 1580 struct wpabuf *buf; 1581 const u8 *end, *pos; 1582 1583 buf = wpabuf_alloc(res->ie_len); 1584 if (buf == NULL) 1585 return NULL; 1586 1587 pos = (const u8 *) (res + 1); 1588 end = pos + res->ie_len; 1589 1590 while (pos + 1 < end) { 1591 if (pos + 2 + pos[1] > end) 1592 break; 1593 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && 1594 vendor_type == WPA_GET_BE32(&pos[2])) 1595 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); 1596 pos += 2 + pos[1]; 1597 } 1598 1599 if (wpabuf_len(buf) == 0) { 1600 wpabuf_free(buf); 1601 buf = NULL; 1602 } 1603 1604 return buf; 1605 } 1606 1607 1608 /* 1609 * Channels with a great SNR can operate at full rate. What is a great SNR? 1610 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general 1611 * rule of thumb is that any SNR above 20 is good." This one 1612 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23 1613 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a 1614 * conservative value. 1615 */ 1616 #define GREAT_SNR 30 1617 1618 #define IS_5GHZ(n) (n > 4000) 1619 1620 /* Compare function for sorting scan results. Return >0 if @b is considered 1621 * better. */ 1622 static int wpa_scan_result_compar(const void *a, const void *b) 1623 { 1624 #define MIN(a,b) a < b ? a : b 1625 struct wpa_scan_res **_wa = (void *) a; 1626 struct wpa_scan_res **_wb = (void *) b; 1627 struct wpa_scan_res *wa = *_wa; 1628 struct wpa_scan_res *wb = *_wb; 1629 int wpa_a, wpa_b; 1630 int snr_a, snr_b, snr_a_full, snr_b_full; 1631 1632 /* WPA/WPA2 support preferred */ 1633 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL || 1634 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL; 1635 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL || 1636 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL; 1637 1638 if (wpa_b && !wpa_a) 1639 return 1; 1640 if (!wpa_b && wpa_a) 1641 return -1; 1642 1643 /* privacy support preferred */ 1644 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 && 1645 (wb->caps & IEEE80211_CAP_PRIVACY)) 1646 return 1; 1647 if ((wa->caps & IEEE80211_CAP_PRIVACY) && 1648 (wb->caps & IEEE80211_CAP_PRIVACY) == 0) 1649 return -1; 1650 1651 if (wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) { 1652 snr_a_full = wa->snr; 1653 snr_a = MIN(wa->snr, GREAT_SNR); 1654 snr_b_full = wb->snr; 1655 snr_b = MIN(wa->snr, GREAT_SNR); 1656 } else { 1657 /* Level is not in dBm, so we can't calculate 1658 * SNR. Just use raw level (units unknown). */ 1659 snr_a = snr_a_full = wa->level; 1660 snr_b = snr_b_full = wb->level; 1661 } 1662 1663 /* if SNR is close, decide by max rate or frequency band */ 1664 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) || 1665 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) { 1666 if (wa->est_throughput != wb->est_throughput) 1667 return wb->est_throughput - wa->est_throughput; 1668 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq)) 1669 return IS_5GHZ(wa->freq) ? -1 : 1; 1670 } 1671 1672 /* all things being equal, use SNR; if SNRs are 1673 * identical, use quality values since some drivers may only report 1674 * that value and leave the signal level zero */ 1675 if (snr_b_full == snr_a_full) 1676 return wb->qual - wa->qual; 1677 return snr_b_full - snr_a_full; 1678 #undef MIN 1679 } 1680 1681 1682 #ifdef CONFIG_WPS 1683 /* Compare function for sorting scan results when searching a WPS AP for 1684 * provisioning. Return >0 if @b is considered better. */ 1685 static int wpa_scan_result_wps_compar(const void *a, const void *b) 1686 { 1687 struct wpa_scan_res **_wa = (void *) a; 1688 struct wpa_scan_res **_wb = (void *) b; 1689 struct wpa_scan_res *wa = *_wa; 1690 struct wpa_scan_res *wb = *_wb; 1691 int uses_wps_a, uses_wps_b; 1692 struct wpabuf *wps_a, *wps_b; 1693 int res; 1694 1695 /* Optimization - check WPS IE existence before allocated memory and 1696 * doing full reassembly. */ 1697 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL; 1698 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL; 1699 if (uses_wps_a && !uses_wps_b) 1700 return -1; 1701 if (!uses_wps_a && uses_wps_b) 1702 return 1; 1703 1704 if (uses_wps_a && uses_wps_b) { 1705 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE); 1706 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE); 1707 res = wps_ap_priority_compar(wps_a, wps_b); 1708 wpabuf_free(wps_a); 1709 wpabuf_free(wps_b); 1710 if (res) 1711 return res; 1712 } 1713 1714 /* 1715 * Do not use current AP security policy as a sorting criteria during 1716 * WPS provisioning step since the AP may get reconfigured at the 1717 * completion of provisioning. 1718 */ 1719 1720 /* all things being equal, use signal level; if signal levels are 1721 * identical, use quality values since some drivers may only report 1722 * that value and leave the signal level zero */ 1723 if (wb->level == wa->level) 1724 return wb->qual - wa->qual; 1725 return wb->level - wa->level; 1726 } 1727 #endif /* CONFIG_WPS */ 1728 1729 1730 static void dump_scan_res(struct wpa_scan_results *scan_res) 1731 { 1732 #ifndef CONFIG_NO_STDOUT_DEBUG 1733 size_t i; 1734 1735 if (scan_res->res == NULL || scan_res->num == 0) 1736 return; 1737 1738 wpa_printf(MSG_EXCESSIVE, "Sorted scan results"); 1739 1740 for (i = 0; i < scan_res->num; i++) { 1741 struct wpa_scan_res *r = scan_res->res[i]; 1742 u8 *pos; 1743 if (r->flags & WPA_SCAN_LEVEL_DBM) { 1744 int noise_valid = !(r->flags & WPA_SCAN_NOISE_INVALID); 1745 1746 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1747 "noise=%d%s level=%d snr=%d%s flags=0x%x age=%u est=%u", 1748 MAC2STR(r->bssid), r->freq, r->qual, 1749 r->noise, noise_valid ? "" : "~", r->level, 1750 r->snr, r->snr >= GREAT_SNR ? "*" : "", 1751 r->flags, 1752 r->age, r->est_throughput); 1753 } else { 1754 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d " 1755 "noise=%d level=%d flags=0x%x age=%u est=%u", 1756 MAC2STR(r->bssid), r->freq, r->qual, 1757 r->noise, r->level, r->flags, r->age, 1758 r->est_throughput); 1759 } 1760 pos = (u8 *) (r + 1); 1761 if (r->ie_len) 1762 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len); 1763 pos += r->ie_len; 1764 if (r->beacon_ie_len) 1765 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs", 1766 pos, r->beacon_ie_len); 1767 } 1768 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1769 } 1770 1771 1772 /** 1773 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed 1774 * @wpa_s: Pointer to wpa_supplicant data 1775 * @bssid: BSSID to check 1776 * Returns: 0 if the BSSID is filtered or 1 if not 1777 * 1778 * This function is used to filter out specific BSSIDs from scan reslts mainly 1779 * for testing purposes (SET bssid_filter ctrl_iface command). 1780 */ 1781 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s, 1782 const u8 *bssid) 1783 { 1784 size_t i; 1785 1786 if (wpa_s->bssid_filter == NULL) 1787 return 1; 1788 1789 for (i = 0; i < wpa_s->bssid_filter_count; i++) { 1790 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid, 1791 ETH_ALEN) == 0) 1792 return 1; 1793 } 1794 1795 return 0; 1796 } 1797 1798 1799 static void filter_scan_res(struct wpa_supplicant *wpa_s, 1800 struct wpa_scan_results *res) 1801 { 1802 size_t i, j; 1803 1804 if (wpa_s->bssid_filter == NULL) 1805 return; 1806 1807 for (i = 0, j = 0; i < res->num; i++) { 1808 if (wpa_supplicant_filter_bssid_match(wpa_s, 1809 res->res[i]->bssid)) { 1810 res->res[j++] = res->res[i]; 1811 } else { 1812 os_free(res->res[i]); 1813 res->res[i] = NULL; 1814 } 1815 } 1816 1817 if (res->num != j) { 1818 wpa_printf(MSG_DEBUG, "Filtered out %d scan results", 1819 (int) (res->num - j)); 1820 res->num = j; 1821 } 1822 } 1823 1824 1825 /* 1826 * Noise floor values to use when we have signal strength 1827 * measurements, but no noise floor measurments. These values were 1828 * measured in an office environment with many APs. 1829 */ 1830 #define DEFAULT_NOISE_FLOOR_2GHZ (-89) 1831 #define DEFAULT_NOISE_FLOOR_5GHZ (-92) 1832 1833 static void scan_snr(struct wpa_scan_res *res) 1834 { 1835 if (res->flags & WPA_SCAN_NOISE_INVALID) { 1836 res->noise = IS_5GHZ(res->freq) ? 1837 DEFAULT_NOISE_FLOOR_5GHZ : 1838 DEFAULT_NOISE_FLOOR_2GHZ; 1839 } 1840 1841 if (res->flags & WPA_SCAN_LEVEL_DBM) { 1842 res->snr = res->level - res->noise; 1843 } else { 1844 /* Level is not in dBm, so we can't calculate 1845 * SNR. Just use raw level (units unknown). */ 1846 res->snr = res->level; 1847 } 1848 } 1849 1850 1851 static unsigned int max_ht20_rate(int snr) 1852 { 1853 if (snr < 6) 1854 return 6500; /* HT20 MCS0 */ 1855 if (snr < 8) 1856 return 13000; /* HT20 MCS1 */ 1857 if (snr < 13) 1858 return 19500; /* HT20 MCS2 */ 1859 if (snr < 17) 1860 return 26000; /* HT20 MCS3 */ 1861 if (snr < 20) 1862 return 39000; /* HT20 MCS4 */ 1863 if (snr < 23) 1864 return 52000; /* HT20 MCS5 */ 1865 if (snr < 24) 1866 return 58500; /* HT20 MCS6 */ 1867 return 65000; /* HT20 MCS7 */ 1868 } 1869 1870 1871 static unsigned int max_ht40_rate(int snr) 1872 { 1873 if (snr < 3) 1874 return 13500; /* HT40 MCS0 */ 1875 if (snr < 6) 1876 return 27000; /* HT40 MCS1 */ 1877 if (snr < 10) 1878 return 40500; /* HT40 MCS2 */ 1879 if (snr < 15) 1880 return 54000; /* HT40 MCS3 */ 1881 if (snr < 17) 1882 return 81000; /* HT40 MCS4 */ 1883 if (snr < 22) 1884 return 108000; /* HT40 MCS5 */ 1885 if (snr < 24) 1886 return 121500; /* HT40 MCS6 */ 1887 return 135000; /* HT40 MCS7 */ 1888 } 1889 1890 1891 static unsigned int max_vht80_rate(int snr) 1892 { 1893 if (snr < 1) 1894 return 0; 1895 if (snr < 2) 1896 return 29300; /* VHT80 MCS0 */ 1897 if (snr < 5) 1898 return 58500; /* VHT80 MCS1 */ 1899 if (snr < 9) 1900 return 87800; /* VHT80 MCS2 */ 1901 if (snr < 11) 1902 return 117000; /* VHT80 MCS3 */ 1903 if (snr < 15) 1904 return 175500; /* VHT80 MCS4 */ 1905 if (snr < 16) 1906 return 234000; /* VHT80 MCS5 */ 1907 if (snr < 18) 1908 return 263300; /* VHT80 MCS6 */ 1909 if (snr < 20) 1910 return 292500; /* VHT80 MCS7 */ 1911 if (snr < 22) 1912 return 351000; /* VHT80 MCS8 */ 1913 return 390000; /* VHT80 MCS9 */ 1914 } 1915 1916 1917 static void scan_est_throughput(struct wpa_supplicant *wpa_s, 1918 struct wpa_scan_res *res) 1919 { 1920 enum local_hw_capab capab = wpa_s->hw_capab; 1921 int rate; /* max legacy rate in 500 kb/s units */ 1922 const u8 *ie; 1923 unsigned int est, tmp; 1924 int snr = res->snr; 1925 1926 if (res->est_throughput) 1927 return; 1928 1929 /* Get maximum legacy rate */ 1930 rate = wpa_scan_get_max_rate(res); 1931 1932 /* Limit based on estimated SNR */ 1933 if (rate > 1 * 2 && snr < 1) 1934 rate = 1 * 2; 1935 else if (rate > 2 * 2 && snr < 4) 1936 rate = 2 * 2; 1937 else if (rate > 6 * 2 && snr < 5) 1938 rate = 6 * 2; 1939 else if (rate > 9 * 2 && snr < 6) 1940 rate = 9 * 2; 1941 else if (rate > 12 * 2 && snr < 7) 1942 rate = 12 * 2; 1943 else if (rate > 18 * 2 && snr < 10) 1944 rate = 18 * 2; 1945 else if (rate > 24 * 2 && snr < 11) 1946 rate = 24 * 2; 1947 else if (rate > 36 * 2 && snr < 15) 1948 rate = 36 * 2; 1949 else if (rate > 48 * 2 && snr < 19) 1950 rate = 48 * 2; 1951 else if (rate > 54 * 2 && snr < 21) 1952 rate = 54 * 2; 1953 est = rate * 500; 1954 1955 if (capab == CAPAB_HT || capab == CAPAB_HT40 || capab == CAPAB_VHT) { 1956 ie = wpa_scan_get_ie(res, WLAN_EID_HT_CAP); 1957 if (ie) { 1958 tmp = max_ht20_rate(snr); 1959 if (tmp > est) 1960 est = tmp; 1961 } 1962 } 1963 1964 if (capab == CAPAB_HT40 || capab == CAPAB_VHT) { 1965 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 1966 if (ie && ie[1] >= 2 && 1967 (ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 1968 tmp = max_ht40_rate(snr); 1969 if (tmp > est) 1970 est = tmp; 1971 } 1972 } 1973 1974 if (capab == CAPAB_VHT) { 1975 /* Use +1 to assume VHT is always faster than HT */ 1976 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_CAP); 1977 if (ie) { 1978 tmp = max_ht20_rate(snr) + 1; 1979 if (tmp > est) 1980 est = tmp; 1981 1982 ie = wpa_scan_get_ie(res, WLAN_EID_HT_OPERATION); 1983 if (ie && ie[1] >= 2 && 1984 (ie[3] & 1985 HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK)) { 1986 tmp = max_ht40_rate(snr) + 1; 1987 if (tmp > est) 1988 est = tmp; 1989 } 1990 1991 ie = wpa_scan_get_ie(res, WLAN_EID_VHT_OPERATION); 1992 if (ie && ie[1] >= 1 && 1993 (ie[2] & VHT_OPMODE_CHANNEL_WIDTH_MASK)) { 1994 tmp = max_vht80_rate(snr) + 1; 1995 if (tmp > est) 1996 est = tmp; 1997 } 1998 } 1999 } 2000 2001 /* TODO: channel utilization and AP load (e.g., from AP Beacon) */ 2002 2003 res->est_throughput = est; 2004 } 2005 2006 2007 /** 2008 * wpa_supplicant_get_scan_results - Get scan results 2009 * @wpa_s: Pointer to wpa_supplicant data 2010 * @info: Information about what was scanned or %NULL if not available 2011 * @new_scan: Whether a new scan was performed 2012 * Returns: Scan results, %NULL on failure 2013 * 2014 * This function request the current scan results from the driver and updates 2015 * the local BSS list wpa_s->bss. The caller is responsible for freeing the 2016 * results with wpa_scan_results_free(). 2017 */ 2018 struct wpa_scan_results * 2019 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s, 2020 struct scan_info *info, int new_scan) 2021 { 2022 struct wpa_scan_results *scan_res; 2023 size_t i; 2024 int (*compar)(const void *, const void *) = wpa_scan_result_compar; 2025 2026 scan_res = wpa_drv_get_scan_results2(wpa_s); 2027 if (scan_res == NULL) { 2028 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results"); 2029 return NULL; 2030 } 2031 if (scan_res->fetch_time.sec == 0) { 2032 /* 2033 * Make sure we have a valid timestamp if the driver wrapper 2034 * does not set this. 2035 */ 2036 os_get_reltime(&scan_res->fetch_time); 2037 } 2038 filter_scan_res(wpa_s, scan_res); 2039 2040 for (i = 0; i < scan_res->num; i++) { 2041 struct wpa_scan_res *scan_res_item = scan_res->res[i]; 2042 2043 scan_snr(scan_res_item); 2044 scan_est_throughput(wpa_s, scan_res_item); 2045 } 2046 2047 #ifdef CONFIG_WPS 2048 if (wpas_wps_searching(wpa_s)) { 2049 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS " 2050 "provisioning rules"); 2051 compar = wpa_scan_result_wps_compar; 2052 } 2053 #endif /* CONFIG_WPS */ 2054 2055 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), 2056 compar); 2057 dump_scan_res(scan_res); 2058 2059 wpa_bss_update_start(wpa_s); 2060 for (i = 0; i < scan_res->num; i++) 2061 wpa_bss_update_scan_res(wpa_s, scan_res->res[i], 2062 &scan_res->fetch_time); 2063 wpa_bss_update_end(wpa_s, info, new_scan); 2064 2065 return scan_res; 2066 } 2067 2068 2069 /** 2070 * wpa_supplicant_update_scan_results - Update scan results from the driver 2071 * @wpa_s: Pointer to wpa_supplicant data 2072 * Returns: 0 on success, -1 on failure 2073 * 2074 * This function updates the BSS table within wpa_supplicant based on the 2075 * currently available scan results from the driver without requesting a new 2076 * scan. This is used in cases where the driver indicates an association 2077 * (including roaming within ESS) and wpa_supplicant does not yet have the 2078 * needed information to complete the connection (e.g., to perform validation 2079 * steps in 4-way handshake). 2080 */ 2081 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s) 2082 { 2083 struct wpa_scan_results *scan_res; 2084 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0); 2085 if (scan_res == NULL) 2086 return -1; 2087 wpa_scan_results_free(scan_res); 2088 2089 return 0; 2090 } 2091 2092 2093 /** 2094 * scan_only_handler - Reports scan results 2095 */ 2096 void scan_only_handler(struct wpa_supplicant *wpa_s, 2097 struct wpa_scan_results *scan_res) 2098 { 2099 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received"); 2100 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && 2101 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) { 2102 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u", 2103 wpa_s->manual_scan_id); 2104 wpa_s->manual_scan_use_id = 0; 2105 } else { 2106 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 2107 } 2108 wpas_notify_scan_results(wpa_s); 2109 wpas_notify_scan_done(wpa_s, 1); 2110 if (wpa_s->scan_work) { 2111 struct wpa_radio_work *work = wpa_s->scan_work; 2112 wpa_s->scan_work = NULL; 2113 radio_work_done(work); 2114 } 2115 } 2116 2117 2118 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s) 2119 { 2120 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL); 2121 } 2122 2123 2124 struct wpa_driver_scan_params * 2125 wpa_scan_clone_params(const struct wpa_driver_scan_params *src) 2126 { 2127 struct wpa_driver_scan_params *params; 2128 size_t i; 2129 u8 *n; 2130 2131 params = os_zalloc(sizeof(*params)); 2132 if (params == NULL) 2133 return NULL; 2134 2135 for (i = 0; i < src->num_ssids; i++) { 2136 if (src->ssids[i].ssid) { 2137 n = os_malloc(src->ssids[i].ssid_len); 2138 if (n == NULL) 2139 goto failed; 2140 os_memcpy(n, src->ssids[i].ssid, 2141 src->ssids[i].ssid_len); 2142 params->ssids[i].ssid = n; 2143 params->ssids[i].ssid_len = src->ssids[i].ssid_len; 2144 } 2145 } 2146 params->num_ssids = src->num_ssids; 2147 2148 if (src->extra_ies) { 2149 n = os_malloc(src->extra_ies_len); 2150 if (n == NULL) 2151 goto failed; 2152 os_memcpy(n, src->extra_ies, src->extra_ies_len); 2153 params->extra_ies = n; 2154 params->extra_ies_len = src->extra_ies_len; 2155 } 2156 2157 if (src->freqs) { 2158 int len = int_array_len(src->freqs); 2159 params->freqs = os_malloc((len + 1) * sizeof(int)); 2160 if (params->freqs == NULL) 2161 goto failed; 2162 os_memcpy(params->freqs, src->freqs, (len + 1) * sizeof(int)); 2163 } 2164 2165 if (src->filter_ssids) { 2166 params->filter_ssids = os_malloc(sizeof(*params->filter_ssids) * 2167 src->num_filter_ssids); 2168 if (params->filter_ssids == NULL) 2169 goto failed; 2170 os_memcpy(params->filter_ssids, src->filter_ssids, 2171 sizeof(*params->filter_ssids) * 2172 src->num_filter_ssids); 2173 params->num_filter_ssids = src->num_filter_ssids; 2174 } 2175 2176 params->filter_rssi = src->filter_rssi; 2177 params->p2p_probe = src->p2p_probe; 2178 params->only_new_results = src->only_new_results; 2179 params->low_priority = src->low_priority; 2180 2181 if (src->mac_addr_rand) { 2182 params->mac_addr_rand = src->mac_addr_rand; 2183 2184 if (src->mac_addr && src->mac_addr_mask) { 2185 u8 *mac_addr; 2186 2187 mac_addr = os_malloc(2 * ETH_ALEN); 2188 if (!mac_addr) 2189 goto failed; 2190 2191 os_memcpy(mac_addr, src->mac_addr, ETH_ALEN); 2192 os_memcpy(mac_addr + ETH_ALEN, src->mac_addr_mask, 2193 ETH_ALEN); 2194 params->mac_addr = mac_addr; 2195 params->mac_addr_mask = mac_addr + ETH_ALEN; 2196 } 2197 } 2198 return params; 2199 2200 failed: 2201 wpa_scan_free_params(params); 2202 return NULL; 2203 } 2204 2205 2206 void wpa_scan_free_params(struct wpa_driver_scan_params *params) 2207 { 2208 size_t i; 2209 2210 if (params == NULL) 2211 return; 2212 2213 for (i = 0; i < params->num_ssids; i++) 2214 os_free((u8 *) params->ssids[i].ssid); 2215 os_free((u8 *) params->extra_ies); 2216 os_free(params->freqs); 2217 os_free(params->filter_ssids); 2218 2219 /* 2220 * Note: params->mac_addr_mask points to same memory allocation and 2221 * must not be freed separately. 2222 */ 2223 os_free((u8 *) params->mac_addr); 2224 2225 os_free(params); 2226 } 2227 2228 2229 int wpas_start_pno(struct wpa_supplicant *wpa_s) 2230 { 2231 int ret, interval, prio; 2232 size_t i, num_ssid, num_match_ssid; 2233 struct wpa_ssid *ssid; 2234 struct wpa_driver_scan_params params; 2235 2236 if (!wpa_s->sched_scan_supported) 2237 return -1; 2238 2239 if (wpa_s->pno || wpa_s->pno_sched_pending) 2240 return 0; 2241 2242 if ((wpa_s->wpa_state > WPA_SCANNING) && 2243 (wpa_s->wpa_state <= WPA_COMPLETED)) { 2244 wpa_printf(MSG_ERROR, "PNO: In assoc process"); 2245 return -EAGAIN; 2246 } 2247 2248 if (wpa_s->wpa_state == WPA_SCANNING) { 2249 wpa_supplicant_cancel_scan(wpa_s); 2250 if (wpa_s->sched_scanning) { 2251 wpa_printf(MSG_DEBUG, "Schedule PNO on completion of " 2252 "ongoing sched scan"); 2253 wpa_supplicant_cancel_sched_scan(wpa_s); 2254 wpa_s->pno_sched_pending = 1; 2255 return 0; 2256 } 2257 } 2258 2259 os_memset(¶ms, 0, sizeof(params)); 2260 2261 num_ssid = num_match_ssid = 0; 2262 ssid = wpa_s->conf->ssid; 2263 while (ssid) { 2264 if (!wpas_network_disabled(wpa_s, ssid)) { 2265 num_match_ssid++; 2266 if (ssid->scan_ssid) 2267 num_ssid++; 2268 } 2269 ssid = ssid->next; 2270 } 2271 2272 if (num_match_ssid == 0) { 2273 wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs"); 2274 return -1; 2275 } 2276 2277 if (num_match_ssid > num_ssid) { 2278 params.num_ssids++; /* wildcard */ 2279 num_ssid++; 2280 } 2281 2282 if (num_ssid > WPAS_MAX_SCAN_SSIDS) { 2283 wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from " 2284 "%u", WPAS_MAX_SCAN_SSIDS, (unsigned int) num_ssid); 2285 num_ssid = WPAS_MAX_SCAN_SSIDS; 2286 } 2287 2288 if (num_match_ssid > wpa_s->max_match_sets) { 2289 num_match_ssid = wpa_s->max_match_sets; 2290 wpa_dbg(wpa_s, MSG_DEBUG, "PNO: Too many SSIDs to match"); 2291 } 2292 params.filter_ssids = os_calloc(num_match_ssid, 2293 sizeof(struct wpa_driver_scan_filter)); 2294 if (params.filter_ssids == NULL) 2295 return -1; 2296 2297 i = 0; 2298 prio = 0; 2299 ssid = wpa_s->conf->pssid[prio]; 2300 while (ssid) { 2301 if (!wpas_network_disabled(wpa_s, ssid)) { 2302 if (ssid->scan_ssid && params.num_ssids < num_ssid) { 2303 params.ssids[params.num_ssids].ssid = 2304 ssid->ssid; 2305 params.ssids[params.num_ssids].ssid_len = 2306 ssid->ssid_len; 2307 params.num_ssids++; 2308 } 2309 os_memcpy(params.filter_ssids[i].ssid, ssid->ssid, 2310 ssid->ssid_len); 2311 params.filter_ssids[i].ssid_len = ssid->ssid_len; 2312 params.num_filter_ssids++; 2313 i++; 2314 if (i == num_match_ssid) 2315 break; 2316 } 2317 if (ssid->pnext) 2318 ssid = ssid->pnext; 2319 else if (prio + 1 == wpa_s->conf->num_prio) 2320 break; 2321 else 2322 ssid = wpa_s->conf->pssid[++prio]; 2323 } 2324 2325 if (wpa_s->conf->filter_rssi) 2326 params.filter_rssi = wpa_s->conf->filter_rssi; 2327 2328 interval = wpa_s->conf->sched_scan_interval ? 2329 wpa_s->conf->sched_scan_interval : 10; 2330 2331 if (params.freqs == NULL && wpa_s->manual_sched_scan_freqs) { 2332 wpa_dbg(wpa_s, MSG_DEBUG, "Limit sched scan to specified channels"); 2333 params.freqs = wpa_s->manual_sched_scan_freqs; 2334 } 2335 2336 if (wpa_s->mac_addr_rand_enable & MAC_ADDR_RAND_PNO) { 2337 params.mac_addr_rand = 1; 2338 if (wpa_s->mac_addr_pno) { 2339 params.mac_addr = wpa_s->mac_addr_pno; 2340 params.mac_addr_mask = wpa_s->mac_addr_pno + ETH_ALEN; 2341 } 2342 } 2343 2344 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms, interval); 2345 os_free(params.filter_ssids); 2346 if (ret == 0) 2347 wpa_s->pno = 1; 2348 else 2349 wpa_msg(wpa_s, MSG_ERROR, "Failed to schedule PNO"); 2350 return ret; 2351 } 2352 2353 2354 int wpas_stop_pno(struct wpa_supplicant *wpa_s) 2355 { 2356 int ret = 0; 2357 2358 if (!wpa_s->pno) 2359 return 0; 2360 2361 ret = wpa_supplicant_stop_sched_scan(wpa_s); 2362 2363 wpa_s->pno = 0; 2364 wpa_s->pno_sched_pending = 0; 2365 2366 if (wpa_s->wpa_state == WPA_SCANNING) 2367 wpa_supplicant_req_scan(wpa_s, 0, 0); 2368 2369 return ret; 2370 } 2371 2372 2373 void wpas_mac_addr_rand_scan_clear(struct wpa_supplicant *wpa_s, 2374 unsigned int type) 2375 { 2376 type &= MAC_ADDR_RAND_ALL; 2377 wpa_s->mac_addr_rand_enable &= ~type; 2378 2379 if (type & MAC_ADDR_RAND_SCAN) { 2380 os_free(wpa_s->mac_addr_scan); 2381 wpa_s->mac_addr_scan = NULL; 2382 } 2383 2384 if (type & MAC_ADDR_RAND_SCHED_SCAN) { 2385 os_free(wpa_s->mac_addr_sched_scan); 2386 wpa_s->mac_addr_sched_scan = NULL; 2387 } 2388 2389 if (type & MAC_ADDR_RAND_PNO) { 2390 os_free(wpa_s->mac_addr_pno); 2391 wpa_s->mac_addr_pno = NULL; 2392 } 2393 } 2394 2395 2396 int wpas_mac_addr_rand_scan_set(struct wpa_supplicant *wpa_s, 2397 unsigned int type, const u8 *addr, 2398 const u8 *mask) 2399 { 2400 u8 *tmp = NULL; 2401 2402 wpas_mac_addr_rand_scan_clear(wpa_s, type); 2403 2404 if (addr) { 2405 tmp = os_malloc(2 * ETH_ALEN); 2406 if (!tmp) 2407 return -1; 2408 os_memcpy(tmp, addr, ETH_ALEN); 2409 os_memcpy(tmp + ETH_ALEN, mask, ETH_ALEN); 2410 } 2411 2412 if (type == MAC_ADDR_RAND_SCAN) { 2413 wpa_s->mac_addr_scan = tmp; 2414 } else if (type == MAC_ADDR_RAND_SCHED_SCAN) { 2415 wpa_s->mac_addr_sched_scan = tmp; 2416 } else if (type == MAC_ADDR_RAND_PNO) { 2417 wpa_s->mac_addr_pno = tmp; 2418 } else { 2419 wpa_printf(MSG_INFO, 2420 "scan: Invalid MAC randomization type=0x%x", 2421 type); 2422 os_free(tmp); 2423 return -1; 2424 } 2425 2426 wpa_s->mac_addr_rand_enable |= type; 2427 return 0; 2428 } 2429