2 * WPA Supplicant - Scanning
3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
15 #include "wpa_supplicant_i.h"
17 #include "wps_supplicant.h"
18 #include "p2p_supplicant.h"
20 #include "hs20_supplicant.h"
26 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
28 struct wpa_ssid *ssid;
29 union wpa_event_data data;
31 ssid = wpa_supplicant_get_ssid(wpa_s);
35 if (wpa_s->current_ssid == NULL) {
36 wpa_s->current_ssid = ssid;
37 if (wpa_s->current_ssid != NULL)
38 wpas_notify_network_changed(wpa_s);
40 wpa_supplicant_initiate_eapol(wpa_s);
41 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured "
42 "network - generating associated event");
43 os_memset(&data, 0, sizeof(data));
44 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
49 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s,
50 enum wps_request_type *req_type)
52 struct wpa_ssid *ssid;
55 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
56 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
60 *req_type = wpas_wps_get_req_type(ssid);
61 if (!ssid->eap.phase1)
64 if (os_strstr(ssid->eap.phase1, "pbc=1"))
69 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p) {
70 wpa_s->wps->dev.p2p = 1;
73 *req_type = WPS_REQ_ENROLLEE_INFO;
76 #endif /* CONFIG_P2P */
80 #endif /* CONFIG_WPS */
83 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s)
85 struct wpa_ssid *ssid = wpa_s->conf->ssid;
88 if (!wpas_network_disabled(wpa_s, ssid))
92 if (wpa_s->conf->cred && wpa_s->conf->interworking &&
93 wpa_s->conf->auto_interworking)
99 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s,
100 struct wpa_ssid *ssid)
103 if (!wpas_network_disabled(wpa_s, ssid))
108 /* ap_scan=2 mode - try to associate with each SSID. */
110 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached "
111 "end of scan list - go back to beginning");
112 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
113 wpa_supplicant_req_scan(wpa_s, 0, 0);
117 /* Continue from the next SSID on the next attempt. */
118 wpa_s->prev_scan_ssid = ssid;
120 /* Start from the beginning of the SSID list. */
121 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
123 wpa_supplicant_associate(wpa_s, NULL, ssid);
127 static int int_array_len(const int *a)
130 for (i = 0; a && a[i]; i++)
136 static void int_array_concat(int **res, const int *a)
141 reslen = int_array_len(*res);
142 alen = int_array_len(a);
144 n = os_realloc_array(*res, reslen + alen + 1, sizeof(int));
150 for (i = 0; i <= alen; i++)
151 n[reslen + i] = a[i];
156 static int freq_cmp(const void *a, const void *b)
169 static void int_array_sort_unique(int *a)
177 alen = int_array_len(a);
178 qsort(a, alen, sizeof(int), freq_cmp);
182 while (a[i] && a[j]) {
195 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
196 struct wpa_driver_scan_params *params)
200 wpa_supplicant_notify_scanning(wpa_s, 1);
202 ret = wpa_drv_scan(wpa_s, params);
204 wpa_supplicant_notify_scanning(wpa_s, 0);
205 wpas_notify_scan_done(wpa_s, 0);
208 wpa_s->normal_scans++;
216 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
218 struct wpa_supplicant *wpa_s = eloop_ctx;
220 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan");
222 if (wpa_supplicant_req_sched_scan(wpa_s))
223 wpa_supplicant_req_scan(wpa_s, 0, 0);
228 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
230 struct wpa_supplicant *wpa_s = eloop_ctx;
232 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it");
234 wpa_s->sched_scan_timed_out = 1;
235 wpa_supplicant_cancel_sched_scan(wpa_s);
240 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s,
241 struct wpa_driver_scan_params *params,
246 wpa_supplicant_notify_scanning(wpa_s, 1);
247 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000);
249 wpa_supplicant_notify_scanning(wpa_s, 0);
251 wpa_s->sched_scanning = 1;
257 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s)
261 ret = wpa_drv_stop_sched_scan(wpa_s);
263 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!");
264 /* TODO: what to do if stopping fails? */
272 static struct wpa_driver_scan_filter *
273 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids)
275 struct wpa_driver_scan_filter *ssids;
276 struct wpa_ssid *ssid;
280 if (!conf->filter_ssids)
283 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) {
284 if (ssid->ssid && ssid->ssid_len)
289 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter));
293 for (ssid = conf->ssid; ssid; ssid = ssid->next) {
294 if (!ssid->ssid || !ssid->ssid_len)
296 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len);
297 ssids[*num_ssids].ssid_len = ssid->ssid_len;
305 static void wpa_supplicant_optimize_freqs(
306 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params)
309 if (params->freqs == NULL && wpa_s->p2p_in_provisioning &&
311 /* Optimize provisioning state scan based on GO information */
312 if (wpa_s->p2p_in_provisioning < 5 &&
313 wpa_s->go_params->freq > 0) {
314 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO "
315 "preferred frequency %d MHz",
316 wpa_s->go_params->freq);
317 params->freqs = os_zalloc(2 * sizeof(int));
319 params->freqs[0] = wpa_s->go_params->freq;
320 } else if (wpa_s->p2p_in_provisioning < 8 &&
321 wpa_s->go_params->freq_list[0]) {
322 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common "
324 int_array_concat(¶ms->freqs,
325 wpa_s->go_params->freq_list);
327 int_array_sort_unique(params->freqs);
329 wpa_s->p2p_in_provisioning++;
331 #endif /* CONFIG_P2P */
334 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) {
336 * Optimize post-provisioning scan based on channel used
337 * during provisioning.
339 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz "
340 "that was used during provisioning", wpa_s->wps_freq);
341 params->freqs = os_zalloc(2 * sizeof(int));
343 params->freqs[0] = wpa_s->wps_freq;
347 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq)
349 /* Optimize provisioning scan based on already known channel */
350 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz",
352 params->freqs = os_zalloc(2 * sizeof(int));
354 params->freqs[0] = wpa_s->wps_freq;
355 wpa_s->known_wps_freq = 0; /* only do this once */
357 #endif /* CONFIG_WPS */
361 #ifdef CONFIG_INTERWORKING
362 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s,
365 if (wpa_s->conf->interworking == 0)
368 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB);
369 wpabuf_put_u8(buf, 4);
370 wpabuf_put_u8(buf, 0x00);
371 wpabuf_put_u8(buf, 0x00);
372 wpabuf_put_u8(buf, 0x00);
373 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */
375 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING);
376 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 :
378 wpabuf_put_u8(buf, wpa_s->conf->access_network_type);
380 if (!is_zero_ether_addr(wpa_s->conf->hessid))
381 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN);
383 #endif /* CONFIG_INTERWORKING */
386 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
388 struct wpabuf *extra_ie = NULL;
391 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
392 #endif /* CONFIG_WPS */
394 #ifdef CONFIG_INTERWORKING
395 if (wpa_s->conf->interworking &&
396 wpabuf_resize(&extra_ie, 100) == 0)
397 wpas_add_interworking_elements(wpa_s, extra_ie);
398 #endif /* CONFIG_INTERWORKING */
401 wps = wpas_wps_in_use(wpa_s, &req_type);
404 struct wpabuf *wps_ie;
405 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON :
408 wpa_s->wps->uuid, req_type,
411 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0)
412 wpabuf_put_buf(extra_ie, wps_ie);
419 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
420 if (wpabuf_resize(&extra_ie, ielen) == 0)
421 wpas_p2p_scan_ie(wpa_s, extra_ie);
423 #endif /* CONFIG_P2P */
425 #endif /* CONFIG_WPS */
431 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
433 struct wpa_supplicant *wpa_s = eloop_ctx;
434 struct wpa_ssid *ssid;
435 int scan_req = 0, ret;
436 struct wpabuf *extra_ie = NULL;
437 struct wpa_driver_scan_params params;
438 struct wpa_driver_scan_params *scan_params;
440 enum wpa_states prev_state;
442 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
443 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled");
447 if (wpa_s->disconnected && !wpa_s->scan_req) {
448 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
452 if (!wpa_supplicant_enabled_networks(wpa_s) &&
454 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan");
455 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
459 if (wpa_s->conf->ap_scan != 0 &&
460 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) {
461 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - "
462 "overriding ap_scan configuration");
463 wpa_s->conf->ap_scan = 0;
464 wpas_notify_ap_scan_changed(wpa_s);
467 if (wpa_s->conf->ap_scan == 0) {
468 wpa_supplicant_gen_assoc_event(wpa_s);
473 if (wpas_p2p_in_progress(wpa_s)) {
474 if (wpa_s->sta_scan_pending &&
475 wpas_p2p_in_progress(wpa_s) == 2 &&
476 wpa_s->p2p_cb_on_scan_complete) {
477 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending station "
478 "mode scan during P2P search");
480 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan "
481 "while P2P operation is in progress");
482 wpa_s->sta_scan_pending = 1;
483 wpa_supplicant_req_scan(wpa_s, 5, 0);
487 #endif /* CONFIG_P2P */
489 if (wpa_s->conf->ap_scan == 2)
492 max_ssids = wpa_s->max_scan_ssids;
493 if (max_ssids > WPAS_MAX_SCAN_SSIDS)
494 max_ssids = WPAS_MAX_SCAN_SSIDS;
497 scan_req = wpa_s->scan_req;
500 os_memset(¶ms, 0, sizeof(params));
502 prev_state = wpa_s->wpa_state;
503 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
504 wpa_s->wpa_state == WPA_INACTIVE)
505 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
508 * If autoscan has set its own scanning parameters
510 if (wpa_s->autoscan_params != NULL) {
511 scan_params = wpa_s->autoscan_params;
515 if (scan_req != 2 && wpa_s->connect_without_scan) {
516 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
517 if (ssid == wpa_s->connect_without_scan)
520 wpa_s->connect_without_scan = NULL;
522 wpa_printf(MSG_DEBUG, "Start a pre-selected network "
523 "without scan step");
524 wpa_supplicant_associate(wpa_s, NULL, ssid);
530 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) &&
532 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during "
533 "P2P group formation");
534 params.ssids[0].ssid = wpa_s->go_params->ssid;
535 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len;
536 params.num_ssids = 1;
539 #endif /* CONFIG_P2P */
541 /* Find the starting point from which to continue scanning */
542 ssid = wpa_s->conf->ssid;
543 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) {
545 if (ssid == wpa_s->prev_scan_ssid) {
553 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
554 wpa_s->connect_without_scan = NULL;
555 wpa_s->prev_scan_wildcard = 0;
556 wpa_supplicant_assoc_try(wpa_s, ssid);
558 } else if (wpa_s->conf->ap_scan == 2) {
560 * User-initiated scan request in ap_scan == 2; scan with
565 struct wpa_ssid *start = ssid, *tssid;
567 if (ssid == NULL && max_ssids > 1)
568 ssid = wpa_s->conf->ssid;
570 if (!wpas_network_disabled(wpa_s, ssid) &&
572 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
573 ssid->ssid, ssid->ssid_len);
574 params.ssids[params.num_ssids].ssid =
576 params.ssids[params.num_ssids].ssid_len =
579 if (params.num_ssids + 1 >= max_ssids)
585 if (ssid == NULL && max_ssids > 1 &&
586 start != wpa_s->conf->ssid)
587 ssid = wpa_s->conf->ssid;
590 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) {
591 if (wpas_network_disabled(wpa_s, tssid))
593 if ((params.freqs || !freqs_set) && tssid->scan_freq) {
594 int_array_concat(¶ms.freqs,
597 os_free(params.freqs);
602 int_array_sort_unique(params.freqs);
605 if (ssid && max_ssids == 1) {
607 * If the driver is limited to 1 SSID at a time interleave
608 * wildcard SSID scans with specific SSID scans to avoid
609 * waiting a long time for a wildcard scan.
611 if (!wpa_s->prev_scan_wildcard) {
612 params.ssids[0].ssid = NULL;
613 params.ssids[0].ssid_len = 0;
614 wpa_s->prev_scan_wildcard = 1;
615 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for "
616 "wildcard SSID (Interleave with specific)");
618 wpa_s->prev_scan_ssid = ssid;
619 wpa_s->prev_scan_wildcard = 0;
620 wpa_dbg(wpa_s, MSG_DEBUG,
621 "Starting AP scan for specific SSID: %s",
622 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
627 wpa_s->prev_scan_ssid = ssid;
628 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in "
632 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
634 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard "
639 #endif /* CONFIG_P2P */
641 wpa_supplicant_optimize_freqs(wpa_s, ¶ms);
642 extra_ie = wpa_supplicant_extra_ies(wpa_s);
645 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 6) == 0)
646 wpas_hs20_add_indication(extra_ie);
647 #endif /* CONFIG_HS20 */
649 if (params.freqs == NULL && wpa_s->next_scan_freqs) {
650 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously "
651 "generated frequency list");
652 params.freqs = wpa_s->next_scan_freqs;
654 os_free(wpa_s->next_scan_freqs);
655 wpa_s->next_scan_freqs = NULL;
657 params.filter_ssids = wpa_supplicant_build_filter_ssids(
658 wpa_s->conf, ¶ms.num_filter_ssids);
660 params.extra_ies = wpabuf_head(extra_ie);
661 params.extra_ies_len = wpabuf_len(extra_ie);
665 if (wpa_s->p2p_in_provisioning ||
666 (wpa_s->show_group_started && wpa_s->go_params)) {
668 * The interface may not yet be in P2P mode, so we have to
669 * explicitly request P2P probe to disable CCK rates.
671 params.p2p_probe = 1;
673 #endif /* CONFIG_P2P */
675 scan_params = ¶ms;
678 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params);
680 wpabuf_free(extra_ie);
681 os_free(params.freqs);
682 os_free(params.filter_ssids);
685 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan");
686 if (prev_state != wpa_s->wpa_state)
687 wpa_supplicant_set_state(wpa_s, prev_state);
688 wpa_supplicant_req_scan(wpa_s, 1, 0);
694 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
695 * @wpa_s: Pointer to wpa_supplicant data
696 * @sec: Number of seconds after which to scan
697 * @usec: Number of microseconds after which to scan
699 * This function is used to schedule a scan for neighboring access points after
700 * the specified time.
702 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
704 /* If there's at least one network that should be specifically scanned
705 * then don't cancel the scan and reschedule. Some drivers do
706 * background scanning which generates frequent scan results, and that
707 * causes the specific SSID scan to get continually pushed back and
708 * never happen, which causes hidden APs to never get probe-scanned.
710 if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) &&
711 wpa_s->conf->ap_scan == 1) {
712 struct wpa_ssid *ssid = wpa_s->conf->ssid;
715 if (!wpas_network_disabled(wpa_s, ssid) &&
721 wpa_dbg(wpa_s, MSG_DEBUG, "Not rescheduling scan to "
722 "ensure that specific SSID scans occur");
727 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
729 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
730 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
735 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan
736 * @wpa_s: Pointer to wpa_supplicant data
737 * @sec: Number of seconds after which to scan
738 * @usec: Number of microseconds after which to scan
740 * This function is used to schedule periodic scans for neighboring
741 * access points after the specified time.
743 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s,
746 if (!wpa_s->sched_scan_supported)
749 eloop_register_timeout(sec, usec,
750 wpa_supplicant_delayed_sched_scan_timeout,
758 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan
759 * @wpa_s: Pointer to wpa_supplicant data
761 * This function is used to schedule periodic scans for neighboring
762 * access points repeating the scan continuously.
764 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s)
766 struct wpa_driver_scan_params params;
767 struct wpa_driver_scan_params *scan_params;
768 enum wpa_states prev_state;
769 struct wpa_ssid *ssid = NULL;
770 struct wpabuf *extra_ie = NULL;
772 unsigned int max_sched_scan_ssids;
776 if (!wpa_s->sched_scan_supported)
779 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS)
780 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS;
782 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids;
783 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload)
786 if (wpa_s->sched_scanning) {
787 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning");
792 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
793 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) {
794 /* Use wildcard SSID to find this network */
796 } else if (!wpas_network_disabled(wpa_s, ssid) &&
801 if (!wpas_network_disabled(wpa_s, ssid) &&
802 ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
804 * Normal scan is more reliable and faster for WPS
805 * operations and since these are for short periods of
806 * time, the benefit of trying to use sched_scan would
809 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
810 "sched_scan for WPS");
813 #endif /* CONFIG_WPS */
818 if (wpa_s->normal_scans < 3 &&
819 (need_ssids <= wpa_s->max_scan_ssids ||
820 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) {
822 * When normal scan can speed up operations, use that for the
823 * first operations before starting the sched_scan to allow
824 * user space sleep more. We do this only if the normal scan
825 * has functionality that is suitable for this or if the
826 * sched_scan does not have better support for multiple SSIDs.
828 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
829 "sched_scan for initial scans (normal_scans=%d)",
830 wpa_s->normal_scans);
834 os_memset(¶ms, 0, sizeof(params));
836 /* If we can't allocate space for the filters, we just don't filter */
837 params.filter_ssids = os_zalloc(wpa_s->max_match_sets *
838 sizeof(struct wpa_driver_scan_filter));
840 prev_state = wpa_s->wpa_state;
841 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
842 wpa_s->wpa_state == WPA_INACTIVE)
843 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
845 if (wpa_s->autoscan_params != NULL) {
846 scan_params = wpa_s->autoscan_params;
850 /* Find the starting point from which to continue scanning */
851 ssid = wpa_s->conf->ssid;
852 if (wpa_s->prev_sched_ssid) {
854 if (ssid == wpa_s->prev_sched_ssid) {
862 if (!ssid || !wpa_s->prev_sched_ssid) {
863 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list");
865 if (wpa_s->sched_scan_interval == 0)
866 wpa_s->sched_scan_interval = 10;
867 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
868 wpa_s->first_sched_scan = 1;
869 ssid = wpa_s->conf->ssid;
870 wpa_s->prev_sched_ssid = ssid;
874 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan");
879 if (wpas_network_disabled(wpa_s, ssid))
882 if (params.num_filter_ssids < wpa_s->max_match_sets &&
883 params.filter_ssids && ssid->ssid && ssid->ssid_len) {
884 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s",
885 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
886 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid,
887 ssid->ssid, ssid->ssid_len);
888 params.filter_ssids[params.num_filter_ssids].ssid_len =
890 params.num_filter_ssids++;
891 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len)
893 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID "
894 "filter for sched_scan - drop filter");
895 os_free(params.filter_ssids);
896 params.filter_ssids = NULL;
897 params.num_filter_ssids = 0;
900 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) {
901 if (params.num_ssids == max_sched_scan_ssids)
902 break; /* only room for broadcast SSID */
903 wpa_dbg(wpa_s, MSG_DEBUG,
904 "add to active scan ssid: %s",
905 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
906 params.ssids[params.num_ssids].ssid =
908 params.ssids[params.num_ssids].ssid_len =
911 if (params.num_ssids >= max_sched_scan_ssids) {
912 wpa_s->prev_sched_ssid = ssid;
916 (wpas_network_disabled(wpa_s, ssid) ||
923 wpa_s->prev_sched_ssid = ssid;
927 if (params.num_filter_ssids == 0) {
928 os_free(params.filter_ssids);
929 params.filter_ssids = NULL;
932 extra_ie = wpa_supplicant_extra_ies(wpa_s);
934 params.extra_ies = wpabuf_head(extra_ie);
935 params.extra_ies_len = wpabuf_len(extra_ie);
938 scan_params = ¶ms;
941 if (ssid || !wpa_s->first_sched_scan) {
942 wpa_dbg(wpa_s, MSG_DEBUG,
943 "Starting sched scan: interval %d timeout %d",
944 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout);
946 wpa_dbg(wpa_s, MSG_DEBUG,
947 "Starting sched scan: interval %d (no timeout)",
948 wpa_s->sched_scan_interval);
951 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params,
952 wpa_s->sched_scan_interval);
953 wpabuf_free(extra_ie);
954 os_free(params.filter_ssids);
956 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan");
957 if (prev_state != wpa_s->wpa_state)
958 wpa_supplicant_set_state(wpa_s, prev_state);
962 /* If we have more SSIDs to scan, add a timeout so we scan them too */
963 if (ssid || !wpa_s->first_sched_scan) {
964 wpa_s->sched_scan_timed_out = 0;
965 eloop_register_timeout(wpa_s->sched_scan_timeout, 0,
966 wpa_supplicant_sched_scan_timeout,
968 wpa_s->first_sched_scan = 0;
969 wpa_s->sched_scan_timeout /= 2;
970 wpa_s->sched_scan_interval *= 2;
978 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
979 * @wpa_s: Pointer to wpa_supplicant data
981 * This function is used to cancel a scan request scheduled with
982 * wpa_supplicant_req_scan().
984 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
986 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request");
987 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
992 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans
993 * @wpa_s: Pointer to wpa_supplicant data
995 * This function is used to stop a periodic scheduled scan.
997 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s)
999 if (!wpa_s->sched_scanning)
1002 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan");
1003 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL);
1004 wpa_supplicant_stop_sched_scan(wpa_s);
1008 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
1011 if (wpa_s->scanning != scanning) {
1012 wpa_s->scanning = scanning;
1013 wpas_notify_scanning(wpa_s);
1018 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res)
1024 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES);
1025 for (i = 0; ie && i < ie[1]; i++) {
1026 if ((ie[i + 2] & 0x7f) > rate)
1027 rate = ie[i + 2] & 0x7f;
1030 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES);
1031 for (i = 0; ie && i < ie[1]; i++) {
1032 if ((ie[i + 2] & 0x7f) > rate)
1033 rate = ie[i + 2] & 0x7f;
1040 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
1042 const u8 *end, *pos;
1044 pos = (const u8 *) (res + 1);
1045 end = pos + res->ie_len;
1047 while (pos + 1 < end) {
1048 if (pos + 2 + pos[1] > end)
1059 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
1062 const u8 *end, *pos;
1064 pos = (const u8 *) (res + 1);
1065 end = pos + res->ie_len;
1067 while (pos + 1 < end) {
1068 if (pos + 2 + pos[1] > end)
1070 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1071 vendor_type == WPA_GET_BE32(&pos[2]))
1080 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res,
1084 const u8 *end, *pos;
1086 buf = wpabuf_alloc(res->ie_len);
1090 pos = (const u8 *) (res + 1);
1091 end = pos + res->ie_len;
1093 while (pos + 1 < end) {
1094 if (pos + 2 + pos[1] > end)
1096 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1097 vendor_type == WPA_GET_BE32(&pos[2]))
1098 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
1102 if (wpabuf_len(buf) == 0) {
1111 struct wpabuf * wpa_scan_get_vendor_ie_multi_beacon(
1112 const struct wpa_scan_res *res, u32 vendor_type)
1115 const u8 *end, *pos;
1117 if (res->beacon_ie_len == 0)
1119 buf = wpabuf_alloc(res->beacon_ie_len);
1123 pos = (const u8 *) (res + 1);
1125 end = pos + res->beacon_ie_len;
1127 while (pos + 1 < end) {
1128 if (pos + 2 + pos[1] > end)
1130 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1131 vendor_type == WPA_GET_BE32(&pos[2]))
1132 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
1136 if (wpabuf_len(buf) == 0) {
1146 * Channels with a great SNR can operate at full rate. What is a great SNR?
1147 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general
1148 * rule of thumb is that any SNR above 20 is good." This one
1149 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23
1150 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a
1151 * conservative value.
1153 #define GREAT_SNR 30
1155 /* Compare function for sorting scan results. Return >0 if @b is considered
1157 static int wpa_scan_result_compar(const void *a, const void *b)
1159 #define IS_5GHZ(n) (n > 4000)
1160 #define MIN(a,b) a < b ? a : b
1161 struct wpa_scan_res **_wa = (void *) a;
1162 struct wpa_scan_res **_wb = (void *) b;
1163 struct wpa_scan_res *wa = *_wa;
1164 struct wpa_scan_res *wb = *_wb;
1165 int wpa_a, wpa_b, maxrate_a, maxrate_b;
1168 /* WPA/WPA2 support preferred */
1169 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL ||
1170 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL;
1171 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL ||
1172 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL;
1174 if (wpa_b && !wpa_a)
1176 if (!wpa_b && wpa_a)
1179 /* privacy support preferred */
1180 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
1181 (wb->caps & IEEE80211_CAP_PRIVACY))
1183 if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
1184 (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
1187 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) &&
1188 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) {
1189 snr_a = MIN(wa->level - wa->noise, GREAT_SNR);
1190 snr_b = MIN(wb->level - wb->noise, GREAT_SNR);
1192 /* Not suitable information to calculate SNR, so use level */
1197 /* best/max rate preferred if SNR close enough */
1198 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) ||
1199 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {
1200 maxrate_a = wpa_scan_get_max_rate(wa);
1201 maxrate_b = wpa_scan_get_max_rate(wb);
1202 if (maxrate_a != maxrate_b)
1203 return maxrate_b - maxrate_a;
1204 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq))
1205 return IS_5GHZ(wa->freq) ? -1 : 1;
1208 /* use freq for channel preference */
1210 /* all things being equal, use SNR; if SNRs are
1211 * identical, use quality values since some drivers may only report
1212 * that value and leave the signal level zero */
1214 return wb->qual - wa->qual;
1215 return snr_b - snr_a;
1222 /* Compare function for sorting scan results when searching a WPS AP for
1223 * provisioning. Return >0 if @b is considered better. */
1224 static int wpa_scan_result_wps_compar(const void *a, const void *b)
1226 struct wpa_scan_res **_wa = (void *) a;
1227 struct wpa_scan_res **_wb = (void *) b;
1228 struct wpa_scan_res *wa = *_wa;
1229 struct wpa_scan_res *wb = *_wb;
1230 int uses_wps_a, uses_wps_b;
1231 struct wpabuf *wps_a, *wps_b;
1234 /* Optimization - check WPS IE existence before allocated memory and
1235 * doing full reassembly. */
1236 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL;
1237 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL;
1238 if (uses_wps_a && !uses_wps_b)
1240 if (!uses_wps_a && uses_wps_b)
1243 if (uses_wps_a && uses_wps_b) {
1244 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE);
1245 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE);
1246 res = wps_ap_priority_compar(wps_a, wps_b);
1254 * Do not use current AP security policy as a sorting criteria during
1255 * WPS provisioning step since the AP may get reconfigured at the
1256 * completion of provisioning.
1259 /* all things being equal, use signal level; if signal levels are
1260 * identical, use quality values since some drivers may only report
1261 * that value and leave the signal level zero */
1262 if (wb->level == wa->level)
1263 return wb->qual - wa->qual;
1264 return wb->level - wa->level;
1266 #endif /* CONFIG_WPS */
1269 static void dump_scan_res(struct wpa_scan_results *scan_res)
1271 #ifndef CONFIG_NO_STDOUT_DEBUG
1274 if (scan_res->res == NULL || scan_res->num == 0)
1277 wpa_printf(MSG_EXCESSIVE, "Sorted scan results");
1279 for (i = 0; i < scan_res->num; i++) {
1280 struct wpa_scan_res *r = scan_res->res[i];
1282 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID))
1283 == WPA_SCAN_LEVEL_DBM) {
1284 int snr = r->level - r->noise;
1285 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
1286 "noise=%d level=%d snr=%d%s flags=0x%x",
1287 MAC2STR(r->bssid), r->freq, r->qual,
1288 r->noise, r->level, snr,
1289 snr >= GREAT_SNR ? "*" : "", r->flags);
1291 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
1292 "noise=%d level=%d flags=0x%x",
1293 MAC2STR(r->bssid), r->freq, r->qual,
1294 r->noise, r->level, r->flags);
1296 pos = (u8 *) (r + 1);
1298 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len);
1300 if (r->beacon_ie_len)
1301 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs",
1302 pos, r->beacon_ie_len);
1304 #endif /* CONFIG_NO_STDOUT_DEBUG */
1308 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s,
1313 if (wpa_s->bssid_filter == NULL)
1316 for (i = 0; i < wpa_s->bssid_filter_count; i++) {
1317 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid,
1326 static void filter_scan_res(struct wpa_supplicant *wpa_s,
1327 struct wpa_scan_results *res)
1331 if (wpa_s->bssid_filter == NULL)
1334 for (i = 0, j = 0; i < res->num; i++) {
1335 if (wpa_supplicant_filter_bssid_match(wpa_s,
1336 res->res[i]->bssid)) {
1337 res->res[j++] = res->res[i];
1339 os_free(res->res[i]);
1344 if (res->num != j) {
1345 wpa_printf(MSG_DEBUG, "Filtered out %d scan results",
1346 (int) (res->num - j));
1353 * wpa_supplicant_get_scan_results - Get scan results
1354 * @wpa_s: Pointer to wpa_supplicant data
1355 * @info: Information about what was scanned or %NULL if not available
1356 * @new_scan: Whether a new scan was performed
1357 * Returns: Scan results, %NULL on failure
1359 * This function request the current scan results from the driver and updates
1360 * the local BSS list wpa_s->bss. The caller is responsible for freeing the
1361 * results with wpa_scan_results_free().
1363 struct wpa_scan_results *
1364 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
1365 struct scan_info *info, int new_scan)
1367 struct wpa_scan_results *scan_res;
1369 int (*compar)(const void *, const void *) = wpa_scan_result_compar;
1371 scan_res = wpa_drv_get_scan_results2(wpa_s);
1372 if (scan_res == NULL) {
1373 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results");
1376 filter_scan_res(wpa_s, scan_res);
1379 if (wpas_wps_in_progress(wpa_s)) {
1380 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS "
1381 "provisioning rules");
1382 compar = wpa_scan_result_wps_compar;
1384 #endif /* CONFIG_WPS */
1386 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *),
1388 dump_scan_res(scan_res);
1390 wpa_bss_update_start(wpa_s);
1391 for (i = 0; i < scan_res->num; i++)
1392 wpa_bss_update_scan_res(wpa_s, scan_res->res[i]);
1393 wpa_bss_update_end(wpa_s, info, new_scan);
1399 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s)
1401 struct wpa_scan_results *scan_res;
1402 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
1403 if (scan_res == NULL)
1405 wpa_scan_results_free(scan_res);