2 * WPA Supplicant - Scanning
3 * Copyright (c) 2003-2010, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
15 #include "utils/includes.h"
17 #include "utils/common.h"
18 #include "utils/eloop.h"
19 #include "common/ieee802_11_defs.h"
21 #include "wpa_supplicant_i.h"
24 #include "wps_supplicant.h"
25 #include "p2p_supplicant.h"
32 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
34 struct wpa_ssid *ssid;
35 union wpa_event_data data;
37 ssid = wpa_supplicant_get_ssid(wpa_s);
41 if (wpa_s->current_ssid == NULL) {
42 wpa_s->current_ssid = ssid;
43 if (wpa_s->current_ssid != NULL)
44 wpas_notify_network_changed(wpa_s);
46 wpa_supplicant_initiate_eapol(wpa_s);
47 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured "
48 "network - generating associated event");
49 os_memset(&data, 0, sizeof(data));
50 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
55 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s,
56 enum wps_request_type *req_type)
58 struct wpa_ssid *ssid;
61 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
62 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
66 *req_type = wpas_wps_get_req_type(ssid);
67 if (!ssid->eap.phase1)
70 if (os_strstr(ssid->eap.phase1, "pbc=1"))
75 wpa_s->wps->dev.p2p = 1;
78 *req_type = WPS_REQ_ENROLLEE_INFO;
80 #endif /* CONFIG_P2P */
84 #endif /* CONFIG_WPS */
87 int wpa_supplicant_enabled_networks(struct wpa_config *conf)
89 struct wpa_ssid *ssid = conf->ssid;
100 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s,
101 struct wpa_ssid *ssid)
109 /* ap_scan=2 mode - try to associate with each SSID. */
111 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached "
112 "end of scan list - go back to beginning");
113 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
114 wpa_supplicant_req_scan(wpa_s, 0, 0);
118 /* Continue from the next SSID on the next attempt. */
119 wpa_s->prev_scan_ssid = ssid;
121 /* Start from the beginning of the SSID list. */
122 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
124 wpa_supplicant_associate(wpa_s, NULL, ssid);
128 static int int_array_len(const int *a)
131 for (i = 0; a && a[i]; i++)
137 static void int_array_concat(int **res, const int *a)
142 reslen = int_array_len(*res);
143 alen = int_array_len(a);
145 n = os_realloc(*res, (reslen + alen + 1) * sizeof(int));
151 for (i = 0; i <= alen; i++)
152 n[reslen + i] = a[i];
157 static int freq_cmp(const void *a, const void *b)
170 static void int_array_sort_unique(int *a)
178 alen = int_array_len(a);
179 qsort(a, alen, sizeof(int), freq_cmp);
183 while (a[i] && a[j]) {
196 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
197 struct wpa_driver_scan_params *params)
201 wpa_supplicant_notify_scanning(wpa_s, 1);
203 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
204 ret = ieee80211_sta_req_scan(wpa_s, params);
206 ret = wpa_drv_scan(wpa_s, params);
209 wpa_supplicant_notify_scanning(wpa_s, 0);
210 wpas_notify_scan_done(wpa_s, 0);
219 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
221 struct wpa_supplicant *wpa_s = eloop_ctx;
223 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it");
225 wpa_s->sched_scan_timed_out = 1;
226 wpa_supplicant_cancel_sched_scan(wpa_s);
231 wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s,
232 struct wpa_driver_scan_params *params,
237 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
240 wpa_supplicant_notify_scanning(wpa_s, 1);
241 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000);
243 wpa_supplicant_notify_scanning(wpa_s, 0);
245 wpa_s->sched_scanning = 1;
251 static int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s)
255 ret = wpa_drv_stop_sched_scan(wpa_s);
257 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!");
258 /* TODO: what to do if stopping fails? */
266 static struct wpa_driver_scan_filter *
267 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids)
269 struct wpa_driver_scan_filter *ssids;
270 struct wpa_ssid *ssid;
274 if (!conf->filter_ssids)
277 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) {
278 if (ssid->ssid && ssid->ssid_len)
283 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter));
287 for (ssid = conf->ssid; ssid; ssid = ssid->next) {
288 if (!ssid->ssid || !ssid->ssid_len)
290 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len);
291 ssids[*num_ssids].ssid_len = ssid->ssid_len;
299 static void wpa_supplicant_optimize_freqs(
300 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params)
303 if (params->freqs == NULL && wpa_s->p2p_in_provisioning &&
305 /* Optimize provisioning state scan based on GO information */
306 if (wpa_s->p2p_in_provisioning < 5 &&
307 wpa_s->go_params->freq > 0) {
308 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO "
309 "preferred frequency %d MHz",
310 wpa_s->go_params->freq);
311 params->freqs = os_zalloc(2 * sizeof(int));
313 params->freqs[0] = wpa_s->go_params->freq;
314 } else if (wpa_s->p2p_in_provisioning < 8 &&
315 wpa_s->go_params->freq_list[0]) {
316 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common "
318 int_array_concat(¶ms->freqs,
319 wpa_s->go_params->freq_list);
321 int_array_sort_unique(params->freqs);
323 wpa_s->p2p_in_provisioning++;
325 #endif /* CONFIG_P2P */
328 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) {
330 * Optimize post-provisioning scan based on channel used
331 * during provisioning.
333 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz "
334 "that was used during provisioning", wpa_s->wps_freq);
335 params->freqs = os_zalloc(2 * sizeof(int));
337 params->freqs[0] = wpa_s->wps_freq;
341 #endif /* CONFIG_WPS */
345 static struct wpabuf *
346 wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s,
347 struct wpa_driver_scan_params *params)
349 struct wpabuf *wps_ie = NULL;
352 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
354 wps = wpas_wps_in_use(wpa_s, &req_type);
357 wps_ie = wps_build_probe_req_ie(wps == 2, &wpa_s->wps->dev,
358 wpa_s->wps->uuid, req_type,
361 params->extra_ies = wpabuf_head(wps_ie);
362 params->extra_ies_len = wpabuf_len(wps_ie);
368 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
369 if (wpabuf_resize(&wps_ie, ielen) == 0) {
370 wpas_p2p_scan_ie(wpa_s, wps_ie);
371 params->extra_ies = wpabuf_head(wps_ie);
372 params->extra_ies_len = wpabuf_len(wps_ie);
375 #endif /* CONFIG_P2P */
377 #endif /* CONFIG_WPS */
383 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
385 struct wpa_supplicant *wpa_s = eloop_ctx;
386 struct wpa_ssid *ssid;
387 int scan_req = 0, ret;
388 struct wpabuf *wps_ie;
389 struct wpa_driver_scan_params params;
391 enum wpa_states prev_state;
393 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
394 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled");
398 if (wpa_s->disconnected && !wpa_s->scan_req) {
399 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
403 if (!wpa_supplicant_enabled_networks(wpa_s->conf) &&
405 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan");
406 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
410 if (wpa_s->conf->ap_scan != 0 &&
411 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) {
412 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - "
413 "overriding ap_scan configuration");
414 wpa_s->conf->ap_scan = 0;
415 wpas_notify_ap_scan_changed(wpa_s);
418 if (wpa_s->conf->ap_scan == 0) {
419 wpa_supplicant_gen_assoc_event(wpa_s);
424 if (wpas_p2p_in_progress(wpa_s)) {
425 if (wpa_s->wpa_state == WPA_SCANNING) {
426 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan "
427 "while P2P operation is in progress");
428 wpa_supplicant_req_scan(wpa_s, 5, 0);
430 wpa_dbg(wpa_s, MSG_DEBUG, "Do not request scan while "
431 "P2P operation is in progress");
435 #endif /* CONFIG_P2P */
437 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) ||
438 wpa_s->conf->ap_scan == 2)
441 max_ssids = wpa_s->max_scan_ssids;
442 if (max_ssids > WPAS_MAX_SCAN_SSIDS)
443 max_ssids = WPAS_MAX_SCAN_SSIDS;
446 scan_req = wpa_s->scan_req;
449 os_memset(¶ms, 0, sizeof(params));
451 prev_state = wpa_s->wpa_state;
452 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
453 wpa_s->wpa_state == WPA_INACTIVE)
454 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
456 if (scan_req != 2 && wpa_s->connect_without_scan) {
457 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
458 if (ssid == wpa_s->connect_without_scan)
461 wpa_s->connect_without_scan = NULL;
463 wpa_printf(MSG_DEBUG, "Start a pre-selected network "
464 "without scan step");
465 wpa_supplicant_associate(wpa_s, NULL, ssid);
470 /* Find the starting point from which to continue scanning */
471 ssid = wpa_s->conf->ssid;
472 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) {
474 if (ssid == wpa_s->prev_scan_ssid) {
482 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
483 wpa_s->connect_without_scan = NULL;
484 wpa_supplicant_assoc_try(wpa_s, ssid);
486 } else if (wpa_s->conf->ap_scan == 2) {
488 * User-initiated scan request in ap_scan == 2; scan with
493 struct wpa_ssid *start = ssid, *tssid;
495 if (ssid == NULL && max_ssids > 1)
496 ssid = wpa_s->conf->ssid;
498 if (!ssid->disabled && ssid->scan_ssid) {
499 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
500 ssid->ssid, ssid->ssid_len);
501 params.ssids[params.num_ssids].ssid =
503 params.ssids[params.num_ssids].ssid_len =
506 if (params.num_ssids + 1 >= max_ssids)
512 if (ssid == NULL && max_ssids > 1 &&
513 start != wpa_s->conf->ssid)
514 ssid = wpa_s->conf->ssid;
517 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) {
520 if ((params.freqs || !freqs_set) && tssid->scan_freq) {
521 int_array_concat(¶ms.freqs,
524 os_free(params.freqs);
529 int_array_sort_unique(params.freqs);
533 wpa_s->prev_scan_ssid = ssid;
535 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in "
539 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for specific "
542 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
544 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard "
548 wpa_supplicant_optimize_freqs(wpa_s, ¶ms);
549 wps_ie = wpa_supplicant_extra_ies(wpa_s, ¶ms);
551 if (params.freqs == NULL && wpa_s->next_scan_freqs) {
552 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously "
553 "generated frequency list");
554 params.freqs = wpa_s->next_scan_freqs;
556 os_free(wpa_s->next_scan_freqs);
557 wpa_s->next_scan_freqs = NULL;
559 params.filter_ssids = wpa_supplicant_build_filter_ssids(
560 wpa_s->conf, ¶ms.num_filter_ssids);
562 ret = wpa_supplicant_trigger_scan(wpa_s, ¶ms);
565 os_free(params.freqs);
566 os_free(params.filter_ssids);
569 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan");
570 if (prev_state != wpa_s->wpa_state)
571 wpa_supplicant_set_state(wpa_s, prev_state);
572 wpa_supplicant_req_scan(wpa_s, 1, 0);
578 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
579 * @wpa_s: Pointer to wpa_supplicant data
580 * @sec: Number of seconds after which to scan
581 * @usec: Number of microseconds after which to scan
583 * This function is used to schedule a scan for neighboring access points after
584 * the specified time.
586 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
588 /* If there's at least one network that should be specifically scanned
589 * then don't cancel the scan and reschedule. Some drivers do
590 * background scanning which generates frequent scan results, and that
591 * causes the specific SSID scan to get continually pushed back and
592 * never happen, which causes hidden APs to never get probe-scanned.
594 if (eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL) &&
595 wpa_s->conf->ap_scan == 1) {
596 struct wpa_ssid *ssid = wpa_s->conf->ssid;
599 if (!ssid->disabled && ssid->scan_ssid)
604 wpa_dbg(wpa_s, MSG_DEBUG, "Not rescheduling scan to "
605 "ensure that specific SSID scans occur");
610 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
612 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
613 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
618 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan
619 * @wpa_s: Pointer to wpa_supplicant data
621 * This function is used to schedule periodic scans for neighboring
622 * access points repeating the scan continuously.
624 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s)
626 struct wpa_driver_scan_params params;
627 enum wpa_states prev_state;
628 struct wpa_ssid *ssid;
629 struct wpabuf *wps_ie = NULL;
631 int use_wildcard = 0;
632 unsigned int max_sched_scan_ssids;
634 if (!wpa_s->sched_scan_supported)
637 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS)
638 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS;
640 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids;
642 if (wpa_s->sched_scanning)
645 os_memset(¶ms, 0, sizeof(params));
647 prev_state = wpa_s->wpa_state;
648 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
649 wpa_s->wpa_state == WPA_INACTIVE)
650 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
652 /* Find the starting point from which to continue scanning */
653 ssid = wpa_s->conf->ssid;
654 if (wpa_s->prev_sched_ssid) {
656 if (ssid == wpa_s->prev_sched_ssid) {
664 if (!ssid || !wpa_s->prev_sched_ssid) {
665 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list");
667 wpa_s->sched_scan_interval = 2;
668 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
669 wpa_s->first_sched_scan = 1;
670 ssid = wpa_s->conf->ssid;
671 wpa_s->prev_sched_ssid = ssid;
675 if (ssid->disabled) {
676 wpa_s->prev_sched_ssid = ssid;
681 if (!ssid->scan_ssid)
684 params.ssids[params.num_ssids].ssid =
686 params.ssids[params.num_ssids].ssid_len =
689 if (params.num_ssids + 1 >= max_sched_scan_ssids) {
690 wpa_s->prev_sched_ssid = ssid;
694 wpa_s->prev_sched_ssid = ssid;
698 if (ssid || use_wildcard) {
699 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in "
700 "the sched scan request");
703 wpa_dbg(wpa_s, MSG_DEBUG, "ssid %p - list ended", ssid);
706 if (!params.num_ssids)
710 wps_ie = wpa_supplicant_extra_ies(wpa_s, ¶ms);
712 wpa_dbg(wpa_s, MSG_DEBUG,
713 "Starting sched scan: interval %d timeout %d",
714 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout);
716 ret = wpa_supplicant_start_sched_scan(wpa_s, ¶ms,
717 wpa_s->sched_scan_interval);
720 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan");
721 if (prev_state != wpa_s->wpa_state)
722 wpa_supplicant_set_state(wpa_s, prev_state);
726 /* If we have more SSIDs to scan, add a timeout so we scan them too */
727 if (ssid || !wpa_s->first_sched_scan) {
728 wpa_s->sched_scan_timed_out = 0;
729 eloop_register_timeout(wpa_s->sched_scan_timeout, 0,
730 wpa_supplicant_sched_scan_timeout,
732 wpa_s->first_sched_scan = 0;
733 wpa_s->sched_scan_timeout /= 2;
734 wpa_s->sched_scan_interval *= 2;
742 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
743 * @wpa_s: Pointer to wpa_supplicant data
745 * This function is used to cancel a scan request scheduled with
746 * wpa_supplicant_req_scan().
748 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
750 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request");
751 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
756 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans
757 * @wpa_s: Pointer to wpa_supplicant data
759 * This function is used to stop a periodic scheduled scan.
761 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s)
763 if (!wpa_s->sched_scanning)
766 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan");
767 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL);
768 wpa_supplicant_stop_sched_scan(wpa_s);
772 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
775 if (wpa_s->scanning != scanning) {
776 wpa_s->scanning = scanning;
777 wpas_notify_scanning(wpa_s);
782 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res)
788 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES);
789 for (i = 0; ie && i < ie[1]; i++) {
790 if ((ie[i + 2] & 0x7f) > rate)
791 rate = ie[i + 2] & 0x7f;
794 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES);
795 for (i = 0; ie && i < ie[1]; i++) {
796 if ((ie[i + 2] & 0x7f) > rate)
797 rate = ie[i + 2] & 0x7f;
804 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
808 pos = (const u8 *) (res + 1);
809 end = pos + res->ie_len;
811 while (pos + 1 < end) {
812 if (pos + 2 + pos[1] > end)
823 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
828 pos = (const u8 *) (res + 1);
829 end = pos + res->ie_len;
831 while (pos + 1 < end) {
832 if (pos + 2 + pos[1] > end)
834 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
835 vendor_type == WPA_GET_BE32(&pos[2]))
844 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res,
850 buf = wpabuf_alloc(res->ie_len);
854 pos = (const u8 *) (res + 1);
855 end = pos + res->ie_len;
857 while (pos + 1 < end) {
858 if (pos + 2 + pos[1] > end)
860 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
861 vendor_type == WPA_GET_BE32(&pos[2]))
862 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
866 if (wpabuf_len(buf) == 0) {
875 struct wpabuf * wpa_scan_get_vendor_ie_multi_beacon(
876 const struct wpa_scan_res *res, u32 vendor_type)
881 if (res->beacon_ie_len == 0)
883 buf = wpabuf_alloc(res->beacon_ie_len);
887 pos = (const u8 *) (res + 1);
889 end = pos + res->beacon_ie_len;
891 while (pos + 1 < end) {
892 if (pos + 2 + pos[1] > end)
894 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
895 vendor_type == WPA_GET_BE32(&pos[2]))
896 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
900 if (wpabuf_len(buf) == 0) {
909 /* Compare function for sorting scan results. Return >0 if @b is considered
911 static int wpa_scan_result_compar(const void *a, const void *b)
913 struct wpa_scan_res **_wa = (void *) a;
914 struct wpa_scan_res **_wb = (void *) b;
915 struct wpa_scan_res *wa = *_wa;
916 struct wpa_scan_res *wb = *_wb;
917 int wpa_a, wpa_b, maxrate_a, maxrate_b;
919 /* WPA/WPA2 support preferred */
920 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL ||
921 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL;
922 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL ||
923 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL;
930 /* privacy support preferred */
931 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
932 (wb->caps & IEEE80211_CAP_PRIVACY))
934 if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
935 (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
938 /* best/max rate preferred if signal level close enough XXX */
939 if ((wa->level && wb->level && abs(wb->level - wa->level) < 5) ||
940 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {
941 maxrate_a = wpa_scan_get_max_rate(wa);
942 maxrate_b = wpa_scan_get_max_rate(wb);
943 if (maxrate_a != maxrate_b)
944 return maxrate_b - maxrate_a;
947 /* use freq for channel preference */
949 /* all things being equal, use signal level; if signal levels are
950 * identical, use quality values since some drivers may only report
951 * that value and leave the signal level zero */
952 if (wb->level == wa->level)
953 return wb->qual - wa->qual;
954 return wb->level - wa->level;
959 /* Compare function for sorting scan results when searching a WPS AP for
960 * provisioning. Return >0 if @b is considered better. */
961 static int wpa_scan_result_wps_compar(const void *a, const void *b)
963 struct wpa_scan_res **_wa = (void *) a;
964 struct wpa_scan_res **_wb = (void *) b;
965 struct wpa_scan_res *wa = *_wa;
966 struct wpa_scan_res *wb = *_wb;
967 int uses_wps_a, uses_wps_b;
968 struct wpabuf *wps_a, *wps_b;
971 /* Optimization - check WPS IE existence before allocated memory and
972 * doing full reassembly. */
973 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL;
974 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL;
975 if (uses_wps_a && !uses_wps_b)
977 if (!uses_wps_a && uses_wps_b)
980 if (uses_wps_a && uses_wps_b) {
981 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE);
982 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE);
983 res = wps_ap_priority_compar(wps_a, wps_b);
991 * Do not use current AP security policy as a sorting criteria during
992 * WPS provisioning step since the AP may get reconfigured at the
993 * completion of provisioning.
996 /* all things being equal, use signal level; if signal levels are
997 * identical, use quality values since some drivers may only report
998 * that value and leave the signal level zero */
999 if (wb->level == wa->level)
1000 return wb->qual - wa->qual;
1001 return wb->level - wa->level;
1003 #endif /* CONFIG_WPS */
1007 * wpa_supplicant_get_scan_results - Get scan results
1008 * @wpa_s: Pointer to wpa_supplicant data
1009 * @info: Information about what was scanned or %NULL if not available
1010 * @new_scan: Whether a new scan was performed
1011 * Returns: Scan results, %NULL on failure
1013 * This function request the current scan results from the driver and updates
1014 * the local BSS list wpa_s->bss. The caller is responsible for freeing the
1015 * results with wpa_scan_results_free().
1017 struct wpa_scan_results *
1018 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
1019 struct scan_info *info, int new_scan)
1021 struct wpa_scan_results *scan_res;
1023 int (*compar)(const void *, const void *) = wpa_scan_result_compar;
1025 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
1026 scan_res = ieee80211_sta_get_scan_results(wpa_s);
1028 scan_res = wpa_drv_get_scan_results2(wpa_s);
1029 if (scan_res == NULL) {
1030 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results");
1035 if (wpas_wps_in_progress(wpa_s)) {
1036 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS "
1037 "provisioning rules");
1038 compar = wpa_scan_result_wps_compar;
1040 #endif /* CONFIG_WPS */
1042 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *),
1045 wpa_bss_update_start(wpa_s);
1046 for (i = 0; i < scan_res->num; i++)
1047 wpa_bss_update_scan_res(wpa_s, scan_res->res[i]);
1048 wpa_bss_update_end(wpa_s, info, new_scan);
1054 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s)
1056 struct wpa_scan_results *scan_res;
1057 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
1058 if (scan_res == NULL)
1060 wpa_scan_results_free(scan_res);
1066 void wpa_scan_results_free(struct wpa_scan_results *res)
1073 for (i = 0; i < res->num; i++)
1074 os_free(res->res[i]);