2 * WPA Supplicant - Scanning
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "common/wpa_ctrl.h"
16 #include "wpa_supplicant_i.h"
18 #include "wps_supplicant.h"
19 #include "p2p_supplicant.h"
21 #include "hs20_supplicant.h"
24 #include "gas_query.h"
28 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
30 struct wpa_ssid *ssid;
31 union wpa_event_data data;
33 ssid = wpa_supplicant_get_ssid(wpa_s);
37 if (wpa_s->current_ssid == NULL) {
38 wpa_s->current_ssid = ssid;
39 if (wpa_s->current_ssid != NULL)
40 wpas_notify_network_changed(wpa_s);
42 wpa_supplicant_initiate_eapol(wpa_s);
43 wpa_dbg(wpa_s, MSG_DEBUG, "Already associated with a configured "
44 "network - generating associated event");
45 os_memset(&data, 0, sizeof(data));
46 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
51 static int wpas_wps_in_use(struct wpa_supplicant *wpa_s,
52 enum wps_request_type *req_type)
54 struct wpa_ssid *ssid;
57 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
58 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
62 *req_type = wpas_wps_get_req_type(ssid);
63 if (!ssid->eap.phase1)
66 if (os_strstr(ssid->eap.phase1, "pbc=1"))
71 if (!wpa_s->global->p2p_disabled && wpa_s->global->p2p &&
72 !wpa_s->conf->p2p_disabled) {
73 wpa_s->wps->dev.p2p = 1;
76 *req_type = WPS_REQ_ENROLLEE_INFO;
79 #endif /* CONFIG_P2P */
83 #endif /* CONFIG_WPS */
87 * wpa_supplicant_enabled_networks - Check whether there are enabled networks
88 * @wpa_s: Pointer to wpa_supplicant data
89 * Returns: 0 if no networks are enabled, >0 if networks are enabled
91 * This function is used to figure out whether any networks (or Interworking
92 * with enabled credentials and auto_interworking) are present in the current
95 int wpa_supplicant_enabled_networks(struct wpa_supplicant *wpa_s)
97 struct wpa_ssid *ssid = wpa_s->conf->ssid;
98 int count = 0, disabled = 0;
100 if (!wpas_network_disabled(wpa_s, ssid))
106 if (wpa_s->conf->cred && wpa_s->conf->interworking &&
107 wpa_s->conf->auto_interworking)
109 if (count == 0 && disabled > 0) {
110 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks (%d disabled "
111 "networks)", disabled);
117 static void wpa_supplicant_assoc_try(struct wpa_supplicant *wpa_s,
118 struct wpa_ssid *ssid)
121 if (!wpas_network_disabled(wpa_s, ssid))
126 /* ap_scan=2 mode - try to associate with each SSID. */
128 wpa_dbg(wpa_s, MSG_DEBUG, "wpa_supplicant_assoc_try: Reached "
129 "end of scan list - go back to beginning");
130 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
131 wpa_supplicant_req_scan(wpa_s, 0, 0);
135 /* Continue from the next SSID on the next attempt. */
136 wpa_s->prev_scan_ssid = ssid;
138 /* Start from the beginning of the SSID list. */
139 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
141 wpa_supplicant_associate(wpa_s, NULL, ssid);
146 * wpa_supplicant_trigger_scan - Request driver to start a scan
147 * @wpa_s: Pointer to wpa_supplicant data
148 * @params: Scan parameters
149 * Returns: 0 on success, -1 on failure
151 int wpa_supplicant_trigger_scan(struct wpa_supplicant *wpa_s,
152 struct wpa_driver_scan_params *params)
156 wpa_supplicant_notify_scanning(wpa_s, 1);
158 ret = wpa_drv_scan(wpa_s, params);
160 wpa_supplicant_notify_scanning(wpa_s, 0);
161 wpas_notify_scan_done(wpa_s, 0);
163 os_get_reltime(&wpa_s->scan_trigger_time);
165 wpa_s->normal_scans++;
166 wpa_s->own_scan_requested = 1;
174 wpa_supplicant_delayed_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
176 struct wpa_supplicant *wpa_s = eloop_ctx;
178 wpa_dbg(wpa_s, MSG_DEBUG, "Starting delayed sched scan");
180 if (wpa_supplicant_req_sched_scan(wpa_s))
181 wpa_supplicant_req_scan(wpa_s, 0, 0);
186 wpa_supplicant_sched_scan_timeout(void *eloop_ctx, void *timeout_ctx)
188 struct wpa_supplicant *wpa_s = eloop_ctx;
190 wpa_dbg(wpa_s, MSG_DEBUG, "Sched scan timeout - stopping it");
192 wpa_s->sched_scan_timed_out = 1;
193 wpa_supplicant_cancel_sched_scan(wpa_s);
197 int wpa_supplicant_start_sched_scan(struct wpa_supplicant *wpa_s,
198 struct wpa_driver_scan_params *params,
203 wpa_supplicant_notify_scanning(wpa_s, 1);
204 ret = wpa_drv_sched_scan(wpa_s, params, interval * 1000);
206 wpa_supplicant_notify_scanning(wpa_s, 0);
208 wpa_s->sched_scanning = 1;
214 int wpa_supplicant_stop_sched_scan(struct wpa_supplicant *wpa_s)
218 ret = wpa_drv_stop_sched_scan(wpa_s);
220 wpa_dbg(wpa_s, MSG_DEBUG, "stopping sched_scan failed!");
221 /* TODO: what to do if stopping fails? */
229 static struct wpa_driver_scan_filter *
230 wpa_supplicant_build_filter_ssids(struct wpa_config *conf, size_t *num_ssids)
232 struct wpa_driver_scan_filter *ssids;
233 struct wpa_ssid *ssid;
237 if (!conf->filter_ssids)
240 for (count = 0, ssid = conf->ssid; ssid; ssid = ssid->next) {
241 if (ssid->ssid && ssid->ssid_len)
246 ssids = os_zalloc(count * sizeof(struct wpa_driver_scan_filter));
250 for (ssid = conf->ssid; ssid; ssid = ssid->next) {
251 if (!ssid->ssid || !ssid->ssid_len)
253 os_memcpy(ssids[*num_ssids].ssid, ssid->ssid, ssid->ssid_len);
254 ssids[*num_ssids].ssid_len = ssid->ssid_len;
262 static void wpa_supplicant_optimize_freqs(
263 struct wpa_supplicant *wpa_s, struct wpa_driver_scan_params *params)
266 if (params->freqs == NULL && wpa_s->p2p_in_provisioning &&
268 /* Optimize provisioning state scan based on GO information */
269 if (wpa_s->p2p_in_provisioning < 5 &&
270 wpa_s->go_params->freq > 0) {
271 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only GO "
272 "preferred frequency %d MHz",
273 wpa_s->go_params->freq);
274 params->freqs = os_zalloc(2 * sizeof(int));
276 params->freqs[0] = wpa_s->go_params->freq;
277 } else if (wpa_s->p2p_in_provisioning < 8 &&
278 wpa_s->go_params->freq_list[0]) {
279 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: Scan only common "
281 int_array_concat(¶ms->freqs,
282 wpa_s->go_params->freq_list);
284 int_array_sort_unique(params->freqs);
286 wpa_s->p2p_in_provisioning++;
288 #endif /* CONFIG_P2P */
291 if (params->freqs == NULL && wpa_s->after_wps && wpa_s->wps_freq) {
293 * Optimize post-provisioning scan based on channel used
294 * during provisioning.
296 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz "
297 "that was used during provisioning", wpa_s->wps_freq);
298 params->freqs = os_zalloc(2 * sizeof(int));
300 params->freqs[0] = wpa_s->wps_freq;
302 } else if (wpa_s->after_wps)
305 if (params->freqs == NULL && wpa_s->known_wps_freq && wpa_s->wps_freq)
307 /* Optimize provisioning scan based on already known channel */
308 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Scan only frequency %u MHz",
310 params->freqs = os_zalloc(2 * sizeof(int));
312 params->freqs[0] = wpa_s->wps_freq;
313 wpa_s->known_wps_freq = 0; /* only do this once */
315 #endif /* CONFIG_WPS */
319 #ifdef CONFIG_INTERWORKING
320 static void wpas_add_interworking_elements(struct wpa_supplicant *wpa_s,
323 if (wpa_s->conf->interworking == 0)
326 wpabuf_put_u8(buf, WLAN_EID_EXT_CAPAB);
327 wpabuf_put_u8(buf, 4);
328 wpabuf_put_u8(buf, 0x00);
329 wpabuf_put_u8(buf, 0x00);
330 wpabuf_put_u8(buf, 0x00);
331 wpabuf_put_u8(buf, 0x80); /* Bit 31 - Interworking */
333 wpabuf_put_u8(buf, WLAN_EID_INTERWORKING);
334 wpabuf_put_u8(buf, is_zero_ether_addr(wpa_s->conf->hessid) ? 1 :
336 wpabuf_put_u8(buf, wpa_s->conf->access_network_type);
338 if (!is_zero_ether_addr(wpa_s->conf->hessid))
339 wpabuf_put_data(buf, wpa_s->conf->hessid, ETH_ALEN);
341 #endif /* CONFIG_INTERWORKING */
344 static struct wpabuf * wpa_supplicant_extra_ies(struct wpa_supplicant *wpa_s)
346 struct wpabuf *extra_ie = NULL;
349 enum wps_request_type req_type = WPS_REQ_ENROLLEE_INFO;
350 #endif /* CONFIG_WPS */
352 #ifdef CONFIG_INTERWORKING
353 if (wpa_s->conf->interworking &&
354 wpabuf_resize(&extra_ie, 100) == 0)
355 wpas_add_interworking_elements(wpa_s, extra_ie);
356 #endif /* CONFIG_INTERWORKING */
359 wps = wpas_wps_in_use(wpa_s, &req_type);
362 struct wpabuf *wps_ie;
363 wps_ie = wps_build_probe_req_ie(wps == 2 ? DEV_PW_PUSHBUTTON :
366 wpa_s->wps->uuid, req_type,
369 if (wpabuf_resize(&extra_ie, wpabuf_len(wps_ie)) == 0)
370 wpabuf_put_buf(extra_ie, wps_ie);
377 size_t ielen = p2p_scan_ie_buf_len(wpa_s->global->p2p);
378 if (wpabuf_resize(&extra_ie, ielen) == 0)
379 wpas_p2p_scan_ie(wpa_s, extra_ie);
381 #endif /* CONFIG_P2P */
383 #endif /* CONFIG_WPS */
386 if (wpa_s->conf->hs20 && wpabuf_resize(&extra_ie, 7) == 0)
387 wpas_hs20_add_indication(extra_ie);
388 #endif /* CONFIG_HS20 */
397 * Check whether there are any enabled networks or credentials that could be
398 * used for a non-P2P connection.
400 static int non_p2p_network_enabled(struct wpa_supplicant *wpa_s)
402 struct wpa_ssid *ssid;
404 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
405 if (wpas_network_disabled(wpa_s, ssid))
407 if (!ssid->p2p_group)
411 if (wpa_s->conf->cred && wpa_s->conf->interworking &&
412 wpa_s->conf->auto_interworking)
418 #endif /* CONFIG_P2P */
421 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
423 enum hostapd_hw_mode mode)
427 for (i = 0; i < num_modes; i++) {
428 if (modes[i].mode == mode)
436 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s,
437 enum hostapd_hw_mode band,
438 struct wpa_driver_scan_params *params)
440 /* Include only supported channels for the specified band */
441 struct hostapd_hw_modes *mode;
444 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band);
446 /* No channels supported in this band - use empty list */
447 params->freqs = os_zalloc(sizeof(int));
451 params->freqs = os_zalloc((mode->num_channels + 1) * sizeof(int));
452 if (params->freqs == NULL)
454 for (count = 0, i = 0; i < mode->num_channels; i++) {
455 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
457 params->freqs[count++] = mode->channels[i].freq;
462 static void wpa_setband_scan_freqs(struct wpa_supplicant *wpa_s,
463 struct wpa_driver_scan_params *params)
465 if (wpa_s->hw.modes == NULL)
466 return; /* unknown what channels the driver supports */
468 return; /* already using a limited channel set */
469 if (wpa_s->setband == WPA_SETBAND_5G)
470 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211A,
472 else if (wpa_s->setband == WPA_SETBAND_2G)
473 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G,
478 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
480 struct wpa_supplicant *wpa_s = eloop_ctx;
481 struct wpa_ssid *ssid;
483 struct wpabuf *extra_ie = NULL;
484 struct wpa_driver_scan_params params;
485 struct wpa_driver_scan_params *scan_params;
487 enum wpa_states prev_state;
489 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
490 wpa_dbg(wpa_s, MSG_DEBUG, "Skip scan - interface disabled");
491 wpas_p2p_continue_after_scan(wpa_s);
495 if (wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ) {
496 wpa_dbg(wpa_s, MSG_DEBUG, "Disconnected - do not scan");
497 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
498 wpas_p2p_continue_after_scan(wpa_s);
502 if (wpa_s->scanning) {
504 * If we are already in scanning state, we shall reschedule the
505 * the incoming scan request.
507 wpa_dbg(wpa_s, MSG_DEBUG, "Already scanning - Reschedule the incoming scan req");
508 wpa_supplicant_req_scan(wpa_s, 1, 0);
512 if (wpa_s->external_scan_running) {
513 struct os_reltime now, diff;
514 os_get_reltime(&now);
515 os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
517 wpa_dbg(wpa_s, MSG_DEBUG, "Externally triggered scan running - Reschedule the incoming scan req");
518 wpa_supplicant_req_scan(wpa_s, 1, 0);
523 if (!wpa_supplicant_enabled_networks(wpa_s) &&
524 wpa_s->scan_req == NORMAL_SCAN_REQ) {
525 wpa_dbg(wpa_s, MSG_DEBUG, "No enabled networks - do not scan");
526 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
527 wpas_p2p_continue_after_scan(wpa_s);
531 if (wpa_s->conf->ap_scan != 0 &&
532 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) {
533 wpa_dbg(wpa_s, MSG_DEBUG, "Using wired authentication - "
534 "overriding ap_scan configuration");
535 wpa_s->conf->ap_scan = 0;
536 wpas_notify_ap_scan_changed(wpa_s);
539 if (wpa_s->conf->ap_scan == 0) {
540 wpa_supplicant_gen_assoc_event(wpa_s);
545 if (wpas_p2p_in_progress(wpa_s) || wpas_wpa_is_in_progress(wpa_s, 0)) {
546 if (wpa_s->sta_scan_pending &&
547 wpas_p2p_in_progress(wpa_s) == 2 &&
548 wpa_s->global->p2p_cb_on_scan_complete) {
549 wpa_dbg(wpa_s, MSG_DEBUG, "Process pending station "
550 "mode scan during P2P search");
552 wpa_dbg(wpa_s, MSG_DEBUG, "Delay station mode scan "
553 "while P2P operation is in progress");
554 wpa_s->sta_scan_pending = 1;
555 wpa_supplicant_req_scan(wpa_s, 5, 0);
559 #endif /* CONFIG_P2P */
562 if (gas_query_in_progress(wpa_s->gas)) {
563 wpa_dbg(wpa_s, MSG_DEBUG, "Delay scan while GAS query is in progress");
564 wpa_supplicant_req_scan(wpa_s, 1, 0);
567 #endif /* CONFIG_GAS */
569 if (wpa_s->conf->ap_scan == 2)
572 max_ssids = wpa_s->max_scan_ssids;
573 if (max_ssids > WPAS_MAX_SCAN_SSIDS)
574 max_ssids = WPAS_MAX_SCAN_SSIDS;
577 wpa_s->last_scan_req = wpa_s->scan_req;
578 wpa_s->scan_req = NORMAL_SCAN_REQ;
580 os_memset(¶ms, 0, sizeof(params));
582 prev_state = wpa_s->wpa_state;
583 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
584 wpa_s->wpa_state == WPA_INACTIVE)
585 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
588 * If autoscan has set its own scanning parameters
590 if (wpa_s->autoscan_params != NULL) {
591 scan_params = wpa_s->autoscan_params;
595 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ &&
596 wpa_s->connect_without_scan) {
597 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
598 if (ssid == wpa_s->connect_without_scan)
601 wpa_s->connect_without_scan = NULL;
603 wpa_printf(MSG_DEBUG, "Start a pre-selected network "
604 "without scan step");
605 wpa_supplicant_associate(wpa_s, NULL, ssid);
611 if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) &&
613 wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)",
614 wpa_s->p2p_in_provisioning,
615 wpa_s->show_group_started);
616 params.ssids[0].ssid = wpa_s->go_params->ssid;
617 params.ssids[0].ssid_len = wpa_s->go_params->ssid_len;
618 params.num_ssids = 1;
621 #endif /* CONFIG_P2P */
623 /* Find the starting point from which to continue scanning */
624 ssid = wpa_s->conf->ssid;
625 if (wpa_s->prev_scan_ssid != WILDCARD_SSID_SCAN) {
627 if (ssid == wpa_s->prev_scan_ssid) {
635 if (wpa_s->last_scan_req != MANUAL_SCAN_REQ &&
636 wpa_s->conf->ap_scan == 2) {
637 wpa_s->connect_without_scan = NULL;
638 wpa_s->prev_scan_wildcard = 0;
639 wpa_supplicant_assoc_try(wpa_s, ssid);
641 } else if (wpa_s->conf->ap_scan == 2) {
643 * User-initiated scan request in ap_scan == 2; scan with
648 struct wpa_ssid *start = ssid, *tssid;
650 if (ssid == NULL && max_ssids > 1)
651 ssid = wpa_s->conf->ssid;
653 if (!wpas_network_disabled(wpa_s, ssid) &&
655 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
656 ssid->ssid, ssid->ssid_len);
657 params.ssids[params.num_ssids].ssid =
659 params.ssids[params.num_ssids].ssid_len =
662 if (params.num_ssids + 1 >= max_ssids)
668 if (ssid == NULL && max_ssids > 1 &&
669 start != wpa_s->conf->ssid)
670 ssid = wpa_s->conf->ssid;
673 for (tssid = wpa_s->conf->ssid; tssid; tssid = tssid->next) {
674 if (wpas_network_disabled(wpa_s, tssid))
676 if ((params.freqs || !freqs_set) && tssid->scan_freq) {
677 int_array_concat(¶ms.freqs,
680 os_free(params.freqs);
685 int_array_sort_unique(params.freqs);
688 if (ssid && max_ssids == 1) {
690 * If the driver is limited to 1 SSID at a time interleave
691 * wildcard SSID scans with specific SSID scans to avoid
692 * waiting a long time for a wildcard scan.
694 if (!wpa_s->prev_scan_wildcard) {
695 params.ssids[0].ssid = NULL;
696 params.ssids[0].ssid_len = 0;
697 wpa_s->prev_scan_wildcard = 1;
698 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for "
699 "wildcard SSID (Interleave with specific)");
701 wpa_s->prev_scan_ssid = ssid;
702 wpa_s->prev_scan_wildcard = 0;
703 wpa_dbg(wpa_s, MSG_DEBUG,
704 "Starting AP scan for specific SSID: %s",
705 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
710 wpa_s->prev_scan_ssid = ssid;
711 wpa_dbg(wpa_s, MSG_DEBUG, "Include wildcard SSID in "
714 } else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
715 wpa_s->manual_scan_passive && params.num_ssids == 0) {
716 wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request");
718 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
720 wpa_dbg(wpa_s, MSG_DEBUG, "Starting AP scan for wildcard "
725 #endif /* CONFIG_P2P */
727 wpa_supplicant_optimize_freqs(wpa_s, ¶ms);
728 extra_ie = wpa_supplicant_extra_ies(wpa_s);
730 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs == NULL &&
731 wpa_s->manual_scan_freqs) {
732 wpa_dbg(wpa_s, MSG_DEBUG, "Limit manual scan to specified channels");
733 params.freqs = wpa_s->manual_scan_freqs;
734 wpa_s->manual_scan_freqs = NULL;
737 if (params.freqs == NULL && wpa_s->next_scan_freqs) {
738 wpa_dbg(wpa_s, MSG_DEBUG, "Optimize scan based on previously "
739 "generated frequency list");
740 params.freqs = wpa_s->next_scan_freqs;
742 os_free(wpa_s->next_scan_freqs);
743 wpa_s->next_scan_freqs = NULL;
744 wpa_setband_scan_freqs(wpa_s, ¶ms);
746 /* See if user specified frequencies. If so, scan only those. */
747 if (wpa_s->conf->freq_list && !params.freqs) {
748 wpa_dbg(wpa_s, MSG_DEBUG,
749 "Optimize scan based on conf->freq_list");
750 int_array_concat(¶ms.freqs, wpa_s->conf->freq_list);
753 /* Use current associated channel? */
754 if (wpa_s->conf->scan_cur_freq && !params.freqs) {
755 unsigned int num = wpa_s->num_multichan_concurrent;
757 params.freqs = os_calloc(num + 1, sizeof(int));
759 num = get_shared_radio_freqs(wpa_s, params.freqs, num);
761 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the "
762 "current operating channels since "
763 "scan_cur_freq is enabled");
765 os_free(params.freqs);
771 params.filter_ssids = wpa_supplicant_build_filter_ssids(
772 wpa_s->conf, ¶ms.num_filter_ssids);
774 params.extra_ies = wpabuf_head(extra_ie);
775 params.extra_ies_len = wpabuf_len(extra_ie);
779 if (wpa_s->p2p_in_provisioning ||
780 (wpa_s->show_group_started && wpa_s->go_params)) {
782 * The interface may not yet be in P2P mode, so we have to
783 * explicitly request P2P probe to disable CCK rates.
785 params.p2p_probe = 1;
787 #endif /* CONFIG_P2P */
789 scan_params = ¶ms;
794 * If the driver does not support multi-channel concurrency and a
795 * virtual interface that shares the same radio with the wpa_s interface
796 * is operating there may not be need to scan other channels apart from
797 * the current operating channel on the other virtual interface. Filter
798 * out other channels in case we are trying to find a connection for a
799 * station interface when we are not configured to prefer station
800 * connection and a concurrent operation is already in process.
802 if (wpa_s->scan_for_connection &&
803 wpa_s->last_scan_req == NORMAL_SCAN_REQ &&
804 !scan_params->freqs && !params.freqs &&
805 wpas_is_p2p_prioritized(wpa_s) &&
806 wpa_s->p2p_group_interface == NOT_P2P_GROUP_INTERFACE &&
807 non_p2p_network_enabled(wpa_s)) {
808 unsigned int num = wpa_s->num_multichan_concurrent;
810 params.freqs = os_calloc(num + 1, sizeof(int));
812 num = get_shared_radio_freqs(wpa_s, params.freqs, num);
813 if (num > 0 && num == wpa_s->num_multichan_concurrent) {
814 wpa_dbg(wpa_s, MSG_DEBUG, "Scan only the current operating channels since all channels are already used");
816 os_free(params.freqs);
821 #endif /* CONFIG_P2P */
823 ret = wpa_supplicant_trigger_scan(wpa_s, scan_params);
825 if (ret && wpa_s->last_scan_req == MANUAL_SCAN_REQ && params.freqs &&
826 !wpa_s->manual_scan_freqs) {
827 /* Restore manual_scan_freqs for the next attempt */
828 wpa_s->manual_scan_freqs = params.freqs;
832 wpabuf_free(extra_ie);
833 os_free(params.freqs);
834 os_free(params.filter_ssids);
837 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate AP scan");
838 if (prev_state != wpa_s->wpa_state)
839 wpa_supplicant_set_state(wpa_s, prev_state);
840 /* Restore scan_req since we will try to scan again */
841 wpa_s->scan_req = wpa_s->last_scan_req;
842 wpa_supplicant_req_scan(wpa_s, 1, 0);
844 wpa_s->scan_for_connection = 0;
849 void wpa_supplicant_update_scan_int(struct wpa_supplicant *wpa_s, int sec)
851 struct os_reltime remaining, new_int;
854 cancelled = eloop_cancel_timeout_one(wpa_supplicant_scan, wpa_s, NULL,
859 if (cancelled && os_reltime_before(&remaining, &new_int)) {
860 new_int.sec = remaining.sec;
861 new_int.usec = remaining.usec;
865 eloop_register_timeout(new_int.sec, new_int.usec,
866 wpa_supplicant_scan, wpa_s, NULL);
868 wpa_s->scan_interval = sec;
873 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
874 * @wpa_s: Pointer to wpa_supplicant data
875 * @sec: Number of seconds after which to scan
876 * @usec: Number of microseconds after which to scan
878 * This function is used to schedule a scan for neighboring access points after
879 * the specified time.
881 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
883 if (eloop_deplete_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL))
885 wpa_dbg(wpa_s, MSG_DEBUG, "Rescheduling scan request: %d sec %d usec",
890 wpa_dbg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
892 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
893 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
898 * wpa_supplicant_delayed_sched_scan - Request a delayed scheduled scan
899 * @wpa_s: Pointer to wpa_supplicant data
900 * @sec: Number of seconds after which to scan
901 * @usec: Number of microseconds after which to scan
902 * Returns: 0 on success or -1 otherwise
904 * This function is used to schedule periodic scans for neighboring
905 * access points after the specified time.
907 int wpa_supplicant_delayed_sched_scan(struct wpa_supplicant *wpa_s,
910 if (!wpa_s->sched_scan_supported)
913 eloop_register_timeout(sec, usec,
914 wpa_supplicant_delayed_sched_scan_timeout,
922 * wpa_supplicant_req_sched_scan - Start a periodic scheduled scan
923 * @wpa_s: Pointer to wpa_supplicant data
924 * Returns: 0 is sched_scan was started or -1 otherwise
926 * This function is used to schedule periodic scans for neighboring
927 * access points repeating the scan continuously.
929 int wpa_supplicant_req_sched_scan(struct wpa_supplicant *wpa_s)
931 struct wpa_driver_scan_params params;
932 struct wpa_driver_scan_params *scan_params;
933 enum wpa_states prev_state;
934 struct wpa_ssid *ssid = NULL;
935 struct wpabuf *extra_ie = NULL;
937 unsigned int max_sched_scan_ssids;
941 if (!wpa_s->sched_scan_supported)
944 if (wpa_s->max_sched_scan_ssids > WPAS_MAX_SCAN_SSIDS)
945 max_sched_scan_ssids = WPAS_MAX_SCAN_SSIDS;
947 max_sched_scan_ssids = wpa_s->max_sched_scan_ssids;
948 if (max_sched_scan_ssids < 1 || wpa_s->conf->disable_scan_offload)
951 if (wpa_s->sched_scanning) {
952 wpa_dbg(wpa_s, MSG_DEBUG, "Already sched scanning");
957 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
958 if (!wpas_network_disabled(wpa_s, ssid) && !ssid->scan_ssid) {
959 /* Use wildcard SSID to find this network */
961 } else if (!wpas_network_disabled(wpa_s, ssid) &&
966 if (!wpas_network_disabled(wpa_s, ssid) &&
967 ssid->key_mgmt == WPA_KEY_MGMT_WPS) {
969 * Normal scan is more reliable and faster for WPS
970 * operations and since these are for short periods of
971 * time, the benefit of trying to use sched_scan would
974 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
975 "sched_scan for WPS");
978 #endif /* CONFIG_WPS */
983 if (wpa_s->normal_scans < 3 &&
984 (need_ssids <= wpa_s->max_scan_ssids ||
985 wpa_s->max_scan_ssids >= (int) max_sched_scan_ssids)) {
987 * When normal scan can speed up operations, use that for the
988 * first operations before starting the sched_scan to allow
989 * user space sleep more. We do this only if the normal scan
990 * has functionality that is suitable for this or if the
991 * sched_scan does not have better support for multiple SSIDs.
993 wpa_dbg(wpa_s, MSG_DEBUG, "Use normal scan instead of "
994 "sched_scan for initial scans (normal_scans=%d)",
995 wpa_s->normal_scans);
999 os_memset(¶ms, 0, sizeof(params));
1001 /* If we can't allocate space for the filters, we just don't filter */
1002 params.filter_ssids = os_zalloc(wpa_s->max_match_sets *
1003 sizeof(struct wpa_driver_scan_filter));
1005 prev_state = wpa_s->wpa_state;
1006 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
1007 wpa_s->wpa_state == WPA_INACTIVE)
1008 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
1010 if (wpa_s->autoscan_params != NULL) {
1011 scan_params = wpa_s->autoscan_params;
1015 /* Find the starting point from which to continue scanning */
1016 ssid = wpa_s->conf->ssid;
1017 if (wpa_s->prev_sched_ssid) {
1019 if (ssid == wpa_s->prev_sched_ssid) {
1027 if (!ssid || !wpa_s->prev_sched_ssid) {
1028 wpa_dbg(wpa_s, MSG_DEBUG, "Beginning of SSID list");
1029 if (wpa_s->conf->sched_scan_interval)
1030 wpa_s->sched_scan_interval =
1031 wpa_s->conf->sched_scan_interval;
1032 if (wpa_s->sched_scan_interval == 0)
1033 wpa_s->sched_scan_interval = 10;
1034 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
1035 wpa_s->first_sched_scan = 1;
1036 ssid = wpa_s->conf->ssid;
1037 wpa_s->prev_sched_ssid = ssid;
1041 wpa_dbg(wpa_s, MSG_DEBUG, "Add wildcard SSID to sched_scan");
1046 if (wpas_network_disabled(wpa_s, ssid))
1049 if (params.num_filter_ssids < wpa_s->max_match_sets &&
1050 params.filter_ssids && ssid->ssid && ssid->ssid_len) {
1051 wpa_dbg(wpa_s, MSG_DEBUG, "add to filter ssid: %s",
1052 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1053 os_memcpy(params.filter_ssids[params.num_filter_ssids].ssid,
1054 ssid->ssid, ssid->ssid_len);
1055 params.filter_ssids[params.num_filter_ssids].ssid_len =
1057 params.num_filter_ssids++;
1058 } else if (params.filter_ssids && ssid->ssid && ssid->ssid_len)
1060 wpa_dbg(wpa_s, MSG_DEBUG, "Not enough room for SSID "
1061 "filter for sched_scan - drop filter");
1062 os_free(params.filter_ssids);
1063 params.filter_ssids = NULL;
1064 params.num_filter_ssids = 0;
1067 if (ssid->scan_ssid && ssid->ssid && ssid->ssid_len) {
1068 if (params.num_ssids == max_sched_scan_ssids)
1069 break; /* only room for broadcast SSID */
1070 wpa_dbg(wpa_s, MSG_DEBUG,
1071 "add to active scan ssid: %s",
1072 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1073 params.ssids[params.num_ssids].ssid =
1075 params.ssids[params.num_ssids].ssid_len =
1078 if (params.num_ssids >= max_sched_scan_ssids) {
1079 wpa_s->prev_sched_ssid = ssid;
1083 (wpas_network_disabled(wpa_s, ssid) ||
1090 wpa_s->prev_sched_ssid = ssid;
1094 if (params.num_filter_ssids == 0) {
1095 os_free(params.filter_ssids);
1096 params.filter_ssids = NULL;
1099 extra_ie = wpa_supplicant_extra_ies(wpa_s);
1101 params.extra_ies = wpabuf_head(extra_ie);
1102 params.extra_ies_len = wpabuf_len(extra_ie);
1105 scan_params = ¶ms;
1108 if (ssid || !wpa_s->first_sched_scan) {
1109 wpa_dbg(wpa_s, MSG_DEBUG,
1110 "Starting sched scan: interval %d timeout %d",
1111 wpa_s->sched_scan_interval, wpa_s->sched_scan_timeout);
1113 wpa_dbg(wpa_s, MSG_DEBUG,
1114 "Starting sched scan: interval %d (no timeout)",
1115 wpa_s->sched_scan_interval);
1118 wpa_setband_scan_freqs(wpa_s, scan_params);
1120 ret = wpa_supplicant_start_sched_scan(wpa_s, scan_params,
1121 wpa_s->sched_scan_interval);
1122 wpabuf_free(extra_ie);
1123 os_free(params.filter_ssids);
1125 wpa_msg(wpa_s, MSG_WARNING, "Failed to initiate sched scan");
1126 if (prev_state != wpa_s->wpa_state)
1127 wpa_supplicant_set_state(wpa_s, prev_state);
1131 /* If we have more SSIDs to scan, add a timeout so we scan them too */
1132 if (ssid || !wpa_s->first_sched_scan) {
1133 wpa_s->sched_scan_timed_out = 0;
1134 eloop_register_timeout(wpa_s->sched_scan_timeout, 0,
1135 wpa_supplicant_sched_scan_timeout,
1137 wpa_s->first_sched_scan = 0;
1138 wpa_s->sched_scan_timeout /= 2;
1139 wpa_s->sched_scan_interval *= 2;
1140 if (wpa_s->sched_scan_timeout < wpa_s->sched_scan_interval) {
1141 wpa_s->sched_scan_interval = 10;
1142 wpa_s->sched_scan_timeout = max_sched_scan_ssids * 2;
1146 /* If there is no more ssids, start next time from the beginning */
1148 wpa_s->prev_sched_ssid = NULL;
1155 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
1156 * @wpa_s: Pointer to wpa_supplicant data
1158 * This function is used to cancel a scan request scheduled with
1159 * wpa_supplicant_req_scan().
1161 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
1163 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling scan request");
1164 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
1165 wpas_p2p_continue_after_scan(wpa_s);
1170 * wpa_supplicant_cancel_delayed_sched_scan - Stop a delayed scheduled scan
1171 * @wpa_s: Pointer to wpa_supplicant data
1173 * This function is used to stop a delayed scheduled scan.
1175 void wpa_supplicant_cancel_delayed_sched_scan(struct wpa_supplicant *wpa_s)
1177 if (!wpa_s->sched_scan_supported)
1180 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling delayed sched scan");
1181 eloop_cancel_timeout(wpa_supplicant_delayed_sched_scan_timeout,
1187 * wpa_supplicant_cancel_sched_scan - Stop running scheduled scans
1188 * @wpa_s: Pointer to wpa_supplicant data
1190 * This function is used to stop a periodic scheduled scan.
1192 void wpa_supplicant_cancel_sched_scan(struct wpa_supplicant *wpa_s)
1194 if (!wpa_s->sched_scanning)
1197 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling sched scan");
1198 eloop_cancel_timeout(wpa_supplicant_sched_scan_timeout, wpa_s, NULL);
1199 wpa_supplicant_stop_sched_scan(wpa_s);
1204 * wpa_supplicant_notify_scanning - Indicate possible scan state change
1205 * @wpa_s: Pointer to wpa_supplicant data
1206 * @scanning: Whether scanning is currently in progress
1208 * This function is to generate scanning notifycations. It is called whenever
1209 * there may have been a change in scanning (scan started, completed, stopped).
1210 * wpas_notify_scanning() is called whenever the scanning state changed from the
1211 * previously notified state.
1213 void wpa_supplicant_notify_scanning(struct wpa_supplicant *wpa_s,
1216 if (wpa_s->scanning != scanning) {
1217 wpa_s->scanning = scanning;
1218 wpas_notify_scanning(wpa_s);
1223 static int wpa_scan_get_max_rate(const struct wpa_scan_res *res)
1229 ie = wpa_scan_get_ie(res, WLAN_EID_SUPP_RATES);
1230 for (i = 0; ie && i < ie[1]; i++) {
1231 if ((ie[i + 2] & 0x7f) > rate)
1232 rate = ie[i + 2] & 0x7f;
1235 ie = wpa_scan_get_ie(res, WLAN_EID_EXT_SUPP_RATES);
1236 for (i = 0; ie && i < ie[1]; i++) {
1237 if ((ie[i + 2] & 0x7f) > rate)
1238 rate = ie[i + 2] & 0x7f;
1246 * wpa_scan_get_ie - Fetch a specified information element from a scan result
1247 * @res: Scan result entry
1248 * @ie: Information element identitifier (WLAN_EID_*)
1249 * Returns: Pointer to the information element (id field) or %NULL if not found
1251 * This function returns the first matching information element in the scan
1254 const u8 * wpa_scan_get_ie(const struct wpa_scan_res *res, u8 ie)
1256 const u8 *end, *pos;
1258 pos = (const u8 *) (res + 1);
1259 end = pos + res->ie_len;
1261 while (pos + 1 < end) {
1262 if (pos + 2 + pos[1] > end)
1274 * wpa_scan_get_vendor_ie - Fetch vendor information element from a scan result
1275 * @res: Scan result entry
1276 * @vendor_type: Vendor type (four octets starting the IE payload)
1277 * Returns: Pointer to the information element (id field) or %NULL if not found
1279 * This function returns the first matching information element in the scan
1282 const u8 * wpa_scan_get_vendor_ie(const struct wpa_scan_res *res,
1285 const u8 *end, *pos;
1287 pos = (const u8 *) (res + 1);
1288 end = pos + res->ie_len;
1290 while (pos + 1 < end) {
1291 if (pos + 2 + pos[1] > end)
1293 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1294 vendor_type == WPA_GET_BE32(&pos[2]))
1304 * wpa_scan_get_vendor_ie_beacon - Fetch vendor information from a scan result
1305 * @res: Scan result entry
1306 * @vendor_type: Vendor type (four octets starting the IE payload)
1307 * Returns: Pointer to the information element (id field) or %NULL if not found
1309 * This function returns the first matching information element in the scan
1312 * This function is like wpa_scan_get_vendor_ie(), but uses IE buffer only
1313 * from Beacon frames instead of either Beacon or Probe Response frames.
1315 const u8 * wpa_scan_get_vendor_ie_beacon(const struct wpa_scan_res *res,
1318 const u8 *end, *pos;
1320 if (res->beacon_ie_len == 0)
1323 pos = (const u8 *) (res + 1);
1325 end = pos + res->beacon_ie_len;
1327 while (pos + 1 < end) {
1328 if (pos + 2 + pos[1] > end)
1330 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1331 vendor_type == WPA_GET_BE32(&pos[2]))
1341 * wpa_scan_get_vendor_ie_multi - Fetch vendor IE data from a scan result
1342 * @res: Scan result entry
1343 * @vendor_type: Vendor type (four octets starting the IE payload)
1344 * Returns: Pointer to the information element payload or %NULL if not found
1346 * This function returns concatenated payload of possibly fragmented vendor
1347 * specific information elements in the scan result. The caller is responsible
1348 * for freeing the returned buffer.
1350 struct wpabuf * wpa_scan_get_vendor_ie_multi(const struct wpa_scan_res *res,
1354 const u8 *end, *pos;
1356 buf = wpabuf_alloc(res->ie_len);
1360 pos = (const u8 *) (res + 1);
1361 end = pos + res->ie_len;
1363 while (pos + 1 < end) {
1364 if (pos + 2 + pos[1] > end)
1366 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1367 vendor_type == WPA_GET_BE32(&pos[2]))
1368 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
1372 if (wpabuf_len(buf) == 0) {
1382 * Channels with a great SNR can operate at full rate. What is a great SNR?
1383 * This doc https://supportforums.cisco.com/docs/DOC-12954 says, "the general
1384 * rule of thumb is that any SNR above 20 is good." This one
1385 * http://www.cisco.com/en/US/tech/tk722/tk809/technologies_q_and_a_item09186a00805e9a96.shtml#qa23
1386 * recommends 25 as a minimum SNR for 54 Mbps data rate. 30 is chosen here as a
1387 * conservative value.
1389 #define GREAT_SNR 30
1391 /* Compare function for sorting scan results. Return >0 if @b is considered
1393 static int wpa_scan_result_compar(const void *a, const void *b)
1395 #define IS_5GHZ(n) (n > 4000)
1396 #define MIN(a,b) a < b ? a : b
1397 struct wpa_scan_res **_wa = (void *) a;
1398 struct wpa_scan_res **_wb = (void *) b;
1399 struct wpa_scan_res *wa = *_wa;
1400 struct wpa_scan_res *wb = *_wb;
1401 int wpa_a, wpa_b, maxrate_a, maxrate_b;
1404 /* WPA/WPA2 support preferred */
1405 wpa_a = wpa_scan_get_vendor_ie(wa, WPA_IE_VENDOR_TYPE) != NULL ||
1406 wpa_scan_get_ie(wa, WLAN_EID_RSN) != NULL;
1407 wpa_b = wpa_scan_get_vendor_ie(wb, WPA_IE_VENDOR_TYPE) != NULL ||
1408 wpa_scan_get_ie(wb, WLAN_EID_RSN) != NULL;
1410 if (wpa_b && !wpa_a)
1412 if (!wpa_b && wpa_a)
1415 /* privacy support preferred */
1416 if ((wa->caps & IEEE80211_CAP_PRIVACY) == 0 &&
1417 (wb->caps & IEEE80211_CAP_PRIVACY))
1419 if ((wa->caps & IEEE80211_CAP_PRIVACY) &&
1420 (wb->caps & IEEE80211_CAP_PRIVACY) == 0)
1423 if ((wa->flags & wb->flags & WPA_SCAN_LEVEL_DBM) &&
1424 !((wa->flags | wb->flags) & WPA_SCAN_NOISE_INVALID)) {
1425 snr_a = MIN(wa->level - wa->noise, GREAT_SNR);
1426 snr_b = MIN(wb->level - wb->noise, GREAT_SNR);
1428 /* Not suitable information to calculate SNR, so use level */
1433 /* best/max rate preferred if SNR close enough */
1434 if ((snr_a && snr_b && abs(snr_b - snr_a) < 5) ||
1435 (wa->qual && wb->qual && abs(wb->qual - wa->qual) < 10)) {
1436 maxrate_a = wpa_scan_get_max_rate(wa);
1437 maxrate_b = wpa_scan_get_max_rate(wb);
1438 if (maxrate_a != maxrate_b)
1439 return maxrate_b - maxrate_a;
1440 if (IS_5GHZ(wa->freq) ^ IS_5GHZ(wb->freq))
1441 return IS_5GHZ(wa->freq) ? -1 : 1;
1444 /* use freq for channel preference */
1446 /* all things being equal, use SNR; if SNRs are
1447 * identical, use quality values since some drivers may only report
1448 * that value and leave the signal level zero */
1450 return wb->qual - wa->qual;
1451 return snr_b - snr_a;
1458 /* Compare function for sorting scan results when searching a WPS AP for
1459 * provisioning. Return >0 if @b is considered better. */
1460 static int wpa_scan_result_wps_compar(const void *a, const void *b)
1462 struct wpa_scan_res **_wa = (void *) a;
1463 struct wpa_scan_res **_wb = (void *) b;
1464 struct wpa_scan_res *wa = *_wa;
1465 struct wpa_scan_res *wb = *_wb;
1466 int uses_wps_a, uses_wps_b;
1467 struct wpabuf *wps_a, *wps_b;
1470 /* Optimization - check WPS IE existence before allocated memory and
1471 * doing full reassembly. */
1472 uses_wps_a = wpa_scan_get_vendor_ie(wa, WPS_IE_VENDOR_TYPE) != NULL;
1473 uses_wps_b = wpa_scan_get_vendor_ie(wb, WPS_IE_VENDOR_TYPE) != NULL;
1474 if (uses_wps_a && !uses_wps_b)
1476 if (!uses_wps_a && uses_wps_b)
1479 if (uses_wps_a && uses_wps_b) {
1480 wps_a = wpa_scan_get_vendor_ie_multi(wa, WPS_IE_VENDOR_TYPE);
1481 wps_b = wpa_scan_get_vendor_ie_multi(wb, WPS_IE_VENDOR_TYPE);
1482 res = wps_ap_priority_compar(wps_a, wps_b);
1490 * Do not use current AP security policy as a sorting criteria during
1491 * WPS provisioning step since the AP may get reconfigured at the
1492 * completion of provisioning.
1495 /* all things being equal, use signal level; if signal levels are
1496 * identical, use quality values since some drivers may only report
1497 * that value and leave the signal level zero */
1498 if (wb->level == wa->level)
1499 return wb->qual - wa->qual;
1500 return wb->level - wa->level;
1502 #endif /* CONFIG_WPS */
1505 static void dump_scan_res(struct wpa_scan_results *scan_res)
1507 #ifndef CONFIG_NO_STDOUT_DEBUG
1510 if (scan_res->res == NULL || scan_res->num == 0)
1513 wpa_printf(MSG_EXCESSIVE, "Sorted scan results");
1515 for (i = 0; i < scan_res->num; i++) {
1516 struct wpa_scan_res *r = scan_res->res[i];
1518 if ((r->flags & (WPA_SCAN_LEVEL_DBM | WPA_SCAN_NOISE_INVALID))
1519 == WPA_SCAN_LEVEL_DBM) {
1520 int snr = r->level - r->noise;
1521 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
1522 "noise=%d level=%d snr=%d%s flags=0x%x "
1524 MAC2STR(r->bssid), r->freq, r->qual,
1525 r->noise, r->level, snr,
1526 snr >= GREAT_SNR ? "*" : "", r->flags,
1529 wpa_printf(MSG_EXCESSIVE, MACSTR " freq=%d qual=%d "
1530 "noise=%d level=%d flags=0x%x age=%u",
1531 MAC2STR(r->bssid), r->freq, r->qual,
1532 r->noise, r->level, r->flags, r->age);
1534 pos = (u8 *) (r + 1);
1536 wpa_hexdump(MSG_EXCESSIVE, "IEs", pos, r->ie_len);
1538 if (r->beacon_ie_len)
1539 wpa_hexdump(MSG_EXCESSIVE, "Beacon IEs",
1540 pos, r->beacon_ie_len);
1542 #endif /* CONFIG_NO_STDOUT_DEBUG */
1547 * wpa_supplicant_filter_bssid_match - Is the specified BSSID allowed
1548 * @wpa_s: Pointer to wpa_supplicant data
1549 * @bssid: BSSID to check
1550 * Returns: 0 if the BSSID is filtered or 1 if not
1552 * This function is used to filter out specific BSSIDs from scan reslts mainly
1553 * for testing purposes (SET bssid_filter ctrl_iface command).
1555 int wpa_supplicant_filter_bssid_match(struct wpa_supplicant *wpa_s,
1560 if (wpa_s->bssid_filter == NULL)
1563 for (i = 0; i < wpa_s->bssid_filter_count; i++) {
1564 if (os_memcmp(wpa_s->bssid_filter + i * ETH_ALEN, bssid,
1573 static void filter_scan_res(struct wpa_supplicant *wpa_s,
1574 struct wpa_scan_results *res)
1578 if (wpa_s->bssid_filter == NULL)
1581 for (i = 0, j = 0; i < res->num; i++) {
1582 if (wpa_supplicant_filter_bssid_match(wpa_s,
1583 res->res[i]->bssid)) {
1584 res->res[j++] = res->res[i];
1586 os_free(res->res[i]);
1591 if (res->num != j) {
1592 wpa_printf(MSG_DEBUG, "Filtered out %d scan results",
1593 (int) (res->num - j));
1600 * wpa_supplicant_get_scan_results - Get scan results
1601 * @wpa_s: Pointer to wpa_supplicant data
1602 * @info: Information about what was scanned or %NULL if not available
1603 * @new_scan: Whether a new scan was performed
1604 * Returns: Scan results, %NULL on failure
1606 * This function request the current scan results from the driver and updates
1607 * the local BSS list wpa_s->bss. The caller is responsible for freeing the
1608 * results with wpa_scan_results_free().
1610 struct wpa_scan_results *
1611 wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s,
1612 struct scan_info *info, int new_scan)
1614 struct wpa_scan_results *scan_res;
1616 int (*compar)(const void *, const void *) = wpa_scan_result_compar;
1618 scan_res = wpa_drv_get_scan_results2(wpa_s);
1619 if (scan_res == NULL) {
1620 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to get scan results");
1623 if (scan_res->fetch_time.sec == 0) {
1625 * Make sure we have a valid timestamp if the driver wrapper
1626 * does not set this.
1628 os_get_reltime(&scan_res->fetch_time);
1630 filter_scan_res(wpa_s, scan_res);
1633 if (wpas_wps_in_progress(wpa_s)) {
1634 wpa_dbg(wpa_s, MSG_DEBUG, "WPS: Order scan results with WPS "
1635 "provisioning rules");
1636 compar = wpa_scan_result_wps_compar;
1638 #endif /* CONFIG_WPS */
1640 qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *),
1642 dump_scan_res(scan_res);
1644 wpa_bss_update_start(wpa_s);
1645 for (i = 0; i < scan_res->num; i++)
1646 wpa_bss_update_scan_res(wpa_s, scan_res->res[i],
1647 &scan_res->fetch_time);
1648 wpa_bss_update_end(wpa_s, info, new_scan);
1655 * wpa_supplicant_update_scan_results - Update scan results from the driver
1656 * @wpa_s: Pointer to wpa_supplicant data
1657 * Returns: 0 on success, -1 on failure
1659 * This function updates the BSS table within wpa_supplicant based on the
1660 * currently available scan results from the driver without requesting a new
1661 * scan. This is used in cases where the driver indicates an association
1662 * (including roaming within ESS) and wpa_supplicant does not yet have the
1663 * needed information to complete the connection (e.g., to perform validation
1664 * steps in 4-way handshake).
1666 int wpa_supplicant_update_scan_results(struct wpa_supplicant *wpa_s)
1668 struct wpa_scan_results *scan_res;
1669 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
1670 if (scan_res == NULL)
1672 wpa_scan_results_free(scan_res);
1679 * scan_only_handler - Reports scan results
1681 void scan_only_handler(struct wpa_supplicant *wpa_s,
1682 struct wpa_scan_results *scan_res)
1684 wpa_dbg(wpa_s, MSG_DEBUG, "Scan-only results received");
1685 if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
1686 wpa_s->manual_scan_use_id && wpa_s->own_scan_running) {
1687 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS "id=%u",
1688 wpa_s->manual_scan_id);
1689 wpa_s->manual_scan_use_id = 0;
1691 wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
1693 wpas_notify_scan_results(wpa_s);
1694 wpas_notify_scan_done(wpa_s, 1);
1698 int wpas_scan_scheduled(struct wpa_supplicant *wpa_s)
1700 return eloop_is_timeout_registered(wpa_supplicant_scan, wpa_s, NULL);