path: root/wpa_supplicant/bss.c
Commit message (Collapse)AuthorAgeFilesLines
* Use size_t instead of unsigned_int for last_scan_resJouni Malinen2020-03-221-1/+1
| | | | | | | | | This avoids a theoretical unsigned integer overflow case with 32-bit integers, but something that could potentially be hit with 16-bit int (though, even that part looks pretty theoretical in this particular case of number of BSSs in scan results). Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Use latest BSS entry if multiple P2P Device Addr matches foundHu Wang2019-09-131-6/+13
| | | | | | | | | | | | If an AP (P2P GO) has changed its operating channel or SSID recently, the BSS table may have multiple entries for the same BSSID. Commit 702621e6dd35 ('WPS: Use latest updated BSS entry if multiple BSSID matches found') fetches latest updated BSS entry based on BSSID. Do the same when fetching an entry based on the P2P Device Address. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Interworking: Print HESSID in debug messagesJouni Malinen2019-06-051-2/+8
| | | | | | | This makes it easier to understand ANQP queries needed during Interworking network selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Use a helper function for checking Extended Capabilities fieldJouni Malinen2019-01-021-1/+8
| | | | | | | | The new ieee802_11_ext_capab() and wpa_bss_ext_capab() functions can be used to check whether a specific extended capability bit is set instead of having to implement bit parsing separately for each need. Signed-off-by: Jouni Malinen <j@w1.fi>
* HS 2.0: Request and process OSU Providers NAI List ANQP-elementJouni Malinen2018-10-051-0/+2
| | | | | | | | | Extend wpa_supplicant to use a separate OSU_NAI information from OSU Providers NAI List ANQP-element instead of the OSU_NAI information from OSU Providers list ANQP-element when connecting to the shared BSS (Single SSID) for OSU. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add fetching of Operator Icon Metadata ANQP-elementJouni Malinen2018-04-171-0/+2
| | | | | | | | | This extends wpa_supplicant Hotspot 2.0 ANQP routines to allow the Operator Icon Metadata ANQP-element to be fetched with "ANQP_GET <bssid> hs20:12". The result is available in the new hs20_operator_icon_metadata entry in the "BSS <bssid>" output. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* FILS: Use FILS Cache Identifier to extend PMKSA applicabilityJouni Malinen2017-02-261-0/+16
| | | | | | | | This allows PMKSA cache entries for FILS-enabled BSSs to be shared within an ESS when the BSSs advertise the same FILS Cache Identifier value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* RRM: Enable beacon report with active/passive scan for all driversJouni Malinen2017-01-031-3/+3
| | | | | | | | | The requested behavior can be approximated for most use cases even if the driver does not support reporting exact TSF values for frames. Enable this capability for all drivers to make beacon report processing more useful for a common use case. Signed-off-by: Jouni Malinen <j@w1.fi>
* FILS: Add Realm Information ANQP-element in BSS dataJouni Malinen2016-12-181-0/+2
| | | | | | | Add a named BSS command output entry for FILS Realm Information ANQP-element (anqp_fils_realm_info). Signed-off-by: Jouni Malinen <j@w1.fi>
* nl80211: Move duplicate scan result removal to bss.cJouni Malinen2016-12-031-0/+36
| | | | | | | | | | | | | | | | The way the removal of duplicated (one per frequency) BSS entries in the cfg80211 scan results were removed in driver_nl80211_scan.c bss_info_handler() depended on having the full scan results available to allow iteration through the other entries. This is problematic for the goal of being able to optimize memory allocations for scan result fetching in a manner that would not build the full result buffer in memory. Move this duplicate removal into bss.c since it has sufficient information available for doing the same determination of which one of two BSS entries is more current. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove disconnected APs from BSS table if likely out-of-rangeDavid Spinadel2016-10-011-2/+2
| | | | | | | | | | | | | | | | In some cases, after a sudden AP disappearing and reconnection to another AP in the same ESS, if another scan occurs, wpa_supplicant might try to roam to the old AP (if it was better ranked than the new one) because it is still saved in BSS list and the blacklist entry was cleared in previous reconnect. This attempt is going to fail if the AP is not present anymore and it'll cause long disconnections. Remove an AP that is probably out of range from the BSS list to avoid such disconnections. In particular mac80211-based drivers use the WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY reason code in locally generated disconnection events for cases where the AP does not reply anymore. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* WPS: Fix memory leak with wps_ie in wpa_bss_is_wps_candidate()vamsi krishna2016-06-171-0/+1
| | | | | | | | | Fix possible memory leak in case if WPS is not enabled on the interface for connection. This path was missed in commit fae7b3726035b57a78aa552378fc5d15402b9ec1 ('WPS: Do not expire probable BSSes for WPS connection'). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Do not expire probable BSSes for WPS connectionvamsi krishna2016-06-161-1/+43
| | | | | | | | | When the BSS count reaches max_bss_count, the oldest BSS will be removed in order to accommodate a new BSS. Exclude WPS enabled BSSes when going through a WPS connection so that a possible WPS candidate will not be lost. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* utils: Share a single helper function to get IE by IDAvraham Stern2016-02-211-14/+1
| | | | | | | | Add a helper function to find a certain IE inside IEs buffer by ID and use this function in several places that implemented similar functionality locally. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Avoid undefined behavior in pointer arithmetic in BSS IE parsingJouni Malinen2015-10-241-10/+10
| | | | | | | | | Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not expire scan results based on aborted scanAvraham Stern2015-10-141-1/+1
| | | | | | | | | Do not expire scan results entries based on scan results from a scan that was aborted. The aborted scan did not scan all the requested channels or SSIDs, so the fact that a BSS is missing from the scan results does not mean it is not available. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Interworking: Support unknown ANQP-elements in BSS tableJouni Malinen2015-10-071-0/+15
| | | | | | | | | | This allows wpa_supplicant to expose internally unknown ANQP-elements in the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to fetch the AP Geospatial Location ANQP-element and if the AP has this information, the "BSS <BSSID>" command will include the response as "anqp[265]=<hexdump>". Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add BSS operating frequency to more debug messagesJouni Malinen2015-09-051-2/+6
| | | | | | | This makes it easier to analyze debug logs when figuring out channel related issues. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not mark BSS entry in use if SSID has changedJingxiang Ge2015-08-261-4/+12
| | | | | | | | | | | This allows a BSS entry to be expired if the AP has changed its SSID while maintaining the same BSSID and we are associated with the BSS. Previously, the same BSSID was enough to mark all BSS entries from the BSSID as in use regardless of the SSID and as such, they could remain in the wpa_supplicant BSS table indefinitely as long as the association remaining. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use a single cleanup timer per wpa_supplicant processJouni Malinen2015-07-201-18/+0
| | | | | | | | | | Previously, one timeout per process (by default every 30 seconds) was used P2P peer expiration and another per-interface timeout (every 10 seconds) was used to expire BSS entries. Merge these to a single per-process timeout that triggers every 10 seconds to minimize number of process wakeups due to periodic operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Do not use C++ reserved words as variable namesJouni Malinen2015-04-261-15/+15
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Use SSID_MAX_LEN define instead of value 32 when comparing SSID lengthJouni Malinen2015-04-221-2/+2
| | | | | | This makes the implementation easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add snr and est_throughput to the BSS entriesJouni Malinen2015-02-221-1/+3
| | | | | | | | These values were previously used only for sorting the scan results, but it may be useful to provide access to the used values through the BSS entries. Signed-off-by: Jouni Malinen <j@w1.fi>
* Inteworking: Add support to update the ANQP Capability List into the BSSASHUTOSH NARAYAN2015-02-211-0/+2
| | | | | | | In addition, add support for returning the capability list through the BSS control interface command. Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
* HS 2.0: Add support to update the HS20 Capability List into the BSSASHUTOSH NARAYAN2015-02-211-0/+2
| | | | | | | In addition, add support for returning the capability list through the BSS control interface command. Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
* Allow a BSS entry with all-zeros BSSID to expireJouni Malinen2014-12-021-2/+3
| | | | | | | | | | | | | | | | | | wpa_bss_in_use() used to determine that a BSS with BSSID of 00:00:00:00:00:00 is in use in almost every case since either wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This could result in a corner case of a BSS entry remaining in the BSS table indefinitely if one was added there with a (likely bogus) address of 00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and wpa_s->pending_bssid if the BSSID in the BSS table entry is 00:00:00:00:00:00. In theory, that address is a valid BSSID, but it is unlikely to be used in any production AP, so the potential expiration of a BSS entry with that address during a connection attempt would not be a concern (especially when a new scan would be enough to recover from that). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Update pending connect radio work BSS pointer on scan updateJouni Malinen2014-10-271-0/+27
| | | | | | | | | | | | | | | | | | | | | It is possible for scan result processing or BSS entry removal to occur while there is a pending connect or sme-connect radio work with a previously selected BSS entry. The BSS pointer was previously verified to be valid, i.e., still point to a BSS entry, at the time the actual connection operation is started. However, that BSS entry could have changed to point to another BSS if the old BSS entry was either removed or reallocated and a new BSS entry was added at the same location in memory. This could result in the connection attempt failing to configure parameters properly due to different BSS information (e.g., different BSSID). Fix this by updated the pending connect radio work data on BSS entry updates similarly to how the last_scan_res array was updated. If the selected BSS entry is removed, this will still result in a failed connection, but reallocated BSS entry is now followed properly and used when the connection work starts. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Use mesh id instead of SSID in BSS tableJason Abele2014-10-251-1/+6
| | | | | Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Abele <jason.abele@gmail.com>
* dbus: add BSS Age property to indicate last-seen timeDan Williams2014-09-071-0/+2
| | | | | | | | | | | | | | "Age" is the age in seconds since the BSS was last seen, and is emitted as a PropertyChanged signal whenever the BSS is updated from a scan result. It also returns the correct age when queried directly. This property can be used to resolve issues where, if no other properties of the BSS changed from scan results (for example, if the BSS always had 100% signal) no D-Bus signals would be emitted to indicate that the BSS had just been seen in the scan. Signed-hostap: Dan Williams <dcbw@redhat.com>
* Make last_scan_res update easier for static analyzersJouni Malinen2014-04-291-1/+2
| | | | | | | | The check based on last_scan_res_used is sufficient for making sure that last_scan_res is allocated. However, it is a bit too complex for static analyzers to notice, so add an explicit check to avoid bogus reports. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* HS 2.0R2: Add OSU Providers list ANQP elementJouni Malinen2014-02-251-0/+2
| | | | | | | wpa_supplicant can now request OSU Providers list with "hs20_anqp_get <BSSID> 8". Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Ask driver to report only new scan results if requestedJouni Malinen2014-01-021-0/+2
| | | | | | | | | | | | | | | | | If the BSS table within wpa_supplicant is flushed, request the driver to flush its own scan result table during the next scan. This can avoid unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command in cases where the driver may maintain its internal cache of scan results (e.g., cfg80211 BSS table persists at least for 15 seconds). In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN command argument, only_new=1, can be used to request a manual scan request to do same. Though, it should be noted that this maintains the BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can be used to clear all BSS entries from both the driver and wpa_supplicant. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove unused last_scan_fullJouni Malinen2013-12-261-20/+2
| | | | | | | | | | This parameter was not really used for anything else apart from a debug message in the same function that set it. In addition, cfg80211 returns the set of scanned frequencies even for the full scan, so the code that was setting this conditionally on frequency list not being there was not really ever entered either. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use monotonic time for last_scan checkJohannes Berg2013-12-241-1/+1
| | | | | | | | This just serves to check if there was a scan within the last 5 seconds, hence it should use monotonic time. While at it, also use os_reltime_expired(). Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* wpa_supplicant: Use monotonic time for RX/BSS timesJohannes Berg2013-12-241-14/+15
| | | | | | | | | | The BSS table, scan timeout, and related functionality should use monotonic time since they care about relative values (age) only. Unfortunately, these are all connected, so the patch can't be split further. Another problem with this is that it changes the driver wrapper API. Though, it seems only the test driver is using this. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* P2P: Show P2P flag in BSS entries also based on Beacon framesJouni Malinen2013-10-141-0/+37
| | | | | | | | It is possible that a P2P GO has been discovered through a non-P2P scan that did not return P2P IE in Probe Response frames. To cover those cases, check also Beacon frame (if received) for P2P IE. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Do not drop P2P IEs from BSS table on non-P2P scansJouni Malinen2013-10-141-0/+16
| | | | | | | | | | This could happen when non-P2P station interface runs a scan without P2P IE in the Probe Request frame. P2P GO would reply to that with a Probe Response that does not include P2P IE. Do not update the IEs in this BSS entry to avoid such loss of information that may be needed for P2P operations to determine group information. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Make sure updated BSS entry does not get added twice to the listJouni Malinen2013-09-271-1/+11
| | | | | | | | | | | | | | | When the BSS table is being updated based on new scan results, a BSS entry could end up getting added into last_scan_res list multiple times if the scan results from the driver includes duplicated values. This should not happen with driver_nl80211.c since it filter outs duplicates, but in theory, other driver wrappers could indicate such scan results. Anyway, it is safer to make sure this cannot happen by explicitly verifying the last_scan_res list before adding an updated BSS entry there. A duplicated entry in the list could potentially result in freed memory being used if there is large enough number of BSSes in the scan results to cause removal of old BSS entries. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix possible freed-memory use in BSS table updatesJouni Malinen2013-09-271-7/+8
| | | | | | | | | | | | | | | | | | | If there are large number of BSSes in the scan results, BSS table update could have added a BSS entry to the last_scan_res in a case where that BSS entry got just deleted. This would happen only if there are more than bss_max_count (by default 200) BSSes and if at least bss_max_count of those BSSes are known (match a configured network). In such a case, wpa_bss_add() could end up allocating a new BSS entry and return a pointer to that entry even if it was the one that ended up getting freed to keep the BSS table length within the limit. This could result in freed memory being used and the process crashing (likely with segfault) when trying to access information from that BSS entry. Fix the issue by removing the oldest BSS entry before linking the new entry to the table. This makes sure the newly added entry will never get picked up as the one to be deleted immediately. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add ignore_old_scan_res configuration parameterJouni Malinen2013-03-311-11/+34
| | | | | | | | | | | This can be used to configure wpa_supplicant to ignore old scan results from the driver cache in cases where such results were not updated after the scan trigger from wpa_supplicant. This can be useful in some cases where the driver may cache information for a significant time and the AP configuration is changing. Many such cases are for testing scripts, but this could potentially be useful for some WPS use cases, too. Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Use latest updated BSS entry if multiple BSSID matches foundJouni Malinen2013-03-311-0/+28
| | | | | | | | | If the AP (P2P GO) has changes its channel of SSID recently, the BSS table may have multiple entries for a BSSID. Select the one which was most recently updated for WPS/P2P operations in such case to increase the likelihood of using current information. Signed-hostap: Jouni Malinen <j@w1.fi>
* Use more accurate timestamps for scan resultsJouni Malinen2013-02-121-9/+14
| | | | | | | | | | | | For various P2P use cases, it is useful to have more accurate timestamp for the peer information update. This commit improves scan result handling by using a single timestamp that is taken immediately after fetching the results from the driver and then using that value to calculate the time when the driver last updated the BSS entry. In addition, more debug information is added for P2P peer updates to be able to clearly see how old information is being used here. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix BSS RANGE command for no exact id match casesAmar Singhal2013-02-071-0/+23
| | | | | | | | The RANGE=N1-N2 command did not return any entries in some cases where N1 does not match with any BSS entry. Fix this by allow entries to be fetched even without knowing the exact id values. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add Doxygen documentation for functionality related to scanningJouni Malinen2012-12-271-1/+158
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Unshare ANQP results on explicit ANQP requestsJouni Malinen2012-10-031-0/+54
| | | | | | | | | When ANQP_GET or HS20_ANQP_GET is used to request ANQP information, unshare the ANQP information (i.e., create a per-BSS copy of it) to make sure the information from the specified BSS is available in case the APs provide different information within HESSID. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix last_scan_res update existing BSS entry is updateJouni Malinen2012-09-101-3/+13
| | | | | | | | The BSS pointer may change if the entry needs to be reallocated and the new pointer has to be added to the last_scan_res array to avoid using pointers to freed memory. Signed-hostap: Jouni Malinen <j@w1.fi>
* Interworking: Store HESSID in BSS entryJouni Malinen2012-09-041-0/+19
| | | | | | | This makes it more convenient to match BSS entries that belong to the same homogenous ESS. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Move BSS ANQP information into separate structJouni Malinen2012-09-041-15/+43
| | | | | | | | This is an initial step in allowing the ANQP responses to be shared among multiple BSSes if the BSSes are determined to be operating under identical configuration. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* BSS: Add wpa_bss_get_vendor_ie_multi_beacon()Jouni Malinen2012-09-021-0/+32
| | | | | | This can be used to fetch vendor IEs from Beacon frames. Signed-hostap: Jouni Malinen <j@w1.fi>
* Maintain list of BSS entries in last scan result orderJouni Malinen2012-09-021-5/+61
| | | | | | | | This allows last results to be used even after they have been freed since the information is copied to the BSS entries anyway and this new array provides the order in which scan results were processed. Signed-hostap: Jouni Malinen <j@w1.fi>