path: root/wpa_supplicant/scan.c
Commit message (Collapse)AuthorAgeFilesLines
* RRM: Send Radio Measurement response when beacon report scan failsAvraham Stern2017-07-171-1/+6
| | | | | | | | | When failing to trigger scan for beacon report (e.g., when the requested duration is not supported by the driver), send a Radio Measurement response with the mode set to refused and don't retry the scan. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* STA: Add OCE capability indication attributeAshwini Patil2017-07-141-4/+4
| | | | | | | Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Avoid associating to temp disabled SSID in ap_scan=2Shaul Triebitz2017-03-291-3/+13
| | | | | | | | | | | | In ap_scan=2 mode, wpa_supplicant_assoc_try() did not check whether the SSID is temporarily disabled before trying to associate and this may result in an infinite connect/disconnect loop. If the association succeeds while the SSID is temporarily disabled, wpa_supplicant will request to deauthenticate and that in turn will cause the SSID to be temporarily disabled again. Fix that by postponing the association until the SSID is no longer temporarily disabled. Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
* nl80211: Add option to delay start of schedule scan plansPurushottam Kushwaha2017-03-091-2/+9
| | | | | | | | | | | | The userspace may want to delay the the first scheduled scan. This enhances sched_scan to add initial delay (in seconds) before starting first scan cycle. The driver may optionally choose to ignore this parameter and start immediately (or at any other time). This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user global configurable option: sched_scan_start_delay. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use os_memdup()Johannes Berg2017-03-071-17/+9
| | | | | | | | | | | | | | | | | | | | | | This leads to cleaner code overall, and also reduces the size of the hostapd and wpa_supplicant binaries (in hwsim test build on x86_64) by about 2.5 and 3.5KiB respectively. The mechanical conversions all over the code were done with the following spatch: @@ expression SIZE, SRC; expression a; @@ -a = os_malloc(SIZE); +a = os_memdup(SRC, SIZE); <... if (!a) {...} ...> -os_memcpy(a, SRC, SIZE); Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Clear scan_res_handler on no-retry failureHu Wang2017-03-011-0/+3
| | | | | | | | | | | | | | Previously it was possible for wpa_s->scan_res_handler to remain set to its old value in case wpa_drv_scan() failed and no retry for the scan trigger was scheduled (i.e., when last_scan_req == MANUAL_SCAN_REQ). This could result in getting stuck with the next connection attempt after a failed "SCAN TYPE=ONLY" operation when wpa_s->scan_res_handler was set to scan_only_handler(). Fix this by clearing wpa_s->scan_res_handler if wpa_drv_scan() fails and no retry is scheduled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Fix SELECT_NETWORK freq parameterJouni Malinen2017-02-261-0/+7
| | | | | | | | | | | | | | | | This functionality was originally added in commit 204c9ac4eed9f0ad69497f2efcd0d095dfd6e61c ('Extend select_network command with freq= to reduce scan time') re-using wpa_s->manual_scan_freqs and MANUAL_SCAN_REQ. That got broken when commit 35d403096eb63c787bd736dd8ba0902c34398fa8 ('Set NORMAL_SCAN_REQ on SELECT_NETWORK/ENABLE_NETWORK') started overriding wpa_s->scan_req for SELECT_NETWORK. Fix this by adding a new scan frequency list specifically for SELECT_NETWORK so that this does not need to depend on any specific wpa_s->scan_req value. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use throughput estimate-based BSS selection with larger SNR differenceJouni Malinen2017-02-161-2/+4
| | | | | | | | | | | | | | Previously, the est_throughput comparison was done only when SNR difference was less than 5 dB. Since the throughput estimation take into account SNR, this can be done in more cases. For now, add a conservative 2 dB more to the difference so that any SNR difference below 7 dB results in BSS selection based on throughput estimates. In addition, the throughput estimates require SNR values to be available, so separate this from the 5 GHz preference that can be done based on either SNR or qual values. Signed-off-by: Jouni Malinen <j@w1.fi>
* Drop GREAT_SNR definition from 30 to 25 dBJouni Malinen2017-02-161-3/+5
| | | | | | | | | | | This allows throughput estimates and 5 GHz preference over 2.4 GHz band to be used in more cases. The previously used value of 30 was significantly more conservative than the SNR limits used for the highest rate in scan_est_throughput() and this resulted in cases where 5 GHz AP was ignored while SNR with it would have been close to reaching the maximum TX rate. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add support to sched scan to report relatively better BSSsvamsi krishna2017-02-101-0/+28
| | | | | | | | | | | | | | | | Add support to set sched scan relative RSSI parameters so that the drivers can report BSSs after relative comparision with the current connected BSS. This feature is applicable only when in connected mode. The below commands can be used to configure relative RSSI parameters SET relative_rssi <disable|rssi_value> disable - to disable the feature rssi_value - amount of relative RSSI in dB SET relative_band_adjust <band:adjust_value> band - "2G" or "5G" for 2.4 GHz or 5 GHz respectively adjust_value - amount of RSSI to be adjusted in dB Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Allow PNO scan also in connection completed statevamsi krishna2017-02-081-1/+1
| | | | | | | | Sched scan is supported by the kernel also in the connected state, so allow PNO scan to be issued in the connected state from wpa_supplicant as well. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* driver: Add scan support to beacon reportAvraham Stern2017-01-031-0/+2
| | | | | | | | | | | | | | | | | | | Add the following parameters to scan request: 1. Dwell time on each channel. 2. Whether the specified dwell time is mandatory. In addition, add to scan results info the time that the scan actually started, and to each scan result the time the beacon/probe was received, both in terms of TSF of the BSS that the interface that requested the scan is connected to (if available). Add flags to indicate whether the driver supports dwell time configuration and scan information reporting. This scan configuration and information is required to support beacon report radio measurement. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Ignore scan results from ongoing scan when FLUSH command is issuedJouni Malinen2016-12-111-0/+12
| | | | | | | | | | | | | This makes wpa_supplicant behavior more consistent with FLUSH command to clear all state. Previously, it was possible for an ongoing scan to be aborted when the FLUSH command is issued and the scan results from that aborted scan would still be processed and that would update the BSS table which was supposed to cleared by the FLUSH command. This could result in hwsim test case failures due to unexpected BSS table entries being present after the FLUSH command. Signed-off-by: Jouni Malinen <j@w1.fi>
* Defer scans while PNO is in progress instead of skipping themArik Nemtsov2016-12-041-5/+15
| | | | | | | | Skipping the scan altogether will hurt auto-reconnect. Also move the PNO check down since the scan might be canceled for other reasons before we defer it. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
* Add support to abort vendor scanSunil Dutt2016-11-301-8/+21
| | | | | | | | | | | | | | | | | | | This commit enhances the existing implementation of abort scan to also abort concurrent active vendor scans. This is achieved by passing the the scan_cookie to the driver interface with the intention to abort the specific scan request. This scan_cookie is returned from the driver interface when the scan request is scheduled. This scan_cookie is 0 if the scan is triggered through the upstream cfg80211 interface. Thus, the scan_cookie is used to determine whether to abort the cfg80211 or vendor scan request. Also, the previous implementation of relying on scan_work/p2p_scan_work for the active work to trigger the abort scan is enhanced to check for the started state of either of these work operations. This should also help to abort the concurrent active scan/p2p-scan operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Enhance abort scan to also abort the vendor scanSunil Dutt2016-11-301-1/+1
| | | | | | | This commit enhances the abort scan implementation to also abort the vendor scan, if one was used to trigger the scan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use random MAC address for scanning only in non-connected stateSrinivas Dasari2016-11-251-3/+6
| | | | | | | | | | | cfg80211 rejects the scans issued with random MAC address if the STA is in connected state. This resulted in failures when using MAC_RAND_SCAN while connected (CTRL-EVENT-SCAN-FAILED ret=-95). Enable random MAC address functionality only if the STA is not in connected state to avoid this. The real MAC address of the STA is already revealed in the association, so this is an acceptable fallback mechanism for now. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Get scan_result IE also from Beacon framesEliad Peller2016-10-291-1/+7
| | | | | | No reason to require ie_len if only beacon_ie_len is given. Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
* Check for NULL qsort() base pointersJoel Cunningham2016-10-151-2/+4
| | | | | | | | | | There are a couple of places in wpa_supplicant/hostapd where qsort() can be called with a NULL base pointer. This results in undefined behavior according to the C standard and with some standard C libraries (ARM RVCT 2.2) results in a data abort/memory exception. Fix this by skipping such calls since there is nothing needing to be sorted. Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
* Fix PNO restart flowAvraham Stern2016-10-021-0/+7
| | | | | | | | | | | | | | | | | PNO is sometimes restarted due to changes in scan parameters (e.g., selected network changed or MAC randomization being enabled/disabled). Restart is done by stopping PNO and immediately starting it again. This may result in the SCHED_SCAN_STOPPED event being received after the request for new PNO, which will make wpa_supplicant believe PNO is not active although it is actually is. As a result, the next request to start PNO will fail because PNO is active and should be stopped first. Fix this by deferring the request to start PNO until the SCHED_SCAN_STOPPED event is received in case sched_scan is being stopped. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Continue scanning if sched_scan stops unexpectedlyAvraham Stern2016-10-021-0/+6
| | | | | | | | When scheduled scan stops without the interface request (for example, driver stopped it unexpectedly), start a regular scan to continue scanning for networks and avoid being left with no scan at all. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Share a common helper function for restarting sched_scanJouni Malinen2016-09-261-0/+9
| | | | | | | | This code sequence was already used at two different places (and an additional one has been proposed), so add a common helper function to avoid having to copy-paste this functionality in multiple locations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scanMax Stepanov2016-09-261-0/+19
| | | | | | | If a scheduled scan is running on select network command, cancel and reset it before kicking off a regular scan request. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
* Set default scan IEs to the driver (QCA vendor extension)vamsi krishna2016-08-021-0/+33
| | | | | | | | | | This makes wpa_supplicant set default scan IEs to the driver (if the vendor command is supported). The driver can use these IEs in the scan requests initiated by the driver itself. Also the driver can merge these IEs into further scan requests that it receives, in case if the scan request doesn't carry any of the IEs sent in this command. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Do not exceed scan ssid max size advertised by driverRoshan Pius2016-07-031-0/+6
| | | | | | | | | | | Previously, wpa_set_scan_ssids() fully exhausted wpa_driver_scan_params.ssid list when hidden network IDs are provided via the control interface. This results in us exceeding the max size for the list advertised by the driver when we add the "wildcard" scan SSID entry. So, ensure that we leave space for one more scan SSID entry in the list when we exit out of wpa_set_scan_ssids(). Signed-off-by: Roshan Pius <rpius@google.com>
* nl80211: Use extended capabilities per interface typeKanchanapally, Vidyullatha2016-05-311-0/+7
| | | | | | | | | | This adds the necessary changes to support extraction and use of the extended capabilities specified per interface type (a recent cfg80211/nl80211 extension). If that information is available, per-interface values will be used to override the global per-radio value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove dead code from wpas_sched_scan_plans_set()Jouni Malinen2016-05-281-7/+0
| | | | | | | scan_plan->interval was checked against 0 twice; the latter case cannot happen. Signed-off-by: Jouni Malinen <j@w1.fi>
* Improve reattach scan OOM failure handlingJouni Malinen2016-05-281-5/+3
| | | | | | | | | | Instead of reporting the memory allocation failure and stopping, run the scan even if the frequency list cannot be created due to allocation failure. This allows the wpa_s->reattach flag to be cleared and the scan to be completed even if it takes a bit longer time due to all channels getting scanned. Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate scan failure event on parameter cloning failureJouni Malinen2016-05-281-4/+2
| | | | | | This is more consistent with the radio_add_work() error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Fix a memory leak on an error pathJouni Malinen2016-05-231-0/+3
| | | | | | | | | If preassoc_mac_addr is used and updating the MAC address fails in wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that and also send a CTRL-EVENT-SCAN-FAILED event in this and another error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - phase1 is used in all WPS casesJouni Malinen2016-05-221-4/+1
| | | | | | | | There is no need to have a separate if statement to skip the cases where phase1 is not set. Just check it with the strstr comparison since this case is not really used in practice. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - ssid cannot be NULL hereJouni Malinen2016-05-221-2/+1
| | | | | | | wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so there is no need for the extra if statement. Signed-off-by: Jouni Malinen <j@w1.fi>
* WNM: Fetch scan results before checking transition candidatesKanchanapally, Vidyullatha2016-04-231-5/+5
| | | | | | | | | | | | | On receiving a WNM BSS Transition Management Request frame with a candidate list, fetch the latest scan results from the kernel to see if there are any recent scan results for the candidates and initiate a connection if found. This helps to avoid triggering a new scan in cases where a scan initiated by something else (e.g., an internal beacon measurement report functionality in a driver) has processed Beacon or Probe Response frames without wpa_supplicant having received a notification of such an update yet. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frameJouni Malinen2016-04-081-0/+7
| | | | | | | | | | | | The new VENDOR_ELEM value 14 can now be used to add a vendor element into Probe Request frames used by non-P2P active scans. For example: VENDOR_ELEM_ADD 14 dd05001122330a and to clear that: VENDOR_ELEM_REMOVE 14 * Signed-off-by: Jouni Malinen <j@w1.fi>
* Mark wpa_supplicant_{start,stop}_sched_scan() staticJouni Malinen2016-04-071-3/+4
| | | | | | | | With the only callers in wpas_{start,stop}_pno() moved into scan.c, there is no need to call these helper functions from outside scan.c anymore. Signed-off-by: Jouni Malinen <j@w1.fi>
* Android: Fix max number of sched scan SSIDs based on driver capabilityDmitry Shmidt2016-04-021-3/+11
| | | | | | | | This adds use of the driver capability (instead of hardcoded WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already done in wpa_supplicant_req_sched_scan(). Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Fix a typo in a commentJouni Malinen2016-03-251-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Abort ongoing scan when p2p_find is stoppedBen Rosenfeld2016-03-031-1/+7
| | | | | | | When p2p_find is stopped, send request to the driver in order to cancel an ongoing scan if there is one. Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
* WNM: Optimize a single BSS transition management candidate scanJouni Malinen2016-02-261-0/+23
| | | | | | | | | | | If the BSS Transition Management Request frame includes only a single candidate and we need to scan for the BSS to get up-to-date information, use a scan for the known BSSID instead of wildcard BSSID. In addition, set the SSID in the scan if it is known based on old scan results in the BSS table. This removes unnecessary Probe Response frames when we are interested in results from only a single BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Add an option to specify the BSSID to scan forJouni Malinen2016-02-261-0/+13
| | | | | | | This allows scans to be optimized when a response is needed only from a single, known BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Add cellular capability to MBO IEDavid Spinadel2016-02-221-0/+6
| | | | | | | | Add cellular capability attribute to MBO IE and add MBO IE with cellular capabilities to Probe Request frames. By default, cellular capability value is set to Not Cellular capable (3). Signed-off-by: David Spinadel <david.spinadel@intel.com>
* utils: Share a single helper function to get IE by IDAvraham Stern2016-02-211-14/+1
| | | | | | | | Add a helper function to find a certain IE inside IEs buffer by ID and use this function in several places that implemented similar functionality locally. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* wpa_supplicant: Share a single get_mode() implementationAvraham Stern2016-02-211-15/+0
| | | | | | There is no need to duplicate this helper function in multiple files. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Allow sched_scan_plans to be updated at runtimeJouni Malinen2015-11-301-0/+8
| | | | | | | | This allows the control interface SET command to be used to update the sched_scan_plans parameter at runtime. In addition, an empty string can be used to clear the previously configured plan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for configuring scheduled scan plansAvraham Stern2015-11-301-30/+179
| | | | | | | | | | | | Add the option to configure scheduled scan plans in the config file. Each scan plan specifies the interval between scans and the number of scan iterations. The last plan will run infinitely and thus specifies only the interval between scan iterations. usage: sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* nl80211: Add support for multiple scan plans for scheduled scanAvraham Stern2015-11-301-1/+24
| | | | | | | | | | | | | | | Add 'scan plans' to driver scan parameters for scheduled scan. Each 'scan plan' specifies the number of iterations to run the scan request and the interval between iterations. When a scan plan finishes (i.e., it was run for the specified number of iterations), the next scan plan is executed. The last scan plan will run infinitely. The maximum number of supported scan plans, the maximum number of iterations for a single scan plan and the maximum scan interval are advertised by the driver. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Abort an ongoing scan before connectKanchanapally, Vidyullatha2015-11-261-0/+11
| | | | | | | | | | Connect radio work is sometimes delayed for a considerable duration if there is an ongoing scan radio work. To avoid these delays abort the ongoing scan on that interface before queuing a connect request. Upon a scan done indication from the driver, connect radio work will be scheduled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Restore previous wpa_state in scan-only result handlerJouni Malinen2015-11-011-0/+3
| | | | | | | | | | | | | | | The SCAN TYPE=ONLY results do not trigger a connection operation automatically. As such, there was no explicit operation that would change wpa_state after such a scan-only operation and WPA_SCANNING state could have been left in effect until the next operation is triggered by an external command. This is not desirable, so restore the wpa_state that was in use when the scan was started in case WPA_SCANNING state is still set when the scan operation completes. This was triggered by the following mac80211_hwsim test sequence: dbus_wps_oom scan_trigger_failure Signed-off-by: Jouni Malinen <j@w1.fi>
* Avoid undefined behavior in pointer arithmetic in scan result IE parsingJouni Malinen2015-10-251-8/+8
| | | | | | | | | Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not allow ap_scan=2 scan processing to stop AP mode operationJouni Malinen2015-08-111-0/+3
| | | | | | | | | | | wpa_supplicant_assoc_try() would result in the currently operating AP to get stopped if wpa_supplicant_scan() ends up getting triggered without MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could resulted in unintentional stopping of AP mode operations, so check explicitly for that case and skip the wpa_supplicant_assoc_try() call if needed to avoid this. Signed-off-by: Jouni Malinen <j@w1.fi>