path: root/wpa_supplicant/scan.c
Commit message (Collapse)AuthorAgeFilesLines
* nl80211: Use extended capabilities per interface typeKanchanapally, Vidyullatha2016-05-311-0/+7
| | | | | | | | | | This adds the necessary changes to support extraction and use of the extended capabilities specified per interface type (a recent cfg80211/nl80211 extension). If that information is available, per-interface values will be used to override the global per-radio value. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove dead code from wpas_sched_scan_plans_set()Jouni Malinen2016-05-281-7/+0
| | | | | | | scan_plan->interval was checked against 0 twice; the latter case cannot happen. Signed-off-by: Jouni Malinen <j@w1.fi>
* Improve reattach scan OOM failure handlingJouni Malinen2016-05-281-5/+3
| | | | | | | | | | Instead of reporting the memory allocation failure and stopping, run the scan even if the frequency list cannot be created due to allocation failure. This allows the wpa_s->reattach flag to be cleared and the scan to be completed even if it takes a bit longer time due to all channels getting scanned. Signed-off-by: Jouni Malinen <j@w1.fi>
* Indicate scan failure event on parameter cloning failureJouni Malinen2016-05-281-4/+2
| | | | | | This is more consistent with the radio_add_work() error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Fix a memory leak on an error pathJouni Malinen2016-05-231-0/+3
| | | | | | | | | If preassoc_mac_addr is used and updating the MAC address fails in wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that and also send a CTRL-EVENT-SCAN-FAILED event in this and another error case. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - phase1 is used in all WPS casesJouni Malinen2016-05-221-4/+1
| | | | | | | | There is no need to have a separate if statement to skip the cases where phase1 is not set. Just check it with the strstr comparison since this case is not really used in practice. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Clean up code a bit - ssid cannot be NULL hereJouni Malinen2016-05-221-2/+1
| | | | | | | wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so there is no need for the extra if statement. Signed-off-by: Jouni Malinen <j@w1.fi>
* WNM: Fetch scan results before checking transition candidatesKanchanapally, Vidyullatha2016-04-231-5/+5
| | | | | | | | | | | | | On receiving a WNM BSS Transition Management Request frame with a candidate list, fetch the latest scan results from the kernel to see if there are any recent scan results for the candidates and initiate a connection if found. This helps to avoid triggering a new scan in cases where a scan initiated by something else (e.g., an internal beacon measurement report functionality in a driver) has processed Beacon or Probe Response frames without wpa_supplicant having received a notification of such an update yet. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frameJouni Malinen2016-04-081-0/+7
| | | | | | | | | | | | The new VENDOR_ELEM value 14 can now be used to add a vendor element into Probe Request frames used by non-P2P active scans. For example: VENDOR_ELEM_ADD 14 dd05001122330a and to clear that: VENDOR_ELEM_REMOVE 14 * Signed-off-by: Jouni Malinen <j@w1.fi>
* Mark wpa_supplicant_{start,stop}_sched_scan() staticJouni Malinen2016-04-071-3/+4
| | | | | | | | With the only callers in wpas_{start,stop}_pno() moved into scan.c, there is no need to call these helper functions from outside scan.c anymore. Signed-off-by: Jouni Malinen <j@w1.fi>
* Android: Fix max number of sched scan SSIDs based on driver capabilityDmitry Shmidt2016-04-021-3/+11
| | | | | | | | This adds use of the driver capability (instead of hardcoded WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already done in wpa_supplicant_req_sched_scan(). Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Fix a typo in a commentJouni Malinen2016-03-251-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Abort ongoing scan when p2p_find is stoppedBen Rosenfeld2016-03-031-1/+7
| | | | | | | When p2p_find is stopped, send request to the driver in order to cancel an ongoing scan if there is one. Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
* WNM: Optimize a single BSS transition management candidate scanJouni Malinen2016-02-261-0/+23
| | | | | | | | | | | If the BSS Transition Management Request frame includes only a single candidate and we need to scan for the BSS to get up-to-date information, use a scan for the known BSSID instead of wildcard BSSID. In addition, set the SSID in the scan if it is known based on old scan results in the BSS table. This removes unnecessary Probe Response frames when we are interested in results from only a single BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Add an option to specify the BSSID to scan forJouni Malinen2016-02-261-0/+13
| | | | | | | This allows scans to be optimized when a response is needed only from a single, known BSS. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Add cellular capability to MBO IEDavid Spinadel2016-02-221-0/+6
| | | | | | | | Add cellular capability attribute to MBO IE and add MBO IE with cellular capabilities to Probe Request frames. By default, cellular capability value is set to Not Cellular capable (3). Signed-off-by: David Spinadel <david.spinadel@intel.com>
* utils: Share a single helper function to get IE by IDAvraham Stern2016-02-211-14/+1
| | | | | | | | Add a helper function to find a certain IE inside IEs buffer by ID and use this function in several places that implemented similar functionality locally. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* wpa_supplicant: Share a single get_mode() implementationAvraham Stern2016-02-211-15/+0
| | | | | | There is no need to duplicate this helper function in multiple files. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Allow sched_scan_plans to be updated at runtimeJouni Malinen2015-11-301-0/+8
| | | | | | | | This allows the control interface SET command to be used to update the sched_scan_plans parameter at runtime. In addition, an empty string can be used to clear the previously configured plan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for configuring scheduled scan plansAvraham Stern2015-11-301-30/+179
| | | | | | | | | | | | Add the option to configure scheduled scan plans in the config file. Each scan plan specifies the interval between scans and the number of scan iterations. The last plan will run infinitely and thus specifies only the interval between scan iterations. usage: sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* nl80211: Add support for multiple scan plans for scheduled scanAvraham Stern2015-11-301-1/+24
| | | | | | | | | | | | | | | Add 'scan plans' to driver scan parameters for scheduled scan. Each 'scan plan' specifies the number of iterations to run the scan request and the interval between iterations. When a scan plan finishes (i.e., it was run for the specified number of iterations), the next scan plan is executed. The last scan plan will run infinitely. The maximum number of supported scan plans, the maximum number of iterations for a single scan plan and the maximum scan interval are advertised by the driver. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* Abort an ongoing scan before connectKanchanapally, Vidyullatha2015-11-261-0/+11
| | | | | | | | | | Connect radio work is sometimes delayed for a considerable duration if there is an ongoing scan radio work. To avoid these delays abort the ongoing scan on that interface before queuing a connect request. Upon a scan done indication from the driver, connect radio work will be scheduled. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Restore previous wpa_state in scan-only result handlerJouni Malinen2015-11-011-0/+3
| | | | | | | | | | | | | | | The SCAN TYPE=ONLY results do not trigger a connection operation automatically. As such, there was no explicit operation that would change wpa_state after such a scan-only operation and WPA_SCANNING state could have been left in effect until the next operation is triggered by an external command. This is not desirable, so restore the wpa_state that was in use when the scan was started in case WPA_SCANNING state is still set when the scan operation completes. This was triggered by the following mac80211_hwsim test sequence: dbus_wps_oom scan_trigger_failure Signed-off-by: Jouni Malinen <j@w1.fi>
* Avoid undefined behavior in pointer arithmetic in scan result IE parsingJouni Malinen2015-10-251-8/+8
| | | | | | | | | Reorder terms in a way that no invalid pointers are generated with pos+len operations. end-pos is always defined (with a valid pos pointer) while pos+len could end up pointing beyond the end pointer which would be undefined behavior. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not allow ap_scan=2 scan processing to stop AP mode operationJouni Malinen2015-08-111-0/+3
| | | | | | | | | | | wpa_supplicant_assoc_try() would result in the currently operating AP to get stopped if wpa_supplicant_scan() ends up getting triggered without MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could resulted in unintentional stopping of AP mode operations, so check explicitly for that case and skip the wpa_supplicant_assoc_try() call if needed to avoid this. Signed-off-by: Jouni Malinen <j@w1.fi>
* FST: Integration into wpa_supplicantAnton Nayshtut2015-07-161-0/+6
| | | | | | This commit integrates the FST into the wpa_supplicant. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Fix a typo in wpa_scan_result_compar()Hahn, Maital2015-07-081-1/+1
| | | | | | | | | A typo in wpa_scan_result_compar() caused wrong scan results sorting (and wrong roaming decision). This fixes a copy-paste regression introduced by commit a1b790eb9d7514d1a6e0582a07f695a1564caa59 ('Select AP based on estimated maximum throughput'). Signed-off-by: Maital Hahn <maitalm@ti.com>
* Add support to request a scan with specific SSIDsKrishna Vamsi2015-06-051-3/+38
| | | | | | | | | | Support a request to scan specific SSIDs given by user with the SCAN command. The SSID list can be suffixed to the scan command as follows. For example, if SSIDs "ABC" and "abc123" need to be specifically scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The value of the SSID is passed in hexadecimal representation. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Remove duplicated wpa_s->conf->interworking checkJouni Malinen2015-03-221-3/+0
| | | | | | | wpas_add_interworking_elements() does not need to do this since the caller is already checking whether Interworking is enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add Extended Capabilities element to all Probe Request framesIlan Peer2015-03-221-13/+8
| | | | | | | | | | | | Always add the Extended Capabilities element to Probe Request frames (in case it is not all zeros) to publish support for driver advertised capabilities and wpa_supplicant specific capabilities. This also fixes the case where Extended Capabilities element was added for Interworking cases, but did not use the driver advertised ones and did not handle other capabilities supported by wpa_supplicant. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* P2P: Fix regression in start-GO/AP through a "fake" scanJouni Malinen2015-03-021-1/+1
| | | | | | | | | | | | | | | | Commit 3f9ebc439c9468bf51219c931a05028aa8a3d3a7 ('P2P: Allow AP/GO interface to be started while P2P-in-progress') moved the wpa_s->connect_without_scan and wpa_s->last_scan_req checks to an earlier place within the wpa_supplicant_scan() function without adjusting wpa_s->last_scan_req. This variable was set between the old and new location, so the new location needs to use wpa_s->scan_req. This fixes an issue where AP/GO operations were not properly started in some operation sequence. Instead, a station mode scan was executed. This issue could be triggered, e.g., by running the no_go_freq test case followed by autogo_random_channel. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Allow AP/GO interface to be started while P2P-in-progressJouni Malinen2015-03-011-16/+24
| | | | | | | Do not delay the "station mode scan" that is not really a scan, but a request to start AP/GO mode operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Do not allow scan or normal association on cfg80211 P2P DeviceJouni Malinen2015-03-011-2/+15
| | | | | | | | | | The dedicated P2P management instance (wpas->p2p_mgmt == 1) using cfg80211 P2P Device cannot be used for non-P2P uses or connection (there is no netdev). Reject or ignore such operations to avoid unexpected operations if enabled network blocks are configured in the wpa_supplicant instance used to control this interface. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix minor issue in HT40 max rate determinationJouni Malinen2015-02-281-1/+1
| | | | | | | | Commit a1b790eb9d7514d1a6e0582a07f695a1564caa59 ('Select AP based on estimated maximum throughput') had a copy-paste bug than ended up leaving one of the max_ht40_rate() cases unreachable. (CID 106087) Signed-off-by: Jouni Malinen <j@w1.fi>
* Select AP based on estimated maximum throughputJouni Malinen2015-02-221-24/+195
| | | | | | | | | | | | | | | This modifies the BSS selection routines to calculate SNR and estimated throughput for each scan result and then use the estimated throughput as a criteria for sorting the results. This extends the earlier design by taking into account higher throughput rates if both the AP and local device supports HT20, HT40, or VHT80. In addition, the maximum rate is restricted based on SNR. In practice, this gives significantly higher probability of selecting HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not low enough to prevent higher MCS use. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use priority list instead of global for PNODmitry Shmidt2015-02-211-3/+10
| | | | Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* Improve BSS selection with default noise floor valuesMukesh Agrawal2015-02-011-15/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When noise floor measurements are not available, compute SNR using default values for the noise floor. This helps steer us towards 5 GHz BSSes in high signal strength environments. In more detail... Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal strength is "close" to that of the 2.4 GHz BSS, or when both SNRs are large. However, the mwifiex driver does not provide noise floor measurements, so we can't compute SNRs. Because mwifiex doesn't provide NF measurements, the "large SNR" code wasn't effective. By using default values for the noise floor, we can again compute SNRs, and decide that the SNR is high enough that we shouldn't worry about the exact difference in SNR. The default noise floor values (one for 2.4 GHz, and one for 5 GHz) were chosen by measurement in a noisy environment, so they should be conservative. Note that while this patch is motivated by mwifiex, it affects ath9k as well. Although ath9k provides noise floor measurements in general, it will sometimes fail to provide a measurement for one or more specific channels. As a result of this patch, we'll always compare BSSes based on SNR (either measured or estimated), rather than sometimes comparing based on signal strength. ("Always" assumes that the WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.) While there: - fix a whitespace issue (spaces -> tab) - clean up existing comments - update dump_scan_res to indicate whether the noise floor is measured, or default Signed-hostap: mukesh agrawal <quiche@chromium.org>
* Add passive_scan configuration parameterJouni Malinen2015-01-221-1/+4
| | | | | | | | | | This new wpa_supplicant configuration parameter can be used to force passive scanning to be used for most scanning cases at the cost of increased latency and less reliably scans. This may be of use for both testing purposes and somewhat increased privacy due to no Probe Request frames with fixed MAC address being sent out. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Retry scan-for-connect if driver trigger failsJouni Malinen2015-01-191-6/+20
| | | | | | | | | | | | | | This restores some of the pre-radio work behavior for scanning by retrying scan trigger if the driver rejects it (most likely returning EBUSY in case of nl80211-drivers). Retry is indicated in the CTRL-EVENT-SCAN-FAILED event with "retry=1". For manual scans (e.g., triggered through "SCAN" control interface command), no additional retries are performed. In other words, if upper layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED event. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Write reason for scan only_new_results into debug logJouni Malinen2015-01-171-2/+8
| | | | | | | This can be helpful in figuring out why the driver was requested to flush its scan results prior to starting a new scan. Signed-off-by: Jouni Malinen <j@w1.fi>
* Interworking: Avoid busy loop in scan result mismatch corner casesJouni Malinen2015-01-161-0/+3
| | | | | | | | | | | | | | | | It was possible for interworking_find_network_match() to find a possible BSS match in a case where more thorough checks in wpa_supplicant_select_bss() reject network. This itself is fine, in general, but when combined with wpa_supplicant_fast_associate() optimization and auto_interworking=1, this resulted in a busy loop of up to five seconds and a possible stack overflow due to recursion in that loop. Fix this by limiting the Interworking wpa_supplicant_fast_associate() call to be used only once per scan iteration, so that new scan operations can be completed before going through the scan results again. Signed-off-by: Jouni Malinen <j@w1.fi>
* scan: Add MAC address randomization in scan handlingIlan Peer2015-01-041-0/+107
| | | | | | | | | | 1. Supported MAC address randomization for scan. 2. Supported MAC address randomization for scheduled scan. 2. Supported MAC address randomization for pno. 4. Add functions to set and clear the MAC address randomization state variables. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Avoid -Wshadow warnings from older gcc versionsJouni Malinen2014-12-261-3/+3
| | | | | | | It looks like gcc 4.8.2 would warn about these with -Wshadow, but 4.6.3 did. Signed-off-by: Jouni Malinen <j@w1.fi>
* Do not allow network block scan_freq override SCAN command frequenciesJouni Malinen2014-12-141-1/+3
| | | | | | | | | The manual scan operations with the SCAN command are supposed to have independent set of scan frequencies, so do not allow scan_freq parameters to override scanned frequencies for scans that were triggered with a SCAN command. Signed-off-by: Jouni Malinen <j@w1.fi>
* Use os_calloc() instead of os_zalloc()Jouni Malinen2014-12-081-7/+7
| | | | | | | | | | | | | | | | | | | | | | Automatic changes with spatch using the following semantic patch: @@ constant C; type T; @@ - os_zalloc(C*sizeof(T)) + os_calloc(C,sizeof(T)) @@ expression E; type T; @@ - os_zalloc((E)*sizeof(T)) + os_calloc(E,sizeof(T)) Signed-off-by: Jouni Malinen <j@w1.fi>
* Add CTRL-EVENT-SCAN-FAILED notification in case of scan failureDmitry Shmidt2014-11-151-0/+2
| | | | | | | | This is needed since the SCAN command with radio work returns before the actual driver operation to trigger a scan has been executed and as such, cannot return result of that operation. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
* P2P: Delay scan operation only when P2P is not in search stateSunil Dutt2014-10-301-2/+3
| | | | | | | | | | With the radio work interface in place, station interface SCAN command was not scheduled (i.e., it got continously delayed with "Delay station mode scan while P2P operation is in progress") when a p2p_find was operational. Fix this be delaying station mode scan only when a P2P operation is in progress, but not in search state. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Implement mesh scanningJason Abele2014-10-251-0/+3
| | | | | | | | When mesh is configured in, include the wildcard mesh id so that mesh networks are returned. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Abele <jason.abele@gmail.com>
* Add support for using random local MAC addressJouni Malinen2014-09-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds experimental support for wpa_supplicant to assign random local MAC addresses for both pre-association cases (scan, GAS/ANQP) and for connections. MAC address policy for each part can be controlled separately and the connection part can be set per network block. This requires support from the driver to allow local MAC address to be changed if random address policy is enabled. It should also be noted that number of drivers would not support concurrent operations (e.g., P2P and station association) with random addresses in use for one or both. This functionality can be controlled with the global configuration parameters mac_addr and preassoc_mac_addr which set the default MAC address policies for connections and pre-association operations (scan and GAS/ANQP while not connected). The global rand_addr_lifetime parameter can be used to set the lifetime of a random MAC address in seconds (default: 60 seconds). This is used to avoid unnecessarily frequent MAC address changes since those are likely to result in driver clearing most of its state. It should be noted that the random MAC address does not expire during an ESS connection, i.e., this lifetime is only for the case where the device is disconnected. The mac_addr parameter can also be set in the network blocks to define different behavior per network. For example, the global mac_addr=1 and preassoc_mac_addr=1 settings and mac_addr=0 in a home network profile would result in behavior where all scanning is performed using a random MAC address while connections to new networks (e.g., Interworking/Hotspot 2.0) would use random address and connections to the home network would use the permanent MAC address. Signed-off-by: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Use freq_list scan filtar in sched_scanBojan Prtvar2014-08-121-0/+7
| | | | | | | | | Global freq_list scan filtar was taken into account only by req_scan and not by req_sched_scan. We want to allow the user to limit the channels that wpa_supplicant will scan in req_sched_scan requests as well. Signed-off-by: Bojan Prtvar <bojan.prtvar@rt-rk.com>