Commit Graph

230 Commits

Author SHA1 Message Date
Sunil Dutt
bf88401d23 Add support to abort vendor scan
This commit enhances the existing implementation of abort scan to also
abort concurrent active vendor scans. This is achieved by passing the
the scan_cookie to the driver interface with the intention to abort
the specific scan request. This scan_cookie is returned from the driver
interface when the scan request is scheduled.

This scan_cookie is 0 if the scan is triggered through the upstream
cfg80211 interface. Thus, the scan_cookie is used to determine whether
to abort the cfg80211 or vendor scan request.

Also, the previous implementation of relying on scan_work/p2p_scan_work
for the active work to trigger the abort scan is enhanced to check for
the started state of either of these work operations. This should also
help to abort the concurrent active scan/p2p-scan operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-30 19:33:43 +02:00
Sunil Dutt
eeb34a432e nl80211: Enhance abort scan to also abort the vendor scan
This commit enhances the abort scan implementation to also abort the
vendor scan, if one was used to trigger the scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-30 19:33:39 +02:00
Srinivas Dasari
346b333d9a Use random MAC address for scanning only in non-connected state
cfg80211 rejects the scans issued with random MAC address if the STA is
in connected state. This resulted in failures when using MAC_RAND_SCAN
while connected (CTRL-EVENT-SCAN-FAILED ret=-95). Enable random MAC
address functionality only if the STA is not in connected state to avoid
this. The real MAC address of the STA is already revealed in the
association, so this is an acceptable fallback mechanism for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-25 22:52:39 +02:00
Eliad Peller
d044d2f7d8 wpa_supplicant: Get scan_result IE also from Beacon frames
No reason to require ie_len if only beacon_ie_len is given.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2016-10-29 19:28:37 +03:00
Joel Cunningham
33111c910b Check for NULL qsort() base pointers
There are a couple of places in wpa_supplicant/hostapd where qsort() can
be called with a NULL base pointer. This results in undefined behavior
according to the C standard and with some standard C libraries (ARM RVCT
2.2) results in a data abort/memory exception. Fix this by skipping such
calls since there is nothing needing to be sorted.

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-10-15 18:58:27 +03:00
Avraham Stern
5ac8f8623d Fix PNO restart flow
PNO is sometimes restarted due to changes in scan parameters
(e.g., selected network changed or MAC randomization being
 enabled/disabled). Restart is done by stopping PNO and immediately
starting it again. This may result in the SCHED_SCAN_STOPPED event being
received after the request for new PNO, which will make wpa_supplicant
believe PNO is not active although it is actually is. As a result, the
next request to start PNO will fail because PNO is active and should be
stopped first.

Fix this by deferring the request to start PNO until the
SCHED_SCAN_STOPPED event is received in case sched_scan is being
stopped.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-02 19:49:42 +03:00
Avraham Stern
14f34a7303 Continue scanning if sched_scan stops unexpectedly
When scheduled scan stops without the interface request (for example,
driver stopped it unexpectedly), start a regular scan to continue
scanning for networks and avoid being left with no scan at all.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-02 19:38:57 +03:00
Jouni Malinen
5bb7327a69 Share a common helper function for restarting sched_scan
This code sequence was already used at two different places (and an
additional one has been proposed), so add a common helper function to
avoid having to copy-paste this functionality in multiple locations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-27 00:09:33 +03:00
Max Stepanov
be7ebd892e wpa_supplicant: Cancel sched_scan on SELECT_NETWORK initiated scan
If a scheduled scan is running on select network command,
cancel and reset it before kicking off a regular scan request.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2016-09-27 00:02:44 +03:00
vamsi krishna
cc9985d1b1 Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:21:52 +03:00
Roshan Pius
ef60f643ec Do not exceed scan ssid max size advertised by driver
Previously, wpa_set_scan_ssids() fully exhausted
wpa_driver_scan_params.ssid list when hidden network IDs are provided
via the control interface. This results in us exceeding the max size for
the list advertised by the driver when we add the "wildcard" scan SSID
entry. So, ensure that we leave space for one more scan SSID entry in
the list when we exit out of wpa_set_scan_ssids().

Signed-off-by: Roshan Pius <rpius@google.com>
2016-07-03 19:13:42 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
7012e2589f Remove dead code from wpas_sched_scan_plans_set()
scan_plan->interval was checked against 0 twice; the latter case cannot
happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:54:00 +03:00
Jouni Malinen
8e909fa92e Improve reattach scan OOM failure handling
Instead of reporting the memory allocation failure and stopping, run the
scan even if the frequency list cannot be created due to allocation
failure. This allows the wpa_s->reattach flag to be cleared and the scan
to be completed even if it takes a bit longer time due to all channels
getting scanned.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:47:31 +03:00
Jouni Malinen
f37d8a4da4 Indicate scan failure event on parameter cloning failure
This is more consistent with the radio_add_work() error case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:36:52 +03:00
Jouni Malinen
6dc3206ef0 scan: Fix a memory leak on an error path
If preassoc_mac_addr is used and updating the MAC address fails in
wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that
and also send a CTRL-EVENT-SCAN-FAILED event in this and another error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-23 18:29:55 +03:00
Jouni Malinen
88802405f3 scan: Clean up code a bit - phase1 is used in all WPS cases
There is no need to have a separate if statement to skip the cases where
phase1 is not set. Just check it with the strstr comparison since this
case is not really used in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-22 17:44:28 +03:00
Jouni Malinen
e1ae2876d5 scan: Clean up code a bit - ssid cannot be NULL here
wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so
there is no need for the extra if statement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-22 16:23:28 +03:00
Kanchanapally, Vidyullatha
2f195639ec WNM: Fetch scan results before checking transition candidates
On receiving a WNM BSS Transition Management Request frame with a
candidate list, fetch the latest scan results from the kernel to see if
there are any recent scan results for the candidates and initiate a
connection if found. This helps to avoid triggering a new scan in cases
where a scan initiated by something else (e.g., an internal beacon
measurement report functionality in a driver) has processed Beacon or
Probe Response frames without wpa_supplicant having received a
notification of such an update yet.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-23 17:12:16 +03:00
Jouni Malinen
61c101186a Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frame
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.

For example:
VENDOR_ELEM_ADD 14 dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-09 00:30:49 +03:00
Jouni Malinen
0f34665774 Mark wpa_supplicant_{start,stop}_sched_scan() static
With the only callers in wpas_{start,stop}_pno() moved into scan.c,
there is no need to call these helper functions from outside scan.c
anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-07 11:45:01 +03:00
Dmitry Shmidt
f89c32e63f Android: Fix max number of sched scan SSIDs based on driver capability
This adds use of the driver capability (instead of hardcoded
WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already
done in wpa_supplicant_req_sched_scan().

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-02 17:35:28 +03:00
Jouni Malinen
585141bb30 Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Ben Rosenfeld
a805731086 P2P: Abort ongoing scan when p2p_find is stopped
When p2p_find is stopped, send request to the driver
in order to cancel an ongoing scan if there is one.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2016-03-03 17:10:26 +02:00
Jouni Malinen
0645492e7c WNM: Optimize a single BSS transition management candidate scan
If the BSS Transition Management Request frame includes only a single
candidate and we need to scan for the BSS to get up-to-date information,
use a scan for the known BSSID instead of wildcard BSSID. In addition,
set the SSID in the scan if it is known based on old scan results in the
BSS table. This removes unnecessary Probe Response frames when we are
interested in results from only a single BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-26 17:19:20 +02:00
Jouni Malinen
eb20cea590 nl80211: Add an option to specify the BSSID to scan for
This allows scans to be optimized when a response is needed only from a
single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-26 17:19:20 +02:00
David Spinadel
c5d193d7b3 MBO: Add cellular capability to MBO IE
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
231b04b6cb utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:56 +02:00
Avraham Stern
ea69d9737c wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:51 +02:00
Jouni Malinen
bea48f7784 Allow sched_scan_plans to be updated at runtime
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-30 14:03:28 +02:00
Avraham Stern
32c02261dd Add support for configuring scheduled scan plans
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.

usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Avraham Stern
09ea4309b6 nl80211: Add support for multiple scan plans for scheduled scan
Add 'scan plans' to driver scan parameters for scheduled scan.
Each 'scan plan' specifies the number of iterations to run the scan
request and the interval between iterations. When a scan plan
finishes (i.e., it was run for the specified number of iterations),
the next scan plan is executed. The last scan plan will run
infinitely.

The maximum number of supported scan plans, the maximum number of
iterations for a single scan plan and the maximum scan interval
are advertised by the driver.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Kanchanapally, Vidyullatha
4ead7cfd5d Abort an ongoing scan before connect
Connect radio work is sometimes delayed for a considerable duration if
there is an ongoing scan radio work. To avoid these delays abort the
ongoing scan on that interface before queuing a connect request. Upon a
scan done indication from the driver, connect radio work will be
scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Jouni Malinen
ea6030c77f Restore previous wpa_state in scan-only result handler
The SCAN TYPE=ONLY results do not trigger a connection operation
automatically. As such, there was no explicit operation that would
change wpa_state after such a scan-only operation and WPA_SCANNING state
could have been left in effect until the next operation is triggered by
an external command. This is not desirable, so restore the wpa_state
that was in use when the scan was started in case WPA_SCANNING state is
still set when the scan operation completes.

This was triggered by the following mac80211_hwsim test sequence:
dbus_wps_oom scan_trigger_failure

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 20:26:35 +02:00
Jouni Malinen
904e977bc7 Avoid undefined behavior in pointer arithmetic in scan result IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
0a34b62be9 Do not allow ap_scan=2 scan processing to stop AP mode operation
wpa_supplicant_assoc_try() would result in the currently operating AP to
get stopped if wpa_supplicant_scan() ends up getting triggered without
MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could
resulted in unintentional stopping of AP mode operations, so check
explicitly for that case and skip the wpa_supplicant_assoc_try() call if
needed to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 21:46:38 +03:00
Anton Nayshtut
b36a3a65aa FST: Integration into wpa_supplicant
This commit integrates the FST into the wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Hahn, Maital
aa517ae227 wpa_supplicant: Fix a typo in wpa_scan_result_compar()
A typo in wpa_scan_result_compar() caused wrong scan results sorting
(and wrong roaming decision). This fixes a copy-paste regression
introduced by commit a1b790eb9d ('Select
AP based on estimated maximum throughput').

Signed-off-by: Maital Hahn <maitalm@ti.com>
2015-07-08 16:52:42 +03:00
Krishna Vamsi
a80651d067 Add support to request a scan with specific SSIDs
Support a request to scan specific SSIDs given by user with the SCAN
command. The SSID list can be suffixed to the scan command as follows.
For example, if SSIDs "ABC" and "abc123" need to be specifically
scanned, the command should be "SCAN ssid 414243 ssid 616263313233". The
value of the SSID is passed in hexadecimal representation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-05 15:55:26 +03:00
Jouni Malinen
0fd52a612a Remove duplicated wpa_s->conf->interworking check
wpas_add_interworking_elements() does not need to do this since the
caller is already checking whether Interworking is enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-22 21:48:41 +02:00
Ilan Peer
ad4430971f Add Extended Capabilities element to all Probe Request frames
Always add the Extended Capabilities element to Probe Request frames (in
case it is not all zeros) to publish support for driver advertised
capabilities and wpa_supplicant specific capabilities.

This also fixes the case where Extended Capabilities element was added
for Interworking cases, but did not use the driver advertised ones and
did not handle other capabilities supported by wpa_supplicant.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-03-22 21:48:38 +02:00
Jouni Malinen
a51c40aa35 P2P: Fix regression in start-GO/AP through a "fake" scan
Commit 3f9ebc439c ('P2P: Allow AP/GO
interface to be started while P2P-in-progress') moved the
wpa_s->connect_without_scan and wpa_s->last_scan_req checks to an
earlier place within the wpa_supplicant_scan() function without
adjusting wpa_s->last_scan_req. This variable was set between the old
and new location, so the new location needs to use wpa_s->scan_req.

This fixes an issue where AP/GO operations were not properly started in
some operation sequence. Instead, a station mode scan was executed. This
issue could be triggered, e.g., by running the no_go_freq test case
followed by autogo_random_channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-02 16:45:51 +02:00
Jouni Malinen
3f9ebc439c P2P: Allow AP/GO interface to be started while P2P-in-progress
Do not delay the "station mode scan" that is not really a scan, but a
request to start AP/GO mode operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 22:36:52 +02:00
Jouni Malinen
44b9ea5bb2 P2P: Do not allow scan or normal association on cfg80211 P2P Device
The dedicated P2P management instance (wpas->p2p_mgmt == 1) using
cfg80211 P2P Device cannot be used for non-P2P uses or connection (there
is no netdev). Reject or ignore such operations to avoid unexpected
operations if enabled network blocks are configured in the
wpa_supplicant instance used to control this interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-01 11:23:09 +02:00
Jouni Malinen
8b2b718da9 Fix minor issue in HT40 max rate determination
Commit a1b790eb9d ('Select AP based on
estimated maximum throughput') had a copy-paste bug than ended up
leaving one of the max_ht40_rate() cases unreachable. (CID 106087)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-28 16:40:58 +02:00
Jouni Malinen
a1b790eb9d Select AP based on estimated maximum throughput
This modifies the BSS selection routines to calculate SNR and estimated
throughput for each scan result and then use the estimated throughput as
a criteria for sorting the results. This extends the earlier design by
taking into account higher throughput rates if both the AP and local
device supports HT20, HT40, or VHT80. In addition, the maximum rate is
restricted based on SNR.

In practice, this gives significantly higher probability of selecting
HT/VHT APs when there are multiple BSSes in the same ESS and SNR is not
low enough to prevent higher MCS use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Dmitry Shmidt
6f5e1b0bf6 Use priority list instead of global for PNO
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-02-21 16:07:52 +02:00
Mukesh Agrawal
f0d0a5d23b Improve BSS selection with default noise floor values
When noise floor measurements are not available, compute SNR
using default values for the noise floor. This helps steer us
towards 5 GHz BSSes in high signal strength environments.

In more detail...

Existing code prefers a 5 GHz BSS when the 5 GHz BSS's signal
strength is "close" to that of the 2.4 GHz BSS, or when both SNRs
are large. However, the mwifiex driver does not provide noise
floor measurements, so we can't compute SNRs.

Because mwifiex doesn't provide NF measurements, the "large SNR"
code wasn't effective. By using default values for the noise floor,
we can again compute SNRs, and decide that the SNR is high enough
that we shouldn't worry about the exact difference in SNR.

The default noise floor values (one for 2.4 GHz, and one for 5 GHz)
were chosen by measurement in a noisy environment, so they should be
conservative.

Note that while this patch is motivated by mwifiex, it affects
ath9k as well. Although ath9k provides noise floor measurements
in general, it will sometimes fail to provide a measurement for
one or more specific channels.

As a result of this patch, we'll always compare BSSes based on SNR
(either measured or estimated), rather than sometimes comparing
based on signal strength. ("Always" assumes that the
WPA_SCAN_LEVEL_DBM flag is set. It is for mwifiex and ath9k.)

While there:
- fix a whitespace issue (spaces -> tab)
- clean up existing comments
- update dump_scan_res to indicate whether the noise floor is
  measured, or default

Signed-hostap: mukesh agrawal <quiche@chromium.org>
2015-02-01 22:01:18 +02:00
Jouni Malinen
c35e35ed81 Add passive_scan configuration parameter
This new wpa_supplicant configuration parameter can be used to force
passive scanning to be used for most scanning cases at the cost of
increased latency and less reliably scans. This may be of use for both
testing purposes and somewhat increased privacy due to no Probe Request
frames with fixed MAC address being sent out.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-22 20:50:01 +02:00
Jouni Malinen
2d9c99e37b Retry scan-for-connect if driver trigger fails
This restores some of the pre-radio work behavior for scanning by
retrying scan trigger if the driver rejects it (most likely returning
EBUSY in case of nl80211-drivers). Retry is indicated in the
CTRL-EVENT-SCAN-FAILED event with "retry=1".

For manual scans (e.g., triggered through "SCAN" control interface
command), no additional retries are performed. In other words, if upper
layers want to retry, they can do so based on the CTRL-EVENT-SCAN-FAILED
event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-19 20:25:20 +02:00