bss.c 30 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149
  1. /*
  2. * BSS table
  3. * Copyright (c) 2009-2012, Jouni Malinen <j@w1.fi>
  4. *
  5. * This software may be distributed under the terms of the BSD license.
  6. * See README for more details.
  7. */
  8. #include "utils/includes.h"
  9. #include "utils/common.h"
  10. #include "utils/eloop.h"
  11. #include "common/ieee802_11_defs.h"
  12. #include "drivers/driver.h"
  13. #include "wpa_supplicant_i.h"
  14. #include "config.h"
  15. #include "notify.h"
  16. #include "scan.h"
  17. #include "bss.h"
  18. /**
  19. * WPA_BSS_EXPIRATION_PERIOD - Period of expiration run in seconds
  20. */
  21. #define WPA_BSS_EXPIRATION_PERIOD 10
  22. #define WPA_BSS_FREQ_CHANGED_FLAG BIT(0)
  23. #define WPA_BSS_SIGNAL_CHANGED_FLAG BIT(1)
  24. #define WPA_BSS_PRIVACY_CHANGED_FLAG BIT(2)
  25. #define WPA_BSS_MODE_CHANGED_FLAG BIT(3)
  26. #define WPA_BSS_WPAIE_CHANGED_FLAG BIT(4)
  27. #define WPA_BSS_RSNIE_CHANGED_FLAG BIT(5)
  28. #define WPA_BSS_WPS_CHANGED_FLAG BIT(6)
  29. #define WPA_BSS_RATES_CHANGED_FLAG BIT(7)
  30. #define WPA_BSS_IES_CHANGED_FLAG BIT(8)
  31. static void wpa_bss_set_hessid(struct wpa_bss *bss)
  32. {
  33. #ifdef CONFIG_INTERWORKING
  34. const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
  35. if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
  36. os_memset(bss->hessid, 0, ETH_ALEN);
  37. return;
  38. }
  39. if (ie[1] == 7)
  40. os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
  41. else
  42. os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
  43. #endif /* CONFIG_INTERWORKING */
  44. }
  45. /**
  46. * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
  47. * Returns: Allocated ANQP data structure or %NULL on failure
  48. *
  49. * The allocated ANQP data structure has its users count set to 1. It may be
  50. * shared by multiple BSS entries and each shared entry is freed with
  51. * wpa_bss_anqp_free().
  52. */
  53. struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
  54. {
  55. struct wpa_bss_anqp *anqp;
  56. anqp = os_zalloc(sizeof(*anqp));
  57. if (anqp == NULL)
  58. return NULL;
  59. anqp->users = 1;
  60. return anqp;
  61. }
  62. /**
  63. * wpa_bss_anqp_clone - Clone an ANQP data structure
  64. * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
  65. * Returns: Cloned ANQP data structure or %NULL on failure
  66. */
  67. static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
  68. {
  69. struct wpa_bss_anqp *n;
  70. n = os_zalloc(sizeof(*n));
  71. if (n == NULL)
  72. return NULL;
  73. #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
  74. #ifdef CONFIG_INTERWORKING
  75. ANQP_DUP(venue_name);
  76. ANQP_DUP(network_auth_type);
  77. ANQP_DUP(roaming_consortium);
  78. ANQP_DUP(ip_addr_type_availability);
  79. ANQP_DUP(nai_realm);
  80. ANQP_DUP(anqp_3gpp);
  81. ANQP_DUP(domain_name);
  82. #endif /* CONFIG_INTERWORKING */
  83. #ifdef CONFIG_HS20
  84. ANQP_DUP(hs20_operator_friendly_name);
  85. ANQP_DUP(hs20_wan_metrics);
  86. ANQP_DUP(hs20_connection_capability);
  87. ANQP_DUP(hs20_operating_class);
  88. #endif /* CONFIG_HS20 */
  89. #undef ANQP_DUP
  90. return n;
  91. }
  92. /**
  93. * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
  94. * @bss: BSS entry
  95. * Returns: 0 on success, -1 on failure
  96. *
  97. * This function ensures the specific BSS entry has an ANQP data structure that
  98. * is not shared with any other BSS entry.
  99. */
  100. int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
  101. {
  102. struct wpa_bss_anqp *anqp;
  103. if (bss->anqp && bss->anqp->users > 1) {
  104. /* allocated, but shared - clone an unshared copy */
  105. anqp = wpa_bss_anqp_clone(bss->anqp);
  106. if (anqp == NULL)
  107. return -1;
  108. anqp->users = 1;
  109. bss->anqp->users--;
  110. bss->anqp = anqp;
  111. return 0;
  112. }
  113. if (bss->anqp)
  114. return 0; /* already allocated and not shared */
  115. /* not allocated - allocate a new storage area */
  116. bss->anqp = wpa_bss_anqp_alloc();
  117. return bss->anqp ? 0 : -1;
  118. }
  119. /**
  120. * wpa_bss_anqp_free - Free an ANQP data structure
  121. * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
  122. */
  123. static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
  124. {
  125. if (anqp == NULL)
  126. return;
  127. anqp->users--;
  128. if (anqp->users > 0) {
  129. /* Another BSS entry holds a pointer to this ANQP info */
  130. return;
  131. }
  132. #ifdef CONFIG_INTERWORKING
  133. wpabuf_free(anqp->venue_name);
  134. wpabuf_free(anqp->network_auth_type);
  135. wpabuf_free(anqp->roaming_consortium);
  136. wpabuf_free(anqp->ip_addr_type_availability);
  137. wpabuf_free(anqp->nai_realm);
  138. wpabuf_free(anqp->anqp_3gpp);
  139. wpabuf_free(anqp->domain_name);
  140. #endif /* CONFIG_INTERWORKING */
  141. #ifdef CONFIG_HS20
  142. wpabuf_free(anqp->hs20_operator_friendly_name);
  143. wpabuf_free(anqp->hs20_wan_metrics);
  144. wpabuf_free(anqp->hs20_connection_capability);
  145. wpabuf_free(anqp->hs20_operating_class);
  146. #endif /* CONFIG_HS20 */
  147. os_free(anqp);
  148. }
  149. static void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
  150. const char *reason)
  151. {
  152. if (wpa_s->last_scan_res) {
  153. unsigned int i;
  154. for (i = 0; i < wpa_s->last_scan_res_used; i++) {
  155. if (wpa_s->last_scan_res[i] == bss) {
  156. os_memmove(&wpa_s->last_scan_res[i],
  157. &wpa_s->last_scan_res[i + 1],
  158. (wpa_s->last_scan_res_used - i - 1)
  159. * sizeof(struct wpa_bss *));
  160. wpa_s->last_scan_res_used--;
  161. break;
  162. }
  163. }
  164. }
  165. dl_list_del(&bss->list);
  166. dl_list_del(&bss->list_id);
  167. wpa_s->num_bss--;
  168. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
  169. " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
  170. wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
  171. wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
  172. wpa_bss_anqp_free(bss->anqp);
  173. os_free(bss);
  174. }
  175. /**
  176. * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
  177. * @wpa_s: Pointer to wpa_supplicant data
  178. * @bssid: BSSID
  179. * @ssid: SSID
  180. * @ssid_len: Length of @ssid
  181. * Returns: Pointer to the BSS entry or %NULL if not found
  182. */
  183. struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
  184. const u8 *ssid, size_t ssid_len)
  185. {
  186. struct wpa_bss *bss;
  187. if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
  188. return NULL;
  189. dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
  190. if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
  191. bss->ssid_len == ssid_len &&
  192. os_memcmp(bss->ssid, ssid, ssid_len) == 0)
  193. return bss;
  194. }
  195. return NULL;
  196. }
  197. static void calculate_update_time(const struct os_time *fetch_time,
  198. unsigned int age_ms,
  199. struct os_time *update_time)
  200. {
  201. os_time_t usec;
  202. update_time->sec = fetch_time->sec;
  203. update_time->usec = fetch_time->usec;
  204. update_time->sec -= age_ms / 1000;
  205. usec = (age_ms % 1000) * 1000;
  206. if (update_time->usec < usec) {
  207. update_time->sec--;
  208. update_time->usec += 1000000;
  209. }
  210. update_time->usec -= usec;
  211. }
  212. static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
  213. struct os_time *fetch_time)
  214. {
  215. dst->flags = src->flags;
  216. os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
  217. dst->freq = src->freq;
  218. dst->beacon_int = src->beacon_int;
  219. dst->caps = src->caps;
  220. dst->qual = src->qual;
  221. dst->noise = src->noise;
  222. dst->level = src->level;
  223. dst->tsf = src->tsf;
  224. calculate_update_time(fetch_time, src->age, &dst->last_update);
  225. }
  226. static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
  227. {
  228. struct wpa_ssid *ssid;
  229. for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
  230. if (ssid->ssid == NULL || ssid->ssid_len == 0)
  231. continue;
  232. if (ssid->ssid_len == bss->ssid_len &&
  233. os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
  234. return 1;
  235. }
  236. return 0;
  237. }
  238. static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
  239. {
  240. return bss == wpa_s->current_bss ||
  241. os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
  242. os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0;
  243. }
  244. static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
  245. {
  246. struct wpa_bss *bss;
  247. dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
  248. if (!wpa_bss_known(wpa_s, bss)) {
  249. wpa_bss_remove(wpa_s, bss, __func__);
  250. return 0;
  251. }
  252. }
  253. return -1;
  254. }
  255. static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
  256. {
  257. struct wpa_bss *bss;
  258. /*
  259. * Remove the oldest entry that does not match with any configured
  260. * network.
  261. */
  262. if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
  263. return 0;
  264. /*
  265. * Remove the oldest entry that isn't currently in use.
  266. */
  267. dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
  268. if (!wpa_bss_in_use(wpa_s, bss)) {
  269. wpa_bss_remove(wpa_s, bss, __func__);
  270. return 0;
  271. }
  272. }
  273. return -1;
  274. }
  275. static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
  276. const u8 *ssid, size_t ssid_len,
  277. struct wpa_scan_res *res,
  278. struct os_time *fetch_time)
  279. {
  280. struct wpa_bss *bss;
  281. bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
  282. if (bss == NULL)
  283. return NULL;
  284. bss->id = wpa_s->bss_next_id++;
  285. bss->last_update_idx = wpa_s->bss_update_idx;
  286. wpa_bss_copy_res(bss, res, fetch_time);
  287. os_memcpy(bss->ssid, ssid, ssid_len);
  288. bss->ssid_len = ssid_len;
  289. bss->ie_len = res->ie_len;
  290. bss->beacon_ie_len = res->beacon_ie_len;
  291. os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
  292. wpa_bss_set_hessid(bss);
  293. dl_list_add_tail(&wpa_s->bss, &bss->list);
  294. dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
  295. wpa_s->num_bss++;
  296. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
  297. " SSID '%s'",
  298. bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len));
  299. wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
  300. if (wpa_s->num_bss > wpa_s->conf->bss_max_count &&
  301. wpa_bss_remove_oldest(wpa_s) != 0) {
  302. wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
  303. "because all BSSes are in use. We should normally "
  304. "not get here!", (int) wpa_s->num_bss);
  305. wpa_s->conf->bss_max_count = wpa_s->num_bss;
  306. }
  307. return bss;
  308. }
  309. static int are_ies_equal(const struct wpa_bss *old,
  310. const struct wpa_scan_res *new, u32 ie)
  311. {
  312. const u8 *old_ie, *new_ie;
  313. struct wpabuf *old_ie_buff = NULL;
  314. struct wpabuf *new_ie_buff = NULL;
  315. int new_ie_len, old_ie_len, ret, is_multi;
  316. switch (ie) {
  317. case WPA_IE_VENDOR_TYPE:
  318. old_ie = wpa_bss_get_vendor_ie(old, ie);
  319. new_ie = wpa_scan_get_vendor_ie(new, ie);
  320. is_multi = 0;
  321. break;
  322. case WPS_IE_VENDOR_TYPE:
  323. old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
  324. new_ie_buff = wpa_scan_get_vendor_ie_multi(new, ie);
  325. is_multi = 1;
  326. break;
  327. case WLAN_EID_RSN:
  328. case WLAN_EID_SUPP_RATES:
  329. case WLAN_EID_EXT_SUPP_RATES:
  330. old_ie = wpa_bss_get_ie(old, ie);
  331. new_ie = wpa_scan_get_ie(new, ie);
  332. is_multi = 0;
  333. break;
  334. default:
  335. wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
  336. return 0;
  337. }
  338. if (is_multi) {
  339. /* in case of multiple IEs stored in buffer */
  340. old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
  341. new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
  342. old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
  343. new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
  344. } else {
  345. /* in case of single IE */
  346. old_ie_len = old_ie ? old_ie[1] + 2 : 0;
  347. new_ie_len = new_ie ? new_ie[1] + 2 : 0;
  348. }
  349. if (!old_ie || !new_ie)
  350. ret = !old_ie && !new_ie;
  351. else
  352. ret = (old_ie_len == new_ie_len &&
  353. os_memcmp(old_ie, new_ie, old_ie_len) == 0);
  354. wpabuf_free(old_ie_buff);
  355. wpabuf_free(new_ie_buff);
  356. return ret;
  357. }
  358. static u32 wpa_bss_compare_res(const struct wpa_bss *old,
  359. const struct wpa_scan_res *new)
  360. {
  361. u32 changes = 0;
  362. int caps_diff = old->caps ^ new->caps;
  363. if (old->freq != new->freq)
  364. changes |= WPA_BSS_FREQ_CHANGED_FLAG;
  365. if (old->level != new->level)
  366. changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
  367. if (caps_diff & IEEE80211_CAP_PRIVACY)
  368. changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
  369. if (caps_diff & IEEE80211_CAP_IBSS)
  370. changes |= WPA_BSS_MODE_CHANGED_FLAG;
  371. if (old->ie_len == new->ie_len &&
  372. os_memcmp(old + 1, new + 1, old->ie_len) == 0)
  373. return changes;
  374. changes |= WPA_BSS_IES_CHANGED_FLAG;
  375. if (!are_ies_equal(old, new, WPA_IE_VENDOR_TYPE))
  376. changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
  377. if (!are_ies_equal(old, new, WLAN_EID_RSN))
  378. changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
  379. if (!are_ies_equal(old, new, WPS_IE_VENDOR_TYPE))
  380. changes |= WPA_BSS_WPS_CHANGED_FLAG;
  381. if (!are_ies_equal(old, new, WLAN_EID_SUPP_RATES) ||
  382. !are_ies_equal(old, new, WLAN_EID_EXT_SUPP_RATES))
  383. changes |= WPA_BSS_RATES_CHANGED_FLAG;
  384. return changes;
  385. }
  386. static void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
  387. const struct wpa_bss *bss)
  388. {
  389. if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
  390. wpas_notify_bss_freq_changed(wpa_s, bss->id);
  391. if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
  392. wpas_notify_bss_signal_changed(wpa_s, bss->id);
  393. if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
  394. wpas_notify_bss_privacy_changed(wpa_s, bss->id);
  395. if (changes & WPA_BSS_MODE_CHANGED_FLAG)
  396. wpas_notify_bss_mode_changed(wpa_s, bss->id);
  397. if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
  398. wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
  399. if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
  400. wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
  401. if (changes & WPA_BSS_WPS_CHANGED_FLAG)
  402. wpas_notify_bss_wps_changed(wpa_s, bss->id);
  403. if (changes & WPA_BSS_IES_CHANGED_FLAG)
  404. wpas_notify_bss_ies_changed(wpa_s, bss->id);
  405. if (changes & WPA_BSS_RATES_CHANGED_FLAG)
  406. wpas_notify_bss_rates_changed(wpa_s, bss->id);
  407. }
  408. static struct wpa_bss *
  409. wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
  410. struct wpa_scan_res *res, struct os_time *fetch_time)
  411. {
  412. u32 changes;
  413. changes = wpa_bss_compare_res(bss, res);
  414. bss->scan_miss_count = 0;
  415. bss->last_update_idx = wpa_s->bss_update_idx;
  416. wpa_bss_copy_res(bss, res, fetch_time);
  417. /* Move the entry to the end of the list */
  418. dl_list_del(&bss->list);
  419. if (bss->ie_len + bss->beacon_ie_len >=
  420. res->ie_len + res->beacon_ie_len) {
  421. os_memcpy(bss + 1, res + 1, res->ie_len + res->beacon_ie_len);
  422. bss->ie_len = res->ie_len;
  423. bss->beacon_ie_len = res->beacon_ie_len;
  424. } else {
  425. struct wpa_bss *nbss;
  426. struct dl_list *prev = bss->list_id.prev;
  427. dl_list_del(&bss->list_id);
  428. nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
  429. res->beacon_ie_len);
  430. if (nbss) {
  431. unsigned int i;
  432. for (i = 0; i < wpa_s->last_scan_res_used; i++) {
  433. if (wpa_s->last_scan_res[i] == bss) {
  434. wpa_s->last_scan_res[i] = nbss;
  435. break;
  436. }
  437. }
  438. if (wpa_s->current_bss == bss)
  439. wpa_s->current_bss = nbss;
  440. bss = nbss;
  441. os_memcpy(bss + 1, res + 1,
  442. res->ie_len + res->beacon_ie_len);
  443. bss->ie_len = res->ie_len;
  444. bss->beacon_ie_len = res->beacon_ie_len;
  445. }
  446. dl_list_add(prev, &bss->list_id);
  447. }
  448. if (changes & WPA_BSS_IES_CHANGED_FLAG)
  449. wpa_bss_set_hessid(bss);
  450. dl_list_add_tail(&wpa_s->bss, &bss->list);
  451. notify_bss_changes(wpa_s, changes, bss);
  452. return bss;
  453. }
  454. /**
  455. * wpa_bss_update_start - Start a BSS table update from scan results
  456. * @wpa_s: Pointer to wpa_supplicant data
  457. *
  458. * This function is called at the start of each BSS table update round for new
  459. * scan results. The actual scan result entries are indicated with calls to
  460. * wpa_bss_update_scan_res() and the update round is finished with a call to
  461. * wpa_bss_update_end().
  462. */
  463. void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
  464. {
  465. wpa_s->bss_update_idx++;
  466. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
  467. wpa_s->bss_update_idx);
  468. wpa_s->last_scan_res_used = 0;
  469. }
  470. /**
  471. * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
  472. * @wpa_s: Pointer to wpa_supplicant data
  473. * @res: Scan result
  474. * @fetch_time: Time when the result was fetched from the driver
  475. *
  476. * This function updates a BSS table entry (or adds one) based on a scan result.
  477. * This is called separately for each scan result between the calls to
  478. * wpa_bss_update_start() and wpa_bss_update_end().
  479. */
  480. void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
  481. struct wpa_scan_res *res,
  482. struct os_time *fetch_time)
  483. {
  484. const u8 *ssid, *p2p;
  485. struct wpa_bss *bss;
  486. if (wpa_s->conf->ignore_old_scan_res) {
  487. struct os_time update;
  488. calculate_update_time(fetch_time, res->age, &update);
  489. if (os_time_before(&update, &wpa_s->scan_trigger_time)) {
  490. struct os_time age;
  491. os_time_sub(&wpa_s->scan_trigger_time, &update, &age);
  492. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
  493. "table entry that is %u.%06u seconds older "
  494. "than our scan trigger",
  495. (unsigned int) age.sec,
  496. (unsigned int) age.usec);
  497. return;
  498. }
  499. }
  500. ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
  501. if (ssid == NULL) {
  502. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
  503. MACSTR, MAC2STR(res->bssid));
  504. return;
  505. }
  506. if (ssid[1] > 32) {
  507. wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
  508. MACSTR, MAC2STR(res->bssid));
  509. return;
  510. }
  511. p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
  512. #ifdef CONFIG_P2P
  513. if (p2p == NULL &&
  514. wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
  515. /*
  516. * If it's a P2P specific interface, then don't update
  517. * the scan result without a P2P IE.
  518. */
  519. wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
  520. " update for P2P interface", MAC2STR(res->bssid));
  521. return;
  522. }
  523. #endif /* CONFIG_P2P */
  524. if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
  525. os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
  526. return; /* Skip P2P listen discovery results here */
  527. /* TODO: add option for ignoring BSSes we are not interested in
  528. * (to save memory) */
  529. bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
  530. if (bss == NULL)
  531. bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
  532. else
  533. bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
  534. if (bss == NULL)
  535. return;
  536. if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
  537. struct wpa_bss **n;
  538. unsigned int siz;
  539. if (wpa_s->last_scan_res_size == 0)
  540. siz = 32;
  541. else
  542. siz = wpa_s->last_scan_res_size * 2;
  543. n = os_realloc_array(wpa_s->last_scan_res, siz,
  544. sizeof(struct wpa_bss *));
  545. if (n == NULL)
  546. return;
  547. wpa_s->last_scan_res = n;
  548. wpa_s->last_scan_res_size = siz;
  549. }
  550. wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
  551. }
  552. static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
  553. const struct scan_info *info)
  554. {
  555. int found;
  556. size_t i;
  557. if (info == NULL)
  558. return 1;
  559. if (info->num_freqs) {
  560. found = 0;
  561. for (i = 0; i < info->num_freqs; i++) {
  562. if (bss->freq == info->freqs[i]) {
  563. found = 1;
  564. break;
  565. }
  566. }
  567. if (!found)
  568. return 0;
  569. }
  570. if (info->num_ssids) {
  571. found = 0;
  572. for (i = 0; i < info->num_ssids; i++) {
  573. const struct wpa_driver_scan_ssid *s = &info->ssids[i];
  574. if ((s->ssid == NULL || s->ssid_len == 0) ||
  575. (s->ssid_len == bss->ssid_len &&
  576. os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
  577. 0)) {
  578. found = 1;
  579. break;
  580. }
  581. }
  582. if (!found)
  583. return 0;
  584. }
  585. return 1;
  586. }
  587. /**
  588. * wpa_bss_update_end - End a BSS table update from scan results
  589. * @wpa_s: Pointer to wpa_supplicant data
  590. * @info: Information about scan parameters
  591. * @new_scan: Whether this update round was based on a new scan
  592. *
  593. * This function is called at the end of each BSS table update round for new
  594. * scan results. The start of the update was indicated with a call to
  595. * wpa_bss_update_start().
  596. */
  597. void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
  598. int new_scan)
  599. {
  600. struct wpa_bss *bss, *n;
  601. wpa_s->last_scan_full = 0;
  602. os_get_time(&wpa_s->last_scan);
  603. if (!new_scan)
  604. return; /* do not expire entries without new scan */
  605. if (info && !info->aborted && !info->freqs) {
  606. size_t i;
  607. if (info->num_ssids == 0) {
  608. wpa_s->last_scan_full = 1;
  609. } else {
  610. for (i = 0; i < info->num_ssids; i++) {
  611. if (info->ssids[i].ssid == NULL ||
  612. info->ssids[i].ssid_len == 0) {
  613. wpa_s->last_scan_full = 1;
  614. break;
  615. }
  616. }
  617. }
  618. }
  619. dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
  620. if (wpa_bss_in_use(wpa_s, bss))
  621. continue;
  622. if (!wpa_bss_included_in_scan(bss, info))
  623. continue; /* expire only BSSes that were scanned */
  624. if (bss->last_update_idx < wpa_s->bss_update_idx)
  625. bss->scan_miss_count++;
  626. if (bss->scan_miss_count >=
  627. wpa_s->conf->bss_expiration_scan_count) {
  628. wpa_bss_remove(wpa_s, bss, "no match in scan");
  629. }
  630. }
  631. wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%u/%u "
  632. "last_scan_full=%d",
  633. wpa_s->last_scan_res_used, wpa_s->last_scan_res_size,
  634. wpa_s->last_scan_full);
  635. }
  636. /**
  637. * wpa_bss_flush_by_age - Flush old BSS entries
  638. * @wpa_s: Pointer to wpa_supplicant data
  639. * @age: Maximum entry age in seconds
  640. *
  641. * Remove BSS entries that have not been updated during the last @age seconds.
  642. */
  643. void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
  644. {
  645. struct wpa_bss *bss, *n;
  646. struct os_time t;
  647. if (dl_list_empty(&wpa_s->bss))
  648. return;
  649. os_get_time(&t);
  650. t.sec -= age;
  651. dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
  652. if (wpa_bss_in_use(wpa_s, bss))
  653. continue;
  654. if (os_time_before(&bss->last_update, &t)) {
  655. wpa_bss_remove(wpa_s, bss, __func__);
  656. } else
  657. break;
  658. }
  659. }
  660. static void wpa_bss_timeout(void *eloop_ctx, void *timeout_ctx)
  661. {
  662. struct wpa_supplicant *wpa_s = eloop_ctx;
  663. wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
  664. eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0,
  665. wpa_bss_timeout, wpa_s, NULL);
  666. }
  667. /**
  668. * wpa_bss_init - Initialize BSS table
  669. * @wpa_s: Pointer to wpa_supplicant data
  670. * Returns: 0 on success, -1 on failure
  671. *
  672. * This prepares BSS table lists and timer for periodic updates. The BSS table
  673. * is deinitialized with wpa_bss_deinit() once not needed anymore.
  674. */
  675. int wpa_bss_init(struct wpa_supplicant *wpa_s)
  676. {
  677. dl_list_init(&wpa_s->bss);
  678. dl_list_init(&wpa_s->bss_id);
  679. eloop_register_timeout(WPA_BSS_EXPIRATION_PERIOD, 0,
  680. wpa_bss_timeout, wpa_s, NULL);
  681. return 0;
  682. }
  683. /**
  684. * wpa_bss_flush - Flush all unused BSS entries
  685. * @wpa_s: Pointer to wpa_supplicant data
  686. */
  687. void wpa_bss_flush(struct wpa_supplicant *wpa_s)
  688. {
  689. struct wpa_bss *bss, *n;
  690. if (wpa_s->bss.next == NULL)
  691. return; /* BSS table not yet initialized */
  692. dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
  693. if (wpa_bss_in_use(wpa_s, bss))
  694. continue;
  695. wpa_bss_remove(wpa_s, bss, __func__);
  696. }
  697. }
  698. /**
  699. * wpa_bss_deinit - Deinitialize BSS table
  700. * @wpa_s: Pointer to wpa_supplicant data
  701. */
  702. void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
  703. {
  704. eloop_cancel_timeout(wpa_bss_timeout, wpa_s, NULL);
  705. wpa_bss_flush(wpa_s);
  706. }
  707. /**
  708. * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
  709. * @wpa_s: Pointer to wpa_supplicant data
  710. * @bssid: BSSID
  711. * Returns: Pointer to the BSS entry or %NULL if not found
  712. */
  713. struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
  714. const u8 *bssid)
  715. {
  716. struct wpa_bss *bss;
  717. if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
  718. return NULL;
  719. dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
  720. if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
  721. return bss;
  722. }
  723. return NULL;
  724. }
  725. /**
  726. * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
  727. * @wpa_s: Pointer to wpa_supplicant data
  728. * @bssid: BSSID
  729. * Returns: Pointer to the BSS entry or %NULL if not found
  730. *
  731. * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
  732. * find the entry that has the most recent update. This can help in finding the
  733. * correct entry in cases where the SSID of the AP may have changed recently
  734. * (e.g., in WPS reconfiguration cases).
  735. */
  736. struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
  737. const u8 *bssid)
  738. {
  739. struct wpa_bss *bss, *found = NULL;
  740. if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
  741. return NULL;
  742. dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
  743. if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
  744. continue;
  745. if (found == NULL ||
  746. os_time_before(&found->last_update, &bss->last_update))
  747. found = bss;
  748. }
  749. return found;
  750. }
  751. #ifdef CONFIG_P2P
  752. /**
  753. * wpa_bss_get_p2p_dev_addr - Fetch a BSS table entry based on P2P Device Addr
  754. * @wpa_s: Pointer to wpa_supplicant data
  755. * @dev_addr: P2P Device Address of the GO
  756. * Returns: Pointer to the BSS entry or %NULL if not found
  757. */
  758. struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
  759. const u8 *dev_addr)
  760. {
  761. struct wpa_bss *bss;
  762. dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
  763. u8 addr[ETH_ALEN];
  764. if (p2p_parse_dev_addr((const u8 *) (bss + 1), bss->ie_len,
  765. addr) == 0 &&
  766. os_memcmp(addr, dev_addr, ETH_ALEN) == 0)
  767. return bss;
  768. }
  769. return NULL;
  770. }
  771. #endif /* CONFIG_P2P */
  772. /**
  773. * wpa_bss_get_id - Fetch a BSS table entry based on identifier
  774. * @wpa_s: Pointer to wpa_supplicant data
  775. * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
  776. * Returns: Pointer to the BSS entry or %NULL if not found
  777. */
  778. struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
  779. {
  780. struct wpa_bss *bss;
  781. dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
  782. if (bss->id == id)
  783. return bss;
  784. }
  785. return NULL;
  786. }
  787. /**
  788. * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
  789. * @wpa_s: Pointer to wpa_supplicant data
  790. * @idf: Smallest allowed identifier assigned for the entry
  791. * @idf: Largest allowed identifier assigned for the entry
  792. * Returns: Pointer to the BSS entry or %NULL if not found
  793. *
  794. * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
  795. * smallest id value to be fetched within the specified range without the
  796. * caller having to know the exact id.
  797. */
  798. struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
  799. unsigned int idf, unsigned int idl)
  800. {
  801. struct wpa_bss *bss;
  802. dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
  803. if (bss->id >= idf && bss->id <= idl)
  804. return bss;
  805. }
  806. return NULL;
  807. }
  808. /**
  809. * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
  810. * @bss: BSS table entry
  811. * @ie: Information element identitifier (WLAN_EID_*)
  812. * Returns: Pointer to the information element (id field) or %NULL if not found
  813. *
  814. * This function returns the first matching information element in the BSS
  815. * entry.
  816. */
  817. const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
  818. {
  819. const u8 *end, *pos;
  820. pos = (const u8 *) (bss + 1);
  821. end = pos + bss->ie_len;
  822. while (pos + 1 < end) {
  823. if (pos + 2 + pos[1] > end)
  824. break;
  825. if (pos[0] == ie)
  826. return pos;
  827. pos += 2 + pos[1];
  828. }
  829. return NULL;
  830. }
  831. /**
  832. * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
  833. * @bss: BSS table entry
  834. * @vendor_type: Vendor type (four octets starting the IE payload)
  835. * Returns: Pointer to the information element (id field) or %NULL if not found
  836. *
  837. * This function returns the first matching information element in the BSS
  838. * entry.
  839. */
  840. const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
  841. {
  842. const u8 *end, *pos;
  843. pos = (const u8 *) (bss + 1);
  844. end = pos + bss->ie_len;
  845. while (pos + 1 < end) {
  846. if (pos + 2 + pos[1] > end)
  847. break;
  848. if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
  849. vendor_type == WPA_GET_BE32(&pos[2]))
  850. return pos;
  851. pos += 2 + pos[1];
  852. }
  853. return NULL;
  854. }
  855. /**
  856. * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
  857. * @bss: BSS table entry
  858. * @vendor_type: Vendor type (four octets starting the IE payload)
  859. * Returns: Pointer to the information element payload or %NULL if not found
  860. *
  861. * This function returns concatenated payload of possibly fragmented vendor
  862. * specific information elements in the BSS entry. The caller is responsible for
  863. * freeing the returned buffer.
  864. */
  865. struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
  866. u32 vendor_type)
  867. {
  868. struct wpabuf *buf;
  869. const u8 *end, *pos;
  870. buf = wpabuf_alloc(bss->ie_len);
  871. if (buf == NULL)
  872. return NULL;
  873. pos = (const u8 *) (bss + 1);
  874. end = pos + bss->ie_len;
  875. while (pos + 1 < end) {
  876. if (pos + 2 + pos[1] > end)
  877. break;
  878. if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
  879. vendor_type == WPA_GET_BE32(&pos[2]))
  880. wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
  881. pos += 2 + pos[1];
  882. }
  883. if (wpabuf_len(buf) == 0) {
  884. wpabuf_free(buf);
  885. buf = NULL;
  886. }
  887. return buf;
  888. }
  889. /**
  890. * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
  891. * @bss: BSS table entry
  892. * @vendor_type: Vendor type (four octets starting the IE payload)
  893. * Returns: Pointer to the information element payload or %NULL if not found
  894. *
  895. * This function returns concatenated payload of possibly fragmented vendor
  896. * specific information elements in the BSS entry. The caller is responsible for
  897. * freeing the returned buffer.
  898. *
  899. * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
  900. * from Beacon frames instead of either Beacon or Probe Response frames.
  901. */
  902. struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
  903. u32 vendor_type)
  904. {
  905. struct wpabuf *buf;
  906. const u8 *end, *pos;
  907. buf = wpabuf_alloc(bss->beacon_ie_len);
  908. if (buf == NULL)
  909. return NULL;
  910. pos = (const u8 *) (bss + 1);
  911. pos += bss->ie_len;
  912. end = pos + bss->beacon_ie_len;
  913. while (pos + 1 < end) {
  914. if (pos + 2 + pos[1] > end)
  915. break;
  916. if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
  917. vendor_type == WPA_GET_BE32(&pos[2]))
  918. wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
  919. pos += 2 + pos[1];
  920. }
  921. if (wpabuf_len(buf) == 0) {
  922. wpabuf_free(buf);
  923. buf = NULL;
  924. }
  925. return buf;
  926. }
  927. /**
  928. * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
  929. * @bss: BSS table entry
  930. * Returns: Maximum legacy rate in units of 500 kbps
  931. */
  932. int wpa_bss_get_max_rate(const struct wpa_bss *bss)
  933. {
  934. int rate = 0;
  935. const u8 *ie;
  936. int i;
  937. ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
  938. for (i = 0; ie && i < ie[1]; i++) {
  939. if ((ie[i + 2] & 0x7f) > rate)
  940. rate = ie[i + 2] & 0x7f;
  941. }
  942. ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
  943. for (i = 0; ie && i < ie[1]; i++) {
  944. if ((ie[i + 2] & 0x7f) > rate)
  945. rate = ie[i + 2] & 0x7f;
  946. }
  947. return rate;
  948. }
  949. /**
  950. * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
  951. * @bss: BSS table entry
  952. * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
  953. * Returns: number of legacy TX rates or -1 on failure
  954. *
  955. * The caller is responsible for freeing the returned buffer with os_free() in
  956. * case of success.
  957. */
  958. int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
  959. {
  960. const u8 *ie, *ie2;
  961. int i, j;
  962. unsigned int len;
  963. u8 *r;
  964. ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
  965. ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
  966. len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
  967. r = os_malloc(len);
  968. if (!r)
  969. return -1;
  970. for (i = 0; ie && i < ie[1]; i++)
  971. r[i] = ie[i + 2] & 0x7f;
  972. for (j = 0; ie2 && j < ie2[1]; j++)
  973. r[i + j] = ie2[j + 2] & 0x7f;
  974. *rates = r;
  975. return len;
  976. }