1 /*
2 * BSS table
3 * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "drivers/driver.h"
15 #include "eap_peer/eap.h"
16 #include "wpa_supplicant_i.h"
17 #include "config.h"
18 #include "notify.h"
19 #include "scan.h"
20 #include "bss.h"
21
wpa_bss_set_hessid(struct wpa_bss * bss)22 static void wpa_bss_set_hessid(struct wpa_bss *bss)
23 {
24 #ifdef CONFIG_INTERWORKING
25 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
26 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
27 os_memset(bss->hessid, 0, ETH_ALEN);
28 return;
29 }
30 if (ie[1] == 7)
31 os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
32 else
33 os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
34 #endif /* CONFIG_INTERWORKING */
35 }
36
37
38 /**
39 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
40 * Returns: Allocated ANQP data structure or %NULL on failure
41 *
42 * The allocated ANQP data structure has its users count set to 1. It may be
43 * shared by multiple BSS entries and each shared entry is freed with
44 * wpa_bss_anqp_free().
45 */
wpa_bss_anqp_alloc(void)46 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
47 {
48 struct wpa_bss_anqp *anqp;
49 anqp = os_zalloc(sizeof(*anqp));
50 if (anqp == NULL)
51 return NULL;
52 #ifdef CONFIG_INTERWORKING
53 dl_list_init(&anqp->anqp_elems);
54 #endif /* CONFIG_INTERWORKING */
55 anqp->users = 1;
56 return anqp;
57 }
58
59
60 /**
61 * wpa_bss_anqp_clone - Clone an ANQP data structure
62 * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
63 * Returns: Cloned ANQP data structure or %NULL on failure
64 */
wpa_bss_anqp_clone(struct wpa_bss_anqp * anqp)65 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
66 {
67 struct wpa_bss_anqp *n;
68
69 n = os_zalloc(sizeof(*n));
70 if (n == NULL)
71 return NULL;
72
73 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
74 #ifdef CONFIG_INTERWORKING
75 dl_list_init(&n->anqp_elems);
76 ANQP_DUP(capability_list);
77 ANQP_DUP(venue_name);
78 ANQP_DUP(network_auth_type);
79 ANQP_DUP(roaming_consortium);
80 ANQP_DUP(ip_addr_type_availability);
81 ANQP_DUP(nai_realm);
82 ANQP_DUP(anqp_3gpp);
83 ANQP_DUP(domain_name);
84 ANQP_DUP(fils_realm_info);
85 #endif /* CONFIG_INTERWORKING */
86 #ifdef CONFIG_HS20
87 ANQP_DUP(hs20_capability_list);
88 ANQP_DUP(hs20_operator_friendly_name);
89 ANQP_DUP(hs20_wan_metrics);
90 ANQP_DUP(hs20_connection_capability);
91 ANQP_DUP(hs20_operating_class);
92 ANQP_DUP(hs20_osu_providers_list);
93 ANQP_DUP(hs20_operator_icon_metadata);
94 ANQP_DUP(hs20_osu_providers_nai_list);
95 #endif /* CONFIG_HS20 */
96 #undef ANQP_DUP
97
98 return n;
99 }
100
101
102 /**
103 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
104 * @bss: BSS entry
105 * Returns: 0 on success, -1 on failure
106 *
107 * This function ensures the specific BSS entry has an ANQP data structure that
108 * is not shared with any other BSS entry.
109 */
wpa_bss_anqp_unshare_alloc(struct wpa_bss * bss)110 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
111 {
112 struct wpa_bss_anqp *anqp;
113
114 if (bss->anqp && bss->anqp->users > 1) {
115 /* allocated, but shared - clone an unshared copy */
116 anqp = wpa_bss_anqp_clone(bss->anqp);
117 if (anqp == NULL)
118 return -1;
119 anqp->users = 1;
120 bss->anqp->users--;
121 bss->anqp = anqp;
122 return 0;
123 }
124
125 if (bss->anqp)
126 return 0; /* already allocated and not shared */
127
128 /* not allocated - allocate a new storage area */
129 bss->anqp = wpa_bss_anqp_alloc();
130 return bss->anqp ? 0 : -1;
131 }
132
133
134 /**
135 * wpa_bss_anqp_free - Free an ANQP data structure
136 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
137 */
wpa_bss_anqp_free(struct wpa_bss_anqp * anqp)138 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
139 {
140 #ifdef CONFIG_INTERWORKING
141 struct wpa_bss_anqp_elem *elem;
142 #endif /* CONFIG_INTERWORKING */
143
144 if (anqp == NULL)
145 return;
146
147 anqp->users--;
148 if (anqp->users > 0) {
149 /* Another BSS entry holds a pointer to this ANQP info */
150 return;
151 }
152
153 #ifdef CONFIG_INTERWORKING
154 wpabuf_free(anqp->capability_list);
155 wpabuf_free(anqp->venue_name);
156 wpabuf_free(anqp->network_auth_type);
157 wpabuf_free(anqp->roaming_consortium);
158 wpabuf_free(anqp->ip_addr_type_availability);
159 wpabuf_free(anqp->nai_realm);
160 wpabuf_free(anqp->anqp_3gpp);
161 wpabuf_free(anqp->domain_name);
162 wpabuf_free(anqp->fils_realm_info);
163
164 while ((elem = dl_list_first(&anqp->anqp_elems,
165 struct wpa_bss_anqp_elem, list))) {
166 dl_list_del(&elem->list);
167 wpabuf_free(elem->payload);
168 os_free(elem);
169 }
170 #endif /* CONFIG_INTERWORKING */
171 #ifdef CONFIG_HS20
172 wpabuf_free(anqp->hs20_capability_list);
173 wpabuf_free(anqp->hs20_operator_friendly_name);
174 wpabuf_free(anqp->hs20_wan_metrics);
175 wpabuf_free(anqp->hs20_connection_capability);
176 wpabuf_free(anqp->hs20_operating_class);
177 wpabuf_free(anqp->hs20_osu_providers_list);
178 wpabuf_free(anqp->hs20_operator_icon_metadata);
179 wpabuf_free(anqp->hs20_osu_providers_nai_list);
180 #endif /* CONFIG_HS20 */
181
182 os_free(anqp);
183 }
184
185
wpa_bss_update_pending_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * old_bss,struct wpa_bss * new_bss)186 static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s,
187 struct wpa_bss *old_bss,
188 struct wpa_bss *new_bss)
189 {
190 struct wpa_radio_work *work;
191 struct wpa_connect_work *cwork;
192
193 work = radio_work_pending(wpa_s, "sme-connect");
194 if (!work)
195 work = radio_work_pending(wpa_s, "connect");
196 if (!work)
197 return;
198
199 cwork = work->ctx;
200 if (cwork->bss != old_bss)
201 return;
202
203 wpa_printf(MSG_DEBUG,
204 "Update BSS pointer for the pending connect radio work");
205 cwork->bss = new_bss;
206 if (!new_bss)
207 cwork->bss_removed = 1;
208 }
209
210
wpa_bss_remove(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,const char * reason)211 void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
212 const char *reason)
213 {
214 if (wpa_s->last_scan_res) {
215 unsigned int i;
216 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
217 if (wpa_s->last_scan_res[i] == bss) {
218 os_memmove(&wpa_s->last_scan_res[i],
219 &wpa_s->last_scan_res[i + 1],
220 (wpa_s->last_scan_res_used - i - 1)
221 * sizeof(struct wpa_bss *));
222 wpa_s->last_scan_res_used--;
223 break;
224 }
225 }
226 }
227 wpa_bss_update_pending_connect(wpa_s, bss, NULL);
228 dl_list_del(&bss->list);
229 dl_list_del(&bss->list_id);
230 wpa_s->num_bss--;
231 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
232 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
233 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
234 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
235 wpa_bss_anqp_free(bss->anqp);
236 os_free(bss);
237 }
238
239
240 /**
241 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
242 * @wpa_s: Pointer to wpa_supplicant data
243 * @bssid: BSSID
244 * @ssid: SSID
245 * @ssid_len: Length of @ssid
246 * Returns: Pointer to the BSS entry or %NULL if not found
247 */
wpa_bss_get(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len)248 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
249 const u8 *ssid, size_t ssid_len)
250 {
251 struct wpa_bss *bss;
252 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
253 return NULL;
254 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
255 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
256 bss->ssid_len == ssid_len &&
257 os_memcmp(bss->ssid, ssid, ssid_len) == 0)
258 return bss;
259 }
260 return NULL;
261 }
262
263
calculate_update_time(const struct os_reltime * fetch_time,unsigned int age_ms,struct os_reltime * update_time)264 void calculate_update_time(const struct os_reltime *fetch_time,
265 unsigned int age_ms,
266 struct os_reltime *update_time)
267 {
268 os_time_t usec;
269
270 update_time->sec = fetch_time->sec;
271 update_time->usec = fetch_time->usec;
272 update_time->sec -= age_ms / 1000;
273 usec = (age_ms % 1000) * 1000;
274 if (update_time->usec < usec) {
275 update_time->sec--;
276 update_time->usec += 1000000;
277 }
278 update_time->usec -= usec;
279 }
280
281
wpa_bss_copy_res(struct wpa_bss * dst,struct wpa_scan_res * src,struct os_reltime * fetch_time)282 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
283 struct os_reltime *fetch_time)
284 {
285 dst->flags = src->flags;
286 os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
287 dst->freq = src->freq;
288 dst->beacon_int = src->beacon_int;
289 dst->caps = src->caps;
290 dst->qual = src->qual;
291 dst->noise = src->noise;
292 dst->level = src->level;
293 dst->tsf = src->tsf;
294 dst->est_throughput = src->est_throughput;
295 dst->snr = src->snr;
296
297 calculate_update_time(fetch_time, src->age, &dst->last_update);
298 }
299
300
wpa_bss_is_wps_candidate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)301 static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
302 struct wpa_bss *bss)
303 {
304 #ifdef CONFIG_WPS
305 struct wpa_ssid *ssid;
306 struct wpabuf *wps_ie;
307 int pbc = 0, ret;
308
309 wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
310 if (!wps_ie)
311 return 0;
312
313 if (wps_is_selected_pbc_registrar(wps_ie)) {
314 pbc = 1;
315 } else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
316 wpabuf_free(wps_ie);
317 return 0;
318 }
319
320 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
321 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
322 continue;
323 if (ssid->ssid_len &&
324 (ssid->ssid_len != bss->ssid_len ||
325 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0))
326 continue;
327
328 if (pbc)
329 ret = eap_is_wps_pbc_enrollee(&ssid->eap);
330 else
331 ret = eap_is_wps_pin_enrollee(&ssid->eap);
332 wpabuf_free(wps_ie);
333 return ret;
334 }
335 wpabuf_free(wps_ie);
336 #endif /* CONFIG_WPS */
337
338 return 0;
339 }
340
341
is_p2p_pending_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)342 static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s,
343 struct wpa_bss *bss)
344 {
345 #ifdef CONFIG_P2P
346 u8 addr[ETH_ALEN];
347
348 if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr,
349 ETH_ALEN) == 0)
350 return true;
351 if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) &&
352 p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 &&
353 os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0)
354 return true;
355 #endif /* CONFIG_P2P */
356 return false;
357 }
358
359
wpa_bss_known(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)360 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
361 {
362 struct wpa_ssid *ssid;
363
364 if (is_p2p_pending_bss(wpa_s, bss))
365 return 1;
366
367 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
368 if (ssid->ssid == NULL || ssid->ssid_len == 0)
369 continue;
370 if (ssid->ssid_len == bss->ssid_len &&
371 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
372 return 1;
373 }
374
375 return 0;
376 }
377
378
wpa_bss_in_use(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)379 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
380 {
381 if (bss == wpa_s->current_bss)
382 return 1;
383
384 if (wpa_s->current_bss &&
385 (bss->ssid_len != wpa_s->current_bss->ssid_len ||
386 os_memcmp(bss->ssid, wpa_s->current_bss->ssid,
387 bss->ssid_len) != 0))
388 return 0; /* SSID has changed */
389
390 return !is_zero_ether_addr(bss->bssid) &&
391 (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
392 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0);
393 }
394
395
wpa_bss_remove_oldest_unknown(struct wpa_supplicant * wpa_s)396 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
397 {
398 struct wpa_bss *bss;
399
400 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
401 if (!wpa_bss_known(wpa_s, bss) &&
402 !wpa_bss_is_wps_candidate(wpa_s, bss)) {
403 wpa_bss_remove(wpa_s, bss, __func__);
404 return 0;
405 }
406 }
407
408 return -1;
409 }
410
411
wpa_bss_remove_oldest(struct wpa_supplicant * wpa_s)412 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
413 {
414 struct wpa_bss *bss;
415
416 /*
417 * Remove the oldest entry that does not match with any configured
418 * network.
419 */
420 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
421 return 0;
422
423 /*
424 * Remove the oldest entry that isn't currently in use.
425 */
426 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
427 if (!wpa_bss_in_use(wpa_s, bss)) {
428 wpa_bss_remove(wpa_s, bss, __func__);
429 return 0;
430 }
431 }
432
433 return -1;
434 }
435
436
wpa_bss_add(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len,struct wpa_scan_res * res,struct os_reltime * fetch_time)437 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
438 const u8 *ssid, size_t ssid_len,
439 struct wpa_scan_res *res,
440 struct os_reltime *fetch_time)
441 {
442 struct wpa_bss *bss;
443 char extra[50];
444
445 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
446 if (bss == NULL)
447 return NULL;
448 bss->id = wpa_s->bss_next_id++;
449 bss->last_update_idx = wpa_s->bss_update_idx;
450 wpa_bss_copy_res(bss, res, fetch_time);
451 os_memcpy(bss->ssid, ssid, ssid_len);
452 bss->ssid_len = ssid_len;
453 bss->ie_len = res->ie_len;
454 bss->beacon_ie_len = res->beacon_ie_len;
455 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
456 wpa_bss_set_hessid(bss);
457
458 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
459 wpa_bss_remove_oldest(wpa_s) != 0) {
460 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
461 "because all BSSes are in use. We should normally "
462 "not get here!", (int) wpa_s->num_bss + 1);
463 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
464 }
465
466 dl_list_add_tail(&wpa_s->bss, &bss->list);
467 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
468 wpa_s->num_bss++;
469 if (!is_zero_ether_addr(bss->hessid))
470 os_snprintf(extra, sizeof(extra), " HESSID " MACSTR,
471 MAC2STR(bss->hessid));
472 else
473 extra[0] = '\0';
474 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
475 " SSID '%s' freq %d%s",
476 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
477 bss->freq, extra);
478 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
479 return bss;
480 }
481
482
are_ies_equal(const struct wpa_bss * old,const struct wpa_scan_res * new_res,u32 ie)483 static int are_ies_equal(const struct wpa_bss *old,
484 const struct wpa_scan_res *new_res, u32 ie)
485 {
486 const u8 *old_ie, *new_ie;
487 struct wpabuf *old_ie_buff = NULL;
488 struct wpabuf *new_ie_buff = NULL;
489 int new_ie_len, old_ie_len, ret, is_multi;
490
491 switch (ie) {
492 case WPA_IE_VENDOR_TYPE:
493 old_ie = wpa_bss_get_vendor_ie(old, ie);
494 new_ie = wpa_scan_get_vendor_ie(new_res, ie);
495 is_multi = 0;
496 break;
497 case WPS_IE_VENDOR_TYPE:
498 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
499 new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
500 is_multi = 1;
501 break;
502 case WLAN_EID_RSN:
503 case WLAN_EID_SUPP_RATES:
504 case WLAN_EID_EXT_SUPP_RATES:
505 old_ie = wpa_bss_get_ie(old, ie);
506 new_ie = wpa_scan_get_ie(new_res, ie);
507 is_multi = 0;
508 break;
509 default:
510 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
511 return 0;
512 }
513
514 if (is_multi) {
515 /* in case of multiple IEs stored in buffer */
516 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
517 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
518 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
519 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
520 } else {
521 /* in case of single IE */
522 old_ie_len = old_ie ? old_ie[1] + 2 : 0;
523 new_ie_len = new_ie ? new_ie[1] + 2 : 0;
524 }
525
526 if (!old_ie || !new_ie)
527 ret = !old_ie && !new_ie;
528 else
529 ret = (old_ie_len == new_ie_len &&
530 os_memcmp(old_ie, new_ie, old_ie_len) == 0);
531
532 wpabuf_free(old_ie_buff);
533 wpabuf_free(new_ie_buff);
534
535 return ret;
536 }
537
538
wpa_bss_compare_res(const struct wpa_bss * old,const struct wpa_scan_res * new_res)539 static u32 wpa_bss_compare_res(const struct wpa_bss *old,
540 const struct wpa_scan_res *new_res)
541 {
542 u32 changes = 0;
543 int caps_diff = old->caps ^ new_res->caps;
544
545 if (old->freq != new_res->freq)
546 changes |= WPA_BSS_FREQ_CHANGED_FLAG;
547
548 if (old->level != new_res->level)
549 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
550
551 if (caps_diff & IEEE80211_CAP_PRIVACY)
552 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
553
554 if (caps_diff & IEEE80211_CAP_IBSS)
555 changes |= WPA_BSS_MODE_CHANGED_FLAG;
556
557 if (old->ie_len == new_res->ie_len &&
558 os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0)
559 return changes;
560 changes |= WPA_BSS_IES_CHANGED_FLAG;
561
562 if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
563 changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
564
565 if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
566 changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
567
568 if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
569 changes |= WPA_BSS_WPS_CHANGED_FLAG;
570
571 if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
572 !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
573 changes |= WPA_BSS_RATES_CHANGED_FLAG;
574
575 return changes;
576 }
577
578
notify_bss_changes(struct wpa_supplicant * wpa_s,u32 changes,const struct wpa_bss * bss)579 void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
580 const struct wpa_bss *bss)
581 {
582 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
583 wpas_notify_bss_freq_changed(wpa_s, bss->id);
584
585 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
586 wpas_notify_bss_signal_changed(wpa_s, bss->id);
587
588 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
589 wpas_notify_bss_privacy_changed(wpa_s, bss->id);
590
591 if (changes & WPA_BSS_MODE_CHANGED_FLAG)
592 wpas_notify_bss_mode_changed(wpa_s, bss->id);
593
594 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
595 wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
596
597 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
598 wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
599
600 if (changes & WPA_BSS_WPS_CHANGED_FLAG)
601 wpas_notify_bss_wps_changed(wpa_s, bss->id);
602
603 if (changes & WPA_BSS_IES_CHANGED_FLAG)
604 wpas_notify_bss_ies_changed(wpa_s, bss->id);
605
606 if (changes & WPA_BSS_RATES_CHANGED_FLAG)
607 wpas_notify_bss_rates_changed(wpa_s, bss->id);
608
609 wpas_notify_bss_seen(wpa_s, bss->id);
610 }
611
612
613 static struct wpa_bss *
wpa_bss_update(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_scan_res * res,struct os_reltime * fetch_time)614 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
615 struct wpa_scan_res *res, struct os_reltime *fetch_time)
616 {
617 u32 changes;
618
619 if (bss->last_update_idx == wpa_s->bss_update_idx) {
620 struct os_reltime update_time;
621
622 /*
623 * Some drivers (e.g., cfg80211) include multiple BSS entries
624 * for the same BSS if that BSS's channel changes. The BSS list
625 * implementation in wpa_supplicant does not do that and we need
626 * to filter out the obsolete results here to make sure only the
627 * most current BSS information remains in the table.
628 */
629 wpa_printf(MSG_DEBUG, "BSS: " MACSTR
630 " has multiple entries in the scan results - select the most current one",
631 MAC2STR(bss->bssid));
632 calculate_update_time(fetch_time, res->age, &update_time);
633 wpa_printf(MSG_DEBUG,
634 "Previous last_update: %u.%06u (freq %d%s)",
635 (unsigned int) bss->last_update.sec,
636 (unsigned int) bss->last_update.usec,
637 bss->freq,
638 (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : "");
639 wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)",
640 (unsigned int) update_time.sec,
641 (unsigned int) update_time.usec,
642 res->freq,
643 (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : "");
644 if ((bss->flags & WPA_BSS_ASSOCIATED) ||
645 (!(res->flags & WPA_SCAN_ASSOCIATED) &&
646 !os_reltime_before(&bss->last_update, &update_time))) {
647 wpa_printf(MSG_DEBUG,
648 "Ignore this BSS entry since the previous update looks more current");
649 return bss;
650 }
651 wpa_printf(MSG_DEBUG,
652 "Accept this BSS entry since it looks more current than the previous update");
653 }
654
655 changes = wpa_bss_compare_res(bss, res);
656 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
657 wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d",
658 MAC2STR(bss->bssid), bss->freq, res->freq);
659 bss->scan_miss_count = 0;
660 bss->last_update_idx = wpa_s->bss_update_idx;
661 wpa_bss_copy_res(bss, res, fetch_time);
662 /* Move the entry to the end of the list */
663 dl_list_del(&bss->list);
664 #ifdef CONFIG_P2P
665 if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
666 !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
667 /*
668 * This can happen when non-P2P station interface runs a scan
669 * without P2P IE in the Probe Request frame. P2P GO would reply
670 * to that with a Probe Response that does not include P2P IE.
671 * Do not update the IEs in this BSS entry to avoid such loss of
672 * information that may be needed for P2P operations to
673 * determine group information.
674 */
675 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
676 MACSTR " since that would remove P2P IE information",
677 MAC2STR(bss->bssid));
678 } else
679 #endif /* CONFIG_P2P */
680 if (bss->ie_len + bss->beacon_ie_len >=
681 res->ie_len + res->beacon_ie_len) {
682 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
683 bss->ie_len = res->ie_len;
684 bss->beacon_ie_len = res->beacon_ie_len;
685 } else {
686 struct wpa_bss *nbss;
687 struct dl_list *prev = bss->list_id.prev;
688 dl_list_del(&bss->list_id);
689 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
690 res->beacon_ie_len);
691 if (nbss) {
692 unsigned int i;
693 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
694 if (wpa_s->last_scan_res[i] == bss) {
695 wpa_s->last_scan_res[i] = nbss;
696 break;
697 }
698 }
699 if (wpa_s->current_bss == bss)
700 wpa_s->current_bss = nbss;
701 wpa_bss_update_pending_connect(wpa_s, bss, nbss);
702 bss = nbss;
703 os_memcpy(bss->ies, res + 1,
704 res->ie_len + res->beacon_ie_len);
705 bss->ie_len = res->ie_len;
706 bss->beacon_ie_len = res->beacon_ie_len;
707 }
708 dl_list_add(prev, &bss->list_id);
709 }
710 if (changes & WPA_BSS_IES_CHANGED_FLAG)
711 wpa_bss_set_hessid(bss);
712 dl_list_add_tail(&wpa_s->bss, &bss->list);
713
714 notify_bss_changes(wpa_s, changes, bss);
715
716 return bss;
717 }
718
719
720 /**
721 * wpa_bss_update_start - Start a BSS table update from scan results
722 * @wpa_s: Pointer to wpa_supplicant data
723 *
724 * This function is called at the start of each BSS table update round for new
725 * scan results. The actual scan result entries are indicated with calls to
726 * wpa_bss_update_scan_res() and the update round is finished with a call to
727 * wpa_bss_update_end().
728 */
wpa_bss_update_start(struct wpa_supplicant * wpa_s)729 void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
730 {
731 wpa_s->bss_update_idx++;
732 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
733 wpa_s->bss_update_idx);
734 wpa_s->last_scan_res_used = 0;
735 }
736
737
738 /**
739 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
740 * @wpa_s: Pointer to wpa_supplicant data
741 * @res: Scan result
742 * @fetch_time: Time when the result was fetched from the driver
743 *
744 * This function updates a BSS table entry (or adds one) based on a scan result.
745 * This is called separately for each scan result between the calls to
746 * wpa_bss_update_start() and wpa_bss_update_end().
747 */
wpa_bss_update_scan_res(struct wpa_supplicant * wpa_s,struct wpa_scan_res * res,struct os_reltime * fetch_time)748 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
749 struct wpa_scan_res *res,
750 struct os_reltime *fetch_time)
751 {
752 const u8 *ssid, *p2p, *mesh;
753 struct wpa_bss *bss;
754
755 if (wpa_s->conf->ignore_old_scan_res) {
756 struct os_reltime update;
757 calculate_update_time(fetch_time, res->age, &update);
758 if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) {
759 struct os_reltime age;
760 os_reltime_sub(&wpa_s->scan_trigger_time, &update,
761 &age);
762 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
763 "table entry that is %u.%06u seconds older "
764 "than our scan trigger",
765 (unsigned int) age.sec,
766 (unsigned int) age.usec);
767 return;
768 }
769 }
770
771 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
772 if (ssid == NULL) {
773 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
774 MACSTR, MAC2STR(res->bssid));
775 return;
776 }
777 if (ssid[1] > SSID_MAX_LEN) {
778 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
779 MACSTR, MAC2STR(res->bssid));
780 return;
781 }
782
783 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
784 #ifdef CONFIG_P2P
785 if (p2p == NULL &&
786 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
787 /*
788 * If it's a P2P specific interface, then don't update
789 * the scan result without a P2P IE.
790 */
791 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
792 " update for P2P interface", MAC2STR(res->bssid));
793 return;
794 }
795 #endif /* CONFIG_P2P */
796 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
797 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
798 return; /* Skip P2P listen discovery results here */
799
800 /* TODO: add option for ignoring BSSes we are not interested in
801 * (to save memory) */
802
803 mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
804 if (mesh && mesh[1] <= SSID_MAX_LEN)
805 ssid = mesh;
806
807 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
808 if (bss == NULL)
809 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
810 else {
811 bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
812 if (wpa_s->last_scan_res) {
813 unsigned int i;
814 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
815 if (bss == wpa_s->last_scan_res[i]) {
816 /* Already in the list */
817 return;
818 }
819 }
820 }
821 }
822
823 if (bss == NULL)
824 return;
825 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
826 struct wpa_bss **n;
827 unsigned int siz;
828 if (wpa_s->last_scan_res_size == 0)
829 siz = 32;
830 else
831 siz = wpa_s->last_scan_res_size * 2;
832 n = os_realloc_array(wpa_s->last_scan_res, siz,
833 sizeof(struct wpa_bss *));
834 if (n == NULL)
835 return;
836 wpa_s->last_scan_res = n;
837 wpa_s->last_scan_res_size = siz;
838 }
839
840 if (wpa_s->last_scan_res)
841 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
842 }
843
844
wpa_bss_included_in_scan(const struct wpa_bss * bss,const struct scan_info * info)845 static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
846 const struct scan_info *info)
847 {
848 int found;
849 size_t i;
850
851 if (info == NULL)
852 return 1;
853
854 if (info->num_freqs) {
855 found = 0;
856 for (i = 0; i < info->num_freqs; i++) {
857 if (bss->freq == info->freqs[i]) {
858 found = 1;
859 break;
860 }
861 }
862 if (!found)
863 return 0;
864 }
865
866 if (info->num_ssids) {
867 found = 0;
868 for (i = 0; i < info->num_ssids; i++) {
869 const struct wpa_driver_scan_ssid *s = &info->ssids[i];
870 if ((s->ssid == NULL || s->ssid_len == 0) ||
871 (s->ssid_len == bss->ssid_len &&
872 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
873 0)) {
874 found = 1;
875 break;
876 }
877 }
878 if (!found)
879 return 0;
880 }
881
882 return 1;
883 }
884
885
886 /**
887 * wpa_bss_update_end - End a BSS table update from scan results
888 * @wpa_s: Pointer to wpa_supplicant data
889 * @info: Information about scan parameters
890 * @new_scan: Whether this update round was based on a new scan
891 *
892 * This function is called at the end of each BSS table update round for new
893 * scan results. The start of the update was indicated with a call to
894 * wpa_bss_update_start().
895 */
wpa_bss_update_end(struct wpa_supplicant * wpa_s,struct scan_info * info,int new_scan)896 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
897 int new_scan)
898 {
899 struct wpa_bss *bss, *n;
900
901 os_get_reltime(&wpa_s->last_scan);
902 if ((info && info->aborted) || !new_scan)
903 return; /* do not expire entries without new scan */
904
905 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
906 if (wpa_bss_in_use(wpa_s, bss))
907 continue;
908 if (!wpa_bss_included_in_scan(bss, info))
909 continue; /* expire only BSSes that were scanned */
910 if (bss->last_update_idx < wpa_s->bss_update_idx)
911 bss->scan_miss_count++;
912 if (bss->scan_miss_count >=
913 wpa_s->conf->bss_expiration_scan_count) {
914 wpa_bss_remove(wpa_s, bss, "no match in scan");
915 }
916 }
917
918 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu",
919 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size);
920 }
921
922
923 /**
924 * wpa_bss_flush_by_age - Flush old BSS entries
925 * @wpa_s: Pointer to wpa_supplicant data
926 * @age: Maximum entry age in seconds
927 *
928 * Remove BSS entries that have not been updated during the last @age seconds.
929 */
wpa_bss_flush_by_age(struct wpa_supplicant * wpa_s,int age)930 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
931 {
932 struct wpa_bss *bss, *n;
933 struct os_reltime t;
934
935 if (dl_list_empty(&wpa_s->bss))
936 return;
937
938 os_get_reltime(&t);
939 t.sec -= age;
940
941 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
942 if (wpa_bss_in_use(wpa_s, bss))
943 continue;
944
945 if (os_reltime_before(&bss->last_update, &t)) {
946 wpa_bss_remove(wpa_s, bss, __func__);
947 } else
948 break;
949 }
950 }
951
952
953 /**
954 * wpa_bss_init - Initialize BSS table
955 * @wpa_s: Pointer to wpa_supplicant data
956 * Returns: 0 on success, -1 on failure
957 *
958 * This prepares BSS table lists and timer for periodic updates. The BSS table
959 * is deinitialized with wpa_bss_deinit() once not needed anymore.
960 */
wpa_bss_init(struct wpa_supplicant * wpa_s)961 int wpa_bss_init(struct wpa_supplicant *wpa_s)
962 {
963 dl_list_init(&wpa_s->bss);
964 dl_list_init(&wpa_s->bss_id);
965 return 0;
966 }
967
968
969 /**
970 * wpa_bss_flush - Flush all unused BSS entries
971 * @wpa_s: Pointer to wpa_supplicant data
972 */
wpa_bss_flush(struct wpa_supplicant * wpa_s)973 void wpa_bss_flush(struct wpa_supplicant *wpa_s)
974 {
975 struct wpa_bss *bss, *n;
976
977 wpa_s->clear_driver_scan_cache = 1;
978
979 if (wpa_s->bss.next == NULL)
980 return; /* BSS table not yet initialized */
981
982 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
983 if (wpa_bss_in_use(wpa_s, bss))
984 continue;
985 wpa_bss_remove(wpa_s, bss, __func__);
986 }
987 }
988
989
990 /**
991 * wpa_bss_deinit - Deinitialize BSS table
992 * @wpa_s: Pointer to wpa_supplicant data
993 */
wpa_bss_deinit(struct wpa_supplicant * wpa_s)994 void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
995 {
996 wpa_bss_flush(wpa_s);
997 }
998
999
1000 /**
1001 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
1002 * @wpa_s: Pointer to wpa_supplicant data
1003 * @bssid: BSSID
1004 * Returns: Pointer to the BSS entry or %NULL if not found
1005 */
wpa_bss_get_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)1006 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
1007 const u8 *bssid)
1008 {
1009 struct wpa_bss *bss;
1010 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1011 return NULL;
1012 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1013 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
1014 return bss;
1015 }
1016 return NULL;
1017 }
1018
1019
1020 /**
1021 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
1022 * @wpa_s: Pointer to wpa_supplicant data
1023 * @bssid: BSSID
1024 * Returns: Pointer to the BSS entry or %NULL if not found
1025 *
1026 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
1027 * find the entry that has the most recent update. This can help in finding the
1028 * correct entry in cases where the SSID of the AP may have changed recently
1029 * (e.g., in WPS reconfiguration cases).
1030 */
wpa_bss_get_bssid_latest(struct wpa_supplicant * wpa_s,const u8 * bssid)1031 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
1032 const u8 *bssid)
1033 {
1034 struct wpa_bss *bss, *found = NULL;
1035 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1036 return NULL;
1037 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1038 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
1039 continue;
1040 if (found == NULL ||
1041 os_reltime_before(&found->last_update, &bss->last_update))
1042 found = bss;
1043 }
1044 return found;
1045 }
1046
1047
1048 #ifdef CONFIG_P2P
1049 /**
1050 * wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr
1051 * @wpa_s: Pointer to wpa_supplicant data
1052 * @dev_addr: P2P Device Address of the GO
1053 * Returns: Pointer to the BSS entry or %NULL if not found
1054 *
1055 * This function tries to find the entry that has the most recent update. This
1056 * can help in finding the correct entry in cases where the SSID of the P2P
1057 * Device may have changed recently.
1058 */
wpa_bss_get_p2p_dev_addr(struct wpa_supplicant * wpa_s,const u8 * dev_addr)1059 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
1060 const u8 *dev_addr)
1061 {
1062 struct wpa_bss *bss, *found = NULL;
1063 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1064 u8 addr[ETH_ALEN];
1065 if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
1066 addr) != 0 ||
1067 os_memcmp(addr, dev_addr, ETH_ALEN) != 0)
1068 continue;
1069 if (!found ||
1070 os_reltime_before(&found->last_update, &bss->last_update))
1071 found = bss;
1072 }
1073 return found;
1074 }
1075 #endif /* CONFIG_P2P */
1076
1077
1078 /**
1079 * wpa_bss_get_id - Fetch a BSS table entry based on identifier
1080 * @wpa_s: Pointer to wpa_supplicant data
1081 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
1082 * Returns: Pointer to the BSS entry or %NULL if not found
1083 */
wpa_bss_get_id(struct wpa_supplicant * wpa_s,unsigned int id)1084 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
1085 {
1086 struct wpa_bss *bss;
1087 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1088 if (bss->id == id)
1089 return bss;
1090 }
1091 return NULL;
1092 }
1093
1094
1095 /**
1096 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
1097 * @wpa_s: Pointer to wpa_supplicant data
1098 * @idf: Smallest allowed identifier assigned for the entry
1099 * @idf: Largest allowed identifier assigned for the entry
1100 * Returns: Pointer to the BSS entry or %NULL if not found
1101 *
1102 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
1103 * smallest id value to be fetched within the specified range without the
1104 * caller having to know the exact id.
1105 */
wpa_bss_get_id_range(struct wpa_supplicant * wpa_s,unsigned int idf,unsigned int idl)1106 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
1107 unsigned int idf, unsigned int idl)
1108 {
1109 struct wpa_bss *bss;
1110 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
1111 if (bss->id >= idf && bss->id <= idl)
1112 return bss;
1113 }
1114 return NULL;
1115 }
1116
1117
1118 /**
1119 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
1120 * @bss: BSS table entry
1121 * @ie: Information element identitifier (WLAN_EID_*)
1122 * Returns: Pointer to the information element (id field) or %NULL if not found
1123 *
1124 * This function returns the first matching information element in the BSS
1125 * entry.
1126 */
wpa_bss_get_ie(const struct wpa_bss * bss,u8 ie)1127 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
1128 {
1129 return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie);
1130 }
1131
1132
1133 /**
1134 * wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry
1135 * @bss: BSS table entry
1136 * @ext: Information element extension identifier (WLAN_EID_EXT_*)
1137 * Returns: Pointer to the information element (id field) or %NULL if not found
1138 *
1139 * This function returns the first matching information element in the BSS
1140 * entry.
1141 */
wpa_bss_get_ie_ext(const struct wpa_bss * bss,u8 ext)1142 const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext)
1143 {
1144 return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext);
1145 }
1146
1147
1148 /**
1149 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
1150 * @bss: BSS table entry
1151 * @vendor_type: Vendor type (four octets starting the IE payload)
1152 * Returns: Pointer to the information element (id field) or %NULL if not found
1153 *
1154 * This function returns the first matching information element in the BSS
1155 * entry.
1156 */
wpa_bss_get_vendor_ie(const struct wpa_bss * bss,u32 vendor_type)1157 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
1158 {
1159 const u8 *ies;
1160 const struct element *elem;
1161
1162 ies = wpa_bss_ie_ptr(bss);
1163
1164 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) {
1165 if (elem->datalen >= 4 &&
1166 vendor_type == WPA_GET_BE32(elem->data))
1167 return &elem->id;
1168 }
1169
1170 return NULL;
1171 }
1172
1173
1174 /**
1175 * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
1176 * @bss: BSS table entry
1177 * @vendor_type: Vendor type (four octets starting the IE payload)
1178 * Returns: Pointer to the information element (id field) or %NULL if not found
1179 *
1180 * This function returns the first matching information element in the BSS
1181 * entry.
1182 *
1183 * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
1184 * from Beacon frames instead of either Beacon or Probe Response frames.
1185 */
wpa_bss_get_vendor_ie_beacon(const struct wpa_bss * bss,u32 vendor_type)1186 const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
1187 u32 vendor_type)
1188 {
1189 const u8 *ies;
1190 const struct element *elem;
1191
1192 if (bss->beacon_ie_len == 0)
1193 return NULL;
1194
1195 ies = wpa_bss_ie_ptr(bss);
1196 ies += bss->ie_len;
1197
1198 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
1199 bss->beacon_ie_len) {
1200 if (elem->datalen >= 4 &&
1201 vendor_type == WPA_GET_BE32(elem->data))
1202 return &elem->id;
1203 }
1204
1205 return NULL;
1206 }
1207
1208
1209 /**
1210 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
1211 * @bss: BSS table entry
1212 * @vendor_type: Vendor type (four octets starting the IE payload)
1213 * Returns: Pointer to the information element payload or %NULL if not found
1214 *
1215 * This function returns concatenated payload of possibly fragmented vendor
1216 * specific information elements in the BSS entry. The caller is responsible for
1217 * freeing the returned buffer.
1218 */
wpa_bss_get_vendor_ie_multi(const struct wpa_bss * bss,u32 vendor_type)1219 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
1220 u32 vendor_type)
1221 {
1222 struct wpabuf *buf;
1223 const u8 *end, *pos;
1224
1225 buf = wpabuf_alloc(bss->ie_len);
1226 if (buf == NULL)
1227 return NULL;
1228
1229 pos = wpa_bss_ie_ptr(bss);
1230 end = pos + bss->ie_len;
1231
1232 while (end - pos > 1) {
1233 u8 ie, len;
1234
1235 ie = pos[0];
1236 len = pos[1];
1237 if (len > end - pos - 2)
1238 break;
1239 pos += 2;
1240 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
1241 vendor_type == WPA_GET_BE32(pos))
1242 wpabuf_put_data(buf, pos + 4, len - 4);
1243 pos += len;
1244 }
1245
1246 if (wpabuf_len(buf) == 0) {
1247 wpabuf_free(buf);
1248 buf = NULL;
1249 }
1250
1251 return buf;
1252 }
1253
1254
1255 /**
1256 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
1257 * @bss: BSS table entry
1258 * @vendor_type: Vendor type (four octets starting the IE payload)
1259 * Returns: Pointer to the information element payload or %NULL if not found
1260 *
1261 * This function returns concatenated payload of possibly fragmented vendor
1262 * specific information elements in the BSS entry. The caller is responsible for
1263 * freeing the returned buffer.
1264 *
1265 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
1266 * from Beacon frames instead of either Beacon or Probe Response frames.
1267 */
wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss * bss,u32 vendor_type)1268 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
1269 u32 vendor_type)
1270 {
1271 struct wpabuf *buf;
1272 const u8 *end, *pos;
1273
1274 buf = wpabuf_alloc(bss->beacon_ie_len);
1275 if (buf == NULL)
1276 return NULL;
1277
1278 pos = wpa_bss_ie_ptr(bss);
1279 pos += bss->ie_len;
1280 end = pos + bss->beacon_ie_len;
1281
1282 while (end - pos > 1) {
1283 if (2 + pos[1] > end - pos)
1284 break;
1285 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1286 vendor_type == WPA_GET_BE32(&pos[2]))
1287 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
1288 pos += 2 + pos[1];
1289 }
1290
1291 if (wpabuf_len(buf) == 0) {
1292 wpabuf_free(buf);
1293 buf = NULL;
1294 }
1295
1296 return buf;
1297 }
1298
1299
1300 /**
1301 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
1302 * @bss: BSS table entry
1303 * Returns: Maximum legacy rate in units of 500 kbps
1304 */
wpa_bss_get_max_rate(const struct wpa_bss * bss)1305 int wpa_bss_get_max_rate(const struct wpa_bss *bss)
1306 {
1307 int rate = 0;
1308 const u8 *ie;
1309 int i;
1310
1311 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1312 for (i = 0; ie && i < ie[1]; i++) {
1313 if ((ie[i + 2] & 0x7f) > rate)
1314 rate = ie[i + 2] & 0x7f;
1315 }
1316
1317 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1318 for (i = 0; ie && i < ie[1]; i++) {
1319 if ((ie[i + 2] & 0x7f) > rate)
1320 rate = ie[i + 2] & 0x7f;
1321 }
1322
1323 return rate;
1324 }
1325
1326
1327 /**
1328 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
1329 * @bss: BSS table entry
1330 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
1331 * Returns: number of legacy TX rates or -1 on failure
1332 *
1333 * The caller is responsible for freeing the returned buffer with os_free() in
1334 * case of success.
1335 */
wpa_bss_get_bit_rates(const struct wpa_bss * bss,u8 ** rates)1336 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
1337 {
1338 const u8 *ie, *ie2;
1339 int i, j;
1340 unsigned int len;
1341 u8 *r;
1342
1343 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1344 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1345
1346 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
1347
1348 r = os_malloc(len);
1349 if (!r)
1350 return -1;
1351
1352 for (i = 0; ie && i < ie[1]; i++)
1353 r[i] = ie[i + 2] & 0x7f;
1354
1355 for (j = 0; ie2 && j < ie2[1]; j++)
1356 r[i + j] = ie2[j + 2] & 0x7f;
1357
1358 *rates = r;
1359 return len;
1360 }
1361
1362
1363 #ifdef CONFIG_FILS
wpa_bss_get_fils_cache_id(const struct wpa_bss * bss)1364 const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss)
1365 {
1366 const u8 *ie;
1367
1368 if (bss) {
1369 ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
1370 if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7))
1371 return ie + 4;
1372 }
1373
1374 return NULL;
1375 }
1376 #endif /* CONFIG_FILS */
1377
1378
wpa_bss_ext_capab(const struct wpa_bss * bss,unsigned int capab)1379 int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab)
1380 {
1381 if (!bss)
1382 return 0;
1383 return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB),
1384 capab);
1385 }
1386