1 /*
2 * BSS table
3 * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "drivers/driver.h"
15 #include "eap_peer/eap.h"
16 #include "wpa_supplicant_i.h"
17 #include "config.h"
18 #include "notify.h"
19 #include "scan.h"
20 #include "bss.h"
21
wpa_bss_set_hessid(struct wpa_bss * bss)22 static void wpa_bss_set_hessid(struct wpa_bss *bss)
23 {
24 #ifdef CONFIG_INTERWORKING
25 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
26 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
27 os_memset(bss->hessid, 0, ETH_ALEN);
28 return;
29 }
30 if (ie[1] == 7)
31 os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
32 else
33 os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
34 #endif /* CONFIG_INTERWORKING */
35 }
36
37
38 /**
39 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
40 * Returns: Allocated ANQP data structure or %NULL on failure
41 *
42 * The allocated ANQP data structure has its users count set to 1. It may be
43 * shared by multiple BSS entries and each shared entry is freed with
44 * wpa_bss_anqp_free().
45 */
wpa_bss_anqp_alloc(void)46 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
47 {
48 struct wpa_bss_anqp *anqp;
49 anqp = os_zalloc(sizeof(*anqp));
50 if (anqp == NULL)
51 return NULL;
52 #ifdef CONFIG_INTERWORKING
53 dl_list_init(&anqp->anqp_elems);
54 #endif /* CONFIG_INTERWORKING */
55 anqp->users = 1;
56 return anqp;
57 }
58
59
60 /**
61 * wpa_bss_anqp_clone - Clone an ANQP data structure
62 * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
63 * Returns: Cloned ANQP data structure or %NULL on failure
64 */
wpa_bss_anqp_clone(struct wpa_bss_anqp * anqp)65 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
66 {
67 struct wpa_bss_anqp *n;
68
69 n = os_zalloc(sizeof(*n));
70 if (n == NULL)
71 return NULL;
72
73 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
74 #ifdef CONFIG_INTERWORKING
75 dl_list_init(&n->anqp_elems);
76 ANQP_DUP(capability_list);
77 ANQP_DUP(venue_name);
78 ANQP_DUP(network_auth_type);
79 ANQP_DUP(roaming_consortium);
80 ANQP_DUP(ip_addr_type_availability);
81 ANQP_DUP(nai_realm);
82 ANQP_DUP(anqp_3gpp);
83 ANQP_DUP(domain_name);
84 ANQP_DUP(fils_realm_info);
85 #endif /* CONFIG_INTERWORKING */
86 #ifdef CONFIG_HS20
87 ANQP_DUP(hs20_capability_list);
88 ANQP_DUP(hs20_operator_friendly_name);
89 ANQP_DUP(hs20_wan_metrics);
90 ANQP_DUP(hs20_connection_capability);
91 ANQP_DUP(hs20_operating_class);
92 ANQP_DUP(hs20_osu_providers_list);
93 ANQP_DUP(hs20_operator_icon_metadata);
94 ANQP_DUP(hs20_osu_providers_nai_list);
95 #endif /* CONFIG_HS20 */
96 #undef ANQP_DUP
97
98 return n;
99 }
100
101
102 /**
103 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
104 * @bss: BSS entry
105 * Returns: 0 on success, -1 on failure
106 *
107 * This function ensures the specific BSS entry has an ANQP data structure that
108 * is not shared with any other BSS entry.
109 */
wpa_bss_anqp_unshare_alloc(struct wpa_bss * bss)110 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
111 {
112 struct wpa_bss_anqp *anqp;
113
114 if (bss->anqp && bss->anqp->users > 1) {
115 /* allocated, but shared - clone an unshared copy */
116 anqp = wpa_bss_anqp_clone(bss->anqp);
117 if (anqp == NULL)
118 return -1;
119 anqp->users = 1;
120 bss->anqp->users--;
121 bss->anqp = anqp;
122 return 0;
123 }
124
125 if (bss->anqp)
126 return 0; /* already allocated and not shared */
127
128 /* not allocated - allocate a new storage area */
129 bss->anqp = wpa_bss_anqp_alloc();
130 return bss->anqp ? 0 : -1;
131 }
132
133
134 /**
135 * wpa_bss_anqp_free - Free an ANQP data structure
136 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
137 */
wpa_bss_anqp_free(struct wpa_bss_anqp * anqp)138 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
139 {
140 #ifdef CONFIG_INTERWORKING
141 struct wpa_bss_anqp_elem *elem;
142 #endif /* CONFIG_INTERWORKING */
143
144 if (anqp == NULL)
145 return;
146
147 anqp->users--;
148 if (anqp->users > 0) {
149 /* Another BSS entry holds a pointer to this ANQP info */
150 return;
151 }
152
153 #ifdef CONFIG_INTERWORKING
154 wpabuf_free(anqp->capability_list);
155 wpabuf_free(anqp->venue_name);
156 wpabuf_free(anqp->network_auth_type);
157 wpabuf_free(anqp->roaming_consortium);
158 wpabuf_free(anqp->ip_addr_type_availability);
159 wpabuf_free(anqp->nai_realm);
160 wpabuf_free(anqp->anqp_3gpp);
161 wpabuf_free(anqp->domain_name);
162 wpabuf_free(anqp->fils_realm_info);
163
164 while ((elem = dl_list_first(&anqp->anqp_elems,
165 struct wpa_bss_anqp_elem, list))) {
166 dl_list_del(&elem->list);
167 wpabuf_free(elem->payload);
168 os_free(elem);
169 }
170 #endif /* CONFIG_INTERWORKING */
171 #ifdef CONFIG_HS20
172 wpabuf_free(anqp->hs20_capability_list);
173 wpabuf_free(anqp->hs20_operator_friendly_name);
174 wpabuf_free(anqp->hs20_wan_metrics);
175 wpabuf_free(anqp->hs20_connection_capability);
176 wpabuf_free(anqp->hs20_operating_class);
177 wpabuf_free(anqp->hs20_osu_providers_list);
178 wpabuf_free(anqp->hs20_operator_icon_metadata);
179 wpabuf_free(anqp->hs20_osu_providers_nai_list);
180 #endif /* CONFIG_HS20 */
181
182 os_free(anqp);
183 }
184
185
186 static struct wpa_connect_work *
wpa_bss_check_pending_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)187 wpa_bss_check_pending_connect(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
188 {
189 struct wpa_radio_work *work;
190 struct wpa_connect_work *cwork;
191
192 work = radio_work_pending(wpa_s, "sme-connect");
193 if (!work)
194 work = radio_work_pending(wpa_s, "connect");
195 if (!work)
196 return NULL;
197
198 cwork = work->ctx;
199 if (cwork->bss != bss)
200 return NULL;
201
202 return cwork;
203 }
204
205
wpa_bss_update_pending_connect(struct wpa_connect_work * cwork,struct wpa_bss * new_bss)206 static void wpa_bss_update_pending_connect(struct wpa_connect_work *cwork,
207 struct wpa_bss *new_bss)
208 {
209 wpa_printf(MSG_DEBUG,
210 "Update BSS pointer for the pending connect radio work");
211 cwork->bss = new_bss;
212 if (!new_bss)
213 cwork->bss_removed = 1;
214 }
215
216
wpa_bss_remove(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,const char * reason)217 void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
218 const char *reason)
219 {
220 struct wpa_connect_work *cwork;
221
222 if (wpa_s->last_scan_res) {
223 unsigned int i;
224 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
225 if (wpa_s->last_scan_res[i] == bss) {
226 os_memmove(&wpa_s->last_scan_res[i],
227 &wpa_s->last_scan_res[i + 1],
228 (wpa_s->last_scan_res_used - i - 1)
229 * sizeof(struct wpa_bss *));
230 wpa_s->last_scan_res_used--;
231 break;
232 }
233 }
234 }
235 cwork = wpa_bss_check_pending_connect(wpa_s, bss);
236 if (cwork)
237 wpa_bss_update_pending_connect(cwork, NULL);
238 dl_list_del(&bss->list);
239 dl_list_del(&bss->list_id);
240 wpa_s->num_bss--;
241 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
242 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
243 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
244 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
245 wpa_bss_anqp_free(bss->anqp);
246 os_free(bss);
247 }
248
249
250 /**
251 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
252 * @wpa_s: Pointer to wpa_supplicant data
253 * @bssid: BSSID, or %NULL to match any BSSID
254 * @ssid: SSID
255 * @ssid_len: Length of @ssid
256 * Returns: Pointer to the BSS entry or %NULL if not found
257 */
wpa_bss_get(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len)258 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
259 const u8 *ssid, size_t ssid_len)
260 {
261 struct wpa_bss *bss;
262
263 if (bssid && !wpa_supplicant_filter_bssid_match(wpa_s, bssid))
264 return NULL;
265 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
266 if ((!bssid || os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0) &&
267 bss->ssid_len == ssid_len &&
268 os_memcmp(bss->ssid, ssid, ssid_len) == 0)
269 return bss;
270 }
271 return NULL;
272 }
273
274
calculate_update_time(const struct os_reltime * fetch_time,unsigned int age_ms,struct os_reltime * update_time)275 void calculate_update_time(const struct os_reltime *fetch_time,
276 unsigned int age_ms,
277 struct os_reltime *update_time)
278 {
279 os_time_t usec;
280
281 update_time->sec = fetch_time->sec;
282 update_time->usec = fetch_time->usec;
283 update_time->sec -= age_ms / 1000;
284 usec = (age_ms % 1000) * 1000;
285 if (update_time->usec < usec) {
286 update_time->sec--;
287 update_time->usec += 1000000;
288 }
289 update_time->usec -= usec;
290 }
291
292
wpa_bss_copy_res(struct wpa_bss * dst,struct wpa_scan_res * src,struct os_reltime * fetch_time)293 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
294 struct os_reltime *fetch_time)
295 {
296 dst->flags = src->flags;
297 os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
298 dst->freq = src->freq;
299 dst->max_cw = src->max_cw;
300 dst->beacon_int = src->beacon_int;
301 dst->caps = src->caps;
302 dst->qual = src->qual;
303 dst->noise = src->noise;
304 dst->level = src->level;
305 dst->tsf = src->tsf;
306 dst->beacon_newer = src->beacon_newer;
307 dst->est_throughput = src->est_throughput;
308 dst->snr = src->snr;
309
310 calculate_update_time(fetch_time, src->age, &dst->last_update);
311 }
312
313
wpa_bss_is_wps_candidate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)314 static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
315 struct wpa_bss *bss)
316 {
317 #ifdef CONFIG_WPS
318 struct wpa_ssid *ssid;
319 struct wpabuf *wps_ie;
320 int pbc = 0, ret;
321
322 wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
323 if (!wps_ie)
324 return 0;
325
326 if (wps_is_selected_pbc_registrar(wps_ie)) {
327 pbc = 1;
328 } else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
329 wpabuf_free(wps_ie);
330 return 0;
331 }
332
333 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
334 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
335 continue;
336 if (ssid->ssid_len &&
337 (ssid->ssid_len != bss->ssid_len ||
338 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0))
339 continue;
340
341 if (pbc)
342 ret = eap_is_wps_pbc_enrollee(&ssid->eap);
343 else
344 ret = eap_is_wps_pin_enrollee(&ssid->eap);
345 wpabuf_free(wps_ie);
346 return ret;
347 }
348 wpabuf_free(wps_ie);
349 #endif /* CONFIG_WPS */
350
351 return 0;
352 }
353
354
is_p2p_pending_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)355 static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s,
356 struct wpa_bss *bss)
357 {
358 #ifdef CONFIG_P2P
359 u8 addr[ETH_ALEN];
360
361 if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr,
362 ETH_ALEN) == 0)
363 return true;
364 if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) &&
365 p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 &&
366 os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0)
367 return true;
368 #endif /* CONFIG_P2P */
369 return false;
370 }
371
372
wpa_bss_known(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)373 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
374 {
375 struct wpa_ssid *ssid;
376
377 if (is_p2p_pending_bss(wpa_s, bss))
378 return 1;
379
380 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
381 if (ssid->ssid == NULL || ssid->ssid_len == 0)
382 continue;
383 if (ssid->ssid_len == bss->ssid_len &&
384 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
385 return 1;
386 }
387
388 return 0;
389 }
390
391
wpa_bss_in_use(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)392 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
393 {
394 int i;
395
396 if (bss == wpa_s->current_bss)
397 return 1;
398
399 if (bss == wpa_s->ml_connect_probe_bss)
400 return 1;
401
402 if (wpa_s->current_bss &&
403 (bss->ssid_len != wpa_s->current_bss->ssid_len ||
404 os_memcmp(bss->ssid, wpa_s->current_bss->ssid,
405 bss->ssid_len) != 0))
406 return 0; /* SSID has changed */
407
408 if (!is_zero_ether_addr(bss->bssid) &&
409 (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
410 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0))
411 return 1;
412
413 if (!wpa_s->valid_links)
414 return 0;
415
416 for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
417 if (!(wpa_s->valid_links & BIT(i)))
418 continue;
419
420 if (os_memcmp(bss->bssid, wpa_s->links[i].bssid, ETH_ALEN) == 0)
421 return 1;
422 }
423
424 return 0;
425 }
426
427
wpa_bss_remove_oldest_unknown(struct wpa_supplicant * wpa_s)428 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
429 {
430 struct wpa_bss *bss;
431
432 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
433 if (!wpa_bss_known(wpa_s, bss) &&
434 !wpa_bss_is_wps_candidate(wpa_s, bss)) {
435 wpa_bss_remove(wpa_s, bss, __func__);
436 return 0;
437 }
438 }
439
440 return -1;
441 }
442
443
wpa_bss_remove_oldest(struct wpa_supplicant * wpa_s)444 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
445 {
446 struct wpa_bss *bss;
447
448 /*
449 * Remove the oldest entry that does not match with any configured
450 * network.
451 */
452 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
453 return 0;
454
455 /*
456 * Remove the oldest entry that isn't currently in use.
457 */
458 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
459 if (!wpa_bss_in_use(wpa_s, bss)) {
460 wpa_bss_remove(wpa_s, bss, __func__);
461 return 0;
462 }
463 }
464
465 return -1;
466 }
467
468
wpa_bss_add(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len,struct wpa_scan_res * res,struct os_reltime * fetch_time)469 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
470 const u8 *ssid, size_t ssid_len,
471 struct wpa_scan_res *res,
472 struct os_reltime *fetch_time)
473 {
474 struct wpa_bss *bss;
475 char extra[100];
476 const u8 *ml_ie;
477 char *pos, *end;
478 int ret = 0;
479 const u8 *mld_addr;
480
481 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
482 if (bss == NULL)
483 return NULL;
484 bss->id = wpa_s->bss_next_id++;
485 bss->last_update_idx = wpa_s->bss_update_idx;
486 wpa_bss_copy_res(bss, res, fetch_time);
487 os_memcpy(bss->ssid, ssid, ssid_len);
488 bss->ssid_len = ssid_len;
489 bss->ie_len = res->ie_len;
490 bss->beacon_ie_len = res->beacon_ie_len;
491 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
492 wpa_bss_set_hessid(bss);
493
494 os_memset(bss->mld_addr, 0, ETH_ALEN);
495 ml_ie = wpa_scan_get_ml_ie(res, MULTI_LINK_CONTROL_TYPE_BASIC);
496 if (ml_ie) {
497 mld_addr = get_basic_mle_mld_addr(&ml_ie[3], ml_ie[1] - 1);
498 if (mld_addr)
499 os_memcpy(bss->mld_addr, mld_addr, ETH_ALEN);
500 }
501
502 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
503 wpa_bss_remove_oldest(wpa_s) != 0) {
504 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
505 "because all BSSes are in use. We should normally "
506 "not get here!", (int) wpa_s->num_bss + 1);
507 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
508 }
509
510 dl_list_add_tail(&wpa_s->bss, &bss->list);
511 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
512 wpa_s->num_bss++;
513
514 extra[0] = '\0';
515 pos = extra;
516 end = pos + sizeof(extra);
517 if (!is_zero_ether_addr(bss->hessid))
518 ret = os_snprintf(pos, end - pos, " HESSID " MACSTR,
519 MAC2STR(bss->hessid));
520
521 if (!is_zero_ether_addr(bss->mld_addr) &&
522 !os_snprintf_error(end - pos, ret)) {
523 pos += ret;
524 ret = os_snprintf(pos, end - pos, " MLD ADDR " MACSTR,
525 MAC2STR(bss->mld_addr));
526 }
527
528 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
529 " SSID '%s' freq %d%s",
530 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
531 bss->freq, extra);
532 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
533 return bss;
534 }
535
536
are_ies_equal(const struct wpa_bss * old,const struct wpa_scan_res * new_res,u32 ie)537 static int are_ies_equal(const struct wpa_bss *old,
538 const struct wpa_scan_res *new_res, u32 ie)
539 {
540 const u8 *old_ie, *new_ie;
541 struct wpabuf *old_ie_buff = NULL;
542 struct wpabuf *new_ie_buff = NULL;
543 int new_ie_len, old_ie_len, ret, is_multi;
544
545 switch (ie) {
546 case WPA_IE_VENDOR_TYPE:
547 old_ie = wpa_bss_get_vendor_ie(old, ie);
548 new_ie = wpa_scan_get_vendor_ie(new_res, ie);
549 is_multi = 0;
550 break;
551 case WPS_IE_VENDOR_TYPE:
552 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
553 new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
554 is_multi = 1;
555 break;
556 case WLAN_EID_RSN:
557 case WLAN_EID_SUPP_RATES:
558 case WLAN_EID_EXT_SUPP_RATES:
559 old_ie = wpa_bss_get_ie(old, ie);
560 new_ie = wpa_scan_get_ie(new_res, ie);
561 is_multi = 0;
562 break;
563 default:
564 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
565 return 0;
566 }
567
568 if (is_multi) {
569 /* in case of multiple IEs stored in buffer */
570 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
571 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
572 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
573 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
574 } else {
575 /* in case of single IE */
576 old_ie_len = old_ie ? old_ie[1] + 2 : 0;
577 new_ie_len = new_ie ? new_ie[1] + 2 : 0;
578 }
579
580 if (!old_ie || !new_ie)
581 ret = !old_ie && !new_ie;
582 else
583 ret = (old_ie_len == new_ie_len &&
584 os_memcmp(old_ie, new_ie, old_ie_len) == 0);
585
586 wpabuf_free(old_ie_buff);
587 wpabuf_free(new_ie_buff);
588
589 return ret;
590 }
591
592
wpa_bss_compare_res(const struct wpa_bss * old,const struct wpa_scan_res * new_res)593 static u32 wpa_bss_compare_res(const struct wpa_bss *old,
594 const struct wpa_scan_res *new_res)
595 {
596 u32 changes = 0;
597 int caps_diff = old->caps ^ new_res->caps;
598
599 if (old->freq != new_res->freq)
600 changes |= WPA_BSS_FREQ_CHANGED_FLAG;
601
602 if (old->level != new_res->level)
603 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
604
605 if (caps_diff & IEEE80211_CAP_PRIVACY)
606 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
607
608 if (caps_diff & IEEE80211_CAP_IBSS)
609 changes |= WPA_BSS_MODE_CHANGED_FLAG;
610
611 if (old->ie_len == new_res->ie_len &&
612 os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0)
613 return changes;
614 changes |= WPA_BSS_IES_CHANGED_FLAG;
615
616 if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
617 changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
618
619 if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
620 changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
621
622 if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
623 changes |= WPA_BSS_WPS_CHANGED_FLAG;
624
625 if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
626 !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
627 changes |= WPA_BSS_RATES_CHANGED_FLAG;
628
629 return changes;
630 }
631
632
notify_bss_changes(struct wpa_supplicant * wpa_s,u32 changes,const struct wpa_bss * bss)633 void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
634 const struct wpa_bss *bss)
635 {
636 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
637 wpas_notify_bss_freq_changed(wpa_s, bss->id);
638
639 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
640 wpas_notify_bss_signal_changed(wpa_s, bss->id);
641
642 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
643 wpas_notify_bss_privacy_changed(wpa_s, bss->id);
644
645 if (changes & WPA_BSS_MODE_CHANGED_FLAG)
646 wpas_notify_bss_mode_changed(wpa_s, bss->id);
647
648 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
649 wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
650
651 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
652 wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
653
654 if (changes & WPA_BSS_WPS_CHANGED_FLAG)
655 wpas_notify_bss_wps_changed(wpa_s, bss->id);
656
657 if (changes & WPA_BSS_IES_CHANGED_FLAG)
658 wpas_notify_bss_ies_changed(wpa_s, bss->id);
659
660 if (changes & WPA_BSS_RATES_CHANGED_FLAG)
661 wpas_notify_bss_rates_changed(wpa_s, bss->id);
662
663 wpas_notify_bss_seen(wpa_s, bss->id);
664 }
665
666
667 static struct wpa_bss *
wpa_bss_update(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_scan_res * res,struct os_reltime * fetch_time)668 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
669 struct wpa_scan_res *res, struct os_reltime *fetch_time)
670 {
671 u32 changes;
672
673 if (bss->last_update_idx == wpa_s->bss_update_idx) {
674 struct os_reltime update_time;
675
676 /*
677 * Some drivers (e.g., cfg80211) include multiple BSS entries
678 * for the same BSS if that BSS's channel changes. The BSS list
679 * implementation in wpa_supplicant does not do that and we need
680 * to filter out the obsolete results here to make sure only the
681 * most current BSS information remains in the table.
682 */
683 wpa_printf(MSG_DEBUG, "BSS: " MACSTR
684 " has multiple entries in the scan results - select the most current one",
685 MAC2STR(bss->bssid));
686 calculate_update_time(fetch_time, res->age, &update_time);
687 wpa_printf(MSG_DEBUG,
688 "Previous last_update: %u.%06u (freq %d%s)",
689 (unsigned int) bss->last_update.sec,
690 (unsigned int) bss->last_update.usec,
691 bss->freq,
692 (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : "");
693 wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)",
694 (unsigned int) update_time.sec,
695 (unsigned int) update_time.usec,
696 res->freq,
697 (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : "");
698 if ((bss->flags & WPA_BSS_ASSOCIATED) ||
699 (!(res->flags & WPA_SCAN_ASSOCIATED) &&
700 !os_reltime_before(&bss->last_update, &update_time))) {
701 wpa_printf(MSG_DEBUG,
702 "Ignore this BSS entry since the previous update looks more current");
703 return bss;
704 }
705 wpa_printf(MSG_DEBUG,
706 "Accept this BSS entry since it looks more current than the previous update");
707 }
708
709 changes = wpa_bss_compare_res(bss, res);
710 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
711 wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d",
712 MAC2STR(bss->bssid), bss->freq, res->freq);
713 bss->scan_miss_count = 0;
714 bss->last_update_idx = wpa_s->bss_update_idx;
715 wpa_bss_copy_res(bss, res, fetch_time);
716 /* Move the entry to the end of the list */
717 dl_list_del(&bss->list);
718 #ifdef CONFIG_P2P
719 if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
720 !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
721 /*
722 * This can happen when non-P2P station interface runs a scan
723 * without P2P IE in the Probe Request frame. P2P GO would reply
724 * to that with a Probe Response that does not include P2P IE.
725 * Do not update the IEs in this BSS entry to avoid such loss of
726 * information that may be needed for P2P operations to
727 * determine group information.
728 */
729 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
730 MACSTR " since that would remove P2P IE information",
731 MAC2STR(bss->bssid));
732 } else
733 #endif /* CONFIG_P2P */
734 if (bss->ie_len + bss->beacon_ie_len >=
735 res->ie_len + res->beacon_ie_len) {
736 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
737 bss->ie_len = res->ie_len;
738 bss->beacon_ie_len = res->beacon_ie_len;
739 } else {
740 struct wpa_bss *nbss;
741 struct dl_list *prev = bss->list_id.prev;
742 struct wpa_connect_work *cwork;
743 unsigned int i;
744 bool update_current_bss = wpa_s->current_bss == bss;
745 bool update_ml_probe_bss = wpa_s->ml_connect_probe_bss == bss;
746
747 cwork = wpa_bss_check_pending_connect(wpa_s, bss);
748
749 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
750 if (wpa_s->last_scan_res[i] == bss)
751 break;
752 }
753
754 dl_list_del(&bss->list_id);
755 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
756 res->beacon_ie_len);
757 if (nbss) {
758 if (i != wpa_s->last_scan_res_used)
759 wpa_s->last_scan_res[i] = nbss;
760
761 if (update_current_bss)
762 wpa_s->current_bss = nbss;
763
764 if (update_ml_probe_bss)
765 wpa_s->ml_connect_probe_bss = nbss;
766
767 if (cwork)
768 wpa_bss_update_pending_connect(cwork, nbss);
769
770 bss = nbss;
771 os_memcpy(bss->ies, res + 1,
772 res->ie_len + res->beacon_ie_len);
773 bss->ie_len = res->ie_len;
774 bss->beacon_ie_len = res->beacon_ie_len;
775 }
776 dl_list_add(prev, &bss->list_id);
777 }
778 if (changes & WPA_BSS_IES_CHANGED_FLAG) {
779 const u8 *ml_ie, *mld_addr;
780
781 wpa_bss_set_hessid(bss);
782 os_memset(bss->mld_addr, 0, ETH_ALEN);
783 ml_ie = wpa_scan_get_ml_ie(res, MULTI_LINK_CONTROL_TYPE_BASIC);
784 if (ml_ie) {
785 mld_addr = get_basic_mle_mld_addr(&ml_ie[3],
786 ml_ie[1] - 1);
787 if (mld_addr)
788 os_memcpy(bss->mld_addr, mld_addr, ETH_ALEN);
789 }
790 }
791 dl_list_add_tail(&wpa_s->bss, &bss->list);
792
793 notify_bss_changes(wpa_s, changes, bss);
794
795 return bss;
796 }
797
798
799 /**
800 * wpa_bss_update_start - Start a BSS table update from scan results
801 * @wpa_s: Pointer to wpa_supplicant data
802 *
803 * This function is called at the start of each BSS table update round for new
804 * scan results. The actual scan result entries are indicated with calls to
805 * wpa_bss_update_scan_res() and the update round is finished with a call to
806 * wpa_bss_update_end().
807 */
wpa_bss_update_start(struct wpa_supplicant * wpa_s)808 void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
809 {
810 wpa_s->bss_update_idx++;
811 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
812 wpa_s->bss_update_idx);
813 wpa_s->last_scan_res_used = 0;
814 }
815
816
817 /**
818 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
819 * @wpa_s: Pointer to wpa_supplicant data
820 * @res: Scan result
821 * @fetch_time: Time when the result was fetched from the driver
822 *
823 * This function updates a BSS table entry (or adds one) based on a scan result.
824 * This is called separately for each scan result between the calls to
825 * wpa_bss_update_start() and wpa_bss_update_end().
826 */
wpa_bss_update_scan_res(struct wpa_supplicant * wpa_s,struct wpa_scan_res * res,struct os_reltime * fetch_time)827 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
828 struct wpa_scan_res *res,
829 struct os_reltime *fetch_time)
830 {
831 const u8 *ssid, *p2p, *mesh;
832 struct wpa_bss *bss;
833
834 if (wpa_s->conf->ignore_old_scan_res) {
835 struct os_reltime update;
836 calculate_update_time(fetch_time, res->age, &update);
837 if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) {
838 struct os_reltime age;
839 os_reltime_sub(&wpa_s->scan_trigger_time, &update,
840 &age);
841 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
842 "table entry that is %u.%06u seconds older "
843 "than our scan trigger",
844 (unsigned int) age.sec,
845 (unsigned int) age.usec);
846 return;
847 }
848 }
849
850 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
851 if (ssid == NULL) {
852 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
853 MACSTR, MAC2STR(res->bssid));
854 return;
855 }
856 if (ssid[1] > SSID_MAX_LEN) {
857 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
858 MACSTR, MAC2STR(res->bssid));
859 return;
860 }
861
862 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
863 #ifdef CONFIG_P2P
864 if (p2p == NULL &&
865 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
866 /*
867 * If it's a P2P specific interface, then don't update
868 * the scan result without a P2P IE.
869 */
870 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
871 " update for P2P interface", MAC2STR(res->bssid));
872 return;
873 }
874 #endif /* CONFIG_P2P */
875 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
876 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
877 return; /* Skip P2P listen discovery results here */
878
879 /* TODO: add option for ignoring BSSes we are not interested in
880 * (to save memory) */
881
882 mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
883 if (mesh && mesh[1] <= SSID_MAX_LEN)
884 ssid = mesh;
885
886 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
887 if (bss == NULL)
888 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
889 else {
890 bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
891 if (wpa_s->last_scan_res) {
892 unsigned int i;
893 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
894 if (bss == wpa_s->last_scan_res[i]) {
895 /* Already in the list */
896 return;
897 }
898 }
899 }
900 }
901
902 if (bss == NULL)
903 return;
904 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
905 struct wpa_bss **n;
906 unsigned int siz;
907 if (wpa_s->last_scan_res_size == 0)
908 siz = 32;
909 else
910 siz = wpa_s->last_scan_res_size * 2;
911 n = os_realloc_array(wpa_s->last_scan_res, siz,
912 sizeof(struct wpa_bss *));
913 if (n == NULL)
914 return;
915 wpa_s->last_scan_res = n;
916 wpa_s->last_scan_res_size = siz;
917 }
918
919 if (wpa_s->last_scan_res)
920 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
921 }
922
923
wpa_bss_included_in_scan(const struct wpa_bss * bss,const struct scan_info * info)924 static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
925 const struct scan_info *info)
926 {
927 int found;
928 size_t i;
929
930 if (info == NULL)
931 return 1;
932
933 if (info->num_freqs) {
934 found = 0;
935 for (i = 0; i < info->num_freqs; i++) {
936 if (bss->freq == info->freqs[i]) {
937 found = 1;
938 break;
939 }
940 }
941 if (!found)
942 return 0;
943 }
944
945 if (info->num_ssids) {
946 found = 0;
947 for (i = 0; i < info->num_ssids; i++) {
948 const struct wpa_driver_scan_ssid *s = &info->ssids[i];
949 if ((s->ssid == NULL || s->ssid_len == 0) ||
950 (s->ssid_len == bss->ssid_len &&
951 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
952 0)) {
953 found = 1;
954 break;
955 }
956 }
957 if (!found)
958 return 0;
959 }
960
961 return 1;
962 }
963
964
965 /**
966 * wpa_bss_update_end - End a BSS table update from scan results
967 * @wpa_s: Pointer to wpa_supplicant data
968 * @info: Information about scan parameters
969 * @new_scan: Whether this update round was based on a new scan
970 *
971 * This function is called at the end of each BSS table update round for new
972 * scan results. The start of the update was indicated with a call to
973 * wpa_bss_update_start().
974 */
wpa_bss_update_end(struct wpa_supplicant * wpa_s,struct scan_info * info,int new_scan)975 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
976 int new_scan)
977 {
978 struct wpa_bss *bss, *n;
979
980 os_get_reltime(&wpa_s->last_scan);
981 if ((info && info->aborted) || !new_scan)
982 return; /* do not expire entries without new scan */
983
984 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
985 if (wpa_bss_in_use(wpa_s, bss))
986 continue;
987 if (!wpa_bss_included_in_scan(bss, info))
988 continue; /* expire only BSSes that were scanned */
989 if (bss->last_update_idx < wpa_s->bss_update_idx)
990 bss->scan_miss_count++;
991 if (bss->scan_miss_count >=
992 wpa_s->conf->bss_expiration_scan_count) {
993 wpa_bss_remove(wpa_s, bss, "no match in scan");
994 }
995 }
996
997 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu",
998 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size);
999 }
1000
1001
1002 /**
1003 * wpa_bss_flush_by_age - Flush old BSS entries
1004 * @wpa_s: Pointer to wpa_supplicant data
1005 * @age: Maximum entry age in seconds
1006 *
1007 * Remove BSS entries that have not been updated during the last @age seconds.
1008 */
wpa_bss_flush_by_age(struct wpa_supplicant * wpa_s,int age)1009 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
1010 {
1011 struct wpa_bss *bss, *n;
1012 struct os_reltime t;
1013
1014 if (dl_list_empty(&wpa_s->bss))
1015 return;
1016
1017 os_get_reltime(&t);
1018
1019 if (t.sec < age)
1020 return; /* avoid underflow; there can be no older entries */
1021
1022 t.sec -= age;
1023
1024 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
1025 if (wpa_bss_in_use(wpa_s, bss))
1026 continue;
1027
1028 if (wpa_s->reassoc_same_ess &&
1029 wpa_s->wpa_state != WPA_COMPLETED &&
1030 wpa_s->last_ssid &&
1031 bss->ssid_len == wpa_s->last_ssid->ssid_len &&
1032 os_memcmp(bss->ssid, wpa_s->last_ssid->ssid,
1033 bss->ssid_len) == 0)
1034 continue;
1035
1036 if (os_reltime_before(&bss->last_update, &t)) {
1037 wpa_bss_remove(wpa_s, bss, __func__);
1038 } else
1039 break;
1040 }
1041 }
1042
1043
1044 /**
1045 * wpa_bss_init - Initialize BSS table
1046 * @wpa_s: Pointer to wpa_supplicant data
1047 * Returns: 0 on success, -1 on failure
1048 *
1049 * This prepares BSS table lists and timer for periodic updates. The BSS table
1050 * is deinitialized with wpa_bss_deinit() once not needed anymore.
1051 */
wpa_bss_init(struct wpa_supplicant * wpa_s)1052 int wpa_bss_init(struct wpa_supplicant *wpa_s)
1053 {
1054 dl_list_init(&wpa_s->bss);
1055 dl_list_init(&wpa_s->bss_id);
1056 return 0;
1057 }
1058
1059
1060 /**
1061 * wpa_bss_flush - Flush all unused BSS entries
1062 * @wpa_s: Pointer to wpa_supplicant data
1063 */
wpa_bss_flush(struct wpa_supplicant * wpa_s)1064 void wpa_bss_flush(struct wpa_supplicant *wpa_s)
1065 {
1066 struct wpa_bss *bss, *n;
1067
1068 wpa_s->clear_driver_scan_cache = 1;
1069
1070 if (wpa_s->bss.next == NULL)
1071 return; /* BSS table not yet initialized */
1072
1073 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
1074 if (wpa_bss_in_use(wpa_s, bss))
1075 continue;
1076 wpa_bss_remove(wpa_s, bss, __func__);
1077 }
1078 }
1079
1080
1081 /**
1082 * wpa_bss_deinit - Deinitialize BSS table
1083 * @wpa_s: Pointer to wpa_supplicant data
1084 */
wpa_bss_deinit(struct wpa_supplicant * wpa_s)1085 void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
1086 {
1087 wpa_bss_flush(wpa_s);
1088 }
1089
1090
1091 /**
1092 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
1093 * @wpa_s: Pointer to wpa_supplicant data
1094 * @bssid: BSSID
1095 * Returns: Pointer to the BSS entry or %NULL if not found
1096 */
wpa_bss_get_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)1097 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
1098 const u8 *bssid)
1099 {
1100 struct wpa_bss *bss;
1101 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1102 return NULL;
1103 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1104 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
1105 return bss;
1106 }
1107 return NULL;
1108 }
1109
1110
1111 /**
1112 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
1113 * @wpa_s: Pointer to wpa_supplicant data
1114 * @bssid: BSSID
1115 * Returns: Pointer to the BSS entry or %NULL if not found
1116 *
1117 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
1118 * find the entry that has the most recent update. This can help in finding the
1119 * correct entry in cases where the SSID of the AP may have changed recently
1120 * (e.g., in WPS reconfiguration cases).
1121 */
wpa_bss_get_bssid_latest(struct wpa_supplicant * wpa_s,const u8 * bssid)1122 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
1123 const u8 *bssid)
1124 {
1125 struct wpa_bss *bss, *found = NULL;
1126 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1127 return NULL;
1128 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1129 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
1130 continue;
1131 if (found == NULL ||
1132 os_reltime_before(&found->last_update, &bss->last_update))
1133 found = bss;
1134 }
1135 return found;
1136 }
1137
1138
1139 #ifdef CONFIG_P2P
1140 /**
1141 * wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr
1142 * @wpa_s: Pointer to wpa_supplicant data
1143 * @dev_addr: P2P Device Address of the GO
1144 * Returns: Pointer to the BSS entry or %NULL if not found
1145 *
1146 * This function tries to find the entry that has the most recent update. This
1147 * can help in finding the correct entry in cases where the SSID of the P2P
1148 * Device may have changed recently.
1149 */
wpa_bss_get_p2p_dev_addr(struct wpa_supplicant * wpa_s,const u8 * dev_addr)1150 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
1151 const u8 *dev_addr)
1152 {
1153 struct wpa_bss *bss, *found = NULL;
1154 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1155 u8 addr[ETH_ALEN];
1156 if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
1157 addr) != 0 ||
1158 os_memcmp(addr, dev_addr, ETH_ALEN) != 0)
1159 continue;
1160 if (!found ||
1161 os_reltime_before(&found->last_update, &bss->last_update))
1162 found = bss;
1163 }
1164 return found;
1165 }
1166 #endif /* CONFIG_P2P */
1167
1168
1169 /**
1170 * wpa_bss_get_id - Fetch a BSS table entry based on identifier
1171 * @wpa_s: Pointer to wpa_supplicant data
1172 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
1173 * Returns: Pointer to the BSS entry or %NULL if not found
1174 */
wpa_bss_get_id(struct wpa_supplicant * wpa_s,unsigned int id)1175 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
1176 {
1177 struct wpa_bss *bss;
1178 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1179 if (bss->id == id)
1180 return bss;
1181 }
1182 return NULL;
1183 }
1184
1185
1186 /**
1187 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
1188 * @wpa_s: Pointer to wpa_supplicant data
1189 * @idf: Smallest allowed identifier assigned for the entry
1190 * @idf: Largest allowed identifier assigned for the entry
1191 * Returns: Pointer to the BSS entry or %NULL if not found
1192 *
1193 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
1194 * smallest id value to be fetched within the specified range without the
1195 * caller having to know the exact id.
1196 */
wpa_bss_get_id_range(struct wpa_supplicant * wpa_s,unsigned int idf,unsigned int idl)1197 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
1198 unsigned int idf, unsigned int idl)
1199 {
1200 struct wpa_bss *bss;
1201 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
1202 if (bss->id >= idf && bss->id <= idl)
1203 return bss;
1204 }
1205 return NULL;
1206 }
1207
1208
1209 /**
1210 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
1211 * @bss: BSS table entry
1212 * @ie: Information element identitifier (WLAN_EID_*)
1213 * Returns: Pointer to the information element (id field) or %NULL if not found
1214 *
1215 * This function returns the first matching information element in the BSS
1216 * entry.
1217 */
wpa_bss_get_ie(const struct wpa_bss * bss,u8 ie)1218 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
1219 {
1220 return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie);
1221 }
1222
1223
1224 /**
1225 * wpa_bss_get_ie_nth - Fetch a specified information element from a BSS entry
1226 * @bss: BSS table entry
1227 * @ie: Information element identitifier (WLAN_EID_*)
1228 * @nth: Return the nth element of the requested type (2 returns the second)
1229 * Returns: Pointer to the information element (id field) or %NULL if not found
1230 *
1231 * This function returns the nth matching information element in the BSS
1232 * entry.
1233 */
wpa_bss_get_ie_nth(const struct wpa_bss * bss,u8 ie,int nth)1234 const u8 * wpa_bss_get_ie_nth(const struct wpa_bss *bss, u8 ie, int nth)
1235 {
1236 return get_ie_nth(wpa_bss_ie_ptr(bss), bss->ie_len, ie, nth);
1237 }
1238
1239
1240 /**
1241 * wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry
1242 * @bss: BSS table entry
1243 * @ext: Information element extension identifier (WLAN_EID_EXT_*)
1244 * Returns: Pointer to the information element (id field) or %NULL if not found
1245 *
1246 * This function returns the first matching information element in the BSS
1247 * entry.
1248 */
wpa_bss_get_ie_ext(const struct wpa_bss * bss,u8 ext)1249 const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext)
1250 {
1251 return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext);
1252 }
1253
1254
1255 /**
1256 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
1257 * @bss: BSS table entry
1258 * @vendor_type: Vendor type (four octets starting the IE payload)
1259 * Returns: Pointer to the information element (id field) or %NULL if not found
1260 *
1261 * This function returns the first matching information element in the BSS
1262 * entry.
1263 */
wpa_bss_get_vendor_ie(const struct wpa_bss * bss,u32 vendor_type)1264 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
1265 {
1266 const u8 *ies;
1267 const struct element *elem;
1268
1269 ies = wpa_bss_ie_ptr(bss);
1270
1271 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) {
1272 if (elem->datalen >= 4 &&
1273 vendor_type == WPA_GET_BE32(elem->data))
1274 return &elem->id;
1275 }
1276
1277 return NULL;
1278 }
1279
1280
1281 /**
1282 * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
1283 * @bss: BSS table entry
1284 * @vendor_type: Vendor type (four octets starting the IE payload)
1285 * Returns: Pointer to the information element (id field) or %NULL if not found
1286 *
1287 * This function returns the first matching information element in the BSS
1288 * entry.
1289 *
1290 * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
1291 * from Beacon frames instead of either Beacon or Probe Response frames.
1292 */
wpa_bss_get_vendor_ie_beacon(const struct wpa_bss * bss,u32 vendor_type)1293 const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
1294 u32 vendor_type)
1295 {
1296 const u8 *ies;
1297 const struct element *elem;
1298
1299 if (bss->beacon_ie_len == 0)
1300 return NULL;
1301
1302 ies = wpa_bss_ie_ptr(bss);
1303 ies += bss->ie_len;
1304
1305 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
1306 bss->beacon_ie_len) {
1307 if (elem->datalen >= 4 &&
1308 vendor_type == WPA_GET_BE32(elem->data))
1309 return &elem->id;
1310 }
1311
1312 return NULL;
1313 }
1314
1315
1316 /**
1317 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
1318 * @bss: BSS table entry
1319 * @vendor_type: Vendor type (four octets starting the IE payload)
1320 * Returns: Pointer to the information element payload or %NULL if not found
1321 *
1322 * This function returns concatenated payload of possibly fragmented vendor
1323 * specific information elements in the BSS entry. The caller is responsible for
1324 * freeing the returned buffer.
1325 */
wpa_bss_get_vendor_ie_multi(const struct wpa_bss * bss,u32 vendor_type)1326 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
1327 u32 vendor_type)
1328 {
1329 struct wpabuf *buf;
1330 const u8 *end, *pos;
1331
1332 buf = wpabuf_alloc(bss->ie_len);
1333 if (buf == NULL)
1334 return NULL;
1335
1336 pos = wpa_bss_ie_ptr(bss);
1337 end = pos + bss->ie_len;
1338
1339 while (end - pos > 1) {
1340 u8 ie, len;
1341
1342 ie = pos[0];
1343 len = pos[1];
1344 if (len > end - pos - 2)
1345 break;
1346 pos += 2;
1347 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
1348 vendor_type == WPA_GET_BE32(pos))
1349 wpabuf_put_data(buf, pos + 4, len - 4);
1350 pos += len;
1351 }
1352
1353 if (wpabuf_len(buf) == 0) {
1354 wpabuf_free(buf);
1355 buf = NULL;
1356 }
1357
1358 return buf;
1359 }
1360
1361
1362 /**
1363 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
1364 * @bss: BSS table entry
1365 * @vendor_type: Vendor type (four octets starting the IE payload)
1366 * Returns: Pointer to the information element payload or %NULL if not found
1367 *
1368 * This function returns concatenated payload of possibly fragmented vendor
1369 * specific information elements in the BSS entry. The caller is responsible for
1370 * freeing the returned buffer.
1371 *
1372 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
1373 * from Beacon frames instead of either Beacon or Probe Response frames.
1374 */
wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss * bss,u32 vendor_type)1375 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
1376 u32 vendor_type)
1377 {
1378 struct wpabuf *buf;
1379 const u8 *end, *pos;
1380
1381 buf = wpabuf_alloc(bss->beacon_ie_len);
1382 if (buf == NULL)
1383 return NULL;
1384
1385 pos = wpa_bss_ie_ptr(bss);
1386 pos += bss->ie_len;
1387 end = pos + bss->beacon_ie_len;
1388
1389 while (end - pos > 1) {
1390 u8 id, len;
1391
1392 id = *pos++;
1393 len = *pos++;
1394 if (len > end - pos)
1395 break;
1396 if (id == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
1397 vendor_type == WPA_GET_BE32(pos))
1398 wpabuf_put_data(buf, pos + 4, len - 4);
1399 pos += len;
1400 }
1401
1402 if (wpabuf_len(buf) == 0) {
1403 wpabuf_free(buf);
1404 buf = NULL;
1405 }
1406
1407 return buf;
1408 }
1409
1410
1411 /**
1412 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
1413 * @bss: BSS table entry
1414 * Returns: Maximum legacy rate in units of 500 kbps
1415 */
wpa_bss_get_max_rate(const struct wpa_bss * bss)1416 int wpa_bss_get_max_rate(const struct wpa_bss *bss)
1417 {
1418 int rate = 0;
1419 const u8 *ie;
1420 int i;
1421
1422 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1423 for (i = 0; ie && i < ie[1]; i++) {
1424 if ((ie[i + 2] & 0x7f) > rate)
1425 rate = ie[i + 2] & 0x7f;
1426 }
1427
1428 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1429 for (i = 0; ie && i < ie[1]; i++) {
1430 if ((ie[i + 2] & 0x7f) > rate)
1431 rate = ie[i + 2] & 0x7f;
1432 }
1433
1434 return rate;
1435 }
1436
1437
1438 /**
1439 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
1440 * @bss: BSS table entry
1441 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
1442 * Returns: number of legacy TX rates or -1 on failure
1443 *
1444 * The caller is responsible for freeing the returned buffer with os_free() in
1445 * case of success.
1446 */
wpa_bss_get_bit_rates(const struct wpa_bss * bss,u8 ** rates)1447 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
1448 {
1449 const u8 *ie, *ie2;
1450 int i, j;
1451 unsigned int len;
1452 u8 *r;
1453
1454 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1455 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1456
1457 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
1458
1459 r = os_malloc(len);
1460 if (!r)
1461 return -1;
1462
1463 for (i = 0; ie && i < ie[1]; i++)
1464 r[i] = ie[i + 2] & 0x7f;
1465
1466 for (j = 0; ie2 && j < ie2[1]; j++)
1467 r[i + j] = ie2[j + 2] & 0x7f;
1468
1469 *rates = r;
1470 return len;
1471 }
1472
1473
1474 #ifdef CONFIG_FILS
wpa_bss_get_fils_cache_id(const struct wpa_bss * bss)1475 const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss)
1476 {
1477 const u8 *ie;
1478
1479 if (bss) {
1480 ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
1481 if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7))
1482 return ie + 4;
1483 }
1484
1485 return NULL;
1486 }
1487 #endif /* CONFIG_FILS */
1488
1489
wpa_bss_ext_capab(const struct wpa_bss * bss,unsigned int capab)1490 int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab)
1491 {
1492 if (!bss)
1493 return 0;
1494 return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB),
1495 capab);
1496 }
1497
1498
1499 /**
1500 * wpa_bss_defrag_mle - Get a buffer holding a de-fragmented ML element
1501 * @bss: BSS table entry
1502 * @type: ML control type
1503 */
wpa_bss_defrag_mle(const struct wpa_bss * bss,u8 type)1504 struct wpabuf * wpa_bss_defrag_mle(const struct wpa_bss *bss, u8 type)
1505 {
1506 struct ieee802_11_elems elems;
1507 const u8 *pos = wpa_bss_ie_ptr(bss);
1508 size_t len = bss->ie_len;
1509
1510 if (ieee802_11_parse_elems(pos, len, &elems, 1) == ParseFailed)
1511 return NULL;
1512
1513 return ieee802_11_defrag_mle(&elems, type);
1514 }
1515
1516
1517 static void
wpa_bss_parse_ml_rnr_ap_info(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,u8 mbssid_idx,const struct ieee80211_neighbor_ap_info * ap_info,size_t len,u16 * seen,u16 * missing)1518 wpa_bss_parse_ml_rnr_ap_info(struct wpa_supplicant *wpa_s,
1519 struct wpa_bss *bss, u8 mbssid_idx,
1520 const struct ieee80211_neighbor_ap_info *ap_info,
1521 size_t len, u16 *seen, u16 *missing)
1522 {
1523 const u8 *pos, *end;
1524 const u8 *mld_params;
1525 u8 count, mld_params_offset;
1526 u8 i, type, link_id;
1527
1528 count = RNR_TBTT_INFO_COUNT_VAL(ap_info->tbtt_info_hdr) + 1;
1529 type = ap_info->tbtt_info_hdr & RNR_TBTT_INFO_HDR_TYPE_MSK;
1530
1531 /* MLD information is at offset 13 or at start */
1532 if (type == 0 && ap_info->tbtt_info_len >= RNR_TBTT_INFO_MLD_LEN) {
1533 /* MLD info is appended */
1534 mld_params_offset = RNR_TBTT_INFO_LEN;
1535 } else {
1536 /* TODO: Support NSTR AP */
1537 return;
1538 }
1539
1540 pos = (const u8 *) ap_info;
1541 end = pos + len;
1542 pos += sizeof(*ap_info);
1543
1544 for (i = 0; i < count; i++) {
1545 if (bss->n_mld_links >= MAX_NUM_MLD_LINKS)
1546 return;
1547
1548 if (end - pos < ap_info->tbtt_info_len)
1549 break;
1550
1551 mld_params = pos + mld_params_offset;
1552
1553 link_id = *(mld_params + 1) & EHT_ML_LINK_ID_MSK;
1554
1555 if (*mld_params != mbssid_idx) {
1556 wpa_printf(MSG_DEBUG,
1557 "MLD: Reported link not part of MLD");
1558 } else if (!(BIT(link_id) & *seen)) {
1559 struct wpa_bss *neigh_bss =
1560 wpa_bss_get_bssid(wpa_s, ap_info->data + 1);
1561
1562 *seen |= BIT(link_id);
1563 wpa_printf(MSG_DEBUG, "MLD: mld ID=%u, link ID=%u",
1564 *mld_params, link_id);
1565
1566 if (neigh_bss) {
1567 struct mld_link *l;
1568
1569 l = &bss->mld_links[bss->n_mld_links];
1570 l->link_id = link_id;
1571 os_memcpy(l->bssid, ap_info->data + 1,
1572 ETH_ALEN);
1573 l->freq = neigh_bss->freq;
1574 bss->n_mld_links++;
1575 } else {
1576 *missing |= BIT(link_id);
1577 }
1578 }
1579
1580 pos += ap_info->tbtt_info_len;
1581 }
1582 }
1583
1584
1585 /**
1586 * wpa_bss_parse_basic_ml_element - Parse the Basic Multi-Link element
1587 * @wpa_s: Pointer to wpa_supplicant data
1588 * @bss: BSS table entry
1589 * @mld_addr: AP MLD address (or %NULL)
1590 * @link_info: Array to store link information (or %NULL),
1591 * should be initialized and #MAX_NUM_MLD_LINKS elements long
1592 * @missing_links: Result bitmask of links that were not discovered (or %NULL)
1593 * Returns: 0 on success or -1 for non-MLD or parsing failures
1594 *
1595 * Parses the Basic Multi-Link element of the BSS into @link_info using the scan
1596 * information stored in the wpa_supplicant data to fill in information for
1597 * links where possible. The @missing_links out parameter will contain any links
1598 * for which no corresponding BSS was found.
1599 */
wpa_bss_parse_basic_ml_element(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,u8 * ap_mld_addr,u16 * missing_links)1600 int wpa_bss_parse_basic_ml_element(struct wpa_supplicant *wpa_s,
1601 struct wpa_bss *bss,
1602 u8 *ap_mld_addr,
1603 u16 *missing_links)
1604 {
1605 struct ieee802_11_elems elems;
1606 struct wpabuf *mlbuf;
1607 const struct element *elem;
1608 u8 mbssid_idx = 0;
1609 u8 ml_ie_len;
1610 const struct ieee80211_eht_ml *eht_ml;
1611 const struct eht_ml_basic_common_info *ml_basic_common_info;
1612 u8 i, link_id;
1613 const u16 control_mask =
1614 MULTI_LINK_CONTROL_TYPE_MASK |
1615 BASIC_MULTI_LINK_CTRL_PRES_LINK_ID |
1616 BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT |
1617 BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA;
1618 const u16 control =
1619 MULTI_LINK_CONTROL_TYPE_BASIC |
1620 BASIC_MULTI_LINK_CTRL_PRES_LINK_ID |
1621 BASIC_MULTI_LINK_CTRL_PRES_BSS_PARAM_CH_COUNT |
1622 BASIC_MULTI_LINK_CTRL_PRES_MLD_CAPA;
1623 u16 missing = 0;
1624 u16 seen;
1625 const u8 *ies_pos = wpa_bss_ie_ptr(bss);
1626 size_t ies_len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
1627 int ret = -1;
1628 struct mld_link *l;
1629
1630 if (ieee802_11_parse_elems(ies_pos, ies_len, &elems, 1) ==
1631 ParseFailed) {
1632 wpa_dbg(wpa_s, MSG_DEBUG, "MLD: Failed to parse elements");
1633 return ret;
1634 }
1635
1636 mlbuf = ieee802_11_defrag_mle(&elems, MULTI_LINK_CONTROL_TYPE_BASIC);
1637 if (!mlbuf) {
1638 wpa_dbg(wpa_s, MSG_DEBUG, "MLD: No Multi-Link element");
1639 return ret;
1640 }
1641
1642 ml_ie_len = wpabuf_len(mlbuf);
1643
1644 /*
1645 * for ext ID + 2 control + common info len + MLD address +
1646 * link info
1647 */
1648 if (ml_ie_len < 2UL + 1UL + ETH_ALEN + 1UL)
1649 goto out;
1650
1651 eht_ml = (const struct ieee80211_eht_ml *) wpabuf_head(mlbuf);
1652 if ((le_to_host16(eht_ml->ml_control) & control_mask) != control) {
1653 wpa_printf(MSG_DEBUG,
1654 "MLD: Unexpected Multi-Link element control=0x%x (mask 0x%x expected 0x%x)",
1655 le_to_host16(eht_ml->ml_control), control_mask,
1656 control);
1657 goto out;
1658 }
1659
1660 ml_basic_common_info =
1661 (const struct eht_ml_basic_common_info *) eht_ml->variable;
1662
1663 /* Common info length should be valid */
1664 if (ml_basic_common_info->len < ETH_ALEN + 1UL)
1665 goto out;
1666
1667 /* Get the MLD address and MLD link ID */
1668 if (ap_mld_addr)
1669 os_memcpy(ap_mld_addr, ml_basic_common_info->mld_addr,
1670 ETH_ALEN);
1671
1672 bss->n_mld_links = 0;
1673 l = &bss->mld_links[bss->n_mld_links];
1674 link_id = ml_basic_common_info->variable[0] & EHT_ML_LINK_ID_MSK;
1675 l->link_id = link_id;
1676 os_memcpy(l->bssid, bss->bssid, ETH_ALEN);
1677 l->freq = bss->freq;
1678
1679 seen = BIT(link_id);
1680 bss->n_mld_links++;
1681
1682 /*
1683 * The AP MLD ID in the RNR corresponds to the MBSSID index, see
1684 * IEEE P802.11be/D4.0, 9.4.2.169.2 (Neighbor AP Information field).
1685 *
1686 * For the transmitting BSSID it is clear that both the MBSSID index
1687 * and the AP MLD ID in the RNR are zero.
1688 *
1689 * For nontransmitted BSSIDs we will have a BSS generated from the
1690 * MBSSID element(s) using inheritance rules. Included in the elements
1691 * is the MBSSID Index Element. The RNR is copied from the Beacon/Probe
1692 * Response frame that was send by the transmitting BSSID. As such, the
1693 * reported AP MLD ID in the RNR will match the value in the MBSSID
1694 * Index Element.
1695 */
1696 elem = (const struct element *)
1697 wpa_bss_get_ie(bss, WLAN_EID_MULTIPLE_BSSID_INDEX);
1698 if (elem && elem->datalen >= 1)
1699 mbssid_idx = elem->data[0];
1700
1701 for_each_element_id(elem, WLAN_EID_REDUCED_NEIGHBOR_REPORT,
1702 wpa_bss_ie_ptr(bss),
1703 bss->ie_len ? bss->ie_len : bss->beacon_ie_len) {
1704 const struct ieee80211_neighbor_ap_info *ap_info;
1705 const u8 *pos = elem->data;
1706 size_t len = elem->datalen;
1707
1708 /* RNR IE may contain more than one Neighbor AP Info */
1709 while (sizeof(*ap_info) <= len) {
1710 size_t ap_info_len = sizeof(*ap_info);
1711 u8 count;
1712
1713 ap_info = (const struct ieee80211_neighbor_ap_info *)
1714 pos;
1715 count = RNR_TBTT_INFO_COUNT_VAL(ap_info->tbtt_info_hdr) + 1;
1716 ap_info_len += count * ap_info->tbtt_info_len;
1717
1718 if (ap_info_len > len)
1719 goto out;
1720
1721 wpa_bss_parse_ml_rnr_ap_info(wpa_s, bss, mbssid_idx,
1722 ap_info, len, &seen,
1723 &missing);
1724
1725 pos += ap_info_len;
1726 len -= ap_info_len;
1727 }
1728 }
1729
1730 wpa_printf(MSG_DEBUG, "MLD: n_mld_links=%u (unresolved: 0x%04hx)",
1731 bss->n_mld_links, missing);
1732
1733 for (i = 0; i < bss->n_mld_links; i++) {
1734 wpa_printf(MSG_DEBUG, "MLD: link=%u, bssid=" MACSTR,
1735 bss->mld_links[i].link_id,
1736 MAC2STR(bss->mld_links[i].bssid));
1737 }
1738
1739 if (missing_links)
1740 *missing_links = missing;
1741
1742 ret = 0;
1743 out:
1744 wpabuf_free(mlbuf);
1745 return ret;
1746 }
1747
1748
1749 /*
1750 * wpa_bss_parse_reconf_ml_element - Parse the Reconfiguration ML element
1751 * @wpa_s: Pointer to wpa_supplicant data
1752 * @bss: BSS table entry
1753 * Returns: The bitmap of links that are going to be removed
1754 */
wpa_bss_parse_reconf_ml_element(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)1755 u16 wpa_bss_parse_reconf_ml_element(struct wpa_supplicant *wpa_s,
1756 struct wpa_bss *bss)
1757 {
1758 struct ieee802_11_elems elems;
1759 struct wpabuf *mlbuf;
1760 const u8 *pos = wpa_bss_ie_ptr(bss);
1761 size_t len = bss->ie_len ? bss->ie_len : bss->beacon_ie_len;
1762 const struct ieee80211_eht_ml *ml;
1763 u16 removed_links = 0;
1764 u8 ml_common_len;
1765
1766 if (ieee802_11_parse_elems(pos, len, &elems, 1) == ParseFailed)
1767 return 0;
1768
1769 if (!elems.reconf_mle || !elems.reconf_mle_len)
1770 return 0;
1771
1772 mlbuf = ieee802_11_defrag_mle(&elems, MULTI_LINK_CONTROL_TYPE_RECONF);
1773 if (!mlbuf)
1774 return 0;
1775
1776 ml = (const struct ieee80211_eht_ml *) wpabuf_head(mlbuf);
1777 len = wpabuf_len(mlbuf);
1778
1779 if (len < sizeof(*ml))
1780 goto out;
1781
1782 ml_common_len = 1;
1783 if (ml->ml_control & RECONF_MULTI_LINK_CTRL_PRES_MLD_MAC_ADDR)
1784 ml_common_len += ETH_ALEN;
1785
1786 if (len < sizeof(*ml) + ml_common_len) {
1787 wpa_printf(MSG_DEBUG,
1788 "MLD: Unexpected Reconfiguration ML element length: (%zu < %zu)",
1789 len, sizeof(*ml) + ml_common_len);
1790 goto out;
1791 }
1792
1793 pos = ml->variable + ml_common_len;
1794 len -= sizeof(*ml) + ml_common_len;
1795
1796 while (len >= 2 + sizeof(struct ieee80211_eht_per_sta_profile)) {
1797 size_t sub_elem_len = *(pos + 1);
1798
1799 if (2 + sub_elem_len > len) {
1800 wpa_printf(MSG_DEBUG,
1801 "MLD: Invalid link info len: %zu %zu",
1802 2 + sub_elem_len, len);
1803 goto out;
1804 }
1805
1806 if (*pos == EHT_ML_SUB_ELEM_PER_STA_PROFILE) {
1807 const struct ieee80211_eht_per_sta_profile *sta_prof =
1808 (const struct ieee80211_eht_per_sta_profile *)
1809 (pos + 2);
1810 u16 control = le_to_host16(sta_prof->sta_control);
1811 u8 link_id;
1812
1813 link_id = control & EHT_PER_STA_RECONF_CTRL_LINK_ID_MSK;
1814 removed_links |= BIT(link_id);
1815 }
1816
1817 pos += 2 + sub_elem_len;
1818 len -= 2 + sub_elem_len;
1819 }
1820
1821 wpa_printf(MSG_DEBUG, "MLD: Reconfiguration: removed_links=0x%x",
1822 removed_links);
1823 out:
1824 wpabuf_free(mlbuf);
1825 return removed_links;
1826 }
1827