1 /*
2 * BSS table
3 * Copyright (c) 2009-2019, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "common/ieee802_11_defs.h"
14 #include "drivers/driver.h"
15 #include "eap_peer/eap.h"
16 #include "wpa_supplicant_i.h"
17 #include "config.h"
18 #include "notify.h"
19 #include "scan.h"
20 #include "bss.h"
21
wpa_bss_set_hessid(struct wpa_bss * bss)22 static void wpa_bss_set_hessid(struct wpa_bss *bss)
23 {
24 #ifdef CONFIG_INTERWORKING
25 const u8 *ie = wpa_bss_get_ie(bss, WLAN_EID_INTERWORKING);
26 if (ie == NULL || (ie[1] != 7 && ie[1] != 9)) {
27 os_memset(bss->hessid, 0, ETH_ALEN);
28 return;
29 }
30 if (ie[1] == 7)
31 os_memcpy(bss->hessid, ie + 3, ETH_ALEN);
32 else
33 os_memcpy(bss->hessid, ie + 5, ETH_ALEN);
34 #endif /* CONFIG_INTERWORKING */
35 }
36
37
38 /**
39 * wpa_bss_anqp_alloc - Allocate ANQP data structure for a BSS entry
40 * Returns: Allocated ANQP data structure or %NULL on failure
41 *
42 * The allocated ANQP data structure has its users count set to 1. It may be
43 * shared by multiple BSS entries and each shared entry is freed with
44 * wpa_bss_anqp_free().
45 */
wpa_bss_anqp_alloc(void)46 struct wpa_bss_anqp * wpa_bss_anqp_alloc(void)
47 {
48 struct wpa_bss_anqp *anqp;
49 anqp = os_zalloc(sizeof(*anqp));
50 if (anqp == NULL)
51 return NULL;
52 #ifdef CONFIG_INTERWORKING
53 dl_list_init(&anqp->anqp_elems);
54 #endif /* CONFIG_INTERWORKING */
55 anqp->users = 1;
56 return anqp;
57 }
58
59
60 /**
61 * wpa_bss_anqp_clone - Clone an ANQP data structure
62 * @anqp: ANQP data structure from wpa_bss_anqp_alloc()
63 * Returns: Cloned ANQP data structure or %NULL on failure
64 */
wpa_bss_anqp_clone(struct wpa_bss_anqp * anqp)65 static struct wpa_bss_anqp * wpa_bss_anqp_clone(struct wpa_bss_anqp *anqp)
66 {
67 struct wpa_bss_anqp *n;
68
69 n = os_zalloc(sizeof(*n));
70 if (n == NULL)
71 return NULL;
72
73 #define ANQP_DUP(f) if (anqp->f) n->f = wpabuf_dup(anqp->f)
74 #ifdef CONFIG_INTERWORKING
75 dl_list_init(&n->anqp_elems);
76 ANQP_DUP(capability_list);
77 ANQP_DUP(venue_name);
78 ANQP_DUP(network_auth_type);
79 ANQP_DUP(roaming_consortium);
80 ANQP_DUP(ip_addr_type_availability);
81 ANQP_DUP(nai_realm);
82 ANQP_DUP(anqp_3gpp);
83 ANQP_DUP(domain_name);
84 ANQP_DUP(fils_realm_info);
85 #endif /* CONFIG_INTERWORKING */
86 #ifdef CONFIG_HS20
87 ANQP_DUP(hs20_capability_list);
88 ANQP_DUP(hs20_operator_friendly_name);
89 ANQP_DUP(hs20_wan_metrics);
90 ANQP_DUP(hs20_connection_capability);
91 ANQP_DUP(hs20_operating_class);
92 ANQP_DUP(hs20_osu_providers_list);
93 ANQP_DUP(hs20_operator_icon_metadata);
94 ANQP_DUP(hs20_osu_providers_nai_list);
95 #endif /* CONFIG_HS20 */
96 #undef ANQP_DUP
97
98 return n;
99 }
100
101
102 /**
103 * wpa_bss_anqp_unshare_alloc - Unshare ANQP data (if shared) in a BSS entry
104 * @bss: BSS entry
105 * Returns: 0 on success, -1 on failure
106 *
107 * This function ensures the specific BSS entry has an ANQP data structure that
108 * is not shared with any other BSS entry.
109 */
wpa_bss_anqp_unshare_alloc(struct wpa_bss * bss)110 int wpa_bss_anqp_unshare_alloc(struct wpa_bss *bss)
111 {
112 struct wpa_bss_anqp *anqp;
113
114 if (bss->anqp && bss->anqp->users > 1) {
115 /* allocated, but shared - clone an unshared copy */
116 anqp = wpa_bss_anqp_clone(bss->anqp);
117 if (anqp == NULL)
118 return -1;
119 anqp->users = 1;
120 bss->anqp->users--;
121 bss->anqp = anqp;
122 return 0;
123 }
124
125 if (bss->anqp)
126 return 0; /* already allocated and not shared */
127
128 /* not allocated - allocate a new storage area */
129 bss->anqp = wpa_bss_anqp_alloc();
130 return bss->anqp ? 0 : -1;
131 }
132
133
134 /**
135 * wpa_bss_anqp_free - Free an ANQP data structure
136 * @anqp: ANQP data structure from wpa_bss_anqp_alloc() or wpa_bss_anqp_clone()
137 */
wpa_bss_anqp_free(struct wpa_bss_anqp * anqp)138 static void wpa_bss_anqp_free(struct wpa_bss_anqp *anqp)
139 {
140 #ifdef CONFIG_INTERWORKING
141 struct wpa_bss_anqp_elem *elem;
142 #endif /* CONFIG_INTERWORKING */
143
144 if (anqp == NULL)
145 return;
146
147 anqp->users--;
148 if (anqp->users > 0) {
149 /* Another BSS entry holds a pointer to this ANQP info */
150 return;
151 }
152
153 #ifdef CONFIG_INTERWORKING
154 wpabuf_free(anqp->capability_list);
155 wpabuf_free(anqp->venue_name);
156 wpabuf_free(anqp->network_auth_type);
157 wpabuf_free(anqp->roaming_consortium);
158 wpabuf_free(anqp->ip_addr_type_availability);
159 wpabuf_free(anqp->nai_realm);
160 wpabuf_free(anqp->anqp_3gpp);
161 wpabuf_free(anqp->domain_name);
162 wpabuf_free(anqp->fils_realm_info);
163
164 while ((elem = dl_list_first(&anqp->anqp_elems,
165 struct wpa_bss_anqp_elem, list))) {
166 dl_list_del(&elem->list);
167 wpabuf_free(elem->payload);
168 os_free(elem);
169 }
170 #endif /* CONFIG_INTERWORKING */
171 #ifdef CONFIG_HS20
172 wpabuf_free(anqp->hs20_capability_list);
173 wpabuf_free(anqp->hs20_operator_friendly_name);
174 wpabuf_free(anqp->hs20_wan_metrics);
175 wpabuf_free(anqp->hs20_connection_capability);
176 wpabuf_free(anqp->hs20_operating_class);
177 wpabuf_free(anqp->hs20_osu_providers_list);
178 wpabuf_free(anqp->hs20_operator_icon_metadata);
179 wpabuf_free(anqp->hs20_osu_providers_nai_list);
180 #endif /* CONFIG_HS20 */
181
182 os_free(anqp);
183 }
184
wpa_bss_check_pending_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)185 static bool wpa_bss_check_pending_connect(struct wpa_supplicant *wpa_s,
186 struct wpa_bss *bss)
187 {
188 struct wpa_radio_work *work;
189 struct wpa_connect_work *cwork;
190
191 work = radio_work_pending(wpa_s, "sme-connect");
192 if (!work)
193 work = radio_work_pending(wpa_s, "connect");
194 if (!work)
195 return false;
196
197 cwork = work->ctx;
198 if (cwork->bss != bss)
199 return false;
200
201 return true;
202 }
203
wpa_bss_update_pending_connect(struct wpa_supplicant * wpa_s,struct wpa_bss * new_bss)204 static void wpa_bss_update_pending_connect(struct wpa_supplicant *wpa_s,
205 struct wpa_bss *new_bss)
206 {
207 struct wpa_radio_work *work;
208 struct wpa_connect_work *cwork;
209
210 work = radio_work_pending(wpa_s, "sme-connect");
211 if (!work)
212 work = radio_work_pending(wpa_s, "connect");
213 if (!work)
214 return;
215
216 cwork = work->ctx;
217
218 wpa_printf(MSG_DEBUG,
219 "Update BSS pointer for the pending connect radio work");
220 cwork->bss = new_bss;
221 if (!new_bss)
222 cwork->bss_removed = 1;
223 }
224
225
wpa_bss_remove(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,const char * reason)226 void wpa_bss_remove(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
227 const char *reason)
228 {
229 if (wpa_s->last_scan_res) {
230 unsigned int i;
231 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
232 if (wpa_s->last_scan_res[i] == bss) {
233 os_memmove(&wpa_s->last_scan_res[i],
234 &wpa_s->last_scan_res[i + 1],
235 (wpa_s->last_scan_res_used - i - 1)
236 * sizeof(struct wpa_bss *));
237 wpa_s->last_scan_res_used--;
238 break;
239 }
240 }
241 }
242 if (wpa_bss_check_pending_connect(wpa_s, bss))
243 wpa_bss_update_pending_connect(wpa_s, NULL);
244 dl_list_del(&bss->list);
245 dl_list_del(&bss->list_id);
246 wpa_s->num_bss--;
247 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Remove id %u BSSID " MACSTR
248 " SSID '%s' due to %s", bss->id, MAC2STR(bss->bssid),
249 wpa_ssid_txt(bss->ssid, bss->ssid_len), reason);
250 wpas_notify_bss_removed(wpa_s, bss->bssid, bss->id);
251 wpa_bss_anqp_free(bss->anqp);
252 os_free(bss);
253 }
254
255
256 /**
257 * wpa_bss_get - Fetch a BSS table entry based on BSSID and SSID
258 * @wpa_s: Pointer to wpa_supplicant data
259 * @bssid: BSSID
260 * @ssid: SSID
261 * @ssid_len: Length of @ssid
262 * Returns: Pointer to the BSS entry or %NULL if not found
263 */
wpa_bss_get(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * ssid,size_t ssid_len)264 struct wpa_bss * wpa_bss_get(struct wpa_supplicant *wpa_s, const u8 *bssid,
265 const u8 *ssid, size_t ssid_len)
266 {
267 struct wpa_bss *bss;
268 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
269 return NULL;
270 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
271 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
272 bss->ssid_len == ssid_len &&
273 os_memcmp(bss->ssid, ssid, ssid_len) == 0)
274 return bss;
275 }
276 return NULL;
277 }
278
279
calculate_update_time(const struct os_reltime * fetch_time,unsigned int age_ms,struct os_reltime * update_time)280 void calculate_update_time(const struct os_reltime *fetch_time,
281 unsigned int age_ms,
282 struct os_reltime *update_time)
283 {
284 os_time_t usec;
285
286 update_time->sec = fetch_time->sec;
287 update_time->usec = fetch_time->usec;
288 update_time->sec -= age_ms / 1000;
289 usec = (age_ms % 1000) * 1000;
290 if (update_time->usec < usec) {
291 update_time->sec--;
292 update_time->usec += 1000000;
293 }
294 update_time->usec -= usec;
295 }
296
297
wpa_bss_copy_res(struct wpa_bss * dst,struct wpa_scan_res * src,struct os_reltime * fetch_time)298 static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
299 struct os_reltime *fetch_time)
300 {
301 dst->flags = src->flags;
302 os_memcpy(dst->bssid, src->bssid, ETH_ALEN);
303 dst->freq = src->freq;
304 dst->beacon_int = src->beacon_int;
305 dst->caps = src->caps;
306 dst->qual = src->qual;
307 dst->noise = src->noise;
308 dst->level = src->level;
309 dst->tsf = src->tsf;
310 dst->est_throughput = src->est_throughput;
311 dst->snr = src->snr;
312
313 calculate_update_time(fetch_time, src->age, &dst->last_update);
314 }
315
316
wpa_bss_is_wps_candidate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)317 static int wpa_bss_is_wps_candidate(struct wpa_supplicant *wpa_s,
318 struct wpa_bss *bss)
319 {
320 #ifdef CONFIG_WPS
321 struct wpa_ssid *ssid;
322 struct wpabuf *wps_ie;
323 int pbc = 0, ret;
324
325 wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
326 if (!wps_ie)
327 return 0;
328
329 if (wps_is_selected_pbc_registrar(wps_ie)) {
330 pbc = 1;
331 } else if (!wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1)) {
332 wpabuf_free(wps_ie);
333 return 0;
334 }
335
336 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
337 if (!(ssid->key_mgmt & WPA_KEY_MGMT_WPS))
338 continue;
339 if (ssid->ssid_len &&
340 (ssid->ssid_len != bss->ssid_len ||
341 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) != 0))
342 continue;
343
344 if (pbc)
345 ret = eap_is_wps_pbc_enrollee(&ssid->eap);
346 else
347 ret = eap_is_wps_pin_enrollee(&ssid->eap);
348 wpabuf_free(wps_ie);
349 return ret;
350 }
351 wpabuf_free(wps_ie);
352 #endif /* CONFIG_WPS */
353
354 return 0;
355 }
356
357
is_p2p_pending_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)358 static bool is_p2p_pending_bss(struct wpa_supplicant *wpa_s,
359 struct wpa_bss *bss)
360 {
361 #ifdef CONFIG_P2P
362 u8 addr[ETH_ALEN];
363
364 if (os_memcmp(bss->bssid, wpa_s->pending_join_iface_addr,
365 ETH_ALEN) == 0)
366 return true;
367 if (!is_zero_ether_addr(wpa_s->pending_join_dev_addr) &&
368 p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len, addr) == 0 &&
369 os_memcmp(addr, wpa_s->pending_join_dev_addr, ETH_ALEN) == 0)
370 return true;
371 #endif /* CONFIG_P2P */
372 return false;
373 }
374
375
wpa_bss_known(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)376 static int wpa_bss_known(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
377 {
378 struct wpa_ssid *ssid;
379
380 if (is_p2p_pending_bss(wpa_s, bss))
381 return 1;
382
383 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
384 if (ssid->ssid == NULL || ssid->ssid_len == 0)
385 continue;
386 if (ssid->ssid_len == bss->ssid_len &&
387 os_memcmp(ssid->ssid, bss->ssid, ssid->ssid_len) == 0)
388 return 1;
389 }
390
391 return 0;
392 }
393
394
wpa_bss_in_use(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)395 static int wpa_bss_in_use(struct wpa_supplicant *wpa_s, struct wpa_bss *bss)
396 {
397 if (bss == wpa_s->current_bss)
398 return 1;
399
400 if (wpa_s->current_bss &&
401 (bss->ssid_len != wpa_s->current_bss->ssid_len ||
402 os_memcmp(bss->ssid, wpa_s->current_bss->ssid,
403 bss->ssid_len) != 0))
404 return 0; /* SSID has changed */
405
406 return !is_zero_ether_addr(bss->bssid) &&
407 (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) == 0 ||
408 os_memcmp(bss->bssid, wpa_s->pending_bssid, ETH_ALEN) == 0);
409 }
410
411
wpa_bss_remove_oldest_unknown(struct wpa_supplicant * wpa_s)412 static int wpa_bss_remove_oldest_unknown(struct wpa_supplicant *wpa_s)
413 {
414 struct wpa_bss *bss;
415
416 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
417 if (!wpa_bss_known(wpa_s, bss) &&
418 !wpa_bss_is_wps_candidate(wpa_s, bss)) {
419 wpa_bss_remove(wpa_s, bss, __func__);
420 return 0;
421 }
422 }
423
424 return -1;
425 }
426
427
wpa_bss_remove_oldest(struct wpa_supplicant * wpa_s)428 static int wpa_bss_remove_oldest(struct wpa_supplicant *wpa_s)
429 {
430 struct wpa_bss *bss;
431
432 /*
433 * Remove the oldest entry that does not match with any configured
434 * network.
435 */
436 if (wpa_bss_remove_oldest_unknown(wpa_s) == 0)
437 return 0;
438
439 /*
440 * Remove the oldest entry that isn't currently in use.
441 */
442 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
443 if (!wpa_bss_in_use(wpa_s, bss)) {
444 wpa_bss_remove(wpa_s, bss, __func__);
445 return 0;
446 }
447 }
448
449 return -1;
450 }
451
452
wpa_bss_add(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len,struct wpa_scan_res * res,struct os_reltime * fetch_time)453 static struct wpa_bss * wpa_bss_add(struct wpa_supplicant *wpa_s,
454 const u8 *ssid, size_t ssid_len,
455 struct wpa_scan_res *res,
456 struct os_reltime *fetch_time)
457 {
458 struct wpa_bss *bss;
459 char extra[50];
460
461 bss = os_zalloc(sizeof(*bss) + res->ie_len + res->beacon_ie_len);
462 if (bss == NULL)
463 return NULL;
464 bss->id = wpa_s->bss_next_id++;
465 bss->last_update_idx = wpa_s->bss_update_idx;
466 wpa_bss_copy_res(bss, res, fetch_time);
467 os_memcpy(bss->ssid, ssid, ssid_len);
468 bss->ssid_len = ssid_len;
469 bss->ie_len = res->ie_len;
470 bss->beacon_ie_len = res->beacon_ie_len;
471 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
472 wpa_bss_set_hessid(bss);
473
474 if (wpa_s->num_bss + 1 > wpa_s->conf->bss_max_count &&
475 wpa_bss_remove_oldest(wpa_s) != 0) {
476 wpa_printf(MSG_ERROR, "Increasing the MAX BSS count to %d "
477 "because all BSSes are in use. We should normally "
478 "not get here!", (int) wpa_s->num_bss + 1);
479 wpa_s->conf->bss_max_count = wpa_s->num_bss + 1;
480 }
481
482 dl_list_add_tail(&wpa_s->bss, &bss->list);
483 dl_list_add_tail(&wpa_s->bss_id, &bss->list_id);
484 wpa_s->num_bss++;
485 if (!is_zero_ether_addr(bss->hessid))
486 os_snprintf(extra, sizeof(extra), " HESSID " MACSTR,
487 MAC2STR(bss->hessid));
488 else
489 extra[0] = '\0';
490 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Add new id %u BSSID " MACSTR
491 " SSID '%s' freq %d%s",
492 bss->id, MAC2STR(bss->bssid), wpa_ssid_txt(ssid, ssid_len),
493 bss->freq, extra);
494 wpas_notify_bss_added(wpa_s, bss->bssid, bss->id);
495 return bss;
496 }
497
498
are_ies_equal(const struct wpa_bss * old,const struct wpa_scan_res * new_res,u32 ie)499 static int are_ies_equal(const struct wpa_bss *old,
500 const struct wpa_scan_res *new_res, u32 ie)
501 {
502 const u8 *old_ie, *new_ie;
503 struct wpabuf *old_ie_buff = NULL;
504 struct wpabuf *new_ie_buff = NULL;
505 int new_ie_len, old_ie_len, ret, is_multi;
506
507 switch (ie) {
508 case WPA_IE_VENDOR_TYPE:
509 old_ie = wpa_bss_get_vendor_ie(old, ie);
510 new_ie = wpa_scan_get_vendor_ie(new_res, ie);
511 is_multi = 0;
512 break;
513 case WPS_IE_VENDOR_TYPE:
514 old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie);
515 new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie);
516 is_multi = 1;
517 break;
518 case WLAN_EID_RSN:
519 case WLAN_EID_SUPP_RATES:
520 case WLAN_EID_EXT_SUPP_RATES:
521 old_ie = wpa_bss_get_ie(old, ie);
522 new_ie = wpa_scan_get_ie(new_res, ie);
523 is_multi = 0;
524 break;
525 default:
526 wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__);
527 return 0;
528 }
529
530 if (is_multi) {
531 /* in case of multiple IEs stored in buffer */
532 old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL;
533 new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL;
534 old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0;
535 new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0;
536 } else {
537 /* in case of single IE */
538 old_ie_len = old_ie ? old_ie[1] + 2 : 0;
539 new_ie_len = new_ie ? new_ie[1] + 2 : 0;
540 }
541
542 if (!old_ie || !new_ie)
543 ret = !old_ie && !new_ie;
544 else
545 ret = (old_ie_len == new_ie_len &&
546 os_memcmp(old_ie, new_ie, old_ie_len) == 0);
547
548 wpabuf_free(old_ie_buff);
549 wpabuf_free(new_ie_buff);
550
551 return ret;
552 }
553
554
wpa_bss_compare_res(const struct wpa_bss * old,const struct wpa_scan_res * new_res)555 static u32 wpa_bss_compare_res(const struct wpa_bss *old,
556 const struct wpa_scan_res *new_res)
557 {
558 u32 changes = 0;
559 int caps_diff = old->caps ^ new_res->caps;
560
561 if (old->freq != new_res->freq)
562 changes |= WPA_BSS_FREQ_CHANGED_FLAG;
563
564 if (old->level != new_res->level)
565 changes |= WPA_BSS_SIGNAL_CHANGED_FLAG;
566
567 if (caps_diff & IEEE80211_CAP_PRIVACY)
568 changes |= WPA_BSS_PRIVACY_CHANGED_FLAG;
569
570 if (caps_diff & IEEE80211_CAP_IBSS)
571 changes |= WPA_BSS_MODE_CHANGED_FLAG;
572
573 if (old->ie_len == new_res->ie_len &&
574 os_memcmp(wpa_bss_ie_ptr(old), new_res + 1, old->ie_len) == 0)
575 return changes;
576 changes |= WPA_BSS_IES_CHANGED_FLAG;
577
578 if (!are_ies_equal(old, new_res, WPA_IE_VENDOR_TYPE))
579 changes |= WPA_BSS_WPAIE_CHANGED_FLAG;
580
581 if (!are_ies_equal(old, new_res, WLAN_EID_RSN))
582 changes |= WPA_BSS_RSNIE_CHANGED_FLAG;
583
584 if (!are_ies_equal(old, new_res, WPS_IE_VENDOR_TYPE))
585 changes |= WPA_BSS_WPS_CHANGED_FLAG;
586
587 if (!are_ies_equal(old, new_res, WLAN_EID_SUPP_RATES) ||
588 !are_ies_equal(old, new_res, WLAN_EID_EXT_SUPP_RATES))
589 changes |= WPA_BSS_RATES_CHANGED_FLAG;
590
591 return changes;
592 }
593
594
notify_bss_changes(struct wpa_supplicant * wpa_s,u32 changes,const struct wpa_bss * bss)595 void notify_bss_changes(struct wpa_supplicant *wpa_s, u32 changes,
596 const struct wpa_bss *bss)
597 {
598 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
599 wpas_notify_bss_freq_changed(wpa_s, bss->id);
600
601 if (changes & WPA_BSS_SIGNAL_CHANGED_FLAG)
602 wpas_notify_bss_signal_changed(wpa_s, bss->id);
603
604 if (changes & WPA_BSS_PRIVACY_CHANGED_FLAG)
605 wpas_notify_bss_privacy_changed(wpa_s, bss->id);
606
607 if (changes & WPA_BSS_MODE_CHANGED_FLAG)
608 wpas_notify_bss_mode_changed(wpa_s, bss->id);
609
610 if (changes & WPA_BSS_WPAIE_CHANGED_FLAG)
611 wpas_notify_bss_wpaie_changed(wpa_s, bss->id);
612
613 if (changes & WPA_BSS_RSNIE_CHANGED_FLAG)
614 wpas_notify_bss_rsnie_changed(wpa_s, bss->id);
615
616 if (changes & WPA_BSS_WPS_CHANGED_FLAG)
617 wpas_notify_bss_wps_changed(wpa_s, bss->id);
618
619 if (changes & WPA_BSS_IES_CHANGED_FLAG)
620 wpas_notify_bss_ies_changed(wpa_s, bss->id);
621
622 if (changes & WPA_BSS_RATES_CHANGED_FLAG)
623 wpas_notify_bss_rates_changed(wpa_s, bss->id);
624
625 wpas_notify_bss_seen(wpa_s, bss->id);
626 }
627
628
629 static struct wpa_bss *
wpa_bss_update(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_scan_res * res,struct os_reltime * fetch_time)630 wpa_bss_update(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
631 struct wpa_scan_res *res, struct os_reltime *fetch_time)
632 {
633 u32 changes;
634
635 if (bss->last_update_idx == wpa_s->bss_update_idx) {
636 struct os_reltime update_time;
637
638 /*
639 * Some drivers (e.g., cfg80211) include multiple BSS entries
640 * for the same BSS if that BSS's channel changes. The BSS list
641 * implementation in wpa_supplicant does not do that and we need
642 * to filter out the obsolete results here to make sure only the
643 * most current BSS information remains in the table.
644 */
645 wpa_printf(MSG_DEBUG, "BSS: " MACSTR
646 " has multiple entries in the scan results - select the most current one",
647 MAC2STR(bss->bssid));
648 calculate_update_time(fetch_time, res->age, &update_time);
649 wpa_printf(MSG_DEBUG,
650 "Previous last_update: %u.%06u (freq %d%s)",
651 (unsigned int) bss->last_update.sec,
652 (unsigned int) bss->last_update.usec,
653 bss->freq,
654 (bss->flags & WPA_BSS_ASSOCIATED) ? " assoc" : "");
655 wpa_printf(MSG_DEBUG, "New last_update: %u.%06u (freq %d%s)",
656 (unsigned int) update_time.sec,
657 (unsigned int) update_time.usec,
658 res->freq,
659 (res->flags & WPA_SCAN_ASSOCIATED) ? " assoc" : "");
660 if ((bss->flags & WPA_BSS_ASSOCIATED) ||
661 (!(res->flags & WPA_SCAN_ASSOCIATED) &&
662 !os_reltime_before(&bss->last_update, &update_time))) {
663 wpa_printf(MSG_DEBUG,
664 "Ignore this BSS entry since the previous update looks more current");
665 return bss;
666 }
667 wpa_printf(MSG_DEBUG,
668 "Accept this BSS entry since it looks more current than the previous update");
669 }
670
671 changes = wpa_bss_compare_res(bss, res);
672 if (changes & WPA_BSS_FREQ_CHANGED_FLAG)
673 wpa_printf(MSG_DEBUG, "BSS: " MACSTR " changed freq %d --> %d",
674 MAC2STR(bss->bssid), bss->freq, res->freq);
675 bss->scan_miss_count = 0;
676 bss->last_update_idx = wpa_s->bss_update_idx;
677 wpa_bss_copy_res(bss, res, fetch_time);
678 /* Move the entry to the end of the list */
679 dl_list_del(&bss->list);
680 #ifdef CONFIG_P2P
681 if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) &&
682 !wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE)) {
683 /*
684 * This can happen when non-P2P station interface runs a scan
685 * without P2P IE in the Probe Request frame. P2P GO would reply
686 * to that with a Probe Response that does not include P2P IE.
687 * Do not update the IEs in this BSS entry to avoid such loss of
688 * information that may be needed for P2P operations to
689 * determine group information.
690 */
691 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Do not update scan IEs for "
692 MACSTR " since that would remove P2P IE information",
693 MAC2STR(bss->bssid));
694 } else
695 #endif /* CONFIG_P2P */
696 if (bss->ie_len + bss->beacon_ie_len >=
697 res->ie_len + res->beacon_ie_len) {
698 os_memcpy(bss->ies, res + 1, res->ie_len + res->beacon_ie_len);
699 bss->ie_len = res->ie_len;
700 bss->beacon_ie_len = res->beacon_ie_len;
701 } else {
702 struct wpa_bss *nbss;
703 struct dl_list *prev = bss->list_id.prev;
704 bool update_pending_connect = wpa_bss_check_pending_connect(
705 wpa_s, bss);
706 unsigned int i;
707 bool update_current_bss = wpa_s->current_bss == bss;
708 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
709 if (wpa_s->last_scan_res[i] == bss)
710 break;
711 }
712 dl_list_del(&bss->list_id);
713 nbss = os_realloc(bss, sizeof(*bss) + res->ie_len +
714 res->beacon_ie_len);
715 if (nbss) {
716 if (i != wpa_s->last_scan_res_used)
717 wpa_s->last_scan_res[i] = nbss;
718 if (update_current_bss)
719 wpa_s->current_bss = nbss;
720 if (update_pending_connect)
721 wpa_bss_update_pending_connect(wpa_s, nbss);
722 bss = nbss;
723 os_memcpy(bss->ies, res + 1,
724 res->ie_len + res->beacon_ie_len);
725 bss->ie_len = res->ie_len;
726 bss->beacon_ie_len = res->beacon_ie_len;
727 }
728 dl_list_add(prev, &bss->list_id);
729 }
730 if (changes & WPA_BSS_IES_CHANGED_FLAG)
731 wpa_bss_set_hessid(bss);
732 dl_list_add_tail(&wpa_s->bss, &bss->list);
733
734 notify_bss_changes(wpa_s, changes, bss);
735
736 return bss;
737 }
738
739
740 /**
741 * wpa_bss_update_start - Start a BSS table update from scan results
742 * @wpa_s: Pointer to wpa_supplicant data
743 *
744 * This function is called at the start of each BSS table update round for new
745 * scan results. The actual scan result entries are indicated with calls to
746 * wpa_bss_update_scan_res() and the update round is finished with a call to
747 * wpa_bss_update_end().
748 */
wpa_bss_update_start(struct wpa_supplicant * wpa_s)749 void wpa_bss_update_start(struct wpa_supplicant *wpa_s)
750 {
751 wpa_s->bss_update_idx++;
752 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Start scan result update %u",
753 wpa_s->bss_update_idx);
754 wpa_s->last_scan_res_used = 0;
755 }
756
757
758 /**
759 * wpa_bss_update_scan_res - Update a BSS table entry based on a scan result
760 * @wpa_s: Pointer to wpa_supplicant data
761 * @res: Scan result
762 * @fetch_time: Time when the result was fetched from the driver
763 *
764 * This function updates a BSS table entry (or adds one) based on a scan result.
765 * This is called separately for each scan result between the calls to
766 * wpa_bss_update_start() and wpa_bss_update_end().
767 */
wpa_bss_update_scan_res(struct wpa_supplicant * wpa_s,struct wpa_scan_res * res,struct os_reltime * fetch_time)768 void wpa_bss_update_scan_res(struct wpa_supplicant *wpa_s,
769 struct wpa_scan_res *res,
770 struct os_reltime *fetch_time)
771 {
772 const u8 *ssid, *p2p, *mesh;
773 struct wpa_bss *bss;
774
775 if (wpa_s->conf->ignore_old_scan_res) {
776 struct os_reltime update;
777 calculate_update_time(fetch_time, res->age, &update);
778 if (os_reltime_before(&update, &wpa_s->scan_trigger_time)) {
779 struct os_reltime age;
780 os_reltime_sub(&wpa_s->scan_trigger_time, &update,
781 &age);
782 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Ignore driver BSS "
783 "table entry that is %u.%06u seconds older "
784 "than our scan trigger",
785 (unsigned int) age.sec,
786 (unsigned int) age.usec);
787 return;
788 }
789 }
790
791 ssid = wpa_scan_get_ie(res, WLAN_EID_SSID);
792 if (ssid == NULL) {
793 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: No SSID IE included for "
794 MACSTR, MAC2STR(res->bssid));
795 return;
796 }
797 if (ssid[1] > SSID_MAX_LEN) {
798 wpa_dbg(wpa_s, MSG_DEBUG, "BSS: Too long SSID IE included for "
799 MACSTR, MAC2STR(res->bssid));
800 return;
801 }
802
803 p2p = wpa_scan_get_vendor_ie(res, P2P_IE_VENDOR_TYPE);
804 #ifdef CONFIG_P2P
805 if (p2p == NULL &&
806 wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE) {
807 /*
808 * If it's a P2P specific interface, then don't update
809 * the scan result without a P2P IE.
810 */
811 wpa_printf(MSG_DEBUG, "BSS: No P2P IE - skipping BSS " MACSTR
812 " update for P2P interface", MAC2STR(res->bssid));
813 return;
814 }
815 #endif /* CONFIG_P2P */
816 if (p2p && ssid[1] == P2P_WILDCARD_SSID_LEN &&
817 os_memcmp(ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) == 0)
818 return; /* Skip P2P listen discovery results here */
819
820 /* TODO: add option for ignoring BSSes we are not interested in
821 * (to save memory) */
822
823 mesh = wpa_scan_get_ie(res, WLAN_EID_MESH_ID);
824 if (mesh && mesh[1] <= SSID_MAX_LEN)
825 ssid = mesh;
826
827 bss = wpa_bss_get(wpa_s, res->bssid, ssid + 2, ssid[1]);
828 if (bss == NULL)
829 bss = wpa_bss_add(wpa_s, ssid + 2, ssid[1], res, fetch_time);
830 else {
831 bss = wpa_bss_update(wpa_s, bss, res, fetch_time);
832 if (wpa_s->last_scan_res) {
833 unsigned int i;
834 for (i = 0; i < wpa_s->last_scan_res_used; i++) {
835 if (bss == wpa_s->last_scan_res[i]) {
836 /* Already in the list */
837 return;
838 }
839 }
840 }
841 }
842
843 if (bss == NULL)
844 return;
845 if (wpa_s->last_scan_res_used >= wpa_s->last_scan_res_size) {
846 struct wpa_bss **n;
847 unsigned int siz;
848 if (wpa_s->last_scan_res_size == 0)
849 siz = 32;
850 else
851 siz = wpa_s->last_scan_res_size * 2;
852 n = os_realloc_array(wpa_s->last_scan_res, siz,
853 sizeof(struct wpa_bss *));
854 if (n == NULL)
855 return;
856 wpa_s->last_scan_res = n;
857 wpa_s->last_scan_res_size = siz;
858 }
859
860 if (wpa_s->last_scan_res)
861 wpa_s->last_scan_res[wpa_s->last_scan_res_used++] = bss;
862 }
863
864
wpa_bss_included_in_scan(const struct wpa_bss * bss,const struct scan_info * info)865 static int wpa_bss_included_in_scan(const struct wpa_bss *bss,
866 const struct scan_info *info)
867 {
868 int found;
869 size_t i;
870
871 if (info == NULL)
872 return 1;
873
874 if (info->num_freqs) {
875 found = 0;
876 for (i = 0; i < info->num_freqs; i++) {
877 if (bss->freq == info->freqs[i]) {
878 found = 1;
879 break;
880 }
881 }
882 if (!found)
883 return 0;
884 }
885
886 if (info->num_ssids) {
887 found = 0;
888 for (i = 0; i < info->num_ssids; i++) {
889 const struct wpa_driver_scan_ssid *s = &info->ssids[i];
890 if ((s->ssid == NULL || s->ssid_len == 0) ||
891 (s->ssid_len == bss->ssid_len &&
892 os_memcmp(s->ssid, bss->ssid, bss->ssid_len) ==
893 0)) {
894 found = 1;
895 break;
896 }
897 }
898 if (!found)
899 return 0;
900 }
901
902 return 1;
903 }
904
905
906 /**
907 * wpa_bss_update_end - End a BSS table update from scan results
908 * @wpa_s: Pointer to wpa_supplicant data
909 * @info: Information about scan parameters
910 * @new_scan: Whether this update round was based on a new scan
911 *
912 * This function is called at the end of each BSS table update round for new
913 * scan results. The start of the update was indicated with a call to
914 * wpa_bss_update_start().
915 */
wpa_bss_update_end(struct wpa_supplicant * wpa_s,struct scan_info * info,int new_scan)916 void wpa_bss_update_end(struct wpa_supplicant *wpa_s, struct scan_info *info,
917 int new_scan)
918 {
919 struct wpa_bss *bss, *n;
920
921 os_get_reltime(&wpa_s->last_scan);
922 if ((info && info->aborted) || !new_scan)
923 return; /* do not expire entries without new scan */
924
925 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
926 if (wpa_bss_in_use(wpa_s, bss))
927 continue;
928 if (!wpa_bss_included_in_scan(bss, info))
929 continue; /* expire only BSSes that were scanned */
930 if (bss->last_update_idx < wpa_s->bss_update_idx)
931 bss->scan_miss_count++;
932 if (bss->scan_miss_count >=
933 wpa_s->conf->bss_expiration_scan_count) {
934 wpa_bss_remove(wpa_s, bss, "no match in scan");
935 }
936 }
937
938 wpa_printf(MSG_DEBUG, "BSS: last_scan_res_used=%zu/%zu",
939 wpa_s->last_scan_res_used, wpa_s->last_scan_res_size);
940 }
941
942
943 /**
944 * wpa_bss_flush_by_age - Flush old BSS entries
945 * @wpa_s: Pointer to wpa_supplicant data
946 * @age: Maximum entry age in seconds
947 *
948 * Remove BSS entries that have not been updated during the last @age seconds.
949 */
wpa_bss_flush_by_age(struct wpa_supplicant * wpa_s,int age)950 void wpa_bss_flush_by_age(struct wpa_supplicant *wpa_s, int age)
951 {
952 struct wpa_bss *bss, *n;
953 struct os_reltime t;
954
955 if (dl_list_empty(&wpa_s->bss))
956 return;
957
958 os_get_reltime(&t);
959 t.sec -= age;
960
961 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
962 if (wpa_bss_in_use(wpa_s, bss))
963 continue;
964
965 if (os_reltime_before(&bss->last_update, &t)) {
966 wpa_bss_remove(wpa_s, bss, __func__);
967 } else
968 break;
969 }
970 }
971
972
973 /**
974 * wpa_bss_init - Initialize BSS table
975 * @wpa_s: Pointer to wpa_supplicant data
976 * Returns: 0 on success, -1 on failure
977 *
978 * This prepares BSS table lists and timer for periodic updates. The BSS table
979 * is deinitialized with wpa_bss_deinit() once not needed anymore.
980 */
wpa_bss_init(struct wpa_supplicant * wpa_s)981 int wpa_bss_init(struct wpa_supplicant *wpa_s)
982 {
983 dl_list_init(&wpa_s->bss);
984 dl_list_init(&wpa_s->bss_id);
985 return 0;
986 }
987
988
989 /**
990 * wpa_bss_flush - Flush all unused BSS entries
991 * @wpa_s: Pointer to wpa_supplicant data
992 */
wpa_bss_flush(struct wpa_supplicant * wpa_s)993 void wpa_bss_flush(struct wpa_supplicant *wpa_s)
994 {
995 struct wpa_bss *bss, *n;
996
997 wpa_s->clear_driver_scan_cache = 1;
998
999 if (wpa_s->bss.next == NULL)
1000 return; /* BSS table not yet initialized */
1001
1002 dl_list_for_each_safe(bss, n, &wpa_s->bss, struct wpa_bss, list) {
1003 if (wpa_bss_in_use(wpa_s, bss))
1004 continue;
1005 wpa_bss_remove(wpa_s, bss, __func__);
1006 }
1007 }
1008
1009
1010 /**
1011 * wpa_bss_deinit - Deinitialize BSS table
1012 * @wpa_s: Pointer to wpa_supplicant data
1013 */
wpa_bss_deinit(struct wpa_supplicant * wpa_s)1014 void wpa_bss_deinit(struct wpa_supplicant *wpa_s)
1015 {
1016 wpa_bss_flush(wpa_s);
1017 }
1018
1019
1020 /**
1021 * wpa_bss_get_bssid - Fetch a BSS table entry based on BSSID
1022 * @wpa_s: Pointer to wpa_supplicant data
1023 * @bssid: BSSID
1024 * Returns: Pointer to the BSS entry or %NULL if not found
1025 */
wpa_bss_get_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)1026 struct wpa_bss * wpa_bss_get_bssid(struct wpa_supplicant *wpa_s,
1027 const u8 *bssid)
1028 {
1029 struct wpa_bss *bss;
1030 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1031 return NULL;
1032 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1033 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0)
1034 return bss;
1035 }
1036 return NULL;
1037 }
1038
1039
1040 /**
1041 * wpa_bss_get_bssid_latest - Fetch the latest BSS table entry based on BSSID
1042 * @wpa_s: Pointer to wpa_supplicant data
1043 * @bssid: BSSID
1044 * Returns: Pointer to the BSS entry or %NULL if not found
1045 *
1046 * This function is like wpa_bss_get_bssid(), but full BSS table is iterated to
1047 * find the entry that has the most recent update. This can help in finding the
1048 * correct entry in cases where the SSID of the AP may have changed recently
1049 * (e.g., in WPS reconfiguration cases).
1050 */
wpa_bss_get_bssid_latest(struct wpa_supplicant * wpa_s,const u8 * bssid)1051 struct wpa_bss * wpa_bss_get_bssid_latest(struct wpa_supplicant *wpa_s,
1052 const u8 *bssid)
1053 {
1054 struct wpa_bss *bss, *found = NULL;
1055 if (!wpa_supplicant_filter_bssid_match(wpa_s, bssid))
1056 return NULL;
1057 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1058 if (os_memcmp(bss->bssid, bssid, ETH_ALEN) != 0)
1059 continue;
1060 if (found == NULL ||
1061 os_reltime_before(&found->last_update, &bss->last_update))
1062 found = bss;
1063 }
1064 return found;
1065 }
1066
1067
1068 #ifdef CONFIG_P2P
1069 /**
1070 * wpa_bss_get_p2p_dev_addr - Fetch the latest BSS table entry based on P2P Device Addr
1071 * @wpa_s: Pointer to wpa_supplicant data
1072 * @dev_addr: P2P Device Address of the GO
1073 * Returns: Pointer to the BSS entry or %NULL if not found
1074 *
1075 * This function tries to find the entry that has the most recent update. This
1076 * can help in finding the correct entry in cases where the SSID of the P2P
1077 * Device may have changed recently.
1078 */
wpa_bss_get_p2p_dev_addr(struct wpa_supplicant * wpa_s,const u8 * dev_addr)1079 struct wpa_bss * wpa_bss_get_p2p_dev_addr(struct wpa_supplicant *wpa_s,
1080 const u8 *dev_addr)
1081 {
1082 struct wpa_bss *bss, *found = NULL;
1083 dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss, list) {
1084 u8 addr[ETH_ALEN];
1085 if (p2p_parse_dev_addr(wpa_bss_ie_ptr(bss), bss->ie_len,
1086 addr) != 0 ||
1087 os_memcmp(addr, dev_addr, ETH_ALEN) != 0)
1088 continue;
1089 if (!found ||
1090 os_reltime_before(&found->last_update, &bss->last_update))
1091 found = bss;
1092 }
1093 return found;
1094 }
1095 #endif /* CONFIG_P2P */
1096
1097
1098 /**
1099 * wpa_bss_get_id - Fetch a BSS table entry based on identifier
1100 * @wpa_s: Pointer to wpa_supplicant data
1101 * @id: Unique identifier (struct wpa_bss::id) assigned for the entry
1102 * Returns: Pointer to the BSS entry or %NULL if not found
1103 */
wpa_bss_get_id(struct wpa_supplicant * wpa_s,unsigned int id)1104 struct wpa_bss * wpa_bss_get_id(struct wpa_supplicant *wpa_s, unsigned int id)
1105 {
1106 struct wpa_bss *bss;
1107 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1108 if (bss->id == id)
1109 return bss;
1110 }
1111 return NULL;
1112 }
1113
1114
1115 /**
1116 * wpa_bss_get_id_range - Fetch a BSS table entry based on identifier range
1117 * @wpa_s: Pointer to wpa_supplicant data
1118 * @idf: Smallest allowed identifier assigned for the entry
1119 * @idf: Largest allowed identifier assigned for the entry
1120 * Returns: Pointer to the BSS entry or %NULL if not found
1121 *
1122 * This function is similar to wpa_bss_get_id() but allows a BSS entry with the
1123 * smallest id value to be fetched within the specified range without the
1124 * caller having to know the exact id.
1125 */
wpa_bss_get_id_range(struct wpa_supplicant * wpa_s,unsigned int idf,unsigned int idl)1126 struct wpa_bss * wpa_bss_get_id_range(struct wpa_supplicant *wpa_s,
1127 unsigned int idf, unsigned int idl)
1128 {
1129 struct wpa_bss *bss;
1130 dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
1131 if (bss->id >= idf && bss->id <= idl)
1132 return bss;
1133 }
1134 return NULL;
1135 }
1136
1137
1138 /**
1139 * wpa_bss_get_ie - Fetch a specified information element from a BSS entry
1140 * @bss: BSS table entry
1141 * @ie: Information element identitifier (WLAN_EID_*)
1142 * Returns: Pointer to the information element (id field) or %NULL if not found
1143 *
1144 * This function returns the first matching information element in the BSS
1145 * entry.
1146 */
wpa_bss_get_ie(const struct wpa_bss * bss,u8 ie)1147 const u8 * wpa_bss_get_ie(const struct wpa_bss *bss, u8 ie)
1148 {
1149 return get_ie(wpa_bss_ie_ptr(bss), bss->ie_len, ie);
1150 }
1151
1152
1153 /**
1154 * wpa_bss_get_ie_ext - Fetch a specified extended IE from a BSS entry
1155 * @bss: BSS table entry
1156 * @ext: Information element extension identifier (WLAN_EID_EXT_*)
1157 * Returns: Pointer to the information element (id field) or %NULL if not found
1158 *
1159 * This function returns the first matching information element in the BSS
1160 * entry.
1161 */
wpa_bss_get_ie_ext(const struct wpa_bss * bss,u8 ext)1162 const u8 * wpa_bss_get_ie_ext(const struct wpa_bss *bss, u8 ext)
1163 {
1164 return get_ie_ext(wpa_bss_ie_ptr(bss), bss->ie_len, ext);
1165 }
1166
1167
1168 /**
1169 * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry
1170 * @bss: BSS table entry
1171 * @vendor_type: Vendor type (four octets starting the IE payload)
1172 * Returns: Pointer to the information element (id field) or %NULL if not found
1173 *
1174 * This function returns the first matching information element in the BSS
1175 * entry.
1176 */
wpa_bss_get_vendor_ie(const struct wpa_bss * bss,u32 vendor_type)1177 const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type)
1178 {
1179 const u8 *ies;
1180 const struct element *elem;
1181
1182 ies = wpa_bss_ie_ptr(bss);
1183
1184 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies, bss->ie_len) {
1185 if (elem->datalen >= 4 &&
1186 vendor_type == WPA_GET_BE32(elem->data))
1187 return &elem->id;
1188 }
1189
1190 return NULL;
1191 }
1192
1193
1194 /**
1195 * wpa_bss_get_vendor_ie_beacon - Fetch a vendor information from a BSS entry
1196 * @bss: BSS table entry
1197 * @vendor_type: Vendor type (four octets starting the IE payload)
1198 * Returns: Pointer to the information element (id field) or %NULL if not found
1199 *
1200 * This function returns the first matching information element in the BSS
1201 * entry.
1202 *
1203 * This function is like wpa_bss_get_vendor_ie(), but uses IE buffer only
1204 * from Beacon frames instead of either Beacon or Probe Response frames.
1205 */
wpa_bss_get_vendor_ie_beacon(const struct wpa_bss * bss,u32 vendor_type)1206 const u8 * wpa_bss_get_vendor_ie_beacon(const struct wpa_bss *bss,
1207 u32 vendor_type)
1208 {
1209 const u8 *ies;
1210 const struct element *elem;
1211
1212 if (bss->beacon_ie_len == 0)
1213 return NULL;
1214
1215 ies = wpa_bss_ie_ptr(bss);
1216 ies += bss->ie_len;
1217
1218 for_each_element_id(elem, WLAN_EID_VENDOR_SPECIFIC, ies,
1219 bss->beacon_ie_len) {
1220 if (elem->datalen >= 4 &&
1221 vendor_type == WPA_GET_BE32(elem->data))
1222 return &elem->id;
1223 }
1224
1225 return NULL;
1226 }
1227
1228
1229 /**
1230 * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry
1231 * @bss: BSS table entry
1232 * @vendor_type: Vendor type (four octets starting the IE payload)
1233 * Returns: Pointer to the information element payload or %NULL if not found
1234 *
1235 * This function returns concatenated payload of possibly fragmented vendor
1236 * specific information elements in the BSS entry. The caller is responsible for
1237 * freeing the returned buffer.
1238 */
wpa_bss_get_vendor_ie_multi(const struct wpa_bss * bss,u32 vendor_type)1239 struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss,
1240 u32 vendor_type)
1241 {
1242 struct wpabuf *buf;
1243 const u8 *end, *pos;
1244
1245 buf = wpabuf_alloc(bss->ie_len);
1246 if (buf == NULL)
1247 return NULL;
1248
1249 pos = wpa_bss_ie_ptr(bss);
1250 end = pos + bss->ie_len;
1251
1252 while (end - pos > 1) {
1253 u8 ie, len;
1254
1255 ie = pos[0];
1256 len = pos[1];
1257 if (len > end - pos - 2)
1258 break;
1259 pos += 2;
1260 if (ie == WLAN_EID_VENDOR_SPECIFIC && len >= 4 &&
1261 vendor_type == WPA_GET_BE32(pos))
1262 wpabuf_put_data(buf, pos + 4, len - 4);
1263 pos += len;
1264 }
1265
1266 if (wpabuf_len(buf) == 0) {
1267 wpabuf_free(buf);
1268 buf = NULL;
1269 }
1270
1271 return buf;
1272 }
1273
1274
1275 /**
1276 * wpa_bss_get_vendor_ie_multi_beacon - Fetch vendor IE data from a BSS entry
1277 * @bss: BSS table entry
1278 * @vendor_type: Vendor type (four octets starting the IE payload)
1279 * Returns: Pointer to the information element payload or %NULL if not found
1280 *
1281 * This function returns concatenated payload of possibly fragmented vendor
1282 * specific information elements in the BSS entry. The caller is responsible for
1283 * freeing the returned buffer.
1284 *
1285 * This function is like wpa_bss_get_vendor_ie_multi(), but uses IE buffer only
1286 * from Beacon frames instead of either Beacon or Probe Response frames.
1287 */
wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss * bss,u32 vendor_type)1288 struct wpabuf * wpa_bss_get_vendor_ie_multi_beacon(const struct wpa_bss *bss,
1289 u32 vendor_type)
1290 {
1291 struct wpabuf *buf;
1292 const u8 *end, *pos;
1293
1294 buf = wpabuf_alloc(bss->beacon_ie_len);
1295 if (buf == NULL)
1296 return NULL;
1297
1298 pos = wpa_bss_ie_ptr(bss);
1299 pos += bss->ie_len;
1300 end = pos + bss->beacon_ie_len;
1301
1302 while (end - pos > 1) {
1303 if (2 + pos[1] > end - pos)
1304 break;
1305 if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 &&
1306 vendor_type == WPA_GET_BE32(&pos[2]))
1307 wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4);
1308 pos += 2 + pos[1];
1309 }
1310
1311 if (wpabuf_len(buf) == 0) {
1312 wpabuf_free(buf);
1313 buf = NULL;
1314 }
1315
1316 return buf;
1317 }
1318
1319
1320 /**
1321 * wpa_bss_get_max_rate - Get maximum legacy TX rate supported in a BSS
1322 * @bss: BSS table entry
1323 * Returns: Maximum legacy rate in units of 500 kbps
1324 */
wpa_bss_get_max_rate(const struct wpa_bss * bss)1325 int wpa_bss_get_max_rate(const struct wpa_bss *bss)
1326 {
1327 int rate = 0;
1328 const u8 *ie;
1329 int i;
1330
1331 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1332 for (i = 0; ie && i < ie[1]; i++) {
1333 if ((ie[i + 2] & 0x7f) > rate)
1334 rate = ie[i + 2] & 0x7f;
1335 }
1336
1337 ie = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1338 for (i = 0; ie && i < ie[1]; i++) {
1339 if ((ie[i + 2] & 0x7f) > rate)
1340 rate = ie[i + 2] & 0x7f;
1341 }
1342
1343 return rate;
1344 }
1345
1346
1347 /**
1348 * wpa_bss_get_bit_rates - Get legacy TX rates supported in a BSS
1349 * @bss: BSS table entry
1350 * @rates: Buffer for returning a pointer to the rates list (units of 500 kbps)
1351 * Returns: number of legacy TX rates or -1 on failure
1352 *
1353 * The caller is responsible for freeing the returned buffer with os_free() in
1354 * case of success.
1355 */
wpa_bss_get_bit_rates(const struct wpa_bss * bss,u8 ** rates)1356 int wpa_bss_get_bit_rates(const struct wpa_bss *bss, u8 **rates)
1357 {
1358 const u8 *ie, *ie2;
1359 int i, j;
1360 unsigned int len;
1361 u8 *r;
1362
1363 ie = wpa_bss_get_ie(bss, WLAN_EID_SUPP_RATES);
1364 ie2 = wpa_bss_get_ie(bss, WLAN_EID_EXT_SUPP_RATES);
1365
1366 len = (ie ? ie[1] : 0) + (ie2 ? ie2[1] : 0);
1367
1368 r = os_malloc(len);
1369 if (!r)
1370 return -1;
1371
1372 for (i = 0; ie && i < ie[1]; i++)
1373 r[i] = ie[i + 2] & 0x7f;
1374
1375 for (j = 0; ie2 && j < ie2[1]; j++)
1376 r[i + j] = ie2[j + 2] & 0x7f;
1377
1378 *rates = r;
1379 return len;
1380 }
1381
1382
1383 #ifdef CONFIG_FILS
wpa_bss_get_fils_cache_id(const struct wpa_bss * bss)1384 const u8 * wpa_bss_get_fils_cache_id(const struct wpa_bss *bss)
1385 {
1386 const u8 *ie;
1387
1388 if (bss) {
1389 ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
1390 if (ie && ie[1] >= 4 && WPA_GET_LE16(ie + 2) & BIT(7))
1391 return ie + 4;
1392 }
1393
1394 return NULL;
1395 }
1396 #endif /* CONFIG_FILS */
1397
1398
wpa_bss_ext_capab(const struct wpa_bss * bss,unsigned int capab)1399 int wpa_bss_ext_capab(const struct wpa_bss *bss, unsigned int capab)
1400 {
1401 if (!bss)
1402 return 0;
1403 return ieee802_11_ext_capab(wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB),
1404 capab);
1405 }
1406
