Make it clearer that ap_scan=2 mode should not be used with nl80211

Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index d427883487d33637ad145a8bd0fa52d1d046ec0b..627f38b6e005617f5800853586b0141f986a380b 100644 (file)
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -406,6 +406,11 @@ struct wpa_config {
         * one by one until the driver reports successful association; each
         * network block should have explicit security policy (i.e., only one
         * option in the lists) for key_mgmt, pairwise, group, proto variables.
+        *
+        * Note: ap_scan=2 should not be used with the nl80211 driver interface
+        * (the current Linux interface). ap_scan=1 is optimized work working
+        * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in
+        * the network block can be used with nl80211.
         */
        int ap_scan;
 

diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 1c63e51969ce98be7cf7d8edbcf30788340fff8d..7ef326cfbed634c8f34024861b13c17e6106b7bc 100644 (file)
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -225,7 +225,9 @@ struct wpa_ssid {
         *
         * scan_ssid can be used to scan for APs using hidden SSIDs.
         * Note: Many drivers do not support this. ap_mode=2 can be used with
-        * such drivers to use hidden SSIDs.
+        * such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers
+        * do support scan_ssid=1 and that should be used with them instead of
+        * ap_scan=2.
         */
        int scan_ssid;
 

diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9951b0f4fc437876670d5bb221b1d748819898ed..fa94cc7127ba16ad6b11270544a8360ea463a672 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2790,6 +2790,11 @@ int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
        if (ap_scan < 0 || ap_scan > 2)
                return -1;
 
+       if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
+               wpa_printf(MSG_INFO,
+                          "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
+       }
+
 #ifdef ANDROID
        if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
            wpa_s->wpa_state >= WPA_ASSOCIATING &&
@@ -3295,6 +3300,12 @@ int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
                }
        }
 
+       if (wpa_s->conf->ap_scan == 2 &&
+           os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
+               wpa_printf(MSG_INFO,
+                          "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
+       }
+
        wpa_clear_keys(wpa_s, NULL);
 
        /* Make sure that TKIP countermeasures are not left enabled (could

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index ba88a738a8372e2f2bbf7686a44c30b0edcb12a1..6fe67e473c5ea6d8cb636bac6b3044d5d129555a 100644 (file)
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -108,6 +108,10 @@ eapol_version=1
 #    the driver reports successful association; each network block should have
 #    explicit security policy (i.e., only one option in the lists) for
 #    key_mgmt, pairwise, group, proto variables
+# Note: ap_scan=2 should not be used with the nl80211 driver interface (the
+# current Linux interface). ap_scan=1 is optimized work working with nl80211.
+# For finding networks using hidden SSID, scan_ssid=1 in the network block can
+# be used with nl80211.
 # When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
 # created immediately regardless of scan results. ap_scan=1 mode will first try
 # to scan for existing networks and only if no matches with the enabled