wpa_supplicant源码分析–扫描scan过程

1 扫描过程

一个完整的扫描过程 下发命令–>wpa_s构建扫描参数–>驱动扫描–>wpa_s接收到驱动的扫描结果

接收到framework/wpa_cli下发的SCAN命令

if (os_strncmp(buf, "SCAN ", 5) == 0) {
wpas_ctrl_scan(wpa_s, buf + 5, reply, reply_size, &reply_len);

1.1 wpa_supplicant_scan

做一些检测配置工作，然后将扫描的发起动作添加到radio_work中

wpa_supplicant_scan( wpa_supplicant *wpa_s )
{
//检查环境配置
//
！wpa_s->pno                                     //非pno状态
！wpa_s->wpa_state == WPA_INTERFACE_DISABLED     //网口在可用状态
//wpa_s中的scan一共有3种类型 NORMAL_SCAN_REQ wpa_s自主发起的，INITIAL_SCAN_REQ 对网口第一次发起的扫描， MANUAL_SCAN_REQ 上层命令发起的扫描
//当前wifi为断开状态，并且是wpa_s发起的扫描，则直接设置wpa_s状态为断开，不再扫描
！(wpa_s->disconnected && wpa_s->scan_req == NORMAL_SCAN_REQ)
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);

//如果已经在扫描，则延后1秒再发起扫描
if (wpa_s->scanning)
wpa_supplicant_req_scan(wpa_s, 1, 0);

//conf文件中没有使能/可用的网络，并且是wpa_s自主发起的扫描，则直接返回，并设置状态
（!wpa_supplicant_enabled_networks(wpa_s) && wpa_s->scan_req == NORMAL_SCAN_REQ)）
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);

//设置扫描类型为正常扫描
wpa_s->scan_req = NORMAL_SCAN_REQ;

//设置wpa_s的状态为 SCANNING
wpa_supplicant_set_state(wpa_s, WPA_SCANNING);

//如果设置了autosan， 直接扫描
if (wpa_s->autoscan_params != NULL)

//如果该项不为空，则直接关联，跳过扫描步骤，在stat模式中没有这一项，p2p中可能会用到
if(wpa_s->connect_without_scan)
wpa_supplicant_associate(wpa_s, NULL, ssid);

//android中的扫描都是扫描所有，也可以扫描单个ssid
wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;

//wps和p2p会用到指定扫描的频率
wpa_supplicant_optimize_freqs(wpa_s, ¶ms);

//如果conf中定义了filter_bssid使能，那么扫描结果中只包含conf中已有的ssid
params.filter_ssids = wpa_supplicant_build_filter_ssids(wpa_s->conf, ¶ms.num_filter_ssids);

//触发扫描
ret = wpa_supplicant_trigger_scan(wpa_s, scan_params);
{
//添加到ridio work中， ridio work会在eloop循环中调用执行
radio_add_work(wpa_s, 0, "scan", 0, wpas_trigger_scan_cb, ctx)
{
//将scan用的raido work添加到 wpa_s radio的工作链表中
dl_list_add_tail(&wpa_s->radio->work, &work->list);
}
}
}

1.2 radio_work调用CB

当radio_work执行到wpas_trigger_scan_cb时，调用驱动中的扫描方法，然后通过初始化过程中创建的genl socket 下发扫描动作然后等待驱动处理

//驱动中的扫描
ret = wpa_drv_scan(wpa_s, params);
wpa_s->driver->scan2(wpa_s->drv_priv, params)
driver_nl80211_scan2
wpa_driver_nl80211_scan（bss， params）
{
//生成nl msg
struct nl_msg *msg = nl80211_scan_common(drv, NL80211_CMD_TRIGGER_SCAN, params, bss->wdev_id_set ? &bss->wdev_id : NULL);
//通过nl发送消息，扫描返回的event接收到后再处理
ret = send_and_recv_msgs(drv, msg, NULL, NULL);

//如果驱动不支持上报扫描结果的event，那么注册超时10秒，如果支持，注册超时30秒， 利用wpa_driver_nl80211_scan_timeout读取扫描结果
eloop_register_timeout(10/30, 0, wpa_driver_nl80211_scan_timeout,drv, drv->ctx);
//最终会调用wpa_supplicant_event(timeout_ctx, EVENT_SCAN_RESULTS, NULL);接收扫描结果
}

1.3 scan耗时统计

wpa_s中关于扫描统计了两个耗时

1 下发驱动扫描命令到驱动执行扫描的时间

//正式运行radio work时间
radio_start_next_work（）
os_get_reltime(&now);
work->cb(work, 0);
wpas_trigger_scan_cb()
os_get_reltime(&wpa_s->scan_trigger_time);

//下发驱动扫描后，接收到driver  EVENT_SCAN_STARTED（这个event就是为了输出log，没有什么实际的操作）
//计算开始扫描时间
os_get_reltime(&wpa_s->scan_start_time);
//输出socket调用时间
os_reltime_sub(&wpa_s->scan_start_time, &wpa_s->scan_trigger_time, &diff);
wpa_dbg(wpa_s, MSG_DEBUG, "Own scan request started a scan in %ld.%06ld seconds", diff.sec, diff.usec);

2 驱动执行扫描的耗时

//计算dirver发送上EVENT_SCAN_STARTED 和 EVENT_SCAN_RESULTS 耗时
os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds",diff.sec, diff.usec);

1.4 接收扫描结果

wpa_s接收到扫描结果，并保存在wpa_s bss链表中

wpa_supplicant_event(wpa_supplicant *wpa_s, EVENT_SCAN_RESULTS, NULL);
{
//计算dirver发送上EVENT_SCAN_STARTED 和 EVENT_SCAN_RESULTS 耗时
os_reltime_sub(&now, &wpa_s->scan_start_time, &diff);
wpa_dbg(wpa_s, MSG_DEBUG, "Scan completed in %ld.%06ld seconds",diff.sec, diff.usec);
//获取扫描结果， 如果返回值为0，则成功获取到扫描结果
wpa_supplicant_event_scan_results（）
_wpa_supplicant_event_scan_results(wpa_s, data, 1)
{
//从驱动获取扫描结果，
struct wpa_scan_results *scan_res = wpa_supplicant_get_scan_results(wpa_s,  data ? &data->scan_info : NULL, 1);
{
//从驱动中获取结果
scan_res = wpa_drv_get_scan_results2(wpa_s);
wpa_driver_nl80211_get_scan_results(void *priv)
{
//生成msg 并从驱动中获取，bss_info_handler 为处理结果的函数
nl80211_cmd(drv, msg, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
ret = send_and_recv_msgs(drv, msg, bss_info_handler, &arg);
}

//检查wpa_s->bssid_filter，如果不为空则进行filter
filter_scan_res(wpa_s, scan_res);
//进行一次排序
qsort(scan_res->res, scan_res->num, sizeof(struct wpa_scan_res *), compar);

//for 更新每一个扫描结果，存储到wpa_s bbs链表和 bssid中
wpa_bss_update_scan_res(wpa_s, scan_res->res[i], &scan_res->fetch_time);
}

//处理下一次radio work
radio_work_done(work);

//一般来说，这里不会选取网络连接，忽略不计
wpas_select_network_from_last_scan(wpa_s, 1, own_request);
{
//从扫描结果中选取一个bss网络
selected = wpa_supplicant_pick_network(wpa_s, &ssid（null）);
//判断是否需要漫游，这里不太明白，没看到匹配加密方式的,
skip = !wpa_supplicant_need_to_roam(wpa_s, selected, ssid);
{
//根据当前连接的bss网络信号强度和选择的网络信号强度的差值判断是否需要漫游
//这是wpa_s自主决定的漫游，有三个地方可以决定漫游 framework wpa_s driver
current_bss->level < -85 ： min_diff = 1;
current_bss->level < -80 ： min_diff = 2;
current_bss->level < -75 ： min_diff = 3;
current_bss->level < -70 ： min_diff = 4;
current_bss->level > -70 ： min_diff = 5;
}
}
}
}

1.5 流程图

2 连接过程

待补充