275424 – IEEE80211_IOC_SCAN_MAX_SSID differs from IEEE80211_SCAN_MAX_SSID

Bug 275424 - IEEE80211_IOC_SCAN_MAX_SSID differs from IEEE80211_SCAN_MAX_SSID

Summary: IEEE80211_IOC_SCAN_MAX_SSID differs from IEEE80211_SCAN_MAX_SSID

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	wireless (show other bugs)
Version:	13.2-STABLE
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-wireless (Nobody)

URL:
Keywords:

Depends on:
Blocks:	283171
	Show dependency tree / graph

Reported:	2023-11-29 08:34 UTC by Mikhail Pchelin
Modified:	2024-12-07 01:00 UTC (History)
CC List:	1 user (show)

See Also:

Attachments
Change IEEE80211_IOC_SCAN_MAX_SSID to match IEEE80211_SCAN_MAX_SSID v1 (618 bytes, patch) 2023-11-29 08:34 UTC, Mikhail Pchelin	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mikhail Pchelin freebsd_committer

2023-11-29 08:34:40 UTC

Created attachment 246653 [details]
Change IEEE80211_IOC_SCAN_MAX_SSID to match IEEE80211_SCAN_MAX_SSID v1

Ioctl for scan requests takes up to IEEE80211_IOC_SCAN_MAX_SSID (3) ssid's, but scan module defines maximum supported SSID's for scan (IEEE80211_SCAN_MAX_SSID) as 1, and throws away everything above that. 

IEEE80211_IOC_SCAN_MAX_SSID (3) define is picked up by wpa_supplicant in base to export this as BSD driver maximum scan ssids.

Suggested patch changes IEEE80211_IOC_SCAN_MAX_SSID to 1.

Other option would be to make it other way around, changing IEEE80211_SCAN_MAX_SSID to 3, but it seems that iwi driver is capable of 1 directed scan maximum - not sure if this show-stopper.

Comment 1 Bjoern A. Zeeb freebsd_committer

2023-11-29 17:49:46 UTC

If you look at

net80211::ieee80211_scanreq():

you'll find the following comment:

  /* NB: silently reduce ssid count to what is supported */

It's hard to say (given the huge updates pushed back then) why the IOC version was introduced but it seems it was done on purpose.

The hostap history says it was done for FreeBSD 8 support:
88487b0e0b524aae7603c17b7db7985ae9a810c9


If you look further at the code, you'll find that despite being capped (further down the stack, e.g. down to ieee80211_scan_copy_ssid()) the number of SSIDs is passed down.

If you look further in scan_curchan()/ieee80211_swscan_probe_curchan() you can see that it would send a probe request per SSID and that matches the comment in ieee80211_scan.h.  But that code was there before already.  Seems to have come in with 68e8e04e93c1ec3d37022223b69073f50d3d4981.

I wonder if this is missing follow-up work to finish it given modern hardware can probe 16/20/.. SSIDs?

Comment 2 Mikhail Pchelin freebsd_committer

2023-12-05 08:03:36 UTC

I didn't emphasize it in original report, but my main concern is that this define is picked up by wpa_supplicant, and then it's exported as MaxScanSSID driver capability, so consumers of wpa_supplicant dbus interface will pick it up and users will believe that (for example) iwm(4) will issue 3 probe requests, but in reality it will be only 1.

So - my patch is just tidying up the API.

I currently have no plans to make a patch to bump it to 16/20.