3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-28 03:42:34 +01:00
Commit Graph

6319 Commits

Author SHA1 Message Date
James Prestwood
73e428cf3f auto-t: add test for encrypted profiles 2022-02-15 17:44:25 -06:00
James Prestwood
1157e0a184 doc: document SystemdEncrypt 2022-02-15 17:44:20 -06:00
James Prestwood
e8e9c68dea main: add SystemdEncrypt option, and initialize key
Recently systemd added the ability to pass secret credentials to
services via LoadCredentialEncrypted/SetCredentialEncrypted. Once
set up the service is able to read the decrypted credentials from
a file. The file path is found in the environment variable
CREDENTIALS_DIRECTORY + an identifier. The value of SystemdEncrypt
should be set to the systemd key ID used when the credential was
created.

When SystemdEncrypt is set IWD will attempt to read the decrypted
secret from systemd. If at any point this fails warnings will be
printed but IWD will continue normally. Its expected that any failures
will result in the inability to connect to any networks which have
previously encrypted the passphrase/PSK without re-entering
the passphrase manually. This could happen, for example, if the
systemd secret was changed.

Once the secret is read in it is set into storage to be used for
profile encryption/decryption.
2022-02-15 17:38:51 -06:00
James Prestwood
64f225df6e hotspot: implement hotspot profile encryption
Using storage_decrypt() hotspot can also support profile encyption.
The hotspot consortium name is used as the 'ssid' since this stays
consistent between hotspot networks for any profile.
2022-02-15 17:22:21 -06:00
James Prestwood
01cd858760 storage: implement network profile encryption
Some users don't like the idea of storing network credentials in
plaintext on the file system.  This patch implements an option to
encrypt such profiles using a secret key.  The origin of the key can in
theory be anything, but would typically be provided by systemd via
'LoadEncryptedCredential' setting in the iwd unit file.

The encryption operates on the entire [Security] group as well as all
embedded groups. Once encrypted the [Security] group will be replaced
with two key/values:

EncryptedSalt - A random string of bytes used for the encryption
EncryptedSecurity - A string of bytes containing the encrypted
                    [Security] group, as well as all embedded groups.

After the profile has been encrypted these values should not be
modified.  Note that any values added to [Security] after encryption
has no effect.  Once the profile is encrypted there is no way to modify
[Security] without manually decrypting first, or just re-creating it
entirely which effectively treated a 'new' profile.

The encryption/decryption is done using AES-SIV with a salt value and
the network SSID as the IV.

Once a key is set any profiles opened will automatically be encrypted
and re-written to disk.  Modules using network_storage_open will be
provided the decrypted profile, and will be unaware it was ever
encrypted in the first place.  Similarly when network_storage_sync is
called the profile will by automatically encrypted and written to disk
without the caller needing to do anything special.

A few private storage.c helpers were added to serve several purposes:

storage_init/exit():
This sets/cleans up the encryption key direct from systemd then uses
extract and expand to create a new fixed length key to perform
encryption/decryption.

__storage_decrypt():
Low level API to decrypt an l_settings object using a previously set
key and the SSID/name for the network.  This returns a 'changed' out
parameter signifying that the settings need to be encrypted and
re-written to disk.  The purpose of exposing this is for a standalone
decryption tool which does not re-write any settings.

storage_decrypt():
Wrapper around __storage_decrypt() that handles re-writing a new
profile to disk. This was exposed in order to support hotspot profiles.

__storage_encrypt():
Encrypts an l_settings object and returns the full profile as data
2022-02-15 17:19:33 -06:00
James Prestwood
429eabf042 dpp: unregister interface on exit
This fixes a cleanup issue where DPP tries to cleanup both on
dpp_exit() and when netdev goes down.
2022-02-15 15:13:52 -06:00
James Prestwood
06ec2a2e32 dpp-util: fix dpp_point_from_asn1
This got merged without a few additional fixes, in particular an
over 80 character line and incorrect length check.

Fixes: d8116e8828 ("dpp-util: add dpp_point_from_asn1()")
2022-02-14 16:22:43 -06:00
James Prestwood
b1c4a505b2 hwsim: don't print on when send frame fails
This happens quite often and spams the console with this error.
2022-02-14 16:03:51 -06:00
Denis Kenzior
3a91efd3a8 manager: Refine filtered dumps
When we detect a new phy being added, we schedule a filtered dump of
the newly detected WIPHY and associated INTERFACEs.  This code path and
related processing of the dumps was mostly shared with the un-filtered
dump of all WIPHYs and INTERFACEs which is performed when iwd starts.
This normally worked fine as long as a single WIPHY was created at a
time.  However, if multiphy new phys were detected in a short amount of
time, the logic would get confused and try to process phys that have not
been probed yet.  This resulted in iwd trying to create devices or not
detecting devices properly.

Fix this by only processing the target WIPHY and related INTERFACEs
when the filtered dump is performed, and not any additional ones that
might still be pending.

While here, remove a misleading comment:
manager_wiphy_check_setup_done() would succeed only if iwd decided to
keep the default interfaces created by the kernel.
2022-02-14 16:02:23 -06:00
James Prestwood
9966533e6a auto-t: add test for fixed scanning crash
This simulates the conditions that trigger a free-after-use which was
fixed with:

2c355db7 ("scan: remove periodic scans from queue on abort")

This behavior can be reproduced reliably using this test with the above
patch reverted.
2022-02-14 16:02:23 -06:00
James Prestwood
94cc957c5e auto-t: iwd.py: add wait argument to scan()
Lets the test continue without waiting for the method return
2022-02-14 16:02:23 -06:00
James Prestwood
86cfa25910 test-runner: allow IWD to start with no radios
This is useful for testing hotplug scenarios
2022-02-14 16:02:14 -06:00
James Prestwood
32465396eb station: fix >80 character lines 2022-02-10 16:22:00 -06:00
James Prestwood
91caecedec station: only log station_autoconnect_start if autoconnecting
This debug print was before any checks which could bail out prior to
autoconnect starting. This was confusing because debug logs would
contain multiple "station_autoconnect_start()" prints making you think
autoconnect was started several times.
2022-02-10 16:21:21 -06:00
James Prestwood
2c355db7fa scan: remove periodic scans from queue on abort
The periodic scan code was refactored to make normal scans and
periodic scans consistent by keeping both in the same queue. But
that change left out the abort path where periodic scans were not
actually removed from the queue.

This fixes a rare crash when a periodic scan has been triggered and
the device goes down. This path never removes the request from the
queue but still frees it. Then when the scan context is removed the
stale request is freed again.

0 0x4bb65b in scan_request_cancel src/scan.c:202
1 0x64313c in l_queue_clear ell/queue.c:107
2 0x643348 in l_queue_destroy ell/queue.c:82
3 0x4bbfb7 in scan_context_free src/scan.c:209
4 0x4c9a78 in scan_wdev_remove src/scan.c:2115
5 0x42fecd in netdev_free src/netdev.c:965
6 0x445827 in netdev_destroy src/netdev.c:6507
7 0x52beb9 in manager_config_notify src/manager.c:765
8 0x67084b in process_multicast ell/genl.c:1029
9 0x67084b in received_data ell/genl.c:1096
10 0x65e790 in io_callback ell/io.c:120
11 0x65aaae in l_main_iterate ell/main.c:478
12 0x65b213 in l_main_run ell/main.c:525
13 0x65b213 in l_main_run ell/main.c:507
14 0x65b72c in l_main_run_with_signal ell/main.c:647
15 0x4124e7 in main src/main.c:532
2022-02-07 16:11:23 -06:00
James Prestwood
2e0a7d265c netdev: fix crash from not cancelling netdev_get_oci
If netdev_connect_failed is called before netdev_get_oci_cb() the
netdev's handshake will be destroyed and ultimately crash when the
callback is called.

This patch moves the cancelation into netdev_connect_free rather than
netdev_free.

++++++++ backtrace ++++++++
0  0x7f4e1787d320 in /lib64/libc.so.6
1  0x42634c in handshake_state_set_chandef() at src/handshake.c:1057
2  0x40a11b in netdev_get_oci_cb() at src/netdev.c:2387
3  0x483d7b in process_unicast() at ell/genl.c:986
4  0x480d3c in io_callback() at ell/io.c:120
5  0x48004d in l_main_iterate() at ell/main.c:472 (discriminator 2)
6  0x4800fc in l_main_run() at ell/main.c:521
7  0x48032c in l_main_run_with_signal() at ell/main.c:649
8  0x403e95 in main() at src/main.c:532
9  0x7f4e17867b75 in /lib64/libc.so.6
+++++++++++++++++++++++++++
2022-02-07 13:51:04 -06:00
Marcel Holtmann
9a81a4a967 Release 1.24 2022-02-04 15:00:35 +01:00
James Prestwood
b44e32fde9 auto-t: only wait for wpa_s to get the DPP configuration
As far as wpa_supplicant goes we don't need to test if it can actually
connect to the network, just that it receives the DPP configuration.
2022-02-03 13:54:54 -06:00
James Prestwood
672098118d netdev: fix bug setting OWE IE length
The length was being set to whatever the last nl80211 attribute was,
not the length for the RESP_IE iteration.
2022-02-03 11:40:08 -06:00
Denis Kenzior
8a5b3f6880 handshake: Do not crash if handshake is destroyed
Commit 4d2176df29 ("handshake: Allow event handler to free handshake")
introduced a re-entrancy guard so that handshake_state objects that are
destroyed as a result of the event do not cause a crash.  It rightly
used a temporary object to store the passed in handshake.  Unfortunately
this caused variable shadowing which resulted in crashes fixed by commit
d22b174a73 ("handshake: use _hs directly in handshake_event").
However, since the temporary was no longer used, this fix itself caused
a crash:

 #0  0x00005555f0ba8b3d in eapol_handle_ptk_1_of_4 (sm=sm@entry=0x5555f2b4a920, ek=0x5555f2b62588, ek@entry=0x16, unencrypted=unencrypted@entry=false) at src/eapol.c:1236
1236				handshake_event(sm->handshake,
(gdb) bt
 #0  0x00005555f0ba8b3d in eapol_handle_ptk_1_of_4 (sm=sm@entry=0x5555f2b4a920, ek=0x5555f2b62588, ek@entry=0x16, unencrypted=unencrypted@entry=false) at src/eapol.c:1236
 #1  0x00005555f0bab118 in eapol_key_handle (unencrypted=<optimized out>, frame=<optimized out>, sm=0x5555f2b4a920) at src/eapol.c:2343
 #2  eapol_rx_packet (proto=<optimized out>, from=<optimized out>, frame=<optimized out>, unencrypted=<optimized out>, user_data=0x5555f2b4a920) at src/eapol.c:2665
 #3  0x00005555f0bac497 in __eapol_rx_packet (ifindex=62, src=src@entry=0x5555f2b62574 "x\212 J\207\267", proto=proto@entry=34958, frame=frame@entry=0x5555f2b62588 "\002\003",
   len=len@entry=121, noencrypt=noencrypt@entry=false) at src/eapol.c:3017
 #4  0x00005555f0b8c617 in netdev_control_port_frame_event (netdev=0x5555f2b64450, msg=0x5555f2b62588) at src/netdev.c:5574
 #5  netdev_unicast_notify (msg=msg@entry=0x5555f2b619a0, user_data=<optimized out>) at src/netdev.c:5613
 #6  0x00007f60084c9a51 in dispatch_unicast_watches (msg=0x5555f2b619a0, id=<optimized out>, genl=0x5555f2b3fc80) at ell/genl.c:954
 #7  process_unicast (nlmsg=0x7fff61abeac0, genl=0x5555f2b3fc80) at ell/genl.c:973
 #8  received_data (io=<optimized out>, user_data=0x5555f2b3fc80) at ell/genl.c:1098
 #9  0x00007f60084c61bd in io_callback (fd=<optimized out>, events=1, user_data=0x5555f2b3fd20) at ell/io.c:120
 #10 0x00007f60084c536d in l_main_iterate (timeout=<optimized out>) at ell/main.c:478
 #11 0x00007f60084c543e in l_main_run () at ell/main.c:525
 #12 l_main_run () at ell/main.c:507
 #13 0x00007f60084c5670 in l_main_run_with_signal (callback=callback@entry=0x5555f0b89150 <signal_handler>, user_data=user_data@entry=0x0) at ell/main.c:647
 #14 0x00005555f0b886a4 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:532

This happens when the driver does not support rekeying, which causes iwd to
attempt a disconnect and re-connect.  The disconnect action is
taken during the event callback and destroys the underlying eapol state
machine.  Since a temporary isn't used, attempting to dereference
sm->handshake results in a crash.

Fix this by introducing a UNIQUE_ID macro which should prevent shadowing
and using a temporary variable as originally intended.

Fixes: d22b174a73 ("handshake: use _hs directly in handshake_event")
Fixes: 4d2176df29 ("handshake: Allow event handler to free handshake")
Reported-By: Toke Høiland-Jørgensen <toke@toke.dk>
Tested-by: Toke Høiland-Jørgensen <toke@toke.dk>
2022-02-03 09:44:08 -06:00
Denis Kenzior
fe2272c112 dbus: netdev/wheel do not use .Agent interface
There is no need to punch the holes for netdev/wheel groups to send to
the .Agent interface.  This is only done by the iwd daemon itself and
the policy for user 'root' already takes care of this.
2022-01-31 14:06:20 -06:00
Denis Kenzior
ceb43cb354 dbus: ead: Remove at_console usage
For reasons already outlined in commit:
010b0e27f9 ("dbus: Remove 'at_console', add 'netdev' settings")
2022-01-31 14:04:15 -06:00
James Prestwood
6ff99f1766 scan: parse BSS_SIGNAL_UNSPEC, fix potential zero signal
A select few drivers send this instead of SIGNAL_MBM. The docs say this
value is the signal 'in unspecified units, scaled to 0..100'. The range
for SIGNAL_MBM is -10000..0 so this can be scaled to the MBM range easy
enough...

Now, this isn't exactly correct because this value ultimately gets
returned from GetOrderedNetworks() and is documented as 100 * dBm where
in reality its just a unit-less signal strength value. Its not ideal, but
this patch at least will fix BSS ranking for these few drivers.
2022-01-31 13:40:19 -06:00
Marcel Holtmann
1284a6ca9f Release 1.23 2022-01-27 14:32:41 +01:00
Diederik de Haas
010b0e27f9 dbus: Remove 'at_console', add 'netdev' settings
The 'at_console' D-Bus policy setting has been deprecated for more then
10 years and could be ignored at any time in the future. Moreover, while
the intend was to allow locally logged on users to interact with iwd, it
didn't actually do that.
More info at https://www.spinics.net/lists/linux-bluetooth/msg75267.html
and https://gitlab.freedesktop.org/dbus/dbus/-/issues/52
Therefor remove the 'at_console' setting block.

On Debian (based) systems, there is a standard defined group which is
allowed to manage network interfaces, and that is the 'netdev' group.
So add a D-Bus setting block to grant the 'netdev' group that access.
2022-01-26 14:03:27 -06:00
James Prestwood
d4b93220c5 sae: fix missing reallocarray definition
Building on GCC 8 resulted in this compiler error.

src/sae.c:107:25: error: implicit declaration of function 'reallocarray';
	did you mean 'realloc'? [-Werror=implicit-function-declaration]
	sm->rejected_groups = reallocarray(NULL, 2, sizeof(uint16_t));
2022-01-26 13:21:52 -06:00
Denis Kenzior
b47ada02bf treewide: Fix compiler warnings
src/erp.c:134:10: error: comparison of integer expressions of different
signedness: 'unsigned int' and 'int' [-Werror=sign-compare]

src/eap-ttls.c:378:10: error: comparison of integer expressions of different signedness: 'uint32_t' {aka 'unsigned int'} and 'int' [-Werror=sign-compare]
2022-01-26 13:21:52 -06:00
James Prestwood
d22b174a73 handshake: use _hs directly in handshake_event
Fixes the following crash:
 #0  0x000211c4 in netdev_connect_event (msg=<optimized out>, netdev=0x2016940) at src/netdev.c:2915
 #1  0x76f11220 in process_multicast (nlmsg=0x7e8acafc, group=<optimized out>, genl=<optimized out>) at ell/genl.c:1029
 #2  received_data (io=<optimized out>, user_data=<optimized out>) at ell/genl.c:1096
 #3  0x76f0da08 in io_callback (fd=<optimized out>, events=1, user_data=0x200a560) at ell/io.c:120
 #4  0x76f0ca78 in l_main_iterate (timeout=<optimized out>) at ell/main.c:478
 #5  0x76f0cb74 in l_main_run () at ell/main.c:525
 #6  l_main_run () at ell/main.c:507
 #7  0x76f0cdd4 in l_main_run_with_signal (callback=callback@entry=0x18c94 <signal_handler>, user_data=user_data@entry=0x0)
   at ell/main.c:647
 #8  0x00018178 in main (argc=<optimized out>, argv=<optimized out>) at src/main.c:532

This crash was introduced in commit:
4d2176df29 ("handshake: Allow event handler to free handshake")

The culprit seems to be that 'hs' is being used both in the caller and
in the macro.  Since the macro defines a variable 'hs' in local block
scope, it overrides 'hs' from function scope.  Yet (_hs) still evaluates
to 'hs' leading the local variable to be initialized with itself.  Only
the 'handshake_event(hs, HANDSHAKE_EVENT_SETTING_KEYS))' is affected
since it is the only macro invocation that uses 'hs' from function
scope.  Thus, the crash would only happen on hardware supporting handshake
offload (brcmfmac).

Fix this by removing the local scope variable declaration and evaluate
(_hs) instead.

Fixes: 4d2176df29 ("handshake: Allow event handler to free handshake")
2022-01-26 13:20:00 -06:00
James Prestwood
b2d0bb08a0 network: fix double whitespace 2022-01-24 16:39:45 -06:00
Marcel Holtmann
ccf571f78b Release 1.22 2022-01-24 22:27:50 +01:00
Marcel Holtmann
570fc638a7 build: Require at least version 0.48 when building with external ELL 2022-01-24 21:51:09 +01:00
Denis Kenzior
30b04bc3bb json: Tighten up json_iter_get_int/get_uint
- Ensure that input isn't an empty string

- Ensure that EINVAL errno (which could be optionally returned by
  strto{ul|l} is also checked.

- Since strtoul allows '+' and '-' characters in input, ensure that
  input which is expected to be an unsigned number doesn't start with
  '-'
2022-01-23 11:22:34 -06:00
James Prestwood
26b7446178 sae: pass exact length to l_ecc_point_from_data
l_ecc_point_from_data now strictly enforces the buffer length.
2022-01-21 13:44:59 -06:00
James Prestwood
d8116e8828 dpp-util: add dpp_point_from_asn1()
Given an ASN1 blob of the right form, parse and create
an l_ecc_point object. The form used is specific to DPP
hence why this isn't general purpose and put into dpp-util.
2022-01-21 10:52:26 -06:00
Andrew Zaborowski
dfaf6e045f p2p: Fix ie_tlv_extract_wfd_payload call typo 2022-01-21 08:53:35 -06:00
Andrew Zaborowski
4d2176df29 handshake: Allow event handler to free handshake
Like in ap.c, allow the event callback to mark the handshake state as
destroyed, without causing invalid accesses after the callback has
returned.  In this case the crash was because try_handshake_complete
needed to access members of handshake_state after emitting the event,
as well as access the netdev, which also has been destroyed:

==257707== Invalid read of size 8
==257707==    at 0x408C85: try_handshake_complete (netdev.c:1487)
==257707==    by 0x408C85: try_handshake_complete (netdev.c:1480)
(...)
==257707==  Address 0x4e187e8 is 856 bytes inside a block of size 872 free'd
==257707==    at 0x484621F: free (in /usr/libexec/valgrind/vgpreload_memcheck-amd64-linux.so)
==257707==    by 0x437887: ap_stop_handshake (ap.c:151)
==257707==    by 0x439793: ap_del_station (ap.c:316)
==257707==    by 0x43EA92: ap_station_disconnect (ap.c:3411)
==257707==    by 0x43EA92: ap_station_disconnect (ap.c:3399)
==257707==    by 0x454276: p2p_group_event (p2p.c:1006)
==257707==    by 0x439147: ap_event (ap.c:281)
==257707==    by 0x4393AB: ap_new_rsna (ap.c:390)
==257707==    by 0x4393AB: ap_handshake_event (ap.c:1010)
==257707==    by 0x408C7F: try_handshake_complete (netdev.c:1485)
==257707==    by 0x408C7F: try_handshake_complete (netdev.c:1480)
(...)
2022-01-21 08:51:49 -06:00
Andrew Zaborowski
079489bd66 ap: Don't defer ap_reset when ap_free called in event
Previously we added logic to defer doing anything in ap_free() to after
the AP event handler has returned so that ap_event() has a chance to
inform whoever called it that the ap_state has been freed.  But there's
also a chance that the event handler is destroying both the AP and the
netdev it runs on, so after the handler has returned we can't even use
netdev_get_wdev_id or netdev_get_ifindex.  The easiest solution seems to
be to call ap_reset() in ap_free() even if we're within an event handler
to ensure we no longer need any external objects.  Also make sure
ap_reset() can be called multiple times.

Another option would be to watch for NETDEV_WATCH_EVENT_DEL and remove
our reference to the netdev (because there's no need actually call
l_rtnl_ifaddr_delete or frame_watch_wdev_remove if the netdev was
destroyed -- frame_watch already tracks netdev removals), or to save
just the ifindex and the wdev id...
2022-01-21 08:51:04 -06:00
Denis Kenzior
4a3792da7e doc: Rename device-provisioning.txt
device-provisioning.txt is an API file, so name it accordingly.
2022-01-20 14:22:32 -06:00
James Prestwood
76b6aa66b3 dpp: fix dpp_offchannel_start corner cases
The purpose of this was to have a single utility to both cancel an
existing offchannel operation (if one exists) and start a new one.

The problem was the previous offchannel operation was being canceled
first which opened up the radio work queue to other items. This is
not desireable as, for example, a scan would end up breaking the
DPP protocol most likely.

Starting the new offchannel then canceling is the correct order of
operations but to do this required saving the new ID, canceling, then
setting offchannel_id to the new ID so dpp_presence_timeout wouldn't
overwrite the new ID to zero.

This also removes an explicit call to offchannel_cancel which is
already done by dpp_offchannel_start.
2022-01-20 14:19:56 -06:00
James Prestwood
8ce491fbb2 dpp: use own/peer naming rather than i/r
Several members are named based on initiator/responder (i/r)
terminology. Eventually both initiator and responder will be
supported so rename these members to use own/peer naming
instead.
2022-01-20 14:11:44 -06:00
James Prestwood
52fafd8f5b dpp-util: use ell/asn1-private.h for ASN1 generation
ASN1 parsing will soon be required which will need some utilities in
asn1-private.h. To avoid duplication include this private header and
replace the OID's with the defined structures as well as remove the
duplicated macros.
2022-01-20 13:59:37 -06:00
James Prestwood
73cd3578d9 station: fix OWE scan logic with autoconnect
station_set_scan_results takes an autoconnect flag which was being
set true in both regular/quick autoconnect scans. Since OWE networks
are processed after setting the scan results IWD could end up
connecting to a network before all the OWE hidden networks are
populated.

To fix this regular/quick autoconnect results will set the flag to
false, then process OWE networks, then start autoconnect. If any
OWE network scans are pending station_autoconnect_start will fail
but will pick back up after the hidden OWE scan.
2022-01-20 13:54:14 -06:00
James Prestwood
ac78076663 eap-pwd: add length checks for fragmented packets 2022-01-20 13:49:32 -06:00
James Prestwood
e500511490 test-runner: set --show-leak-kinds=all
This enables leak checks starting in main() which were previously
ignored.
2022-01-19 17:17:26 -06:00
James Prestwood
f70c0cb2f9 dpp: free nl80211 object on exit 2022-01-19 17:17:26 -06:00
James Prestwood
c3b18c44e0 auto-t: roam test to simulate reported crash
During investigation another separate crash was found. The original is
caused by a disconnect event coming in after a neighbor report scan
was completed (roam failed) during the full roam scan.

The second crash is caused by a disconnect coming in during a full
roam scan when no neighbor report scan was ever issued.
2022-01-19 16:37:51 -06:00
James Prestwood
301a55c8c3 auto-t: hostapd.py: add remove_neighbor() 2022-01-19 16:37:51 -06:00
James Prestwood
2c6bb735ac station: send debug "roam-scan-triggered" event 2022-01-19 16:37:51 -06:00
Denis Kenzior
62978ef0fb scan: Allow scan_cancel for finished requests
scan_request_failed and scan_finished remove the finished scan_request
from the request queue right away, before calling the callback.  This
breaks those clients that rely on scan_cancel working on such requests
(i.e. to force the destroy callback to be invoked synchronously, see
a0911ca778 ("station: Make sure roam_scan_id is always canceled").

Fix this by removing the scan_request from the request queue after
invoking the callback.  Also provide a re-entrancy guard that will make
sure that the scan_request isn't removed in scan_cancel itself.
2022-01-19 16:37:21 -06:00
Denis Kenzior
bef550df81 scan: Simplify scan_finished
There are similar operations being performed but with different
callbacks and userdata, depending on whether 'sr' is NULL or not.
Optimize the function flow slightly to make if-else unnecessary.

While here, update the comment.  periodic scans are now scheduled only
based on the periodic timeout timer.
2022-01-19 16:37:21 -06:00