Make it clearer that ap_scan=2 mode should not be used with nl80211
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.
Signed-off-by: Jouni Malinen <j@w1.fi>
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index d427883..627f38b 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -406,6 +406,11 @@
* one by one until the driver reports successful association; each
* network block should have explicit security policy (i.e., only one
* option in the lists) for key_mgmt, pairwise, group, proto variables.
+ *
+ * Note: ap_scan=2 should not be used with the nl80211 driver interface
+ * (the current Linux interface). ap_scan=1 is optimized work working
+ * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in
+ * the network block can be used with nl80211.
*/
int ap_scan;
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 1c63e51..7ef326c 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -225,7 +225,9 @@
*
* scan_ssid can be used to scan for APs using hidden SSIDs.
* Note: Many drivers do not support this. ap_mode=2 can be used with
- * such drivers to use hidden SSIDs.
+ * such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers
+ * do support scan_ssid=1 and that should be used with them instead of
+ * ap_scan=2.
*/
int scan_ssid;
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 9951b0f..fa94cc7 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -2790,6 +2790,11 @@
if (ap_scan < 0 || ap_scan > 2)
return -1;
+ if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
+ wpa_printf(MSG_INFO,
+ "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
+ }
+
#ifdef ANDROID
if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
wpa_s->wpa_state >= WPA_ASSOCIATING &&
@@ -3295,6 +3300,12 @@
}
}
+ if (wpa_s->conf->ap_scan == 2 &&
+ os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
+ wpa_printf(MSG_INFO,
+ "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
+ }
+
wpa_clear_keys(wpa_s, NULL);
/* Make sure that TKIP countermeasures are not left enabled (could
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index ba88a73..6fe67e4 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -108,6 +108,10 @@
# the driver reports successful association; each network block should have
# explicit security policy (i.e., only one option in the lists) for
# key_mgmt, pairwise, group, proto variables
+# Note: ap_scan=2 should not be used with the nl80211 driver interface (the
+# current Linux interface). ap_scan=1 is optimized work working with nl80211.
+# For finding networks using hidden SSID, scan_ssid=1 in the network block can
+# be used with nl80211.
# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
# created immediately regardless of scan results. ap_scan=1 mode will first try
# to scan for existing networks and only if no matches with the enabled
