It's not easy to find the difference between the scan result of wpa_cli and iw. In some cases, especially a lot of APs operating in the same environment, the difference scan results between each other can be observed.
For instance, I've more than 300 APs in my test environment, but my test always shown there are around 50 APs in wpa_cli scan result but no problems in iw. We know wpa_cli is coming from wpa_supplicant, and both wpa_suuplcant and iw are open source for Linux-based system. In this article I would like to show the difference between how wpa_cli and iw to get scan result.
In wpa_cli before getting scan results you need to perform "SCAN" first and then perform "SCAN_RESULTS". The duration between performing "SCAN" and "SCAN_RESULTS" should be more than 5 seconds. IW is much easier to get scan results, you just need to perform "scan" and the result will output.
In source code of wpa_cli, we can find when an user execute "SCAN_RESULTS" command it will create a buffer as an argument to input wpa_ctrl_request in _wpa_ctrl_command. This buffer will get the scan_results from a Wi-Fi driver through IPC and it is the first size limitation to fetch scan results in wpa_cli.
After enlarged this buffer size it is not enough to get full scan results, the second point is to adjust bss_max_count in wpa_supplicant.conf. The default setting is 200. If the scan result is larger than bss_max_count, the oldest BSSID will be removed from queue.
In iw it gets scan results by callback (handler), so each results fetched by Wi-Fi driver will be output by iw. A scan command is combined handle_scan_dump and handle_scan. So you can find the scan result is printed out by handle_scan_dump.
- wpa_supplicant: https://w1.fi/wpa_supplicant/
- iw: https://wireless.wiki.kernel.org/en/users/Documentation/iw
沒有留言:
張貼留言