Good morning Jonah,

I think I got something.

On Thu, Aug 10, 2017 at 4:51 PM, Jonah Petri <jonah@sense.com> wrote:
> What I see empirically is that with the brcmfmac driver on a bcm 43430 chip, on linux 4.1.15, the max_ssids is reported as 10. I am definitely a novice when it comes to anything below wpa_supplicant, but could it be that active scan only probes for the specifically-mentioned networks? From my reading, this active scanning mechanism seems to be intended for finding specific SSIDs, e.g. hidden SSIDs. However, empirically in my case, if the MAC can't see the requested network, it does not report any scan results at all.

I missed something here. In active scan request we are asking wpa_supplicant to look for specific SSIDs in specific channels. In my case, I had a lot of "known-services" then basically the active request includes a lot of channels and that's what I continue seeing many APs in range. To confirm this theory, I let only one folder in {STOREDIR}/connman/wifi_* and I modified the settings file of that remaining services by changing the frequency to a 5GHz channel. Then I forced ConnMan to handle only an interface which I know only supports 2.4GHz. Doing so ConnMan would ask an active scan only in that 5GHz channel and then the scan result should be empty. The results confirmed this idea and I could reproduce this issue, scan list was empty.

So, according to the your dbus logs, there should not exist any AP using 2437 in your range, is it true? Try to do what I did and modify the settings file of your "known-service" to a frequency you are sure there are APs in your range. Doing so you should be able see them now. Remember to kill ConnMan before modifying that settings file then re-launch ConnMan or just reboot your system to get the changes applied.

> My 2ยข: If "Active" scanning will indeed only return results for the SSIDs mentioned in the scan parameters, then I think ConnMan should *always* schedule a passive scan afterwards, perhaps by just calling wifi_scan_simple() in the scan_callback() of an active scan.
>
> Thoughts?

That sounds reasonable. You should just take into account the timing, you cannot immediately ask wpa_supplicant for another scan because it could just be discarded due to there is another ongoing. That second passive scan needs to be done once you are sure the active scan has finished. You could try to implement this, I will think if this is the best we can do. Then we can test and discuss the options.

As always comments/suggestions are welcomed.

Regards,

Jose Blanquicet