2 * Scanning implementation
4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
5 * Copyright 2004, Instant802 Networks, Inc.
6 * Copyright 2005, Devicescape Software, Inc.
7 * Copyright 2006-2007 Jiri Benc <jbenc@suse.cz>
8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License version 2 as
12 * published by the Free Software Foundation.
15 #include <linux/if_arp.h>
16 #include <linux/rtnetlink.h>
17 #include <net/mac80211.h>
19 #include "ieee80211_i.h"
20 #include "driver-ops.h"
23 #define IEEE80211_PROBE_DELAY (HZ / 33)
24 #define IEEE80211_CHANNEL_TIME (HZ / 33)
25 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8)
27 struct ieee80211_bss *
28 ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
29 u8 *ssid, u8 ssid_len)
31 struct cfg80211_bss *cbss;
33 cbss = cfg80211_get_bss(local->hw.wiphy,
34 ieee80211_get_channel(local->hw.wiphy, freq),
35 bssid, ssid, ssid_len, 0, 0);
38 return (void *)cbss->priv;
41 static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
43 struct ieee80211_bss *bss = (void *)cbss->priv;
45 kfree(bss_mesh_id(bss));
46 kfree(bss_mesh_cfg(bss));
49 void ieee80211_rx_bss_put(struct ieee80211_local *local,
50 struct ieee80211_bss *bss)
54 cfg80211_put_bss(container_of((void *)bss, struct cfg80211_bss, priv));
57 static bool is_uapsd_supported(struct ieee802_11_elems *elems)
61 if (elems->wmm_info && elems->wmm_info_len == 7
62 && elems->wmm_info[5] == 1)
63 qos_info = elems->wmm_info[6];
64 else if (elems->wmm_param && elems->wmm_param_len == 24
65 && elems->wmm_param[5] == 1)
66 qos_info = elems->wmm_param[6];
68 /* no valid wmm information or parameter element found */
71 return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
74 struct ieee80211_bss *
75 ieee80211_bss_info_update(struct ieee80211_local *local,
76 struct ieee80211_rx_status *rx_status,
77 struct ieee80211_mgmt *mgmt,
79 struct ieee802_11_elems *elems,
80 struct ieee80211_channel *channel,
83 struct cfg80211_bss *cbss;
84 struct ieee80211_bss *bss;
88 if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
89 signal = rx_status->signal * 100;
90 else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
91 signal = (rx_status->signal * 100) / local->hw.max_signal;
93 cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
94 mgmt, len, signal, GFP_ATOMIC);
99 cbss->free_priv = ieee80211_rx_bss_free;
100 bss = (void *)cbss->priv;
102 /* save the ERP value so that it is available at association time */
103 if (elems->erp_info && elems->erp_info_len >= 1) {
104 bss->erp_value = elems->erp_info[0];
105 bss->has_erp_value = 1;
109 struct ieee80211_tim_ie *tim_ie =
110 (struct ieee80211_tim_ie *)elems->tim;
111 bss->dtim_period = tim_ie->dtim_period;
114 bss->supp_rates_len = 0;
115 if (elems->supp_rates) {
116 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
117 if (clen > elems->supp_rates_len)
118 clen = elems->supp_rates_len;
119 memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
121 bss->supp_rates_len += clen;
123 if (elems->ext_supp_rates) {
124 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
125 if (clen > elems->ext_supp_rates_len)
126 clen = elems->ext_supp_rates_len;
127 memcpy(&bss->supp_rates[bss->supp_rates_len],
128 elems->ext_supp_rates, clen);
129 bss->supp_rates_len += clen;
132 bss->wmm_used = elems->wmm_param || elems->wmm_info;
133 bss->uapsd_supported = is_uapsd_supported(elems);
136 bss->last_probe_resp = jiffies;
142 ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
144 struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
145 struct ieee80211_mgmt *mgmt;
146 struct ieee80211_bss *bss;
148 struct ieee80211_channel *channel;
152 bool presp, beacon = false;
153 struct ieee802_11_elems elems;
156 return RX_DROP_UNUSABLE;
158 mgmt = (struct ieee80211_mgmt *) skb->data;
159 fc = mgmt->frame_control;
161 if (ieee80211_is_ctl(fc))
165 return RX_DROP_MONITOR;
167 presp = ieee80211_is_probe_resp(fc);
169 /* ignore ProbeResp to foreign address */
170 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
171 return RX_DROP_MONITOR;
174 elements = mgmt->u.probe_resp.variable;
175 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
177 beacon = ieee80211_is_beacon(fc);
178 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
179 elements = mgmt->u.beacon.variable;
182 if (!presp && !beacon)
185 if (baselen > skb->len)
186 return RX_DROP_MONITOR;
188 ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
190 if (elems.ds_params && elems.ds_params_len == 1)
191 freq = ieee80211_channel_to_frequency(elems.ds_params[0]);
193 freq = rx_status->freq;
195 channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
197 if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
198 return RX_DROP_MONITOR;
200 bss = ieee80211_bss_info_update(sdata->local, rx_status,
201 mgmt, skb->len, &elems,
204 ieee80211_rx_bss_put(sdata->local, bss);
210 /* return false if no more work */
211 static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
213 struct cfg80211_scan_request *req = local->scan_req;
214 enum ieee80211_band band;
215 int i, ielen, n_chans;
218 if (local->hw_scan_band == IEEE80211_NUM_BANDS)
221 band = local->hw_scan_band;
223 for (i = 0; i < req->n_channels; i++) {
224 if (req->channels[i]->band == band) {
225 local->hw_scan_req->channels[n_chans] =
231 local->hw_scan_band++;
234 local->hw_scan_req->n_channels = n_chans;
236 ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
237 req->ie, req->ie_len, band);
238 local->hw_scan_req->ie_len = ielen;
243 void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
245 struct ieee80211_local *local = hw_to_local(hw);
248 mutex_lock(&local->scan_mtx);
251 * It's ok to abort a not-yet-running scan (that
252 * we have one at all will be verified by checking
253 * local->scan_req next), but not to complete it
256 if (WARN_ON(!local->scanning && !aborted))
259 if (WARN_ON(!local->scan_req)) {
260 mutex_unlock(&local->scan_mtx);
264 was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
265 if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
266 ieee80211_queue_delayed_work(&local->hw,
267 &local->scan_work, 0);
268 mutex_unlock(&local->scan_mtx);
272 kfree(local->hw_scan_req);
273 local->hw_scan_req = NULL;
275 if (local->scan_req != local->int_scan_req)
276 cfg80211_scan_done(local->scan_req, aborted);
277 local->scan_req = NULL;
278 local->scan_sdata = NULL;
281 local->scan_channel = NULL;
283 /* we only have to protect scan_req and hw/sw scan */
284 mutex_unlock(&local->scan_mtx);
286 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
290 ieee80211_configure_filter(local);
292 drv_sw_scan_complete(local);
294 ieee80211_offchannel_return(local, true);
297 ieee80211_recalc_idle(local);
298 ieee80211_mlme_notify_scan_completed(local);
299 ieee80211_ibss_notify_scan_completed(local);
300 ieee80211_mesh_notify_scan_completed(local);
301 ieee80211_queue_work(&local->hw, &local->work_work);
303 EXPORT_SYMBOL(ieee80211_scan_completed);
305 static int ieee80211_start_sw_scan(struct ieee80211_local *local)
308 * Hardware/driver doesn't support hw_scan, so use software
309 * scanning instead. First send a nullfunc frame with power save
310 * bit on so that AP will buffer the frames for us while we are not
311 * listening, then send probe requests to each channel and wait for
312 * the responses. After all channels are scanned, tune back to the
313 * original channel and send a nullfunc frame with power save bit
314 * off to trigger the AP to send us all the buffered frames.
316 * Note that while local->sw_scanning is true everything else but
317 * nullfunc frames and probe requests will be dropped in
318 * ieee80211_tx_h_check_assoc().
320 drv_sw_scan_start(local);
322 ieee80211_offchannel_stop_beaconing(local);
324 local->next_scan_state = SCAN_DECISION;
325 local->scan_channel_idx = 0;
327 drv_flush(local, false);
329 ieee80211_configure_filter(local);
331 ieee80211_queue_delayed_work(&local->hw,
333 IEEE80211_CHANNEL_TIME);
339 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
340 struct cfg80211_scan_request *req)
342 struct ieee80211_local *local = sdata->local;
348 if (!list_empty(&local->work_list)) {
349 /* wait for the work to finish/time out */
350 local->scan_req = req;
351 local->scan_sdata = sdata;
355 if (local->ops->hw_scan) {
358 local->hw_scan_req = kmalloc(
359 sizeof(*local->hw_scan_req) +
360 req->n_channels * sizeof(req->channels[0]) +
361 2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
362 req->ie_len, GFP_KERNEL);
363 if (!local->hw_scan_req)
366 local->hw_scan_req->ssids = req->ssids;
367 local->hw_scan_req->n_ssids = req->n_ssids;
368 ies = (u8 *)local->hw_scan_req +
369 sizeof(*local->hw_scan_req) +
370 req->n_channels * sizeof(req->channels[0]);
371 local->hw_scan_req->ie = ies;
373 local->hw_scan_band = 0;
376 * After allocating local->hw_scan_req, we must
377 * go through until ieee80211_prep_hw_scan(), so
378 * anything that might be changed here and leave
379 * this function early must not go after this
384 local->scan_req = req;
385 local->scan_sdata = sdata;
387 if (local->ops->hw_scan)
388 __set_bit(SCAN_HW_SCANNING, &local->scanning);
390 __set_bit(SCAN_SW_SCANNING, &local->scanning);
393 * Kicking off the scan need not be protected,
394 * only the scan variable stuff, since now
395 * local->scan_req is assigned and other callers
396 * will abort their scan attempts.
398 * This avoids too many locking dependencies
399 * so that the scan completed calls have more
403 ieee80211_recalc_idle(local);
404 mutex_unlock(&local->scan_mtx);
406 if (local->ops->hw_scan) {
407 WARN_ON(!ieee80211_prep_hw_scan(local));
408 rc = drv_hw_scan(local, local->hw_scan_req);
410 rc = ieee80211_start_sw_scan(local);
412 mutex_lock(&local->scan_mtx);
415 kfree(local->hw_scan_req);
416 local->hw_scan_req = NULL;
419 ieee80211_recalc_idle(local);
421 local->scan_req = NULL;
422 local->scan_sdata = NULL;
428 static int ieee80211_scan_state_decision(struct ieee80211_local *local,
429 unsigned long *next_delay)
431 bool associated = false;
432 struct ieee80211_sub_if_data *sdata;
434 /* if no more bands/channels left, complete scan and advance to the idle state */
435 if (local->scan_channel_idx >= local->scan_req->n_channels) {
436 ieee80211_scan_completed(&local->hw, false);
440 /* check if at least one STA interface is associated */
441 mutex_lock(&local->iflist_mtx);
442 list_for_each_entry(sdata, &local->interfaces, list) {
443 if (!ieee80211_sdata_running(sdata))
446 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
447 if (sdata->u.mgd.associated) {
453 mutex_unlock(&local->iflist_mtx);
455 if (local->scan_channel) {
457 * we're currently scanning a different channel, let's
458 * switch back to the operating channel now if at least
459 * one interface is associated. Otherwise just scan the
463 local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
465 local->next_scan_state = SCAN_SET_CHANNEL;
468 * we're on the operating channel currently, let's
469 * leave that channel now to scan another one
471 local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
478 static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
479 unsigned long *next_delay)
481 ieee80211_offchannel_stop_station(local);
483 __set_bit(SCAN_OFF_CHANNEL, &local->scanning);
486 * What if the nullfunc frames didn't arrive?
488 drv_flush(local, false);
489 if (local->ops->flush)
492 *next_delay = HZ / 10;
494 /* advance to the next channel to be scanned */
495 local->next_scan_state = SCAN_SET_CHANNEL;
498 static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local,
499 unsigned long *next_delay)
501 /* switch back to the operating channel */
502 local->scan_channel = NULL;
503 ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
506 * Only re-enable station mode interface now; beaconing will be
507 * re-enabled once the full scan has been completed.
509 ieee80211_offchannel_return(local, false);
511 __clear_bit(SCAN_OFF_CHANNEL, &local->scanning);
513 *next_delay = HZ / 5;
514 local->next_scan_state = SCAN_DECISION;
517 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
518 unsigned long *next_delay)
521 struct ieee80211_channel *chan;
524 chan = local->scan_req->channels[local->scan_channel_idx];
526 local->scan_channel = chan;
527 if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
530 /* advance state machine to next channel/band */
531 local->scan_channel_idx++;
534 /* if we skip this channel return to the decision state */
535 local->next_scan_state = SCAN_DECISION;
540 * Probe delay is used to update the NAV, cf. 11.1.3.2.2
541 * (which unfortunately doesn't say _why_ step a) is done,
542 * but it waits for the probe delay or until a frame is
543 * received - and the received frame would update the NAV).
544 * For now, we do not support waiting until a frame is
547 * In any case, it is not necessary for a passive scan.
549 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
550 !local->scan_req->n_ssids) {
551 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
552 local->next_scan_state = SCAN_DECISION;
556 /* active scan, send probes */
557 *next_delay = IEEE80211_PROBE_DELAY;
558 local->next_scan_state = SCAN_SEND_PROBE;
561 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
562 unsigned long *next_delay)
565 struct ieee80211_sub_if_data *sdata = local->scan_sdata;
567 for (i = 0; i < local->scan_req->n_ssids; i++)
568 ieee80211_send_probe_req(
570 local->scan_req->ssids[i].ssid,
571 local->scan_req->ssids[i].ssid_len,
572 local->scan_req->ie, local->scan_req->ie_len);
575 * After sending probe requests, wait for probe responses
578 *next_delay = IEEE80211_CHANNEL_TIME;
579 local->next_scan_state = SCAN_DECISION;
582 void ieee80211_scan_work(struct work_struct *work)
584 struct ieee80211_local *local =
585 container_of(work, struct ieee80211_local, scan_work.work);
586 struct ieee80211_sub_if_data *sdata = local->scan_sdata;
587 unsigned long next_delay = 0;
589 mutex_lock(&local->scan_mtx);
590 if (!sdata || !local->scan_req) {
591 mutex_unlock(&local->scan_mtx);
595 if (local->hw_scan_req) {
596 int rc = drv_hw_scan(local, local->hw_scan_req);
597 mutex_unlock(&local->scan_mtx);
599 ieee80211_scan_completed(&local->hw, true);
603 if (local->scan_req && !local->scanning) {
604 struct cfg80211_scan_request *req = local->scan_req;
607 local->scan_req = NULL;
608 local->scan_sdata = NULL;
610 rc = __ieee80211_start_scan(sdata, req);
611 mutex_unlock(&local->scan_mtx);
614 ieee80211_scan_completed(&local->hw, true);
618 mutex_unlock(&local->scan_mtx);
621 * Avoid re-scheduling when the sdata is going away.
623 if (!ieee80211_sdata_running(sdata)) {
624 ieee80211_scan_completed(&local->hw, true);
629 * as long as no delay is required advance immediately
630 * without scheduling a new work
633 switch (local->next_scan_state) {
635 if (ieee80211_scan_state_decision(local, &next_delay))
638 case SCAN_SET_CHANNEL:
639 ieee80211_scan_state_set_channel(local, &next_delay);
641 case SCAN_SEND_PROBE:
642 ieee80211_scan_state_send_probe(local, &next_delay);
644 case SCAN_LEAVE_OPER_CHANNEL:
645 ieee80211_scan_state_leave_oper_channel(local, &next_delay);
647 case SCAN_ENTER_OPER_CHANNEL:
648 ieee80211_scan_state_enter_oper_channel(local, &next_delay);
651 } while (next_delay == 0);
653 ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
656 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
657 struct cfg80211_scan_request *req)
661 mutex_lock(&sdata->local->scan_mtx);
662 res = __ieee80211_start_scan(sdata, req);
663 mutex_unlock(&sdata->local->scan_mtx);
668 int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
669 const u8 *ssid, u8 ssid_len)
671 struct ieee80211_local *local = sdata->local;
674 mutex_lock(&local->scan_mtx);
680 memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
681 local->int_scan_req->ssids[0].ssid_len = ssid_len;
683 ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
685 mutex_unlock(&local->scan_mtx);
689 void ieee80211_scan_cancel(struct ieee80211_local *local)
693 cancel_delayed_work_sync(&local->scan_work);
696 * Only call this function when a scan can't be
697 * queued -- mostly at suspend under RTNL.
699 mutex_lock(&local->scan_mtx);
700 abortscan = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
701 (!local->scanning && local->scan_req);
702 mutex_unlock(&local->scan_mtx);
705 ieee80211_scan_completed(&local->hw, true);
git.openpandora.org / pandora-wifi.git / blob