2 * Copyright (c) 2002-2008 Sam Leffler, Errno Consulting
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
30 * IEEE 802.11 scanning support.
34 #include <sys/param.h>
35 #include <sys/systm.h>
37 #include <sys/kernel.h>
38 #include <sys/malloc.h>
39 #include <sys/condvar.h>
41 #include <sys/socket.h>
44 #include <net/if_var.h>
45 #include <net/if_media.h>
46 #include <net/ethernet.h>
48 #include <netproto/802_11/ieee80211_var.h>
50 /* XXX until it's implemented as attach ops */
51 #include <netproto/802_11/ieee80211_scan_sw.h>
56 * Roaming-related defaults. RSSI thresholds are as returned by the
57 * driver (.5dBm). Transmit rate thresholds are IEEE rate codes (i.e
61 #define ROAM_RSSI_11A_DEFAULT 14 /* 11a bss */
62 #define ROAM_RSSI_11B_DEFAULT 14 /* 11b bss */
63 #define ROAM_RSSI_11BONLY_DEFAULT 14 /* 11b-only bss */
64 /* transmit rate thresholds */
65 #define ROAM_RATE_11A_DEFAULT 2*12 /* 11a bss */
66 #define ROAM_RATE_11B_DEFAULT 2*5 /* 11b bss */
67 #define ROAM_RATE_11BONLY_DEFAULT 2*1 /* 11b-only bss */
68 #define ROAM_RATE_HALF_DEFAULT 2*6 /* half-width 11a/g bss */
69 #define ROAM_RATE_QUARTER_DEFAULT 2*3 /* quarter-width 11a/g bss */
70 #define ROAM_MCS_11N_DEFAULT (1 | IEEE80211_RATE_MCS) /* 11n bss */
73 ieee80211_scan_attach(struct ieee80211com
*ic
)
76 * If there's no scan method pointer, attach the
77 * swscan set as a default.
79 if (ic
->ic_scan_methods
== NULL
)
80 ieee80211_swscan_attach(ic
);
82 ic
->ic_scan_methods
->sc_attach(ic
);
86 ieee80211_scan_detach(struct ieee80211com
*ic
)
90 * Ideally we'd do the ss_ops detach call here;
91 * but then sc_detach() would need to be split in two.
95 ic
->ic_scan_methods
->sc_detach(ic
);
98 static const struct ieee80211_roamparam defroam
[IEEE80211_MODE_MAX
] = {
99 [IEEE80211_MODE_11A
] = { .rssi
= ROAM_RSSI_11A_DEFAULT
,
100 .rate
= ROAM_RATE_11A_DEFAULT
},
101 [IEEE80211_MODE_11G
] = { .rssi
= ROAM_RSSI_11B_DEFAULT
,
102 .rate
= ROAM_RATE_11B_DEFAULT
},
103 [IEEE80211_MODE_11B
] = { .rssi
= ROAM_RSSI_11BONLY_DEFAULT
,
104 .rate
= ROAM_RATE_11BONLY_DEFAULT
},
105 [IEEE80211_MODE_TURBO_A
]= { .rssi
= ROAM_RSSI_11A_DEFAULT
,
106 .rate
= ROAM_RATE_11A_DEFAULT
},
107 [IEEE80211_MODE_TURBO_G
]= { .rssi
= ROAM_RSSI_11A_DEFAULT
,
108 .rate
= ROAM_RATE_11A_DEFAULT
},
109 [IEEE80211_MODE_STURBO_A
]={ .rssi
= ROAM_RSSI_11A_DEFAULT
,
110 .rate
= ROAM_RATE_11A_DEFAULT
},
111 [IEEE80211_MODE_HALF
] = { .rssi
= ROAM_RSSI_11A_DEFAULT
,
112 .rate
= ROAM_RATE_HALF_DEFAULT
},
113 [IEEE80211_MODE_QUARTER
]= { .rssi
= ROAM_RSSI_11A_DEFAULT
,
114 .rate
= ROAM_RATE_QUARTER_DEFAULT
},
115 [IEEE80211_MODE_11NA
] = { .rssi
= ROAM_RSSI_11A_DEFAULT
,
116 .rate
= ROAM_MCS_11N_DEFAULT
},
117 [IEEE80211_MODE_11NG
] = { .rssi
= ROAM_RSSI_11B_DEFAULT
,
118 .rate
= ROAM_MCS_11N_DEFAULT
},
122 ieee80211_scan_vattach(struct ieee80211vap
*vap
)
124 struct ieee80211com
*ic
= vap
->iv_ic
;
126 vap
->iv_bgscanidle
= (IEEE80211_BGSCAN_IDLE_DEFAULT
*1000)/hz
;
127 vap
->iv_bgscanintvl
= IEEE80211_BGSCAN_INTVAL_DEFAULT
*hz
;
128 vap
->iv_scanvalid
= IEEE80211_SCAN_VALID_DEFAULT
*hz
;
130 vap
->iv_roaming
= IEEE80211_ROAMING_AUTO
;
131 memcpy(vap
->iv_roamparms
, defroam
, sizeof(defroam
));
133 ic
->ic_scan_methods
->sc_vattach(vap
);
137 ieee80211_scan_vdetach(struct ieee80211vap
*vap
)
139 struct ieee80211com
*ic
= vap
->iv_ic
;
140 struct ieee80211_scan_state
*ss
;
145 ic
->ic_scan_methods
->sc_vdetach(vap
);
147 if (ss
!= NULL
&& ss
->ss_vap
== vap
) {
148 if (ss
->ss_ops
!= NULL
) {
149 ss
->ss_ops
->scan_detach(ss
);
154 IEEE80211_UNLOCK(ic
);
158 * Simple-minded scanner module support.
160 static const char *scan_modnames
[IEEE80211_OPMODE_MAX
] = {
161 "wlan_scan_sta", /* IEEE80211_M_IBSS */
162 "wlan_scan_sta", /* IEEE80211_M_STA */
163 "wlan_scan_wds", /* IEEE80211_M_WDS */
164 "wlan_scan_sta", /* IEEE80211_M_AHDEMO */
165 "wlan_scan_ap", /* IEEE80211_M_HOSTAP */
166 "wlan_scan_monitor", /* IEEE80211_M_MONITOR */
167 "wlan_scan_sta", /* IEEE80211_M_MBSS */
169 static const struct ieee80211_scanner
*scanners
[IEEE80211_OPMODE_MAX
];
171 const struct ieee80211_scanner
*
172 ieee80211_scanner_get(enum ieee80211_opmode mode
)
174 if (mode
>= IEEE80211_OPMODE_MAX
)
176 if (scanners
[mode
] == NULL
)
177 ieee80211_load_module(scan_modnames
[mode
]);
178 return scanners
[mode
];
182 ieee80211_scanner_register(enum ieee80211_opmode mode
,
183 const struct ieee80211_scanner
*scan
)
185 if (mode
>= IEEE80211_OPMODE_MAX
)
187 scanners
[mode
] = scan
;
191 ieee80211_scanner_unregister(enum ieee80211_opmode mode
,
192 const struct ieee80211_scanner
*scan
)
194 if (mode
>= IEEE80211_OPMODE_MAX
)
196 if (scanners
[mode
] == scan
)
197 scanners
[mode
] = NULL
;
201 ieee80211_scanner_unregister_all(const struct ieee80211_scanner
*scan
)
205 for (m
= 0; m
< IEEE80211_OPMODE_MAX
; m
++)
206 if (scanners
[m
] == scan
)
211 * Update common scanner state to reflect the current
212 * operating mode. This is called when the state machine
213 * is transitioned to RUN state w/o scanning--e.g. when
214 * operating in monitor mode. The purpose of this is to
215 * ensure later callbacks find ss_ops set to properly
216 * reflect current operating mode.
219 ieee80211_scan_update_locked(struct ieee80211vap
*vap
,
220 const struct ieee80211_scanner
*scan
)
222 struct ieee80211com
*ic
= vap
->iv_ic
;
223 struct ieee80211_scan_state
*ss
= ic
->ic_scan
;
225 IEEE80211_LOCK_ASSERT(ic
);
227 #ifdef IEEE80211_DEBUG
228 if (ss
->ss_vap
!= vap
|| ss
->ss_ops
!= scan
) {
229 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
230 "%s: current scanner is <%s:%s>, switch to <%s:%s>\n",
233 ss
->ss_vap
->iv_ifp
->if_xname
: "none",
235 ieee80211_opmode_name
[ss
->ss_vap
->iv_opmode
] : "none",
236 vap
->iv_ifp
->if_xname
,
237 ieee80211_opmode_name
[vap
->iv_opmode
]);
241 if (ss
->ss_ops
!= scan
) {
243 * Switch scanners; detach old, attach new. Special
244 * case where a single scan module implements multiple
245 * policies by using different scan ops but a common
246 * core. We assume if the old and new attach methods
247 * are identical then it's ok to just change ss_ops
248 * and not flush the internal state of the module.
250 if (scan
== NULL
|| ss
->ss_ops
== NULL
||
251 ss
->ss_ops
->scan_attach
!= scan
->scan_attach
) {
252 if (ss
->ss_ops
!= NULL
)
253 ss
->ss_ops
->scan_detach(ss
);
254 if (scan
!= NULL
&& !scan
->scan_attach(ss
)) {
255 /* XXX attach failure */
265 ieee80211_scan_dump_channels(const struct ieee80211_scan_state
*ss
)
267 struct ieee80211com
*ic
= ss
->ss_ic
;
272 for (i
= ss
->ss_next
; i
< ss
->ss_last
; i
++) {
273 const struct ieee80211_channel
*c
= ss
->ss_chans
[i
];
275 kprintf("%s%u%c", sep
, ieee80211_chan2ieee(ic
, c
),
276 ieee80211_channel_type_char(c
));
281 #ifdef IEEE80211_DEBUG
283 ieee80211_scan_dump(struct ieee80211_scan_state
*ss
)
285 struct ieee80211vap
*vap
= ss
->ss_vap
;
287 if_printf(vap
->iv_ifp
, "scan set ");
288 ieee80211_scan_dump_channels(ss
);
289 kprintf(" dwell min %lums max %lums\n",
290 ticks_to_msecs(ss
->ss_mindwell
), ticks_to_msecs(ss
->ss_maxdwell
));
292 #endif /* IEEE80211_DEBUG */
295 ieee80211_scan_copy_ssid(struct ieee80211vap
*vap
, struct ieee80211_scan_state
*ss
,
296 int nssid
, const struct ieee80211_scan_ssid ssids
[])
298 if (nssid
> IEEE80211_SCAN_MAX_SSID
) {
300 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
301 "%s: too many ssid %d, ignoring all of them\n",
305 memcpy(ss
->ss_ssid
, ssids
, nssid
* sizeof(ssids
[0]));
306 ss
->ss_nssid
= nssid
;
310 * Start a scan unless one is already going.
313 ieee80211_start_scan(struct ieee80211vap
*vap
, int flags
,
314 u_int duration
, u_int mindwell
, u_int maxdwell
,
315 u_int nssid
, const struct ieee80211_scan_ssid ssids
[])
317 const struct ieee80211_scanner
*scan
;
318 struct ieee80211com
*ic
= vap
->iv_ic
;
320 scan
= ieee80211_scanner_get(vap
->iv_opmode
);
322 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
323 "%s: no scanner support for %s mode\n",
324 __func__
, ieee80211_opmode_name
[vap
->iv_opmode
]);
329 return ic
->ic_scan_methods
->sc_start_scan(scan
, vap
, flags
, duration
,
330 mindwell
, maxdwell
, nssid
, ssids
);
334 * Check the scan cache for an ap/channel to use; if that
335 * fails then kick off a new scan.
338 ieee80211_check_scan(struct ieee80211vap
*vap
, int flags
,
339 u_int duration
, u_int mindwell
, u_int maxdwell
,
340 u_int nssid
, const struct ieee80211_scan_ssid ssids
[])
342 struct ieee80211com
*ic
= vap
->iv_ic
;
343 struct ieee80211_scan_state
*ss
= ic
->ic_scan
;
344 const struct ieee80211_scanner
*scan
;
347 scan
= ieee80211_scanner_get(vap
->iv_opmode
);
349 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
350 "%s: no scanner support for %d mode\n",
351 __func__
, vap
->iv_opmode
);
357 * Check if there's a list of scan candidates already.
358 * XXX want more than the ap we're currently associated with
362 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
363 "%s: %s scan, %s%s%s%s%s\n"
365 , flags
& IEEE80211_SCAN_ACTIVE
? "active" : "passive"
366 , flags
& IEEE80211_SCAN_FLUSH
? "flush" : "append"
367 , flags
& IEEE80211_SCAN_NOPICK
? ", nopick" : ""
368 , flags
& IEEE80211_SCAN_NOJOIN
? ", nojoin" : ""
369 , flags
& IEEE80211_SCAN_PICK1ST
? ", pick1st" : ""
370 , flags
& IEEE80211_SCAN_ONCE
? ", once" : ""
373 if (ss
->ss_ops
!= scan
) {
374 /* XXX re-use cache contents? e.g. adhoc<->sta */
375 flags
|= IEEE80211_SCAN_FLUSH
;
379 * XXX TODO: separate things out a bit better.
381 ieee80211_scan_update_locked(vap
, scan
);
383 result
= ic
->ic_scan_methods
->sc_check_scan(scan
, vap
, flags
, duration
,
384 mindwell
, maxdwell
, nssid
, ssids
);
386 IEEE80211_UNLOCK(ic
);
392 * Check the scan cache for an ap/channel to use; if that fails
393 * then kick off a scan using the current settings.
396 ieee80211_check_scan_current(struct ieee80211vap
*vap
)
398 return ieee80211_check_scan(vap
,
399 IEEE80211_SCAN_ACTIVE
,
400 IEEE80211_SCAN_FOREVER
, 0, 0,
401 vap
->iv_des_nssid
, vap
->iv_des_ssid
);
405 * Restart a previous scan. If the previous scan completed
406 * then we start again using the existing channel list.
409 ieee80211_bg_scan(struct ieee80211vap
*vap
, int flags
)
411 struct ieee80211com
*ic
= vap
->iv_ic
;
412 const struct ieee80211_scanner
*scan
;
414 // IEEE80211_UNLOCK_ASSERT(sc);
416 scan
= ieee80211_scanner_get(vap
->iv_opmode
);
418 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
,
419 "%s: no scanner support for %d mode\n",
420 __func__
, vap
->iv_opmode
);
426 * XXX TODO: pull apart the bgscan logic into whatever
427 * belongs here and whatever belongs in the software
430 return (ic
->ic_scan_methods
->sc_bg_scan(scan
, vap
, flags
));
434 * Cancel any scan currently going on for the specified vap.
437 ieee80211_cancel_scan(struct ieee80211vap
*vap
)
439 struct ieee80211com
*ic
= vap
->iv_ic
;
441 ic
->ic_scan_methods
->sc_cancel_scan(vap
);
445 * Cancel any scan currently going on.
447 * This is called during normal 802.11 data path to cancel
448 * a scan so a newly arrived normal data packet can be sent.
451 ieee80211_cancel_anyscan(struct ieee80211vap
*vap
)
453 struct ieee80211com
*ic
= vap
->iv_ic
;
455 ic
->ic_scan_methods
->sc_cancel_anyscan(vap
);
459 * Manually switch to the next channel in the channel list.
460 * Provided for drivers that manage scanning themselves
461 * (e.g. for firmware-based devices).
464 ieee80211_scan_next(struct ieee80211vap
*vap
)
466 struct ieee80211com
*ic
= vap
->iv_ic
;
468 ic
->ic_scan_methods
->sc_scan_next(vap
);
472 * Manually stop a scan that is currently running.
473 * Provided for drivers that are not able to scan single channels
474 * (e.g. for firmware-based devices).
477 ieee80211_scan_done(struct ieee80211vap
*vap
)
479 struct ieee80211com
*ic
= vap
->iv_ic
;
480 struct ieee80211_scan_state
*ss
;
482 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
, "%s: called\n", __func__
);
486 ss
->ss_next
= ss
->ss_last
; /* all channels are complete */
488 ic
->ic_scan_methods
->sc_scan_done(vap
);
490 IEEE80211_UNLOCK(ic
);
494 * Probe the current channel, if allowed, while scanning.
495 * If the channel is not marked passive-only then send
496 * a probe request immediately. Otherwise mark state and
497 * listen for beacons on the channel; if we receive something
498 * then we'll transmit a probe request.
501 ieee80211_probe_curchan(struct ieee80211vap
*vap
, int force
)
503 struct ieee80211com
*ic
= vap
->iv_ic
;
505 if ((ic
->ic_curchan
->ic_flags
& IEEE80211_CHAN_PASSIVE
) && !force
) {
506 ic
->ic_flags_ext
|= IEEE80211_FEXT_PROBECHAN
;
510 ic
->ic_scan_methods
->sc_scan_probe_curchan(vap
, force
);
513 #ifdef IEEE80211_DEBUG
515 dump_country(const uint8_t *ie
)
517 const struct ieee80211_country_ie
*cie
=
518 (const struct ieee80211_country_ie
*) ie
;
519 int i
, nbands
, schan
, nchan
;
522 kprintf(" <bogus country ie, len %d>", cie
->len
);
525 kprintf(" country [%c%c%c", cie
->cc
[0], cie
->cc
[1], cie
->cc
[2]);
526 nbands
= (cie
->len
- 3) / sizeof(cie
->band
[0]);
527 for (i
= 0; i
< nbands
; i
++) {
528 schan
= cie
->band
[i
].schan
;
529 nchan
= cie
->band
[i
].nchan
;
531 kprintf(" %u-%u,%u", schan
, schan
+ nchan
-1,
532 cie
->band
[i
].maxtxpwr
);
534 kprintf(" %u,%u", schan
, cie
->band
[i
].maxtxpwr
);
540 ieee80211_scan_dump_probe_beacon(uint8_t subtype
, int isnew
,
541 const uint8_t mac
[IEEE80211_ADDR_LEN
],
542 const struct ieee80211_scanparams
*sp
, int rssi
)
545 kprintf("[%s] %s%s on chan %u (bss chan %u) ",
546 ether_sprintf(mac
), isnew
? "new " : "",
547 ieee80211_mgt_subtype_name(subtype
), sp
->chan
, sp
->bchan
);
548 ieee80211_print_essid(sp
->ssid
+ 2, sp
->ssid
[1]);
549 kprintf(" rssi %d\n", rssi
);
552 kprintf("[%s] caps 0x%x bintval %u erp 0x%x",
553 ether_sprintf(mac
), sp
->capinfo
, sp
->bintval
, sp
->erp
);
554 if (sp
->country
!= NULL
)
555 dump_country(sp
->country
);
559 #endif /* IEEE80211_DEBUG */
562 * Process a beacon or probe response frame.
565 ieee80211_add_scan(struct ieee80211vap
*vap
,
566 struct ieee80211_channel
*curchan
,
567 const struct ieee80211_scanparams
*sp
,
568 const struct ieee80211_frame
*wh
,
569 int subtype
, int rssi
, int noise
)
571 struct ieee80211com
*ic
= vap
->iv_ic
;
573 return (ic
->ic_scan_methods
->sc_add_scan(vap
, curchan
, sp
, wh
, subtype
,
578 * Timeout/age scan cache entries; called from sta timeout
579 * timer (XXX should be self-contained).
582 ieee80211_scan_timeout(struct ieee80211com
*ic
)
584 struct ieee80211_scan_state
*ss
= ic
->ic_scan
;
586 if (ss
->ss_ops
!= NULL
)
587 ss
->ss_ops
->scan_age(ss
);
591 * Mark a scan cache entry after a successful associate.
594 ieee80211_scan_assoc_success(struct ieee80211vap
*vap
, const uint8_t mac
[])
596 struct ieee80211_scan_state
*ss
= vap
->iv_ic
->ic_scan
;
598 if (ss
->ss_ops
!= NULL
) {
599 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_SCAN
,
600 mac
, "%s", __func__
);
601 ss
->ss_ops
->scan_assoc_success(ss
, mac
);
606 * Demerit a scan cache entry after failing to associate.
609 ieee80211_scan_assoc_fail(struct ieee80211vap
*vap
,
610 const uint8_t mac
[], int reason
)
612 struct ieee80211_scan_state
*ss
= vap
->iv_ic
->ic_scan
;
614 if (ss
->ss_ops
!= NULL
) {
615 IEEE80211_NOTE_MAC(vap
, IEEE80211_MSG_SCAN
, mac
,
616 "%s: reason %u", __func__
, reason
);
617 ss
->ss_ops
->scan_assoc_fail(ss
, mac
, reason
);
622 * Iterate over the contents of the scan cache.
625 ieee80211_scan_iterate(struct ieee80211vap
*vap
,
626 ieee80211_scan_iter_func
*f
, void *arg
)
628 struct ieee80211_scan_state
*ss
= vap
->iv_ic
->ic_scan
;
630 if (ss
->ss_ops
!= NULL
)
631 ss
->ss_ops
->scan_iterate(ss
, f
, arg
);
635 * Flush the contents of the scan cache.
638 ieee80211_scan_flush(struct ieee80211vap
*vap
)
640 struct ieee80211_scan_state
*ss
= vap
->iv_ic
->ic_scan
;
642 if (ss
->ss_ops
!= NULL
&& ss
->ss_vap
== vap
) {
643 IEEE80211_DPRINTF(vap
, IEEE80211_MSG_SCAN
, "%s\n", __func__
);
644 ss
->ss_ops
->scan_flush(ss
);
649 * Check the scan cache for an ap/channel to use; if that
650 * fails then kick off a new scan.
652 struct ieee80211_channel
*
653 ieee80211_scan_pickchannel(struct ieee80211com
*ic
, int flags
)
655 struct ieee80211_scan_state
*ss
= ic
->ic_scan
;
657 IEEE80211_LOCK_ASSERT(ic
);
659 if (ss
== NULL
|| ss
->ss_ops
== NULL
|| ss
->ss_vap
== NULL
) {
663 if (ss
->ss_ops
->scan_pickchan
== NULL
) {
664 IEEE80211_DPRINTF(ss
->ss_vap
, IEEE80211_MSG_SCAN
,
665 "%s: scan module does not support picking a channel, "
666 "opmode %d\n", __func__
, ss
->ss_vap
->iv_opmode
);
669 return ss
->ss_ops
->scan_pickchan(ss
, flags
);