search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
acpi: Narrow workaround for broken interrupt settings
[dragonfly.git] / sys / netproto / 802_11 / wlan / ieee80211_scan_sta.c
blob5da2dacb396beeab55192e88b53de78d460d3fa6
1 /*-
2 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26 #include <sys/cdefs.h>
27 __FBSDID("$FreeBSD$");
28
29 /*
30 * IEEE 802.11 station scanning support.
31 */
32 #include "opt_wlan.h"
33
34 #include <sys/param.h>
35 #include <sys/systm.h>
36 #include <sys/kernel.h>
37 #include <sys/endian.h>
38 #include <sys/malloc.h>
39 #include <sys/module.h>
40
41 #include <sys/socket.h>
42
43 #include <net/if.h>
44 #include <net/if_var.h>
45 #include <net/if_media.h>
46 #include <net/ethernet.h>
47
48 #include <netproto/802_11/ieee80211_var.h>
49 #include <netproto/802_11/ieee80211_input.h>
50 #include <netproto/802_11/ieee80211_regdomain.h>
51 #ifdef IEEE80211_SUPPORT_TDMA
52 #include <netproto/802_11/ieee80211_tdma.h>
53 #endif
54 #ifdef IEEE80211_SUPPORT_MESH
55 #include <netproto/802_11/ieee80211_mesh.h>
56 #endif
57 #include <netproto/802_11/ieee80211_ratectl.h>
58
59 #include <net/bpf.h>
60
61 /*
62 * Parameters for managing cache entries:
63 *
64 * o a station with STA_FAILS_MAX failures is not considered
65 * when picking a candidate
66 * o a station that hasn't had an update in STA_PURGE_SCANS
67 * (background) scans is discarded
68 * o after STA_FAILS_AGE seconds we clear the failure count
69 */
70 #define STA_FAILS_MAX 2 /* assoc failures before ignored */
71 #define STA_FAILS_AGE (2*60) /* time before clearing fails (secs) */
72 #define STA_PURGE_SCANS 2 /* age for purging entries (scans) */
73
74 /* XXX tunable */
75 #define STA_RSSI_MIN 8 /* min acceptable rssi */
76 #define STA_RSSI_MAX 40 /* max rssi for comparison */
77
78 struct sta_entry {
79 struct ieee80211_scan_entry base;
80 TAILQ_ENTRY(sta_entry) se_list;
81 LIST_ENTRY(sta_entry) se_hash;
82 uint8_t se_fails; /* failure to associate count */
83 uint8_t se_seen; /* seen during current scan */
84 uint8_t se_notseen; /* not seen in previous scans */
85 uint8_t se_flags;
86 #define STA_DEMOTE11B 0x01 /* match w/ demoted 11b chan */
87 uint32_t se_avgrssi; /* LPF rssi state */
88 unsigned long se_lastupdate; /* time of last update */
89 unsigned long se_lastfail; /* time of last failure */
90 unsigned long se_lastassoc; /* time of last association */
91 u_int se_scangen; /* iterator scan gen# */
92 u_int se_countrygen; /* gen# of last cc notify */
93 };
94
95 #define STA_HASHSIZE 32
96 /* simple hash is enough for variation of macaddr */
97 #define STA_HASH(addr) \
98 (((const uint8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % STA_HASHSIZE)
99
100 #define MAX_IEEE_CHAN 256 /* max acceptable IEEE chan # */
101 CTASSERT(MAX_IEEE_CHAN >= 256);
102
103 struct sta_table {
104 ieee80211_scan_table_lock_t st_lock; /* on scan table */
105 TAILQ_HEAD(, sta_entry) st_entry; /* all entries */
106 LIST_HEAD(, sta_entry) st_hash[STA_HASHSIZE];
107 ieee80211_scan_iter_lock_t st_scanlock; /* on st_scaniter */
108 u_int st_scaniter; /* gen# for iterator */
109 u_int st_scangen; /* scan generation # */
110 int st_newscan;
111 /* ap-related state */
112 int st_maxrssi[MAX_IEEE_CHAN];
113 };
114
115 static void sta_flush_table(struct sta_table *);
116 /*
117 * match_bss returns a bitmask describing if an entry is suitable
118 * for use. If non-zero the entry was deemed not suitable and it's
119 * contents explains why. The following flags are or'd to to this
120 * mask and can be used to figure out why the entry was rejected.
121 */
122 #define MATCH_CHANNEL 0x00001 /* channel mismatch */
123 #define MATCH_CAPINFO 0x00002 /* capabilities mismatch, e.g. no ess */
124 #define MATCH_PRIVACY 0x00004 /* privacy mismatch */
125 #define MATCH_RATE 0x00008 /* rate set mismatch */
126 #define MATCH_SSID 0x00010 /* ssid mismatch */
127 #define MATCH_BSSID 0x00020 /* bssid mismatch */
128 #define MATCH_FAILS 0x00040 /* too many failed auth attempts */
129 #define MATCH_NOTSEEN 0x00080 /* not seen in recent scans */
130 #define MATCH_RSSI 0x00100 /* rssi deemed too low to use */
131 #define MATCH_CC 0x00200 /* country code mismatch */
132 #define MATCH_TDMA_NOIE 0x00400 /* no TDMA ie */
133 #define MATCH_TDMA_NOTMASTER 0x00800 /* not TDMA master */
134 #define MATCH_TDMA_NOSLOT 0x01000 /* all TDMA slots occupied */
135 #define MATCH_TDMA_LOCAL 0x02000 /* local address */
136 #define MATCH_TDMA_VERSION 0x04000 /* protocol version mismatch */
137 #define MATCH_MESH_NOID 0x10000 /* no MESHID ie */
138 #define MATCH_MESHID 0x20000 /* meshid mismatch */
139 static int match_bss(struct ieee80211vap *,
140 const struct ieee80211_scan_state *, struct sta_entry *, int);
141 static void adhoc_age(struct ieee80211_scan_state *);
142
143 static __inline int
144 isocmp(const uint8_t cc1[], const uint8_t cc2[])
145 {
146 return (cc1[0] == cc2[0] && cc1[1] == cc2[1]);
147 }
148
149 /* number of references from net80211 layer */
150 static int nrefs = 0;
151 /*
152 * Module glue.
153 */
154 IEEE80211_SCANNER_MODULE(sta, 1);
155
156 /*
157 * Attach prior to any scanning work.
158 */
159 static int
160 sta_attach(struct ieee80211_scan_state *ss)
161 {
162 struct sta_table *st;
163
164 #if defined(__DragonFly__)
165 st = (struct sta_table *) kmalloc(sizeof(struct sta_table),
166 M_80211_SCAN, M_INTWAIT | M_ZERO);
167 #else
168 st = (struct sta_table *) IEEE80211_MALLOC(sizeof(struct sta_table),
169 M_80211_SCAN,
170 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
171 #endif
172 if (st == NULL)
173 return 0;
174 IEEE80211_SCAN_TABLE_LOCK_INIT(st, "scantable");
175 IEEE80211_SCAN_ITER_LOCK_INIT(st, "scangen");
176 TAILQ_INIT(&st->st_entry);
177 ss->ss_priv = st;
178 nrefs++; /* NB: we assume caller locking */
179 return 1;
180 }
181
182 /*
183 * Cleanup any private state.
184 */
185 static int
186 sta_detach(struct ieee80211_scan_state *ss)
187 {
188 struct sta_table *st = ss->ss_priv;
189
190 if (st != NULL) {
191 sta_flush_table(st);
192 IEEE80211_SCAN_TABLE_LOCK_DESTROY(st);
193 IEEE80211_SCAN_ITER_LOCK_DESTROY(st);
194 IEEE80211_FREE(st, M_80211_SCAN);
195 KASSERT(nrefs > 0, ("imbalanced attach/detach"));
196 nrefs--; /* NB: we assume caller locking */
197 }
198 return 1;
199 }
200
201 /*
202 * Flush all per-scan state.
203 */
204 static int
205 sta_flush(struct ieee80211_scan_state *ss)
206 {
207 struct sta_table *st = ss->ss_priv;
208
209 IEEE80211_SCAN_TABLE_LOCK(st);
210 sta_flush_table(st);
211 IEEE80211_SCAN_TABLE_UNLOCK(st);
212 ss->ss_last = 0;
213 return 0;
214 }
215
216 /*
217 * Flush all entries in the scan cache.
218 */
219 static void
220 sta_flush_table(struct sta_table *st)
221 {
222 struct sta_entry *se, *next;
223
224 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) {
225 TAILQ_REMOVE(&st->st_entry, se, se_list);
226 LIST_REMOVE(se, se_hash);
227 ieee80211_ies_cleanup(&se->base.se_ies);
228 IEEE80211_FREE(se, M_80211_SCAN);
229 }
230 memset(st->st_maxrssi, 0, sizeof(st->st_maxrssi));
231 }
232
233 /*
234 * Process a beacon or probe response frame; create an
235 * entry in the scan cache or update any previous entry.
236 */
237 static int
238 sta_add(struct ieee80211_scan_state *ss,
239 struct ieee80211_channel *curchan,
240 const struct ieee80211_scanparams *sp,
241 const struct ieee80211_frame *wh,
242 int subtype, int rssi, int noise)
243 {
244 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP)
245 #define PICK1ST(_ss) \
246 ((ss->ss_flags & (IEEE80211_SCAN_PICK1ST | IEEE80211_SCAN_GOTPICK)) == \
247 IEEE80211_SCAN_PICK1ST)
248 struct sta_table *st = ss->ss_priv;
249 const uint8_t *macaddr = wh->i_addr2;
250 struct ieee80211vap *vap = ss->ss_vap;
251 struct ieee80211com *ic = vap->iv_ic;
252 struct ieee80211_channel *c;
253 struct sta_entry *se;
254 struct ieee80211_scan_entry *ise;
255 int hash;
256
257 hash = STA_HASH(macaddr);
258
259 IEEE80211_SCAN_TABLE_LOCK(st);
260 LIST_FOREACH(se, &st->st_hash[hash], se_hash)
261 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr))
262 goto found;
263 #if defined(__DragonFly__)
264 se = (struct sta_entry *) kmalloc(sizeof(struct sta_entry),
265 M_80211_SCAN, M_INTWAIT | M_ZERO);
266 #else
267 se = (struct sta_entry *) IEEE80211_MALLOC(sizeof(struct sta_entry),
268 M_80211_SCAN, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO);
269 #endif
270 if (se == NULL) {
271 IEEE80211_SCAN_TABLE_UNLOCK(st);
272 return 0;
273 }
274 se->se_scangen = st->st_scaniter-1;
275 se->se_avgrssi = IEEE80211_RSSI_DUMMY_MARKER;
276 IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr);
277 TAILQ_INSERT_TAIL(&st->st_entry, se, se_list);
278 LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash);
279 found:
280 ise = &se->base;
281 /* XXX ap beaconing multiple ssid w/ same bssid */
282 if (sp->ssid[1] != 0 &&
283 (ISPROBE(subtype) || ise->se_ssid[1] == 0))
284 memcpy(ise->se_ssid, sp->ssid, 2+sp->ssid[1]);
285 KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE,
286 ("rate set too large: %u", sp->rates[1]));
287 memcpy(ise->se_rates, sp->rates, 2+sp->rates[1]);
288 if (sp->xrates != NULL) {
289 /* XXX validate xrates[1] */
290 KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE,
291 ("xrate set too large: %u", sp->xrates[1]));
292 memcpy(ise->se_xrates, sp->xrates, 2+sp->xrates[1]);
293 } else
294 ise->se_xrates[1] = 0;
295 IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3);
296 if ((sp->status & IEEE80211_BPARSE_OFFCHAN) == 0) {
297 /*
298 * Record rssi data using extended precision LPF filter.
299 *
300 * NB: use only on-channel data to insure we get a good
301 * estimate of the signal we'll see when associated.
302 */
303 IEEE80211_RSSI_LPF(se->se_avgrssi, rssi);
304 ise->se_rssi = IEEE80211_RSSI_GET(se->se_avgrssi);
305 ise->se_noise = noise;
306 }
307 memcpy(ise->se_tstamp.data, sp->tstamp, sizeof(ise->se_tstamp));
308 ise->se_intval = sp->bintval;
309 ise->se_capinfo = sp->capinfo;
310 #ifdef IEEE80211_SUPPORT_MESH
311 if (sp->meshid != NULL && sp->meshid[1] != 0)
312 memcpy(ise->se_meshid, sp->meshid, 2+sp->meshid[1]);
313 #endif
314 /*
315 * Beware of overriding se_chan for frames seen
316 * off-channel; this can cause us to attempt an
317 * association on the wrong channel.
318 */
319 if (sp->status & IEEE80211_BPARSE_OFFCHAN) {
320 /*
321 * Off-channel, locate the home/bss channel for the sta
322 * using the value broadcast in the DSPARMS ie. We know
323 * sp->chan has this value because it's used to calculate
324 * IEEE80211_BPARSE_OFFCHAN.
325 */
326 c = ieee80211_find_channel_byieee(ic, sp->chan,
327 curchan->ic_flags);
328 if (c != NULL) {
329 ise->se_chan = c;
330 } else if (ise->se_chan == NULL) {
331 /* should not happen, pick something */
332 ise->se_chan = curchan;
333 }
334 } else
335 ise->se_chan = curchan;
336 if (IEEE80211_IS_CHAN_HT(ise->se_chan) && sp->htcap == NULL) {
337 /* Demote legacy networks to a non-HT channel. */
338 c = ieee80211_find_channel(ic, ise->se_chan->ic_freq,
339 ise->se_chan->ic_flags & ~IEEE80211_CHAN_HT);
340 KASSERT(c != NULL,
341 ("no legacy channel %u", ise->se_chan->ic_ieee));
342 ise->se_chan = c;
343 }
344 ise->se_fhdwell = sp->fhdwell;
345 ise->se_fhindex = sp->fhindex;
346 ise->se_erp = sp->erp;
347 ise->se_timoff = sp->timoff;
348 if (sp->tim != NULL) {
349 const struct ieee80211_tim_ie *tim =
350 (const struct ieee80211_tim_ie *) sp->tim;
351 ise->se_dtimperiod = tim->tim_period;
352 }
353 if (sp->country != NULL) {
354 const struct ieee80211_country_ie *cie =
355 (const struct ieee80211_country_ie *) sp->country;
356 /*
357 * If 11d is enabled and we're attempting to join a bss
358 * that advertises it's country code then compare our
359 * current settings to what we fetched from the country ie.
360 * If our country code is unspecified or different then
361 * dispatch an event to user space that identifies the
362 * country code so our regdomain config can be changed.
363 */
364 /* XXX only for STA mode? */
365 if ((IEEE80211_IS_CHAN_11D(ise->se_chan) ||
366 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) &&
367 (ic->ic_regdomain.country == CTRY_DEFAULT ||
368 !isocmp(cie->cc, ic->ic_regdomain.isocc))) {
369 /* only issue one notify event per scan */
370 if (se->se_countrygen != st->st_scangen) {
371 ieee80211_notify_country(vap, ise->se_bssid,
372 cie->cc);
373 se->se_countrygen = st->st_scangen;
374 }
375 }
376 ise->se_cc[0] = cie->cc[0];
377 ise->se_cc[1] = cie->cc[1];
378 }
379 /* NB: no need to setup ie ptrs; they are not (currently) used */
380 (void) ieee80211_ies_init(&ise->se_ies, sp->ies, sp->ies_len);
381
382 /* clear failure count after STA_FAIL_AGE passes */
383 if (se->se_fails && (ticks - se->se_lastfail) > STA_FAILS_AGE*hz) {
384 se->se_fails = 0;
385 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_SCAN, macaddr,
386 "%s: fails %u", __func__, se->se_fails);
387 }
388
389 se->se_lastupdate = ticks; /* update time */
390 se->se_seen = 1;
391 se->se_notseen = 0;
392
393 KASSERT(sizeof(sp->bchan) == 1, ("bchan size"));
394 if (rssi > st->st_maxrssi[sp->bchan])
395 st->st_maxrssi[sp->bchan] = rssi;
396
397 IEEE80211_SCAN_TABLE_UNLOCK(st);
398
399 /*
400 * If looking for a quick choice and nothing's
401 * been found check here.
402 */
403 if (PICK1ST(ss) && match_bss(vap, ss, se, IEEE80211_MSG_SCAN) == 0)
404 ss->ss_flags |= IEEE80211_SCAN_GOTPICK;
405
406 return 1;
407 #undef PICK1ST
408 #undef ISPROBE
409 }
410
411 /*
412 * Check if a channel is excluded by user request.
413 */
414 static int
415 isexcluded(struct ieee80211vap *vap, const struct ieee80211_channel *c)
416 {
417 return (isclr(vap->iv_ic->ic_chan_active, c->ic_ieee) ||
418 (vap->iv_des_chan != IEEE80211_CHAN_ANYC &&
419 c->ic_freq != vap->iv_des_chan->ic_freq));
420 }
421
422 static struct ieee80211_channel *
423 find11gchannel(struct ieee80211com *ic, int i, int freq)
424 {
425 struct ieee80211_channel *c;
426 int j;
427
428 /*
429 * The normal ordering in the channel list is b channel
430 * immediately followed by g so optimize the search for
431 * this. We'll still do a full search just in case.
432 */
433 for (j = i+1; j < ic->ic_nchans; j++) {
434 c = &ic->ic_channels[j];
435 if (c->ic_freq == freq && IEEE80211_IS_CHAN_G(c))
436 return c;
437 }
438 for (j = 0; j < i; j++) {
439 c = &ic->ic_channels[j];
440 if (c->ic_freq == freq && IEEE80211_IS_CHAN_G(c))
441 return c;
442 }
443 return NULL;
444 }
445
446 static const u_int chanflags[IEEE80211_MODE_MAX] = {
447 [IEEE80211_MODE_AUTO] = IEEE80211_CHAN_B,
448 [IEEE80211_MODE_11A] = IEEE80211_CHAN_A,
449 [IEEE80211_MODE_11B] = IEEE80211_CHAN_B,
450 [IEEE80211_MODE_11G] = IEEE80211_CHAN_G,
451 [IEEE80211_MODE_FH] = IEEE80211_CHAN_FHSS,
452 /* check base channel */
453 [IEEE80211_MODE_TURBO_A] = IEEE80211_CHAN_A,
454 [IEEE80211_MODE_TURBO_G] = IEEE80211_CHAN_G,
455 [IEEE80211_MODE_STURBO_A] = IEEE80211_CHAN_ST,
456 [IEEE80211_MODE_HALF] = IEEE80211_CHAN_HALF,
457 [IEEE80211_MODE_QUARTER] = IEEE80211_CHAN_QUARTER,
458 /* check legacy */
459 [IEEE80211_MODE_11NA] = IEEE80211_CHAN_A,
460 [IEEE80211_MODE_11NG] = IEEE80211_CHAN_G,
461 };
462
463 static void
464 add_channels(struct ieee80211vap *vap,
465 struct ieee80211_scan_state *ss,
466 enum ieee80211_phymode mode, const uint16_t freq[], int nfreq)
467 {
468 struct ieee80211com *ic = vap->iv_ic;
469 struct ieee80211_channel *c, *cg;
470 u_int modeflags;
471 int i;
472
473 KASSERT(mode < nitems(chanflags), ("Unexpected mode %u", mode));
474 modeflags = chanflags[mode];
475 for (i = 0; i < nfreq; i++) {
476 if (ss->ss_last >= IEEE80211_SCAN_MAX)
477 break;
478
479 c = ieee80211_find_channel(ic, freq[i], modeflags);
480 if (c == NULL || isexcluded(vap, c))
481 continue;
482 if (mode == IEEE80211_MODE_AUTO) {
483 /*
484 * XXX special-case 11b/g channels so we select
485 * the g channel if both are present.
486 */
487 if (IEEE80211_IS_CHAN_B(c) &&
488 (cg = find11gchannel(ic, i, c->ic_freq)) != NULL)
489 c = cg;
490 }
491 ss->ss_chans[ss->ss_last++] = c;
492 }
493 }
494
495 struct scanlist {
496 uint16_t mode;
497 uint16_t count;
498 const uint16_t *list;
499 };
500
501 static int
502 checktable(const struct scanlist *scan, const struct ieee80211_channel *c)
503 {
504 int i;
505
506 for (; scan->list != NULL; scan++) {
507 for (i = 0; i < scan->count; i++)
508 if (scan->list[i] == c->ic_freq)
509 return 1;
510 }
511 return 0;
512 }
513
514 static int
515 onscanlist(const struct ieee80211_scan_state *ss,
516 const struct ieee80211_channel *c)
517 {
518 int i;
519
520 for (i = 0; i < ss->ss_last; i++)
521 if (ss->ss_chans[i] == c)
522 return 1;
523 return 0;
524 }
525
526 static void
527 sweepchannels(struct ieee80211_scan_state *ss, struct ieee80211vap *vap,
528 const struct scanlist table[])
529 {
530 struct ieee80211com *ic = vap->iv_ic;
531 struct ieee80211_channel *c;
532 int i;
533
534 for (i = 0; i < ic->ic_nchans; i++) {
535 if (ss->ss_last >= IEEE80211_SCAN_MAX)
536 break;
537
538 c = &ic->ic_channels[i];
539 /*
540 * Ignore dynamic turbo channels; we scan them
541 * in normal mode (i.e. not boosted). Likewise
542 * for HT channels, they get scanned using
543 * legacy rates.
544 */
545 if (IEEE80211_IS_CHAN_DTURBO(c) || IEEE80211_IS_CHAN_HT(c))
546 continue;
547
548 /*
549 * If a desired mode was specified, scan only
550 * channels that satisfy that constraint.
551 */
552 if (vap->iv_des_mode != IEEE80211_MODE_AUTO &&
553 vap->iv_des_mode != ieee80211_chan2mode(c))
554 continue;
555
556 /*
557 * Skip channels excluded by user request.
558 */
559 if (isexcluded(vap, c))
560 continue;
561
562 /*
563 * Add the channel unless it is listed in the
564 * fixed scan order tables. This insures we
565 * don't sweep back in channels we filtered out
566 * above.
567 */
568 if (checktable(table, c))
569 continue;
570
571 /* Add channel to scanning list. */
572 ss->ss_chans[ss->ss_last++] = c;
573 }
574 /*
575 * Explicitly add any desired channel if:
576 * - not already on the scan list
577 * - allowed by any desired mode constraint
578 * - there is space in the scan list
579 * This allows the channel to be used when the filtering
580 * mechanisms would otherwise elide it (e.g HT, turbo).
581 */
582 c = vap->iv_des_chan;
583 if (c != IEEE80211_CHAN_ANYC &&
584 !onscanlist(ss, c) &&
585 (vap->iv_des_mode == IEEE80211_MODE_AUTO ||
586 vap->iv_des_mode == ieee80211_chan2mode(c)) &&
587 ss->ss_last < IEEE80211_SCAN_MAX)
588 ss->ss_chans[ss->ss_last++] = c;
589 }
590
591 static void
592 makescanlist(struct ieee80211_scan_state *ss, struct ieee80211vap *vap,
593 const struct scanlist table[])
594 {
595 const struct scanlist *scan;
596 enum ieee80211_phymode mode;
597
598 ss->ss_last = 0;
599 /*
600 * Use the table of ordered channels to construct the list
601 * of channels for scanning. Any channels in the ordered
602 * list not in the master list will be discarded.
603 */
604 for (scan = table; scan->list != NULL; scan++) {
605 mode = scan->mode;
606 if (vap->iv_des_mode != IEEE80211_MODE_AUTO) {
607 /*
608 * If a desired mode was specified, scan only
609 * channels that satisfy that constraint.
610 */
611 if (vap->iv_des_mode != mode) {
612 /*
613 * The scan table marks 2.4Ghz channels as b
614 * so if the desired mode is 11g, then use
615 * the 11b channel list but upgrade the mode.
616 */
617 if (vap->iv_des_mode == IEEE80211_MODE_11G) {
618 if (mode == IEEE80211_MODE_11G) /* Skip the G check */
619 continue;
620 else if (mode == IEEE80211_MODE_11B)
621 mode = IEEE80211_MODE_11G; /* upgrade */
622 }
623 }
624 } else {
625 /*
626 * This lets add_channels upgrade an 11b channel
627 * to 11g if available.
628 */
629 if (mode == IEEE80211_MODE_11B)
630 mode = IEEE80211_MODE_AUTO;
631 }
632 #ifdef IEEE80211_F_XR
633 /* XR does not operate on turbo channels */
634 if ((vap->iv_flags & IEEE80211_F_XR) &&
635 (mode == IEEE80211_MODE_TURBO_A ||
636 mode == IEEE80211_MODE_TURBO_G ||
637 mode == IEEE80211_MODE_STURBO_A))
638 continue;
639 #endif
640 /*
641 * Add the list of the channels; any that are not
642 * in the master channel list will be discarded.
643 */
644 add_channels(vap, ss, mode, scan->list, scan->count);
645 }
646
647 /*
648 * Add the channels from the ic that are not present
649 * in the table.
650 */
651 sweepchannels(ss, vap, table);
652 }
653
654 static const uint16_t rcl1[] = /* 8 FCC channel: 52, 56, 60, 64, 36, 40, 44, 48 */
655 { 5260, 5280, 5300, 5320, 5180, 5200, 5220, 5240 };
656 static const uint16_t rcl2[] = /* 4 MKK channels: 34, 38, 42, 46 */
657 { 5170, 5190, 5210, 5230 };
658 static const uint16_t rcl3[] = /* 2.4Ghz ch: 1,6,11,7,13 */
659 { 2412, 2437, 2462, 2442, 2472 };
660 static const uint16_t rcl4[] = /* 5 FCC channel: 149, 153, 161, 165 */
661 { 5745, 5765, 5785, 5805, 5825 };
662 static const uint16_t rcl7[] = /* 11 ETSI channel: 100,104,108,112,116,120,124,128,132,136,140 */
663 { 5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680, 5700 };
664 static const uint16_t rcl8[] = /* 2.4Ghz ch: 2,3,4,5,8,9,10,12 */
665 { 2417, 2422, 2427, 2432, 2447, 2452, 2457, 2467 };
666 static const uint16_t rcl9[] = /* 2.4Ghz ch: 14 */
667 { 2484 };
668 static const uint16_t rcl10[] = /* Added Korean channels 2312-2372 */
669 { 2312, 2317, 2322, 2327, 2332, 2337, 2342, 2347, 2352, 2357, 2362, 2367, 2372 };
670 static const uint16_t rcl11[] = /* Added Japan channels in 4.9/5.0 spectrum */
671 { 5040, 5060, 5080, 4920, 4940, 4960, 4980 };
672 #ifdef ATH_TURBO_SCAN
673 static const uint16_t rcl5[] = /* 3 static turbo channels */
674 { 5210, 5250, 5290 };
675 static const uint16_t rcl6[] = /* 2 static turbo channels */
676 { 5760, 5800 };
677 static const uint16_t rcl6x[] = /* 4 FCC3 turbo channels */
678 { 5540, 5580, 5620, 5660 };
679 static const uint16_t rcl12[] = /* 2.4Ghz Turbo channel 6 */
680 { 2437 };
681 static const uint16_t rcl13[] = /* dynamic Turbo channels */
682 { 5200, 5240, 5280, 5765, 5805 };
683 #endif /* ATH_TURBO_SCAN */
684
685 #define X(a) .count = sizeof(a)/sizeof(a[0]), .list = a
686
687 static const struct scanlist staScanTable[] = {
688 { IEEE80211_MODE_11B, X(rcl3) },
689 { IEEE80211_MODE_11A, X(rcl1) },
690 { IEEE80211_MODE_11A, X(rcl2) },
691 { IEEE80211_MODE_11B, X(rcl8) },
692 { IEEE80211_MODE_11B, X(rcl9) },
693 { IEEE80211_MODE_11A, X(rcl4) },
694 #ifdef ATH_TURBO_SCAN
695 { IEEE80211_MODE_STURBO_A, X(rcl5) },
696 { IEEE80211_MODE_STURBO_A, X(rcl6) },
697 { IEEE80211_MODE_TURBO_A, X(rcl6x) },
698 { IEEE80211_MODE_TURBO_A, X(rcl13) },
699 #endif /* ATH_TURBO_SCAN */
700 { IEEE80211_MODE_11A, X(rcl7) },
701 { IEEE80211_MODE_11B, X(rcl10) },
702 { IEEE80211_MODE_11A, X(rcl11) },
703 #ifdef ATH_TURBO_SCAN
704 { IEEE80211_MODE_TURBO_G, X(rcl12) },
705 #endif /* ATH_TURBO_SCAN */
706 { .list = NULL }
707 };
708
709 /*
710 * Start a station-mode scan by populating the channel list.
711 */
712 static int
713 sta_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
714 {
715 struct sta_table *st = ss->ss_priv;
716
717 makescanlist(ss, vap, staScanTable);
718
719 if (ss->ss_mindwell == 0)
720 ss->ss_mindwell = msecs_to_ticks(20); /* 20ms */
721 if (ss->ss_maxdwell == 0)
722 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */
723
724 st->st_scangen++;
725 st->st_newscan = 1;
726
727 return 0;
728 }
729
730 /*
731 * Restart a scan, typically a bg scan but can
732 * also be a fg scan that came up empty.
733 */
734 static int
735 sta_restart(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
736 {
737 struct sta_table *st = ss->ss_priv;
738
739 st->st_newscan = 1;
740 return 0;
741 }
742
743 /*
744 * Cancel an ongoing scan.
745 */
746 static int
747 sta_cancel(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
748 {
749 return 0;
750 }
751
752 /*
753 * Demote any supplied 11g channel to 11b. There should
754 * always be an 11b channel but we check anyway...
755 */
756 static struct ieee80211_channel *
757 demote11b(struct ieee80211vap *vap, struct ieee80211_channel *chan)
758 {
759 struct ieee80211_channel *c;
760
761 if (IEEE80211_IS_CHAN_ANYG(chan) &&
762 vap->iv_des_mode == IEEE80211_MODE_AUTO) {
763 c = ieee80211_find_channel(vap->iv_ic, chan->ic_freq,
764 (chan->ic_flags &~ (IEEE80211_CHAN_PUREG | IEEE80211_CHAN_G)) |
765 IEEE80211_CHAN_B);
766 if (c != NULL)
767 chan = c;
768 }
769 return chan;
770 }
771
772 static int
773 maxrate(const struct ieee80211_scan_entry *se)
774 {
775 const struct ieee80211_ie_htcap *htcap =
776 (const struct ieee80211_ie_htcap *) se->se_ies.htcap_ie;
777 int rmax, r, i, txstream;
778 uint16_t caps;
779 uint8_t txparams;
780
781 rmax = 0;
782 if (htcap != NULL) {
783 /*
784 * HT station; inspect supported MCS and then adjust
785 * rate by channel width.
786 */
787 txparams = htcap->hc_mcsset[12];
788 if (txparams & 0x3) {
789 /*
790 * TX MCS parameters defined and not equal to RX,
791 * extract the number of spartial streams and
792 * map it to the highest MCS rate.
793 */
794 txstream = ((txparams & 0xc) >> 2) + 1;
795 i = txstream * 8 - 1;
796 } else
797 for (i = 31; i >= 0 && isclr(htcap->hc_mcsset, i); i--);
798 if (i >= 0) {
799 caps = le16dec(&htcap->hc_cap);
800 if ((caps & IEEE80211_HTCAP_CHWIDTH40) &&
801 (caps & IEEE80211_HTCAP_SHORTGI40))
802 rmax = ieee80211_htrates[i].ht40_rate_400ns;
803 else if (caps & IEEE80211_HTCAP_CHWIDTH40)
804 rmax = ieee80211_htrates[i].ht40_rate_800ns;
805 else if (caps & IEEE80211_HTCAP_SHORTGI20)
806 rmax = ieee80211_htrates[i].ht20_rate_400ns;
807 else
808 rmax = ieee80211_htrates[i].ht20_rate_800ns;
809 }
810 }
811 for (i = 0; i < se->se_rates[1]; i++) {
812 r = se->se_rates[2+i] & IEEE80211_RATE_VAL;
813 if (r > rmax)
814 rmax = r;
815 }
816 for (i = 0; i < se->se_xrates[1]; i++) {
817 r = se->se_xrates[2+i] & IEEE80211_RATE_VAL;
818 if (r > rmax)
819 rmax = r;
820 }
821 return rmax;
822 }
823
824 /*
825 * Compare the capabilities of two entries and decide which is
826 * more desirable (return >0 if a is considered better). Note
827 * that we assume compatibility/usability has already been checked
828 * so we don't need to (e.g. validate whether privacy is supported).
829 * Used to select the best scan candidate for association in a BSS.
830 */
831 static int
832 sta_compare(const struct sta_entry *a, const struct sta_entry *b)
833 {
834 #define PREFER(_a,_b,_what) do { \
835 if (((_a) ^ (_b)) & (_what)) \
836 return ((_a) & (_what)) ? 1 : -1; \
837 } while (0)
838 int maxa, maxb;
839 int8_t rssia, rssib;
840 int weight;
841
842 /* privacy support */
843 PREFER(a->base.se_capinfo, b->base.se_capinfo,
844 IEEE80211_CAPINFO_PRIVACY);
845
846 /* compare count of previous failures */
847 weight = b->se_fails - a->se_fails;
848 if (abs(weight) > 1)
849 return weight;
850
851 /*
852 * Compare rssi. If the two are considered equivalent
853 * then fallback to other criteria. We threshold the
854 * comparisons to avoid selecting an ap purely by rssi
855 * when both values may be good but one ap is otherwise
856 * more desirable (e.g. an 11b-only ap with stronger
857 * signal than an 11g ap).
858 */
859 rssia = MIN(a->base.se_rssi, STA_RSSI_MAX);
860 rssib = MIN(b->base.se_rssi, STA_RSSI_MAX);
861 if (abs(rssib - rssia) < 5) {
862 /* best/max rate preferred if signal level close enough XXX */
863 maxa = maxrate(&a->base);
864 maxb = maxrate(&b->base);
865 if (maxa != maxb)
866 return maxa - maxb;
867 /* XXX use freq for channel preference */
868 /* for now just prefer 5Ghz band to all other bands */
869 PREFER(IEEE80211_IS_CHAN_5GHZ(a->base.se_chan),
870 IEEE80211_IS_CHAN_5GHZ(b->base.se_chan), 1);
871 }
872 /* all things being equal, use signal level */
873 return a->base.se_rssi - b->base.se_rssi;
874 #undef PREFER
875 }
876
877 /*
878 * Check rate set suitability and return the best supported rate.
879 * XXX inspect MCS for HT
880 */
881 static int
882 check_rate(struct ieee80211vap *vap, const struct ieee80211_channel *chan,
883 const struct ieee80211_scan_entry *se)
884 {
885 const struct ieee80211_rateset *srs;
886 int i, j, nrs, r, okrate, badrate, fixedrate, ucastrate;
887 const uint8_t *rs;
888
889 okrate = badrate = 0;
890
891 srs = ieee80211_get_suprates(vap->iv_ic, chan);
892 nrs = se->se_rates[1];
893 rs = se->se_rates+2;
894 /* XXX MCS */
895 ucastrate = vap->iv_txparms[ieee80211_chan2mode(chan)].ucastrate;
896 fixedrate = IEEE80211_FIXED_RATE_NONE;
897 again:
898 for (i = 0; i < nrs; i++) {
899 r = IEEE80211_RV(rs[i]);
900 badrate = r;
901 /*
902 * Check any fixed rate is included.
903 */
904 if (r == ucastrate)
905 fixedrate = r;
906 /*
907 * Check against our supported rates.
908 */
909 for (j = 0; j < srs->rs_nrates; j++)
910 if (r == IEEE80211_RV(srs->rs_rates[j])) {
911 if (r > okrate) /* NB: track max */
912 okrate = r;
913 break;
914 }
915
916 if (j == srs->rs_nrates && (rs[i] & IEEE80211_RATE_BASIC)) {
917 /*
918 * Don't try joining a BSS, if we don't support
919 * one of its basic rates.
920 */
921 okrate = 0;
922 goto back;
923 }
924 }
925 if (rs == se->se_rates+2) {
926 /* scan xrates too; sort of an algol68-style for loop */
927 nrs = se->se_xrates[1];
928 rs = se->se_xrates+2;
929 goto again;
930 }
931
932 back:
933 if (okrate == 0 || ucastrate != fixedrate)
934 return badrate | IEEE80211_RATE_BASIC;
935 else
936 return IEEE80211_RV(okrate);
937 }
938
939 static __inline int
940 match_id(const uint8_t *ie, const uint8_t *val, int len)
941 {
942 return (ie[1] == len && memcmp(ie+2, val, len) == 0);
943 }
944
945 static int
946 match_ssid(const uint8_t *ie,
947 int nssid, const struct ieee80211_scan_ssid ssids[])
948 {
949 int i;
950
951 for (i = 0; i < nssid; i++) {
952 if (match_id(ie, ssids[i].ssid, ssids[i].len))
953 return 1;
954 }
955 return 0;
956 }
957
958 #ifdef IEEE80211_SUPPORT_TDMA
959 static int
960 tdma_isfull(const struct ieee80211_tdma_param *tdma)
961 {
962 int slot, slotcnt;
963
964 slotcnt = tdma->tdma_slotcnt;
965 for (slot = slotcnt-1; slot >= 0; slot--)
966 if (isclr(tdma->tdma_inuse, slot))
967 return 0;
968 return 1;
969 }
970 #endif /* IEEE80211_SUPPORT_TDMA */
971
972 /*
973 * Test a scan candidate for suitability/compatibility.
974 */
975 static int
976 match_bss(struct ieee80211vap *vap,
977 const struct ieee80211_scan_state *ss, struct sta_entry *se0,
978 int debug)
979 {
980 struct ieee80211com *ic = vap->iv_ic;
981 struct ieee80211_scan_entry *se = &se0->base;
982 uint8_t rate;
983 int fail;
984
985 fail = 0;
986 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, se->se_chan)))
987 fail |= MATCH_CHANNEL;
988 /*
989 * NB: normally the desired mode is used to construct
990 * the channel list, but it's possible for the scan
991 * cache to include entries for stations outside this
992 * list so we check the desired mode here to weed them
993 * out.
994 */
995 if (vap->iv_des_mode != IEEE80211_MODE_AUTO &&
996 (se->se_chan->ic_flags & IEEE80211_CHAN_ALLTURBO) !=
997 chanflags[vap->iv_des_mode])
998 fail |= MATCH_CHANNEL;
999 if (vap->iv_opmode == IEEE80211_M_IBSS) {
1000 if ((se->se_capinfo & IEEE80211_CAPINFO_IBSS) == 0)
1001 fail |= MATCH_CAPINFO;
1002 #ifdef IEEE80211_SUPPORT_TDMA
1003 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) {
1004 /*
1005 * Adhoc demo network setup shouldn't really be scanning
1006 * but just in case skip stations operating in IBSS or
1007 * BSS mode.
1008 */
1009 if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS))
1010 fail |= MATCH_CAPINFO;
1011 /*
1012 * TDMA operation cannot coexist with a normal 802.11 network;
1013 * skip if IBSS or ESS capabilities are marked and require
1014 * the beacon have a TDMA ie present.
1015 */
1016 if (vap->iv_caps & IEEE80211_C_TDMA) {
1017 const struct ieee80211_tdma_param *tdma =
1018 (const struct ieee80211_tdma_param *)se->se_ies.tdma_ie;
1019 const struct ieee80211_tdma_state *ts = vap->iv_tdma;
1020
1021 if (tdma == NULL)
1022 fail |= MATCH_TDMA_NOIE;
1023 else if (tdma->tdma_version != ts->tdma_version)
1024 fail |= MATCH_TDMA_VERSION;
1025 else if (tdma->tdma_slot != 0)
1026 fail |= MATCH_TDMA_NOTMASTER;
1027 else if (tdma_isfull(tdma))
1028 fail |= MATCH_TDMA_NOSLOT;
1029 #if 0
1030 else if (ieee80211_local_address(se->se_macaddr))
1031 fail |= MATCH_TDMA_LOCAL;
1032 #endif
1033 }
1034 #endif /* IEEE80211_SUPPORT_TDMA */
1035 #ifdef IEEE80211_SUPPORT_MESH
1036 } else if (vap->iv_opmode == IEEE80211_M_MBSS) {
1037 const struct ieee80211_mesh_state *ms = vap->iv_mesh;
1038 /*
1039 * Mesh nodes have IBSS & ESS bits in capinfo turned off
1040 * and two special ie's that must be present.
1041 */
1042 if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS))
1043 fail |= MATCH_CAPINFO;
1044 else if (se->se_meshid[0] != IEEE80211_ELEMID_MESHID)
1045 fail |= MATCH_MESH_NOID;
1046 else if (ms->ms_idlen != 0 &&
1047 match_id(se->se_meshid, ms->ms_id, ms->ms_idlen))
1048 fail |= MATCH_MESHID;
1049 #endif
1050 } else {
1051 if ((se->se_capinfo & IEEE80211_CAPINFO_ESS) == 0)
1052 fail |= MATCH_CAPINFO;
1053 /*
1054 * If 11d is enabled and we're attempting to join a bss
1055 * that advertises it's country code then compare our
1056 * current settings to what we fetched from the country ie.
1057 * If our country code is unspecified or different then do
1058 * not attempt to join the bss. We should have already
1059 * dispatched an event to user space that identifies the
1060 * new country code so our regdomain config should match.
1061 */
1062 if ((IEEE80211_IS_CHAN_11D(se->se_chan) ||
1063 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) &&
1064 se->se_cc[0] != 0 &&
1065 (ic->ic_regdomain.country == CTRY_DEFAULT ||
1066 !isocmp(se->se_cc, ic->ic_regdomain.isocc)))
1067 fail |= MATCH_CC;
1068 }
1069 if (vap->iv_flags & IEEE80211_F_PRIVACY) {
1070 if ((se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0)
1071 fail |= MATCH_PRIVACY;
1072 } else {
1073 /* XXX does this mean privacy is supported or required? */
1074 if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY)
1075 fail |= MATCH_PRIVACY;
1076 }
1077 se0->se_flags &= ~STA_DEMOTE11B;
1078 rate = check_rate(vap, se->se_chan, se);
1079 if (rate & IEEE80211_RATE_BASIC) {
1080 fail |= MATCH_RATE;
1081 /*
1082 * An 11b-only ap will give a rate mismatch if there is an
1083 * OFDM fixed tx rate for 11g. Try downgrading the channel
1084 * in the scan list to 11b and retry the rate check.
1085 */
1086 if (IEEE80211_IS_CHAN_ANYG(se->se_chan)) {
1087 rate = check_rate(vap, demote11b(vap, se->se_chan), se);
1088 if ((rate & IEEE80211_RATE_BASIC) == 0) {
1089 fail &= ~MATCH_RATE;
1090 se0->se_flags |= STA_DEMOTE11B;
1091 }
1092 }
1093 } else if (rate < 2*24) {
1094 /*
1095 * This is an 11b-only ap. Check the desired mode in
1096 * case that needs to be honored (mode 11g filters out
1097 * 11b-only ap's). Otherwise force any 11g channel used
1098 * in scanning to be demoted.
1099 *
1100 * NB: we cheat a bit here by looking at the max rate;
1101 * we could/should check the rates.
1102 */
1103 if (!(vap->iv_des_mode == IEEE80211_MODE_AUTO ||
1104 vap->iv_des_mode == IEEE80211_MODE_11B))
1105 fail |= MATCH_RATE;
1106 else
1107 se0->se_flags |= STA_DEMOTE11B;
1108 }
1109 if (ss->ss_nssid != 0 &&
1110 !match_ssid(se->se_ssid, ss->ss_nssid, ss->ss_ssid))
1111 fail |= MATCH_SSID;
1112 if ((vap->iv_flags & IEEE80211_F_DESBSSID) &&
1113 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, se->se_bssid))
1114 fail |= MATCH_BSSID;
1115 if (se0->se_fails >= STA_FAILS_MAX)
1116 fail |= MATCH_FAILS;
1117 if (se0->se_notseen >= STA_PURGE_SCANS)
1118 fail |= MATCH_NOTSEEN;
1119 if (se->se_rssi < STA_RSSI_MIN)
1120 fail |= MATCH_RSSI;
1121 #ifdef IEEE80211_DEBUG
1122 if (ieee80211_msg(vap, debug)) {
1123 kprintf(" %c %s",
1124 fail & MATCH_FAILS ? '=' :
1125 fail & MATCH_NOTSEEN ? '^' :
1126 fail & MATCH_CC ? '$' :
1127 #ifdef IEEE80211_SUPPORT_TDMA
1128 fail & MATCH_TDMA_NOIE ? '&' :
1129 fail & MATCH_TDMA_VERSION ? 'v' :
1130 fail & MATCH_TDMA_NOTMASTER ? 's' :
1131 fail & MATCH_TDMA_NOSLOT ? 'f' :
1132 fail & MATCH_TDMA_LOCAL ? 'l' :
1133 #endif
1134 fail & MATCH_MESH_NOID ? 'm' :
1135 fail ? '-' : '+', ether_sprintf(se->se_macaddr));
1136 kprintf(" %s%c", ether_sprintf(se->se_bssid),
1137 fail & MATCH_BSSID ? '!' : ' ');
1138 kprintf(" %3d%c", ieee80211_chan2ieee(ic, se->se_chan),
1139 fail & MATCH_CHANNEL ? '!' : ' ');
1140 kprintf(" %+4d%c", se->se_rssi, fail & MATCH_RSSI ? '!' : ' ');
1141 kprintf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2,
1142 fail & MATCH_RATE ? '!' : ' ');
1143 kprintf(" %4s%c",
1144 (se->se_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" :
1145 (se->se_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : "",
1146 fail & MATCH_CAPINFO ? '!' : ' ');
1147 kprintf(" %3s%c ",
1148 (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) ?
1149 "wep" : "no",
1150 fail & MATCH_PRIVACY ? '!' : ' ');
1151 ieee80211_print_essid(se->se_ssid+2, se->se_ssid[1]);
1152 kprintf("%s\n", fail & (MATCH_SSID | MATCH_MESHID) ? "!" : "");
1153 }
1154 #endif
1155 return fail;
1156 }
1157
1158 static void
1159 sta_update_notseen(struct sta_table *st)
1160 {
1161 struct sta_entry *se;
1162
1163 IEEE80211_SCAN_TABLE_LOCK(st);
1164 TAILQ_FOREACH(se, &st->st_entry, se_list) {
1165 /*
1166 * If seen the reset and don't bump the count;
1167 * otherwise bump the ``not seen'' count. Note
1168 * that this insures that stations for which we
1169 * see frames while not scanning but not during
1170 * this scan will not be penalized.
1171 */
1172 if (se->se_seen)
1173 se->se_seen = 0;
1174 else
1175 se->se_notseen++;
1176 }
1177 IEEE80211_SCAN_TABLE_UNLOCK(st);
1178 }
1179
1180 static void
1181 sta_dec_fails(struct sta_table *st)
1182 {
1183 struct sta_entry *se;
1184
1185 IEEE80211_SCAN_TABLE_LOCK(st);
1186 TAILQ_FOREACH(se, &st->st_entry, se_list)
1187 if (se->se_fails)
1188 se->se_fails--;
1189 IEEE80211_SCAN_TABLE_UNLOCK(st);
1190 }
1191
1192 static struct sta_entry *
1193 select_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap, int debug)
1194 {
1195 struct sta_table *st = ss->ss_priv;
1196 struct sta_entry *se, *selbs = NULL;
1197
1198 IEEE80211_DPRINTF(vap, debug, " %s\n",
1199 "macaddr bssid chan rssi rate flag wep essid");
1200 IEEE80211_SCAN_TABLE_LOCK(st);
1201 TAILQ_FOREACH(se, &st->st_entry, se_list) {
1202 ieee80211_ies_expand(&se->base.se_ies);
1203 if (match_bss(vap, ss, se, debug) == 0) {
1204 if (selbs == NULL)
1205 selbs = se;
1206 else if (sta_compare(se, selbs) > 0)
1207 selbs = se;
1208 }
1209 }
1210 IEEE80211_SCAN_TABLE_UNLOCK(st);
1211
1212 return selbs;
1213 }
1214
1215 /*
1216 * Pick an ap or ibss network to join or find a channel
1217 * to use to start an ibss network.
1218 */
1219 static int
1220 sta_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1221 {
1222 struct sta_table *st = ss->ss_priv;
1223 struct sta_entry *selbs;
1224 struct ieee80211_channel *chan;
1225
1226 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
1227 ("wrong mode %u", vap->iv_opmode));
1228
1229 if (st->st_newscan) {
1230 sta_update_notseen(st);
1231 st->st_newscan = 0;
1232 }
1233 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) {
1234 /*
1235 * Manual/background scan, don't select+join the
1236 * bss, just return. The scanning framework will
1237 * handle notification that this has completed.
1238 */
1239 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK;
1240 return 1;
1241 }
1242 /*
1243 * Automatic sequencing; look for a candidate and
1244 * if found join the network.
1245 */
1246 /* NB: unlocked read should be ok */
1247 if (TAILQ_FIRST(&st->st_entry) == NULL) {
1248 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
1249 "%s: no scan candidate\n", __func__);
1250 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1251 return 0;
1252 notfound:
1253 /*
1254 * If nothing suitable was found decrement
1255 * the failure counts so entries will be
1256 * reconsidered the next time around. We
1257 * really want to do this only for sta's
1258 * where we've previously had some success.
1259 */
1260 sta_dec_fails(st);
1261 st->st_newscan = 1;
1262 return 0; /* restart scan */
1263 }
1264 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN);
1265 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1266 return (selbs != NULL);
1267 if (selbs == NULL)
1268 goto notfound;
1269 chan = selbs->base.se_chan;
1270 if (selbs->se_flags & STA_DEMOTE11B)
1271 chan = demote11b(vap, chan);
1272 if (!ieee80211_sta_join(vap, chan, &selbs->base))
1273 goto notfound;
1274 return 1; /* terminate scan */
1275 }
1276
1277 /*
1278 * Lookup an entry in the scan cache. We assume we're
1279 * called from the bottom half or such that we don't need
1280 * to block the bottom half so that it's safe to return
1281 * a reference to an entry w/o holding the lock on the table.
1282 */
1283 static struct sta_entry *
1284 sta_lookup(struct sta_table *st, const uint8_t macaddr[IEEE80211_ADDR_LEN])
1285 {
1286 struct sta_entry *se;
1287 int hash = STA_HASH(macaddr);
1288
1289 IEEE80211_SCAN_TABLE_LOCK(st);
1290 LIST_FOREACH(se, &st->st_hash[hash], se_hash)
1291 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr))
1292 break;
1293 IEEE80211_SCAN_TABLE_UNLOCK(st);
1294
1295 return se; /* NB: unlocked */
1296 }
1297
1298 static void
1299 sta_roam_check(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1300 {
1301 struct ieee80211com *ic = vap->iv_ic;
1302 struct ieee80211_node *ni = vap->iv_bss;
1303 struct sta_table *st = ss->ss_priv;
1304 enum ieee80211_phymode mode;
1305 struct sta_entry *se, *selbs;
1306 uint8_t roamRate, curRate, ucastRate;
1307 int8_t roamRssi, curRssi;
1308
1309 se = sta_lookup(st, ni->ni_macaddr);
1310 if (se == NULL) {
1311 /* XXX something is wrong */
1312 return;
1313 }
1314
1315 mode = ieee80211_chan2mode(ic->ic_bsschan);
1316 roamRate = vap->iv_roamparms[mode].rate;
1317 roamRssi = vap->iv_roamparms[mode].rssi;
1318 ucastRate = vap->iv_txparms[mode].ucastrate;
1319 /* NB: the most up to date rssi is in the node, not the scan cache */
1320 curRssi = ic->ic_node_getrssi(ni);
1321 if (ucastRate == IEEE80211_FIXED_RATE_NONE) {
1322 curRate = ni->ni_txrate;
1323 roamRate &= IEEE80211_RATE_VAL;
1324 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ROAM,
1325 "%s: currssi %d currate %u roamrssi %d roamrate %u\n",
1326 __func__, curRssi, curRate, roamRssi, roamRate);
1327 } else {
1328 curRate = roamRate; /* NB: insure compare below fails */
1329 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ROAM,
1330 "%s: currssi %d roamrssi %d\n", __func__, curRssi, roamRssi);
1331 }
1332 /*
1333 * Check if a new ap should be used and switch.
1334 * XXX deauth current ap
1335 */
1336 if (curRate < roamRate || curRssi < roamRssi) {
1337 if (ieee80211_time_after(ticks, ic->ic_lastscan + vap->iv_scanvalid)) {
1338 /*
1339 * Scan cache contents are too old; force a scan now
1340 * if possible so we have current state to make a
1341 * decision with. We don't kick off a bg scan if
1342 * we're using dynamic turbo and boosted or if the
1343 * channel is busy.
1344 * XXX force immediate switch on scan complete
1345 */
1346 if (!IEEE80211_IS_CHAN_DTURBO(ic->ic_curchan) &&
1347 ((vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD) ||
1348 ieee80211_time_after(ticks, ic->ic_lastdata + vap->iv_bgscanidle)))
1349 ieee80211_bg_scan(vap, 0);
1350 return;
1351 }
1352 se->base.se_rssi = curRssi;
1353 selbs = select_bss(ss, vap, IEEE80211_MSG_ROAM);
1354 if (selbs != NULL && selbs != se) {
1355 struct ieee80211_channel *chan;
1356
1357 IEEE80211_DPRINTF(vap,
1358 IEEE80211_MSG_ROAM | IEEE80211_MSG_DEBUG,
1359 "%s: ROAM: curRate %u, roamRate %u, "
1360 "curRssi %d, roamRssi %d\n", __func__,
1361 curRate, roamRate, curRssi, roamRssi);
1362
1363 chan = selbs->base.se_chan;
1364 if (selbs->se_flags & STA_DEMOTE11B)
1365 chan = demote11b(vap, chan);
1366 (void) ieee80211_sta_join(vap, chan, &selbs->base);
1367 }
1368 }
1369 }
1370
1371 /*
1372 * Age entries in the scan cache.
1373 * XXX also do roaming since it's convenient
1374 */
1375 static void
1376 sta_age(struct ieee80211_scan_state *ss)
1377 {
1378 struct ieee80211vap *vap = ss->ss_vap;
1379
1380 adhoc_age(ss);
1381 /*
1382 * If rate control is enabled check periodically to see if
1383 * we should roam from our current connection to one that
1384 * might be better. This only applies when we're operating
1385 * in sta mode and automatic roaming is set.
1386 * XXX defer if busy
1387 * XXX repeater station
1388 * XXX do when !bgscan?
1389 */
1390 KASSERT(vap->iv_opmode == IEEE80211_M_STA,
1391 ("wrong mode %u", vap->iv_opmode));
1392 if (vap->iv_roaming == IEEE80211_ROAMING_AUTO &&
1393 (vap->iv_flags & IEEE80211_F_BGSCAN) &&
1394 vap->iv_state >= IEEE80211_S_RUN)
1395 /* XXX vap is implicit */
1396 sta_roam_check(ss, vap);
1397 }
1398
1399 /*
1400 * Iterate over the entries in the scan cache, invoking
1401 * the callback function on each one.
1402 */
1403 static void
1404 sta_iterate(struct ieee80211_scan_state *ss,
1405 ieee80211_scan_iter_func *f, void *arg)
1406 {
1407 struct sta_table *st = ss->ss_priv;
1408 struct sta_entry *se;
1409 u_int gen;
1410
1411 IEEE80211_SCAN_ITER_LOCK(st);
1412 gen = st->st_scaniter++;
1413 restart:
1414 IEEE80211_SCAN_TABLE_LOCK(st);
1415 TAILQ_FOREACH(se, &st->st_entry, se_list) {
1416 if (se->se_scangen != gen) {
1417 se->se_scangen = gen;
1418 /* update public state */
1419 se->base.se_age = ticks - se->se_lastupdate;
1420 IEEE80211_SCAN_TABLE_UNLOCK(st);
1421 (*f)(arg, &se->base);
1422 goto restart;
1423 }
1424 }
1425 IEEE80211_SCAN_TABLE_UNLOCK(st);
1426
1427 IEEE80211_SCAN_ITER_UNLOCK(st);
1428 }
1429
1430 static void
1431 sta_assoc_fail(struct ieee80211_scan_state *ss,
1432 const uint8_t macaddr[IEEE80211_ADDR_LEN], int reason)
1433 {
1434 struct sta_table *st = ss->ss_priv;
1435 struct sta_entry *se;
1436
1437 se = sta_lookup(st, macaddr);
1438 if (se != NULL) {
1439 se->se_fails++;
1440 se->se_lastfail = ticks;
1441 IEEE80211_NOTE_MAC(ss->ss_vap, IEEE80211_MSG_SCAN,
1442 macaddr, "%s: reason %u fails %u",
1443 __func__, reason, se->se_fails);
1444 }
1445 }
1446
1447 static void
1448 sta_assoc_success(struct ieee80211_scan_state *ss,
1449 const uint8_t macaddr[IEEE80211_ADDR_LEN])
1450 {
1451 struct sta_table *st = ss->ss_priv;
1452 struct sta_entry *se;
1453
1454 se = sta_lookup(st, macaddr);
1455 if (se != NULL) {
1456 #if 0
1457 se->se_fails = 0;
1458 IEEE80211_NOTE_MAC(ss->ss_vap, IEEE80211_MSG_SCAN,
1459 macaddr, "%s: fails %u",
1460 __func__, se->se_fails);
1461 #endif
1462 se->se_lastassoc = ticks;
1463 }
1464 }
1465
1466 static const struct ieee80211_scanner sta_default = {
1467 .scan_name = "default",
1468 .scan_attach = sta_attach,
1469 .scan_detach = sta_detach,
1470 .scan_start = sta_start,
1471 .scan_restart = sta_restart,
1472 .scan_cancel = sta_cancel,
1473 .scan_end = sta_pick_bss,
1474 .scan_flush = sta_flush,
1475 .scan_add = sta_add,
1476 .scan_age = sta_age,
1477 .scan_iterate = sta_iterate,
1478 .scan_assoc_fail = sta_assoc_fail,
1479 .scan_assoc_success = sta_assoc_success,
1480 };
1481 IEEE80211_SCANNER_ALG(sta, IEEE80211_M_STA, sta_default);
1482
1483 /*
1484 * Adhoc mode-specific support.
1485 */
1486
1487 static const uint16_t adhocWorld[] = /* 36, 40, 44, 48 */
1488 { 5180, 5200, 5220, 5240 };
1489 static const uint16_t adhocFcc3[] = /* 36, 40, 44, 48 145, 149, 153, 157, 161, 165 */
1490 { 5180, 5200, 5220, 5240, 5725, 5745, 5765, 5785, 5805, 5825 };
1491 static const uint16_t adhocMkk[] = /* 34, 38, 42, 46 */
1492 { 5170, 5190, 5210, 5230 };
1493 static const uint16_t adhoc11b[] = /* 10, 11 */
1494 { 2457, 2462 };
1495
1496 static const struct scanlist adhocScanTable[] = {
1497 { IEEE80211_MODE_11B, X(adhoc11b) },
1498 { IEEE80211_MODE_11A, X(adhocWorld) },
1499 { IEEE80211_MODE_11A, X(adhocFcc3) },
1500 { IEEE80211_MODE_11B, X(adhocMkk) },
1501 { .list = NULL }
1502 };
1503 #undef X
1504
1505 /*
1506 * Start an adhoc-mode scan by populating the channel list.
1507 */
1508 static int
1509 adhoc_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1510 {
1511 struct sta_table *st = ss->ss_priv;
1512
1513 makescanlist(ss, vap, adhocScanTable);
1514
1515 if (ss->ss_mindwell == 0)
1516 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */
1517 if (ss->ss_maxdwell == 0)
1518 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */
1519
1520 st->st_scangen++;
1521 st->st_newscan = 1;
1522
1523 return 0;
1524 }
1525
1526 /*
1527 * Select a channel to start an adhoc network on.
1528 * The channel list was populated with appropriate
1529 * channels so select one that looks least occupied.
1530 */
1531 static struct ieee80211_channel *
1532 adhoc_pick_channel(struct ieee80211_scan_state *ss, int flags)
1533 {
1534 struct sta_table *st = ss->ss_priv;
1535 struct sta_entry *se;
1536 struct ieee80211_channel *c, *bestchan;
1537 int i, bestrssi, maxrssi;
1538
1539 bestchan = NULL;
1540 bestrssi = -1;
1541
1542 IEEE80211_SCAN_TABLE_LOCK(st);
1543 for (i = 0; i < ss->ss_last; i++) {
1544 c = ss->ss_chans[i];
1545 /* never consider a channel with radar */
1546 if (IEEE80211_IS_CHAN_RADAR(c))
1547 continue;
1548 /* skip channels disallowed by regulatory settings */
1549 if (IEEE80211_IS_CHAN_NOADHOC(c))
1550 continue;
1551 /* check channel attributes for band compatibility */
1552 if (flags != 0 && (c->ic_flags & flags) != flags)
1553 continue;
1554 maxrssi = 0;
1555 TAILQ_FOREACH(se, &st->st_entry, se_list) {
1556 if (se->base.se_chan != c)
1557 continue;
1558 if (se->base.se_rssi > maxrssi)
1559 maxrssi = se->base.se_rssi;
1560 }
1561 if (bestchan == NULL || maxrssi < bestrssi)
1562 bestchan = c;
1563 }
1564 IEEE80211_SCAN_TABLE_UNLOCK(st);
1565
1566 return bestchan;
1567 }
1568
1569 /*
1570 * Pick an ibss network to join or find a channel
1571 * to use to start an ibss network.
1572 */
1573 static int
1574 adhoc_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1575 {
1576 struct sta_table *st = ss->ss_priv;
1577 struct sta_entry *selbs;
1578 struct ieee80211_channel *chan;
1579 struct ieee80211com *ic = vap->iv_ic;
1580
1581 KASSERT(vap->iv_opmode == IEEE80211_M_IBSS ||
1582 vap->iv_opmode == IEEE80211_M_AHDEMO ||
1583 vap->iv_opmode == IEEE80211_M_MBSS,
1584 ("wrong opmode %u", vap->iv_opmode));
1585
1586 if (st->st_newscan) {
1587 sta_update_notseen(st);
1588 st->st_newscan = 0;
1589 }
1590 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) {
1591 /*
1592 * Manual/background scan, don't select+join the
1593 * bss, just return. The scanning framework will
1594 * handle notification that this has completed.
1595 */
1596 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK;
1597 return 1;
1598 }
1599 /*
1600 * Automatic sequencing; look for a candidate and
1601 * if found join the network.
1602 */
1603 /* NB: unlocked read should be ok */
1604 if (TAILQ_FIRST(&st->st_entry) == NULL) {
1605 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
1606 "%s: no scan candidate\n", __func__);
1607 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1608 return 0;
1609 notfound:
1610 /* NB: never auto-start a tdma network for slot !0 */
1611 #ifdef IEEE80211_SUPPORT_TDMA
1612 if (vap->iv_des_nssid &&
1613 ((vap->iv_caps & IEEE80211_C_TDMA) == 0 ||
1614 ieee80211_tdma_getslot(vap) == 0)) {
1615 #else
1616 if (vap->iv_des_nssid) {
1617 #endif
1618 /*
1619 * No existing adhoc network to join and we have
1620 * an ssid; start one up. If no channel was
1621 * specified, try to select a channel.
1622 */
1623 if (vap->iv_des_chan == IEEE80211_CHAN_ANYC ||
1624 IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) {
1625 chan = adhoc_pick_channel(ss, 0);
1626 } else
1627 chan = vap->iv_des_chan;
1628 if (chan != NULL) {
1629 struct ieee80211com *ic = vap->iv_ic;
1630 /*
1631 * Create a HT capable IBSS; the per-node
1632 * probe request/response will result in
1633 * "correct" rate control capabilities being
1634 * negotiated.
1635 */
1636 chan = ieee80211_ht_adjust_channel(ic,
1637 chan, vap->iv_flags_ht);
1638 ieee80211_create_ibss(vap, chan);
1639 return 1;
1640 }
1641 }
1642 /*
1643 * If nothing suitable was found decrement
1644 * the failure counts so entries will be
1645 * reconsidered the next time around. We
1646 * really want to do this only for sta's
1647 * where we've previously had some success.
1648 */
1649 sta_dec_fails(st);
1650 st->st_newscan = 1;
1651 return 0; /* restart scan */
1652 }
1653 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN);
1654 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1655 return (selbs != NULL);
1656 if (selbs == NULL)
1657 goto notfound;
1658 chan = selbs->base.se_chan;
1659 if (selbs->se_flags & STA_DEMOTE11B)
1660 chan = demote11b(vap, chan);
1661 /*
1662 * If HT is available, make it a possibility here.
1663 * The intent is to enable HT20/HT40 when joining a non-HT
1664 * IBSS node; we can then advertise HT IEs and speak HT
1665 * to any subsequent nodes that support it.
1666 */
1667 chan = ieee80211_ht_adjust_channel(ic,
1668 chan, vap->iv_flags_ht);
1669 if (!ieee80211_sta_join(vap, chan, &selbs->base))
1670 goto notfound;
1671 return 1; /* terminate scan */
1672 }
1673
1674 /*
1675 * Age entries in the scan cache.
1676 */
1677 static void
1678 adhoc_age(struct ieee80211_scan_state *ss)
1679 {
1680 struct sta_table *st = ss->ss_priv;
1681 struct sta_entry *se, *next;
1682
1683 IEEE80211_SCAN_TABLE_LOCK(st);
1684 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) {
1685 if (se->se_notseen > STA_PURGE_SCANS) {
1686 TAILQ_REMOVE(&st->st_entry, se, se_list);
1687 LIST_REMOVE(se, se_hash);
1688 ieee80211_ies_cleanup(&se->base.se_ies);
1689 IEEE80211_FREE(se, M_80211_SCAN);
1690 }
1691 }
1692 IEEE80211_SCAN_TABLE_UNLOCK(st);
1693 }
1694
1695 static const struct ieee80211_scanner adhoc_default = {
1696 .scan_name = "default",
1697 .scan_attach = sta_attach,
1698 .scan_detach = sta_detach,
1699 .scan_start = adhoc_start,
1700 .scan_restart = sta_restart,
1701 .scan_cancel = sta_cancel,
1702 .scan_end = adhoc_pick_bss,
1703 .scan_flush = sta_flush,
1704 .scan_pickchan = adhoc_pick_channel,
1705 .scan_add = sta_add,
1706 .scan_age = adhoc_age,
1707 .scan_iterate = sta_iterate,
1708 .scan_assoc_fail = sta_assoc_fail,
1709 .scan_assoc_success = sta_assoc_success,
1710 };
1711 IEEE80211_SCANNER_ALG(ibss, IEEE80211_M_IBSS, adhoc_default);
1712 IEEE80211_SCANNER_ALG(ahdemo, IEEE80211_M_AHDEMO, adhoc_default);
1713
1714 static int
1715 ap_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1716 {
1717 struct sta_table *st = ss->ss_priv;
1718
1719 makescanlist(ss, vap, staScanTable);
1720
1721 if (ss->ss_mindwell == 0)
1722 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */
1723 if (ss->ss_maxdwell == 0)
1724 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */
1725
1726 st->st_scangen++;
1727 st->st_newscan = 1;
1728
1729 return 0;
1730 }
1731
1732 /*
1733 * Cancel an ongoing scan.
1734 */
1735 static int
1736 ap_cancel(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1737 {
1738 return 0;
1739 }
1740
1741 /*
1742 * Pick a quiet channel to use for ap operation.
1743 */
1744 static struct ieee80211_channel *
1745 ap_pick_channel(struct ieee80211_scan_state *ss, int flags)
1746 {
1747 struct sta_table *st = ss->ss_priv;
1748 struct ieee80211_channel *bestchan = NULL;
1749 int i;
1750
1751 /* XXX select channel more intelligently, e.g. channel spread, power */
1752 /* NB: use scan list order to preserve channel preference */
1753 for (i = 0; i < ss->ss_last; i++) {
1754 struct ieee80211_channel *chan = ss->ss_chans[i];
1755 /*
1756 * If the channel is unoccupied the max rssi
1757 * should be zero; just take it. Otherwise
1758 * track the channel with the lowest rssi and
1759 * use that when all channels appear occupied.
1760 */
1761 if (IEEE80211_IS_CHAN_RADAR(chan))
1762 continue;
1763 if (IEEE80211_IS_CHAN_NOHOSTAP(chan))
1764 continue;
1765 /* check channel attributes for band compatibility */
1766 if (flags != 0 && (chan->ic_flags & flags) != flags)
1767 continue;
1768 KASSERT(sizeof(chan->ic_ieee) == 1, ("ic_chan size"));
1769 /* XXX channel have interference */
1770 if (st->st_maxrssi[chan->ic_ieee] == 0) {
1771 /* XXX use other considerations */
1772 return chan;
1773 }
1774 if (bestchan == NULL ||
1775 st->st_maxrssi[chan->ic_ieee] < st->st_maxrssi[bestchan->ic_ieee])
1776 bestchan = chan;
1777 }
1778 return bestchan;
1779 }
1780
1781 /*
1782 * Pick a quiet channel to use for ap operation.
1783 */
1784 static int
1785 ap_end(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1786 {
1787 struct ieee80211com *ic = vap->iv_ic;
1788 struct ieee80211_channel *bestchan;
1789
1790 KASSERT(vap->iv_opmode == IEEE80211_M_HOSTAP,
1791 ("wrong opmode %u", vap->iv_opmode));
1792 bestchan = ap_pick_channel(ss, 0);
1793 if (bestchan == NULL) {
1794 /* no suitable channel, should not happen */
1795 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
1796 "%s: no suitable channel! (should not happen)\n", __func__);
1797 /* XXX print something? */
1798 return 0; /* restart scan */
1799 }
1800 /*
1801 * If this is a dynamic turbo channel, start with the unboosted one.
1802 */
1803 if (IEEE80211_IS_CHAN_TURBO(bestchan)) {
1804 bestchan = ieee80211_find_channel(ic, bestchan->ic_freq,
1805 bestchan->ic_flags & ~IEEE80211_CHAN_TURBO);
1806 if (bestchan == NULL) {
1807 /* should never happen ?? */
1808 return 0;
1809 }
1810 }
1811 if (ss->ss_flags & (IEEE80211_SCAN_NOPICK | IEEE80211_SCAN_NOJOIN)) {
1812 /*
1813 * Manual/background scan, don't select+join the
1814 * bss, just return. The scanning framework will
1815 * handle notification that this has completed.
1816 */
1817 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK;
1818 return 1;
1819 }
1820 ieee80211_create_ibss(vap,
1821 ieee80211_ht_adjust_channel(ic, bestchan, vap->iv_flags_ht));
1822 return 1;
1823 }
1824
1825 static const struct ieee80211_scanner ap_default = {
1826 .scan_name = "default",
1827 .scan_attach = sta_attach,
1828 .scan_detach = sta_detach,
1829 .scan_start = ap_start,
1830 .scan_restart = sta_restart,
1831 .scan_cancel = ap_cancel,
1832 .scan_end = ap_end,
1833 .scan_flush = sta_flush,
1834 .scan_pickchan = ap_pick_channel,
1835 .scan_add = sta_add,
1836 .scan_age = adhoc_age,
1837 .scan_iterate = sta_iterate,
1838 .scan_assoc_success = sta_assoc_success,
1839 .scan_assoc_fail = sta_assoc_fail,
1840 };
1841 IEEE80211_SCANNER_ALG(ap, IEEE80211_M_HOSTAP, ap_default);
1842
1843 #ifdef IEEE80211_SUPPORT_MESH
1844 /*
1845 * Pick an mbss network to join or find a channel
1846 * to use to start an mbss network.
1847 */
1848 static int
1849 mesh_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap)
1850 {
1851 struct sta_table *st = ss->ss_priv;
1852 struct ieee80211_mesh_state *ms = vap->iv_mesh;
1853 struct sta_entry *selbs;
1854 struct ieee80211_channel *chan;
1855
1856 KASSERT(vap->iv_opmode == IEEE80211_M_MBSS,
1857 ("wrong opmode %u", vap->iv_opmode));
1858
1859 if (st->st_newscan) {
1860 sta_update_notseen(st);
1861 st->st_newscan = 0;
1862 }
1863 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) {
1864 /*
1865 * Manual/background scan, don't select+join the
1866 * bss, just return. The scanning framework will
1867 * handle notification that this has completed.
1868 */
1869 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK;
1870 return 1;
1871 }
1872 /*
1873 * Automatic sequencing; look for a candidate and
1874 * if found join the network.
1875 */
1876 /* NB: unlocked read should be ok */
1877 if (TAILQ_FIRST(&st->st_entry) == NULL) {
1878 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN,
1879 "%s: no scan candidate\n", __func__);
1880 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1881 return 0;
1882 notfound:
1883 if (ms->ms_idlen != 0) {
1884 /*
1885 * No existing mbss network to join and we have
1886 * a meshid; start one up. If no channel was
1887 * specified, try to select a channel.
1888 */
1889 if (vap->iv_des_chan == IEEE80211_CHAN_ANYC ||
1890 IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) {
1891 struct ieee80211com *ic = vap->iv_ic;
1892
1893 chan = adhoc_pick_channel(ss, 0);
1894 if (chan != NULL)
1895 chan = ieee80211_ht_adjust_channel(ic,
1896 chan, vap->iv_flags_ht);
1897 } else
1898 chan = vap->iv_des_chan;
1899 if (chan != NULL) {
1900 ieee80211_create_ibss(vap, chan);
1901 return 1;
1902 }
1903 }
1904 /*
1905 * If nothing suitable was found decrement
1906 * the failure counts so entries will be
1907 * reconsidered the next time around. We
1908 * really want to do this only for sta's
1909 * where we've previously had some success.
1910 */
1911 sta_dec_fails(st);
1912 st->st_newscan = 1;
1913 return 0; /* restart scan */
1914 }
1915 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN);
1916 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN)
1917 return (selbs != NULL);
1918 if (selbs == NULL)
1919 goto notfound;
1920 chan = selbs->base.se_chan;
1921 if (selbs->se_flags & STA_DEMOTE11B)
1922 chan = demote11b(vap, chan);
1923 if (!ieee80211_sta_join(vap, chan, &selbs->base))
1924 goto notfound;
1925 return 1; /* terminate scan */
1926 }
1927
1928 static const struct ieee80211_scanner mesh_default = {
1929 .scan_name = "default",
1930 .scan_attach = sta_attach,
1931 .scan_detach = sta_detach,
1932 .scan_start = adhoc_start,
1933 .scan_restart = sta_restart,
1934 .scan_cancel = sta_cancel,
1935 .scan_end = mesh_pick_bss,
1936 .scan_flush = sta_flush,
1937 .scan_pickchan = adhoc_pick_channel,
1938 .scan_add = sta_add,
1939 .scan_age = adhoc_age,
1940 .scan_iterate = sta_iterate,
1941 .scan_assoc_fail = sta_assoc_fail,
1942 .scan_assoc_success = sta_assoc_success,
1943 };
1944 IEEE80211_SCANNER_ALG(mesh, IEEE80211_M_MBSS, mesh_default);
1945 #endif /* IEEE80211_SUPPORT_MESH */
DragonFly BSD