2 * Marvell Wireless LAN device driver: scan ioctl and command handling
4 * Copyright (C) 2011, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
28 /* The maximum number of channels the firmware can scan per command */
29 #define MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN 14
31 #define MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD 4
32 #define MWIFIEX_LIMIT_1_CHANNEL_PER_SCAN_CMD 15
33 #define MWIFIEX_LIMIT_2_CHANNELS_PER_SCAN_CMD 27
34 #define MWIFIEX_LIMIT_3_CHANNELS_PER_SCAN_CMD 35
36 /* Memory needed to store a max sized Channel List TLV for a firmware scan */
37 #define CHAN_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_header) \
38 + (MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN \
39 *sizeof(struct mwifiex_chan_scan_param_set)))
41 /* Memory needed to store supported rate */
42 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \
43 + HOSTCMD_SUPPORTED_RATES)
45 /* Memory needed to store a max number/size WildCard SSID TLV for a firmware
47 #define WILDCARD_SSID_TLV_MAX_SIZE \
48 (MWIFIEX_MAX_SSID_LIST_LENGTH * \
49 (sizeof(struct mwifiex_ie_types_wildcard_ssid_params) \
50 + IEEE80211_MAX_SSID_LEN))
52 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */
53 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \
54 + sizeof(struct mwifiex_ie_types_num_probes) \
55 + sizeof(struct mwifiex_ie_types_htcap) \
58 + WILDCARD_SSID_TLV_MAX_SIZE)
61 union mwifiex_scan_cmd_config_tlv {
62 /* Scan configuration (variable length) */
63 struct mwifiex_scan_cmd_config config;
64 /* Max allocated block */
65 u8 config_alloc_buf[MAX_SCAN_CFG_ALLOC];
73 static u8 mwifiex_wpa_oui[CIPHER_SUITE_MAX][4] = {
74 { 0x00, 0x50, 0xf2, 0x02 }, /* TKIP */
75 { 0x00, 0x50, 0xf2, 0x04 }, /* AES */
77 static u8 mwifiex_rsn_oui[CIPHER_SUITE_MAX][4] = {
78 { 0x00, 0x0f, 0xac, 0x02 }, /* TKIP */
79 { 0x00, 0x0f, 0xac, 0x04 }, /* AES */
83 * This function parses a given IE for a given OUI.
85 * This is used to parse a WPA/RSN IE to find if it has
89 mwifiex_search_oui_in_ie(struct ie_body *iebody, u8 *oui)
93 count = iebody->ptk_cnt[0];
95 /* There could be multiple OUIs for PTK hence
97 2) Check all the OUIs for AES.
98 3) If one of them is AES then pass success. */
100 if (!memcmp(iebody->ptk_body, oui, sizeof(iebody->ptk_body)))
101 return MWIFIEX_OUI_PRESENT;
105 iebody = (struct ie_body *) ((u8 *) iebody +
106 sizeof(iebody->ptk_body));
109 pr_debug("info: %s: OUI is not found in PTK\n", __func__);
110 return MWIFIEX_OUI_NOT_PRESENT;
114 * This function checks if a given OUI is present in a RSN IE.
116 * The function first checks if a RSN IE is present or not in the
117 * BSS descriptor. It tries to locate the OUI only if such an IE is
121 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
124 struct ie_body *iebody;
125 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
127 if (((bss_desc->bcn_rsn_ie) && ((*(bss_desc->bcn_rsn_ie)).
128 ieee_hdr.element_id == WLAN_EID_RSN))) {
129 iebody = (struct ie_body *)
130 (((u8 *) bss_desc->bcn_rsn_ie->data) +
132 oui = &mwifiex_rsn_oui[cipher][0];
133 ret = mwifiex_search_oui_in_ie(iebody, oui);
141 * This function checks if a given OUI is present in a WPA IE.
143 * The function first checks if a WPA IE is present or not in the
144 * BSS descriptor. It tries to locate the OUI only if such an IE is
148 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
151 struct ie_body *iebody;
152 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
154 if (((bss_desc->bcn_wpa_ie) &&
155 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id ==
156 WLAN_EID_VENDOR_SPECIFIC))) {
157 iebody = (struct ie_body *) bss_desc->bcn_wpa_ie->data;
158 oui = &mwifiex_wpa_oui[cipher][0];
159 ret = mwifiex_search_oui_in_ie(iebody, oui);
167 * This function compares two SSIDs and checks if they match.
170 mwifiex_ssid_cmp(struct cfg80211_ssid *ssid1, struct cfg80211_ssid *ssid2)
172 if (!ssid1 || !ssid2 || (ssid1->ssid_len != ssid2->ssid_len))
174 return memcmp(ssid1->ssid, ssid2->ssid, ssid1->ssid_len);
178 * This function checks if wapi is enabled in driver and scanned network is
179 * compatible with it.
182 mwifiex_is_bss_wapi(struct mwifiex_private *priv,
183 struct mwifiex_bssdescriptor *bss_desc)
185 if (priv->sec_info.wapi_enabled &&
186 (bss_desc->bcn_wapi_ie &&
187 ((*(bss_desc->bcn_wapi_ie)).ieee_hdr.element_id ==
188 WLAN_EID_BSS_AC_ACCESS_DELAY))) {
195 * This function checks if driver is configured with no security mode and
196 * scanned network is compatible with it.
199 mwifiex_is_bss_no_sec(struct mwifiex_private *priv,
200 struct mwifiex_bssdescriptor *bss_desc)
202 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
203 !priv->sec_info.wpa2_enabled && ((!bss_desc->bcn_wpa_ie) ||
204 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id !=
205 WLAN_EID_VENDOR_SPECIFIC)) &&
206 ((!bss_desc->bcn_rsn_ie) ||
207 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id !=
209 !priv->sec_info.encryption_mode && !bss_desc->privacy) {
216 * This function checks if static WEP is enabled in driver and scanned network
217 * is compatible with it.
220 mwifiex_is_bss_static_wep(struct mwifiex_private *priv,
221 struct mwifiex_bssdescriptor *bss_desc)
223 if (priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
224 !priv->sec_info.wpa2_enabled && bss_desc->privacy) {
231 * This function checks if wpa is enabled in driver and scanned network is
232 * compatible with it.
235 mwifiex_is_bss_wpa(struct mwifiex_private *priv,
236 struct mwifiex_bssdescriptor *bss_desc)
238 if (!priv->sec_info.wep_enabled && priv->sec_info.wpa_enabled &&
239 !priv->sec_info.wpa2_enabled && ((bss_desc->bcn_wpa_ie) &&
240 ((*(bss_desc->bcn_wpa_ie)).
241 vend_hdr.element_id == WLAN_EID_VENDOR_SPECIFIC))
243 * Privacy bit may NOT be set in some APs like
244 * LinkSys WRT54G && bss_desc->privacy
247 dev_dbg(priv->adapter->dev, "info: %s: WPA:"
248 " wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
249 "EncMode=%#x privacy=%#x\n", __func__,
250 (bss_desc->bcn_wpa_ie) ?
251 (*(bss_desc->bcn_wpa_ie)).
252 vend_hdr.element_id : 0,
253 (bss_desc->bcn_rsn_ie) ?
254 (*(bss_desc->bcn_rsn_ie)).
255 ieee_hdr.element_id : 0,
256 (priv->sec_info.wep_enabled) ? "e" : "d",
257 (priv->sec_info.wpa_enabled) ? "e" : "d",
258 (priv->sec_info.wpa2_enabled) ? "e" : "d",
259 priv->sec_info.encryption_mode,
267 * This function checks if wpa2 is enabled in driver and scanned network is
268 * compatible with it.
271 mwifiex_is_bss_wpa2(struct mwifiex_private *priv,
272 struct mwifiex_bssdescriptor *bss_desc)
274 if (!priv->sec_info.wep_enabled &&
275 !priv->sec_info.wpa_enabled &&
276 priv->sec_info.wpa2_enabled &&
277 ((bss_desc->bcn_rsn_ie) &&
278 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id == WLAN_EID_RSN))) {
280 * Privacy bit may NOT be set in some APs like
281 * LinkSys WRT54G && bss_desc->privacy
283 dev_dbg(priv->adapter->dev, "info: %s: WPA2: "
284 " wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s "
285 "EncMode=%#x privacy=%#x\n", __func__,
286 (bss_desc->bcn_wpa_ie) ?
287 (*(bss_desc->bcn_wpa_ie)).
288 vend_hdr.element_id : 0,
289 (bss_desc->bcn_rsn_ie) ?
290 (*(bss_desc->bcn_rsn_ie)).
291 ieee_hdr.element_id : 0,
292 (priv->sec_info.wep_enabled) ? "e" : "d",
293 (priv->sec_info.wpa_enabled) ? "e" : "d",
294 (priv->sec_info.wpa2_enabled) ? "e" : "d",
295 priv->sec_info.encryption_mode,
303 * This function checks if adhoc AES is enabled in driver and scanned network is
304 * compatible with it.
307 mwifiex_is_bss_adhoc_aes(struct mwifiex_private *priv,
308 struct mwifiex_bssdescriptor *bss_desc)
310 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
311 !priv->sec_info.wpa2_enabled &&
312 ((!bss_desc->bcn_wpa_ie) ||
313 ((*(bss_desc->bcn_wpa_ie)).
314 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
315 ((!bss_desc->bcn_rsn_ie) ||
316 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
317 !priv->sec_info.encryption_mode && bss_desc->privacy) {
324 * This function checks if dynamic WEP is enabled in driver and scanned network
325 * is compatible with it.
328 mwifiex_is_bss_dynamic_wep(struct mwifiex_private *priv,
329 struct mwifiex_bssdescriptor *bss_desc)
331 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
332 !priv->sec_info.wpa2_enabled &&
333 ((!bss_desc->bcn_wpa_ie) ||
334 ((*(bss_desc->bcn_wpa_ie)).
335 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
336 ((!bss_desc->bcn_rsn_ie) ||
337 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
338 priv->sec_info.encryption_mode && bss_desc->privacy) {
339 dev_dbg(priv->adapter->dev, "info: %s: dynamic "
340 "WEP: wpa_ie=%#x wpa2_ie=%#x "
341 "EncMode=%#x privacy=%#x\n",
343 (bss_desc->bcn_wpa_ie) ?
344 (*(bss_desc->bcn_wpa_ie)).
345 vend_hdr.element_id : 0,
346 (bss_desc->bcn_rsn_ie) ?
347 (*(bss_desc->bcn_rsn_ie)).
348 ieee_hdr.element_id : 0,
349 priv->sec_info.encryption_mode,
357 * This function checks if a scanned network is compatible with the driver
360 * WEP WPA WPA2 ad-hoc encrypt Network
361 * enabled enabled enabled AES mode Privacy WPA WPA2 Compatible
362 * 0 0 0 0 NONE 0 0 0 yes No security
363 * 0 1 0 0 x 1x 1 x yes WPA (disable
365 * 0 0 1 0 x 1x x 1 yes WPA2 (disable
367 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
368 * 1 0 0 0 NONE 1 0 0 yes Static WEP
370 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
372 * Compatibility is not matched while roaming, except for mode.
375 mwifiex_is_network_compatible(struct mwifiex_private *priv,
376 struct mwifiex_bssdescriptor *bss_desc, u32 mode)
378 struct mwifiex_adapter *adapter = priv->adapter;
380 bss_desc->disable_11n = false;
382 /* Don't check for compatibility if roaming */
383 if (priv->media_connected &&
384 (priv->bss_mode == NL80211_IFTYPE_STATION) &&
385 (bss_desc->bss_mode == NL80211_IFTYPE_STATION))
388 if (priv->wps.session_enable) {
389 dev_dbg(adapter->dev,
390 "info: return success directly in WPS period\n");
394 if (bss_desc->chan_sw_ie_present) {
395 dev_err(adapter->dev,
396 "Don't connect to AP with WLAN_EID_CHANNEL_SWITCH\n");
400 if (mwifiex_is_bss_wapi(priv, bss_desc)) {
401 dev_dbg(adapter->dev, "info: return success for WAPI AP\n");
405 if (bss_desc->bss_mode == mode) {
406 if (mwifiex_is_bss_no_sec(priv, bss_desc)) {
409 } else if (mwifiex_is_bss_static_wep(priv, bss_desc)) {
410 /* Static WEP enabled */
411 dev_dbg(adapter->dev, "info: Disable 11n in WEP mode.\n");
412 bss_desc->disable_11n = true;
414 } else if (mwifiex_is_bss_wpa(priv, bss_desc)) {
416 if (((priv->adapter->config_bands & BAND_GN ||
417 priv->adapter->config_bands & BAND_AN) &&
418 bss_desc->bcn_ht_cap) &&
419 !mwifiex_is_wpa_oui_present(bss_desc,
420 CIPHER_SUITE_CCMP)) {
422 if (mwifiex_is_wpa_oui_present
423 (bss_desc, CIPHER_SUITE_TKIP)) {
424 dev_dbg(adapter->dev,
425 "info: Disable 11n if AES "
426 "is not supported by AP\n");
427 bss_desc->disable_11n = true;
433 } else if (mwifiex_is_bss_wpa2(priv, bss_desc)) {
435 if (((priv->adapter->config_bands & BAND_GN ||
436 priv->adapter->config_bands & BAND_AN) &&
437 bss_desc->bcn_ht_cap) &&
438 !mwifiex_is_rsn_oui_present(bss_desc,
439 CIPHER_SUITE_CCMP)) {
441 if (mwifiex_is_rsn_oui_present
442 (bss_desc, CIPHER_SUITE_TKIP)) {
443 dev_dbg(adapter->dev,
444 "info: Disable 11n if AES "
445 "is not supported by AP\n");
446 bss_desc->disable_11n = true;
452 } else if (mwifiex_is_bss_adhoc_aes(priv, bss_desc)) {
453 /* Ad-hoc AES enabled */
455 } else if (mwifiex_is_bss_dynamic_wep(priv, bss_desc)) {
456 /* Dynamic WEP enabled */
460 /* Security doesn't match */
461 dev_dbg(adapter->dev,
462 "info: %s: failed: wpa_ie=%#x wpa2_ie=%#x WEP=%s "
463 "WPA=%s WPA2=%s EncMode=%#x privacy=%#x\n", __func__,
464 (bss_desc->bcn_wpa_ie) ?
465 (*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id : 0,
466 (bss_desc->bcn_rsn_ie) ?
467 (*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id : 0,
468 (priv->sec_info.wep_enabled) ? "e" : "d",
469 (priv->sec_info.wpa_enabled) ? "e" : "d",
470 (priv->sec_info.wpa2_enabled) ? "e" : "d",
471 priv->sec_info.encryption_mode, bss_desc->privacy);
475 /* Mode doesn't match */
480 * This function creates a channel list for the driver to scan, based
481 * on region/band information.
483 * This routine is used for any scan that is not provided with a
484 * specific channel list to scan.
487 mwifiex_scan_create_channel_list(struct mwifiex_private *priv,
488 const struct mwifiex_user_scan_cfg
490 struct mwifiex_chan_scan_param_set
494 enum ieee80211_band band;
495 struct ieee80211_supported_band *sband;
496 struct ieee80211_channel *ch;
497 struct mwifiex_adapter *adapter = priv->adapter;
500 for (band = 0; (band < IEEE80211_NUM_BANDS) ; band++) {
502 if (!priv->wdev->wiphy->bands[band])
505 sband = priv->wdev->wiphy->bands[band];
507 for (i = 0; (i < sband->n_channels) ; i++) {
508 ch = &sband->channels[i];
509 if (ch->flags & IEEE80211_CHAN_DISABLED)
511 scan_chan_list[chan_idx].radio_type = band;
514 user_scan_in->chan_list[0].scan_time)
515 scan_chan_list[chan_idx].max_scan_time =
516 cpu_to_le16((u16) user_scan_in->
517 chan_list[0].scan_time);
518 else if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
519 scan_chan_list[chan_idx].max_scan_time =
520 cpu_to_le16(adapter->passive_scan_time);
522 scan_chan_list[chan_idx].max_scan_time =
523 cpu_to_le16(adapter->active_scan_time);
525 if (ch->flags & IEEE80211_CHAN_PASSIVE_SCAN)
526 scan_chan_list[chan_idx].chan_scan_mode_bitmap
527 |= MWIFIEX_PASSIVE_SCAN;
529 scan_chan_list[chan_idx].chan_scan_mode_bitmap
530 &= ~MWIFIEX_PASSIVE_SCAN;
531 scan_chan_list[chan_idx].chan_number =
534 scan_chan_list[chan_idx].max_scan_time =
535 cpu_to_le16(adapter->specific_scan_time);
536 scan_chan_list[chan_idx].chan_scan_mode_bitmap
537 |= MWIFIEX_DISABLE_CHAN_FILT;
547 * This function constructs and sends multiple scan config commands to
550 * Previous routines in the code flow have created a scan command configuration
551 * with any requested TLVs. This function splits the channel TLV into maximum
552 * channels supported per scan lists and sends the portion of the channel TLV,
553 * along with the other TLVs, to the firmware.
556 mwifiex_scan_channel_list(struct mwifiex_private *priv,
557 u32 max_chan_per_scan, u8 filtered_scan,
558 struct mwifiex_scan_cmd_config *scan_cfg_out,
559 struct mwifiex_ie_types_chan_list_param_set
561 struct mwifiex_chan_scan_param_set *scan_chan_list)
564 struct mwifiex_chan_scan_param_set *tmp_chan_list;
565 struct mwifiex_chan_scan_param_set *start_chan;
571 if (!scan_cfg_out || !chan_tlv_out || !scan_chan_list) {
572 dev_dbg(priv->adapter->dev,
573 "info: Scan: Null detect: %p, %p, %p\n",
574 scan_cfg_out, chan_tlv_out, scan_chan_list);
578 /* Check csa channel expiry before preparing scan list */
579 mwifiex_11h_get_csa_closed_channel(priv);
581 chan_tlv_out->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
583 /* Set the temp channel struct pointer to the start of the desired
585 tmp_chan_list = scan_chan_list;
587 /* Loop through the desired channel list, sending a new firmware scan
588 commands for each max_chan_per_scan channels (or for 1,6,11
589 individually if configured accordingly) */
590 while (tmp_chan_list->chan_number) {
594 chan_tlv_out->header.len = 0;
595 start_chan = tmp_chan_list;
599 * Construct the Channel TLV for the scan command. Continue to
600 * insert channel TLVs until:
601 * - the tlv_idx hits the maximum configured per scan command
602 * - the next channel to insert is 0 (end of desired channel
604 * - done_early is set (controlling individual scanning of
607 while (tlv_idx < max_chan_per_scan &&
608 tmp_chan_list->chan_number && !done_early) {
610 if (tmp_chan_list->chan_number == priv->csa_chan) {
615 dev_dbg(priv->adapter->dev,
616 "info: Scan: Chan(%3d), Radio(%d),"
617 " Mode(%d, %d), Dur(%d)\n",
618 tmp_chan_list->chan_number,
619 tmp_chan_list->radio_type,
620 tmp_chan_list->chan_scan_mode_bitmap
621 & MWIFIEX_PASSIVE_SCAN,
622 (tmp_chan_list->chan_scan_mode_bitmap
623 & MWIFIEX_DISABLE_CHAN_FILT) >> 1,
624 le16_to_cpu(tmp_chan_list->max_scan_time));
626 /* Copy the current channel TLV to the command being
628 memcpy(chan_tlv_out->chan_scan_param + tlv_idx,
630 sizeof(chan_tlv_out->chan_scan_param));
632 /* Increment the TLV header length by the size
634 le16_add_cpu(&chan_tlv_out->header.len,
635 sizeof(chan_tlv_out->chan_scan_param));
638 * The tlv buffer length is set to the number of bytes
639 * of the between the channel tlv pointer and the start
640 * of the tlv buffer. This compensates for any TLVs
641 * that were appended before the channel list.
643 scan_cfg_out->tlv_buf_len = (u32) ((u8 *) chan_tlv_out -
644 scan_cfg_out->tlv_buf);
646 /* Add the size of the channel tlv header and the data
648 scan_cfg_out->tlv_buf_len +=
649 (sizeof(chan_tlv_out->header)
650 + le16_to_cpu(chan_tlv_out->header.len));
652 /* Increment the index to the channel tlv we are
656 /* Count the total scan time per command */
658 le16_to_cpu(tmp_chan_list->max_scan_time);
662 /* Stop the loop if the *current* channel is in the
663 1,6,11 set and we are not filtering on a BSSID
665 if (!filtered_scan &&
666 (tmp_chan_list->chan_number == 1 ||
667 tmp_chan_list->chan_number == 6 ||
668 tmp_chan_list->chan_number == 11))
671 /* Increment the tmp pointer to the next channel to
675 /* Stop the loop if the *next* channel is in the 1,6,11
676 set. This will cause it to be the only channel
677 scanned on the next interation */
678 if (!filtered_scan &&
679 (tmp_chan_list->chan_number == 1 ||
680 tmp_chan_list->chan_number == 6 ||
681 tmp_chan_list->chan_number == 11))
685 /* The total scan time should be less than scan command timeout
687 if (total_scan_time > MWIFIEX_MAX_TOTAL_SCAN_TIME) {
688 dev_err(priv->adapter->dev, "total scan time %dms"
689 " is over limit (%dms), scan skipped\n",
690 total_scan_time, MWIFIEX_MAX_TOTAL_SCAN_TIME);
695 priv->adapter->scan_channels = start_chan;
697 /* Send the scan command to the firmware with the specified
699 ret = mwifiex_send_cmd_async(priv, HostCmd_CMD_802_11_SCAN,
700 HostCmd_ACT_GEN_SET, 0,
713 * This function constructs a scan command configuration structure to use
716 * Application layer or other functions can invoke network scanning
717 * with a scan configuration supplied in a user scan configuration structure.
718 * This structure is used as the basis of one or many scan command configuration
719 * commands that are sent to the command processing module and eventually to the
722 * This function creates a scan command configuration structure based on the
723 * following user supplied parameters (if present):
726 * - Number of Probes to be sent
729 * If the SSID or BSSID filter is not present, the filter is disabled/cleared.
730 * If the number of probes is not set, adapter default setting is used.
733 mwifiex_config_scan(struct mwifiex_private *priv,
734 const struct mwifiex_user_scan_cfg *user_scan_in,
735 struct mwifiex_scan_cmd_config *scan_cfg_out,
736 struct mwifiex_ie_types_chan_list_param_set **chan_list_out,
737 struct mwifiex_chan_scan_param_set *scan_chan_list,
738 u8 *max_chan_per_scan, u8 *filtered_scan,
739 u8 *scan_current_only)
741 struct mwifiex_adapter *adapter = priv->adapter;
742 struct mwifiex_ie_types_num_probes *num_probes_tlv;
743 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv;
744 struct mwifiex_ie_types_rates_param_set *rates_tlv;
756 u8 rates[MWIFIEX_SUPPORTED_RATES];
758 struct mwifiex_ie_types_htcap *ht_cap;
760 /* The tlv_buf_len is calculated for each scan command. The TLVs added
761 in this routine will be preserved since the routine that sends the
762 command will append channelTLVs at *chan_list_out. The difference
763 between the *chan_list_out and the tlv_buf start will be used to
764 calculate the size of anything we add in this routine. */
765 scan_cfg_out->tlv_buf_len = 0;
767 /* Running tlv pointer. Assigned to chan_list_out at end of function
768 so later routines know where channels can be added to the command
770 tlv_pos = scan_cfg_out->tlv_buf;
772 /* Initialize the scan as un-filtered; the flag is later set to TRUE
773 below if a SSID or BSSID filter is sent in the command */
774 *filtered_scan = false;
776 /* Initialize the scan as not being only on the current channel. If
777 the channel list is customized, only contains one channel, and is
778 the active channel, this is set true and data flow is not halted. */
779 *scan_current_only = false;
783 /* Default the ssid_filter flag to TRUE, set false under
784 certain wildcard conditions and qualified by the existence
785 of an SSID list before marking the scan as filtered */
788 /* Set the BSS type scan filter, use Adapter setting if
790 scan_cfg_out->bss_mode =
791 (user_scan_in->bss_mode ? (u8) user_scan_in->
792 bss_mode : (u8) adapter->scan_mode);
794 /* Set the number of probes to send, use Adapter setting
797 (user_scan_in->num_probes ? user_scan_in->
798 num_probes : adapter->scan_probes);
801 * Set the BSSID filter to the incoming configuration,
802 * if non-zero. If not set, it will remain disabled
805 memcpy(scan_cfg_out->specific_bssid,
806 user_scan_in->specific_bssid,
807 sizeof(scan_cfg_out->specific_bssid));
809 for (i = 0; i < user_scan_in->num_ssids; i++) {
810 ssid_len = user_scan_in->ssid_list[i].ssid_len;
813 (struct mwifiex_ie_types_wildcard_ssid_params *)
815 wildcard_ssid_tlv->header.type =
816 cpu_to_le16(TLV_TYPE_WILDCARDSSID);
817 wildcard_ssid_tlv->header.len = cpu_to_le16(
818 (u16) (ssid_len + sizeof(wildcard_ssid_tlv->
822 * max_ssid_length = 0 tells firmware to perform
823 * specific scan for the SSID filled, whereas
824 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for
828 wildcard_ssid_tlv->max_ssid_length = 0;
830 wildcard_ssid_tlv->max_ssid_length =
831 IEEE80211_MAX_SSID_LEN;
833 memcpy(wildcard_ssid_tlv->ssid,
834 user_scan_in->ssid_list[i].ssid, ssid_len);
836 tlv_pos += (sizeof(wildcard_ssid_tlv->header)
837 + le16_to_cpu(wildcard_ssid_tlv->header.len));
839 dev_dbg(adapter->dev, "info: scan: ssid[%d]: %s, %d\n",
840 i, wildcard_ssid_tlv->ssid,
841 wildcard_ssid_tlv->max_ssid_length);
843 /* Empty wildcard ssid with a maxlen will match many or
844 potentially all SSIDs (maxlen == 32), therefore do
845 not treat the scan as
847 if (!ssid_len && wildcard_ssid_tlv->max_ssid_length)
852 * The default number of channels sent in the command is low to
853 * ensure the response buffer from the firmware does not
854 * truncate scan results. That is not an issue with an SSID
855 * or BSSID filter applied to the scan results in the firmware.
857 if ((i && ssid_filter) ||
858 !is_zero_ether_addr(scan_cfg_out->specific_bssid))
859 *filtered_scan = true;
861 scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
862 num_probes = adapter->scan_probes;
866 * If a specific BSSID or SSID is used, the number of channels in the
867 * scan command will be increased to the absolute maximum.
870 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
872 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
874 /* If the input config or adapter has the number of Probes set,
878 dev_dbg(adapter->dev, "info: scan: num_probes = %d\n",
881 num_probes_tlv = (struct mwifiex_ie_types_num_probes *) tlv_pos;
882 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
883 num_probes_tlv->header.len =
884 cpu_to_le16(sizeof(num_probes_tlv->num_probes));
885 num_probes_tlv->num_probes = cpu_to_le16((u16) num_probes);
887 tlv_pos += sizeof(num_probes_tlv->header) +
888 le16_to_cpu(num_probes_tlv->header.len);
892 /* Append rates tlv */
893 memset(rates, 0, sizeof(rates));
895 rates_size = mwifiex_get_supported_rates(priv, rates);
897 rates_tlv = (struct mwifiex_ie_types_rates_param_set *) tlv_pos;
898 rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES);
899 rates_tlv->header.len = cpu_to_le16((u16) rates_size);
900 memcpy(rates_tlv->rates, rates, rates_size);
901 tlv_pos += sizeof(rates_tlv->header) + rates_size;
903 dev_dbg(adapter->dev, "info: SCAN_CMD: Rates size = %d\n", rates_size);
905 if (ISSUPP_11NENABLED(priv->adapter->fw_cap_info) &&
906 (priv->adapter->config_bands & BAND_GN ||
907 priv->adapter->config_bands & BAND_AN)) {
908 ht_cap = (struct mwifiex_ie_types_htcap *) tlv_pos;
909 memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap));
910 ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
912 cpu_to_le16(sizeof(struct ieee80211_ht_cap));
914 mwifiex_band_to_radio_type(priv->adapter->config_bands);
915 mwifiex_fill_cap_info(priv, radio_type, ht_cap);
916 tlv_pos += sizeof(struct mwifiex_ie_types_htcap);
919 /* Append vendor specific IE TLV */
920 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_SCAN, &tlv_pos);
923 * Set the output for the channel TLV to the address in the tlv buffer
924 * past any TLVs that were added in this function (SSID, num_probes).
925 * Channel TLVs will be added past this for each scan command,
926 * preserving the TLVs that were previously added.
929 (struct mwifiex_ie_types_chan_list_param_set *) tlv_pos;
931 if (user_scan_in && user_scan_in->chan_list[0].chan_number) {
933 dev_dbg(adapter->dev, "info: Scan: Using supplied channel list\n");
936 chan_idx < MWIFIEX_USER_SCAN_CHAN_MAX &&
937 user_scan_in->chan_list[chan_idx].chan_number;
940 channel = user_scan_in->chan_list[chan_idx].chan_number;
941 (scan_chan_list + chan_idx)->chan_number = channel;
944 user_scan_in->chan_list[chan_idx].radio_type;
945 (scan_chan_list + chan_idx)->radio_type = radio_type;
947 scan_type = user_scan_in->chan_list[chan_idx].scan_type;
949 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
951 chan_idx)->chan_scan_mode_bitmap
952 |= MWIFIEX_PASSIVE_SCAN;
955 chan_idx)->chan_scan_mode_bitmap
956 &= ~MWIFIEX_PASSIVE_SCAN;
960 chan_idx)->chan_scan_mode_bitmap
961 |= MWIFIEX_DISABLE_CHAN_FILT;
963 if (user_scan_in->chan_list[chan_idx].scan_time) {
964 scan_dur = (u16) user_scan_in->
965 chan_list[chan_idx].scan_time;
967 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
968 scan_dur = adapter->passive_scan_time;
969 else if (*filtered_scan)
970 scan_dur = adapter->specific_scan_time;
972 scan_dur = adapter->active_scan_time;
975 (scan_chan_list + chan_idx)->min_scan_time =
976 cpu_to_le16(scan_dur);
977 (scan_chan_list + chan_idx)->max_scan_time =
978 cpu_to_le16(scan_dur);
981 /* Check if we are only scanning the current channel */
982 if ((chan_idx == 1) &&
983 (user_scan_in->chan_list[0].chan_number ==
984 priv->curr_bss_params.bss_descriptor.channel)) {
985 *scan_current_only = true;
986 dev_dbg(adapter->dev,
987 "info: Scan: Scanning current channel only\n");
991 dev_dbg(adapter->dev,
992 "info: Scan: Creating full region channel list\n");
993 chan_num = mwifiex_scan_create_channel_list(priv, user_scan_in,
999 * In associated state we will reduce the number of channels scanned per
1000 * scan command to avoid any traffic delay/loss. This number is decided
1001 * based on total number of channels to be scanned due to constraints
1002 * of command buffers.
1004 if (priv->media_connected) {
1005 if (chan_num < MWIFIEX_LIMIT_1_CHANNEL_PER_SCAN_CMD)
1006 *max_chan_per_scan = 1;
1007 else if (chan_num < MWIFIEX_LIMIT_2_CHANNELS_PER_SCAN_CMD)
1008 *max_chan_per_scan = 2;
1009 else if (chan_num < MWIFIEX_LIMIT_3_CHANNELS_PER_SCAN_CMD)
1010 *max_chan_per_scan = 3;
1012 *max_chan_per_scan = 4;
1017 * This function inspects the scan response buffer for pointers to
1020 * TLVs can be included at the end of the scan response BSS information.
1022 * Data in the buffer is parsed pointers to TLVs that can potentially
1023 * be passed back in the response.
1026 mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter *adapter,
1027 struct mwifiex_ie_types_data *tlv,
1028 u32 tlv_buf_size, u32 req_tlv_type,
1029 struct mwifiex_ie_types_data **tlv_data)
1031 struct mwifiex_ie_types_data *current_tlv;
1037 tlv_buf_left = tlv_buf_size;
1040 dev_dbg(adapter->dev, "info: SCAN_RESP: tlv_buf_size = %d\n",
1043 while (tlv_buf_left >= sizeof(struct mwifiex_ie_types_header)) {
1045 tlv_type = le16_to_cpu(current_tlv->header.type);
1046 tlv_len = le16_to_cpu(current_tlv->header.len);
1048 if (sizeof(tlv->header) + tlv_len > tlv_buf_left) {
1049 dev_err(adapter->dev, "SCAN_RESP: TLV buffer corrupt\n");
1053 if (req_tlv_type == tlv_type) {
1055 case TLV_TYPE_TSFTIMESTAMP:
1056 dev_dbg(adapter->dev, "info: SCAN_RESP: TSF "
1057 "timestamp TLV, len = %d\n", tlv_len);
1058 *tlv_data = current_tlv;
1060 case TLV_TYPE_CHANNELBANDLIST:
1061 dev_dbg(adapter->dev, "info: SCAN_RESP: channel"
1062 " band list TLV, len = %d\n", tlv_len);
1063 *tlv_data = current_tlv;
1066 dev_err(adapter->dev,
1067 "SCAN_RESP: unhandled TLV = %d\n",
1069 /* Give up, this seems corrupted */
1078 tlv_buf_left -= (sizeof(tlv->header) + tlv_len);
1080 (struct mwifiex_ie_types_data *) (current_tlv->data +
1087 * This function parses provided beacon buffer and updates
1088 * respective fields in bss descriptor structure.
1090 int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1091 struct mwifiex_bssdescriptor *bss_entry)
1095 struct ieee_types_fh_param_set *fh_param_set;
1096 struct ieee_types_ds_param_set *ds_param_set;
1097 struct ieee_types_cf_param_set *cf_param_set;
1098 struct ieee_types_ibss_param_set *ibss_param_set;
1105 u8 found_data_rate_ie;
1107 struct ieee_types_vendor_specific *vendor_ie;
1108 const u8 wpa_oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
1109 const u8 wmm_oui[4] = { 0x00, 0x50, 0xf2, 0x02 };
1111 found_data_rate_ie = false;
1113 current_ptr = bss_entry->beacon_buf;
1114 bytes_left = bss_entry->beacon_buf_size;
1116 /* Process variable IE */
1117 while (bytes_left >= 2) {
1118 element_id = *current_ptr;
1119 element_len = *(current_ptr + 1);
1120 total_ie_len = element_len + sizeof(struct ieee_types_header);
1122 if (bytes_left < total_ie_len) {
1123 dev_err(adapter->dev, "err: InterpretIE: in processing"
1124 " IE, bytes left < IE length\n");
1127 switch (element_id) {
1129 bss_entry->ssid.ssid_len = element_len;
1130 memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
1132 dev_dbg(adapter->dev,
1133 "info: InterpretIE: ssid: %-32s\n",
1134 bss_entry->ssid.ssid);
1137 case WLAN_EID_SUPP_RATES:
1138 memcpy(bss_entry->data_rates, current_ptr + 2,
1140 memcpy(bss_entry->supported_rates, current_ptr + 2,
1142 rate_size = element_len;
1143 found_data_rate_ie = true;
1146 case WLAN_EID_FH_PARAMS:
1148 (struct ieee_types_fh_param_set *) current_ptr;
1149 memcpy(&bss_entry->phy_param_set.fh_param_set,
1151 sizeof(struct ieee_types_fh_param_set));
1154 case WLAN_EID_DS_PARAMS:
1156 (struct ieee_types_ds_param_set *) current_ptr;
1158 bss_entry->channel = ds_param_set->current_chan;
1160 memcpy(&bss_entry->phy_param_set.ds_param_set,
1162 sizeof(struct ieee_types_ds_param_set));
1165 case WLAN_EID_CF_PARAMS:
1167 (struct ieee_types_cf_param_set *) current_ptr;
1168 memcpy(&bss_entry->ss_param_set.cf_param_set,
1170 sizeof(struct ieee_types_cf_param_set));
1173 case WLAN_EID_IBSS_PARAMS:
1175 (struct ieee_types_ibss_param_set *)
1177 memcpy(&bss_entry->ss_param_set.ibss_param_set,
1179 sizeof(struct ieee_types_ibss_param_set));
1182 case WLAN_EID_ERP_INFO:
1183 bss_entry->erp_flags = *(current_ptr + 2);
1186 case WLAN_EID_PWR_CONSTRAINT:
1187 bss_entry->local_constraint = *(current_ptr + 2);
1188 bss_entry->sensed_11h = true;
1191 case WLAN_EID_CHANNEL_SWITCH:
1192 bss_entry->chan_sw_ie_present = true;
1193 case WLAN_EID_PWR_CAPABILITY:
1194 case WLAN_EID_TPC_REPORT:
1195 case WLAN_EID_QUIET:
1196 bss_entry->sensed_11h = true;
1199 case WLAN_EID_EXT_SUPP_RATES:
1201 * Only process extended supported rate
1202 * if data rate is already found.
1203 * Data rate IE should come before
1204 * extended supported rate IE
1206 if (found_data_rate_ie) {
1207 if ((element_len + rate_size) >
1208 MWIFIEX_SUPPORTED_RATES)
1210 (MWIFIEX_SUPPORTED_RATES -
1213 bytes_to_copy = element_len;
1215 rate = (u8 *) bss_entry->data_rates;
1217 memcpy(rate, current_ptr + 2, bytes_to_copy);
1219 rate = (u8 *) bss_entry->supported_rates;
1221 memcpy(rate, current_ptr + 2, bytes_to_copy);
1225 case WLAN_EID_VENDOR_SPECIFIC:
1226 vendor_ie = (struct ieee_types_vendor_specific *)
1230 (vendor_ie->vend_hdr.oui, wpa_oui,
1232 bss_entry->bcn_wpa_ie =
1233 (struct ieee_types_vendor_specific *)
1235 bss_entry->wpa_offset = (u16)
1236 (current_ptr - bss_entry->beacon_buf);
1237 } else if (!memcmp(vendor_ie->vend_hdr.oui, wmm_oui,
1240 sizeof(struct ieee_types_wmm_parameter) ||
1242 sizeof(struct ieee_types_wmm_info))
1244 * Only accept and copy the WMM IE if
1245 * it matches the size expected for the
1246 * WMM Info IE or the WMM Parameter IE.
1248 memcpy((u8 *) &bss_entry->wmm_ie,
1249 current_ptr, total_ie_len);
1253 bss_entry->bcn_rsn_ie =
1254 (struct ieee_types_generic *) current_ptr;
1255 bss_entry->rsn_offset = (u16) (current_ptr -
1256 bss_entry->beacon_buf);
1258 case WLAN_EID_BSS_AC_ACCESS_DELAY:
1259 bss_entry->bcn_wapi_ie =
1260 (struct ieee_types_generic *) current_ptr;
1261 bss_entry->wapi_offset = (u16) (current_ptr -
1262 bss_entry->beacon_buf);
1264 case WLAN_EID_HT_CAPABILITY:
1265 bss_entry->bcn_ht_cap = (struct ieee80211_ht_cap *)
1267 sizeof(struct ieee_types_header));
1268 bss_entry->ht_cap_offset = (u16) (current_ptr +
1269 sizeof(struct ieee_types_header) -
1270 bss_entry->beacon_buf);
1272 case WLAN_EID_HT_OPERATION:
1273 bss_entry->bcn_ht_oper =
1274 (struct ieee80211_ht_operation *)(current_ptr +
1275 sizeof(struct ieee_types_header));
1276 bss_entry->ht_info_offset = (u16) (current_ptr +
1277 sizeof(struct ieee_types_header) -
1278 bss_entry->beacon_buf);
1280 case WLAN_EID_VHT_CAPABILITY:
1281 bss_entry->disable_11ac = false;
1282 bss_entry->bcn_vht_cap =
1283 (void *)(current_ptr +
1284 sizeof(struct ieee_types_header));
1285 bss_entry->vht_cap_offset =
1286 (u16)((u8 *)bss_entry->bcn_vht_cap -
1287 bss_entry->beacon_buf);
1289 case WLAN_EID_VHT_OPERATION:
1290 bss_entry->bcn_vht_oper =
1291 (void *)(current_ptr +
1292 sizeof(struct ieee_types_header));
1293 bss_entry->vht_info_offset =
1294 (u16)((u8 *)bss_entry->bcn_vht_oper -
1295 bss_entry->beacon_buf);
1297 case WLAN_EID_BSS_COEX_2040:
1298 bss_entry->bcn_bss_co_2040 = current_ptr +
1299 sizeof(struct ieee_types_header);
1300 bss_entry->bss_co_2040_offset = (u16) (current_ptr +
1301 sizeof(struct ieee_types_header) -
1302 bss_entry->beacon_buf);
1304 case WLAN_EID_EXT_CAPABILITY:
1305 bss_entry->bcn_ext_cap = current_ptr +
1306 sizeof(struct ieee_types_header);
1307 bss_entry->ext_cap_offset = (u16) (current_ptr +
1308 sizeof(struct ieee_types_header) -
1309 bss_entry->beacon_buf);
1311 case WLAN_EID_OPMODE_NOTIF:
1312 bss_entry->oper_mode =
1313 (void *)(current_ptr +
1314 sizeof(struct ieee_types_header));
1315 bss_entry->oper_mode_offset =
1316 (u16)((u8 *)bss_entry->oper_mode -
1317 bss_entry->beacon_buf);
1323 current_ptr += element_len + 2;
1325 /* Need to account for IE ID and IE Len */
1326 bytes_left -= (element_len + 2);
1328 } /* while (bytes_left > 2) */
1333 * This function converts radio type scan parameter to a band configuration
1334 * to be used in join command.
1337 mwifiex_radio_type_to_band(u8 radio_type)
1339 switch (radio_type) {
1340 case HostCmd_SCAN_RADIO_TYPE_A:
1342 case HostCmd_SCAN_RADIO_TYPE_BG:
1349 * This is an internal function used to start a scan based on an input
1352 * This uses the input user scan configuration information when provided in
1353 * order to send the appropriate scan commands to firmware to populate or
1354 * update the internal driver scan table.
1356 int mwifiex_scan_networks(struct mwifiex_private *priv,
1357 const struct mwifiex_user_scan_cfg *user_scan_in)
1360 struct mwifiex_adapter *adapter = priv->adapter;
1361 struct cmd_ctrl_node *cmd_node;
1362 union mwifiex_scan_cmd_config_tlv *scan_cfg_out;
1363 struct mwifiex_ie_types_chan_list_param_set *chan_list_out;
1364 struct mwifiex_chan_scan_param_set *scan_chan_list;
1366 u8 scan_current_chan_only;
1367 u8 max_chan_per_scan;
1368 unsigned long flags;
1370 if (adapter->scan_processing) {
1371 dev_err(adapter->dev, "cmd: Scan already in process...\n");
1375 if (priv->scan_block) {
1376 dev_err(adapter->dev,
1377 "cmd: Scan is blocked during association...\n");
1381 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1382 adapter->scan_processing = true;
1383 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1385 scan_cfg_out = kzalloc(sizeof(union mwifiex_scan_cmd_config_tlv),
1387 if (!scan_cfg_out) {
1392 scan_chan_list = kcalloc(MWIFIEX_USER_SCAN_CHAN_MAX,
1393 sizeof(struct mwifiex_chan_scan_param_set),
1395 if (!scan_chan_list) {
1396 kfree(scan_cfg_out);
1401 mwifiex_config_scan(priv, user_scan_in, &scan_cfg_out->config,
1402 &chan_list_out, scan_chan_list, &max_chan_per_scan,
1403 &filtered_scan, &scan_current_chan_only);
1405 ret = mwifiex_scan_channel_list(priv, max_chan_per_scan, filtered_scan,
1406 &scan_cfg_out->config, chan_list_out,
1409 /* Get scan command from scan_pending_q and put to cmd_pending_q */
1411 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1412 if (!list_empty(&adapter->scan_pending_q)) {
1413 cmd_node = list_first_entry(&adapter->scan_pending_q,
1414 struct cmd_ctrl_node, list);
1415 list_del(&cmd_node->list);
1416 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1418 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1420 queue_work(adapter->workqueue, &adapter->main_work);
1422 /* Perform internal scan synchronously */
1423 if (!priv->scan_request) {
1424 dev_dbg(adapter->dev, "wait internal scan\n");
1425 mwifiex_wait_queue_complete(adapter, cmd_node);
1428 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1433 kfree(scan_cfg_out);
1434 kfree(scan_chan_list);
1437 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1438 adapter->scan_processing = false;
1439 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1445 * This function prepares a scan command to be sent to the firmware.
1447 * This uses the scan command configuration sent to the command processing
1448 * module in command preparation stage to configure a scan command structure
1449 * to send to firmware.
1451 * The fixed fields specifying the BSS type and BSSID filters as well as a
1452 * variable number/length of TLVs are sent in the command to firmware.
1454 * Preparation also includes -
1455 * - Setting command ID, and proper size
1456 * - Ensuring correct endian-ness
1458 int mwifiex_cmd_802_11_scan(struct host_cmd_ds_command *cmd,
1459 struct mwifiex_scan_cmd_config *scan_cfg)
1461 struct host_cmd_ds_802_11_scan *scan_cmd = &cmd->params.scan;
1463 /* Set fixed field variables in scan command */
1464 scan_cmd->bss_mode = scan_cfg->bss_mode;
1465 memcpy(scan_cmd->bssid, scan_cfg->specific_bssid,
1466 sizeof(scan_cmd->bssid));
1467 memcpy(scan_cmd->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
1469 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN);
1471 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
1472 cmd->size = cpu_to_le16((u16) (sizeof(scan_cmd->bss_mode)
1473 + sizeof(scan_cmd->bssid)
1474 + scan_cfg->tlv_buf_len + S_DS_GEN));
1480 * This function checks compatibility of requested network with current
1483 int mwifiex_check_network_compatibility(struct mwifiex_private *priv,
1484 struct mwifiex_bssdescriptor *bss_desc)
1491 if ((mwifiex_get_cfp(priv, (u8) bss_desc->bss_band,
1492 (u16) bss_desc->channel, 0))) {
1493 switch (priv->bss_mode) {
1494 case NL80211_IFTYPE_STATION:
1495 case NL80211_IFTYPE_ADHOC:
1496 ret = mwifiex_is_network_compatible(priv, bss_desc,
1499 dev_err(priv->adapter->dev,
1500 "Incompatible network settings\n");
1510 static int mwifiex_update_curr_bss_params(struct mwifiex_private *priv,
1511 struct cfg80211_bss *bss)
1513 struct mwifiex_bssdescriptor *bss_desc;
1515 unsigned long flags;
1517 /* Allocate and fill new bss descriptor */
1518 bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), GFP_KERNEL);
1522 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1526 ret = mwifiex_check_network_compatibility(priv, bss_desc);
1530 spin_lock_irqsave(&priv->curr_bcn_buf_lock, flags);
1531 /* Make a copy of current BSSID descriptor */
1532 memcpy(&priv->curr_bss_params.bss_descriptor, bss_desc,
1533 sizeof(priv->curr_bss_params.bss_descriptor));
1535 /* The contents of beacon_ie will be copied to its own buffer
1536 * in mwifiex_save_curr_bcn()
1538 mwifiex_save_curr_bcn(priv);
1539 spin_unlock_irqrestore(&priv->curr_bcn_buf_lock, flags);
1542 /* beacon_ie buffer was allocated in function
1543 * mwifiex_fill_new_bss_desc(). Free it now.
1545 kfree(bss_desc->beacon_buf);
1551 * This function handles the command response of scan.
1553 * The response buffer for the scan command has the following
1556 * .-------------------------------------------------------------.
1557 * | Header (4 * sizeof(t_u16)): Standard command response hdr |
1558 * .-------------------------------------------------------------.
1559 * | BufSize (t_u16) : sizeof the BSS Description data |
1560 * .-------------------------------------------------------------.
1561 * | NumOfSet (t_u8) : Number of BSS Descs returned |
1562 * .-------------------------------------------------------------.
1563 * | BSSDescription data (variable, size given in BufSize) |
1564 * .-------------------------------------------------------------.
1565 * | TLV data (variable, size calculated using Header->Size, |
1566 * | BufSize and sizeof the fixed fields above) |
1567 * .-------------------------------------------------------------.
1569 int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
1570 struct host_cmd_ds_command *resp)
1573 struct mwifiex_adapter *adapter = priv->adapter;
1574 struct cmd_ctrl_node *cmd_node;
1575 struct host_cmd_ds_802_11_scan_rsp *scan_rsp;
1576 struct mwifiex_ie_types_data *tlv_data;
1577 struct mwifiex_ie_types_tsf_timestamp *tsf_tlv;
1583 struct mwifiex_chan_freq_power *cfp;
1584 struct mwifiex_ie_types_chan_band_list_param_set *chan_band_tlv;
1585 struct chan_band_param_set *chan_band;
1587 unsigned long flags;
1588 struct cfg80211_bss *bss;
1590 is_bgscan_resp = (le16_to_cpu(resp->command)
1591 == HostCmd_CMD_802_11_BG_SCAN_QUERY);
1593 scan_rsp = &resp->params.bg_scan_query_resp.scan_resp;
1595 scan_rsp = &resp->params.scan_resp;
1598 if (scan_rsp->number_of_sets > MWIFIEX_MAX_AP) {
1599 dev_err(adapter->dev, "SCAN_RESP: too many AP returned (%d)\n",
1600 scan_rsp->number_of_sets);
1602 goto check_next_scan;
1605 /* Check csa channel expiry before parsing scan response */
1606 mwifiex_11h_get_csa_closed_channel(priv);
1608 bytes_left = le16_to_cpu(scan_rsp->bss_descript_size);
1609 dev_dbg(adapter->dev, "info: SCAN_RESP: bss_descript_size %d\n",
1612 scan_resp_size = le16_to_cpu(resp->size);
1614 dev_dbg(adapter->dev,
1615 "info: SCAN_RESP: returned %d APs before parsing\n",
1616 scan_rsp->number_of_sets);
1618 bss_info = scan_rsp->bss_desc_and_tlv_buffer;
1621 * The size of the TLV buffer is equal to the entire command response
1622 * size (scan_resp_size) minus the fixed fields (sizeof()'s), the
1623 * BSS Descriptions (bss_descript_size as bytesLef) and the command
1624 * response header (S_DS_GEN)
1626 tlv_buf_size = scan_resp_size - (bytes_left
1627 + sizeof(scan_rsp->bss_descript_size)
1628 + sizeof(scan_rsp->number_of_sets)
1631 tlv_data = (struct mwifiex_ie_types_data *) (scan_rsp->
1632 bss_desc_and_tlv_buffer +
1635 /* Search the TLV buffer space in the scan response for any valid
1637 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
1638 TLV_TYPE_TSFTIMESTAMP,
1639 (struct mwifiex_ie_types_data **)
1642 /* Search the TLV buffer space in the scan response for any valid
1644 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
1645 TLV_TYPE_CHANNELBANDLIST,
1646 (struct mwifiex_ie_types_data **)
1649 for (idx = 0; idx < scan_rsp->number_of_sets && bytes_left; idx++) {
1656 u16 beacon_size = 0;
1660 u16 cap_info_bitmap;
1663 struct mwifiex_bcn_param *bcn_param;
1664 struct mwifiex_bss_priv *bss_priv;
1666 if (bytes_left >= sizeof(beacon_size)) {
1667 /* Extract & convert beacon size from command buffer */
1668 memcpy(&beacon_size, bss_info, sizeof(beacon_size));
1669 bytes_left -= sizeof(beacon_size);
1670 bss_info += sizeof(beacon_size);
1673 if (!beacon_size || beacon_size > bytes_left) {
1674 bss_info += bytes_left;
1677 goto check_next_scan;
1680 /* Initialize the current working beacon pointer for this BSS
1682 current_ptr = bss_info;
1684 /* Advance the return beacon pointer past the current beacon */
1685 bss_info += beacon_size;
1686 bytes_left -= beacon_size;
1688 curr_bcn_bytes = beacon_size;
1691 * First 5 fields are bssid, RSSI, time stamp, beacon interval,
1692 * and capability information
1694 if (curr_bcn_bytes < sizeof(struct mwifiex_bcn_param)) {
1695 dev_err(adapter->dev,
1696 "InterpretIE: not enough bytes left\n");
1699 bcn_param = (struct mwifiex_bcn_param *)current_ptr;
1700 current_ptr += sizeof(*bcn_param);
1701 curr_bcn_bytes -= sizeof(*bcn_param);
1703 memcpy(bssid, bcn_param->bssid, ETH_ALEN);
1705 rssi = (s32) bcn_param->rssi;
1706 rssi = (-rssi) * 100; /* Convert dBm to mBm */
1707 dev_dbg(adapter->dev, "info: InterpretIE: RSSI=%d\n", rssi);
1709 timestamp = le64_to_cpu(bcn_param->timestamp);
1710 beacon_period = le16_to_cpu(bcn_param->beacon_period);
1712 cap_info_bitmap = le16_to_cpu(bcn_param->cap_info_bitmap);
1713 dev_dbg(adapter->dev, "info: InterpretIE: capabilities=0x%X\n",
1716 /* Rest of the current buffer are IE's */
1717 ie_buf = current_ptr;
1718 ie_len = curr_bcn_bytes;
1719 dev_dbg(adapter->dev,
1720 "info: InterpretIE: IELength for this AP = %d\n",
1723 while (curr_bcn_bytes >= sizeof(struct ieee_types_header)) {
1724 u8 element_id, element_len;
1726 element_id = *current_ptr;
1727 element_len = *(current_ptr + 1);
1728 if (curr_bcn_bytes < element_len +
1729 sizeof(struct ieee_types_header)) {
1730 dev_err(priv->adapter->dev,
1731 "%s: bytes left < IE length\n",
1733 goto check_next_scan;
1735 if (element_id == WLAN_EID_DS_PARAMS) {
1736 channel = *(current_ptr + sizeof(struct ieee_types_header));
1740 current_ptr += element_len +
1741 sizeof(struct ieee_types_header);
1742 curr_bcn_bytes -= element_len +
1743 sizeof(struct ieee_types_header);
1747 * If the TSF TLV was appended to the scan results, save this
1748 * entry's TSF value in the fw_tsf field. It is the firmware's
1749 * TSF value at the time the beacon or probe response was
1753 memcpy(&fw_tsf, &tsf_tlv->tsf_data[idx * TSF_DATA_SIZE],
1757 struct ieee80211_channel *chan;
1760 /* Skip entry if on csa closed channel */
1761 if (channel == priv->csa_chan) {
1762 dev_dbg(adapter->dev,
1763 "Dropping entry on csa closed channel\n");
1768 if (chan_band_tlv) {
1770 &chan_band_tlv->chan_band_param[idx];
1771 band = mwifiex_radio_type_to_band(
1772 chan_band->radio_type
1773 & (BIT(0) | BIT(1)));
1776 cfp = mwifiex_get_cfp(priv, band, channel, 0);
1778 freq = cfp ? cfp->freq : 0;
1780 chan = ieee80211_get_channel(priv->wdev->wiphy, freq);
1782 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) {
1783 bss = cfg80211_inform_bss(priv->wdev->wiphy,
1784 chan, bssid, timestamp,
1785 cap_info_bitmap, beacon_period,
1786 ie_buf, ie_len, rssi, GFP_KERNEL);
1787 bss_priv = (struct mwifiex_bss_priv *)bss->priv;
1788 bss_priv->band = band;
1789 bss_priv->fw_tsf = fw_tsf;
1790 if (priv->media_connected &&
1792 priv->curr_bss_params.bss_descriptor
1793 .mac_address, ETH_ALEN))
1794 mwifiex_update_curr_bss_params(priv,
1796 cfg80211_put_bss(priv->wdev->wiphy, bss);
1799 dev_dbg(adapter->dev, "missing BSS channel IE\n");
1804 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1805 if (list_empty(&adapter->scan_pending_q)) {
1806 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1807 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1808 adapter->scan_processing = false;
1809 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1811 /* Need to indicate IOCTL complete */
1812 if (adapter->curr_cmd->wait_q_enabled) {
1813 adapter->cmd_wait_q.status = 0;
1814 if (!priv->scan_request) {
1815 dev_dbg(adapter->dev,
1816 "complete internal scan\n");
1817 mwifiex_complete_cmd(adapter,
1821 if (priv->report_scan_result)
1822 priv->report_scan_result = false;
1824 if (priv->scan_request) {
1825 dev_dbg(adapter->dev, "info: notifying scan done\n");
1826 cfg80211_scan_done(priv->scan_request, 0);
1827 priv->scan_request = NULL;
1829 priv->scan_aborting = false;
1830 dev_dbg(adapter->dev, "info: scan already aborted\n");
1833 if ((priv->scan_aborting && !priv->scan_request) ||
1835 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1837 adapter->scan_delay_cnt = MWIFIEX_MAX_SCAN_DELAY_CNT;
1838 mod_timer(&priv->scan_delay_timer, jiffies);
1839 dev_dbg(priv->adapter->dev,
1840 "info: %s: triggerring scan abort\n", __func__);
1841 } else if (!mwifiex_wmm_lists_empty(adapter) &&
1842 (priv->scan_request && (priv->scan_request->flags &
1843 NL80211_SCAN_FLAG_LOW_PRIORITY))) {
1844 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1846 adapter->scan_delay_cnt = 1;
1847 mod_timer(&priv->scan_delay_timer, jiffies +
1848 msecs_to_jiffies(MWIFIEX_SCAN_DELAY_MSEC));
1849 dev_dbg(priv->adapter->dev,
1850 "info: %s: deferring scan\n", __func__);
1852 /* Get scan command from scan_pending_q and put to
1854 cmd_node = list_first_entry(&adapter->scan_pending_q,
1855 struct cmd_ctrl_node, list);
1856 list_del(&cmd_node->list);
1857 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1859 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1868 * This function prepares command for background scan query.
1870 * Preparation includes -
1871 * - Setting command ID and proper size
1872 * - Setting background scan flush parameter
1873 * - Ensuring correct endian-ness
1875 int mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command *cmd)
1877 struct host_cmd_ds_802_11_bg_scan_query *bg_query =
1878 &cmd->params.bg_scan_query;
1880 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_QUERY);
1881 cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_802_11_bg_scan_query)
1884 bg_query->flush = 1;
1890 * This function inserts scan command node to the scan pending queue.
1893 mwifiex_queue_scan_cmd(struct mwifiex_private *priv,
1894 struct cmd_ctrl_node *cmd_node)
1896 struct mwifiex_adapter *adapter = priv->adapter;
1897 unsigned long flags;
1899 cmd_node->wait_q_enabled = true;
1900 cmd_node->condition = &adapter->scan_wait_q_woken;
1901 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1902 list_add_tail(&cmd_node->list, &adapter->scan_pending_q);
1903 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1907 * This function sends a scan command for all available channels to the
1908 * firmware, filtered on a specific SSID.
1910 static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv,
1911 struct cfg80211_ssid *req_ssid)
1913 struct mwifiex_adapter *adapter = priv->adapter;
1915 struct mwifiex_user_scan_cfg *scan_cfg;
1917 if (adapter->scan_processing) {
1918 dev_err(adapter->dev, "cmd: Scan already in process...\n");
1922 if (priv->scan_block) {
1923 dev_err(adapter->dev,
1924 "cmd: Scan is blocked during association...\n");
1928 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL);
1932 scan_cfg->ssid_list = req_ssid;
1933 scan_cfg->num_ssids = 1;
1935 ret = mwifiex_scan_networks(priv, scan_cfg);
1942 * Sends IOCTL request to start a scan.
1944 * This function allocates the IOCTL request buffer, fills it
1945 * with requisite parameters and calls the IOCTL handler.
1947 * Scan command can be issued for both normal scan and specific SSID
1948 * scan, depending upon whether an SSID is provided or not.
1950 int mwifiex_request_scan(struct mwifiex_private *priv,
1951 struct cfg80211_ssid *req_ssid)
1955 if (down_interruptible(&priv->async_sem)) {
1956 dev_err(priv->adapter->dev, "%s: acquire semaphore\n",
1961 priv->adapter->scan_wait_q_woken = false;
1963 if (req_ssid && req_ssid->ssid_len != 0)
1964 /* Specific SSID scan */
1965 ret = mwifiex_scan_specific_ssid(priv, req_ssid);
1968 ret = mwifiex_scan_networks(priv, NULL);
1970 up(&priv->async_sem);
1976 * This function appends the vendor specific IE TLV to a buffer.
1979 mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv,
1980 u16 vsie_mask, u8 **buffer)
1982 int id, ret_len = 0;
1983 struct mwifiex_ie_types_vendor_param_set *vs_param_set;
1991 * Traverse through the saved vendor specific IE array and append
1992 * the selected(scan/assoc/adhoc) IE as TLV to the command
1994 for (id = 0; id < MWIFIEX_MAX_VSIE_NUM; id++) {
1995 if (priv->vs_ie[id].mask & vsie_mask) {
1997 (struct mwifiex_ie_types_vendor_param_set *)
1999 vs_param_set->header.type =
2000 cpu_to_le16(TLV_TYPE_PASSTHROUGH);
2001 vs_param_set->header.len =
2002 cpu_to_le16((((u16) priv->vs_ie[id].ie[1])
2004 memcpy(vs_param_set->ie, priv->vs_ie[id].ie,
2005 le16_to_cpu(vs_param_set->header.len));
2006 *buffer += le16_to_cpu(vs_param_set->header.len) +
2007 sizeof(struct mwifiex_ie_types_header);
2008 ret_len += le16_to_cpu(vs_param_set->header.len) +
2009 sizeof(struct mwifiex_ie_types_header);
2016 * This function saves a beacon buffer of the current BSS descriptor.
2018 * The current beacon buffer is saved so that it can be restored in the
2019 * following cases that makes the beacon buffer not to contain the current
2020 * ssid's beacon buffer.
2021 * - The current ssid was not found somehow in the last scan.
2022 * - The current ssid was the last entry of the scan table and overloaded.
2025 mwifiex_save_curr_bcn(struct mwifiex_private *priv)
2027 struct mwifiex_bssdescriptor *curr_bss =
2028 &priv->curr_bss_params.bss_descriptor;
2030 if (!curr_bss->beacon_buf_size)
2033 /* allocate beacon buffer at 1st time; or if it's size has changed */
2034 if (!priv->curr_bcn_buf ||
2035 priv->curr_bcn_size != curr_bss->beacon_buf_size) {
2036 priv->curr_bcn_size = curr_bss->beacon_buf_size;
2038 kfree(priv->curr_bcn_buf);
2039 priv->curr_bcn_buf = kmalloc(curr_bss->beacon_buf_size,
2041 if (!priv->curr_bcn_buf)
2045 memcpy(priv->curr_bcn_buf, curr_bss->beacon_buf,
2046 curr_bss->beacon_buf_size);
2047 dev_dbg(priv->adapter->dev, "info: current beacon saved %d\n",
2048 priv->curr_bcn_size);
2050 curr_bss->beacon_buf = priv->curr_bcn_buf;
2052 /* adjust the pointers in the current BSS descriptor */
2053 if (curr_bss->bcn_wpa_ie)
2054 curr_bss->bcn_wpa_ie =
2055 (struct ieee_types_vendor_specific *)
2056 (curr_bss->beacon_buf +
2057 curr_bss->wpa_offset);
2059 if (curr_bss->bcn_rsn_ie)
2060 curr_bss->bcn_rsn_ie = (struct ieee_types_generic *)
2061 (curr_bss->beacon_buf +
2062 curr_bss->rsn_offset);
2064 if (curr_bss->bcn_ht_cap)
2065 curr_bss->bcn_ht_cap = (struct ieee80211_ht_cap *)
2066 (curr_bss->beacon_buf +
2067 curr_bss->ht_cap_offset);
2069 if (curr_bss->bcn_ht_oper)
2070 curr_bss->bcn_ht_oper = (struct ieee80211_ht_operation *)
2071 (curr_bss->beacon_buf +
2072 curr_bss->ht_info_offset);
2074 if (curr_bss->bcn_vht_cap)
2075 curr_bss->bcn_ht_cap = (void *)(curr_bss->beacon_buf +
2076 curr_bss->vht_cap_offset);
2078 if (curr_bss->bcn_vht_oper)
2079 curr_bss->bcn_ht_oper = (void *)(curr_bss->beacon_buf +
2080 curr_bss->vht_info_offset);
2082 if (curr_bss->bcn_bss_co_2040)
2083 curr_bss->bcn_bss_co_2040 =
2084 (curr_bss->beacon_buf + curr_bss->bss_co_2040_offset);
2086 if (curr_bss->bcn_ext_cap)
2087 curr_bss->bcn_ext_cap = curr_bss->beacon_buf +
2088 curr_bss->ext_cap_offset;
2090 if (curr_bss->oper_mode)
2091 curr_bss->oper_mode = (void *)(curr_bss->beacon_buf +
2092 curr_bss->oper_mode_offset);
2096 * This function frees the current BSS descriptor beacon buffer.
2099 mwifiex_free_curr_bcn(struct mwifiex_private *priv)
2101 kfree(priv->curr_bcn_buf);
2102 priv->curr_bcn_buf = NULL;
projects / cascardo / linux.git / blob