linux/net/mac80211/scan.c
<<
>>
Prefs 
   1/*
   2 * Scanning implementation
   3 *
   4 * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
   5 * Copyright 2004, Instant802 Networks, Inc.
   6 * Copyright 2005, Devicescape Software, Inc.
   7 * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
   8 * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
   9 *
  10 * This program is free software; you can redistribute it and/or modify
  11 * it under the terms of the GNU General Public License version 2 as
  12 * published by the Free Software Foundation.
  13 */
  14
  15#include <linux/if_arp.h>
  16#include <linux/rtnetlink.h>
  17#include <linux/pm_qos.h>
  18#include <net/sch_generic.h>
  19#include <linux/slab.h>
  20#include <linux/export.h>
  21#include <net/mac80211.h>
  22
  23#include "ieee80211_i.h"
  24#include "driver-ops.h"
  25#include "mesh.h"
  26
  27#define IEEE80211_PROBE_DELAY (HZ / 33)
  28#define IEEE80211_CHANNEL_TIME (HZ / 33)
  29#define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8)
  30
  31struct ieee80211_bss *
  32ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
  33                     u8 *ssid, u8 ssid_len)
  34{
  35        struct cfg80211_bss *cbss;
  36
  37        cbss = cfg80211_get_bss(local->hw.wiphy,
  38                                ieee80211_get_channel(local->hw.wiphy, freq),
  39                                bssid, ssid, ssid_len, 0, 0);
  40        if (!cbss)
  41                return NULL;
  42        return (void *)cbss->priv;
  43}
  44
  45static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
  46{
  47        struct ieee80211_bss *bss = (void *)cbss->priv;
  48
  49        kfree(bss_mesh_id(bss));
  50        kfree(bss_mesh_cfg(bss));
  51}
  52
  53void ieee80211_rx_bss_put(struct ieee80211_local *local,
  54                          struct ieee80211_bss *bss)
  55{
  56        if (!bss)
  57                return;
  58        cfg80211_put_bss(container_of((void *)bss, struct cfg80211_bss, priv));
  59}
  60
  61static bool is_uapsd_supported(struct ieee802_11_elems *elems)
  62{
  63        u8 qos_info;
  64
  65        if (elems->wmm_info && elems->wmm_info_len == 7
  66            && elems->wmm_info[5] == 1)
  67                qos_info = elems->wmm_info[6];
  68        else if (elems->wmm_param && elems->wmm_param_len == 24
  69                 && elems->wmm_param[5] == 1)
  70                qos_info = elems->wmm_param[6];
  71        else
  72                /* no valid wmm information or parameter element found */
  73                return false;
  74
  75        return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
  76}
  77
  78struct ieee80211_bss *
  79ieee80211_bss_info_update(struct ieee80211_local *local,
  80                          struct ieee80211_rx_status *rx_status,
  81                          struct ieee80211_mgmt *mgmt,
  82                          size_t len,
  83                          struct ieee802_11_elems *elems,
  84                          struct ieee80211_channel *channel,
  85                          bool beacon)
  86{
  87        struct cfg80211_bss *cbss;
  88        struct ieee80211_bss *bss;
  89        int clen, srlen;
  90        s32 signal = 0;
  91
  92        if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
  93                signal = rx_status->signal * 100;
  94        else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
  95                signal = (rx_status->signal * 100) / local->hw.max_signal;
  96
  97        cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
  98                                         mgmt, len, signal, GFP_ATOMIC);
  99
 100        if (!cbss)
 101                return NULL;
 102
 103        cbss->free_priv = ieee80211_rx_bss_free;
 104        bss = (void *)cbss->priv;
 105
 106        /* save the ERP value so that it is available at association time */
 107        if (elems->erp_info && elems->erp_info_len >= 1) {
 108                bss->erp_value = elems->erp_info[0];
 109                bss->has_erp_value = 1;
 110        }
 111
 112        if (elems->tim) {
 113                struct ieee80211_tim_ie *tim_ie =
 114                        (struct ieee80211_tim_ie *)elems->tim;
 115                bss->dtim_period = tim_ie->dtim_period;
 116        }
 117
 118        /* If the beacon had no TIM IE, or it was invalid, use 1 */
 119        if (beacon && !bss->dtim_period)
 120                bss->dtim_period = 1;
 121
 122        /* replace old supported rates if we get new values */
 123        srlen = 0;
 124        if (elems->supp_rates) {
 125                clen = IEEE80211_MAX_SUPP_RATES;
 126                if (clen > elems->supp_rates_len)
 127                        clen = elems->supp_rates_len;
 128                memcpy(bss->supp_rates, elems->supp_rates, clen);
 129                srlen += clen;
 130        }
 131        if (elems->ext_supp_rates) {
 132                clen = IEEE80211_MAX_SUPP_RATES - srlen;
 133                if (clen > elems->ext_supp_rates_len)
 134                        clen = elems->ext_supp_rates_len;
 135                memcpy(bss->supp_rates + srlen, elems->ext_supp_rates, clen);
 136                srlen += clen;
 137        }
 138        if (srlen)
 139                bss->supp_rates_len = srlen;
 140
 141        bss->wmm_used = elems->wmm_param || elems->wmm_info;
 142        bss->uapsd_supported = is_uapsd_supported(elems);
 143
 144        if (!beacon)
 145                bss->last_probe_resp = jiffies;
 146
 147        return bss;
 148}
 149
 150ieee80211_rx_result
 151ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
 152{
 153        struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
 154        struct ieee80211_mgmt *mgmt;
 155        struct ieee80211_bss *bss;
 156        u8 *elements;
 157        struct ieee80211_channel *channel;
 158        size_t baselen;
 159        int freq;
 160        __le16 fc;
 161        bool presp, beacon = false;
 162        struct ieee802_11_elems elems;
 163
 164        if (skb->len < 2)
 165                return RX_DROP_UNUSABLE;
 166
 167        mgmt = (struct ieee80211_mgmt *) skb->data;
 168        fc = mgmt->frame_control;
 169
 170        if (ieee80211_is_ctl(fc))
 171                return RX_CONTINUE;
 172
 173        if (skb->len < 24)
 174                return RX_CONTINUE;
 175
 176        presp = ieee80211_is_probe_resp(fc);
 177        if (presp) {
 178                /* ignore ProbeResp to foreign address */
 179                if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
 180                        return RX_DROP_MONITOR;
 181
 182                presp = true;
 183                elements = mgmt->u.probe_resp.variable;
 184                baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
 185        } else {
 186                beacon = ieee80211_is_beacon(fc);
 187                baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
 188                elements = mgmt->u.beacon.variable;
 189        }
 190
 191        if (!presp && !beacon)
 192                return RX_CONTINUE;
 193
 194        if (baselen > skb->len)
 195                return RX_DROP_MONITOR;
 196
 197        ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
 198
 199        if (elems.ds_params && elems.ds_params_len == 1)
 200                freq = ieee80211_channel_to_frequency(elems.ds_params[0],
 201                                                      rx_status->band);
 202        else
 203                freq = rx_status->freq;
 204
 205        channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
 206
 207        if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
 208                return RX_DROP_MONITOR;
 209
 210        bss = ieee80211_bss_info_update(sdata->local, rx_status,
 211                                        mgmt, skb->len, &elems,
 212                                        channel, beacon);
 213        if (bss)
 214                ieee80211_rx_bss_put(sdata->local, bss);
 215
 216        /* If we are on-operating-channel, and this packet is for the
 217         * current channel, pass the pkt on up the stack so that
 218         * the rest of the stack can make use of it.
 219         */
 220        if (ieee80211_cfg_on_oper_channel(sdata->local)
 221            && (channel == sdata->local->oper_channel))
 222                return RX_CONTINUE;
 223
 224        dev_kfree_skb(skb);
 225        return RX_QUEUED;
 226}
 227
 228/* return false if no more work */
 229static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
 230{
 231        struct cfg80211_scan_request *req = local->scan_req;
 232        enum ieee80211_band band;
 233        int i, ielen, n_chans;
 234
 235        do {
 236                if (local->hw_scan_band == IEEE80211_NUM_BANDS)
 237                        return false;
 238
 239                band = local->hw_scan_band;
 240                n_chans = 0;
 241                for (i = 0; i < req->n_channels; i++) {
 242                        if (req->channels[i]->band == band) {
 243                                local->hw_scan_req->channels[n_chans] =
 244                                                        req->channels[i];
 245                                n_chans++;
 246                        }
 247                }
 248
 249                local->hw_scan_band++;
 250        } while (!n_chans);
 251
 252        local->hw_scan_req->n_channels = n_chans;
 253
 254        ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
 255                                         req->ie, req->ie_len, band,
 256                                         req->rates[band], 0);
 257        local->hw_scan_req->ie_len = ielen;
 258        local->hw_scan_req->no_cck = req->no_cck;
 259
 260        return true;
 261}
 262
 263static void __ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted,
 264                                       bool was_hw_scan)
 265{
 266        struct ieee80211_local *local = hw_to_local(hw);
 267        bool on_oper_chan;
 268        bool enable_beacons = false;
 269
 270        lockdep_assert_held(&local->mtx);
 271
 272        /*
 273         * It's ok to abort a not-yet-running scan (that
 274         * we have one at all will be verified by checking
 275         * local->scan_req next), but not to complete it
 276         * successfully.
 277         */
 278        if (WARN_ON(!local->scanning && !aborted))
 279                aborted = true;
 280
 281        if (WARN_ON(!local->scan_req))
 282                return;
 283
 284        if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
 285                int rc = drv_hw_scan(local, local->scan_sdata, local->hw_scan_req);
 286                if (rc == 0)
 287                        return;
 288        }
 289
 290        kfree(local->hw_scan_req);
 291        local->hw_scan_req = NULL;
 292
 293        if (local->scan_req != local->int_scan_req)
 294                cfg80211_scan_done(local->scan_req, aborted);
 295        local->scan_req = NULL;
 296        local->scan_sdata = NULL;
 297
 298        local->scanning = 0;
 299        local->scan_channel = NULL;
 300
 301        on_oper_chan = ieee80211_cfg_on_oper_channel(local);
 302
 303        if (was_hw_scan || !on_oper_chan)
 304                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 305        else
 306                /* Set power back to normal operating levels. */
 307                ieee80211_hw_config(local, 0);
 308
 309        if (!was_hw_scan) {
 310                bool on_oper_chan2;
 311                ieee80211_configure_filter(local);
 312                drv_sw_scan_complete(local);
 313                on_oper_chan2 = ieee80211_cfg_on_oper_channel(local);
 314                /* We should always be on-channel at this point. */
 315                WARN_ON(!on_oper_chan2);
 316                if (on_oper_chan2 && (on_oper_chan != on_oper_chan2))
 317                        enable_beacons = true;
 318
 319                ieee80211_offchannel_return(local, enable_beacons, true);
 320        }
 321
 322        ieee80211_recalc_idle(local);
 323
 324        ieee80211_mlme_notify_scan_completed(local);
 325        ieee80211_ibss_notify_scan_completed(local);
 326        ieee80211_mesh_notify_scan_completed(local);
 327        ieee80211_queue_work(&local->hw, &local->work_work);
 328}
 329
 330void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
 331{
 332        struct ieee80211_local *local = hw_to_local(hw);
 333
 334        trace_api_scan_completed(local, aborted);
 335
 336        set_bit(SCAN_COMPLETED, &local->scanning);
 337        if (aborted)
 338                set_bit(SCAN_ABORTED, &local->scanning);
 339        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, 0);
 340}
 341EXPORT_SYMBOL(ieee80211_scan_completed);
 342
 343static int ieee80211_start_sw_scan(struct ieee80211_local *local)
 344{
 345        /*
 346         * Hardware/driver doesn't support hw_scan, so use software
 347         * scanning instead. First send a nullfunc frame with power save
 348         * bit on so that AP will buffer the frames for us while we are not
 349         * listening, then send probe requests to each channel and wait for
 350         * the responses. After all channels are scanned, tune back to the
 351         * original channel and send a nullfunc frame with power save bit
 352         * off to trigger the AP to send us all the buffered frames.
 353         *
 354         * Note that while local->sw_scanning is true everything else but
 355         * nullfunc frames and probe requests will be dropped in
 356         * ieee80211_tx_h_check_assoc().
 357         */
 358        drv_sw_scan_start(local);
 359
 360        local->leave_oper_channel_time = 0;
 361        local->next_scan_state = SCAN_DECISION;
 362        local->scan_channel_idx = 0;
 363
 364        /* We always want to use off-channel PS, even if we
 365         * are not really leaving oper-channel.  Don't
 366         * tell the AP though, as long as we are on-channel.
 367         */
 368        ieee80211_offchannel_enable_all_ps(local, false);
 369
 370        ieee80211_configure_filter(local);
 371
 372        /* We need to set power level at maximum rate for scanning. */
 373        ieee80211_hw_config(local, 0);
 374
 375        ieee80211_queue_delayed_work(&local->hw,
 376                                     &local->scan_work,
 377                                     IEEE80211_CHANNEL_TIME);
 378
 379        return 0;
 380}
 381
 382
 383static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
 384                                  struct cfg80211_scan_request *req)
 385{
 386        struct ieee80211_local *local = sdata->local;
 387        int rc;
 388
 389        lockdep_assert_held(&local->mtx);
 390
 391        if (local->scan_req)
 392                return -EBUSY;
 393
 394        if (!list_empty(&local->work_list)) {
 395                /* wait for the work to finish/time out */
 396                local->scan_req = req;
 397                local->scan_sdata = sdata;
 398                return 0;
 399        }
 400
 401        if (local->ops->hw_scan) {
 402                u8 *ies;
 403
 404                local->hw_scan_req = kmalloc(
 405                                sizeof(*local->hw_scan_req) +
 406                                req->n_channels * sizeof(req->channels[0]) +
 407                                2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
 408                                req->ie_len, GFP_KERNEL);
 409                if (!local->hw_scan_req)
 410                        return -ENOMEM;
 411
 412                local->hw_scan_req->ssids = req->ssids;
 413                local->hw_scan_req->n_ssids = req->n_ssids;
 414                ies = (u8 *)local->hw_scan_req +
 415                        sizeof(*local->hw_scan_req) +
 416                        req->n_channels * sizeof(req->channels[0]);
 417                local->hw_scan_req->ie = ies;
 418
 419                local->hw_scan_band = 0;
 420
 421                /*
 422                 * After allocating local->hw_scan_req, we must
 423                 * go through until ieee80211_prep_hw_scan(), so
 424                 * anything that might be changed here and leave
 425                 * this function early must not go after this
 426                 * allocation.
 427                 */
 428        }
 429
 430        local->scan_req = req;
 431        local->scan_sdata = sdata;
 432
 433        if (local->ops->hw_scan)
 434                __set_bit(SCAN_HW_SCANNING, &local->scanning);
 435        else
 436                __set_bit(SCAN_SW_SCANNING, &local->scanning);
 437
 438        ieee80211_recalc_idle(local);
 439
 440        if (local->ops->hw_scan) {
 441                WARN_ON(!ieee80211_prep_hw_scan(local));
 442                rc = drv_hw_scan(local, sdata, local->hw_scan_req);
 443        } else
 444                rc = ieee80211_start_sw_scan(local);
 445
 446        if (rc) {
 447                kfree(local->hw_scan_req);
 448                local->hw_scan_req = NULL;
 449                local->scanning = 0;
 450
 451                ieee80211_recalc_idle(local);
 452
 453                local->scan_req = NULL;
 454                local->scan_sdata = NULL;
 455        }
 456
 457        return rc;
 458}
 459
 460static unsigned long
 461ieee80211_scan_get_channel_time(struct ieee80211_channel *chan)
 462{
 463        /*
 464         * TODO: channel switching also consumes quite some time,
 465         * add that delay as well to get a better estimation
 466         */
 467        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
 468                return IEEE80211_PASSIVE_CHANNEL_TIME;
 469        return IEEE80211_PROBE_DELAY + IEEE80211_CHANNEL_TIME;
 470}
 471
 472static void ieee80211_scan_state_decision(struct ieee80211_local *local,
 473                                          unsigned long *next_delay)
 474{
 475        bool associated = false;
 476        bool tx_empty = true;
 477        bool bad_latency;
 478        bool listen_int_exceeded;
 479        unsigned long min_beacon_int = 0;
 480        struct ieee80211_sub_if_data *sdata;
 481        struct ieee80211_channel *next_chan;
 482
 483        /*
 484         * check if at least one STA interface is associated,
 485         * check if at least one STA interface has pending tx frames
 486         * and grab the lowest used beacon interval
 487         */
 488        mutex_lock(&local->iflist_mtx);
 489        list_for_each_entry(sdata, &local->interfaces, list) {
 490                if (!ieee80211_sdata_running(sdata))
 491                        continue;
 492
 493                if (sdata->vif.type == NL80211_IFTYPE_STATION) {
 494                        if (sdata->u.mgd.associated) {
 495                                associated = true;
 496
 497                                if (sdata->vif.bss_conf.beacon_int <
 498                                    min_beacon_int || min_beacon_int == 0)
 499                                        min_beacon_int =
 500                                                sdata->vif.bss_conf.beacon_int;
 501
 502                                if (!qdisc_all_tx_empty(sdata->dev)) {
 503                                        tx_empty = false;
 504                                        break;
 505                                }
 506                        }
 507                }
 508        }
 509        mutex_unlock(&local->iflist_mtx);
 510
 511        next_chan = local->scan_req->channels[local->scan_channel_idx];
 512
 513        if (ieee80211_cfg_on_oper_channel(local)) {
 514                /* We're currently on operating channel. */
 515                if (next_chan == local->oper_channel)
 516                        /* We don't need to move off of operating channel. */
 517                        local->next_scan_state = SCAN_SET_CHANNEL;
 518                else
 519                        /*
 520                         * We do need to leave operating channel, as next
 521                         * scan is somewhere else.
 522                         */
 523                        local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
 524        } else {
 525                /*
 526                 * we're currently scanning a different channel, let's
 527                 * see if we can scan another channel without interfering
 528                 * with the current traffic situation.
 529                 *
 530                 * Since we don't know if the AP has pending frames for us
 531                 * we can only check for our tx queues and use the current
 532                 * pm_qos requirements for rx. Hence, if no tx traffic occurs
 533                 * at all we will scan as many channels in a row as the pm_qos
 534                 * latency allows us to. Additionally we also check for the
 535                 * currently negotiated listen interval to prevent losing
 536                 * frames unnecessarily.
 537                 *
 538                 * Otherwise switch back to the operating channel.
 539                 */
 540
 541                bad_latency = time_after(jiffies +
 542                                ieee80211_scan_get_channel_time(next_chan),
 543                                local->leave_oper_channel_time +
 544                                usecs_to_jiffies(pm_qos_request(PM_QOS_NETWORK_LATENCY)));
 545
 546                listen_int_exceeded = time_after(jiffies +
 547                                ieee80211_scan_get_channel_time(next_chan),
 548                                local->leave_oper_channel_time +
 549                                usecs_to_jiffies(min_beacon_int * 1024) *
 550                                local->hw.conf.listen_interval);
 551
 552                if (associated && ( !tx_empty || bad_latency ||
 553                    listen_int_exceeded))
 554                        local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
 555                else
 556                        local->next_scan_state = SCAN_SET_CHANNEL;
 557        }
 558
 559        *next_delay = 0;
 560}
 561
 562static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
 563                                                    unsigned long *next_delay)
 564{
 565        /* PS will already be in off-channel mode,
 566         * we do that once at the beginning of scanning.
 567         */
 568        ieee80211_offchannel_stop_vifs(local, false);
 569
 570        /*
 571         * What if the nullfunc frames didn't arrive?
 572         */
 573        drv_flush(local, false);
 574        if (local->ops->flush)
 575                *next_delay = 0;
 576        else
 577                *next_delay = HZ / 10;
 578
 579        /* remember when we left the operating channel */
 580        local->leave_oper_channel_time = jiffies;
 581
 582        /* advance to the next channel to be scanned */
 583        local->next_scan_state = SCAN_SET_CHANNEL;
 584}
 585
 586static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local,
 587                                                    unsigned long *next_delay)
 588{
 589        /* switch back to the operating channel */
 590        local->scan_channel = NULL;
 591        if (!ieee80211_cfg_on_oper_channel(local))
 592                ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
 593
 594        /*
 595         * Re-enable vifs and beaconing.  Leave PS
 596         * in off-channel state..will put that back
 597         * on-channel at the end of scanning.
 598         */
 599        ieee80211_offchannel_return(local, true, false);
 600
 601        *next_delay = HZ / 5;
 602        local->next_scan_state = SCAN_DECISION;
 603}
 604
 605static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
 606                                             unsigned long *next_delay)
 607{
 608        int skip;
 609        struct ieee80211_channel *chan;
 610
 611        skip = 0;
 612        chan = local->scan_req->channels[local->scan_channel_idx];
 613
 614        local->scan_channel = chan;
 615
 616        /* Only call hw-config if we really need to change channels. */
 617        if (chan != local->hw.conf.channel)
 618                if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
 619                        skip = 1;
 620
 621        /* advance state machine to next channel/band */
 622        local->scan_channel_idx++;
 623
 624        if (skip) {
 625                /* if we skip this channel return to the decision state */
 626                local->next_scan_state = SCAN_DECISION;
 627                return;
 628        }
 629
 630        /*
 631         * Probe delay is used to update the NAV, cf. 11.1.3.2.2
 632         * (which unfortunately doesn't say _why_ step a) is done,
 633         * but it waits for the probe delay or until a frame is
 634         * received - and the received frame would update the NAV).
 635         * For now, we do not support waiting until a frame is
 636         * received.
 637         *
 638         * In any case, it is not necessary for a passive scan.
 639         */
 640        if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
 641            !local->scan_req->n_ssids) {
 642                *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
 643                local->next_scan_state = SCAN_DECISION;
 644                return;
 645        }
 646
 647        /* active scan, send probes */
 648        *next_delay = IEEE80211_PROBE_DELAY;
 649        local->next_scan_state = SCAN_SEND_PROBE;
 650}
 651
 652static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
 653                                            unsigned long *next_delay)
 654{
 655        int i;
 656        struct ieee80211_sub_if_data *sdata = local->scan_sdata;
 657        enum ieee80211_band band = local->hw.conf.channel->band;
 658
 659        for (i = 0; i < local->scan_req->n_ssids; i++)
 660                ieee80211_send_probe_req(
 661                        sdata, NULL,
 662                        local->scan_req->ssids[i].ssid,
 663                        local->scan_req->ssids[i].ssid_len,
 664                        local->scan_req->ie, local->scan_req->ie_len,
 665                        local->scan_req->rates[band], false,
 666                        local->scan_req->no_cck);
 667
 668        /*
 669         * After sending probe requests, wait for probe responses
 670         * on the channel.
 671         */
 672        *next_delay = IEEE80211_CHANNEL_TIME;
 673        local->next_scan_state = SCAN_DECISION;
 674}
 675
 676void ieee80211_scan_work(struct work_struct *work)
 677{
 678        struct ieee80211_local *local =
 679                container_of(work, struct ieee80211_local, scan_work.work);
 680        struct ieee80211_sub_if_data *sdata;
 681        unsigned long next_delay = 0;
 682        bool aborted, hw_scan;
 683
 684        mutex_lock(&local->mtx);
 685
 686        sdata = local->scan_sdata;
 687
 688        if (test_and_clear_bit(SCAN_COMPLETED, &local->scanning)) {
 689                aborted = test_and_clear_bit(SCAN_ABORTED, &local->scanning);
 690                goto out_complete;
 691        }
 692
 693        if (!sdata || !local->scan_req)
 694                goto out;
 695
 696        if (local->scan_req && !local->scanning) {
 697                struct cfg80211_scan_request *req = local->scan_req;
 698                int rc;
 699
 700                local->scan_req = NULL;
 701                local->scan_sdata = NULL;
 702
 703                rc = __ieee80211_start_scan(sdata, req);
 704                if (rc) {
 705                        /* need to complete scan in cfg80211 */
 706                        local->scan_req = req;
 707                        aborted = true;
 708                        goto out_complete;
 709                } else
 710                        goto out;
 711        }
 712
 713        /*
 714         * Avoid re-scheduling when the sdata is going away.
 715         */
 716        if (!ieee80211_sdata_running(sdata)) {
 717                aborted = true;
 718                goto out_complete;
 719        }
 720
 721        /*
 722         * as long as no delay is required advance immediately
 723         * without scheduling a new work
 724         */
 725        do {
 726                if (!ieee80211_sdata_running(sdata)) {
 727                        aborted = true;
 728                        goto out_complete;
 729                }
 730
 731                switch (local->next_scan_state) {
 732                case SCAN_DECISION:
 733                        /* if no more bands/channels left, complete scan */
 734                        if (local->scan_channel_idx >= local->scan_req->n_channels) {
 735                                aborted = false;
 736                                goto out_complete;
 737                        }
 738                        ieee80211_scan_state_decision(local, &next_delay);
 739                        break;
 740                case SCAN_SET_CHANNEL:
 741                        ieee80211_scan_state_set_channel(local, &next_delay);
 742                        break;
 743                case SCAN_SEND_PROBE:
 744                        ieee80211_scan_state_send_probe(local, &next_delay);
 745                        break;
 746                case SCAN_LEAVE_OPER_CHANNEL:
 747                        ieee80211_scan_state_leave_oper_channel(local, &next_delay);
 748                        break;
 749                case SCAN_ENTER_OPER_CHANNEL:
 750                        ieee80211_scan_state_enter_oper_channel(local, &next_delay);
 751                        break;
 752                }
 753        } while (next_delay == 0);
 754
 755        ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
 756        goto out;
 757
 758out_complete:
 759        hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
 760        __ieee80211_scan_completed(&local->hw, aborted, hw_scan);
 761out:
 762        mutex_unlock(&local->mtx);
 763}
 764
 765int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
 766                           struct cfg80211_scan_request *req)
 767{
 768        int res;
 769
 770        mutex_lock(&sdata->local->mtx);
 771        res = __ieee80211_start_scan(sdata, req);
 772        mutex_unlock(&sdata->local->mtx);
 773
 774        return res;
 775}
 776
 777int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
 778                                    const u8 *ssid, u8 ssid_len,
 779                                    struct ieee80211_channel *chan)
 780{
 781        struct ieee80211_local *local = sdata->local;
 782        int ret = -EBUSY;
 783        enum ieee80211_band band;
 784
 785        mutex_lock(&local->mtx);
 786
 787        /* busy scanning */
 788        if (local->scan_req)
 789                goto unlock;
 790
 791        /* fill internal scan request */
 792        if (!chan) {
 793                int i, nchan = 0;
 794
 795                for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
 796                        if (!local->hw.wiphy->bands[band])
 797                                continue;
 798                        for (i = 0;
 799                             i < local->hw.wiphy->bands[band]->n_channels;
 800                             i++) {
 801                                local->int_scan_req->channels[nchan] =
 802                                    &local->hw.wiphy->bands[band]->channels[i];
 803                                nchan++;
 804                        }
 805                }
 806
 807                local->int_scan_req->n_channels = nchan;
 808        } else {
 809                local->int_scan_req->channels[0] = chan;
 810                local->int_scan_req->n_channels = 1;
 811        }
 812
 813        local->int_scan_req->ssids = &local->scan_ssid;
 814        local->int_scan_req->n_ssids = 1;
 815        memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
 816        local->int_scan_req->ssids[0].ssid_len = ssid_len;
 817
 818        ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
 819 unlock:
 820        mutex_unlock(&local->mtx);
 821        return ret;
 822}
 823
 824/*
 825 * Only call this function when a scan can't be queued -- under RTNL.
 826 */
 827void ieee80211_scan_cancel(struct ieee80211_local *local)
 828{
 829        /*
 830         * We are canceling software scan, or deferred scan that was not
 831         * yet really started (see __ieee80211_start_scan ).
 832         *
 833         * Regarding hardware scan:
 834         * - we can not call  __ieee80211_scan_completed() as when
 835         *   SCAN_HW_SCANNING bit is set this function change
 836         *   local->hw_scan_req to operate on 5G band, what race with
 837         *   driver which can use local->hw_scan_req
 838         *
 839         * - we can not cancel scan_work since driver can schedule it
 840         *   by ieee80211_scan_completed(..., true) to finish scan
 841         *
 842         * Hence we only call the cancel_hw_scan() callback, but the low-level
 843         * driver is still responsible for calling ieee80211_scan_completed()
 844         * after the scan was completed/aborted.
 845         */
 846
 847        mutex_lock(&local->mtx);
 848        if (!local->scan_req)
 849                goto out;
 850
 851        if (test_bit(SCAN_HW_SCANNING, &local->scanning)) {
 852                if (local->ops->cancel_hw_scan)
 853                        drv_cancel_hw_scan(local, local->scan_sdata);
 854                goto out;
 855        }
 856
 857        /*
 858         * If the work is currently running, it must be blocked on
 859         * the mutex, but we'll set scan_sdata = NULL and it'll
 860         * simply exit once it acquires the mutex.
 861         */
 862        cancel_delayed_work(&local->scan_work);
 863        /* and clean up */
 864        __ieee80211_scan_completed(&local->hw, true, false);
 865out:
 866        mutex_unlock(&local->mtx);
 867}
 868
 869int ieee80211_request_sched_scan_start(struct ieee80211_sub_if_data *sdata,
 870                                       struct cfg80211_sched_scan_request *req)
 871{
 872        struct ieee80211_local *local = sdata->local;
 873        int ret, i;
 874
 875        mutex_lock(&sdata->local->mtx);
 876
 877        if (local->sched_scanning) {
 878                ret = -EBUSY;
 879                goto out;
 880        }
 881
 882        if (!local->ops->sched_scan_start) {
 883                ret = -ENOTSUPP;
 884                goto out;
 885        }
 886
 887        for (i = 0; i < IEEE80211_NUM_BANDS; i++) {
 888                local->sched_scan_ies.ie[i] = kzalloc(2 +
 889                                                      IEEE80211_MAX_SSID_LEN +
 890                                                      local->scan_ies_len +
 891                                                      req->ie_len,
 892                                                      GFP_KERNEL);
 893                if (!local->sched_scan_ies.ie[i]) {
 894                        ret = -ENOMEM;
 895                        goto out_free;
 896                }
 897
 898                local->sched_scan_ies.len[i] =
 899                        ieee80211_build_preq_ies(local,
 900                                                 local->sched_scan_ies.ie[i],
 901                                                 req->ie, req->ie_len, i,
 902                                                 (u32) -1, 0);
 903        }
 904
 905        ret = drv_sched_scan_start(local, sdata, req,
 906                                   &local->sched_scan_ies);
 907        if (ret == 0) {
 908                local->sched_scanning = true;
 909                goto out;
 910        }
 911
 912out_free:
 913        while (i > 0)
 914                kfree(local->sched_scan_ies.ie[--i]);
 915out:
 916        mutex_unlock(&sdata->local->mtx);
 917        return ret;
 918}
 919
 920int ieee80211_request_sched_scan_stop(struct ieee80211_sub_if_data *sdata)
 921{
 922        struct ieee80211_local *local = sdata->local;
 923        int ret = 0, i;
 924
 925        mutex_lock(&sdata->local->mtx);
 926
 927        if (!local->ops->sched_scan_stop) {
 928                ret = -ENOTSUPP;
 929                goto out;
 930        }
 931
 932        if (local->sched_scanning) {
 933                for (i = 0; i < IEEE80211_NUM_BANDS; i++)
 934                        kfree(local->sched_scan_ies.ie[i]);
 935
 936                drv_sched_scan_stop(local, sdata);
 937                local->sched_scanning = false;
 938        }
 939out:
 940        mutex_unlock(&sdata->local->mtx);
 941
 942        return ret;
 943}
 944
 945void ieee80211_sched_scan_results(struct ieee80211_hw *hw)
 946{
 947        struct ieee80211_local *local = hw_to_local(hw);
 948
 949        trace_api_sched_scan_results(local);
 950
 951        cfg80211_sched_scan_results(hw->wiphy);
 952}
 953EXPORT_SYMBOL(ieee80211_sched_scan_results);
 954
 955void ieee80211_sched_scan_stopped_work(struct work_struct *work)
 956{
 957        struct ieee80211_local *local =
 958                container_of(work, struct ieee80211_local,
 959                             sched_scan_stopped_work);
 960        int i;
 961
 962        mutex_lock(&local->mtx);
 963
 964        if (!local->sched_scanning) {
 965                mutex_unlock(&local->mtx);
 966                return;
 967        }
 968
 969        for (i = 0; i < IEEE80211_NUM_BANDS; i++)
 970                kfree(local->sched_scan_ies.ie[i]);
 971
 972        local->sched_scanning = false;
 973
 974        mutex_unlock(&local->mtx);
 975
 976        cfg80211_sched_scan_stopped(local->hw.wiphy);
 977}
 978
 979void ieee80211_sched_scan_stopped(struct ieee80211_hw *hw)
 980{
 981        struct ieee80211_local *local = hw_to_local(hw);
 982
 983        trace_api_sched_scan_stopped(local);
 984
 985        ieee80211_queue_work(&local->hw, &local->sched_scan_stopped_work);
 986}
 987EXPORT_SYMBOL(ieee80211_sched_scan_stopped);
 988
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.