2 * Marvell Wireless LAN device driver: scan ioctl and command handling
4 * Copyright (C) 2011-2014, Marvell International Ltd.
6 * This software file (the "File") is distributed by Marvell International
7 * Ltd. under the terms of the GNU General Public License Version 2, June 1991
8 * (the "License"). You may use, redistribute and/or modify this File in
9 * accordance with the terms and conditions of the License, a copy of which
10 * is available by writing to the Free Software Foundation, Inc.,
11 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA or on the
12 * worldwide web at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
14 * THE FILE IS DISTRIBUTED AS-IS, WITHOUT WARRANTY OF ANY KIND, AND THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE
16 * ARE EXPRESSLY DISCLAIMED. The License provides additional details about
17 * this warranty disclaimer.
28 /* The maximum number of channels the firmware can scan per command */
29 #define MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN 14
31 #define MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD 4
33 /* Memory needed to store a max sized Channel List TLV for a firmware scan */
34 #define CHAN_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_header) \
35 + (MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN \
36 *sizeof(struct mwifiex_chan_scan_param_set)))
38 /* Memory needed to store supported rate */
39 #define RATE_TLV_MAX_SIZE (sizeof(struct mwifiex_ie_types_rates_param_set) \
40 + HOSTCMD_SUPPORTED_RATES)
42 /* Memory needed to store a max number/size WildCard SSID TLV for a firmware
44 #define WILDCARD_SSID_TLV_MAX_SIZE \
45 (MWIFIEX_MAX_SSID_LIST_LENGTH * \
46 (sizeof(struct mwifiex_ie_types_wildcard_ssid_params) \
47 + IEEE80211_MAX_SSID_LEN))
49 /* Maximum memory needed for a mwifiex_scan_cmd_config with all TLVs at max */
50 #define MAX_SCAN_CFG_ALLOC (sizeof(struct mwifiex_scan_cmd_config) \
51 + sizeof(struct mwifiex_ie_types_num_probes) \
52 + sizeof(struct mwifiex_ie_types_htcap) \
55 + WILDCARD_SSID_TLV_MAX_SIZE)
58 union mwifiex_scan_cmd_config_tlv {
59 /* Scan configuration (variable length) */
60 struct mwifiex_scan_cmd_config config;
61 /* Max allocated block */
62 u8 config_alloc_buf[MAX_SCAN_CFG_ALLOC];
70 static u8 mwifiex_wpa_oui[CIPHER_SUITE_MAX][4] = {
71 { 0x00, 0x50, 0xf2, 0x02 }, /* TKIP */
72 { 0x00, 0x50, 0xf2, 0x04 }, /* AES */
74 static u8 mwifiex_rsn_oui[CIPHER_SUITE_MAX][4] = {
75 { 0x00, 0x0f, 0xac, 0x02 }, /* TKIP */
76 { 0x00, 0x0f, 0xac, 0x04 }, /* AES */
80 * This function parses a given IE for a given OUI.
82 * This is used to parse a WPA/RSN IE to find if it has
86 mwifiex_search_oui_in_ie(struct ie_body *iebody, u8 *oui)
90 count = iebody->ptk_cnt[0];
92 /* There could be multiple OUIs for PTK hence
94 2) Check all the OUIs for AES.
95 3) If one of them is AES then pass success. */
97 if (!memcmp(iebody->ptk_body, oui, sizeof(iebody->ptk_body)))
98 return MWIFIEX_OUI_PRESENT;
102 iebody = (struct ie_body *) ((u8 *) iebody +
103 sizeof(iebody->ptk_body));
106 pr_debug("info: %s: OUI is not found in PTK\n", __func__);
107 return MWIFIEX_OUI_NOT_PRESENT;
111 * This function checks if a given OUI is present in a RSN IE.
113 * The function first checks if a RSN IE is present or not in the
114 * BSS descriptor. It tries to locate the OUI only if such an IE is
118 mwifiex_is_rsn_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
121 struct ie_body *iebody;
122 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
124 if (((bss_desc->bcn_rsn_ie) && ((*(bss_desc->bcn_rsn_ie)).
125 ieee_hdr.element_id == WLAN_EID_RSN))) {
126 iebody = (struct ie_body *)
127 (((u8 *) bss_desc->bcn_rsn_ie->data) +
129 oui = &mwifiex_rsn_oui[cipher][0];
130 ret = mwifiex_search_oui_in_ie(iebody, oui);
138 * This function checks if a given OUI is present in a WPA IE.
140 * The function first checks if a WPA IE is present or not in the
141 * BSS descriptor. It tries to locate the OUI only if such an IE is
145 mwifiex_is_wpa_oui_present(struct mwifiex_bssdescriptor *bss_desc, u32 cipher)
148 struct ie_body *iebody;
149 u8 ret = MWIFIEX_OUI_NOT_PRESENT;
151 if (((bss_desc->bcn_wpa_ie) &&
152 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id ==
153 WLAN_EID_VENDOR_SPECIFIC))) {
154 iebody = (struct ie_body *) bss_desc->bcn_wpa_ie->data;
155 oui = &mwifiex_wpa_oui[cipher][0];
156 ret = mwifiex_search_oui_in_ie(iebody, oui);
164 * This function compares two SSIDs and checks if they match.
167 mwifiex_ssid_cmp(struct cfg80211_ssid *ssid1, struct cfg80211_ssid *ssid2)
169 if (!ssid1 || !ssid2 || (ssid1->ssid_len != ssid2->ssid_len))
171 return memcmp(ssid1->ssid, ssid2->ssid, ssid1->ssid_len);
175 * This function checks if wapi is enabled in driver and scanned network is
176 * compatible with it.
179 mwifiex_is_bss_wapi(struct mwifiex_private *priv,
180 struct mwifiex_bssdescriptor *bss_desc)
182 if (priv->sec_info.wapi_enabled &&
183 (bss_desc->bcn_wapi_ie &&
184 ((*(bss_desc->bcn_wapi_ie)).ieee_hdr.element_id ==
185 WLAN_EID_BSS_AC_ACCESS_DELAY))) {
192 * This function checks if driver is configured with no security mode and
193 * scanned network is compatible with it.
196 mwifiex_is_bss_no_sec(struct mwifiex_private *priv,
197 struct mwifiex_bssdescriptor *bss_desc)
199 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
200 !priv->sec_info.wpa2_enabled && ((!bss_desc->bcn_wpa_ie) ||
201 ((*(bss_desc->bcn_wpa_ie)).vend_hdr.element_id !=
202 WLAN_EID_VENDOR_SPECIFIC)) &&
203 ((!bss_desc->bcn_rsn_ie) ||
204 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id !=
206 !priv->sec_info.encryption_mode && !bss_desc->privacy) {
213 * This function checks if static WEP is enabled in driver and scanned network
214 * is compatible with it.
217 mwifiex_is_bss_static_wep(struct mwifiex_private *priv,
218 struct mwifiex_bssdescriptor *bss_desc)
220 if (priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
221 !priv->sec_info.wpa2_enabled && bss_desc->privacy) {
228 * This function checks if wpa is enabled in driver and scanned network is
229 * compatible with it.
232 mwifiex_is_bss_wpa(struct mwifiex_private *priv,
233 struct mwifiex_bssdescriptor *bss_desc)
235 if (!priv->sec_info.wep_enabled && priv->sec_info.wpa_enabled &&
236 !priv->sec_info.wpa2_enabled && ((bss_desc->bcn_wpa_ie) &&
237 ((*(bss_desc->bcn_wpa_ie)).
238 vend_hdr.element_id == WLAN_EID_VENDOR_SPECIFIC))
240 * Privacy bit may NOT be set in some APs like
241 * LinkSys WRT54G && bss_desc->privacy
244 mwifiex_dbg(priv->adapter, INFO,
246 "wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s\t"
247 "EncMode=%#x privacy=%#x\n", __func__,
248 (bss_desc->bcn_wpa_ie) ?
249 (*bss_desc->bcn_wpa_ie).
250 vend_hdr.element_id : 0,
251 (bss_desc->bcn_rsn_ie) ?
252 (*bss_desc->bcn_rsn_ie).
253 ieee_hdr.element_id : 0,
254 (priv->sec_info.wep_enabled) ? "e" : "d",
255 (priv->sec_info.wpa_enabled) ? "e" : "d",
256 (priv->sec_info.wpa2_enabled) ? "e" : "d",
257 priv->sec_info.encryption_mode,
265 * This function checks if wpa2 is enabled in driver and scanned network is
266 * compatible with it.
269 mwifiex_is_bss_wpa2(struct mwifiex_private *priv,
270 struct mwifiex_bssdescriptor *bss_desc)
272 if (!priv->sec_info.wep_enabled &&
273 !priv->sec_info.wpa_enabled &&
274 priv->sec_info.wpa2_enabled &&
275 ((bss_desc->bcn_rsn_ie) &&
276 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id == WLAN_EID_RSN))) {
278 * Privacy bit may NOT be set in some APs like
279 * LinkSys WRT54G && bss_desc->privacy
281 mwifiex_dbg(priv->adapter, INFO,
283 "wpa_ie=%#x wpa2_ie=%#x WEP=%s WPA=%s WPA2=%s\t"
284 "EncMode=%#x privacy=%#x\n", __func__,
285 (bss_desc->bcn_wpa_ie) ?
286 (*bss_desc->bcn_wpa_ie).
287 vend_hdr.element_id : 0,
288 (bss_desc->bcn_rsn_ie) ?
289 (*bss_desc->bcn_rsn_ie).
290 ieee_hdr.element_id : 0,
291 (priv->sec_info.wep_enabled) ? "e" : "d",
292 (priv->sec_info.wpa_enabled) ? "e" : "d",
293 (priv->sec_info.wpa2_enabled) ? "e" : "d",
294 priv->sec_info.encryption_mode,
302 * This function checks if adhoc AES is enabled in driver and scanned network is
303 * compatible with it.
306 mwifiex_is_bss_adhoc_aes(struct mwifiex_private *priv,
307 struct mwifiex_bssdescriptor *bss_desc)
309 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
310 !priv->sec_info.wpa2_enabled &&
311 ((!bss_desc->bcn_wpa_ie) ||
312 ((*(bss_desc->bcn_wpa_ie)).
313 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
314 ((!bss_desc->bcn_rsn_ie) ||
315 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
316 !priv->sec_info.encryption_mode && bss_desc->privacy) {
323 * This function checks if dynamic WEP is enabled in driver and scanned network
324 * is compatible with it.
327 mwifiex_is_bss_dynamic_wep(struct mwifiex_private *priv,
328 struct mwifiex_bssdescriptor *bss_desc)
330 if (!priv->sec_info.wep_enabled && !priv->sec_info.wpa_enabled &&
331 !priv->sec_info.wpa2_enabled &&
332 ((!bss_desc->bcn_wpa_ie) ||
333 ((*(bss_desc->bcn_wpa_ie)).
334 vend_hdr.element_id != WLAN_EID_VENDOR_SPECIFIC)) &&
335 ((!bss_desc->bcn_rsn_ie) ||
336 ((*(bss_desc->bcn_rsn_ie)).ieee_hdr.element_id != WLAN_EID_RSN)) &&
337 priv->sec_info.encryption_mode && bss_desc->privacy) {
338 mwifiex_dbg(priv->adapter, INFO,
339 "info: %s: dynamic\t"
340 "WEP: wpa_ie=%#x wpa2_ie=%#x\t"
341 "EncMode=%#x privacy=%#x\n",
343 (bss_desc->bcn_wpa_ie) ?
344 (*bss_desc->bcn_wpa_ie).
345 vend_hdr.element_id : 0,
346 (bss_desc->bcn_rsn_ie) ?
347 (*bss_desc->bcn_rsn_ie).
348 ieee_hdr.element_id : 0,
349 priv->sec_info.encryption_mode,
357 * This function checks if a scanned network is compatible with the driver
360 * WEP WPA WPA2 ad-hoc encrypt Network
361 * enabled enabled enabled AES mode Privacy WPA WPA2 Compatible
362 * 0 0 0 0 NONE 0 0 0 yes No security
363 * 0 1 0 0 x 1x 1 x yes WPA (disable
365 * 0 0 1 0 x 1x x 1 yes WPA2 (disable
367 * 0 0 0 1 NONE 1 0 0 yes Ad-hoc AES
368 * 1 0 0 0 NONE 1 0 0 yes Static WEP
370 * 0 0 0 0 !=NONE 1 0 0 yes Dynamic WEP
372 * Compatibility is not matched while roaming, except for mode.
375 mwifiex_is_network_compatible(struct mwifiex_private *priv,
376 struct mwifiex_bssdescriptor *bss_desc, u32 mode)
378 struct mwifiex_adapter *adapter = priv->adapter;
380 bss_desc->disable_11n = false;
382 /* Don't check for compatibility if roaming */
383 if (priv->media_connected &&
384 (priv->bss_mode == NL80211_IFTYPE_STATION) &&
385 (bss_desc->bss_mode == NL80211_IFTYPE_STATION))
388 if (priv->wps.session_enable) {
389 mwifiex_dbg(adapter, IOCTL,
390 "info: return success directly in WPS period\n");
394 if (bss_desc->chan_sw_ie_present) {
395 mwifiex_dbg(adapter, INFO,
396 "Don't connect to AP with WLAN_EID_CHANNEL_SWITCH\n");
400 if (mwifiex_is_bss_wapi(priv, bss_desc)) {
401 mwifiex_dbg(adapter, INFO,
402 "info: return success for WAPI AP\n");
406 if (bss_desc->bss_mode == mode) {
407 if (mwifiex_is_bss_no_sec(priv, bss_desc)) {
410 } else if (mwifiex_is_bss_static_wep(priv, bss_desc)) {
411 /* Static WEP enabled */
412 mwifiex_dbg(adapter, INFO,
413 "info: Disable 11n in WEP mode.\n");
414 bss_desc->disable_11n = true;
416 } else if (mwifiex_is_bss_wpa(priv, bss_desc)) {
418 if (((priv->adapter->config_bands & BAND_GN ||
419 priv->adapter->config_bands & BAND_AN) &&
420 bss_desc->bcn_ht_cap) &&
421 !mwifiex_is_wpa_oui_present(bss_desc,
422 CIPHER_SUITE_CCMP)) {
424 if (mwifiex_is_wpa_oui_present
425 (bss_desc, CIPHER_SUITE_TKIP)) {
426 mwifiex_dbg(adapter, INFO,
427 "info: Disable 11n if AES\t"
428 "is not supported by AP\n");
429 bss_desc->disable_11n = true;
435 } else if (mwifiex_is_bss_wpa2(priv, bss_desc)) {
437 if (((priv->adapter->config_bands & BAND_GN ||
438 priv->adapter->config_bands & BAND_AN) &&
439 bss_desc->bcn_ht_cap) &&
440 !mwifiex_is_rsn_oui_present(bss_desc,
441 CIPHER_SUITE_CCMP)) {
443 if (mwifiex_is_rsn_oui_present
444 (bss_desc, CIPHER_SUITE_TKIP)) {
445 mwifiex_dbg(adapter, INFO,
446 "info: Disable 11n if AES\t"
447 "is not supported by AP\n");
448 bss_desc->disable_11n = true;
454 } else if (mwifiex_is_bss_adhoc_aes(priv, bss_desc)) {
455 /* Ad-hoc AES enabled */
457 } else if (mwifiex_is_bss_dynamic_wep(priv, bss_desc)) {
458 /* Dynamic WEP enabled */
462 /* Security doesn't match */
463 mwifiex_dbg(adapter, ERROR,
464 "info: %s: failed: wpa_ie=%#x wpa2_ie=%#x WEP=%s\t"
465 "WPA=%s WPA2=%s EncMode=%#x privacy=%#x\n",
467 (bss_desc->bcn_wpa_ie) ?
468 (*bss_desc->bcn_wpa_ie).vend_hdr.element_id : 0,
469 (bss_desc->bcn_rsn_ie) ?
470 (*bss_desc->bcn_rsn_ie).ieee_hdr.element_id : 0,
471 (priv->sec_info.wep_enabled) ? "e" : "d",
472 (priv->sec_info.wpa_enabled) ? "e" : "d",
473 (priv->sec_info.wpa2_enabled) ? "e" : "d",
474 priv->sec_info.encryption_mode, bss_desc->privacy);
478 /* Mode doesn't match */
483 * This function creates a channel list for the driver to scan, based
484 * on region/band information.
486 * This routine is used for any scan that is not provided with a
487 * specific channel list to scan.
490 mwifiex_scan_create_channel_list(struct mwifiex_private *priv,
491 const struct mwifiex_user_scan_cfg
493 struct mwifiex_chan_scan_param_set
497 enum ieee80211_band band;
498 struct ieee80211_supported_band *sband;
499 struct ieee80211_channel *ch;
500 struct mwifiex_adapter *adapter = priv->adapter;
503 for (band = 0; (band < IEEE80211_NUM_BANDS) ; band++) {
505 if (!priv->wdev.wiphy->bands[band])
508 sband = priv->wdev.wiphy->bands[band];
510 for (i = 0; (i < sband->n_channels) ; i++) {
511 ch = &sband->channels[i];
512 if (ch->flags & IEEE80211_CHAN_DISABLED)
514 scan_chan_list[chan_idx].radio_type = band;
517 user_scan_in->chan_list[0].scan_time)
518 scan_chan_list[chan_idx].max_scan_time =
519 cpu_to_le16((u16) user_scan_in->
520 chan_list[0].scan_time);
521 else if (ch->flags & IEEE80211_CHAN_NO_IR)
522 scan_chan_list[chan_idx].max_scan_time =
523 cpu_to_le16(adapter->passive_scan_time);
525 scan_chan_list[chan_idx].max_scan_time =
526 cpu_to_le16(adapter->active_scan_time);
528 if (ch->flags & IEEE80211_CHAN_NO_IR)
529 scan_chan_list[chan_idx].chan_scan_mode_bitmap
530 |= (MWIFIEX_PASSIVE_SCAN |
531 MWIFIEX_HIDDEN_SSID_REPORT);
533 scan_chan_list[chan_idx].chan_scan_mode_bitmap
534 &= ~MWIFIEX_PASSIVE_SCAN;
535 scan_chan_list[chan_idx].chan_number =
538 scan_chan_list[chan_idx].max_scan_time =
539 cpu_to_le16(adapter->specific_scan_time);
540 scan_chan_list[chan_idx].chan_scan_mode_bitmap
541 |= MWIFIEX_DISABLE_CHAN_FILT;
550 /* This function appends rate TLV to scan config command. */
552 mwifiex_append_rate_tlv(struct mwifiex_private *priv,
553 struct mwifiex_scan_cmd_config *scan_cfg_out,
556 struct mwifiex_ie_types_rates_param_set *rates_tlv;
557 u8 rates[MWIFIEX_SUPPORTED_RATES], *tlv_pos;
560 memset(rates, 0, sizeof(rates));
562 tlv_pos = (u8 *)scan_cfg_out->tlv_buf + scan_cfg_out->tlv_buf_len;
564 if (priv->scan_request)
565 rates_size = mwifiex_get_rates_from_cfg80211(priv, rates,
568 rates_size = mwifiex_get_supported_rates(priv, rates);
570 mwifiex_dbg(priv->adapter, CMD,
571 "info: SCAN_CMD: Rates size = %d\n",
573 rates_tlv = (struct mwifiex_ie_types_rates_param_set *)tlv_pos;
574 rates_tlv->header.type = cpu_to_le16(WLAN_EID_SUPP_RATES);
575 rates_tlv->header.len = cpu_to_le16((u16) rates_size);
576 memcpy(rates_tlv->rates, rates, rates_size);
577 scan_cfg_out->tlv_buf_len += sizeof(rates_tlv->header) + rates_size;
583 * This function constructs and sends multiple scan config commands to
586 * Previous routines in the code flow have created a scan command configuration
587 * with any requested TLVs. This function splits the channel TLV into maximum
588 * channels supported per scan lists and sends the portion of the channel TLV,
589 * along with the other TLVs, to the firmware.
592 mwifiex_scan_channel_list(struct mwifiex_private *priv,
593 u32 max_chan_per_scan, u8 filtered_scan,
594 struct mwifiex_scan_cmd_config *scan_cfg_out,
595 struct mwifiex_ie_types_chan_list_param_set
597 struct mwifiex_chan_scan_param_set *scan_chan_list)
599 struct mwifiex_adapter *adapter = priv->adapter;
601 struct mwifiex_chan_scan_param_set *tmp_chan_list;
602 struct mwifiex_chan_scan_param_set *start_chan;
603 struct cmd_ctrl_node *cmd_node, *tmp_node;
605 u32 tlv_idx, rates_size, cmd_no;
610 if (!scan_cfg_out || !chan_tlv_out || !scan_chan_list) {
611 mwifiex_dbg(priv->adapter, ERROR,
612 "info: Scan: Null detect: %p, %p, %p\n",
613 scan_cfg_out, chan_tlv_out, scan_chan_list);
617 /* Check csa channel expiry before preparing scan list */
618 mwifiex_11h_get_csa_closed_channel(priv);
620 chan_tlv_out->header.type = cpu_to_le16(TLV_TYPE_CHANLIST);
622 /* Set the temp channel struct pointer to the start of the desired
624 tmp_chan_list = scan_chan_list;
626 /* Loop through the desired channel list, sending a new firmware scan
627 commands for each max_chan_per_scan channels (or for 1,6,11
628 individually if configured accordingly) */
629 while (tmp_chan_list->chan_number) {
634 chan_tlv_out->header.len = 0;
635 start_chan = tmp_chan_list;
639 * Construct the Channel TLV for the scan command. Continue to
640 * insert channel TLVs until:
641 * - the tlv_idx hits the maximum configured per scan command
642 * - the next channel to insert is 0 (end of desired channel
644 * - done_early is set (controlling individual scanning of
647 while (tlv_idx < max_chan_per_scan &&
648 tmp_chan_list->chan_number && !done_early) {
650 if (tmp_chan_list->chan_number == priv->csa_chan) {
655 radio_type = tmp_chan_list->radio_type;
656 mwifiex_dbg(priv->adapter, INFO,
657 "info: Scan: Chan(%3d), Radio(%d),\t"
658 "Mode(%d, %d), Dur(%d)\n",
659 tmp_chan_list->chan_number,
660 tmp_chan_list->radio_type,
661 tmp_chan_list->chan_scan_mode_bitmap
662 & MWIFIEX_PASSIVE_SCAN,
663 (tmp_chan_list->chan_scan_mode_bitmap
664 & MWIFIEX_DISABLE_CHAN_FILT) >> 1,
665 le16_to_cpu(tmp_chan_list->max_scan_time));
667 /* Copy the current channel TLV to the command being
669 memcpy(chan_tlv_out->chan_scan_param + tlv_idx,
671 sizeof(chan_tlv_out->chan_scan_param));
673 /* Increment the TLV header length by the size
675 le16_add_cpu(&chan_tlv_out->header.len,
676 sizeof(chan_tlv_out->chan_scan_param));
679 * The tlv buffer length is set to the number of bytes
680 * of the between the channel tlv pointer and the start
681 * of the tlv buffer. This compensates for any TLVs
682 * that were appended before the channel list.
684 scan_cfg_out->tlv_buf_len = (u32) ((u8 *) chan_tlv_out -
685 scan_cfg_out->tlv_buf);
687 /* Add the size of the channel tlv header and the data
689 scan_cfg_out->tlv_buf_len +=
690 (sizeof(chan_tlv_out->header)
691 + le16_to_cpu(chan_tlv_out->header.len));
693 /* Increment the index to the channel tlv we are
697 /* Count the total scan time per command */
699 le16_to_cpu(tmp_chan_list->max_scan_time);
703 /* Stop the loop if the *current* channel is in the
704 1,6,11 set and we are not filtering on a BSSID
706 if (!filtered_scan &&
707 (tmp_chan_list->chan_number == 1 ||
708 tmp_chan_list->chan_number == 6 ||
709 tmp_chan_list->chan_number == 11))
712 /* Increment the tmp pointer to the next channel to
716 /* Stop the loop if the *next* channel is in the 1,6,11
717 set. This will cause it to be the only channel
718 scanned on the next interation */
719 if (!filtered_scan &&
720 (tmp_chan_list->chan_number == 1 ||
721 tmp_chan_list->chan_number == 6 ||
722 tmp_chan_list->chan_number == 11))
726 /* The total scan time should be less than scan command timeout
728 if (total_scan_time > MWIFIEX_MAX_TOTAL_SCAN_TIME) {
729 mwifiex_dbg(priv->adapter, ERROR,
730 "total scan time %dms\t"
731 "is over limit (%dms), scan skipped\n",
733 MWIFIEX_MAX_TOTAL_SCAN_TIME);
738 rates_size = mwifiex_append_rate_tlv(priv, scan_cfg_out,
741 priv->adapter->scan_channels = start_chan;
743 /* Send the scan command to the firmware with the specified
745 if (priv->adapter->ext_scan)
746 cmd_no = HostCmd_CMD_802_11_SCAN_EXT;
748 cmd_no = HostCmd_CMD_802_11_SCAN;
750 ret = mwifiex_send_cmd(priv, cmd_no, HostCmd_ACT_GEN_SET,
751 0, scan_cfg_out, false);
753 /* rate IE is updated per scan command but same starting
754 * pointer is used each time so that rate IE from earlier
755 * scan_cfg_out->buf is overwritten with new one.
757 scan_cfg_out->tlv_buf_len -=
758 sizeof(struct mwifiex_ie_types_header) + rates_size;
761 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
762 list_for_each_entry_safe(cmd_node, tmp_node,
763 &adapter->scan_pending_q,
765 list_del(&cmd_node->list);
766 cmd_node->wait_q_enabled = false;
767 mwifiex_insert_cmd_to_free_q(adapter, cmd_node);
769 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
782 * This function constructs a scan command configuration structure to use
785 * Application layer or other functions can invoke network scanning
786 * with a scan configuration supplied in a user scan configuration structure.
787 * This structure is used as the basis of one or many scan command configuration
788 * commands that are sent to the command processing module and eventually to the
791 * This function creates a scan command configuration structure based on the
792 * following user supplied parameters (if present):
795 * - Number of Probes to be sent
798 * If the SSID or BSSID filter is not present, the filter is disabled/cleared.
799 * If the number of probes is not set, adapter default setting is used.
802 mwifiex_config_scan(struct mwifiex_private *priv,
803 const struct mwifiex_user_scan_cfg *user_scan_in,
804 struct mwifiex_scan_cmd_config *scan_cfg_out,
805 struct mwifiex_ie_types_chan_list_param_set **chan_list_out,
806 struct mwifiex_chan_scan_param_set *scan_chan_list,
807 u8 *max_chan_per_scan, u8 *filtered_scan,
808 u8 *scan_current_only)
810 struct mwifiex_adapter *adapter = priv->adapter;
811 struct mwifiex_ie_types_num_probes *num_probes_tlv;
812 struct mwifiex_ie_types_scan_chan_gap *chan_gap_tlv;
813 struct mwifiex_ie_types_wildcard_ssid_params *wildcard_ssid_tlv;
814 struct mwifiex_ie_types_bssid_list *bssid_tlv;
826 struct mwifiex_ie_types_htcap *ht_cap;
827 struct mwifiex_ie_types_bss_mode *bss_mode;
829 /* The tlv_buf_len is calculated for each scan command. The TLVs added
830 in this routine will be preserved since the routine that sends the
831 command will append channelTLVs at *chan_list_out. The difference
832 between the *chan_list_out and the tlv_buf start will be used to
833 calculate the size of anything we add in this routine. */
834 scan_cfg_out->tlv_buf_len = 0;
836 /* Running tlv pointer. Assigned to chan_list_out at end of function
837 so later routines know where channels can be added to the command
839 tlv_pos = scan_cfg_out->tlv_buf;
841 /* Initialize the scan as un-filtered; the flag is later set to TRUE
842 below if a SSID or BSSID filter is sent in the command */
843 *filtered_scan = false;
845 /* Initialize the scan as not being only on the current channel. If
846 the channel list is customized, only contains one channel, and is
847 the active channel, this is set true and data flow is not halted. */
848 *scan_current_only = false;
852 /* Default the ssid_filter flag to TRUE, set false under
853 certain wildcard conditions and qualified by the existence
854 of an SSID list before marking the scan as filtered */
857 /* Set the BSS type scan filter, use Adapter setting if
859 scan_cfg_out->bss_mode =
860 (user_scan_in->bss_mode ? (u8) user_scan_in->
861 bss_mode : (u8) adapter->scan_mode);
863 /* Set the number of probes to send, use Adapter setting
866 (user_scan_in->num_probes ? user_scan_in->
867 num_probes : adapter->scan_probes);
870 * Set the BSSID filter to the incoming configuration,
871 * if non-zero. If not set, it will remain disabled
874 memcpy(scan_cfg_out->specific_bssid,
875 user_scan_in->specific_bssid,
876 sizeof(scan_cfg_out->specific_bssid));
878 if (adapter->ext_scan &&
879 !is_zero_ether_addr(scan_cfg_out->specific_bssid)) {
881 (struct mwifiex_ie_types_bssid_list *)tlv_pos;
882 bssid_tlv->header.type = cpu_to_le16(TLV_TYPE_BSSID);
883 bssid_tlv->header.len = cpu_to_le16(ETH_ALEN);
884 memcpy(bssid_tlv->bssid, user_scan_in->specific_bssid,
886 tlv_pos += sizeof(struct mwifiex_ie_types_bssid_list);
889 for (i = 0; i < user_scan_in->num_ssids; i++) {
890 ssid_len = user_scan_in->ssid_list[i].ssid_len;
893 (struct mwifiex_ie_types_wildcard_ssid_params *)
895 wildcard_ssid_tlv->header.type =
896 cpu_to_le16(TLV_TYPE_WILDCARDSSID);
897 wildcard_ssid_tlv->header.len = cpu_to_le16(
898 (u16) (ssid_len + sizeof(wildcard_ssid_tlv->
902 * max_ssid_length = 0 tells firmware to perform
903 * specific scan for the SSID filled, whereas
904 * max_ssid_length = IEEE80211_MAX_SSID_LEN is for
908 wildcard_ssid_tlv->max_ssid_length = 0;
910 wildcard_ssid_tlv->max_ssid_length =
911 IEEE80211_MAX_SSID_LEN;
913 if (!memcmp(user_scan_in->ssid_list[i].ssid,
915 wildcard_ssid_tlv->max_ssid_length = 0xfe;
917 memcpy(wildcard_ssid_tlv->ssid,
918 user_scan_in->ssid_list[i].ssid, ssid_len);
920 tlv_pos += (sizeof(wildcard_ssid_tlv->header)
921 + le16_to_cpu(wildcard_ssid_tlv->header.len));
923 mwifiex_dbg(adapter, INFO,
924 "info: scan: ssid[%d]: %s, %d\n",
925 i, wildcard_ssid_tlv->ssid,
926 wildcard_ssid_tlv->max_ssid_length);
928 /* Empty wildcard ssid with a maxlen will match many or
929 potentially all SSIDs (maxlen == 32), therefore do
930 not treat the scan as
932 if (!ssid_len && wildcard_ssid_tlv->max_ssid_length)
937 * The default number of channels sent in the command is low to
938 * ensure the response buffer from the firmware does not
939 * truncate scan results. That is not an issue with an SSID
940 * or BSSID filter applied to the scan results in the firmware.
942 if ((i && ssid_filter) ||
943 !is_zero_ether_addr(scan_cfg_out->specific_bssid))
944 *filtered_scan = true;
946 if (user_scan_in->scan_chan_gap) {
947 mwifiex_dbg(adapter, INFO,
948 "info: scan: channel gap = %d\n",
949 user_scan_in->scan_chan_gap);
951 MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
953 chan_gap_tlv = (void *)tlv_pos;
954 chan_gap_tlv->header.type =
955 cpu_to_le16(TLV_TYPE_SCAN_CHANNEL_GAP);
956 chan_gap_tlv->header.len =
957 cpu_to_le16(sizeof(chan_gap_tlv->chan_gap));
958 chan_gap_tlv->chan_gap =
959 cpu_to_le16((user_scan_in->scan_chan_gap));
961 sizeof(struct mwifiex_ie_types_scan_chan_gap);
964 scan_cfg_out->bss_mode = (u8) adapter->scan_mode;
965 num_probes = adapter->scan_probes;
969 * If a specific BSSID or SSID is used, the number of channels in the
970 * scan command will be increased to the absolute maximum.
973 *max_chan_per_scan = MWIFIEX_MAX_CHANNELS_PER_SPECIFIC_SCAN;
975 *max_chan_per_scan = MWIFIEX_DEF_CHANNELS_PER_SCAN_CMD;
977 if (adapter->ext_scan) {
978 bss_mode = (struct mwifiex_ie_types_bss_mode *)tlv_pos;
979 bss_mode->header.type = cpu_to_le16(TLV_TYPE_BSS_MODE);
980 bss_mode->header.len = cpu_to_le16(sizeof(bss_mode->bss_mode));
981 bss_mode->bss_mode = scan_cfg_out->bss_mode;
982 tlv_pos += sizeof(bss_mode->header) +
983 le16_to_cpu(bss_mode->header.len);
986 /* If the input config or adapter has the number of Probes set,
990 mwifiex_dbg(adapter, INFO,
991 "info: scan: num_probes = %d\n",
994 num_probes_tlv = (struct mwifiex_ie_types_num_probes *) tlv_pos;
995 num_probes_tlv->header.type = cpu_to_le16(TLV_TYPE_NUMPROBES);
996 num_probes_tlv->header.len =
997 cpu_to_le16(sizeof(num_probes_tlv->num_probes));
998 num_probes_tlv->num_probes = cpu_to_le16((u16) num_probes);
1000 tlv_pos += sizeof(num_probes_tlv->header) +
1001 le16_to_cpu(num_probes_tlv->header.len);
1005 if (ISSUPP_11NENABLED(priv->adapter->fw_cap_info) &&
1006 (priv->adapter->config_bands & BAND_GN ||
1007 priv->adapter->config_bands & BAND_AN)) {
1008 ht_cap = (struct mwifiex_ie_types_htcap *) tlv_pos;
1009 memset(ht_cap, 0, sizeof(struct mwifiex_ie_types_htcap));
1010 ht_cap->header.type = cpu_to_le16(WLAN_EID_HT_CAPABILITY);
1011 ht_cap->header.len =
1012 cpu_to_le16(sizeof(struct ieee80211_ht_cap));
1014 mwifiex_band_to_radio_type(priv->adapter->config_bands);
1015 mwifiex_fill_cap_info(priv, radio_type, &ht_cap->ht_cap);
1016 tlv_pos += sizeof(struct mwifiex_ie_types_htcap);
1019 /* Append vendor specific IE TLV */
1020 mwifiex_cmd_append_vsie_tlv(priv, MWIFIEX_VSIE_MASK_SCAN, &tlv_pos);
1023 * Set the output for the channel TLV to the address in the tlv buffer
1024 * past any TLVs that were added in this function (SSID, num_probes).
1025 * Channel TLVs will be added past this for each scan command,
1026 * preserving the TLVs that were previously added.
1029 (struct mwifiex_ie_types_chan_list_param_set *) tlv_pos;
1031 if (user_scan_in && user_scan_in->chan_list[0].chan_number) {
1033 mwifiex_dbg(adapter, INFO,
1034 "info: Scan: Using supplied channel list\n");
1037 chan_idx < MWIFIEX_USER_SCAN_CHAN_MAX &&
1038 user_scan_in->chan_list[chan_idx].chan_number;
1041 channel = user_scan_in->chan_list[chan_idx].chan_number;
1042 (scan_chan_list + chan_idx)->chan_number = channel;
1045 user_scan_in->chan_list[chan_idx].radio_type;
1046 (scan_chan_list + chan_idx)->radio_type = radio_type;
1048 scan_type = user_scan_in->chan_list[chan_idx].scan_type;
1050 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
1052 chan_idx)->chan_scan_mode_bitmap
1053 |= (MWIFIEX_PASSIVE_SCAN |
1054 MWIFIEX_HIDDEN_SSID_REPORT);
1057 chan_idx)->chan_scan_mode_bitmap
1058 &= ~MWIFIEX_PASSIVE_SCAN;
1062 chan_idx)->chan_scan_mode_bitmap
1063 |= MWIFIEX_DISABLE_CHAN_FILT;
1065 if (user_scan_in->chan_list[chan_idx].scan_time) {
1066 scan_dur = (u16) user_scan_in->
1067 chan_list[chan_idx].scan_time;
1069 if (scan_type == MWIFIEX_SCAN_TYPE_PASSIVE)
1070 scan_dur = adapter->passive_scan_time;
1071 else if (*filtered_scan)
1072 scan_dur = adapter->specific_scan_time;
1074 scan_dur = adapter->active_scan_time;
1077 (scan_chan_list + chan_idx)->min_scan_time =
1078 cpu_to_le16(scan_dur);
1079 (scan_chan_list + chan_idx)->max_scan_time =
1080 cpu_to_le16(scan_dur);
1083 /* Check if we are only scanning the current channel */
1084 if ((chan_idx == 1) &&
1085 (user_scan_in->chan_list[0].chan_number ==
1086 priv->curr_bss_params.bss_descriptor.channel)) {
1087 *scan_current_only = true;
1088 mwifiex_dbg(adapter, INFO,
1089 "info: Scan: Scanning current channel only\n");
1091 chan_num = chan_idx;
1093 mwifiex_dbg(adapter, INFO,
1094 "info: Scan: Creating full region channel list\n");
1095 chan_num = mwifiex_scan_create_channel_list(priv, user_scan_in,
1103 * This function inspects the scan response buffer for pointers to
1106 * TLVs can be included at the end of the scan response BSS information.
1108 * Data in the buffer is parsed pointers to TLVs that can potentially
1109 * be passed back in the response.
1112 mwifiex_ret_802_11_scan_get_tlv_ptrs(struct mwifiex_adapter *adapter,
1113 struct mwifiex_ie_types_data *tlv,
1114 u32 tlv_buf_size, u32 req_tlv_type,
1115 struct mwifiex_ie_types_data **tlv_data)
1117 struct mwifiex_ie_types_data *current_tlv;
1123 tlv_buf_left = tlv_buf_size;
1126 mwifiex_dbg(adapter, INFO,
1127 "info: SCAN_RESP: tlv_buf_size = %d\n",
1130 while (tlv_buf_left >= sizeof(struct mwifiex_ie_types_header)) {
1132 tlv_type = le16_to_cpu(current_tlv->header.type);
1133 tlv_len = le16_to_cpu(current_tlv->header.len);
1135 if (sizeof(tlv->header) + tlv_len > tlv_buf_left) {
1136 mwifiex_dbg(adapter, ERROR,
1137 "SCAN_RESP: TLV buffer corrupt\n");
1141 if (req_tlv_type == tlv_type) {
1143 case TLV_TYPE_TSFTIMESTAMP:
1144 mwifiex_dbg(adapter, INFO,
1145 "info: SCAN_RESP: TSF\t"
1146 "timestamp TLV, len = %d\n",
1148 *tlv_data = current_tlv;
1150 case TLV_TYPE_CHANNELBANDLIST:
1151 mwifiex_dbg(adapter, INFO,
1152 "info: SCAN_RESP: channel\t"
1153 "band list TLV, len = %d\n",
1155 *tlv_data = current_tlv;
1158 mwifiex_dbg(adapter, ERROR,
1159 "SCAN_RESP: unhandled TLV = %d\n",
1161 /* Give up, this seems corrupted */
1170 tlv_buf_left -= (sizeof(tlv->header) + tlv_len);
1172 (struct mwifiex_ie_types_data *) (current_tlv->data +
1179 * This function parses provided beacon buffer and updates
1180 * respective fields in bss descriptor structure.
1182 int mwifiex_update_bss_desc_with_ie(struct mwifiex_adapter *adapter,
1183 struct mwifiex_bssdescriptor *bss_entry)
1187 struct ieee_types_fh_param_set *fh_param_set;
1188 struct ieee_types_ds_param_set *ds_param_set;
1189 struct ieee_types_cf_param_set *cf_param_set;
1190 struct ieee_types_ibss_param_set *ibss_param_set;
1197 u8 found_data_rate_ie;
1199 struct ieee_types_vendor_specific *vendor_ie;
1200 const u8 wpa_oui[4] = { 0x00, 0x50, 0xf2, 0x01 };
1201 const u8 wmm_oui[4] = { 0x00, 0x50, 0xf2, 0x02 };
1203 found_data_rate_ie = false;
1205 current_ptr = bss_entry->beacon_buf;
1206 bytes_left = bss_entry->beacon_buf_size;
1208 /* Process variable IE */
1209 while (bytes_left >= 2) {
1210 element_id = *current_ptr;
1211 element_len = *(current_ptr + 1);
1212 total_ie_len = element_len + sizeof(struct ieee_types_header);
1214 if (bytes_left < total_ie_len) {
1215 mwifiex_dbg(adapter, ERROR,
1216 "err: InterpretIE: in processing\t"
1217 "IE, bytes left < IE length\n");
1220 switch (element_id) {
1222 bss_entry->ssid.ssid_len = element_len;
1223 memcpy(bss_entry->ssid.ssid, (current_ptr + 2),
1225 mwifiex_dbg(adapter, INFO,
1226 "info: InterpretIE: ssid: %-32s\n",
1227 bss_entry->ssid.ssid);
1230 case WLAN_EID_SUPP_RATES:
1231 memcpy(bss_entry->data_rates, current_ptr + 2,
1233 memcpy(bss_entry->supported_rates, current_ptr + 2,
1235 rate_size = element_len;
1236 found_data_rate_ie = true;
1239 case WLAN_EID_FH_PARAMS:
1241 (struct ieee_types_fh_param_set *) current_ptr;
1242 memcpy(&bss_entry->phy_param_set.fh_param_set,
1244 sizeof(struct ieee_types_fh_param_set));
1247 case WLAN_EID_DS_PARAMS:
1249 (struct ieee_types_ds_param_set *) current_ptr;
1251 bss_entry->channel = ds_param_set->current_chan;
1253 memcpy(&bss_entry->phy_param_set.ds_param_set,
1255 sizeof(struct ieee_types_ds_param_set));
1258 case WLAN_EID_CF_PARAMS:
1260 (struct ieee_types_cf_param_set *) current_ptr;
1261 memcpy(&bss_entry->ss_param_set.cf_param_set,
1263 sizeof(struct ieee_types_cf_param_set));
1266 case WLAN_EID_IBSS_PARAMS:
1268 (struct ieee_types_ibss_param_set *)
1270 memcpy(&bss_entry->ss_param_set.ibss_param_set,
1272 sizeof(struct ieee_types_ibss_param_set));
1275 case WLAN_EID_ERP_INFO:
1276 bss_entry->erp_flags = *(current_ptr + 2);
1279 case WLAN_EID_PWR_CONSTRAINT:
1280 bss_entry->local_constraint = *(current_ptr + 2);
1281 bss_entry->sensed_11h = true;
1284 case WLAN_EID_CHANNEL_SWITCH:
1285 bss_entry->chan_sw_ie_present = true;
1286 case WLAN_EID_PWR_CAPABILITY:
1287 case WLAN_EID_TPC_REPORT:
1288 case WLAN_EID_QUIET:
1289 bss_entry->sensed_11h = true;
1292 case WLAN_EID_EXT_SUPP_RATES:
1294 * Only process extended supported rate
1295 * if data rate is already found.
1296 * Data rate IE should come before
1297 * extended supported rate IE
1299 if (found_data_rate_ie) {
1300 if ((element_len + rate_size) >
1301 MWIFIEX_SUPPORTED_RATES)
1303 (MWIFIEX_SUPPORTED_RATES -
1306 bytes_to_copy = element_len;
1308 rate = (u8 *) bss_entry->data_rates;
1310 memcpy(rate, current_ptr + 2, bytes_to_copy);
1312 rate = (u8 *) bss_entry->supported_rates;
1314 memcpy(rate, current_ptr + 2, bytes_to_copy);
1318 case WLAN_EID_VENDOR_SPECIFIC:
1319 vendor_ie = (struct ieee_types_vendor_specific *)
1323 (vendor_ie->vend_hdr.oui, wpa_oui,
1325 bss_entry->bcn_wpa_ie =
1326 (struct ieee_types_vendor_specific *)
1328 bss_entry->wpa_offset = (u16)
1329 (current_ptr - bss_entry->beacon_buf);
1330 } else if (!memcmp(vendor_ie->vend_hdr.oui, wmm_oui,
1333 sizeof(struct ieee_types_wmm_parameter) ||
1335 sizeof(struct ieee_types_wmm_info))
1337 * Only accept and copy the WMM IE if
1338 * it matches the size expected for the
1339 * WMM Info IE or the WMM Parameter IE.
1341 memcpy((u8 *) &bss_entry->wmm_ie,
1342 current_ptr, total_ie_len);
1346 bss_entry->bcn_rsn_ie =
1347 (struct ieee_types_generic *) current_ptr;
1348 bss_entry->rsn_offset = (u16) (current_ptr -
1349 bss_entry->beacon_buf);
1351 case WLAN_EID_BSS_AC_ACCESS_DELAY:
1352 bss_entry->bcn_wapi_ie =
1353 (struct ieee_types_generic *) current_ptr;
1354 bss_entry->wapi_offset = (u16) (current_ptr -
1355 bss_entry->beacon_buf);
1357 case WLAN_EID_HT_CAPABILITY:
1358 bss_entry->bcn_ht_cap = (struct ieee80211_ht_cap *)
1360 sizeof(struct ieee_types_header));
1361 bss_entry->ht_cap_offset = (u16) (current_ptr +
1362 sizeof(struct ieee_types_header) -
1363 bss_entry->beacon_buf);
1365 case WLAN_EID_HT_OPERATION:
1366 bss_entry->bcn_ht_oper =
1367 (struct ieee80211_ht_operation *)(current_ptr +
1368 sizeof(struct ieee_types_header));
1369 bss_entry->ht_info_offset = (u16) (current_ptr +
1370 sizeof(struct ieee_types_header) -
1371 bss_entry->beacon_buf);
1373 case WLAN_EID_VHT_CAPABILITY:
1374 bss_entry->disable_11ac = false;
1375 bss_entry->bcn_vht_cap =
1376 (void *)(current_ptr +
1377 sizeof(struct ieee_types_header));
1378 bss_entry->vht_cap_offset =
1379 (u16)((u8 *)bss_entry->bcn_vht_cap -
1380 bss_entry->beacon_buf);
1382 case WLAN_EID_VHT_OPERATION:
1383 bss_entry->bcn_vht_oper =
1384 (void *)(current_ptr +
1385 sizeof(struct ieee_types_header));
1386 bss_entry->vht_info_offset =
1387 (u16)((u8 *)bss_entry->bcn_vht_oper -
1388 bss_entry->beacon_buf);
1390 case WLAN_EID_BSS_COEX_2040:
1391 bss_entry->bcn_bss_co_2040 = current_ptr;
1392 bss_entry->bss_co_2040_offset =
1393 (u16) (current_ptr - bss_entry->beacon_buf);
1395 case WLAN_EID_EXT_CAPABILITY:
1396 bss_entry->bcn_ext_cap = current_ptr;
1397 bss_entry->ext_cap_offset =
1398 (u16) (current_ptr - bss_entry->beacon_buf);
1400 case WLAN_EID_OPMODE_NOTIF:
1401 bss_entry->oper_mode = (void *)current_ptr;
1402 bss_entry->oper_mode_offset =
1403 (u16)((u8 *)bss_entry->oper_mode -
1404 bss_entry->beacon_buf);
1410 current_ptr += element_len + 2;
1412 /* Need to account for IE ID and IE Len */
1413 bytes_left -= (element_len + 2);
1415 } /* while (bytes_left > 2) */
1420 * This function converts radio type scan parameter to a band configuration
1421 * to be used in join command.
1424 mwifiex_radio_type_to_band(u8 radio_type)
1426 switch (radio_type) {
1427 case HostCmd_SCAN_RADIO_TYPE_A:
1429 case HostCmd_SCAN_RADIO_TYPE_BG:
1436 * This is an internal function used to start a scan based on an input
1439 * This uses the input user scan configuration information when provided in
1440 * order to send the appropriate scan commands to firmware to populate or
1441 * update the internal driver scan table.
1443 int mwifiex_scan_networks(struct mwifiex_private *priv,
1444 const struct mwifiex_user_scan_cfg *user_scan_in)
1447 struct mwifiex_adapter *adapter = priv->adapter;
1448 struct cmd_ctrl_node *cmd_node;
1449 union mwifiex_scan_cmd_config_tlv *scan_cfg_out;
1450 struct mwifiex_ie_types_chan_list_param_set *chan_list_out;
1451 struct mwifiex_chan_scan_param_set *scan_chan_list;
1453 u8 scan_current_chan_only;
1454 u8 max_chan_per_scan;
1455 unsigned long flags;
1457 if (adapter->scan_processing) {
1458 mwifiex_dbg(adapter, WARN,
1459 "cmd: Scan already in process...\n");
1463 if (priv->scan_block) {
1464 mwifiex_dbg(adapter, WARN,
1465 "cmd: Scan is blocked during association...\n");
1469 if (adapter->surprise_removed || adapter->is_cmd_timedout) {
1470 mwifiex_dbg(adapter, ERROR,
1471 "Ignore scan. Card removed or firmware in bad state\n");
1475 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1476 adapter->scan_processing = true;
1477 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1479 scan_cfg_out = kzalloc(sizeof(union mwifiex_scan_cmd_config_tlv),
1481 if (!scan_cfg_out) {
1486 scan_chan_list = kcalloc(MWIFIEX_USER_SCAN_CHAN_MAX,
1487 sizeof(struct mwifiex_chan_scan_param_set),
1489 if (!scan_chan_list) {
1490 kfree(scan_cfg_out);
1495 mwifiex_config_scan(priv, user_scan_in, &scan_cfg_out->config,
1496 &chan_list_out, scan_chan_list, &max_chan_per_scan,
1497 &filtered_scan, &scan_current_chan_only);
1499 ret = mwifiex_scan_channel_list(priv, max_chan_per_scan, filtered_scan,
1500 &scan_cfg_out->config, chan_list_out,
1503 /* Get scan command from scan_pending_q and put to cmd_pending_q */
1505 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1506 if (!list_empty(&adapter->scan_pending_q)) {
1507 cmd_node = list_first_entry(&adapter->scan_pending_q,
1508 struct cmd_ctrl_node, list);
1509 list_del(&cmd_node->list);
1510 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1512 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node,
1514 queue_work(adapter->workqueue, &adapter->main_work);
1516 /* Perform internal scan synchronously */
1517 if (!priv->scan_request) {
1518 mwifiex_dbg(adapter, INFO,
1519 "wait internal scan\n");
1520 mwifiex_wait_queue_complete(adapter, cmd_node);
1523 spin_unlock_irqrestore(&adapter->scan_pending_q_lock,
1528 kfree(scan_cfg_out);
1529 kfree(scan_chan_list);
1532 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1533 adapter->scan_processing = false;
1534 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1540 * This function prepares a scan command to be sent to the firmware.
1542 * This uses the scan command configuration sent to the command processing
1543 * module in command preparation stage to configure a scan command structure
1544 * to send to firmware.
1546 * The fixed fields specifying the BSS type and BSSID filters as well as a
1547 * variable number/length of TLVs are sent in the command to firmware.
1549 * Preparation also includes -
1550 * - Setting command ID, and proper size
1551 * - Ensuring correct endian-ness
1553 int mwifiex_cmd_802_11_scan(struct host_cmd_ds_command *cmd,
1554 struct mwifiex_scan_cmd_config *scan_cfg)
1556 struct host_cmd_ds_802_11_scan *scan_cmd = &cmd->params.scan;
1558 /* Set fixed field variables in scan command */
1559 scan_cmd->bss_mode = scan_cfg->bss_mode;
1560 memcpy(scan_cmd->bssid, scan_cfg->specific_bssid,
1561 sizeof(scan_cmd->bssid));
1562 memcpy(scan_cmd->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
1564 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN);
1566 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
1567 cmd->size = cpu_to_le16((u16) (sizeof(scan_cmd->bss_mode)
1568 + sizeof(scan_cmd->bssid)
1569 + scan_cfg->tlv_buf_len + S_DS_GEN));
1575 * This function checks compatibility of requested network with current
1578 int mwifiex_check_network_compatibility(struct mwifiex_private *priv,
1579 struct mwifiex_bssdescriptor *bss_desc)
1586 if ((mwifiex_get_cfp(priv, (u8) bss_desc->bss_band,
1587 (u16) bss_desc->channel, 0))) {
1588 switch (priv->bss_mode) {
1589 case NL80211_IFTYPE_STATION:
1590 case NL80211_IFTYPE_ADHOC:
1591 ret = mwifiex_is_network_compatible(priv, bss_desc,
1594 mwifiex_dbg(priv->adapter, ERROR,
1595 "Incompatible network settings\n");
1605 /* This function checks if SSID string contains all zeroes or length is zero */
1606 static bool mwifiex_is_hidden_ssid(struct cfg80211_ssid *ssid)
1610 for (idx = 0; idx < ssid->ssid_len; idx++) {
1611 if (ssid->ssid[idx])
1618 /* This function checks if any hidden SSID found in passive scan channels
1619 * and save those channels for specific SSID active scan
1621 static int mwifiex_save_hidden_ssid_channels(struct mwifiex_private *priv,
1622 struct cfg80211_bss *bss)
1624 struct mwifiex_bssdescriptor *bss_desc;
1628 /* Allocate and fill new bss descriptor */
1629 bss_desc = kzalloc(sizeof(*bss_desc), GFP_KERNEL);
1633 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1637 if (mwifiex_is_hidden_ssid(&bss_desc->ssid)) {
1638 mwifiex_dbg(priv->adapter, INFO, "found hidden SSID\n");
1639 for (chid = 0 ; chid < MWIFIEX_USER_SCAN_CHAN_MAX; chid++) {
1640 if (priv->hidden_chan[chid].chan_number ==
1641 bss->channel->hw_value)
1644 if (!priv->hidden_chan[chid].chan_number) {
1645 priv->hidden_chan[chid].chan_number =
1646 bss->channel->hw_value;
1647 priv->hidden_chan[chid].radio_type =
1649 priv->hidden_chan[chid].scan_type =
1650 MWIFIEX_SCAN_TYPE_ACTIVE;
1661 static int mwifiex_update_curr_bss_params(struct mwifiex_private *priv,
1662 struct cfg80211_bss *bss)
1664 struct mwifiex_bssdescriptor *bss_desc;
1666 unsigned long flags;
1668 /* Allocate and fill new bss descriptor */
1669 bss_desc = kzalloc(sizeof(struct mwifiex_bssdescriptor), GFP_KERNEL);
1673 ret = mwifiex_fill_new_bss_desc(priv, bss, bss_desc);
1677 ret = mwifiex_check_network_compatibility(priv, bss_desc);
1681 spin_lock_irqsave(&priv->curr_bcn_buf_lock, flags);
1682 /* Make a copy of current BSSID descriptor */
1683 memcpy(&priv->curr_bss_params.bss_descriptor, bss_desc,
1684 sizeof(priv->curr_bss_params.bss_descriptor));
1686 /* The contents of beacon_ie will be copied to its own buffer
1687 * in mwifiex_save_curr_bcn()
1689 mwifiex_save_curr_bcn(priv);
1690 spin_unlock_irqrestore(&priv->curr_bcn_buf_lock, flags);
1693 /* beacon_ie buffer was allocated in function
1694 * mwifiex_fill_new_bss_desc(). Free it now.
1696 kfree(bss_desc->beacon_buf);
1702 mwifiex_parse_single_response_buf(struct mwifiex_private *priv, u8 **bss_info,
1703 u32 *bytes_left, u64 fw_tsf, u8 *radio_type,
1704 bool ext_scan, s32 rssi_val)
1706 struct mwifiex_adapter *adapter = priv->adapter;
1707 struct mwifiex_chan_freq_power *cfp;
1708 struct cfg80211_bss *bss;
1714 u16 beacon_size = 0;
1718 u16 cap_info_bitmap;
1721 struct mwifiex_fixed_bcn_param *bcn_param;
1722 struct mwifiex_bss_priv *bss_priv;
1724 if (*bytes_left >= sizeof(beacon_size)) {
1725 /* Extract & convert beacon size from command buffer */
1726 beacon_size = le16_to_cpu(*(__le16 *)(*bss_info));
1727 *bytes_left -= sizeof(beacon_size);
1728 *bss_info += sizeof(beacon_size);
1731 if (!beacon_size || beacon_size > *bytes_left) {
1732 *bss_info += *bytes_left;
1737 /* Initialize the current working beacon pointer for this BSS
1740 current_ptr = *bss_info;
1742 /* Advance the return beacon pointer past the current beacon */
1743 *bss_info += beacon_size;
1744 *bytes_left -= beacon_size;
1746 curr_bcn_bytes = beacon_size;
1748 /* First 5 fields are bssid, RSSI(for legacy scan only),
1749 * time stamp, beacon interval, and capability information
1751 if (curr_bcn_bytes < ETH_ALEN + sizeof(u8) +
1752 sizeof(struct mwifiex_fixed_bcn_param)) {
1753 mwifiex_dbg(adapter, ERROR,
1754 "InterpretIE: not enough bytes left\n");
1758 memcpy(bssid, current_ptr, ETH_ALEN);
1759 current_ptr += ETH_ALEN;
1760 curr_bcn_bytes -= ETH_ALEN;
1763 rssi = (s32) *current_ptr;
1764 rssi = (-rssi) * 100; /* Convert dBm to mBm */
1765 current_ptr += sizeof(u8);
1766 curr_bcn_bytes -= sizeof(u8);
1767 mwifiex_dbg(adapter, INFO,
1768 "info: InterpretIE: RSSI=%d\n", rssi);
1773 bcn_param = (struct mwifiex_fixed_bcn_param *)current_ptr;
1774 current_ptr += sizeof(*bcn_param);
1775 curr_bcn_bytes -= sizeof(*bcn_param);
1777 timestamp = le64_to_cpu(bcn_param->timestamp);
1778 beacon_period = le16_to_cpu(bcn_param->beacon_period);
1780 cap_info_bitmap = le16_to_cpu(bcn_param->cap_info_bitmap);
1781 mwifiex_dbg(adapter, INFO,
1782 "info: InterpretIE: capabilities=0x%X\n",
1785 /* Rest of the current buffer are IE's */
1786 ie_buf = current_ptr;
1787 ie_len = curr_bcn_bytes;
1788 mwifiex_dbg(adapter, INFO,
1789 "info: InterpretIE: IELength for this AP = %d\n",
1792 while (curr_bcn_bytes >= sizeof(struct ieee_types_header)) {
1793 u8 element_id, element_len;
1795 element_id = *current_ptr;
1796 element_len = *(current_ptr + 1);
1797 if (curr_bcn_bytes < element_len +
1798 sizeof(struct ieee_types_header)) {
1799 mwifiex_dbg(adapter, ERROR,
1800 "%s: bytes left < IE length\n", __func__);
1803 if (element_id == WLAN_EID_DS_PARAMS) {
1804 channel = *(current_ptr +
1805 sizeof(struct ieee_types_header));
1809 current_ptr += element_len + sizeof(struct ieee_types_header);
1810 curr_bcn_bytes -= element_len +
1811 sizeof(struct ieee_types_header);
1815 struct ieee80211_channel *chan;
1818 /* Skip entry if on csa closed channel */
1819 if (channel == priv->csa_chan) {
1820 mwifiex_dbg(adapter, WARN,
1821 "Dropping entry on csa closed channel\n");
1827 band = mwifiex_radio_type_to_band(*radio_type &
1830 cfp = mwifiex_get_cfp(priv, band, channel, 0);
1832 freq = cfp ? cfp->freq : 0;
1834 chan = ieee80211_get_channel(priv->wdev.wiphy, freq);
1836 if (chan && !(chan->flags & IEEE80211_CHAN_DISABLED)) {
1837 bss = cfg80211_inform_bss(priv->wdev.wiphy,
1838 chan, CFG80211_BSS_FTYPE_UNKNOWN,
1840 cap_info_bitmap, beacon_period,
1841 ie_buf, ie_len, rssi, GFP_KERNEL);
1843 bss_priv = (struct mwifiex_bss_priv *)bss->priv;
1844 bss_priv->band = band;
1845 bss_priv->fw_tsf = fw_tsf;
1846 if (priv->media_connected &&
1847 !memcmp(bssid, priv->curr_bss_params.
1848 bss_descriptor.mac_address,
1850 mwifiex_update_curr_bss_params(priv,
1852 cfg80211_put_bss(priv->wdev.wiphy, bss);
1855 if ((chan->flags & IEEE80211_CHAN_RADAR) ||
1856 (chan->flags & IEEE80211_CHAN_NO_IR)) {
1857 mwifiex_dbg(adapter, INFO,
1858 "radar or passive channel %d\n",
1860 mwifiex_save_hidden_ssid_channels(priv, bss);
1864 mwifiex_dbg(adapter, WARN, "missing BSS channel IE\n");
1870 static void mwifiex_complete_scan(struct mwifiex_private *priv)
1872 struct mwifiex_adapter *adapter = priv->adapter;
1874 adapter->survey_idx = 0;
1875 if (adapter->curr_cmd->wait_q_enabled) {
1876 adapter->cmd_wait_q.status = 0;
1877 if (!priv->scan_request) {
1878 mwifiex_dbg(adapter, INFO,
1879 "complete internal scan\n");
1880 mwifiex_complete_cmd(adapter, adapter->curr_cmd);
1885 /* This function checks if any hidden SSID found in passive scan channels
1886 * and do specific SSID active scan for those channels
1889 mwifiex_active_scan_req_for_passive_chan(struct mwifiex_private *priv)
1892 struct mwifiex_adapter *adapter = priv->adapter;
1894 struct mwifiex_user_scan_cfg *user_scan_cfg;
1896 if (adapter->active_scan_triggered || !priv->scan_request) {
1897 adapter->active_scan_triggered = false;
1901 if (!priv->hidden_chan[0].chan_number) {
1902 mwifiex_dbg(adapter, INFO, "No BSS with hidden SSID found on DFS channels\n");
1905 user_scan_cfg = kzalloc(sizeof(*user_scan_cfg), GFP_KERNEL);
1910 memset(user_scan_cfg, 0, sizeof(*user_scan_cfg));
1912 for (id = 0; id < MWIFIEX_USER_SCAN_CHAN_MAX; id++) {
1913 if (!priv->hidden_chan[id].chan_number)
1915 memcpy(&user_scan_cfg->chan_list[id],
1916 &priv->hidden_chan[id],
1917 sizeof(struct mwifiex_user_scan_chan));
1920 adapter->active_scan_triggered = true;
1921 user_scan_cfg->num_ssids = priv->scan_request->n_ssids;
1922 user_scan_cfg->ssid_list = priv->scan_request->ssids;
1924 ret = mwifiex_scan_networks(priv, user_scan_cfg);
1925 kfree(user_scan_cfg);
1927 memset(&priv->hidden_chan, 0, sizeof(priv->hidden_chan));
1930 dev_err(priv->adapter->dev, "scan failed: %d\n", ret);
1936 static void mwifiex_check_next_scan_command(struct mwifiex_private *priv)
1938 struct mwifiex_adapter *adapter = priv->adapter;
1939 struct cmd_ctrl_node *cmd_node, *tmp_node;
1940 unsigned long flags;
1942 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
1943 if (list_empty(&adapter->scan_pending_q)) {
1944 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1945 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1946 adapter->scan_processing = false;
1947 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1949 mwifiex_active_scan_req_for_passive_chan(priv);
1951 if (!adapter->ext_scan)
1952 mwifiex_complete_scan(priv);
1954 if (priv->scan_request) {
1955 mwifiex_dbg(adapter, INFO,
1956 "info: notifying scan done\n");
1957 cfg80211_scan_done(priv->scan_request, 0);
1958 priv->scan_request = NULL;
1960 priv->scan_aborting = false;
1961 mwifiex_dbg(adapter, INFO,
1962 "info: scan already aborted\n");
1964 } else if ((priv->scan_aborting && !priv->scan_request) ||
1966 list_for_each_entry_safe(cmd_node, tmp_node,
1967 &adapter->scan_pending_q, list) {
1968 list_del(&cmd_node->list);
1969 mwifiex_insert_cmd_to_free_q(adapter, cmd_node);
1971 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1973 spin_lock_irqsave(&adapter->mwifiex_cmd_lock, flags);
1974 adapter->scan_processing = false;
1975 spin_unlock_irqrestore(&adapter->mwifiex_cmd_lock, flags);
1977 if (!adapter->active_scan_triggered) {
1978 if (priv->scan_request) {
1979 mwifiex_dbg(adapter, INFO,
1980 "info: aborting scan\n");
1981 cfg80211_scan_done(priv->scan_request, 1);
1982 priv->scan_request = NULL;
1984 priv->scan_aborting = false;
1985 mwifiex_dbg(adapter, INFO,
1986 "info: scan already aborted\n");
1990 /* Get scan command from scan_pending_q and put to
1993 cmd_node = list_first_entry(&adapter->scan_pending_q,
1994 struct cmd_ctrl_node, list);
1995 list_del(&cmd_node->list);
1996 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
1997 mwifiex_insert_cmd_to_pending_q(adapter, cmd_node, true);
2004 * This function handles the command response of scan.
2006 * The response buffer for the scan command has the following
2009 * .-------------------------------------------------------------.
2010 * | Header (4 * sizeof(t_u16)): Standard command response hdr |
2011 * .-------------------------------------------------------------.
2012 * | BufSize (t_u16) : sizeof the BSS Description data |
2013 * .-------------------------------------------------------------.
2014 * | NumOfSet (t_u8) : Number of BSS Descs returned |
2015 * .-------------------------------------------------------------.
2016 * | BSSDescription data (variable, size given in BufSize) |
2017 * .-------------------------------------------------------------.
2018 * | TLV data (variable, size calculated using Header->Size, |
2019 * | BufSize and sizeof the fixed fields above) |
2020 * .-------------------------------------------------------------.
2022 int mwifiex_ret_802_11_scan(struct mwifiex_private *priv,
2023 struct host_cmd_ds_command *resp)
2026 struct mwifiex_adapter *adapter = priv->adapter;
2027 struct host_cmd_ds_802_11_scan_rsp *scan_rsp;
2028 struct mwifiex_ie_types_data *tlv_data;
2029 struct mwifiex_ie_types_tsf_timestamp *tsf_tlv;
2035 struct mwifiex_ie_types_chan_band_list_param_set *chan_band_tlv;
2036 struct chan_band_param_set *chan_band;
2041 is_bgscan_resp = (le16_to_cpu(resp->command)
2042 == HostCmd_CMD_802_11_BG_SCAN_QUERY);
2044 scan_rsp = &resp->params.bg_scan_query_resp.scan_resp;
2046 scan_rsp = &resp->params.scan_resp;
2049 if (scan_rsp->number_of_sets > MWIFIEX_MAX_AP) {
2050 mwifiex_dbg(adapter, ERROR,
2051 "SCAN_RESP: too many AP returned (%d)\n",
2052 scan_rsp->number_of_sets);
2054 goto check_next_scan;
2057 /* Check csa channel expiry before parsing scan response */
2058 mwifiex_11h_get_csa_closed_channel(priv);
2060 bytes_left = le16_to_cpu(scan_rsp->bss_descript_size);
2061 mwifiex_dbg(adapter, INFO,
2062 "info: SCAN_RESP: bss_descript_size %d\n",
2065 scan_resp_size = le16_to_cpu(resp->size);
2067 mwifiex_dbg(adapter, INFO,
2068 "info: SCAN_RESP: returned %d APs before parsing\n",
2069 scan_rsp->number_of_sets);
2071 bss_info = scan_rsp->bss_desc_and_tlv_buffer;
2074 * The size of the TLV buffer is equal to the entire command response
2075 * size (scan_resp_size) minus the fixed fields (sizeof()'s), the
2076 * BSS Descriptions (bss_descript_size as bytesLef) and the command
2077 * response header (S_DS_GEN)
2079 tlv_buf_size = scan_resp_size - (bytes_left
2080 + sizeof(scan_rsp->bss_descript_size)
2081 + sizeof(scan_rsp->number_of_sets)
2084 tlv_data = (struct mwifiex_ie_types_data *) (scan_rsp->
2085 bss_desc_and_tlv_buffer +
2088 /* Search the TLV buffer space in the scan response for any valid
2090 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
2091 TLV_TYPE_TSFTIMESTAMP,
2092 (struct mwifiex_ie_types_data **)
2095 /* Search the TLV buffer space in the scan response for any valid
2097 mwifiex_ret_802_11_scan_get_tlv_ptrs(adapter, tlv_data, tlv_buf_size,
2098 TLV_TYPE_CHANNELBANDLIST,
2099 (struct mwifiex_ie_types_data **)
2102 for (idx = 0; idx < scan_rsp->number_of_sets && bytes_left; idx++) {
2104 * If the TSF TLV was appended to the scan results, save this
2105 * entry's TSF value in the fw_tsf field. It is the firmware's
2106 * TSF value at the time the beacon or probe response was
2110 memcpy(&fw_tsf, &tsf_tlv->tsf_data[idx * TSF_DATA_SIZE],
2113 if (chan_band_tlv) {
2114 chan_band = &chan_band_tlv->chan_band_param[idx];
2115 radio_type = &chan_band->radio_type;
2120 ret = mwifiex_parse_single_response_buf(priv, &bss_info,
2122 le64_to_cpu(fw_tsf),
2123 radio_type, false, 0);
2125 goto check_next_scan;
2129 mwifiex_check_next_scan_command(priv);
2134 * This function prepares an extended scan command to be sent to the firmware
2136 * This uses the scan command configuration sent to the command processing
2137 * module in command preparation stage to configure a extended scan command
2138 * structure to send to firmware.
2140 int mwifiex_cmd_802_11_scan_ext(struct mwifiex_private *priv,
2141 struct host_cmd_ds_command *cmd,
2144 struct host_cmd_ds_802_11_scan_ext *ext_scan = &cmd->params.ext_scan;
2145 struct mwifiex_scan_cmd_config *scan_cfg = data_buf;
2147 memcpy(ext_scan->tlv_buffer, scan_cfg->tlv_buf, scan_cfg->tlv_buf_len);
2149 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_SCAN_EXT);
2151 /* Size is equal to the sizeof(fixed portions) + the TLV len + header */
2152 cmd->size = cpu_to_le16((u16)(sizeof(ext_scan->reserved)
2153 + scan_cfg->tlv_buf_len + S_DS_GEN));
2159 mwifiex_update_chan_statistics(struct mwifiex_private *priv,
2160 struct mwifiex_ietypes_chanstats *tlv_stat)
2162 struct mwifiex_adapter *adapter = priv->adapter;
2164 struct mwifiex_fw_chan_stats *fw_chan_stats;
2165 struct mwifiex_chan_stats chan_stats;
2167 fw_chan_stats = (void *)((u8 *)tlv_stat +
2168 sizeof(struct mwifiex_ie_types_header));
2169 num_chan = le16_to_cpu(tlv_stat->header.len) /
2170 sizeof(struct mwifiex_chan_stats);
2172 for (i = 0 ; i < num_chan; i++) {
2173 chan_stats.chan_num = fw_chan_stats->chan_num;
2174 chan_stats.bandcfg = fw_chan_stats->bandcfg;
2175 chan_stats.flags = fw_chan_stats->flags;
2176 chan_stats.noise = fw_chan_stats->noise;
2177 chan_stats.total_bss = le16_to_cpu(fw_chan_stats->total_bss);
2178 chan_stats.cca_scan_dur =
2179 le16_to_cpu(fw_chan_stats->cca_scan_dur);
2180 chan_stats.cca_busy_dur =
2181 le16_to_cpu(fw_chan_stats->cca_busy_dur);
2182 mwifiex_dbg(adapter, INFO,
2183 "chan=%d, noise=%d, total_network=%d scan_duration=%d, busy_duration=%d\n",
2184 chan_stats.chan_num,
2186 chan_stats.total_bss,
2187 chan_stats.cca_scan_dur,
2188 chan_stats.cca_busy_dur);
2189 memcpy(&adapter->chan_stats[adapter->survey_idx++], &chan_stats,
2190 sizeof(struct mwifiex_chan_stats));
2195 /* This function handles the command response of extended scan */
2196 int mwifiex_ret_802_11_scan_ext(struct mwifiex_private *priv,
2197 struct host_cmd_ds_command *resp)
2199 struct mwifiex_adapter *adapter = priv->adapter;
2200 struct host_cmd_ds_802_11_scan_ext *ext_scan_resp;
2201 struct mwifiex_ie_types_header *tlv;
2202 struct mwifiex_ietypes_chanstats *tlv_stat;
2203 u16 buf_left, type, len;
2205 struct host_cmd_ds_command *cmd_ptr;
2206 struct cmd_ctrl_node *cmd_node;
2207 unsigned long cmd_flags, scan_flags;
2208 bool complete_scan = false;
2210 mwifiex_dbg(adapter, INFO, "info: EXT scan returns successfully\n");
2212 ext_scan_resp = &resp->params.ext_scan;
2214 tlv = (void *)ext_scan_resp->tlv_buffer;
2215 buf_left = le16_to_cpu(resp->size) - (sizeof(*ext_scan_resp) + S_DS_GEN
2218 while (buf_left >= sizeof(struct mwifiex_ie_types_header)) {
2219 type = le16_to_cpu(tlv->type);
2220 len = le16_to_cpu(tlv->len);
2222 if (buf_left < (sizeof(struct mwifiex_ie_types_header) + len)) {
2223 mwifiex_dbg(adapter, ERROR,
2224 "error processing scan response TLVs");
2229 case TLV_TYPE_CHANNEL_STATS:
2230 tlv_stat = (void *)tlv;
2231 mwifiex_update_chan_statistics(priv, tlv_stat);
2237 buf_left -= len + sizeof(struct mwifiex_ie_types_header);
2238 tlv = (void *)((u8 *)tlv + len +
2239 sizeof(struct mwifiex_ie_types_header));
2242 spin_lock_irqsave(&adapter->cmd_pending_q_lock, cmd_flags);
2243 spin_lock_irqsave(&adapter->scan_pending_q_lock, scan_flags);
2244 if (list_empty(&adapter->scan_pending_q)) {
2245 complete_scan = true;
2246 list_for_each_entry(cmd_node, &adapter->cmd_pending_q, list) {
2247 cmd_ptr = (void *)cmd_node->cmd_skb->data;
2248 if (le16_to_cpu(cmd_ptr->command) ==
2249 HostCmd_CMD_802_11_SCAN_EXT) {
2250 mwifiex_dbg(adapter, INFO,
2251 "Scan pending in command pending list");
2252 complete_scan = false;
2257 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, scan_flags);
2258 spin_unlock_irqrestore(&adapter->cmd_pending_q_lock, cmd_flags);
2261 mwifiex_complete_scan(priv);
2266 /* This function This function handles the event extended scan report. It
2267 * parses extended scan results and informs to cfg80211 stack.
2269 int mwifiex_handle_event_ext_scan_report(struct mwifiex_private *priv,
2273 struct mwifiex_adapter *adapter = priv->adapter;
2275 u32 bytes_left, bytes_left_for_tlv, idx;
2277 struct mwifiex_ie_types_data *tlv;
2278 struct mwifiex_ie_types_bss_scan_rsp *scan_rsp_tlv;
2279 struct mwifiex_ie_types_bss_scan_info *scan_info_tlv;
2283 struct mwifiex_event_scan_result *event_scan = buf;
2284 u8 num_of_set = event_scan->num_of_set;
2285 u8 *scan_resp = buf + sizeof(struct mwifiex_event_scan_result);
2286 u16 scan_resp_size = le16_to_cpu(event_scan->buf_size);
2288 if (num_of_set > MWIFIEX_MAX_AP) {
2289 mwifiex_dbg(adapter, ERROR,
2290 "EXT_SCAN: Invalid number of AP returned (%d)!!\n",
2293 goto check_next_scan;
2296 bytes_left = scan_resp_size;
2297 mwifiex_dbg(adapter, INFO,
2298 "EXT_SCAN: size %d, returned %d APs...",
2299 scan_resp_size, num_of_set);
2300 mwifiex_dbg_dump(adapter, CMD_D, "EXT_SCAN buffer:", buf,
2302 sizeof(struct mwifiex_event_scan_result));
2304 tlv = (struct mwifiex_ie_types_data *)scan_resp;
2306 for (idx = 0; idx < num_of_set && bytes_left; idx++) {
2307 type = le16_to_cpu(tlv->header.type);
2308 len = le16_to_cpu(tlv->header.len);
2309 if (bytes_left < sizeof(struct mwifiex_ie_types_header) + len) {
2310 mwifiex_dbg(adapter, ERROR,
2311 "EXT_SCAN: Error bytes left < TLV length\n");
2314 scan_rsp_tlv = NULL;
2315 scan_info_tlv = NULL;
2316 bytes_left_for_tlv = bytes_left;
2318 /* BSS response TLV with beacon or probe response buffer
2319 * at the initial position of each descriptor
2321 if (type != TLV_TYPE_BSS_SCAN_RSP)
2324 bss_info = (u8 *)tlv;
2325 scan_rsp_tlv = (struct mwifiex_ie_types_bss_scan_rsp *)tlv;
2326 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len);
2327 bytes_left_for_tlv -=
2328 (len + sizeof(struct mwifiex_ie_types_header));
2330 while (bytes_left_for_tlv >=
2331 sizeof(struct mwifiex_ie_types_header) &&
2332 le16_to_cpu(tlv->header.type) != TLV_TYPE_BSS_SCAN_RSP) {
2333 type = le16_to_cpu(tlv->header.type);
2334 len = le16_to_cpu(tlv->header.len);
2335 if (bytes_left_for_tlv <
2336 sizeof(struct mwifiex_ie_types_header) + len) {
2337 mwifiex_dbg(adapter, ERROR,
2338 "EXT_SCAN: Error in processing TLV,\t"
2339 "bytes left < TLV length\n");
2340 scan_rsp_tlv = NULL;
2341 bytes_left_for_tlv = 0;
2345 case TLV_TYPE_BSS_SCAN_INFO:
2347 (struct mwifiex_ie_types_bss_scan_info *)tlv;
2349 sizeof(struct mwifiex_ie_types_bss_scan_info) -
2350 sizeof(struct mwifiex_ie_types_header)) {
2351 bytes_left_for_tlv = 0;
2358 tlv = (struct mwifiex_ie_types_data *)(tlv->data + len);
2360 (len + sizeof(struct mwifiex_ie_types_header));
2361 bytes_left_for_tlv -=
2362 (len + sizeof(struct mwifiex_ie_types_header));
2368 /* Advance pointer to the beacon buffer length and
2369 * update the bytes count so that the function
2370 * wlan_interpret_bss_desc_with_ie() can handle the
2371 * scan buffer withut any change
2373 bss_info += sizeof(u16);
2374 bytes_left -= sizeof(u16);
2376 if (scan_info_tlv) {
2377 rssi = (s32)(s16)(le16_to_cpu(scan_info_tlv->rssi));
2378 rssi *= 100; /* Convert dBm to mBm */
2379 mwifiex_dbg(adapter, INFO,
2380 "info: InterpretIE: RSSI=%d\n", rssi);
2381 fw_tsf = le64_to_cpu(scan_info_tlv->tsf);
2382 radio_type = &scan_info_tlv->radio_type;
2386 ret = mwifiex_parse_single_response_buf(priv, &bss_info,
2387 &bytes_left, fw_tsf,
2388 radio_type, true, rssi);
2390 goto check_next_scan;
2394 if (!event_scan->more_event)
2395 mwifiex_check_next_scan_command(priv);
2401 * This function prepares command for background scan query.
2403 * Preparation includes -
2404 * - Setting command ID and proper size
2405 * - Setting background scan flush parameter
2406 * - Ensuring correct endian-ness
2408 int mwifiex_cmd_802_11_bg_scan_query(struct host_cmd_ds_command *cmd)
2410 struct host_cmd_ds_802_11_bg_scan_query *bg_query =
2411 &cmd->params.bg_scan_query;
2413 cmd->command = cpu_to_le16(HostCmd_CMD_802_11_BG_SCAN_QUERY);
2414 cmd->size = cpu_to_le16(sizeof(struct host_cmd_ds_802_11_bg_scan_query)
2417 bg_query->flush = 1;
2423 * This function inserts scan command node to the scan pending queue.
2426 mwifiex_queue_scan_cmd(struct mwifiex_private *priv,
2427 struct cmd_ctrl_node *cmd_node)
2429 struct mwifiex_adapter *adapter = priv->adapter;
2430 unsigned long flags;
2432 cmd_node->wait_q_enabled = true;
2433 cmd_node->condition = &adapter->scan_wait_q_woken;
2434 spin_lock_irqsave(&adapter->scan_pending_q_lock, flags);
2435 list_add_tail(&cmd_node->list, &adapter->scan_pending_q);
2436 spin_unlock_irqrestore(&adapter->scan_pending_q_lock, flags);
2440 * This function sends a scan command for all available channels to the
2441 * firmware, filtered on a specific SSID.
2443 static int mwifiex_scan_specific_ssid(struct mwifiex_private *priv,
2444 struct cfg80211_ssid *req_ssid)
2446 struct mwifiex_adapter *adapter = priv->adapter;
2448 struct mwifiex_user_scan_cfg *scan_cfg;
2450 if (adapter->scan_processing) {
2451 mwifiex_dbg(adapter, WARN,
2452 "cmd: Scan already in process...\n");
2456 if (priv->scan_block) {
2457 mwifiex_dbg(adapter, WARN,
2458 "cmd: Scan is blocked during association...\n");
2462 scan_cfg = kzalloc(sizeof(struct mwifiex_user_scan_cfg), GFP_KERNEL);
2466 scan_cfg->ssid_list = req_ssid;
2467 scan_cfg->num_ssids = 1;
2469 ret = mwifiex_scan_networks(priv, scan_cfg);
2476 * Sends IOCTL request to start a scan.
2478 * This function allocates the IOCTL request buffer, fills it
2479 * with requisite parameters and calls the IOCTL handler.
2481 * Scan command can be issued for both normal scan and specific SSID
2482 * scan, depending upon whether an SSID is provided or not.
2484 int mwifiex_request_scan(struct mwifiex_private *priv,
2485 struct cfg80211_ssid *req_ssid)
2489 if (down_interruptible(&priv->async_sem)) {
2490 mwifiex_dbg(priv->adapter, ERROR,
2491 "%s: acquire semaphore fail\n",
2496 priv->adapter->scan_wait_q_woken = false;
2498 if (req_ssid && req_ssid->ssid_len != 0)
2499 /* Specific SSID scan */
2500 ret = mwifiex_scan_specific_ssid(priv, req_ssid);
2503 ret = mwifiex_scan_networks(priv, NULL);
2505 up(&priv->async_sem);
2511 * This function appends the vendor specific IE TLV to a buffer.
2514 mwifiex_cmd_append_vsie_tlv(struct mwifiex_private *priv,
2515 u16 vsie_mask, u8 **buffer)
2517 int id, ret_len = 0;
2518 struct mwifiex_ie_types_vendor_param_set *vs_param_set;
2526 * Traverse through the saved vendor specific IE array and append
2527 * the selected(scan/assoc/adhoc) IE as TLV to the command
2529 for (id = 0; id < MWIFIEX_MAX_VSIE_NUM; id++) {
2530 if (priv->vs_ie[id].mask & vsie_mask) {
2532 (struct mwifiex_ie_types_vendor_param_set *)
2534 vs_param_set->header.type =
2535 cpu_to_le16(TLV_TYPE_PASSTHROUGH);
2536 vs_param_set->header.len =
2537 cpu_to_le16((((u16) priv->vs_ie[id].ie[1])
2539 memcpy(vs_param_set->ie, priv->vs_ie[id].ie,
2540 le16_to_cpu(vs_param_set->header.len));
2541 *buffer += le16_to_cpu(vs_param_set->header.len) +
2542 sizeof(struct mwifiex_ie_types_header);
2543 ret_len += le16_to_cpu(vs_param_set->header.len) +
2544 sizeof(struct mwifiex_ie_types_header);
2551 * This function saves a beacon buffer of the current BSS descriptor.
2553 * The current beacon buffer is saved so that it can be restored in the
2554 * following cases that makes the beacon buffer not to contain the current
2555 * ssid's beacon buffer.
2556 * - The current ssid was not found somehow in the last scan.
2557 * - The current ssid was the last entry of the scan table and overloaded.
2560 mwifiex_save_curr_bcn(struct mwifiex_private *priv)
2562 struct mwifiex_bssdescriptor *curr_bss =
2563 &priv->curr_bss_params.bss_descriptor;
2565 if (!curr_bss->beacon_buf_size)
2568 /* allocate beacon buffer at 1st time; or if it's size has changed */
2569 if (!priv->curr_bcn_buf ||
2570 priv->curr_bcn_size != curr_bss->beacon_buf_size) {
2571 priv->curr_bcn_size = curr_bss->beacon_buf_size;
2573 kfree(priv->curr_bcn_buf);
2574 priv->curr_bcn_buf = kmalloc(curr_bss->beacon_buf_size,
2576 if (!priv->curr_bcn_buf)
2580 memcpy(priv->curr_bcn_buf, curr_bss->beacon_buf,
2581 curr_bss->beacon_buf_size);
2582 mwifiex_dbg(priv->adapter, INFO,
2583 "info: current beacon saved %d\n",
2584 priv->curr_bcn_size);
2586 curr_bss->beacon_buf = priv->curr_bcn_buf;
2588 /* adjust the pointers in the current BSS descriptor */
2589 if (curr_bss->bcn_wpa_ie)
2590 curr_bss->bcn_wpa_ie =
2591 (struct ieee_types_vendor_specific *)
2592 (curr_bss->beacon_buf +
2593 curr_bss->wpa_offset);
2595 if (curr_bss->bcn_rsn_ie)
2596 curr_bss->bcn_rsn_ie = (struct ieee_types_generic *)
2597 (curr_bss->beacon_buf +
2598 curr_bss->rsn_offset);
2600 if (curr_bss->bcn_ht_cap)
2601 curr_bss->bcn_ht_cap = (struct ieee80211_ht_cap *)
2602 (curr_bss->beacon_buf +
2603 curr_bss->ht_cap_offset);
2605 if (curr_bss->bcn_ht_oper)
2606 curr_bss->bcn_ht_oper = (struct ieee80211_ht_operation *)
2607 (curr_bss->beacon_buf +
2608 curr_bss->ht_info_offset);
2610 if (curr_bss->bcn_vht_cap)
2611 curr_bss->bcn_vht_cap = (void *)(curr_bss->beacon_buf +
2612 curr_bss->vht_cap_offset);
2614 if (curr_bss->bcn_vht_oper)
2615 curr_bss->bcn_vht_oper = (void *)(curr_bss->beacon_buf +
2616 curr_bss->vht_info_offset);
2618 if (curr_bss->bcn_bss_co_2040)
2619 curr_bss->bcn_bss_co_2040 =
2620 (curr_bss->beacon_buf + curr_bss->bss_co_2040_offset);
2622 if (curr_bss->bcn_ext_cap)
2623 curr_bss->bcn_ext_cap = curr_bss->beacon_buf +
2624 curr_bss->ext_cap_offset;
2626 if (curr_bss->oper_mode)
2627 curr_bss->oper_mode = (void *)(curr_bss->beacon_buf +
2628 curr_bss->oper_mode_offset);
2632 * This function frees the current BSS descriptor beacon buffer.
2635 mwifiex_free_curr_bcn(struct mwifiex_private *priv)
2637 kfree(priv->curr_bcn_buf);
2638 priv->curr_bcn_buf = NULL;
projects / karo-tx-linux.git / blob