1d4886179SRui Paulo /* $OpenBSD: if_iwm.c,v 1.39 2015/03/23 00:35:19 jsg Exp $ */ 2d4886179SRui Paulo 3d4886179SRui Paulo /* 4d4886179SRui Paulo * Copyright (c) 2014 genua mbh <info@genua.de> 5d4886179SRui Paulo * Copyright (c) 2014 Fixup Software Ltd. 6d4886179SRui Paulo * 7d4886179SRui Paulo * Permission to use, copy, modify, and distribute this software for any 8d4886179SRui Paulo * purpose with or without fee is hereby granted, provided that the above 9d4886179SRui Paulo * copyright notice and this permission notice appear in all copies. 10d4886179SRui Paulo * 11d4886179SRui Paulo * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12d4886179SRui Paulo * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13d4886179SRui Paulo * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14d4886179SRui Paulo * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15d4886179SRui Paulo * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16d4886179SRui Paulo * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17d4886179SRui Paulo * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18d4886179SRui Paulo */ 19d4886179SRui Paulo 20d4886179SRui Paulo /*- 21d4886179SRui Paulo * Based on BSD-licensed source modules in the Linux iwlwifi driver, 22d4886179SRui Paulo * which were used as the reference documentation for this implementation. 23d4886179SRui Paulo * 24d4886179SRui Paulo * Driver version we are currently based off of is 25d4886179SRui Paulo * Linux 3.14.3 (tag id a2df521e42b1d9a23f620ac79dbfe8655a8391dd) 26d4886179SRui Paulo * 27d4886179SRui Paulo *********************************************************************** 28d4886179SRui Paulo * 29d4886179SRui Paulo * This file is provided under a dual BSD/GPLv2 license. When using or 30d4886179SRui Paulo * redistributing this file, you may do so under either license. 31d4886179SRui Paulo * 32d4886179SRui Paulo * GPL LICENSE SUMMARY 33d4886179SRui Paulo * 34d4886179SRui Paulo * Copyright(c) 2007 - 2013 Intel Corporation. All rights reserved. 35d4886179SRui Paulo * 36d4886179SRui Paulo * This program is free software; you can redistribute it and/or modify 37d4886179SRui Paulo * it under the terms of version 2 of the GNU General Public License as 38d4886179SRui Paulo * published by the Free Software Foundation. 39d4886179SRui Paulo * 40d4886179SRui Paulo * This program is distributed in the hope that it will be useful, but 41d4886179SRui Paulo * WITHOUT ANY WARRANTY; without even the implied warranty of 42d4886179SRui Paulo * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 43d4886179SRui Paulo * General Public License for more details. 44d4886179SRui Paulo * 45d4886179SRui Paulo * You should have received a copy of the GNU General Public License 46d4886179SRui Paulo * along with this program; if not, write to the Free Software 47d4886179SRui Paulo * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110, 48d4886179SRui Paulo * USA 49d4886179SRui Paulo * 50d4886179SRui Paulo * The full GNU General Public License is included in this distribution 51d4886179SRui Paulo * in the file called COPYING. 52d4886179SRui Paulo * 53d4886179SRui Paulo * Contact Information: 54d4886179SRui Paulo * Intel Linux Wireless <ilw@linux.intel.com> 55d4886179SRui Paulo * Intel Corporation, 5200 N.E. Elam Young Parkway, Hillsboro, OR 97124-6497 56d4886179SRui Paulo * 57d4886179SRui Paulo * 58d4886179SRui Paulo * BSD LICENSE 59d4886179SRui Paulo * 60d4886179SRui Paulo * Copyright(c) 2005 - 2013 Intel Corporation. All rights reserved. 61d4886179SRui Paulo * All rights reserved. 62d4886179SRui Paulo * 63d4886179SRui Paulo * Redistribution and use in source and binary forms, with or without 64d4886179SRui Paulo * modification, are permitted provided that the following conditions 65d4886179SRui Paulo * are met: 66d4886179SRui Paulo * 67d4886179SRui Paulo * * Redistributions of source code must retain the above copyright 68d4886179SRui Paulo * notice, this list of conditions and the following disclaimer. 69d4886179SRui Paulo * * Redistributions in binary form must reproduce the above copyright 70d4886179SRui Paulo * notice, this list of conditions and the following disclaimer in 71d4886179SRui Paulo * the documentation and/or other materials provided with the 72d4886179SRui Paulo * distribution. 73d4886179SRui Paulo * * Neither the name Intel Corporation nor the names of its 74d4886179SRui Paulo * contributors may be used to endorse or promote products derived 75d4886179SRui Paulo * from this software without specific prior written permission. 76d4886179SRui Paulo * 77d4886179SRui Paulo * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 78d4886179SRui Paulo * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 79d4886179SRui Paulo * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 80d4886179SRui Paulo * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 81d4886179SRui Paulo * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 82d4886179SRui Paulo * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 83d4886179SRui Paulo * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 84d4886179SRui Paulo * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 85d4886179SRui Paulo * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 86d4886179SRui Paulo * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 87d4886179SRui Paulo * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 88d4886179SRui Paulo */ 89d4886179SRui Paulo 90d4886179SRui Paulo /*- 91d4886179SRui Paulo * Copyright (c) 2007-2010 Damien Bergamini <damien.bergamini@free.fr> 92d4886179SRui Paulo * 93d4886179SRui Paulo * Permission to use, copy, modify, and distribute this software for any 94d4886179SRui Paulo * purpose with or without fee is hereby granted, provided that the above 95d4886179SRui Paulo * copyright notice and this permission notice appear in all copies. 96d4886179SRui Paulo * 97d4886179SRui Paulo * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 98d4886179SRui Paulo * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 99d4886179SRui Paulo * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 100d4886179SRui Paulo * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 101d4886179SRui Paulo * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 102d4886179SRui Paulo * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 103d4886179SRui Paulo * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 104d4886179SRui Paulo */ 105d4886179SRui Paulo #include <sys/cdefs.h> 106d4886179SRui Paulo __FBSDID("$FreeBSD$"); 107d4886179SRui Paulo 108b789292fSAndriy Voskoboinyk #include "opt_wlan.h" 109616201d1SAdrian Chadd #include "opt_iwm.h" 110b789292fSAndriy Voskoboinyk 111d4886179SRui Paulo #include <sys/param.h> 112d4886179SRui Paulo #include <sys/bus.h> 113d4886179SRui Paulo #include <sys/conf.h> 114d4886179SRui Paulo #include <sys/endian.h> 115d4886179SRui Paulo #include <sys/firmware.h> 116d4886179SRui Paulo #include <sys/kernel.h> 117d4886179SRui Paulo #include <sys/malloc.h> 118d4886179SRui Paulo #include <sys/mbuf.h> 119d4886179SRui Paulo #include <sys/mutex.h> 120d4886179SRui Paulo #include <sys/module.h> 121d4886179SRui Paulo #include <sys/proc.h> 122d4886179SRui Paulo #include <sys/rman.h> 123d4886179SRui Paulo #include <sys/socket.h> 124d4886179SRui Paulo #include <sys/sockio.h> 125d4886179SRui Paulo #include <sys/sysctl.h> 126d4886179SRui Paulo #include <sys/linker.h> 127d4886179SRui Paulo 128d4886179SRui Paulo #include <machine/bus.h> 129d4886179SRui Paulo #include <machine/endian.h> 130d4886179SRui Paulo #include <machine/resource.h> 131d4886179SRui Paulo 132d4886179SRui Paulo #include <dev/pci/pcivar.h> 133d4886179SRui Paulo #include <dev/pci/pcireg.h> 134d4886179SRui Paulo 135d4886179SRui Paulo #include <net/bpf.h> 136d4886179SRui Paulo 137d4886179SRui Paulo #include <net/if.h> 138d4886179SRui Paulo #include <net/if_var.h> 139d4886179SRui Paulo #include <net/if_arp.h> 140d4886179SRui Paulo #include <net/if_dl.h> 141d4886179SRui Paulo #include <net/if_media.h> 142d4886179SRui Paulo #include <net/if_types.h> 143d4886179SRui Paulo 144d4886179SRui Paulo #include <netinet/in.h> 145d4886179SRui Paulo #include <netinet/in_systm.h> 146d4886179SRui Paulo #include <netinet/if_ether.h> 147d4886179SRui Paulo #include <netinet/ip.h> 148d4886179SRui Paulo 149d4886179SRui Paulo #include <net80211/ieee80211_var.h> 150d4886179SRui Paulo #include <net80211/ieee80211_regdomain.h> 151d4886179SRui Paulo #include <net80211/ieee80211_ratectl.h> 152d4886179SRui Paulo #include <net80211/ieee80211_radiotap.h> 153d4886179SRui Paulo 15449fdbf0aSRui Paulo #include <dev/iwm/if_iwmreg.h> 15549fdbf0aSRui Paulo #include <dev/iwm/if_iwmvar.h> 15649fdbf0aSRui Paulo #include <dev/iwm/if_iwm_debug.h> 1574b17c188SAdrian Chadd #include <dev/iwm/if_iwm_notif_wait.h> 15849fdbf0aSRui Paulo #include <dev/iwm/if_iwm_util.h> 15949fdbf0aSRui Paulo #include <dev/iwm/if_iwm_scan.h> 160d4886179SRui Paulo 161d4886179SRui Paulo /* 162d4886179SRui Paulo * BEGIN mvm/scan.c 163d4886179SRui Paulo */ 164d4886179SRui Paulo 165cd20383eSAdrian Chadd #define IWM_DENSE_EBS_SCAN_RATIO 5 166cd20383eSAdrian Chadd #define IWM_SPARSE_EBS_SCAN_RATIO 1 167cd20383eSAdrian Chadd 168d4886179SRui Paulo static uint16_t 169d4886179SRui Paulo iwm_mvm_scan_rx_chain(struct iwm_softc *sc) 170d4886179SRui Paulo { 171d4886179SRui Paulo uint16_t rx_chain; 172d4886179SRui Paulo uint8_t rx_ant; 173d4886179SRui Paulo 1742a2476b3SAdrian Chadd rx_ant = iwm_mvm_get_valid_rx_ant(sc); 175d4886179SRui Paulo rx_chain = rx_ant << IWM_PHY_RX_CHAIN_VALID_POS; 176d4886179SRui Paulo rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_MIMO_SEL_POS; 177d4886179SRui Paulo rx_chain |= rx_ant << IWM_PHY_RX_CHAIN_FORCE_SEL_POS; 178d4886179SRui Paulo rx_chain |= 0x1 << IWM_PHY_RX_CHAIN_DRIVER_FORCE_POS; 179d4886179SRui Paulo return htole16(rx_chain); 180d4886179SRui Paulo } 181d4886179SRui Paulo 182fe845d8eSAdrian Chadd static uint32_t 183fe845d8eSAdrian Chadd iwm_mvm_scan_rxon_flags(struct ieee80211_channel *c) 184fe845d8eSAdrian Chadd { 185fe845d8eSAdrian Chadd if (IEEE80211_IS_CHAN_2GHZ(c)) 186fe845d8eSAdrian Chadd return htole32(IWM_PHY_BAND_24); 187fe845d8eSAdrian Chadd else 188fe845d8eSAdrian Chadd return htole32(IWM_PHY_BAND_5); 189fe845d8eSAdrian Chadd } 190fe845d8eSAdrian Chadd 191d4886179SRui Paulo static uint32_t 192d4886179SRui Paulo iwm_mvm_scan_rate_n_flags(struct iwm_softc *sc, int flags, int no_cck) 193d4886179SRui Paulo { 194d4886179SRui Paulo uint32_t tx_ant; 195d4886179SRui Paulo int i, ind; 196d4886179SRui Paulo 197d4886179SRui Paulo for (i = 0, ind = sc->sc_scan_last_antenna; 198d4886179SRui Paulo i < IWM_RATE_MCS_ANT_NUM; i++) { 199d4886179SRui Paulo ind = (ind + 1) % IWM_RATE_MCS_ANT_NUM; 2002a2476b3SAdrian Chadd if (iwm_mvm_get_valid_tx_ant(sc) & (1 << ind)) { 201d4886179SRui Paulo sc->sc_scan_last_antenna = ind; 202d4886179SRui Paulo break; 203d4886179SRui Paulo } 204d4886179SRui Paulo } 205d4886179SRui Paulo tx_ant = (1 << sc->sc_scan_last_antenna) << IWM_RATE_MCS_ANT_POS; 206d4886179SRui Paulo 207d4886179SRui Paulo if ((flags & IEEE80211_CHAN_2GHZ) && !no_cck) 208d4886179SRui Paulo return htole32(IWM_RATE_1M_PLCP | IWM_RATE_MCS_CCK_MSK | 209d4886179SRui Paulo tx_ant); 210d4886179SRui Paulo else 211d4886179SRui Paulo return htole32(IWM_RATE_6M_PLCP | tx_ant); 212d4886179SRui Paulo } 213d4886179SRui Paulo 214fe845d8eSAdrian Chadd static inline boolean_t 215fe845d8eSAdrian Chadd iwm_mvm_rrm_scan_needed(struct iwm_softc *sc) 216fe845d8eSAdrian Chadd { 217fe845d8eSAdrian Chadd /* require rrm scan whenever the fw supports it */ 218*f33c8309SKyle Evans return fw_has_capa(&sc->sc_fw.ucode_capa, 219fe845d8eSAdrian Chadd IWM_UCODE_TLV_CAPA_DS_PARAM_SET_IE_SUPPORT); 220fe845d8eSAdrian Chadd } 221fe845d8eSAdrian Chadd 2227beeab43SAndriy Voskoboinyk #ifdef IWM_DEBUG 223cd20383eSAdrian Chadd static const char * 224cd20383eSAdrian Chadd iwm_mvm_ebs_status_str(enum iwm_scan_ebs_status status) 225cd20383eSAdrian Chadd { 226cd20383eSAdrian Chadd switch (status) { 227cd20383eSAdrian Chadd case IWM_SCAN_EBS_SUCCESS: 228cd20383eSAdrian Chadd return "successful"; 229cd20383eSAdrian Chadd case IWM_SCAN_EBS_INACTIVE: 230cd20383eSAdrian Chadd return "inactive"; 231cd20383eSAdrian Chadd case IWM_SCAN_EBS_FAILED: 232cd20383eSAdrian Chadd case IWM_SCAN_EBS_CHAN_NOT_FOUND: 233cd20383eSAdrian Chadd default: 234cd20383eSAdrian Chadd return "failed"; 235cd20383eSAdrian Chadd } 236cd20383eSAdrian Chadd } 237cd20383eSAdrian Chadd 2387beeab43SAndriy Voskoboinyk static const char * 2397beeab43SAndriy Voskoboinyk iwm_mvm_offload_status_str(enum iwm_scan_offload_complete_status status) 2407beeab43SAndriy Voskoboinyk { 2417beeab43SAndriy Voskoboinyk return (status == IWM_SCAN_OFFLOAD_ABORTED) ? "aborted" : "completed"; 2427beeab43SAndriy Voskoboinyk } 2437beeab43SAndriy Voskoboinyk #endif 2447beeab43SAndriy Voskoboinyk 245cd20383eSAdrian Chadd void 246cd20383eSAdrian Chadd iwm_mvm_rx_lmac_scan_complete_notif(struct iwm_softc *sc, 247cd20383eSAdrian Chadd struct iwm_rx_packet *pkt) 248cd20383eSAdrian Chadd { 249cd20383eSAdrian Chadd struct iwm_periodic_scan_complete *scan_notif = (void *)pkt->data; 250cd20383eSAdrian Chadd 251cd20383eSAdrian Chadd /* If this happens, the firmware has mistakenly sent an LMAC 252cd20383eSAdrian Chadd * notification during UMAC scans -- warn and ignore it. 253cd20383eSAdrian Chadd */ 254*f33c8309SKyle Evans if (fw_has_capa(&sc->sc_fw.ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) { 255cd20383eSAdrian Chadd device_printf(sc->sc_dev, 256cd20383eSAdrian Chadd "%s: Mistakenly got LMAC notification during UMAC scan\n", 257cd20383eSAdrian Chadd __func__); 258cd20383eSAdrian Chadd return; 259cd20383eSAdrian Chadd } 260cd20383eSAdrian Chadd 261cd20383eSAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "Regular scan %s, EBS status %s (FW)\n", 2627beeab43SAndriy Voskoboinyk iwm_mvm_offload_status_str(scan_notif->status), 263cd20383eSAdrian Chadd iwm_mvm_ebs_status_str(scan_notif->ebs_status)); 264cd20383eSAdrian Chadd 265cd20383eSAdrian Chadd sc->last_ebs_successful = 266cd20383eSAdrian Chadd scan_notif->ebs_status == IWM_SCAN_EBS_SUCCESS || 267cd20383eSAdrian Chadd scan_notif->ebs_status == IWM_SCAN_EBS_INACTIVE; 268cd20383eSAdrian Chadd 269cd20383eSAdrian Chadd } 270cd20383eSAdrian Chadd 271cd20383eSAdrian Chadd void 272cd20383eSAdrian Chadd iwm_mvm_rx_umac_scan_complete_notif(struct iwm_softc *sc, 273cd20383eSAdrian Chadd struct iwm_rx_packet *pkt) 274cd20383eSAdrian Chadd { 275cd20383eSAdrian Chadd struct iwm_umac_scan_complete *notif = (void *)pkt->data; 276cd20383eSAdrian Chadd 277cd20383eSAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 278cd20383eSAdrian Chadd "Scan completed, uid %u, status %s, EBS status %s\n", 2797beeab43SAndriy Voskoboinyk le32toh(notif->uid), 2807beeab43SAndriy Voskoboinyk iwm_mvm_offload_status_str(notif->status), 281cd20383eSAdrian Chadd iwm_mvm_ebs_status_str(notif->ebs_status)); 282cd20383eSAdrian Chadd 283cd20383eSAdrian Chadd if (notif->ebs_status != IWM_SCAN_EBS_SUCCESS && 284cd20383eSAdrian Chadd notif->ebs_status != IWM_SCAN_EBS_INACTIVE) 285cd20383eSAdrian Chadd sc->last_ebs_successful = FALSE; 286cd20383eSAdrian Chadd } 287cd20383eSAdrian Chadd 288d4886179SRui Paulo static int 2896a5bc1d1SSean Bruno iwm_mvm_scan_skip_channel(struct ieee80211_channel *c) 2906a5bc1d1SSean Bruno { 2916a5bc1d1SSean Bruno if (IEEE80211_IS_CHAN_2GHZ(c) && IEEE80211_IS_CHAN_B(c)) 2926a5bc1d1SSean Bruno return 0; 2936a5bc1d1SSean Bruno else if (IEEE80211_IS_CHAN_5GHZ(c) && IEEE80211_IS_CHAN_A(c)) 2946a5bc1d1SSean Bruno return 0; 2956a5bc1d1SSean Bruno else 2966a5bc1d1SSean Bruno return 1; 2976a5bc1d1SSean Bruno } 2986a5bc1d1SSean Bruno 2996a5bc1d1SSean Bruno static uint8_t 3006a5bc1d1SSean Bruno iwm_mvm_lmac_scan_fill_channels(struct iwm_softc *sc, 3016a5bc1d1SSean Bruno struct iwm_scan_channel_cfg_lmac *chan, int n_ssids) 302d4886179SRui Paulo { 3037a79cebfSGleb Smirnoff struct ieee80211com *ic = &sc->sc_ic; 3049afea60fSAndriy Voskoboinyk struct ieee80211_scan_state *ss = ic->ic_scan; 305d4886179SRui Paulo struct ieee80211_channel *c; 3066a5bc1d1SSean Bruno uint8_t nchan; 3076a5bc1d1SSean Bruno int j; 308d4886179SRui Paulo 3096a5bc1d1SSean Bruno for (nchan = j = 0; 310*f33c8309SKyle Evans j < ss->ss_last && nchan < sc->sc_fw.ucode_capa.n_scan_channels; 311*f33c8309SKyle Evans j++) { 3122aa3dbb0SAdrian Chadd c = ss->ss_chans[j]; 313d4886179SRui Paulo /* 314d4886179SRui Paulo * Catch other channels, in case we have 900MHz channels or 315d4886179SRui Paulo * something in the chanlist. 316d4886179SRui Paulo */ 3172aa3dbb0SAdrian Chadd if (!IEEE80211_IS_CHAN_2GHZ(c) && !IEEE80211_IS_CHAN_5GHZ(c)) { 318d4886179SRui Paulo IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_EEPROM, 319d4886179SRui Paulo "%s: skipping channel (freq=%d, ieee=%d, flags=0x%08x)\n", 3206a5bc1d1SSean Bruno __func__, c->ic_freq, c->ic_ieee, c->ic_flags); 3216a5bc1d1SSean Bruno continue; 322d4886179SRui Paulo } 3236a5bc1d1SSean Bruno 324d4886179SRui Paulo IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_EEPROM, 325d4886179SRui Paulo "Adding channel %d (%d Mhz) to the list\n", 326d4886179SRui Paulo nchan, c->ic_freq); 3276a5bc1d1SSean Bruno chan->channel_num = htole16(ieee80211_mhz2ieee(c->ic_freq, 0)); 3286a5bc1d1SSean Bruno chan->iter_count = htole16(1); 3296a5bc1d1SSean Bruno chan->iter_interval = htole32(0); 3306a5bc1d1SSean Bruno chan->flags = htole32(IWM_UNIFIED_SCAN_CHANNEL_PARTIAL); 3319afea60fSAndriy Voskoboinyk chan->flags |= htole32(IWM_SCAN_CHANNEL_NSSIDS(n_ssids)); 3329afea60fSAndriy Voskoboinyk /* XXX IEEE80211_SCAN_NOBCAST flag is never set. */ 3339afea60fSAndriy Voskoboinyk if (!IEEE80211_IS_CHAN_PASSIVE(c) && 3349afea60fSAndriy Voskoboinyk (!(ss->ss_flags & IEEE80211_SCAN_NOBCAST) || n_ssids != 0)) 3359afea60fSAndriy Voskoboinyk chan->flags |= htole32(IWM_SCAN_CHANNEL_TYPE_ACTIVE); 336d4886179SRui Paulo chan++; 337d4886179SRui Paulo nchan++; 338d4886179SRui Paulo } 3396a5bc1d1SSean Bruno 340d4886179SRui Paulo return nchan; 341d4886179SRui Paulo } 342d4886179SRui Paulo 3436a5bc1d1SSean Bruno static uint8_t 3446a5bc1d1SSean Bruno iwm_mvm_umac_scan_fill_channels(struct iwm_softc *sc, 3456a5bc1d1SSean Bruno struct iwm_scan_channel_cfg_umac *chan, int n_ssids) 346d4886179SRui Paulo { 3476a5bc1d1SSean Bruno struct ieee80211com *ic = &sc->sc_ic; 3482aa3dbb0SAdrian Chadd struct ieee80211_scan_state *ss = ic->ic_scan; 3496a5bc1d1SSean Bruno struct ieee80211_channel *c; 3506a5bc1d1SSean Bruno uint8_t nchan; 3516a5bc1d1SSean Bruno int j; 352d4886179SRui Paulo 3536a5bc1d1SSean Bruno for (nchan = j = 0; 354*f33c8309SKyle Evans j < ss->ss_last && nchan < sc->sc_fw.ucode_capa.n_scan_channels; 355*f33c8309SKyle Evans j++) { 3562aa3dbb0SAdrian Chadd c = ss->ss_chans[j]; 3576a5bc1d1SSean Bruno /* 3586a5bc1d1SSean Bruno * Catch other channels, in case we have 900MHz channels or 3596a5bc1d1SSean Bruno * something in the chanlist. 3606a5bc1d1SSean Bruno */ 3612aa3dbb0SAdrian Chadd if (!IEEE80211_IS_CHAN_2GHZ(c) && !IEEE80211_IS_CHAN_5GHZ(c)) { 3626a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_EEPROM, 3636a5bc1d1SSean Bruno "%s: skipping channel (freq=%d, ieee=%d, flags=0x%08x)\n", 3646a5bc1d1SSean Bruno __func__, c->ic_freq, c->ic_ieee, c->ic_flags); 3656a5bc1d1SSean Bruno continue; 366d4886179SRui Paulo } 367d4886179SRui Paulo 3686a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_RESET | IWM_DEBUG_EEPROM, 3696a5bc1d1SSean Bruno "Adding channel %d (%d Mhz) to the list\n", 3706a5bc1d1SSean Bruno nchan, c->ic_freq); 3716a5bc1d1SSean Bruno chan->channel_num = ieee80211_mhz2ieee(c->ic_freq, 0); 3726a5bc1d1SSean Bruno chan->iter_count = 1; 3736a5bc1d1SSean Bruno chan->iter_interval = htole16(0); 3749afea60fSAndriy Voskoboinyk chan->flags = htole32(IWM_SCAN_CHANNEL_UMAC_NSSIDS(n_ssids)); 3756a5bc1d1SSean Bruno chan++; 3766a5bc1d1SSean Bruno nchan++; 3776a5bc1d1SSean Bruno } 3786a5bc1d1SSean Bruno 3796a5bc1d1SSean Bruno return nchan; 3806a5bc1d1SSean Bruno } 3816a5bc1d1SSean Bruno 3826a5bc1d1SSean Bruno static int 3836a5bc1d1SSean Bruno iwm_mvm_fill_probe_req(struct iwm_softc *sc, struct iwm_scan_probe_req *preq) 3846a5bc1d1SSean Bruno { 3856a5bc1d1SSean Bruno struct ieee80211com *ic = &sc->sc_ic; 3866a5bc1d1SSean Bruno struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 3876a5bc1d1SSean Bruno struct ieee80211_frame *wh = (struct ieee80211_frame *)preq->buf; 3886a5bc1d1SSean Bruno struct ieee80211_rateset *rs; 3896a5bc1d1SSean Bruno size_t remain = sizeof(preq->buf); 3906a5bc1d1SSean Bruno uint8_t *frm, *pos; 3916a5bc1d1SSean Bruno 3926a5bc1d1SSean Bruno memset(preq, 0, sizeof(*preq)); 3936a5bc1d1SSean Bruno 3946a5bc1d1SSean Bruno /* Ensure enough space for header and SSID IE. */ 3959afea60fSAndriy Voskoboinyk if (remain < sizeof(*wh) + 2) 3966a5bc1d1SSean Bruno return ENOBUFS; 3976a5bc1d1SSean Bruno 3986a5bc1d1SSean Bruno /* 3996a5bc1d1SSean Bruno * Build a probe request frame. Most of the following code is a 4006a5bc1d1SSean Bruno * copy & paste of what is done in net80211. 4016a5bc1d1SSean Bruno */ 4026a5bc1d1SSean Bruno wh->i_fc[0] = IEEE80211_FC0_VERSION_0 | IEEE80211_FC0_TYPE_MGT | 4036a5bc1d1SSean Bruno IEEE80211_FC0_SUBTYPE_PROBE_REQ; 4046a5bc1d1SSean Bruno wh->i_fc[1] = IEEE80211_FC1_DIR_NODS; 4056a5bc1d1SSean Bruno IEEE80211_ADDR_COPY(wh->i_addr1, ieee80211broadcastaddr); 4066a5bc1d1SSean Bruno IEEE80211_ADDR_COPY(wh->i_addr2, vap ? vap->iv_myaddr : ic->ic_macaddr); 4076a5bc1d1SSean Bruno IEEE80211_ADDR_COPY(wh->i_addr3, ieee80211broadcastaddr); 4086a5bc1d1SSean Bruno *(uint16_t *)&wh->i_dur[0] = 0; /* filled by HW */ 4096a5bc1d1SSean Bruno *(uint16_t *)&wh->i_seq[0] = 0; /* filled by HW */ 4106a5bc1d1SSean Bruno 4116a5bc1d1SSean Bruno frm = (uint8_t *)(wh + 1); 4129afea60fSAndriy Voskoboinyk frm = ieee80211_add_ssid(frm, NULL, 0); 4136a5bc1d1SSean Bruno 4146a5bc1d1SSean Bruno /* Tell the firmware where the MAC header is. */ 4156a5bc1d1SSean Bruno preq->mac_header.offset = 0; 4166a5bc1d1SSean Bruno preq->mac_header.len = htole16(frm - (uint8_t *)wh); 4176a5bc1d1SSean Bruno remain -= frm - (uint8_t *)wh; 4186a5bc1d1SSean Bruno 4196a5bc1d1SSean Bruno /* Fill in 2GHz IEs and tell firmware where they are. */ 4206a5bc1d1SSean Bruno rs = &ic->ic_sup_rates[IEEE80211_MODE_11G]; 4216a5bc1d1SSean Bruno if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 4226a5bc1d1SSean Bruno if (remain < 4 + rs->rs_nrates) 4236a5bc1d1SSean Bruno return ENOBUFS; 4246a5bc1d1SSean Bruno } else if (remain < 2 + rs->rs_nrates) { 4256a5bc1d1SSean Bruno return ENOBUFS; 4266a5bc1d1SSean Bruno } 4276a5bc1d1SSean Bruno preq->band_data[0].offset = htole16(frm - (uint8_t *)wh); 4286a5bc1d1SSean Bruno pos = frm; 4296a5bc1d1SSean Bruno frm = ieee80211_add_rates(frm, rs); 4306a5bc1d1SSean Bruno if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4316a5bc1d1SSean Bruno frm = ieee80211_add_xrates(frm, rs); 4326a5bc1d1SSean Bruno preq->band_data[0].len = htole16(frm - pos); 4336a5bc1d1SSean Bruno remain -= frm - pos; 4346a5bc1d1SSean Bruno 435fe845d8eSAdrian Chadd if (iwm_mvm_rrm_scan_needed(sc)) { 4366a5bc1d1SSean Bruno if (remain < 3) 4376a5bc1d1SSean Bruno return ENOBUFS; 4386a5bc1d1SSean Bruno *frm++ = IEEE80211_ELEMID_DSPARMS; 4396a5bc1d1SSean Bruno *frm++ = 1; 4406a5bc1d1SSean Bruno *frm++ = 0; 4416a5bc1d1SSean Bruno remain -= 3; 4426a5bc1d1SSean Bruno } 4436a5bc1d1SSean Bruno 4446349bdb3SAdrian Chadd if (sc->nvm_data->sku_cap_band_52GHz_enable) { 4456a5bc1d1SSean Bruno /* Fill in 5GHz IEs. */ 4466a5bc1d1SSean Bruno rs = &ic->ic_sup_rates[IEEE80211_MODE_11A]; 4476a5bc1d1SSean Bruno if (rs->rs_nrates > IEEE80211_RATE_SIZE) { 4486a5bc1d1SSean Bruno if (remain < 4 + rs->rs_nrates) 4496a5bc1d1SSean Bruno return ENOBUFS; 4506a5bc1d1SSean Bruno } else if (remain < 2 + rs->rs_nrates) { 4516a5bc1d1SSean Bruno return ENOBUFS; 4526a5bc1d1SSean Bruno } 4536a5bc1d1SSean Bruno preq->band_data[1].offset = htole16(frm - (uint8_t *)wh); 4546a5bc1d1SSean Bruno pos = frm; 4556a5bc1d1SSean Bruno frm = ieee80211_add_rates(frm, rs); 4566a5bc1d1SSean Bruno if (rs->rs_nrates > IEEE80211_RATE_SIZE) 4576a5bc1d1SSean Bruno frm = ieee80211_add_xrates(frm, rs); 4586a5bc1d1SSean Bruno preq->band_data[1].len = htole16(frm - pos); 4596a5bc1d1SSean Bruno remain -= frm - pos; 4606a5bc1d1SSean Bruno } 4616a5bc1d1SSean Bruno 4626a5bc1d1SSean Bruno /* Send 11n IEs on both 2GHz and 5GHz bands. */ 4636a5bc1d1SSean Bruno preq->common_data.offset = htole16(frm - (uint8_t *)wh); 4646a5bc1d1SSean Bruno pos = frm; 4656a5bc1d1SSean Bruno #if 0 4666a5bc1d1SSean Bruno if (ic->ic_flags & IEEE80211_F_HTON) { 4676a5bc1d1SSean Bruno if (remain < 28) 4686a5bc1d1SSean Bruno return ENOBUFS; 4696a5bc1d1SSean Bruno frm = ieee80211_add_htcaps(frm, ic); 4706a5bc1d1SSean Bruno /* XXX add WME info? */ 4716a5bc1d1SSean Bruno } 4726a5bc1d1SSean Bruno #endif 4736a5bc1d1SSean Bruno preq->common_data.len = htole16(frm - pos); 4746a5bc1d1SSean Bruno 4756a5bc1d1SSean Bruno return 0; 476d4886179SRui Paulo } 477d4886179SRui Paulo 478d4886179SRui Paulo int 4796a5bc1d1SSean Bruno iwm_mvm_config_umac_scan(struct iwm_softc *sc) 480d4886179SRui Paulo { 481bc6cd01dSAdrian Chadd struct ieee80211com *ic = &sc->sc_ic; 482bc6cd01dSAdrian Chadd struct ieee80211vap *vap = TAILQ_FIRST(&ic->ic_vaps); 483d4886179SRui Paulo 4846a5bc1d1SSean Bruno struct iwm_scan_config *scan_config; 4856a5bc1d1SSean Bruno int ret, j, nchan; 4866a5bc1d1SSean Bruno size_t cmd_size; 4876a5bc1d1SSean Bruno struct ieee80211_channel *c; 4886a5bc1d1SSean Bruno struct iwm_host_cmd hcmd = { 4896a5bc1d1SSean Bruno .id = iwm_cmd_id(IWM_SCAN_CFG_CMD, IWM_ALWAYS_LONG_GROUP, 0), 4906a5bc1d1SSean Bruno .flags = IWM_CMD_SYNC, 4916a5bc1d1SSean Bruno }; 4926a5bc1d1SSean Bruno static const uint32_t rates = (IWM_SCAN_CONFIG_RATE_1M | 4936a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_2M | IWM_SCAN_CONFIG_RATE_5M | 4946a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_11M | IWM_SCAN_CONFIG_RATE_6M | 4956a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_9M | IWM_SCAN_CONFIG_RATE_12M | 4966a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_18M | IWM_SCAN_CONFIG_RATE_24M | 4976a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_36M | IWM_SCAN_CONFIG_RATE_48M | 4986a5bc1d1SSean Bruno IWM_SCAN_CONFIG_RATE_54M); 4996a5bc1d1SSean Bruno 500*f33c8309SKyle Evans cmd_size = sizeof(*scan_config) + sc->sc_fw.ucode_capa.n_scan_channels; 5016a5bc1d1SSean Bruno 5026a5bc1d1SSean Bruno scan_config = malloc(cmd_size, M_DEVBUF, M_NOWAIT | M_ZERO); 5036a5bc1d1SSean Bruno if (scan_config == NULL) 5046a5bc1d1SSean Bruno return ENOMEM; 5056a5bc1d1SSean Bruno 5062a2476b3SAdrian Chadd scan_config->tx_chains = htole32(iwm_mvm_get_valid_tx_ant(sc)); 5072a2476b3SAdrian Chadd scan_config->rx_chains = htole32(iwm_mvm_get_valid_rx_ant(sc)); 5086a5bc1d1SSean Bruno scan_config->legacy_rates = htole32(rates | 5096a5bc1d1SSean Bruno IWM_SCAN_CONFIG_SUPPORTED_RATE(rates)); 5106a5bc1d1SSean Bruno 5116a5bc1d1SSean Bruno /* These timings correspond to iwlwifi's UNASSOC scan. */ 5126a5bc1d1SSean Bruno scan_config->dwell_active = 10; 5136a5bc1d1SSean Bruno scan_config->dwell_passive = 110; 5146a5bc1d1SSean Bruno scan_config->dwell_fragmented = 44; 5156a5bc1d1SSean Bruno scan_config->dwell_extended = 90; 5166a5bc1d1SSean Bruno scan_config->out_of_channel_time = htole32(0); 5176a5bc1d1SSean Bruno scan_config->suspend_time = htole32(0); 5186a5bc1d1SSean Bruno 5196a5bc1d1SSean Bruno IEEE80211_ADDR_COPY(scan_config->mac_addr, 5206a5bc1d1SSean Bruno vap ? vap->iv_myaddr : ic->ic_macaddr); 5216a5bc1d1SSean Bruno 5226a5bc1d1SSean Bruno scan_config->bcast_sta_id = sc->sc_aux_sta.sta_id; 5236a5bc1d1SSean Bruno scan_config->channel_flags = IWM_CHANNEL_FLAG_EBS | 5246a5bc1d1SSean Bruno IWM_CHANNEL_FLAG_ACCURATE_EBS | IWM_CHANNEL_FLAG_EBS_ADD | 5256a5bc1d1SSean Bruno IWM_CHANNEL_FLAG_PRE_SCAN_PASSIVE2ACTIVE; 5266a5bc1d1SSean Bruno 5276a5bc1d1SSean Bruno for (nchan = j = 0; 528*f33c8309SKyle Evans j < ic->ic_nchans && nchan < sc->sc_fw.ucode_capa.n_scan_channels; 529*f33c8309SKyle Evans j++) { 5306a5bc1d1SSean Bruno c = &ic->ic_channels[j]; 5316a5bc1d1SSean Bruno /* For 2GHz, only populate 11b channels */ 5326a5bc1d1SSean Bruno /* For 5GHz, only populate 11a channels */ 5336a5bc1d1SSean Bruno /* 5346a5bc1d1SSean Bruno * Catch other channels, in case we have 900MHz channels or 5356a5bc1d1SSean Bruno * something in the chanlist. 5366a5bc1d1SSean Bruno */ 5376a5bc1d1SSean Bruno if (iwm_mvm_scan_skip_channel(c)) 5386a5bc1d1SSean Bruno continue; 5396a5bc1d1SSean Bruno scan_config->channel_array[nchan++] = 5406a5bc1d1SSean Bruno ieee80211_mhz2ieee(c->ic_freq, 0); 5416a5bc1d1SSean Bruno } 5426a5bc1d1SSean Bruno 5436a5bc1d1SSean Bruno scan_config->flags = htole32(IWM_SCAN_CONFIG_FLAG_ACTIVATE | 5446a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_ALLOW_CHUB_REQS | 5456a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_TX_CHAINS | 5466a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_RX_CHAINS | 5476a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_AUX_STA_ID | 5486a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_ALL_TIMES | 5496a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_LEGACY_RATES | 5506a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_MAC_ADDR | 5516a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_SET_CHANNEL_FLAGS| 5526a5bc1d1SSean Bruno IWM_SCAN_CONFIG_N_CHANNELS(nchan) | 5536a5bc1d1SSean Bruno IWM_SCAN_CONFIG_FLAG_CLEAR_FRAGMENTED); 5546a5bc1d1SSean Bruno 5556a5bc1d1SSean Bruno hcmd.data[0] = scan_config; 5566a5bc1d1SSean Bruno hcmd.len[0] = cmd_size; 5576a5bc1d1SSean Bruno 5586a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "Sending UMAC scan config\n"); 5596a5bc1d1SSean Bruno 5606a5bc1d1SSean Bruno ret = iwm_send_cmd(sc, &hcmd); 5616a5bc1d1SSean Bruno if (!ret) 5626a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 5636a5bc1d1SSean Bruno "UMAC scan config was sent successfully\n"); 5646a5bc1d1SSean Bruno 5656a5bc1d1SSean Bruno free(scan_config, M_DEVBUF); 5666a5bc1d1SSean Bruno return ret; 5676a5bc1d1SSean Bruno } 5686a5bc1d1SSean Bruno 569cd20383eSAdrian Chadd static boolean_t 570cd20383eSAdrian Chadd iwm_mvm_scan_use_ebs(struct iwm_softc *sc) 571cd20383eSAdrian Chadd { 572*f33c8309SKyle Evans const struct iwm_ucode_capabilities *capa = &sc->sc_fw.ucode_capa; 573cd20383eSAdrian Chadd 574cd20383eSAdrian Chadd /* We can only use EBS if: 575cd20383eSAdrian Chadd * 1. the feature is supported; 576cd20383eSAdrian Chadd * 2. the last EBS was successful; 577cd20383eSAdrian Chadd * 3. if only single scan, the single scan EBS API is supported; 578cd20383eSAdrian Chadd * 4. it's not a p2p find operation. 579cd20383eSAdrian Chadd */ 580cd20383eSAdrian Chadd return ((capa->flags & IWM_UCODE_TLV_FLAGS_EBS_SUPPORT) && 581cd20383eSAdrian Chadd sc->last_ebs_successful); 582cd20383eSAdrian Chadd } 583cd20383eSAdrian Chadd 5846a5bc1d1SSean Bruno int 5856a5bc1d1SSean Bruno iwm_mvm_umac_scan(struct iwm_softc *sc) 5866a5bc1d1SSean Bruno { 5876a5bc1d1SSean Bruno struct iwm_host_cmd hcmd = { 5886a5bc1d1SSean Bruno .id = iwm_cmd_id(IWM_SCAN_REQ_UMAC, IWM_ALWAYS_LONG_GROUP, 0), 5896a5bc1d1SSean Bruno .len = { 0, }, 5906a5bc1d1SSean Bruno .data = { NULL, }, 5916a5bc1d1SSean Bruno .flags = IWM_CMD_SYNC, 5926a5bc1d1SSean Bruno }; 5939afea60fSAndriy Voskoboinyk struct ieee80211_scan_state *ss = sc->sc_ic.ic_scan; 5946a5bc1d1SSean Bruno struct iwm_scan_req_umac *req; 5956a5bc1d1SSean Bruno struct iwm_scan_req_umac_tail *tail; 5966a5bc1d1SSean Bruno size_t req_len; 5979afea60fSAndriy Voskoboinyk uint8_t i, nssid; 5986a5bc1d1SSean Bruno int ret; 5996a5bc1d1SSean Bruno 6006a5bc1d1SSean Bruno req_len = sizeof(struct iwm_scan_req_umac) + 6016a5bc1d1SSean Bruno (sizeof(struct iwm_scan_channel_cfg_umac) * 602*f33c8309SKyle Evans sc->sc_fw.ucode_capa.n_scan_channels) + 6036a5bc1d1SSean Bruno sizeof(struct iwm_scan_req_umac_tail); 6046a5bc1d1SSean Bruno if (req_len > IWM_MAX_CMD_PAYLOAD_SIZE) 6056a5bc1d1SSean Bruno return ENOMEM; 6066a5bc1d1SSean Bruno req = malloc(req_len, M_DEVBUF, M_NOWAIT | M_ZERO); 6076a5bc1d1SSean Bruno if (req == NULL) 6086a5bc1d1SSean Bruno return ENOMEM; 6096a5bc1d1SSean Bruno 6106a5bc1d1SSean Bruno hcmd.len[0] = (uint16_t)req_len; 6116a5bc1d1SSean Bruno hcmd.data[0] = (void *)req; 6126a5bc1d1SSean Bruno 6136a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "Handling ieee80211 scan request\n"); 6146a5bc1d1SSean Bruno 6156a5bc1d1SSean Bruno /* These timings correspond to iwlwifi's UNASSOC scan. */ 6166a5bc1d1SSean Bruno req->active_dwell = 10; 6176a5bc1d1SSean Bruno req->passive_dwell = 110; 6186a5bc1d1SSean Bruno req->fragmented_dwell = 44; 6196a5bc1d1SSean Bruno req->extended_dwell = 90; 6206a5bc1d1SSean Bruno req->max_out_time = 0; 6216a5bc1d1SSean Bruno req->suspend_time = 0; 6226a5bc1d1SSean Bruno 6236a5bc1d1SSean Bruno req->scan_priority = htole32(IWM_SCAN_PRIORITY_HIGH); 6246a5bc1d1SSean Bruno req->ooc_priority = htole32(IWM_SCAN_PRIORITY_HIGH); 6256a5bc1d1SSean Bruno 6269afea60fSAndriy Voskoboinyk nssid = MIN(ss->ss_nssid, IWM_PROBE_OPTION_MAX); 6276a5bc1d1SSean Bruno req->n_channels = iwm_mvm_umac_scan_fill_channels(sc, 6289afea60fSAndriy Voskoboinyk (struct iwm_scan_channel_cfg_umac *)req->data, nssid); 6296a5bc1d1SSean Bruno 6306a5bc1d1SSean Bruno req->general_flags = htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASS_ALL | 6316a5bc1d1SSean Bruno IWM_UMAC_SCAN_GEN_FLAGS_ITER_COMPLETE | 6326a5bc1d1SSean Bruno IWM_UMAC_SCAN_GEN_FLAGS_EXTENDED_DWELL); 6336a5bc1d1SSean Bruno 6346a5bc1d1SSean Bruno tail = (void *)((char *)&req->data + 6356a5bc1d1SSean Bruno sizeof(struct iwm_scan_channel_cfg_umac) * 636*f33c8309SKyle Evans sc->sc_fw.ucode_capa.n_scan_channels); 6376a5bc1d1SSean Bruno 6386a5bc1d1SSean Bruno /* Check if we're doing an active directed scan. */ 6399afea60fSAndriy Voskoboinyk for (i = 0; i < nssid; i++) { 6409afea60fSAndriy Voskoboinyk tail->direct_scan[i].id = IEEE80211_ELEMID_SSID; 6419afea60fSAndriy Voskoboinyk tail->direct_scan[i].len = MIN(ss->ss_ssid[i].len, 6429afea60fSAndriy Voskoboinyk IEEE80211_NWID_LEN); 6439afea60fSAndriy Voskoboinyk memcpy(tail->direct_scan[i].ssid, ss->ss_ssid[i].ssid, 6449afea60fSAndriy Voskoboinyk tail->direct_scan[i].len); 6459afea60fSAndriy Voskoboinyk /* XXX debug */ 6469afea60fSAndriy Voskoboinyk } 6479afea60fSAndriy Voskoboinyk if (nssid != 0) { 6486a5bc1d1SSean Bruno req->general_flags |= 6496a5bc1d1SSean Bruno htole32(IWM_UMAC_SCAN_GEN_FLAGS_PRE_CONNECT); 6509afea60fSAndriy Voskoboinyk } else 6516a5bc1d1SSean Bruno req->general_flags |= htole32(IWM_UMAC_SCAN_GEN_FLAGS_PASSIVE); 6526a5bc1d1SSean Bruno 653cd20383eSAdrian Chadd if (iwm_mvm_scan_use_ebs(sc)) 654cd20383eSAdrian Chadd req->channel_flags = IWM_SCAN_CHANNEL_FLAG_EBS | 655cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 656cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_CACHE_ADD; 657cd20383eSAdrian Chadd 658fe845d8eSAdrian Chadd if (iwm_mvm_rrm_scan_needed(sc)) 6596a5bc1d1SSean Bruno req->general_flags |= 6606a5bc1d1SSean Bruno htole32(IWM_UMAC_SCAN_GEN_FLAGS_RRM_ENABLED); 6616a5bc1d1SSean Bruno 6626a5bc1d1SSean Bruno ret = iwm_mvm_fill_probe_req(sc, &tail->preq); 6636a5bc1d1SSean Bruno if (ret) { 6646a5bc1d1SSean Bruno free(req, M_DEVBUF); 6656a5bc1d1SSean Bruno return ret; 6666a5bc1d1SSean Bruno } 6676a5bc1d1SSean Bruno 6686a5bc1d1SSean Bruno /* Specify the scan plan: We'll do one iteration. */ 6696a5bc1d1SSean Bruno tail->schedule[0].interval = 0; 6706a5bc1d1SSean Bruno tail->schedule[0].iter_count = 1; 6716a5bc1d1SSean Bruno 6726a5bc1d1SSean Bruno ret = iwm_send_cmd(sc, &hcmd); 6736a5bc1d1SSean Bruno if (!ret) 6746a5bc1d1SSean Bruno IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 6756a5bc1d1SSean Bruno "Scan request was sent successfully\n"); 6766a5bc1d1SSean Bruno free(req, M_DEVBUF); 6776a5bc1d1SSean Bruno return ret; 6786a5bc1d1SSean Bruno } 6796a5bc1d1SSean Bruno 6806a5bc1d1SSean Bruno int 6816a5bc1d1SSean Bruno iwm_mvm_lmac_scan(struct iwm_softc *sc) 6826a5bc1d1SSean Bruno { 6836a5bc1d1SSean Bruno struct iwm_host_cmd hcmd = { 6846a5bc1d1SSean Bruno .id = IWM_SCAN_OFFLOAD_REQUEST_CMD, 6856a5bc1d1SSean Bruno .len = { 0, }, 6866a5bc1d1SSean Bruno .data = { NULL, }, 6876a5bc1d1SSean Bruno .flags = IWM_CMD_SYNC, 6886a5bc1d1SSean Bruno }; 6899afea60fSAndriy Voskoboinyk struct ieee80211_scan_state *ss = sc->sc_ic.ic_scan; 6906a5bc1d1SSean Bruno struct iwm_scan_req_lmac *req; 6916a5bc1d1SSean Bruno size_t req_len; 6929afea60fSAndriy Voskoboinyk uint8_t i, nssid; 6936a5bc1d1SSean Bruno int ret; 694d4886179SRui Paulo 695d4886179SRui Paulo IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 696d4886179SRui Paulo "Handling ieee80211 scan request\n"); 697d4886179SRui Paulo 6986a5bc1d1SSean Bruno req_len = sizeof(struct iwm_scan_req_lmac) + 6996a5bc1d1SSean Bruno (sizeof(struct iwm_scan_channel_cfg_lmac) * 700*f33c8309SKyle Evans sc->sc_fw.ucode_capa.n_scan_channels) + sizeof(struct iwm_scan_probe_req); 7016a5bc1d1SSean Bruno if (req_len > IWM_MAX_CMD_PAYLOAD_SIZE) 7026a5bc1d1SSean Bruno return ENOMEM; 7036a5bc1d1SSean Bruno req = malloc(req_len, M_DEVBUF, M_NOWAIT | M_ZERO); 7046a5bc1d1SSean Bruno if (req == NULL) 7056a5bc1d1SSean Bruno return ENOMEM; 706d4886179SRui Paulo 7076a5bc1d1SSean Bruno hcmd.len[0] = (uint16_t)req_len; 7086a5bc1d1SSean Bruno hcmd.data[0] = (void *)req; 709d4886179SRui Paulo 7106a5bc1d1SSean Bruno /* These timings correspond to iwlwifi's UNASSOC scan. */ 7116a5bc1d1SSean Bruno req->active_dwell = 10; 7126a5bc1d1SSean Bruno req->passive_dwell = 110; 7136a5bc1d1SSean Bruno req->fragmented_dwell = 44; 7146a5bc1d1SSean Bruno req->extended_dwell = 90; 7156a5bc1d1SSean Bruno req->max_out_time = 0; 7166a5bc1d1SSean Bruno req->suspend_time = 0; 717d4886179SRui Paulo 7186a5bc1d1SSean Bruno req->scan_prio = htole32(IWM_SCAN_PRIORITY_HIGH); 7196a5bc1d1SSean Bruno req->rx_chain_select = iwm_mvm_scan_rx_chain(sc); 7206a5bc1d1SSean Bruno req->iter_num = htole32(1); 7216a5bc1d1SSean Bruno req->delay = 0; 7226a5bc1d1SSean Bruno 7236a5bc1d1SSean Bruno req->scan_flags = htole32(IWM_MVM_LMAC_SCAN_FLAG_PASS_ALL | 7246a5bc1d1SSean Bruno IWM_MVM_LMAC_SCAN_FLAG_ITER_COMPLETE | 7256a5bc1d1SSean Bruno IWM_MVM_LMAC_SCAN_FLAG_EXTENDED_DWELL); 726fe845d8eSAdrian Chadd if (iwm_mvm_rrm_scan_needed(sc)) 7276a5bc1d1SSean Bruno req->scan_flags |= htole32(IWM_MVM_LMAC_SCAN_FLAGS_RRM_ENABLED); 7286a5bc1d1SSean Bruno 7292aa3dbb0SAdrian Chadd req->flags = iwm_mvm_scan_rxon_flags(sc->sc_ic.ic_scan->ss_chans[0]); 730fe845d8eSAdrian Chadd 7316a5bc1d1SSean Bruno req->filter_flags = 7326a5bc1d1SSean Bruno htole32(IWM_MAC_FILTER_ACCEPT_GRP | IWM_MAC_FILTER_IN_BEACON); 7336a5bc1d1SSean Bruno 7346a5bc1d1SSean Bruno /* Tx flags 2 GHz. */ 7356a5bc1d1SSean Bruno req->tx_cmd[0].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL | 736d4886179SRui Paulo IWM_TX_CMD_FLG_BT_DIS); 7376a5bc1d1SSean Bruno req->tx_cmd[0].rate_n_flags = 7386a5bc1d1SSean Bruno iwm_mvm_scan_rate_n_flags(sc, IEEE80211_CHAN_2GHZ, 1/*XXX*/); 7396a5bc1d1SSean Bruno req->tx_cmd[0].sta_id = sc->sc_aux_sta.sta_id; 740d4886179SRui Paulo 7416a5bc1d1SSean Bruno /* Tx flags 5 GHz. */ 7426a5bc1d1SSean Bruno req->tx_cmd[1].tx_flags = htole32(IWM_TX_CMD_FLG_SEQ_CTL | 7436a5bc1d1SSean Bruno IWM_TX_CMD_FLG_BT_DIS); 7446a5bc1d1SSean Bruno req->tx_cmd[1].rate_n_flags = 7456a5bc1d1SSean Bruno iwm_mvm_scan_rate_n_flags(sc, IEEE80211_CHAN_5GHZ, 1/*XXX*/); 7466a5bc1d1SSean Bruno req->tx_cmd[1].sta_id = sc->sc_aux_sta.sta_id; 747d4886179SRui Paulo 7486a5bc1d1SSean Bruno /* Check if we're doing an active directed scan. */ 7499afea60fSAndriy Voskoboinyk nssid = MIN(ss->ss_nssid, IWM_PROBE_OPTION_MAX); 7509afea60fSAndriy Voskoboinyk for (i = 0; i < nssid; i++) { 7519afea60fSAndriy Voskoboinyk req->direct_scan[i].id = IEEE80211_ELEMID_SSID; 7529afea60fSAndriy Voskoboinyk req->direct_scan[i].len = MIN(ss->ss_ssid[i].len, 7539afea60fSAndriy Voskoboinyk IEEE80211_NWID_LEN); 7549afea60fSAndriy Voskoboinyk memcpy(req->direct_scan[i].ssid, ss->ss_ssid[i].ssid, 7559afea60fSAndriy Voskoboinyk req->direct_scan[i].len); 7569afea60fSAndriy Voskoboinyk /* XXX debug */ 7576a5bc1d1SSean Bruno } 7589afea60fSAndriy Voskoboinyk if (nssid != 0) { 7599afea60fSAndriy Voskoboinyk req->scan_flags |= 7609afea60fSAndriy Voskoboinyk htole32(IWM_MVM_LMAC_SCAN_FLAG_PRE_CONNECTION); 7619afea60fSAndriy Voskoboinyk } else 7629afea60fSAndriy Voskoboinyk req->scan_flags |= htole32(IWM_MVM_LMAC_SCAN_FLAG_PASSIVE); 763d4886179SRui Paulo 7646a5bc1d1SSean Bruno req->n_channels = iwm_mvm_lmac_scan_fill_channels(sc, 7659afea60fSAndriy Voskoboinyk (struct iwm_scan_channel_cfg_lmac *)req->data, nssid); 766d4886179SRui Paulo 7676a5bc1d1SSean Bruno ret = iwm_mvm_fill_probe_req(sc, 7686a5bc1d1SSean Bruno (struct iwm_scan_probe_req *)(req->data + 7696a5bc1d1SSean Bruno (sizeof(struct iwm_scan_channel_cfg_lmac) * 770*f33c8309SKyle Evans sc->sc_fw.ucode_capa.n_scan_channels))); 7716a5bc1d1SSean Bruno if (ret) { 7726a5bc1d1SSean Bruno free(req, M_DEVBUF); 7736a5bc1d1SSean Bruno return ret; 7746a5bc1d1SSean Bruno } 7756a5bc1d1SSean Bruno 7766a5bc1d1SSean Bruno /* Specify the scan plan: We'll do one iteration. */ 7776a5bc1d1SSean Bruno req->schedule[0].iterations = 1; 7786a5bc1d1SSean Bruno req->schedule[0].full_scan_mul = 1; 7796a5bc1d1SSean Bruno 780cd20383eSAdrian Chadd if (iwm_mvm_scan_use_ebs(sc)) { 781cd20383eSAdrian Chadd req->channel_opt[0].flags = 782cd20383eSAdrian Chadd htole16(IWM_SCAN_CHANNEL_FLAG_EBS | 783cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 784cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_CACHE_ADD); 785cd20383eSAdrian Chadd req->channel_opt[0].non_ebs_ratio = 786cd20383eSAdrian Chadd htole16(IWM_DENSE_EBS_SCAN_RATIO); 787cd20383eSAdrian Chadd req->channel_opt[1].flags = 788cd20383eSAdrian Chadd htole16(IWM_SCAN_CHANNEL_FLAG_EBS | 789cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_EBS_ACCURATE | 790cd20383eSAdrian Chadd IWM_SCAN_CHANNEL_FLAG_CACHE_ADD); 791cd20383eSAdrian Chadd req->channel_opt[1].non_ebs_ratio = 792cd20383eSAdrian Chadd htole16(IWM_SPARSE_EBS_SCAN_RATIO); 793cd20383eSAdrian Chadd } 7946a5bc1d1SSean Bruno 7956a5bc1d1SSean Bruno ret = iwm_send_cmd(sc, &hcmd); 7966a5bc1d1SSean Bruno if (!ret) { 797d4886179SRui Paulo IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 798d4886179SRui Paulo "Scan request was sent successfully\n"); 799d4886179SRui Paulo } 8006a5bc1d1SSean Bruno free(req, M_DEVBUF); 801d4886179SRui Paulo return ret; 802d4886179SRui Paulo } 8034b17c188SAdrian Chadd 8044b17c188SAdrian Chadd static int 8054b17c188SAdrian Chadd iwm_mvm_lmac_scan_abort(struct iwm_softc *sc) 8064b17c188SAdrian Chadd { 8074b17c188SAdrian Chadd int ret; 8084b17c188SAdrian Chadd struct iwm_host_cmd hcmd = { 8094b17c188SAdrian Chadd .id = IWM_SCAN_OFFLOAD_ABORT_CMD, 8104b17c188SAdrian Chadd .len = { 0, }, 8114b17c188SAdrian Chadd .data = { NULL, }, 8124b17c188SAdrian Chadd .flags = IWM_CMD_SYNC, 8134b17c188SAdrian Chadd }; 8144b17c188SAdrian Chadd uint32_t status; 8154b17c188SAdrian Chadd 8164b17c188SAdrian Chadd ret = iwm_mvm_send_cmd_status(sc, &hcmd, &status); 8174b17c188SAdrian Chadd if (ret) 8184b17c188SAdrian Chadd return ret; 8194b17c188SAdrian Chadd 8204b17c188SAdrian Chadd if (status != IWM_CAN_ABORT_STATUS) { 8214b17c188SAdrian Chadd /* 8224b17c188SAdrian Chadd * The scan abort will return 1 for success or 8234b17c188SAdrian Chadd * 2 for "failure". A failure condition can be 8244b17c188SAdrian Chadd * due to simply not being in an active scan which 8254b17c188SAdrian Chadd * can occur if we send the scan abort before the 8264b17c188SAdrian Chadd * microcode has notified us that a scan is completed. 8274b17c188SAdrian Chadd */ 8284b17c188SAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, 8294b17c188SAdrian Chadd "SCAN OFFLOAD ABORT ret %d.\n", status); 8304b17c188SAdrian Chadd ret = ENOENT; 8314b17c188SAdrian Chadd } 8324b17c188SAdrian Chadd 8334b17c188SAdrian Chadd return ret; 8344b17c188SAdrian Chadd } 8354b17c188SAdrian Chadd 8364b17c188SAdrian Chadd static int 8374b17c188SAdrian Chadd iwm_mvm_umac_scan_abort(struct iwm_softc *sc) 8384b17c188SAdrian Chadd { 8394b17c188SAdrian Chadd struct iwm_umac_scan_abort cmd = {}; 8404b17c188SAdrian Chadd int uid, ret; 8414b17c188SAdrian Chadd 8424b17c188SAdrian Chadd uid = 0; 8434b17c188SAdrian Chadd cmd.uid = htole32(uid); 8444b17c188SAdrian Chadd 8454b17c188SAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "Sending scan abort, uid %u\n", uid); 8464b17c188SAdrian Chadd 8474b17c188SAdrian Chadd ret = iwm_mvm_send_cmd_pdu(sc, 8484b17c188SAdrian Chadd iwm_cmd_id(IWM_SCAN_ABORT_UMAC, 8494b17c188SAdrian Chadd IWM_ALWAYS_LONG_GROUP, 0), 8504b17c188SAdrian Chadd 0, sizeof(cmd), &cmd); 8514b17c188SAdrian Chadd 8524b17c188SAdrian Chadd return ret; 8534b17c188SAdrian Chadd } 8544b17c188SAdrian Chadd 8554b17c188SAdrian Chadd int 8564b17c188SAdrian Chadd iwm_mvm_scan_stop_wait(struct iwm_softc *sc) 8574b17c188SAdrian Chadd { 8584b17c188SAdrian Chadd struct iwm_notification_wait wait_scan_done; 8594b17c188SAdrian Chadd static const uint16_t scan_done_notif[] = { IWM_SCAN_COMPLETE_UMAC, 8604b17c188SAdrian Chadd IWM_SCAN_OFFLOAD_COMPLETE, }; 8614b17c188SAdrian Chadd int ret; 8624b17c188SAdrian Chadd 8634b17c188SAdrian Chadd iwm_init_notification_wait(sc->sc_notif_wait, &wait_scan_done, 8644b17c188SAdrian Chadd scan_done_notif, nitems(scan_done_notif), 8654b17c188SAdrian Chadd NULL, NULL); 8664b17c188SAdrian Chadd 8674b17c188SAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "Preparing to stop scan\n"); 8684b17c188SAdrian Chadd 869*f33c8309SKyle Evans if (fw_has_capa(&sc->sc_fw.ucode_capa, IWM_UCODE_TLV_CAPA_UMAC_SCAN)) 8704b17c188SAdrian Chadd ret = iwm_mvm_umac_scan_abort(sc); 8714b17c188SAdrian Chadd else 8724b17c188SAdrian Chadd ret = iwm_mvm_lmac_scan_abort(sc); 8734b17c188SAdrian Chadd 8744b17c188SAdrian Chadd if (ret) { 8754b17c188SAdrian Chadd IWM_DPRINTF(sc, IWM_DEBUG_SCAN, "couldn't stop scan\n"); 8764b17c188SAdrian Chadd iwm_remove_notification(sc->sc_notif_wait, &wait_scan_done); 8774b17c188SAdrian Chadd return ret; 8784b17c188SAdrian Chadd } 8794b17c188SAdrian Chadd 8804b17c188SAdrian Chadd IWM_UNLOCK(sc); 8814b17c188SAdrian Chadd ret = iwm_wait_notification(sc->sc_notif_wait, &wait_scan_done, hz); 8824b17c188SAdrian Chadd IWM_LOCK(sc); 8834b17c188SAdrian Chadd 8844b17c188SAdrian Chadd return ret; 8854b17c188SAdrian Chadd } 886