1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause 3 * 4 * Copyright (c) 2005-2009 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 * 27 * $FreeBSD$ 28 */ 29 #ifndef _NET80211_IEEE80211_SCAN_H_ 30 #define _NET80211_IEEE80211_SCAN_H_ 31 32 /* 33 * 802.11 scanning support. 34 * 35 * Scanning is the procedure by which a station locates a bss to join 36 * (infrastructure/ibss mode), or a channel to use (when operating as 37 * an ap or ibss master). Scans are either "active" or "passive". An 38 * active scan causes one or more probe request frames to be sent on 39 * visiting each channel. A passive request causes each channel in the 40 * scan set to be visited but no frames to be transmitted; the station 41 * only listens for traffic. Note that active scanning may still need 42 * to listen for traffic before sending probe request frames depending 43 * on regulatory constraints; the 802.11 layer handles this by generating 44 * a callback when scanning on a ``passive channel'' when the 45 * IEEE80211_FEXT_PROBECHAN flag is set. 46 * 47 * A scan operation involves constructing a set of channels to inspect 48 * (the scan set), visiting each channel and collecting information 49 * (e.g. what bss are present), and then analyzing the results to make 50 * decisions like which bss to join. This process needs to be as fast 51 * as possible so we do things like intelligently construct scan sets 52 * and dwell on a channel only as long as necessary. The scan code also 53 * maintains a cache of recent scan results and uses it to bypass scanning 54 * whenever possible. The scan cache is also used to enable roaming 55 * between access points when operating in infrastructure mode. 56 * 57 * Scanning is handled with pluggable modules that implement "policy" 58 * per-operating mode. The core scanning support provides an 59 * instrastructure to support these modules and exports a common api 60 * to the rest of the 802.11 layer. Policy modules decide what 61 * channels to visit, what state to record to make decisions (e.g. ap 62 * mode scanning for auto channel selection keeps significantly less 63 * state than sta mode scanning for an ap to associate to), and selects 64 * the final station/channel to return as the result of a scan. 65 * 66 * Scanning is done synchronously when initially bringing a vap to an 67 * operational state and optionally in the background to maintain the 68 * scan cache for doing roaming and rogue ap monitoring. Scanning is 69 * not tied to the 802.11 state machine that governs vaps though there 70 * is linkage to the IEEE80211_SCAN state. Only one vap at a time may 71 * be scanning; this scheduling policy is handled in ieee80211_new_state 72 * and is invisible to the scanning code. 73 */ 74 #define IEEE80211_SCAN_MAX IEEE80211_CHAN_MAX 75 76 struct ieee80211_scanner; /* scan policy state */ 77 78 struct ieee80211_scan_ssid { 79 int len; /* length in bytes */ 80 uint8_t ssid[IEEE80211_NWID_LEN]; /* ssid contents */ 81 }; 82 #define IEEE80211_SCAN_MAX_SSID 1 /* max # ssid's to probe */ 83 84 /* 85 * High-level implementation visible to ieee80211_scan.[ch]. 86 * 87 * The default scanner (ieee80211_scan_sw.[ch]) implements a software 88 * driven scanner. Firmware driven scanning needs a different set of 89 * behaviours. 90 */ 91 struct ieee80211_scan_methods { 92 void (*sc_attach)(struct ieee80211com *); 93 void (*sc_detach)(struct ieee80211com *); 94 void (*sc_vattach)(struct ieee80211vap *); 95 void (*sc_vdetach)(struct ieee80211vap *); 96 void (*sc_set_scan_duration)(struct ieee80211vap *, u_int); 97 int (*sc_start_scan)(const struct ieee80211_scanner *, 98 struct ieee80211vap *, int, u_int, u_int, u_int, u_int, 99 const struct ieee80211_scan_ssid ssids[]); 100 int (*sc_check_scan)(const struct ieee80211_scanner *, 101 struct ieee80211vap *, int, u_int, u_int, u_int, u_int, 102 const struct ieee80211_scan_ssid ssids[]); 103 int (*sc_bg_scan)(const struct ieee80211_scanner *, 104 struct ieee80211vap *, int); 105 void (*sc_cancel_scan)(struct ieee80211vap *); 106 void (*sc_cancel_anyscan)(struct ieee80211vap *); 107 void (*sc_scan_next)(struct ieee80211vap *); 108 void (*sc_scan_done)(struct ieee80211vap *); 109 void (*sc_scan_probe_curchan)(struct ieee80211vap *, int); 110 void (*sc_add_scan)(struct ieee80211vap *, 111 struct ieee80211_channel *, 112 const struct ieee80211_scanparams *, 113 const struct ieee80211_frame *, 114 int, int, int); 115 }; 116 117 /* 118 * Scan state visible to the 802.11 layer. Scan parameters and 119 * results are stored in this data structure. The ieee80211_scan_state 120 * structure is extended with space that is maintained private to 121 * the core scanning support. We allocate one instance and link it 122 * to the ieee80211com structure; then share it between all associated 123 * vaps. We could allocate multiple of these, e.g. to hold multiple 124 * scan results, but this is sufficient for current needs. 125 */ 126 struct ieee80211_scan_state { 127 struct ieee80211vap *ss_vap; 128 struct ieee80211com *ss_ic; 129 const struct ieee80211_scanner *ss_ops; /* policy hookup, see below */ 130 void *ss_priv; /* scanner private state */ 131 uint16_t ss_flags; 132 #define IEEE80211_SCAN_NOPICK 0x0001 /* scan only, no selection */ 133 #define IEEE80211_SCAN_ACTIVE 0x0002 /* active scan (probe req) */ 134 #define IEEE80211_SCAN_PICK1ST 0x0004 /* ``hey sailor'' mode */ 135 #define IEEE80211_SCAN_BGSCAN 0x0008 /* bg scan, exit ps at end */ 136 #define IEEE80211_SCAN_ONCE 0x0010 /* do one complete pass */ 137 #define IEEE80211_SCAN_NOBCAST 0x0020 /* no broadcast probe req */ 138 #define IEEE80211_SCAN_NOJOIN 0x0040 /* no auto-sequencing */ 139 #define IEEE80211_SCAN_PUBLIC_MASK 0x0fff /* top 4 bits for internal use */ 140 #define IEEE80211_SCAN_GOTPICK 0x1000 /* got candidate, can stop */ 141 uint8_t ss_nssid; /* # ssid's to probe/match */ 142 struct ieee80211_scan_ssid ss_ssid[IEEE80211_SCAN_MAX_SSID]; 143 /* ssid's to probe/match */ 144 /* ordered channel set */ 145 struct ieee80211_channel *ss_chans[IEEE80211_SCAN_MAX]; 146 uint16_t ss_next; /* ix of next chan to scan */ 147 uint16_t ss_last; /* ix+1 of last chan to scan */ 148 unsigned long ss_mindwell; /* min dwell on channel */ 149 unsigned long ss_maxdwell; /* max dwell on channel */ 150 }; 151 152 /* 153 * The upper 16 bits of the flags word is used to communicate 154 * information to the scanning code that is NOT recorded in 155 * ss_flags. It might be better to split this stuff out into 156 * a separate variable to avoid confusion. 157 */ 158 #define IEEE80211_SCAN_FLUSH 0x00010000 /* flush candidate table */ 159 #define IEEE80211_SCAN_NOSSID 0x80000000 /* don't update ssid list */ 160 161 struct ieee80211com; 162 void ieee80211_scan_attach(struct ieee80211com *); 163 void ieee80211_scan_detach(struct ieee80211com *); 164 void ieee80211_scan_vattach(struct ieee80211vap *); 165 void ieee80211_scan_vdetach(struct ieee80211vap *); 166 167 #define IEEE80211_SCAN_FOREVER 0x7fffffff 168 int ieee80211_start_scan(struct ieee80211vap *, int flags, 169 u_int duration, u_int mindwell, u_int maxdwell, 170 u_int nssid, const struct ieee80211_scan_ssid ssids[]); 171 int ieee80211_check_scan(struct ieee80211vap *, int flags, 172 u_int duration, u_int mindwell, u_int maxdwell, 173 u_int nssid, const struct ieee80211_scan_ssid ssids[]); 174 int ieee80211_check_scan_current(struct ieee80211vap *); 175 int ieee80211_bg_scan(struct ieee80211vap *, int); 176 void ieee80211_cancel_scan(struct ieee80211vap *); 177 void ieee80211_cancel_anyscan(struct ieee80211vap *); 178 void ieee80211_scan_next(struct ieee80211vap *); 179 void ieee80211_scan_done(struct ieee80211vap *); 180 void ieee80211_probe_curchan(struct ieee80211vap *, int); 181 struct ieee80211_channel *ieee80211_scan_pickchannel(struct ieee80211com *, int); 182 183 struct ieee80211_scanparams; 184 void ieee80211_add_scan(struct ieee80211vap *, 185 struct ieee80211_channel *, 186 const struct ieee80211_scanparams *, 187 const struct ieee80211_frame *, 188 int subtype, int rssi, int noise); 189 void ieee80211_scan_timeout(struct ieee80211com *); 190 191 void ieee80211_scan_assoc_success(struct ieee80211vap *, 192 const uint8_t mac[IEEE80211_ADDR_LEN]); 193 enum { 194 IEEE80211_SCAN_FAIL_TIMEOUT = 1, /* no response to mgmt frame */ 195 IEEE80211_SCAN_FAIL_STATUS = 2 /* negative response to " " */ 196 }; 197 void ieee80211_scan_assoc_fail(struct ieee80211vap *, 198 const uint8_t mac[IEEE80211_ADDR_LEN], int reason); 199 void ieee80211_scan_flush(struct ieee80211vap *); 200 201 struct ieee80211_scan_entry; 202 typedef void ieee80211_scan_iter_func(void *, 203 const struct ieee80211_scan_entry *); 204 void ieee80211_scan_iterate(struct ieee80211vap *, 205 ieee80211_scan_iter_func, void *); 206 enum { 207 IEEE80211_BPARSE_BADIELEN = 0x01, /* ie len past end of frame */ 208 IEEE80211_BPARSE_RATES_INVALID = 0x02, /* invalid RATES ie */ 209 IEEE80211_BPARSE_XRATES_INVALID = 0x04, /* invalid XRATES ie */ 210 IEEE80211_BPARSE_SSID_INVALID = 0x08, /* invalid SSID ie */ 211 IEEE80211_BPARSE_CHAN_INVALID = 0x10, /* invalid FH/DSPARMS chan */ 212 IEEE80211_BPARSE_OFFCHAN = 0x20, /* DSPARMS chan != curchan */ 213 IEEE80211_BPARSE_BINTVAL_INVALID= 0x40, /* invalid beacon interval */ 214 IEEE80211_BPARSE_CSA_INVALID = 0x80, /* invalid CSA ie */ 215 IEEE80211_BPARSE_MESHID_INVALID = 0x100, /* invalid Mesh ID ie */ 216 }; 217 218 /* 219 * Parameters supplied when adding/updating an entry in a 220 * scan cache. Pointer variables should be set to NULL 221 * if no data is available. Pointer references can be to 222 * local data; any information that is saved will be copied. 223 * All multi-byte values must be in host byte order. 224 */ 225 struct ieee80211_scanparams { 226 uint32_t status; /* bitmask of IEEE80211_BPARSE_* */ 227 uint8_t chan; /* channel # from FH/DSPARMS */ 228 uint8_t bchan; /* curchan's channel # */ 229 uint8_t fhindex; 230 uint16_t fhdwell; /* FHSS dwell interval */ 231 uint16_t capinfo; /* 802.11 capabilities */ 232 uint16_t erp; /* NB: 0x100 indicates ie present */ 233 uint16_t bintval; 234 uint8_t timoff; 235 uint8_t *ies; /* all captured ies */ 236 size_t ies_len; /* length of all captured ies */ 237 uint8_t *tim; 238 uint8_t *tstamp; 239 uint8_t *country; 240 uint8_t *ssid; 241 uint8_t *rates; 242 uint8_t *xrates; 243 uint8_t *doth; 244 uint8_t *wpa; 245 uint8_t *rsn; 246 uint8_t *wme; 247 uint8_t *htcap; 248 uint8_t *htinfo; 249 uint8_t *ath; 250 uint8_t *tdma; 251 uint8_t *csa; 252 uint8_t *quiet; 253 uint8_t *meshid; 254 uint8_t *meshconf; 255 uint8_t *vhtcap; 256 uint8_t *vhtopmode; 257 uint8_t *spare[1]; 258 }; 259 260 /* 261 * Scan cache entry format used when exporting data from a policy 262 * module; this data may be represented some other way internally. 263 */ 264 struct ieee80211_scan_entry { 265 uint8_t se_macaddr[IEEE80211_ADDR_LEN]; 266 uint8_t se_bssid[IEEE80211_ADDR_LEN]; 267 /* XXX can point inside se_ies */ 268 uint8_t se_ssid[2+IEEE80211_NWID_LEN]; 269 uint8_t se_rates[2+IEEE80211_RATE_MAXSIZE]; 270 uint8_t se_xrates[2+IEEE80211_RATE_MAXSIZE]; 271 union { 272 uint8_t data[8]; 273 u_int64_t tsf; 274 } se_tstamp; /* from last rcv'd beacon */ 275 uint16_t se_intval; /* beacon interval (host byte order) */ 276 uint16_t se_capinfo; /* capabilities (host byte order) */ 277 struct ieee80211_channel *se_chan;/* channel where sta found */ 278 uint16_t se_timoff; /* byte offset to TIM ie */ 279 uint16_t se_fhdwell; /* FH only (host byte order) */ 280 uint8_t se_fhindex; /* FH only */ 281 uint8_t se_dtimperiod; /* DTIM period */ 282 uint16_t se_erp; /* ERP from beacon/probe resp */ 283 int8_t se_rssi; /* avg'd recv ssi */ 284 int8_t se_noise; /* noise floor */ 285 uint8_t se_cc[2]; /* captured country code */ 286 uint8_t se_meshid[2+IEEE80211_MESHID_LEN]; 287 struct ieee80211_ies se_ies; /* captured ie's */ 288 u_int se_age; /* age of entry (0 on create) */ 289 }; 290 MALLOC_DECLARE(M_80211_SCAN); 291 292 /* 293 * Template for an in-kernel scan policy module. 294 * Modules register with the scanning code and are 295 * typically loaded as needed. 296 */ 297 struct ieee80211_scanner { 298 const char *scan_name; /* printable name */ 299 int (*scan_attach)(struct ieee80211_scan_state *); 300 int (*scan_detach)(struct ieee80211_scan_state *); 301 int (*scan_start)(struct ieee80211_scan_state *, 302 struct ieee80211vap *); 303 int (*scan_restart)(struct ieee80211_scan_state *, 304 struct ieee80211vap *); 305 int (*scan_cancel)(struct ieee80211_scan_state *, 306 struct ieee80211vap *); 307 int (*scan_end)(struct ieee80211_scan_state *, 308 struct ieee80211vap *); 309 int (*scan_flush)(struct ieee80211_scan_state *); 310 struct ieee80211_channel *(*scan_pickchan)( 311 struct ieee80211_scan_state *, int); 312 /* add an entry to the cache */ 313 int (*scan_add)(struct ieee80211_scan_state *, 314 struct ieee80211_channel *, 315 const struct ieee80211_scanparams *, 316 const struct ieee80211_frame *, 317 int subtype, int rssi, int noise); 318 /* age and/or purge entries in the cache */ 319 void (*scan_age)(struct ieee80211_scan_state *); 320 /* note that association failed for an entry */ 321 void (*scan_assoc_fail)(struct ieee80211_scan_state *, 322 const uint8_t macaddr[IEEE80211_ADDR_LEN], 323 int reason); 324 /* note that association succeed for an entry */ 325 void (*scan_assoc_success)(struct ieee80211_scan_state *, 326 const uint8_t macaddr[IEEE80211_ADDR_LEN]); 327 /* iterate over entries in the scan cache */ 328 void (*scan_iterate)(struct ieee80211_scan_state *, 329 ieee80211_scan_iter_func *, void *); 330 void (*scan_spare0)(void); 331 void (*scan_spare1)(void); 332 void (*scan_spare2)(void); 333 void (*scan_spare4)(void); 334 }; 335 void ieee80211_scanner_register(enum ieee80211_opmode, 336 const struct ieee80211_scanner *); 337 void ieee80211_scanner_unregister(enum ieee80211_opmode, 338 const struct ieee80211_scanner *); 339 void ieee80211_scanner_unregister_all(const struct ieee80211_scanner *); 340 const struct ieee80211_scanner *ieee80211_scanner_get(enum ieee80211_opmode); 341 void ieee80211_scan_update_locked(struct ieee80211vap *vap, 342 const struct ieee80211_scanner *scan); 343 void ieee80211_scan_copy_ssid(struct ieee80211vap *vap, 344 struct ieee80211_scan_state *ss, 345 int nssid, const struct ieee80211_scan_ssid ssids[]); 346 void ieee80211_scan_dump_probe_beacon(uint8_t subtype, int isnew, 347 const uint8_t mac[IEEE80211_ADDR_LEN], 348 const struct ieee80211_scanparams *sp, int rssi); 349 void ieee80211_scan_dump(struct ieee80211_scan_state *ss); 350 351 #endif /* _NET80211_IEEE80211_SCAN_H_ */ 352