1 /*- 2 * Copyright (c) 2002-2007 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include <sys/cdefs.h> 27 __FBSDID("$FreeBSD$"); 28 29 /* 30 * IEEE 802.11 station scanning support. 31 */ 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/kernel.h> 35 #include <sys/module.h> 36 37 #include <sys/socket.h> 38 39 #include <net/if.h> 40 #include <net/if_media.h> 41 #include <net/ethernet.h> 42 43 #include <net80211/ieee80211_var.h> 44 45 #include <net/bpf.h> 46 47 /* 48 * Parameters for managing cache entries: 49 * 50 * o a station with STA_FAILS_MAX failures is not considered 51 * when picking a candidate 52 * o a station that hasn't had an update in STA_PURGE_SCANS 53 * (background) scans is discarded 54 * o after STA_FAILS_AGE seconds we clear the failure count 55 */ 56 #define STA_FAILS_MAX 2 /* assoc failures before ignored */ 57 #define STA_FAILS_AGE (2*60) /* time before clearing fails (secs) */ 58 #define STA_PURGE_SCANS 2 /* age for purging entries (scans) */ 59 60 /* XXX tunable */ 61 #define STA_RSSI_MIN 8 /* min acceptable rssi */ 62 #define STA_RSSI_MAX 40 /* max rssi for comparison */ 63 64 #define RSSI_LPF_LEN 10 65 #define RSSI_DUMMY_MARKER 0x127 66 #define RSSI_EP_MULTIPLIER (1<<7) /* pow2 to optimize out * and / */ 67 #define RSSI_IN(x) ((x) * RSSI_EP_MULTIPLIER) 68 #define LPF_RSSI(x, y, len) \ 69 ((x != RSSI_DUMMY_MARKER) ? (((x) * ((len) - 1) + (y)) / (len)) : (y)) 70 #define RSSI_LPF(x, y) do { \ 71 if ((y) >= -20) \ 72 x = LPF_RSSI((x), RSSI_IN((y)), RSSI_LPF_LEN); \ 73 } while (0) 74 #define EP_RND(x, mul) \ 75 ((((x)%(mul)) >= ((mul)/2)) ? howmany(x, mul) : (x)/(mul)) 76 #define RSSI_GET(x) EP_RND(x, RSSI_EP_MULTIPLIER) 77 78 struct sta_entry { 79 struct ieee80211_scan_entry base; 80 TAILQ_ENTRY(sta_entry) se_list; 81 LIST_ENTRY(sta_entry) se_hash; 82 uint8_t se_fails; /* failure to associate count */ 83 uint8_t se_seen; /* seen during current scan */ 84 uint8_t se_notseen; /* not seen in previous scans */ 85 uint8_t se_flags; 86 uint32_t se_avgrssi; /* LPF rssi state */ 87 unsigned long se_lastupdate; /* time of last update */ 88 unsigned long se_lastfail; /* time of last failure */ 89 unsigned long se_lastassoc; /* time of last association */ 90 u_int se_scangen; /* iterator scan gen# */ 91 }; 92 93 #define STA_HASHSIZE 32 94 /* simple hash is enough for variation of macaddr */ 95 #define STA_HASH(addr) \ 96 (((const uint8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % STA_HASHSIZE) 97 98 struct sta_table { 99 struct mtx st_lock; /* on scan table */ 100 TAILQ_HEAD(, sta_entry) st_entry; /* all entries */ 101 LIST_HEAD(, sta_entry) st_hash[STA_HASHSIZE]; 102 struct mtx st_scanlock; /* on st_scangen */ 103 u_int st_scangen; /* gen# for iterator */ 104 int st_newscan; 105 }; 106 107 static void sta_flush_table(struct sta_table *); 108 /* 109 * match_bss returns a bitmask describing if an entry is suitable 110 * for use. If non-zero the entry was deemed not suitable and it's 111 * contents explains why. The following flags are or'd to to this 112 * mask and can be used to figure out why the entry was rejected. 113 */ 114 #define MATCH_CHANNEL 0x001 /* channel mismatch */ 115 #define MATCH_CAPINFO 0x002 /* capabilities mismatch, e.g. no ess */ 116 #define MATCH_PRIVACY 0x004 /* privacy mismatch */ 117 #define MATCH_RATE 0x008 /* rate set mismatch */ 118 #define MATCH_SSID 0x010 /* ssid mismatch */ 119 #define MATCH_BSSID 0x020 /* bssid mismatch */ 120 #define MATCH_FAILS 0x040 /* too many failed auth attempts */ 121 #define MATCH_NOTSEEN 0x080 /* not seen in recent scans */ 122 #define MATCH_RSSI 0x100 /* rssi deemed too low to use */ 123 static int match_bss(struct ieee80211com *, 124 const struct ieee80211_scan_state *, struct sta_entry *, int); 125 126 /* number of references from net80211 layer */ 127 static int nrefs = 0; 128 129 /* 130 * Attach prior to any scanning work. 131 */ 132 static int 133 sta_attach(struct ieee80211_scan_state *ss) 134 { 135 struct sta_table *st; 136 137 MALLOC(st, struct sta_table *, sizeof(struct sta_table), 138 M_80211_SCAN, M_NOWAIT | M_ZERO); 139 if (st == NULL) 140 return 0; 141 mtx_init(&st->st_lock, "scantable", "802.11 scan table", MTX_DEF); 142 mtx_init(&st->st_scanlock, "scangen", "802.11 scangen", MTX_DEF); 143 TAILQ_INIT(&st->st_entry); 144 ss->ss_priv = st; 145 nrefs++; /* NB: we assume caller locking */ 146 return 1; 147 } 148 149 /* 150 * Cleanup any private state. 151 */ 152 static int 153 sta_detach(struct ieee80211_scan_state *ss) 154 { 155 struct sta_table *st = ss->ss_priv; 156 157 if (st != NULL) { 158 sta_flush_table(st); 159 mtx_destroy(&st->st_lock); 160 mtx_destroy(&st->st_scanlock); 161 FREE(st, M_80211_SCAN); 162 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 163 nrefs--; /* NB: we assume caller locking */ 164 } 165 return 1; 166 } 167 168 /* 169 * Flush all per-scan state. 170 */ 171 static int 172 sta_flush(struct ieee80211_scan_state *ss) 173 { 174 struct sta_table *st = ss->ss_priv; 175 176 mtx_lock(&st->st_lock); 177 sta_flush_table(st); 178 mtx_unlock(&st->st_lock); 179 ss->ss_last = 0; 180 return 0; 181 } 182 183 /* 184 * Flush all entries in the scan cache. 185 */ 186 static void 187 sta_flush_table(struct sta_table *st) 188 { 189 struct sta_entry *se, *next; 190 191 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 192 TAILQ_REMOVE(&st->st_entry, se, se_list); 193 LIST_REMOVE(se, se_hash); 194 FREE(se, M_80211_SCAN); 195 } 196 } 197 198 static void 199 saveie(uint8_t **iep, const uint8_t *ie) 200 { 201 202 if (ie == NULL) 203 *iep = NULL; 204 else 205 ieee80211_saveie(iep, ie); 206 } 207 208 /* 209 * Process a beacon or probe response frame; create an 210 * entry in the scan cache or update any previous entry. 211 */ 212 static int 213 sta_add(struct ieee80211_scan_state *ss, 214 const struct ieee80211_scanparams *sp, 215 const struct ieee80211_frame *wh, 216 int subtype, int rssi, int noise, int rstamp) 217 { 218 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 219 #define PICK1ST(_ss) \ 220 ((ss->ss_flags & (IEEE80211_SCAN_PICK1ST | IEEE80211_SCAN_GOTPICK)) == \ 221 IEEE80211_SCAN_PICK1ST) 222 struct sta_table *st = ss->ss_priv; 223 const uint8_t *macaddr = wh->i_addr2; 224 struct ieee80211com *ic = ss->ss_ic; 225 struct sta_entry *se; 226 struct ieee80211_scan_entry *ise; 227 int hash, offchan; 228 229 hash = STA_HASH(macaddr); 230 231 mtx_lock(&st->st_lock); 232 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 233 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 234 goto found; 235 MALLOC(se, struct sta_entry *, sizeof(struct sta_entry), 236 M_80211_SCAN, M_NOWAIT | M_ZERO); 237 if (se == NULL) { 238 mtx_unlock(&st->st_lock); 239 return 0; 240 } 241 se->se_scangen = st->st_scangen-1; 242 se->se_avgrssi = RSSI_DUMMY_MARKER; 243 IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr); 244 TAILQ_INSERT_TAIL(&st->st_entry, se, se_list); 245 LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash); 246 found: 247 ise = &se->base; 248 /* XXX ap beaconing multiple ssid w/ same bssid */ 249 if (sp->ssid[1] != 0 && 250 (ISPROBE(subtype) || ise->se_ssid[1] == 0)) 251 memcpy(ise->se_ssid, sp->ssid, 2+sp->ssid[1]); 252 KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE, 253 ("rate set too large: %u", sp->rates[1])); 254 memcpy(ise->se_rates, sp->rates, 2+sp->rates[1]); 255 if (sp->xrates != NULL) { 256 /* XXX validate xrates[1] */ 257 KASSERT(sp->xrates[1] + sp->rates[1] <= IEEE80211_RATE_MAXSIZE, 258 ("xrate set too large: %u", sp->xrates[1])); 259 memcpy(ise->se_xrates, sp->xrates, 2+sp->xrates[1]); 260 } else 261 ise->se_xrates[1] = 0; 262 IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3); 263 offchan = (IEEE80211_CHAN2IEEE(sp->curchan) != sp->bchan && 264 ic->ic_phytype != IEEE80211_T_FH); 265 if (!offchan) { 266 /* 267 * Record rssi data using extended precision LPF filter. 268 * 269 * NB: use only on-channel data to insure we get a good 270 * estimate of the signal we'll see when associated. 271 */ 272 RSSI_LPF(se->se_avgrssi, rssi); 273 ise->se_rssi = RSSI_GET(se->se_avgrssi); 274 ise->se_noise = noise; 275 } 276 ise->se_rstamp = rstamp; 277 memcpy(ise->se_tstamp.data, sp->tstamp, sizeof(ise->se_tstamp)); 278 ise->se_intval = sp->bintval; 279 ise->se_capinfo = sp->capinfo; 280 /* 281 * Beware of overriding se_chan for frames seen 282 * off-channel; this can cause us to attempt an 283 * assocation on the wrong channel. 284 */ 285 if (offchan) { 286 struct ieee80211_channel *c; 287 /* 288 * Off-channel, locate the home/bss channel for the sta 289 * using the value broadcast in the DSPARMS ie. 290 */ 291 c = ieee80211_find_channel_byieee(ic, sp->bchan, 292 sp->curchan->ic_flags); 293 if (c != NULL) { 294 ise->se_chan = c; 295 } else if (ise->se_chan == NULL) { 296 /* should not happen, pick something */ 297 ise->se_chan = sp->curchan; 298 } 299 } else 300 ise->se_chan = sp->curchan; 301 ise->se_fhdwell = sp->fhdwell; 302 ise->se_fhindex = sp->fhindex; 303 ise->se_erp = sp->erp; 304 ise->se_timoff = sp->timoff; 305 if (sp->tim != NULL) { 306 const struct ieee80211_tim_ie *tim = 307 (const struct ieee80211_tim_ie *) sp->tim; 308 ise->se_dtimperiod = tim->tim_period; 309 } 310 saveie(&ise->se_wme_ie, sp->wme); 311 saveie(&ise->se_wpa_ie, sp->wpa); 312 saveie(&ise->se_rsn_ie, sp->rsn); 313 saveie(&ise->se_ath_ie, sp->ath); 314 saveie(&ise->se_htcap_ie, sp->htcap); 315 saveie(&ise->se_htinfo_ie, sp->htinfo); 316 317 /* clear failure count after STA_FAIL_AGE passes */ 318 if (se->se_fails && (ticks - se->se_lastfail) > STA_FAILS_AGE*hz) { 319 se->se_fails = 0; 320 IEEE80211_NOTE_MAC(ic, IEEE80211_MSG_SCAN, macaddr, 321 "%s: fails %u", __func__, se->se_fails); 322 } 323 324 se->se_lastupdate = ticks; /* update time */ 325 se->se_seen = 1; 326 se->se_notseen = 0; 327 328 mtx_unlock(&st->st_lock); 329 330 /* 331 * If looking for a quick choice and nothing's 332 * been found check here. 333 */ 334 if (PICK1ST(ss) && match_bss(ic, ss, se, IEEE80211_MSG_SCAN) == 0) 335 ss->ss_flags |= IEEE80211_SCAN_GOTPICK; 336 337 return 1; 338 #undef PICK1ST 339 #undef ISPROBE 340 } 341 342 /* 343 * Check if a channel is excluded by user request. 344 */ 345 static int 346 isexcluded(struct ieee80211com *ic, const struct ieee80211_channel *c) 347 { 348 return (isclr(ic->ic_chan_active, c->ic_ieee) || 349 (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 350 c->ic_freq != ic->ic_des_chan->ic_freq)); 351 } 352 353 static struct ieee80211_channel * 354 find11gchannel(struct ieee80211com *ic, int i, int freq) 355 { 356 struct ieee80211_channel *c; 357 int j; 358 359 /* 360 * The normal ordering in the channel list is b channel 361 * immediately followed by g so optimize the search for 362 * this. We'll still do a full search just in case. 363 */ 364 for (j = i+1; j < ic->ic_nchans; j++) { 365 c = &ic->ic_channels[j]; 366 if (c->ic_freq == freq && IEEE80211_IS_CHAN_ANYG(c)) 367 return c; 368 } 369 for (j = 0; j < i; j++) { 370 c = &ic->ic_channels[j]; 371 if (c->ic_freq == freq && IEEE80211_IS_CHAN_ANYG(c)) 372 return c; 373 } 374 return NULL; 375 } 376 static const u_int chanflags[IEEE80211_MODE_MAX] = { 377 IEEE80211_CHAN_B, /* IEEE80211_MODE_AUTO */ 378 IEEE80211_CHAN_A, /* IEEE80211_MODE_11A */ 379 IEEE80211_CHAN_B, /* IEEE80211_MODE_11B */ 380 IEEE80211_CHAN_G, /* IEEE80211_MODE_11G */ 381 IEEE80211_CHAN_FHSS, /* IEEE80211_MODE_FH */ 382 IEEE80211_CHAN_A, /* IEEE80211_MODE_TURBO_A (check base channel)*/ 383 IEEE80211_CHAN_G, /* IEEE80211_MODE_TURBO_G */ 384 IEEE80211_CHAN_ST, /* IEEE80211_MODE_STURBO_A */ 385 IEEE80211_CHAN_A, /* IEEE80211_MODE_11NA (check legacy) */ 386 IEEE80211_CHAN_G, /* IEEE80211_MODE_11NG (check legacy) */ 387 }; 388 389 static void 390 add_channels(struct ieee80211com *ic, 391 struct ieee80211_scan_state *ss, 392 enum ieee80211_phymode mode, const uint16_t freq[], int nfreq) 393 { 394 #define N(a) (sizeof(a) / sizeof(a[0])) 395 struct ieee80211_channel *c, *cg; 396 u_int modeflags; 397 int i; 398 399 KASSERT(mode < N(chanflags), ("Unexpected mode %u", mode)); 400 modeflags = chanflags[mode]; 401 for (i = 0; i < nfreq; i++) { 402 if (ss->ss_last >= IEEE80211_SCAN_MAX) 403 break; 404 405 c = ieee80211_find_channel(ic, freq[i], modeflags); 406 if (c != NULL && isexcluded(ic, c)) 407 continue; 408 if (mode == IEEE80211_MODE_AUTO) { 409 /* 410 * XXX special-case 11b/g channels so we select 411 * the g channel if both are present or there 412 * are only g channels. 413 */ 414 if (c == NULL || IEEE80211_IS_CHAN_B(c)) { 415 cg = find11gchannel(ic, i, freq[i]); 416 if (cg != NULL) 417 c = cg; 418 } 419 } 420 if (c == NULL) 421 continue; 422 423 ss->ss_chans[ss->ss_last++] = c; 424 } 425 #undef N 426 } 427 428 static const uint16_t rcl1[] = /* 8 FCC channel: 52, 56, 60, 64, 36, 40, 44, 48 */ 429 { 5260, 5280, 5300, 5320, 5180, 5200, 5220, 5240 }; 430 static const uint16_t rcl2[] = /* 4 MKK channels: 34, 38, 42, 46 */ 431 { 5170, 5190, 5210, 5230 }; 432 static const uint16_t rcl3[] = /* 2.4Ghz ch: 1,6,11,7,13 */ 433 { 2412, 2437, 2462, 2442, 2472 }; 434 static const uint16_t rcl4[] = /* 5 FCC channel: 149, 153, 161, 165 */ 435 { 5745, 5765, 5785, 5805, 5825 }; 436 static const uint16_t rcl7[] = /* 11 ETSI channel: 100,104,108,112,116,120,124,128,132,136,140 */ 437 { 5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680, 5700 }; 438 static const uint16_t rcl8[] = /* 2.4Ghz ch: 2,3,4,5,8,9,10,12 */ 439 { 2417, 2422, 2427, 2432, 2447, 2452, 2457, 2467 }; 440 static const uint16_t rcl9[] = /* 2.4Ghz ch: 14 */ 441 { 2484 }; 442 static const uint16_t rcl10[] = /* Added Korean channels 2312-2372 */ 443 { 2312, 2317, 2322, 2327, 2332, 2337, 2342, 2347, 2352, 2357, 2362, 2367, 2372 }; 444 static const uint16_t rcl11[] = /* Added Japan channels in 4.9/5.0 spectrum */ 445 { 5040, 5060, 5080, 4920, 4940, 4960, 4980 }; 446 #ifdef ATH_TURBO_SCAN 447 static const uint16_t rcl5[] = /* 3 static turbo channels */ 448 { 5210, 5250, 5290 }; 449 static const uint16_t rcl6[] = /* 2 static turbo channels */ 450 { 5760, 5800 }; 451 static const uint16_t rcl6x[] = /* 4 FCC3 turbo channels */ 452 { 5540, 5580, 5620, 5660 }; 453 static const uint16_t rcl12[] = /* 2.4Ghz Turbo channel 6 */ 454 { 2437 }; 455 static const uint16_t rcl13[] = /* dynamic Turbo channels */ 456 { 5200, 5240, 5280, 5765, 5805 }; 457 #endif /* ATH_TURBO_SCAN */ 458 459 struct scanlist { 460 uint16_t mode; 461 uint16_t count; 462 const uint16_t *list; 463 }; 464 465 #define X(a) .count = sizeof(a)/sizeof(a[0]), .list = a 466 467 static const struct scanlist staScanTable[] = { 468 { IEEE80211_MODE_11B, X(rcl3) }, 469 { IEEE80211_MODE_11A, X(rcl1) }, 470 { IEEE80211_MODE_11A, X(rcl2) }, 471 { IEEE80211_MODE_11B, X(rcl8) }, 472 { IEEE80211_MODE_11B, X(rcl9) }, 473 { IEEE80211_MODE_11A, X(rcl4) }, 474 #ifdef ATH_TURBO_SCAN 475 { IEEE80211_MODE_STURBO_A, X(rcl5) }, 476 { IEEE80211_MODE_STURBO_A, X(rcl6) }, 477 { IEEE80211_MODE_TURBO_A, X(rcl6x) }, 478 { IEEE80211_MODE_TURBO_A, X(rcl13) }, 479 #endif /* ATH_TURBO_SCAN */ 480 { IEEE80211_MODE_11A, X(rcl7) }, 481 { IEEE80211_MODE_11B, X(rcl10) }, 482 { IEEE80211_MODE_11A, X(rcl11) }, 483 #ifdef ATH_TURBO_SCAN 484 { IEEE80211_MODE_TURBO_G, X(rcl12) }, 485 #endif /* ATH_TURBO_SCAN */ 486 { .list = NULL } 487 }; 488 489 static int 490 checktable(const struct scanlist *scan, const struct ieee80211_channel *c) 491 { 492 int i; 493 494 for (; scan->list != NULL; scan++) { 495 for (i = 0; i < scan->count; i++) 496 if (scan->list[i] == c->ic_freq) 497 return 1; 498 } 499 return 0; 500 } 501 502 static void 503 sweepchannels(struct ieee80211_scan_state *ss, struct ieee80211com *ic, 504 const struct scanlist table[]) 505 { 506 struct ieee80211_channel *c; 507 int i; 508 509 /* 510 * Add the channels from the ic (from HAL) that are not present 511 * in the staScanTable. 512 */ 513 for (i = 0; i < ic->ic_nchans; i++) { 514 if (ss->ss_last >= IEEE80211_SCAN_MAX) 515 break; 516 517 c = &ic->ic_channels[i]; 518 /* 519 * Ignore dynamic turbo channels; we scan them 520 * in normal mode (i.e. not boosted). Likewise 521 * for HT channels, they get scanned using 522 * legacy rates. 523 */ 524 if (IEEE80211_IS_CHAN_DTURBO(c) || IEEE80211_IS_CHAN_HT(c)) 525 continue; 526 527 /* 528 * If a desired mode was specified, scan only 529 * channels that satisfy that constraint. 530 */ 531 if (ic->ic_des_mode != IEEE80211_MODE_AUTO && 532 ic->ic_des_mode != ieee80211_chan2mode(c)) 533 continue; 534 535 /* 536 * Skip channels excluded by user request. 537 */ 538 if (isexcluded(ic, c)) 539 continue; 540 541 /* 542 * Add the channel unless it is listed in the 543 * fixed scan order tables. This insures we 544 * don't sweep back in channels we filtered out 545 * above. 546 */ 547 if (checktable(table, c)) 548 continue; 549 550 /* Add channel to scanning list. */ 551 ss->ss_chans[ss->ss_last++] = c; 552 } 553 } 554 555 /* 556 * Start a station-mode scan by populating the channel list. 557 */ 558 static int 559 sta_start(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 560 { 561 #define N(a) (sizeof(a)/sizeof(a[0])) 562 struct sta_table *st = ss->ss_priv; 563 const struct scanlist *scan; 564 enum ieee80211_phymode mode; 565 566 ss->ss_last = 0; 567 /* 568 * Use the table of ordered channels to construct the list 569 * of channels for scanning. Any channels in the ordered 570 * list not in the master list will be discarded. 571 */ 572 for (scan = staScanTable; scan->list != NULL; scan++) { 573 mode = scan->mode; 574 if (ic->ic_des_mode != IEEE80211_MODE_AUTO) { 575 /* 576 * If a desired mode was specified, scan only 577 * channels that satisfy that constraint. 578 */ 579 if (ic->ic_des_mode != mode) { 580 /* 581 * The scan table marks 2.4Ghz channels as b 582 * so if the desired mode is 11g, then use 583 * the 11b channel list but upgrade the mode. 584 */ 585 if (ic->ic_des_mode != IEEE80211_MODE_11G || 586 mode != IEEE80211_MODE_11B) 587 continue; 588 mode = IEEE80211_MODE_11G; /* upgrade */ 589 } 590 } else { 591 /* 592 * This lets add_channels upgrade an 11b channel 593 * to 11g if available. 594 */ 595 if (mode == IEEE80211_MODE_11B) 596 mode = IEEE80211_MODE_AUTO; 597 } 598 #ifdef IEEE80211_F_XR 599 /* XR does not operate on turbo channels */ 600 if ((ic->ic_flags & IEEE80211_F_XR) && 601 (mode == IEEE80211_MODE_TURBO_A || 602 mode == IEEE80211_MODE_TURBO_G || 603 mode == IEEE80211_MODE_STURBO_A)) 604 continue; 605 #endif 606 /* 607 * Add the list of the channels; any that are not 608 * in the master channel list will be discarded. 609 */ 610 add_channels(ic, ss, mode, scan->list, scan->count); 611 } 612 613 /* 614 * Add the channels from the ic (from HAL) that are not present 615 * in the staScanTable. 616 */ 617 sweepchannels(ss, ic, staScanTable); 618 619 ss->ss_next = 0; 620 /* XXX tunables */ 621 ss->ss_mindwell = msecs_to_ticks(20); /* 20ms */ 622 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 623 624 #ifdef IEEE80211_DEBUG 625 if (ieee80211_msg_scan(ic)) { 626 if_printf(ic->ic_ifp, "scan set "); 627 ieee80211_scan_dump_channels(ss); 628 printf(" dwell min %ld max %ld\n", 629 ss->ss_mindwell, ss->ss_maxdwell); 630 } 631 #endif /* IEEE80211_DEBUG */ 632 633 st->st_newscan = 1; 634 635 return 0; 636 #undef N 637 } 638 639 /* 640 * Restart a bg scan. 641 */ 642 static int 643 sta_restart(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 644 { 645 struct sta_table *st = ss->ss_priv; 646 647 st->st_newscan = 1; 648 return 0; 649 } 650 651 /* 652 * Cancel an ongoing scan. 653 */ 654 static int 655 sta_cancel(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 656 { 657 return 0; 658 } 659 660 static uint8_t 661 maxrate(const struct ieee80211_scan_entry *se) 662 { 663 uint8_t rmax, r; 664 int i; 665 666 rmax = 0; 667 for (i = 0; i < se->se_rates[1]; i++) { 668 r = se->se_rates[2+i] & IEEE80211_RATE_VAL; 669 if (r > rmax) 670 rmax = r; 671 } 672 for (i = 0; i < se->se_xrates[1]; i++) { 673 r = se->se_xrates[2+i] & IEEE80211_RATE_VAL; 674 if (r > rmax) 675 rmax = r; 676 } 677 return rmax; 678 } 679 680 /* 681 * Compare the capabilities of two entries and decide which is 682 * more desirable (return >0 if a is considered better). Note 683 * that we assume compatibility/usability has already been checked 684 * so we don't need to (e.g. validate whether privacy is supported). 685 * Used to select the best scan candidate for association in a BSS. 686 */ 687 static int 688 sta_compare(const struct sta_entry *a, const struct sta_entry *b) 689 { 690 #define PREFER(_a,_b,_what) do { \ 691 if (((_a) ^ (_b)) & (_what)) \ 692 return ((_a) & (_what)) ? 1 : -1; \ 693 } while (0) 694 uint8_t maxa, maxb; 695 int8_t rssia, rssib; 696 int weight; 697 698 /* privacy support */ 699 PREFER(a->base.se_capinfo, b->base.se_capinfo, 700 IEEE80211_CAPINFO_PRIVACY); 701 702 /* compare count of previous failures */ 703 weight = b->se_fails - a->se_fails; 704 if (abs(weight) > 1) 705 return weight; 706 707 /* 708 * Compare rssi. If the two are considered equivalent 709 * then fallback to other criteria. We threshold the 710 * comparisons to avoid selecting an ap purely by rssi 711 * when both values may be good but one ap is otherwise 712 * more desirable (e.g. an 11b-only ap with stronger 713 * signal than an 11g ap). 714 */ 715 rssia = MIN(a->base.se_rssi, STA_RSSI_MAX); 716 rssib = MIN(b->base.se_rssi, STA_RSSI_MAX); 717 if (abs(rssib - rssia) < 5) { 718 /* best/max rate preferred if signal level close enough XXX */ 719 maxa = maxrate(&a->base); 720 maxb = maxrate(&b->base); 721 if (maxa != maxb) 722 return maxa - maxb; 723 /* XXX use freq for channel preference */ 724 /* for now just prefer 5Ghz band to all other bands */ 725 if (IEEE80211_IS_CHAN_5GHZ(a->base.se_chan) && 726 !IEEE80211_IS_CHAN_5GHZ(b->base.se_chan)) 727 return 1; 728 if (!IEEE80211_IS_CHAN_5GHZ(a->base.se_chan) && 729 IEEE80211_IS_CHAN_5GHZ(b->base.se_chan)) 730 return -1; 731 } 732 /* all things being equal, use signal level */ 733 return a->base.se_rssi - b->base.se_rssi; 734 #undef PREFER 735 } 736 737 /* 738 * Check rate set suitability and return the best supported rate. 739 */ 740 static int 741 check_rate(struct ieee80211com *ic, const struct ieee80211_scan_entry *se) 742 { 743 #define RV(v) ((v) & IEEE80211_RATE_VAL) 744 const struct ieee80211_rateset *srs; 745 int i, j, nrs, r, okrate, badrate, fixedrate; 746 const uint8_t *rs; 747 748 okrate = badrate = fixedrate = 0; 749 750 srs = ieee80211_get_suprates(ic, se->se_chan); 751 nrs = se->se_rates[1]; 752 rs = se->se_rates+2; 753 fixedrate = IEEE80211_FIXED_RATE_NONE; 754 again: 755 for (i = 0; i < nrs; i++) { 756 r = RV(rs[i]); 757 badrate = r; 758 /* 759 * Check any fixed rate is included. 760 */ 761 if (r == ic->ic_fixed_rate) 762 fixedrate = r; 763 /* 764 * Check against our supported rates. 765 */ 766 for (j = 0; j < srs->rs_nrates; j++) 767 if (r == RV(srs->rs_rates[j])) { 768 if (r > okrate) /* NB: track max */ 769 okrate = r; 770 break; 771 } 772 773 if (j == srs->rs_nrates && (rs[i] & IEEE80211_RATE_BASIC)) { 774 /* 775 * Don't try joining a BSS, if we don't support 776 * one of its basic rates. 777 */ 778 okrate = 0; 779 goto back; 780 } 781 } 782 if (rs == se->se_rates+2) { 783 /* scan xrates too; sort of an algol68-style for loop */ 784 nrs = se->se_xrates[1]; 785 rs = se->se_xrates+2; 786 goto again; 787 } 788 789 back: 790 if (okrate == 0 || ic->ic_fixed_rate != fixedrate) 791 return badrate | IEEE80211_RATE_BASIC; 792 else 793 return RV(okrate); 794 #undef RV 795 } 796 797 static int 798 match_ssid(const uint8_t *ie, 799 int nssid, const struct ieee80211_scan_ssid ssids[]) 800 { 801 int i; 802 803 for (i = 0; i < nssid; i++) { 804 if (ie[1] == ssids[i].len && 805 memcmp(ie+2, ssids[i].ssid, ie[1]) == 0) 806 return 1; 807 } 808 return 0; 809 } 810 811 /* 812 * Test a scan candidate for suitability/compatibility. 813 */ 814 static int 815 match_bss(struct ieee80211com *ic, 816 const struct ieee80211_scan_state *ss, struct sta_entry *se0, 817 int debug) 818 { 819 struct ieee80211_scan_entry *se = &se0->base; 820 uint8_t rate; 821 int fail; 822 823 fail = 0; 824 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, se->se_chan))) 825 fail |= MATCH_CHANNEL; 826 /* 827 * NB: normally the desired mode is used to construct 828 * the channel list, but it's possible for the scan 829 * cache to include entries for stations outside this 830 * list so we check the desired mode here to weed them 831 * out. 832 */ 833 if (ic->ic_des_mode != IEEE80211_MODE_AUTO && 834 (se->se_chan->ic_flags & IEEE80211_CHAN_ALLTURBO) != 835 chanflags[ic->ic_des_mode]) 836 fail |= MATCH_CHANNEL; 837 if (ic->ic_opmode == IEEE80211_M_IBSS) { 838 if ((se->se_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 839 fail |= MATCH_CAPINFO; 840 } else { 841 if ((se->se_capinfo & IEEE80211_CAPINFO_ESS) == 0) 842 fail |= MATCH_CAPINFO; 843 } 844 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 845 if ((se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 846 fail |= MATCH_PRIVACY; 847 } else { 848 /* XXX does this mean privacy is supported or required? */ 849 if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) 850 fail |= MATCH_PRIVACY; 851 } 852 rate = check_rate(ic, se); 853 if (rate & IEEE80211_RATE_BASIC) 854 fail |= MATCH_RATE; 855 if (ss->ss_nssid != 0 && 856 !match_ssid(se->se_ssid, ss->ss_nssid, ss->ss_ssid)) 857 fail |= MATCH_SSID; 858 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 859 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, se->se_bssid)) 860 fail |= MATCH_BSSID; 861 if (se0->se_fails >= STA_FAILS_MAX) 862 fail |= MATCH_FAILS; 863 /* NB: entries may be present awaiting purge, skip */ 864 if (se0->se_notseen >= STA_PURGE_SCANS) 865 fail |= MATCH_NOTSEEN; 866 if (se->se_rssi < STA_RSSI_MIN) 867 fail |= MATCH_RSSI; 868 #ifdef IEEE80211_DEBUG 869 if (ieee80211_msg(ic, debug)) { 870 printf(" %c %s", 871 fail & MATCH_FAILS ? '=' : 872 fail & MATCH_NOTSEEN ? '^' : 873 fail ? '-' : '+', ether_sprintf(se->se_macaddr)); 874 printf(" %s%c", ether_sprintf(se->se_bssid), 875 fail & MATCH_BSSID ? '!' : ' '); 876 printf(" %3d%c", ieee80211_chan2ieee(ic, se->se_chan), 877 fail & MATCH_CHANNEL ? '!' : ' '); 878 printf(" %+4d%c", se->se_rssi, fail & MATCH_RSSI ? '!' : ' '); 879 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 880 fail & MATCH_RATE ? '!' : ' '); 881 printf(" %4s%c", 882 (se->se_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 883 (se->se_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 884 "????", 885 fail & MATCH_CAPINFO ? '!' : ' '); 886 printf(" %3s%c ", 887 (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 888 "wep" : "no", 889 fail & MATCH_PRIVACY ? '!' : ' '); 890 ieee80211_print_essid(se->se_ssid+2, se->se_ssid[1]); 891 printf("%s\n", fail & MATCH_SSID ? "!" : ""); 892 } 893 #endif 894 return fail; 895 } 896 897 static void 898 sta_update_notseen(struct sta_table *st) 899 { 900 struct sta_entry *se; 901 902 mtx_lock(&st->st_lock); 903 TAILQ_FOREACH(se, &st->st_entry, se_list) { 904 /* 905 * If seen the reset and don't bump the count; 906 * otherwise bump the ``not seen'' count. Note 907 * that this insures that stations for which we 908 * see frames while not scanning but not during 909 * this scan will not be penalized. 910 */ 911 if (se->se_seen) 912 se->se_seen = 0; 913 else 914 se->se_notseen++; 915 } 916 mtx_unlock(&st->st_lock); 917 } 918 919 static void 920 sta_dec_fails(struct sta_table *st) 921 { 922 struct sta_entry *se; 923 924 mtx_lock(&st->st_lock); 925 TAILQ_FOREACH(se, &st->st_entry, se_list) 926 if (se->se_fails) 927 se->se_fails--; 928 mtx_unlock(&st->st_lock); 929 } 930 931 static struct sta_entry * 932 select_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic, int debug) 933 { 934 struct sta_table *st = ss->ss_priv; 935 struct sta_entry *se, *selbs = NULL; 936 937 IEEE80211_DPRINTF(ic, debug, " %s\n", 938 "macaddr bssid chan rssi rate flag wep essid"); 939 mtx_lock(&st->st_lock); 940 TAILQ_FOREACH(se, &st->st_entry, se_list) { 941 if (match_bss(ic, ss, se, debug) == 0) { 942 if (selbs == NULL) 943 selbs = se; 944 else if (sta_compare(se, selbs) > 0) 945 selbs = se; 946 } 947 } 948 mtx_unlock(&st->st_lock); 949 950 return selbs; 951 } 952 953 /* 954 * Pick an ap or ibss network to join or find a channel 955 * to use to start an ibss network. 956 */ 957 static int 958 sta_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 959 { 960 struct sta_table *st = ss->ss_priv; 961 struct sta_entry *selbs; 962 963 KASSERT(ic->ic_opmode == IEEE80211_M_STA, 964 ("wrong mode %u", ic->ic_opmode)); 965 966 if (st->st_newscan) { 967 sta_update_notseen(st); 968 st->st_newscan = 0; 969 } 970 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 971 /* 972 * Manual/background scan, don't select+join the 973 * bss, just return. The scanning framework will 974 * handle notification that this has completed. 975 */ 976 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 977 return 1; 978 } 979 /* 980 * Automatic sequencing; look for a candidate and 981 * if found join the network. 982 */ 983 /* NB: unlocked read should be ok */ 984 if (TAILQ_FIRST(&st->st_entry) == NULL) { 985 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 986 "%s: no scan candidate\n", __func__); 987 notfound: 988 /* 989 * If nothing suitable was found decrement 990 * the failure counts so entries will be 991 * reconsidered the next time around. We 992 * really want to do this only for sta's 993 * where we've previously had some success. 994 */ 995 sta_dec_fails(st); 996 st->st_newscan = 1; 997 return 0; /* restart scan */ 998 } 999 selbs = select_bss(ss, ic, IEEE80211_MSG_SCAN); 1000 if (selbs == NULL || !ieee80211_sta_join(ic, &selbs->base)) 1001 goto notfound; 1002 return 1; /* terminate scan */ 1003 } 1004 1005 /* 1006 * Lookup an entry in the scan cache. We assume we're 1007 * called from the bottom half or such that we don't need 1008 * to block the bottom half so that it's safe to return 1009 * a reference to an entry w/o holding the lock on the table. 1010 */ 1011 static struct sta_entry * 1012 sta_lookup(struct sta_table *st, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1013 { 1014 struct sta_entry *se; 1015 int hash = STA_HASH(macaddr); 1016 1017 mtx_lock(&st->st_lock); 1018 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 1019 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 1020 break; 1021 mtx_unlock(&st->st_lock); 1022 1023 return se; /* NB: unlocked */ 1024 } 1025 1026 static void 1027 sta_roam_check(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 1028 { 1029 struct ieee80211_node *ni = ic->ic_bss; 1030 struct sta_table *st = ss->ss_priv; 1031 struct sta_entry *se, *selbs; 1032 uint8_t roamRate, curRate; 1033 int8_t roamRssi, curRssi; 1034 1035 se = sta_lookup(st, ni->ni_macaddr); 1036 if (se == NULL) { 1037 /* XXX something is wrong */ 1038 return; 1039 } 1040 1041 /* XXX do we need 11g too? */ 1042 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan)) { 1043 roamRate = ic->ic_roam.rate11b; 1044 roamRssi = ic->ic_roam.rssi11b; 1045 } else if (IEEE80211_IS_CHAN_B(ic->ic_bsschan)) { 1046 roamRate = ic->ic_roam.rate11bOnly; 1047 roamRssi = ic->ic_roam.rssi11bOnly; 1048 } else { 1049 roamRate = ic->ic_roam.rate11a; 1050 roamRssi = ic->ic_roam.rssi11a; 1051 } 1052 /* NB: the most up to date rssi is in the node, not the scan cache */ 1053 curRssi = ic->ic_node_getrssi(ni); 1054 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1055 curRate = ni->ni_rates.rs_rates[ni->ni_txrate] & IEEE80211_RATE_VAL; 1056 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ROAM, 1057 "%s: currssi %d currate %u roamrssi %d roamrate %u\n", 1058 __func__, curRssi, curRate, roamRssi, roamRate); 1059 } else { 1060 curRate = roamRate; /* NB: insure compare below fails */ 1061 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ROAM, 1062 "%s: currssi %d roamrssi %d\n", __func__, curRssi, roamRssi); 1063 } 1064 /* 1065 * Check if a new ap should be used and switch. 1066 * XXX deauth current ap 1067 */ 1068 if (curRate < roamRate || curRssi < roamRssi) { 1069 if (time_after(ticks, ic->ic_lastscan + ic->ic_scanvalid)) { 1070 /* 1071 * Scan cache contents are too old; force a scan now 1072 * if possible so we have current state to make a 1073 * decision with. We don't kick off a bg scan if 1074 * we're using dynamic turbo and boosted or if the 1075 * channel is busy. 1076 * XXX force immediate switch on scan complete 1077 */ 1078 if (!IEEE80211_IS_CHAN_DTURBO(ic->ic_curchan) && 1079 time_after(ticks, ic->ic_lastdata + ic->ic_bgscanidle)) 1080 ieee80211_bg_scan(ic); 1081 return; 1082 } 1083 se->base.se_rssi = curRssi; 1084 selbs = select_bss(ss, ic, IEEE80211_MSG_ROAM); 1085 if (selbs != NULL && selbs != se) { 1086 IEEE80211_DPRINTF(ic, 1087 IEEE80211_MSG_ROAM | IEEE80211_MSG_DEBUG, 1088 "%s: ROAM: curRate %u, roamRate %u, " 1089 "curRssi %d, roamRssi %d\n", __func__, 1090 curRate, roamRate, curRssi, roamRssi); 1091 ieee80211_sta_join(ic, &selbs->base); 1092 } 1093 } 1094 } 1095 1096 /* 1097 * Age entries in the scan cache. 1098 * XXX also do roaming since it's convenient 1099 */ 1100 static void 1101 sta_age(struct ieee80211_scan_state *ss) 1102 { 1103 struct ieee80211com *ic = ss->ss_ic; 1104 struct sta_table *st = ss->ss_priv; 1105 struct sta_entry *se, *next; 1106 1107 mtx_lock(&st->st_lock); 1108 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 1109 if (se->se_notseen > STA_PURGE_SCANS) { 1110 TAILQ_REMOVE(&st->st_entry, se, se_list); 1111 LIST_REMOVE(se, se_hash); 1112 FREE(se, M_80211_SCAN); 1113 } 1114 } 1115 mtx_unlock(&st->st_lock); 1116 /* 1117 * If rate control is enabled check periodically to see if 1118 * we should roam from our current connection to one that 1119 * might be better. This only applies when we're operating 1120 * in sta mode and automatic roaming is set. 1121 * XXX defer if busy 1122 * XXX repeater station 1123 * XXX do when !bgscan? 1124 */ 1125 KASSERT(ic->ic_opmode == IEEE80211_M_STA, 1126 ("wrong mode %u", ic->ic_opmode)); 1127 if (ic->ic_roaming == IEEE80211_ROAMING_AUTO && 1128 (ic->ic_flags & IEEE80211_F_BGSCAN) && 1129 ic->ic_state >= IEEE80211_S_RUN) 1130 /* XXX vap is implicit */ 1131 sta_roam_check(ss, ic); 1132 } 1133 1134 /* 1135 * Iterate over the entries in the scan cache, invoking 1136 * the callback function on each one. 1137 */ 1138 static void 1139 sta_iterate(struct ieee80211_scan_state *ss, 1140 ieee80211_scan_iter_func *f, void *arg) 1141 { 1142 struct sta_table *st = ss->ss_priv; 1143 struct sta_entry *se; 1144 u_int gen; 1145 1146 mtx_lock(&st->st_scanlock); 1147 gen = st->st_scangen++; 1148 restart: 1149 mtx_lock(&st->st_lock); 1150 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1151 if (se->se_scangen != gen) { 1152 se->se_scangen = gen; 1153 /* update public state */ 1154 se->base.se_age = ticks - se->se_lastupdate; 1155 mtx_unlock(&st->st_lock); 1156 (*f)(arg, &se->base); 1157 goto restart; 1158 } 1159 } 1160 mtx_unlock(&st->st_lock); 1161 1162 mtx_unlock(&st->st_scanlock); 1163 } 1164 1165 static void 1166 sta_assoc_fail(struct ieee80211_scan_state *ss, 1167 const uint8_t macaddr[IEEE80211_ADDR_LEN], int reason) 1168 { 1169 struct sta_table *st = ss->ss_priv; 1170 struct sta_entry *se; 1171 1172 se = sta_lookup(st, macaddr); 1173 if (se != NULL) { 1174 se->se_fails++; 1175 se->se_lastfail = ticks; 1176 IEEE80211_NOTE_MAC(ss->ss_ic, IEEE80211_MSG_SCAN, 1177 macaddr, "%s: reason %u fails %u", 1178 __func__, reason, se->se_fails); 1179 } 1180 } 1181 1182 static void 1183 sta_assoc_success(struct ieee80211_scan_state *ss, 1184 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1185 { 1186 struct sta_table *st = ss->ss_priv; 1187 struct sta_entry *se; 1188 1189 se = sta_lookup(st, macaddr); 1190 if (se != NULL) { 1191 #if 0 1192 se->se_fails = 0; 1193 IEEE80211_NOTE_MAC(ss->ss_ic, IEEE80211_MSG_SCAN, 1194 macaddr, "%s: fails %u", 1195 __func__, se->se_fails); 1196 #endif 1197 se->se_lastassoc = ticks; 1198 } 1199 } 1200 1201 static const struct ieee80211_scanner sta_default = { 1202 .scan_name = "default", 1203 .scan_attach = sta_attach, 1204 .scan_detach = sta_detach, 1205 .scan_start = sta_start, 1206 .scan_restart = sta_restart, 1207 .scan_cancel = sta_cancel, 1208 .scan_end = sta_pick_bss, 1209 .scan_flush = sta_flush, 1210 .scan_add = sta_add, 1211 .scan_age = sta_age, 1212 .scan_iterate = sta_iterate, 1213 .scan_assoc_fail = sta_assoc_fail, 1214 .scan_assoc_success = sta_assoc_success, 1215 }; 1216 1217 /* 1218 * Adhoc mode-specific support. 1219 */ 1220 1221 static const uint16_t adhocWorld[] = /* 36, 40, 44, 48 */ 1222 { 5180, 5200, 5220, 5240 }; 1223 static const uint16_t adhocFcc3[] = /* 36, 40, 44, 48 145, 149, 153, 157, 161, 165 */ 1224 { 5180, 5200, 5220, 5240, 5725, 5745, 5765, 5785, 5805, 5825 }; 1225 static const uint16_t adhocMkk[] = /* 34, 38, 42, 46 */ 1226 { 5170, 5190, 5210, 5230 }; 1227 static const uint16_t adhoc11b[] = /* 10, 11 */ 1228 { 2457, 2462 }; 1229 1230 static const struct scanlist adhocScanTable[] = { 1231 { IEEE80211_MODE_11B, X(adhoc11b) }, 1232 { IEEE80211_MODE_11A, X(adhocWorld) }, 1233 { IEEE80211_MODE_11A, X(adhocFcc3) }, 1234 { IEEE80211_MODE_11B, X(adhocMkk) }, 1235 { .list = NULL } 1236 }; 1237 #undef X 1238 1239 /* 1240 * Start an adhoc-mode scan by populating the channel list. 1241 */ 1242 static int 1243 adhoc_start(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 1244 { 1245 #define N(a) (sizeof(a)/sizeof(a[0])) 1246 struct sta_table *st = ss->ss_priv; 1247 const struct scanlist *scan; 1248 enum ieee80211_phymode mode; 1249 1250 ss->ss_last = 0; 1251 /* 1252 * Use the table of ordered channels to construct the list 1253 * of channels for scanning. Any channels in the ordered 1254 * list not in the master list will be discarded. 1255 */ 1256 for (scan = adhocScanTable; scan->list != NULL; scan++) { 1257 mode = scan->mode; 1258 if (ic->ic_des_mode != IEEE80211_MODE_AUTO) { 1259 /* 1260 * If a desired mode was specified, scan only 1261 * channels that satisfy that constraint. 1262 */ 1263 if (ic->ic_des_mode != mode) { 1264 /* 1265 * The scan table marks 2.4Ghz channels as b 1266 * so if the desired mode is 11g, then use 1267 * the 11b channel list but upgrade the mode. 1268 */ 1269 if (ic->ic_des_mode != IEEE80211_MODE_11G || 1270 mode != IEEE80211_MODE_11B) 1271 continue; 1272 mode = IEEE80211_MODE_11G; /* upgrade */ 1273 } 1274 } else { 1275 /* 1276 * This lets add_channels upgrade an 11b channel 1277 * to 11g if available. 1278 */ 1279 if (mode == IEEE80211_MODE_11B) 1280 mode = IEEE80211_MODE_AUTO; 1281 } 1282 #ifdef IEEE80211_F_XR 1283 /* XR does not operate on turbo channels */ 1284 if ((ic->ic_flags & IEEE80211_F_XR) && 1285 (mode == IEEE80211_MODE_TURBO_A || 1286 mode == IEEE80211_MODE_TURBO_G)) 1287 continue; 1288 #endif 1289 /* 1290 * Add the list of the channels; any that are not 1291 * in the master channel list will be discarded. 1292 */ 1293 add_channels(ic, ss, mode, scan->list, scan->count); 1294 } 1295 1296 /* 1297 * Add the channels from the ic (from HAL) that are not present 1298 * in the staScanTable. 1299 */ 1300 sweepchannels(ss, ic, adhocScanTable); 1301 1302 ss->ss_next = 0; 1303 /* XXX tunables */ 1304 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */ 1305 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 1306 1307 #ifdef IEEE80211_DEBUG 1308 if (ieee80211_msg_scan(ic)) { 1309 if_printf(ic->ic_ifp, "scan set "); 1310 ieee80211_scan_dump_channels(ss); 1311 printf(" dwell min %ld max %ld\n", 1312 ss->ss_mindwell, ss->ss_maxdwell); 1313 } 1314 #endif /* IEEE80211_DEBUG */ 1315 1316 st->st_newscan = 1; 1317 1318 return 0; 1319 #undef N 1320 } 1321 1322 /* 1323 * Select a channel to start an adhoc network on. 1324 * The channel list was populated with appropriate 1325 * channels so select one that looks least occupied. 1326 * XXX need regulatory domain constraints 1327 */ 1328 static struct ieee80211_channel * 1329 adhoc_pick_channel(struct ieee80211_scan_state *ss) 1330 { 1331 struct sta_table *st = ss->ss_priv; 1332 struct sta_entry *se; 1333 struct ieee80211_channel *c, *bestchan; 1334 int i, bestrssi, maxrssi; 1335 1336 bestchan = NULL; 1337 bestrssi = -1; 1338 1339 mtx_lock(&st->st_lock); 1340 for (i = 0; i < ss->ss_last; i++) { 1341 c = ss->ss_chans[i]; 1342 if (!checktable(adhocScanTable, c)) 1343 continue; 1344 maxrssi = 0; 1345 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1346 if (se->base.se_chan != c) 1347 continue; 1348 if (se->base.se_rssi > maxrssi) 1349 maxrssi = se->base.se_rssi; 1350 } 1351 if (bestchan == NULL || maxrssi < bestrssi) 1352 bestchan = c; 1353 } 1354 mtx_unlock(&st->st_lock); 1355 1356 return bestchan; 1357 } 1358 1359 /* 1360 * Pick an ibss network to join or find a channel 1361 * to use to start an ibss network. 1362 */ 1363 static int 1364 adhoc_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 1365 { 1366 struct sta_table *st = ss->ss_priv; 1367 struct sta_entry *selbs; 1368 struct ieee80211_channel *chan; 1369 1370 KASSERT(ic->ic_opmode == IEEE80211_M_IBSS || 1371 ic->ic_opmode == IEEE80211_M_AHDEMO, 1372 ("wrong opmode %u", ic->ic_opmode)); 1373 1374 if (st->st_newscan) { 1375 sta_update_notseen(st); 1376 st->st_newscan = 0; 1377 } 1378 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 1379 /* 1380 * Manual/background scan, don't select+join the 1381 * bss, just return. The scanning framework will 1382 * handle notification that this has completed. 1383 */ 1384 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1385 return 1; 1386 } 1387 /* 1388 * Automatic sequencing; look for a candidate and 1389 * if found join the network. 1390 */ 1391 /* NB: unlocked read should be ok */ 1392 if (TAILQ_FIRST(&st->st_entry) == NULL) { 1393 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 1394 "%s: no scan candidate\n", __func__); 1395 notfound: 1396 if (ic->ic_des_nssid) { 1397 /* 1398 * No existing adhoc network to join and we have 1399 * an ssid; start one up. If no channel was 1400 * specified, try to select a channel. 1401 */ 1402 if (ic->ic_des_chan == IEEE80211_CHAN_ANYC) 1403 chan = ieee80211_ht_adjust_channel(ic, 1404 adhoc_pick_channel(ss), ic->ic_flags_ext); 1405 else 1406 chan = ic->ic_des_chan; 1407 if (chan != NULL) { 1408 ieee80211_create_ibss(ic, chan); 1409 return 1; 1410 } 1411 } 1412 /* 1413 * If nothing suitable was found decrement 1414 * the failure counts so entries will be 1415 * reconsidered the next time around. We 1416 * really want to do this only for sta's 1417 * where we've previously had some success. 1418 */ 1419 sta_dec_fails(st); 1420 st->st_newscan = 1; 1421 return 0; /* restart scan */ 1422 } 1423 selbs = select_bss(ss, ic, IEEE80211_MSG_SCAN); 1424 if (selbs == NULL || !ieee80211_sta_join(ic, &selbs->base)) 1425 goto notfound; 1426 return 1; /* terminate scan */ 1427 } 1428 1429 /* 1430 * Age entries in the scan cache. 1431 */ 1432 static void 1433 adhoc_age(struct ieee80211_scan_state *ss) 1434 { 1435 struct sta_table *st = ss->ss_priv; 1436 struct sta_entry *se, *next; 1437 1438 mtx_lock(&st->st_lock); 1439 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 1440 if (se->se_notseen > STA_PURGE_SCANS) { 1441 TAILQ_REMOVE(&st->st_entry, se, se_list); 1442 LIST_REMOVE(se, se_hash); 1443 FREE(se, M_80211_SCAN); 1444 } 1445 } 1446 mtx_unlock(&st->st_lock); 1447 } 1448 1449 static const struct ieee80211_scanner adhoc_default = { 1450 .scan_name = "default", 1451 .scan_attach = sta_attach, 1452 .scan_detach = sta_detach, 1453 .scan_start = adhoc_start, 1454 .scan_restart = sta_restart, 1455 .scan_cancel = sta_cancel, 1456 .scan_end = adhoc_pick_bss, 1457 .scan_flush = sta_flush, 1458 .scan_add = sta_add, 1459 .scan_age = adhoc_age, 1460 .scan_iterate = sta_iterate, 1461 .scan_assoc_fail = sta_assoc_fail, 1462 .scan_assoc_success = sta_assoc_success, 1463 }; 1464 1465 /* 1466 * Module glue. 1467 */ 1468 static int 1469 wlan_modevent(module_t mod, int type, void *unused) 1470 { 1471 switch (type) { 1472 case MOD_LOAD: 1473 ieee80211_scanner_register(IEEE80211_M_STA, &sta_default); 1474 ieee80211_scanner_register(IEEE80211_M_IBSS, &adhoc_default); 1475 ieee80211_scanner_register(IEEE80211_M_AHDEMO, &adhoc_default); 1476 return 0; 1477 case MOD_UNLOAD: 1478 case MOD_QUIESCE: 1479 if (nrefs) { 1480 printf("wlan_scan_sta: still in use (%u dynamic refs)\n", 1481 nrefs); 1482 return EBUSY; 1483 } 1484 if (type == MOD_UNLOAD) { 1485 ieee80211_scanner_unregister_all(&sta_default); 1486 ieee80211_scanner_unregister_all(&adhoc_default); 1487 } 1488 return 0; 1489 } 1490 return EINVAL; 1491 } 1492 1493 static moduledata_t wlan_mod = { 1494 "wlan_scan_sta", 1495 wlan_modevent, 1496 0 1497 }; 1498 DECLARE_MODULE(wlan_scan_sta, wlan_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST); 1499 MODULE_VERSION(wlan_scan_sta, 1); 1500 MODULE_DEPEND(wlan_scan_sta, wlan, 1, 1, 1); 1501