1 /*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * Copyright (c) 2002-2009 Sam Leffler, Errno Consulting 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 26 */ 27 28 #include <sys/cdefs.h> 29 __FBSDID("$FreeBSD$"); 30 31 /* 32 * IEEE 802.11 station scanning support. 33 */ 34 #include "opt_wlan.h" 35 36 #include <sys/param.h> 37 #include <sys/systm.h> 38 #include <sys/kernel.h> 39 #include <sys/endian.h> 40 #include <sys/malloc.h> 41 #include <sys/module.h> 42 43 #include <sys/socket.h> 44 45 #include <net/if.h> 46 #include <net/if_var.h> 47 #include <net/if_media.h> 48 #include <net/ethernet.h> 49 50 #include <net80211/ieee80211_var.h> 51 #include <net80211/ieee80211_input.h> 52 #include <net80211/ieee80211_regdomain.h> 53 #ifdef IEEE80211_SUPPORT_TDMA 54 #include <net80211/ieee80211_tdma.h> 55 #endif 56 #ifdef IEEE80211_SUPPORT_MESH 57 #include <net80211/ieee80211_mesh.h> 58 #endif 59 #include <net80211/ieee80211_ratectl.h> 60 #include <net80211/ieee80211_vht.h> 61 62 #include <net/bpf.h> 63 64 /* 65 * Parameters for managing cache entries: 66 * 67 * o a station with STA_FAILS_MAX failures is not considered 68 * when picking a candidate 69 * o a station that hasn't had an update in STA_PURGE_SCANS 70 * (background) scans is discarded 71 * o after STA_FAILS_AGE seconds we clear the failure count 72 */ 73 #define STA_FAILS_MAX 2 /* assoc failures before ignored */ 74 #define STA_FAILS_AGE (2*60) /* time before clearing fails (secs) */ 75 #define STA_PURGE_SCANS 2 /* age for purging entries (scans) */ 76 77 /* XXX tunable */ 78 #define STA_RSSI_MIN 8 /* min acceptable rssi */ 79 #define STA_RSSI_MAX 40 /* max rssi for comparison */ 80 81 struct sta_entry { 82 struct ieee80211_scan_entry base; 83 TAILQ_ENTRY(sta_entry) se_list; 84 LIST_ENTRY(sta_entry) se_hash; 85 uint8_t se_fails; /* failure to associate count */ 86 uint8_t se_seen; /* seen during current scan */ 87 uint8_t se_notseen; /* not seen in previous scans */ 88 uint8_t se_flags; 89 #define STA_DEMOTE11B 0x01 /* match w/ demoted 11b chan */ 90 uint32_t se_avgrssi; /* LPF rssi state */ 91 unsigned long se_lastupdate; /* time of last update */ 92 unsigned long se_lastfail; /* time of last failure */ 93 unsigned long se_lastassoc; /* time of last association */ 94 u_int se_scangen; /* iterator scan gen# */ 95 u_int se_countrygen; /* gen# of last cc notify */ 96 }; 97 98 #define STA_HASHSIZE 32 99 /* simple hash is enough for variation of macaddr */ 100 #define STA_HASH(addr) \ 101 (((const uint8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % STA_HASHSIZE) 102 103 #define MAX_IEEE_CHAN 256 /* max acceptable IEEE chan # */ 104 CTASSERT(MAX_IEEE_CHAN >= 256); 105 106 struct sta_table { 107 ieee80211_scan_table_lock_t st_lock; /* on scan table */ 108 TAILQ_HEAD(, sta_entry) st_entry; /* all entries */ 109 LIST_HEAD(, sta_entry) st_hash[STA_HASHSIZE]; 110 ieee80211_scan_iter_lock_t st_scanlock; /* on st_scaniter */ 111 u_int st_scaniter; /* gen# for iterator */ 112 u_int st_scangen; /* scan generation # */ 113 int st_newscan; 114 /* ap-related state */ 115 int st_maxrssi[MAX_IEEE_CHAN]; 116 }; 117 118 static void sta_flush_table(struct sta_table *); 119 /* 120 * match_bss returns a bitmask describing if an entry is suitable 121 * for use. If non-zero the entry was deemed not suitable and it's 122 * contents explains why. The following flags are or'd to this 123 * mask and can be used to figure out why the entry was rejected. 124 */ 125 #define MATCH_CHANNEL 0x00001 /* channel mismatch */ 126 #define MATCH_CAPINFO 0x00002 /* capabilities mismatch, e.g. no ess */ 127 #define MATCH_PRIVACY 0x00004 /* privacy mismatch */ 128 #define MATCH_RATE 0x00008 /* rate set mismatch */ 129 #define MATCH_SSID 0x00010 /* ssid mismatch */ 130 #define MATCH_BSSID 0x00020 /* bssid mismatch */ 131 #define MATCH_FAILS 0x00040 /* too many failed auth attempts */ 132 #define MATCH_NOTSEEN 0x00080 /* not seen in recent scans */ 133 #define MATCH_RSSI 0x00100 /* rssi deemed too low to use */ 134 #define MATCH_CC 0x00200 /* country code mismatch */ 135 #ifdef IEEE80211_SUPPORT_TDMA 136 #define MATCH_TDMA_NOIE 0x00400 /* no TDMA ie */ 137 #define MATCH_TDMA_NOTMASTER 0x00800 /* not TDMA master */ 138 #define MATCH_TDMA_NOSLOT 0x01000 /* all TDMA slots occupied */ 139 #define MATCH_TDMA_LOCAL 0x02000 /* local address */ 140 #define MATCH_TDMA_VERSION 0x04000 /* protocol version mismatch */ 141 #endif 142 #define MATCH_MESH_NOID 0x10000 /* no MESHID ie */ 143 #define MATCH_MESHID 0x20000 /* meshid mismatch */ 144 static int match_bss(struct ieee80211vap *, 145 const struct ieee80211_scan_state *, struct sta_entry *, int); 146 static void adhoc_age(struct ieee80211_scan_state *); 147 148 static __inline int 149 isocmp(const uint8_t cc1[], const uint8_t cc2[]) 150 { 151 return (cc1[0] == cc2[0] && cc1[1] == cc2[1]); 152 } 153 154 /* number of references from net80211 layer */ 155 static int nrefs = 0; 156 /* 157 * Module glue. 158 */ 159 IEEE80211_SCANNER_MODULE(sta, 1); 160 161 /* 162 * Attach prior to any scanning work. 163 */ 164 static int 165 sta_attach(struct ieee80211_scan_state *ss) 166 { 167 struct sta_table *st; 168 169 st = (struct sta_table *) IEEE80211_MALLOC(sizeof(struct sta_table), 170 M_80211_SCAN, 171 IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 172 if (st == NULL) 173 return 0; 174 IEEE80211_SCAN_TABLE_LOCK_INIT(st, "scantable"); 175 IEEE80211_SCAN_ITER_LOCK_INIT(st, "scangen"); 176 TAILQ_INIT(&st->st_entry); 177 ss->ss_priv = st; 178 nrefs++; /* NB: we assume caller locking */ 179 return 1; 180 } 181 182 /* 183 * Cleanup any private state. 184 */ 185 static int 186 sta_detach(struct ieee80211_scan_state *ss) 187 { 188 struct sta_table *st = ss->ss_priv; 189 190 if (st != NULL) { 191 sta_flush_table(st); 192 IEEE80211_SCAN_TABLE_LOCK_DESTROY(st); 193 IEEE80211_SCAN_ITER_LOCK_DESTROY(st); 194 IEEE80211_FREE(st, M_80211_SCAN); 195 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 196 nrefs--; /* NB: we assume caller locking */ 197 } 198 return 1; 199 } 200 201 /* 202 * Flush all per-scan state. 203 */ 204 static int 205 sta_flush(struct ieee80211_scan_state *ss) 206 { 207 struct sta_table *st = ss->ss_priv; 208 209 IEEE80211_SCAN_TABLE_LOCK(st); 210 sta_flush_table(st); 211 IEEE80211_SCAN_TABLE_UNLOCK(st); 212 ss->ss_last = 0; 213 return 0; 214 } 215 216 /* 217 * Flush all entries in the scan cache. 218 */ 219 static void 220 sta_flush_table(struct sta_table *st) 221 { 222 struct sta_entry *se, *next; 223 224 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 225 TAILQ_REMOVE(&st->st_entry, se, se_list); 226 LIST_REMOVE(se, se_hash); 227 ieee80211_ies_cleanup(&se->base.se_ies); 228 IEEE80211_FREE(se, M_80211_SCAN); 229 } 230 memset(st->st_maxrssi, 0, sizeof(st->st_maxrssi)); 231 } 232 233 /* 234 * Process a beacon or probe response frame; create an 235 * entry in the scan cache or update any previous entry. 236 */ 237 static int 238 sta_add(struct ieee80211_scan_state *ss, 239 struct ieee80211_channel *curchan, 240 const struct ieee80211_scanparams *sp, 241 const struct ieee80211_frame *wh, 242 int subtype, int rssi, int noise) 243 { 244 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 245 #define PICK1ST(_ss) \ 246 ((ss->ss_flags & (IEEE80211_SCAN_PICK1ST | IEEE80211_SCAN_GOTPICK)) == \ 247 IEEE80211_SCAN_PICK1ST) 248 struct sta_table *st = ss->ss_priv; 249 const uint8_t *macaddr = wh->i_addr2; 250 struct ieee80211vap *vap = ss->ss_vap; 251 struct ieee80211com *ic = vap->iv_ic; 252 struct ieee80211_channel *c; 253 struct sta_entry *se; 254 struct ieee80211_scan_entry *ise; 255 int hash; 256 257 hash = STA_HASH(macaddr); 258 259 IEEE80211_SCAN_TABLE_LOCK(st); 260 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 261 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 262 goto found; 263 se = (struct sta_entry *) IEEE80211_MALLOC(sizeof(struct sta_entry), 264 M_80211_SCAN, IEEE80211_M_NOWAIT | IEEE80211_M_ZERO); 265 if (se == NULL) { 266 IEEE80211_SCAN_TABLE_UNLOCK(st); 267 return 0; 268 } 269 se->se_scangen = st->st_scaniter-1; 270 se->se_avgrssi = IEEE80211_RSSI_DUMMY_MARKER; 271 IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr); 272 TAILQ_INSERT_TAIL(&st->st_entry, se, se_list); 273 LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash); 274 found: 275 ise = &se->base; 276 /* XXX ap beaconing multiple ssid w/ same bssid */ 277 if (sp->ssid[1] != 0 && 278 (ISPROBE(subtype) || ise->se_ssid[1] == 0)) 279 memcpy(ise->se_ssid, sp->ssid, 2+sp->ssid[1]); 280 KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE, 281 ("rate set too large: %u", sp->rates[1])); 282 memcpy(ise->se_rates, sp->rates, 2+sp->rates[1]); 283 if (sp->xrates != NULL) { 284 /* XXX validate xrates[1] */ 285 KASSERT(sp->xrates[1] <= IEEE80211_RATE_MAXSIZE, 286 ("xrate set too large: %u", sp->xrates[1])); 287 memcpy(ise->se_xrates, sp->xrates, 2+sp->xrates[1]); 288 } else 289 ise->se_xrates[1] = 0; 290 IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3); 291 if ((sp->status & IEEE80211_BPARSE_OFFCHAN) == 0) { 292 /* 293 * Record rssi data using extended precision LPF filter. 294 * 295 * NB: use only on-channel data to insure we get a good 296 * estimate of the signal we'll see when associated. 297 */ 298 IEEE80211_RSSI_LPF(se->se_avgrssi, rssi); 299 ise->se_rssi = IEEE80211_RSSI_GET(se->se_avgrssi); 300 ise->se_noise = noise; 301 } 302 memcpy(ise->se_tstamp.data, sp->tstamp, sizeof(ise->se_tstamp)); 303 ise->se_intval = sp->bintval; 304 ise->se_capinfo = sp->capinfo; 305 #ifdef IEEE80211_SUPPORT_MESH 306 if (sp->meshid != NULL && sp->meshid[1] != 0) 307 memcpy(ise->se_meshid, sp->meshid, 2+sp->meshid[1]); 308 #endif 309 /* 310 * Beware of overriding se_chan for frames seen 311 * off-channel; this can cause us to attempt an 312 * association on the wrong channel. 313 */ 314 if (sp->status & IEEE80211_BPARSE_OFFCHAN) { 315 /* 316 * Off-channel, locate the home/bss channel for the sta 317 * using the value broadcast in the DSPARMS ie. We know 318 * sp->chan has this value because it's used to calculate 319 * IEEE80211_BPARSE_OFFCHAN. 320 */ 321 c = ieee80211_find_channel_byieee(ic, sp->chan, 322 curchan->ic_flags); 323 if (c != NULL) { 324 ise->se_chan = c; 325 } else if (ise->se_chan == NULL) { 326 /* should not happen, pick something */ 327 ise->se_chan = curchan; 328 } 329 } else 330 ise->se_chan = curchan; 331 332 /* VHT demotion */ 333 if (IEEE80211_IS_CHAN_VHT(ise->se_chan) && sp->vhtcap == NULL) { 334 IEEE80211_DPRINTF(vap, IEEE80211_MSG_11N, 335 "%s: demoting VHT->HT %d/0x%08x\n", 336 __func__, ise->se_chan->ic_freq, ise->se_chan->ic_flags); 337 /* Demote legacy networks to a non-VHT channel. */ 338 c = ieee80211_find_channel(ic, ise->se_chan->ic_freq, 339 ise->se_chan->ic_flags & ~IEEE80211_CHAN_VHT); 340 KASSERT(c != NULL, 341 ("no non-VHT channel %u", ise->se_chan->ic_ieee)); 342 ise->se_chan = c; 343 } 344 345 /* HT demotion */ 346 if (IEEE80211_IS_CHAN_HT(ise->se_chan) && sp->htcap == NULL) { 347 /* Demote legacy networks to a non-HT channel. */ 348 IEEE80211_DPRINTF(vap, IEEE80211_MSG_11N, 349 "%s: demoting HT->legacy %d/0x%08x\n", 350 __func__, ise->se_chan->ic_freq, ise->se_chan->ic_flags); 351 c = ieee80211_find_channel(ic, ise->se_chan->ic_freq, 352 ise->se_chan->ic_flags & ~IEEE80211_CHAN_HT); 353 KASSERT(c != NULL, 354 ("no legacy channel %u", ise->se_chan->ic_ieee)); 355 ise->se_chan = c; 356 } 357 358 ise->se_fhdwell = sp->fhdwell; 359 ise->se_fhindex = sp->fhindex; 360 ise->se_erp = sp->erp; 361 ise->se_timoff = sp->timoff; 362 if (sp->tim != NULL) { 363 const struct ieee80211_tim_ie *tim = 364 (const struct ieee80211_tim_ie *) sp->tim; 365 ise->se_dtimperiod = tim->tim_period; 366 } 367 if (sp->country != NULL) { 368 const struct ieee80211_country_ie *cie = 369 (const struct ieee80211_country_ie *) sp->country; 370 /* 371 * If 11d is enabled and we're attempting to join a bss 372 * that advertises it's country code then compare our 373 * current settings to what we fetched from the country ie. 374 * If our country code is unspecified or different then 375 * dispatch an event to user space that identifies the 376 * country code so our regdomain config can be changed. 377 */ 378 /* XXX only for STA mode? */ 379 if ((IEEE80211_IS_CHAN_11D(ise->se_chan) || 380 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) && 381 (ic->ic_regdomain.country == CTRY_DEFAULT || 382 !isocmp(cie->cc, ic->ic_regdomain.isocc))) { 383 /* only issue one notify event per scan */ 384 if (se->se_countrygen != st->st_scangen) { 385 ieee80211_notify_country(vap, ise->se_bssid, 386 cie->cc); 387 se->se_countrygen = st->st_scangen; 388 } 389 } 390 ise->se_cc[0] = cie->cc[0]; 391 ise->se_cc[1] = cie->cc[1]; 392 } 393 /* NB: no need to setup ie ptrs; they are not (currently) used */ 394 (void) ieee80211_ies_init(&ise->se_ies, sp->ies, sp->ies_len); 395 396 /* clear failure count after STA_FAIL_AGE passes */ 397 if (se->se_fails && (ticks - se->se_lastfail) > STA_FAILS_AGE*hz) { 398 se->se_fails = 0; 399 IEEE80211_NOTE_MAC(vap, IEEE80211_MSG_SCAN, macaddr, 400 "%s: fails %u", __func__, se->se_fails); 401 } 402 403 se->se_lastupdate = ticks; /* update time */ 404 se->se_seen = 1; 405 se->se_notseen = 0; 406 407 KASSERT(sizeof(sp->bchan) == 1, ("bchan size")); 408 if (rssi > st->st_maxrssi[sp->bchan]) 409 st->st_maxrssi[sp->bchan] = rssi; 410 411 IEEE80211_SCAN_TABLE_UNLOCK(st); 412 413 /* 414 * If looking for a quick choice and nothing's 415 * been found check here. 416 */ 417 if (PICK1ST(ss) && match_bss(vap, ss, se, IEEE80211_MSG_SCAN) == 0) 418 ss->ss_flags |= IEEE80211_SCAN_GOTPICK; 419 420 return 1; 421 #undef PICK1ST 422 #undef ISPROBE 423 } 424 425 /* 426 * Check if a channel is excluded by user request. 427 */ 428 static int 429 isexcluded(struct ieee80211vap *vap, const struct ieee80211_channel *c) 430 { 431 return (isclr(vap->iv_ic->ic_chan_active, c->ic_ieee) || 432 (vap->iv_des_chan != IEEE80211_CHAN_ANYC && 433 c->ic_freq != vap->iv_des_chan->ic_freq)); 434 } 435 436 static struct ieee80211_channel * 437 find11gchannel(struct ieee80211com *ic, int i, int freq) 438 { 439 struct ieee80211_channel *c; 440 int j; 441 442 /* 443 * The normal ordering in the channel list is b channel 444 * immediately followed by g so optimize the search for 445 * this. We'll still do a full search just in case. 446 */ 447 for (j = i+1; j < ic->ic_nchans; j++) { 448 c = &ic->ic_channels[j]; 449 if (c->ic_freq == freq && IEEE80211_IS_CHAN_G(c)) 450 return c; 451 } 452 for (j = 0; j < i; j++) { 453 c = &ic->ic_channels[j]; 454 if (c->ic_freq == freq && IEEE80211_IS_CHAN_G(c)) 455 return c; 456 } 457 return NULL; 458 } 459 460 static const u_int chanflags[IEEE80211_MODE_MAX] = { 461 [IEEE80211_MODE_AUTO] = IEEE80211_CHAN_B, 462 [IEEE80211_MODE_11A] = IEEE80211_CHAN_A, 463 [IEEE80211_MODE_11B] = IEEE80211_CHAN_B, 464 [IEEE80211_MODE_11G] = IEEE80211_CHAN_G, 465 [IEEE80211_MODE_FH] = IEEE80211_CHAN_FHSS, 466 /* check base channel */ 467 [IEEE80211_MODE_TURBO_A] = IEEE80211_CHAN_A, 468 [IEEE80211_MODE_TURBO_G] = IEEE80211_CHAN_G, 469 [IEEE80211_MODE_STURBO_A] = IEEE80211_CHAN_ST, 470 [IEEE80211_MODE_HALF] = IEEE80211_CHAN_HALF, 471 [IEEE80211_MODE_QUARTER] = IEEE80211_CHAN_QUARTER, 472 /* check legacy */ 473 [IEEE80211_MODE_11NA] = IEEE80211_CHAN_A, 474 [IEEE80211_MODE_11NG] = IEEE80211_CHAN_G, 475 }; 476 477 static void 478 add_channels(struct ieee80211vap *vap, 479 struct ieee80211_scan_state *ss, 480 enum ieee80211_phymode mode, const uint16_t freq[], int nfreq) 481 { 482 struct ieee80211com *ic = vap->iv_ic; 483 struct ieee80211_channel *c, *cg; 484 u_int modeflags; 485 int i; 486 487 KASSERT(mode < nitems(chanflags), ("Unexpected mode %u", mode)); 488 modeflags = chanflags[mode]; 489 for (i = 0; i < nfreq; i++) { 490 if (ss->ss_last >= IEEE80211_SCAN_MAX) 491 break; 492 493 c = ieee80211_find_channel(ic, freq[i], modeflags); 494 if (c == NULL || isexcluded(vap, c)) 495 continue; 496 if (mode == IEEE80211_MODE_AUTO) { 497 /* 498 * XXX special-case 11b/g channels so we select 499 * the g channel if both are present. 500 */ 501 if (IEEE80211_IS_CHAN_B(c) && 502 (cg = find11gchannel(ic, i, c->ic_freq)) != NULL) 503 c = cg; 504 } 505 ss->ss_chans[ss->ss_last++] = c; 506 } 507 } 508 509 struct scanlist { 510 uint16_t mode; 511 uint16_t count; 512 const uint16_t *list; 513 }; 514 515 static int 516 checktable(const struct scanlist *scan, const struct ieee80211_channel *c) 517 { 518 int i; 519 520 for (; scan->list != NULL; scan++) { 521 for (i = 0; i < scan->count; i++) 522 if (scan->list[i] == c->ic_freq) 523 return 1; 524 } 525 return 0; 526 } 527 528 static int 529 onscanlist(const struct ieee80211_scan_state *ss, 530 const struct ieee80211_channel *c) 531 { 532 int i; 533 534 for (i = 0; i < ss->ss_last; i++) 535 if (ss->ss_chans[i] == c) 536 return 1; 537 return 0; 538 } 539 540 static void 541 sweepchannels(struct ieee80211_scan_state *ss, struct ieee80211vap *vap, 542 const struct scanlist table[]) 543 { 544 struct ieee80211com *ic = vap->iv_ic; 545 struct ieee80211_channel *c; 546 int i; 547 548 for (i = 0; i < ic->ic_nchans; i++) { 549 if (ss->ss_last >= IEEE80211_SCAN_MAX) 550 break; 551 552 c = &ic->ic_channels[i]; 553 /* 554 * Ignore dynamic turbo channels; we scan them 555 * in normal mode (i.e. not boosted). Likewise 556 * for HT/VHT channels, they get scanned using 557 * legacy rates. 558 */ 559 if (IEEE80211_IS_CHAN_DTURBO(c) || IEEE80211_IS_CHAN_HT(c) || 560 IEEE80211_IS_CHAN_VHT(c)) 561 continue; 562 563 /* 564 * If a desired mode was specified, scan only 565 * channels that satisfy that constraint. 566 */ 567 if (vap->iv_des_mode != IEEE80211_MODE_AUTO && 568 vap->iv_des_mode != ieee80211_chan2mode(c)) 569 continue; 570 571 /* 572 * Skip channels excluded by user request. 573 */ 574 if (isexcluded(vap, c)) 575 continue; 576 577 /* 578 * Add the channel unless it is listed in the 579 * fixed scan order tables. This insures we 580 * don't sweep back in channels we filtered out 581 * above. 582 */ 583 if (checktable(table, c)) 584 continue; 585 586 /* Add channel to scanning list. */ 587 ss->ss_chans[ss->ss_last++] = c; 588 } 589 /* 590 * Explicitly add any desired channel if: 591 * - not already on the scan list 592 * - allowed by any desired mode constraint 593 * - there is space in the scan list 594 * This allows the channel to be used when the filtering 595 * mechanisms would otherwise elide it (e.g HT, turbo). 596 */ 597 c = vap->iv_des_chan; 598 if (c != IEEE80211_CHAN_ANYC && 599 !onscanlist(ss, c) && 600 (vap->iv_des_mode == IEEE80211_MODE_AUTO || 601 vap->iv_des_mode == ieee80211_chan2mode(c)) && 602 ss->ss_last < IEEE80211_SCAN_MAX) 603 ss->ss_chans[ss->ss_last++] = c; 604 } 605 606 static void 607 makescanlist(struct ieee80211_scan_state *ss, struct ieee80211vap *vap, 608 const struct scanlist table[]) 609 { 610 const struct scanlist *scan; 611 enum ieee80211_phymode mode; 612 613 ss->ss_last = 0; 614 /* 615 * Use the table of ordered channels to construct the list 616 * of channels for scanning. Any channels in the ordered 617 * list not in the master list will be discarded. 618 */ 619 for (scan = table; scan->list != NULL; scan++) { 620 mode = scan->mode; 621 if (vap->iv_des_mode != IEEE80211_MODE_AUTO) { 622 /* 623 * If a desired mode was specified, scan only 624 * channels that satisfy that constraint. 625 */ 626 if (vap->iv_des_mode != mode) { 627 /* 628 * The scan table marks 2.4Ghz channels as b 629 * so if the desired mode is 11g, then use 630 * the 11b channel list but upgrade the mode. 631 */ 632 if (vap->iv_des_mode == IEEE80211_MODE_11G) { 633 if (mode == IEEE80211_MODE_11G) /* Skip the G check */ 634 continue; 635 else if (mode == IEEE80211_MODE_11B) 636 mode = IEEE80211_MODE_11G; /* upgrade */ 637 } 638 } 639 } else { 640 /* 641 * This lets add_channels upgrade an 11b channel 642 * to 11g if available. 643 */ 644 if (mode == IEEE80211_MODE_11B) 645 mode = IEEE80211_MODE_AUTO; 646 } 647 #ifdef IEEE80211_F_XR 648 /* XR does not operate on turbo channels */ 649 if ((vap->iv_flags & IEEE80211_F_XR) && 650 (mode == IEEE80211_MODE_TURBO_A || 651 mode == IEEE80211_MODE_TURBO_G || 652 mode == IEEE80211_MODE_STURBO_A)) 653 continue; 654 #endif 655 /* 656 * Add the list of the channels; any that are not 657 * in the master channel list will be discarded. 658 */ 659 add_channels(vap, ss, mode, scan->list, scan->count); 660 } 661 662 /* 663 * Add the channels from the ic that are not present 664 * in the table. 665 */ 666 sweepchannels(ss, vap, table); 667 } 668 669 static const uint16_t rcl1[] = /* 8 FCC channel: 52, 56, 60, 64, 36, 40, 44, 48 */ 670 { 5260, 5280, 5300, 5320, 5180, 5200, 5220, 5240 }; 671 static const uint16_t rcl2[] = /* 4 MKK channels: 34, 38, 42, 46 */ 672 { 5170, 5190, 5210, 5230 }; 673 static const uint16_t rcl3[] = /* 2.4Ghz ch: 1,6,11,7,13 */ 674 { 2412, 2437, 2462, 2442, 2472 }; 675 static const uint16_t rcl4[] = /* 5 FCC channel: 149, 153, 161, 165 */ 676 { 5745, 5765, 5785, 5805, 5825 }; 677 static const uint16_t rcl7[] = /* 11 ETSI channel: 100,104,108,112,116,120,124,128,132,136,140 */ 678 { 5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680, 5700 }; 679 static const uint16_t rcl8[] = /* 2.4Ghz ch: 2,3,4,5,8,9,10,12 */ 680 { 2417, 2422, 2427, 2432, 2447, 2452, 2457, 2467 }; 681 static const uint16_t rcl9[] = /* 2.4Ghz ch: 14 */ 682 { 2484 }; 683 static const uint16_t rcl10[] = /* Added Korean channels 2312-2372 */ 684 { 2312, 2317, 2322, 2327, 2332, 2337, 2342, 2347, 2352, 2357, 2362, 2367, 2372 }; 685 static const uint16_t rcl11[] = /* Added Japan channels in 4.9/5.0 spectrum */ 686 { 5040, 5060, 5080, 4920, 4940, 4960, 4980 }; 687 #ifdef ATH_TURBO_SCAN 688 static const uint16_t rcl5[] = /* 3 static turbo channels */ 689 { 5210, 5250, 5290 }; 690 static const uint16_t rcl6[] = /* 2 static turbo channels */ 691 { 5760, 5800 }; 692 static const uint16_t rcl6x[] = /* 4 FCC3 turbo channels */ 693 { 5540, 5580, 5620, 5660 }; 694 static const uint16_t rcl12[] = /* 2.4Ghz Turbo channel 6 */ 695 { 2437 }; 696 static const uint16_t rcl13[] = /* dynamic Turbo channels */ 697 { 5200, 5240, 5280, 5765, 5805 }; 698 #endif /* ATH_TURBO_SCAN */ 699 700 #define X(a) .count = sizeof(a)/sizeof(a[0]), .list = a 701 702 static const struct scanlist staScanTable[] = { 703 { IEEE80211_MODE_11B, X(rcl3) }, 704 { IEEE80211_MODE_11A, X(rcl1) }, 705 { IEEE80211_MODE_11A, X(rcl2) }, 706 { IEEE80211_MODE_11B, X(rcl8) }, 707 { IEEE80211_MODE_11B, X(rcl9) }, 708 { IEEE80211_MODE_11A, X(rcl4) }, 709 #ifdef ATH_TURBO_SCAN 710 { IEEE80211_MODE_STURBO_A, X(rcl5) }, 711 { IEEE80211_MODE_STURBO_A, X(rcl6) }, 712 { IEEE80211_MODE_TURBO_A, X(rcl6x) }, 713 { IEEE80211_MODE_TURBO_A, X(rcl13) }, 714 #endif /* ATH_TURBO_SCAN */ 715 { IEEE80211_MODE_11A, X(rcl7) }, 716 { IEEE80211_MODE_11B, X(rcl10) }, 717 { IEEE80211_MODE_11A, X(rcl11) }, 718 #ifdef ATH_TURBO_SCAN 719 { IEEE80211_MODE_TURBO_G, X(rcl12) }, 720 #endif /* ATH_TURBO_SCAN */ 721 { .list = NULL } 722 }; 723 724 /* 725 * Start a station-mode scan by populating the channel list. 726 */ 727 static int 728 sta_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 729 { 730 struct sta_table *st = ss->ss_priv; 731 732 makescanlist(ss, vap, staScanTable); 733 734 if (ss->ss_mindwell == 0) 735 ss->ss_mindwell = msecs_to_ticks(20); /* 20ms */ 736 if (ss->ss_maxdwell == 0) 737 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 738 739 st->st_scangen++; 740 st->st_newscan = 1; 741 742 return 0; 743 } 744 745 /* 746 * Restart a scan, typically a bg scan but can 747 * also be a fg scan that came up empty. 748 */ 749 static int 750 sta_restart(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 751 { 752 struct sta_table *st = ss->ss_priv; 753 754 st->st_newscan = 1; 755 return 0; 756 } 757 758 /* 759 * Cancel an ongoing scan. 760 */ 761 static int 762 sta_cancel(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 763 { 764 return 0; 765 } 766 767 /* 768 * Demote any supplied 11g channel to 11b. There should 769 * always be an 11b channel but we check anyway... 770 */ 771 static struct ieee80211_channel * 772 demote11b(struct ieee80211vap *vap, struct ieee80211_channel *chan) 773 { 774 struct ieee80211_channel *c; 775 776 if (IEEE80211_IS_CHAN_ANYG(chan) && 777 vap->iv_des_mode == IEEE80211_MODE_AUTO) { 778 c = ieee80211_find_channel(vap->iv_ic, chan->ic_freq, 779 (chan->ic_flags &~ (IEEE80211_CHAN_PUREG | IEEE80211_CHAN_G)) | 780 IEEE80211_CHAN_B); 781 if (c != NULL) 782 chan = c; 783 } 784 return chan; 785 } 786 787 static int 788 maxrate(const struct ieee80211_scan_entry *se) 789 { 790 const struct ieee80211_ie_htcap *htcap = 791 (const struct ieee80211_ie_htcap *) se->se_ies.htcap_ie; 792 int rmax, r, i, txstream; 793 uint16_t caps; 794 uint8_t txparams; 795 796 rmax = 0; 797 if (htcap != NULL) { 798 /* 799 * HT station; inspect supported MCS and then adjust 800 * rate by channel width. 801 */ 802 txparams = htcap->hc_mcsset[12]; 803 if (txparams & 0x3) { 804 /* 805 * TX MCS parameters defined and not equal to RX, 806 * extract the number of spartial streams and 807 * map it to the highest MCS rate. 808 */ 809 txstream = ((txparams & 0xc) >> 2) + 1; 810 i = txstream * 8 - 1; 811 } else 812 for (i = 31; i >= 0 && isclr(htcap->hc_mcsset, i); i--); 813 if (i >= 0) { 814 caps = le16dec(&htcap->hc_cap); 815 if ((caps & IEEE80211_HTCAP_CHWIDTH40) && 816 (caps & IEEE80211_HTCAP_SHORTGI40)) 817 rmax = ieee80211_htrates[i].ht40_rate_400ns; 818 else if (caps & IEEE80211_HTCAP_CHWIDTH40) 819 rmax = ieee80211_htrates[i].ht40_rate_800ns; 820 else if (caps & IEEE80211_HTCAP_SHORTGI20) 821 rmax = ieee80211_htrates[i].ht20_rate_400ns; 822 else 823 rmax = ieee80211_htrates[i].ht20_rate_800ns; 824 } 825 } 826 for (i = 0; i < se->se_rates[1]; i++) { 827 r = se->se_rates[2+i] & IEEE80211_RATE_VAL; 828 if (r > rmax) 829 rmax = r; 830 } 831 for (i = 0; i < se->se_xrates[1]; i++) { 832 r = se->se_xrates[2+i] & IEEE80211_RATE_VAL; 833 if (r > rmax) 834 rmax = r; 835 } 836 return rmax; 837 } 838 839 /* 840 * Compare the capabilities of two entries and decide which is 841 * more desirable (return >0 if a is considered better). Note 842 * that we assume compatibility/usability has already been checked 843 * so we don't need to (e.g. validate whether privacy is supported). 844 * Used to select the best scan candidate for association in a BSS. 845 * 846 * TODO: should we take 11n, 11ac into account when selecting the 847 * best? Right now it just compares frequency band and RSSI. 848 */ 849 static int 850 sta_compare(const struct sta_entry *a, const struct sta_entry *b) 851 { 852 #define PREFER(_a,_b,_what) do { \ 853 if (((_a) ^ (_b)) & (_what)) \ 854 return ((_a) & (_what)) ? 1 : -1; \ 855 } while (0) 856 int maxa, maxb; 857 int8_t rssia, rssib; 858 int weight; 859 860 /* privacy support */ 861 PREFER(a->base.se_capinfo, b->base.se_capinfo, 862 IEEE80211_CAPINFO_PRIVACY); 863 864 /* compare count of previous failures */ 865 weight = b->se_fails - a->se_fails; 866 if (abs(weight) > 1) 867 return weight; 868 869 /* 870 * Compare rssi. If the two are considered equivalent 871 * then fallback to other criteria. We threshold the 872 * comparisons to avoid selecting an ap purely by rssi 873 * when both values may be good but one ap is otherwise 874 * more desirable (e.g. an 11b-only ap with stronger 875 * signal than an 11g ap). 876 */ 877 rssia = MIN(a->base.se_rssi, STA_RSSI_MAX); 878 rssib = MIN(b->base.se_rssi, STA_RSSI_MAX); 879 if (abs(rssib - rssia) < 5) { 880 /* best/max rate preferred if signal level close enough XXX */ 881 maxa = maxrate(&a->base); 882 maxb = maxrate(&b->base); 883 if (maxa != maxb) 884 return maxa - maxb; 885 /* XXX use freq for channel preference */ 886 /* for now just prefer 5Ghz band to all other bands */ 887 PREFER(IEEE80211_IS_CHAN_5GHZ(a->base.se_chan), 888 IEEE80211_IS_CHAN_5GHZ(b->base.se_chan), 1); 889 } 890 /* all things being equal, use signal level */ 891 return a->base.se_rssi - b->base.se_rssi; 892 #undef PREFER 893 } 894 895 /* 896 * Check rate set suitability and return the best supported rate. 897 * XXX inspect MCS for HT 898 */ 899 static int 900 check_rate(struct ieee80211vap *vap, const struct ieee80211_channel *chan, 901 const struct ieee80211_scan_entry *se) 902 { 903 const struct ieee80211_rateset *srs; 904 int i, j, nrs, r, okrate, badrate, fixedrate, ucastrate; 905 const uint8_t *rs; 906 907 okrate = badrate = 0; 908 909 srs = ieee80211_get_suprates(vap->iv_ic, chan); 910 nrs = se->se_rates[1]; 911 rs = se->se_rates+2; 912 /* XXX MCS */ 913 ucastrate = vap->iv_txparms[ieee80211_chan2mode(chan)].ucastrate; 914 fixedrate = IEEE80211_FIXED_RATE_NONE; 915 again: 916 for (i = 0; i < nrs; i++) { 917 r = IEEE80211_RV(rs[i]); 918 badrate = r; 919 /* 920 * Check any fixed rate is included. 921 */ 922 if (r == ucastrate) 923 fixedrate = r; 924 /* 925 * Check against our supported rates. 926 */ 927 for (j = 0; j < srs->rs_nrates; j++) 928 if (r == IEEE80211_RV(srs->rs_rates[j])) { 929 if (r > okrate) /* NB: track max */ 930 okrate = r; 931 break; 932 } 933 934 if (j == srs->rs_nrates && (rs[i] & IEEE80211_RATE_BASIC)) { 935 /* 936 * Don't try joining a BSS, if we don't support 937 * one of its basic rates. 938 */ 939 okrate = 0; 940 goto back; 941 } 942 } 943 if (rs == se->se_rates+2) { 944 /* scan xrates too; sort of an algol68-style for loop */ 945 nrs = se->se_xrates[1]; 946 rs = se->se_xrates+2; 947 goto again; 948 } 949 950 back: 951 if (okrate == 0 || ucastrate != fixedrate) 952 return badrate | IEEE80211_RATE_BASIC; 953 else 954 return IEEE80211_RV(okrate); 955 } 956 957 static __inline int 958 match_id(const uint8_t *ie, const uint8_t *val, int len) 959 { 960 return (ie[1] == len && memcmp(ie+2, val, len) == 0); 961 } 962 963 static int 964 match_ssid(const uint8_t *ie, 965 int nssid, const struct ieee80211_scan_ssid ssids[]) 966 { 967 int i; 968 969 for (i = 0; i < nssid; i++) { 970 if (match_id(ie, ssids[i].ssid, ssids[i].len)) 971 return 1; 972 } 973 return 0; 974 } 975 976 #ifdef IEEE80211_SUPPORT_TDMA 977 static int 978 tdma_isfull(const struct ieee80211_tdma_param *tdma) 979 { 980 int slot, slotcnt; 981 982 slotcnt = tdma->tdma_slotcnt; 983 for (slot = slotcnt-1; slot >= 0; slot--) 984 if (isclr(tdma->tdma_inuse, slot)) 985 return 0; 986 return 1; 987 } 988 #endif /* IEEE80211_SUPPORT_TDMA */ 989 990 /* 991 * Test a scan candidate for suitability/compatibility. 992 */ 993 static int 994 match_bss(struct ieee80211vap *vap, 995 const struct ieee80211_scan_state *ss, struct sta_entry *se0, 996 int debug) 997 { 998 struct ieee80211com *ic = vap->iv_ic; 999 struct ieee80211_scan_entry *se = &se0->base; 1000 uint8_t rate; 1001 int fail; 1002 1003 fail = 0; 1004 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, se->se_chan))) 1005 fail |= MATCH_CHANNEL; 1006 /* 1007 * NB: normally the desired mode is used to construct 1008 * the channel list, but it's possible for the scan 1009 * cache to include entries for stations outside this 1010 * list so we check the desired mode here to weed them 1011 * out. 1012 */ 1013 if (vap->iv_des_mode != IEEE80211_MODE_AUTO && 1014 (se->se_chan->ic_flags & IEEE80211_CHAN_ALLTURBO) != 1015 chanflags[vap->iv_des_mode]) 1016 fail |= MATCH_CHANNEL; 1017 if (vap->iv_opmode == IEEE80211_M_IBSS) { 1018 if ((se->se_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 1019 fail |= MATCH_CAPINFO; 1020 #ifdef IEEE80211_SUPPORT_TDMA 1021 } else if (vap->iv_opmode == IEEE80211_M_AHDEMO) { 1022 /* 1023 * Adhoc demo network setup shouldn't really be scanning 1024 * but just in case skip stations operating in IBSS or 1025 * BSS mode. 1026 */ 1027 if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS)) 1028 fail |= MATCH_CAPINFO; 1029 /* 1030 * TDMA operation cannot coexist with a normal 802.11 network; 1031 * skip if IBSS or ESS capabilities are marked and require 1032 * the beacon have a TDMA ie present. 1033 */ 1034 if (vap->iv_caps & IEEE80211_C_TDMA) { 1035 const struct ieee80211_tdma_param *tdma = 1036 (const struct ieee80211_tdma_param *)se->se_ies.tdma_ie; 1037 const struct ieee80211_tdma_state *ts = vap->iv_tdma; 1038 1039 if (tdma == NULL) 1040 fail |= MATCH_TDMA_NOIE; 1041 else if (tdma->tdma_version != ts->tdma_version) 1042 fail |= MATCH_TDMA_VERSION; 1043 else if (tdma->tdma_slot != 0) 1044 fail |= MATCH_TDMA_NOTMASTER; 1045 else if (tdma_isfull(tdma)) 1046 fail |= MATCH_TDMA_NOSLOT; 1047 #if 0 1048 else if (ieee80211_local_address(se->se_macaddr)) 1049 fail |= MATCH_TDMA_LOCAL; 1050 #endif 1051 } 1052 #endif /* IEEE80211_SUPPORT_TDMA */ 1053 #ifdef IEEE80211_SUPPORT_MESH 1054 } else if (vap->iv_opmode == IEEE80211_M_MBSS) { 1055 const struct ieee80211_mesh_state *ms = vap->iv_mesh; 1056 /* 1057 * Mesh nodes have IBSS & ESS bits in capinfo turned off 1058 * and two special ie's that must be present. 1059 */ 1060 if (se->se_capinfo & (IEEE80211_CAPINFO_IBSS|IEEE80211_CAPINFO_ESS)) 1061 fail |= MATCH_CAPINFO; 1062 else if (se->se_meshid[0] != IEEE80211_ELEMID_MESHID) 1063 fail |= MATCH_MESH_NOID; 1064 else if (ms->ms_idlen != 0 && 1065 match_id(se->se_meshid, ms->ms_id, ms->ms_idlen)) 1066 fail |= MATCH_MESHID; 1067 #endif 1068 } else { 1069 if ((se->se_capinfo & IEEE80211_CAPINFO_ESS) == 0) 1070 fail |= MATCH_CAPINFO; 1071 /* 1072 * If 11d is enabled and we're attempting to join a bss 1073 * that advertises it's country code then compare our 1074 * current settings to what we fetched from the country ie. 1075 * If our country code is unspecified or different then do 1076 * not attempt to join the bss. We should have already 1077 * dispatched an event to user space that identifies the 1078 * new country code so our regdomain config should match. 1079 */ 1080 if ((IEEE80211_IS_CHAN_11D(se->se_chan) || 1081 (vap->iv_flags_ext & IEEE80211_FEXT_DOTD)) && 1082 se->se_cc[0] != 0 && 1083 (ic->ic_regdomain.country == CTRY_DEFAULT || 1084 !isocmp(se->se_cc, ic->ic_regdomain.isocc))) 1085 fail |= MATCH_CC; 1086 } 1087 if (vap->iv_flags & IEEE80211_F_PRIVACY) { 1088 if ((se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 1089 fail |= MATCH_PRIVACY; 1090 } else { 1091 /* XXX does this mean privacy is supported or required? */ 1092 if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) 1093 fail |= MATCH_PRIVACY; 1094 } 1095 se0->se_flags &= ~STA_DEMOTE11B; 1096 rate = check_rate(vap, se->se_chan, se); 1097 if (rate & IEEE80211_RATE_BASIC) { 1098 fail |= MATCH_RATE; 1099 /* 1100 * An 11b-only ap will give a rate mismatch if there is an 1101 * OFDM fixed tx rate for 11g. Try downgrading the channel 1102 * in the scan list to 11b and retry the rate check. 1103 */ 1104 if (IEEE80211_IS_CHAN_ANYG(se->se_chan)) { 1105 rate = check_rate(vap, demote11b(vap, se->se_chan), se); 1106 if ((rate & IEEE80211_RATE_BASIC) == 0) { 1107 fail &= ~MATCH_RATE; 1108 se0->se_flags |= STA_DEMOTE11B; 1109 } 1110 } 1111 } else if (rate < 2*24) { 1112 /* 1113 * This is an 11b-only ap. Check the desired mode in 1114 * case that needs to be honored (mode 11g filters out 1115 * 11b-only ap's). Otherwise force any 11g channel used 1116 * in scanning to be demoted. 1117 * 1118 * NB: we cheat a bit here by looking at the max rate; 1119 * we could/should check the rates. 1120 */ 1121 if (!(vap->iv_des_mode == IEEE80211_MODE_AUTO || 1122 vap->iv_des_mode == IEEE80211_MODE_11B)) 1123 fail |= MATCH_RATE; 1124 else 1125 se0->se_flags |= STA_DEMOTE11B; 1126 } 1127 if (ss->ss_nssid != 0 && 1128 !match_ssid(se->se_ssid, ss->ss_nssid, ss->ss_ssid)) 1129 fail |= MATCH_SSID; 1130 if ((vap->iv_flags & IEEE80211_F_DESBSSID) && 1131 !IEEE80211_ADDR_EQ(vap->iv_des_bssid, se->se_bssid)) 1132 fail |= MATCH_BSSID; 1133 if (se0->se_fails >= STA_FAILS_MAX) 1134 fail |= MATCH_FAILS; 1135 if (se0->se_notseen >= STA_PURGE_SCANS) 1136 fail |= MATCH_NOTSEEN; 1137 if (se->se_rssi < STA_RSSI_MIN) 1138 fail |= MATCH_RSSI; 1139 #ifdef IEEE80211_DEBUG 1140 if (ieee80211_msg(vap, debug)) { 1141 printf(" %c %s", 1142 fail & MATCH_FAILS ? '=' : 1143 fail & MATCH_NOTSEEN ? '^' : 1144 fail & MATCH_CC ? '$' : 1145 #ifdef IEEE80211_SUPPORT_TDMA 1146 fail & MATCH_TDMA_NOIE ? '&' : 1147 fail & MATCH_TDMA_VERSION ? 'v' : 1148 fail & MATCH_TDMA_NOTMASTER ? 's' : 1149 fail & MATCH_TDMA_NOSLOT ? 'f' : 1150 fail & MATCH_TDMA_LOCAL ? 'l' : 1151 #endif 1152 fail & MATCH_MESH_NOID ? 'm' : 1153 fail ? '-' : '+', ether_sprintf(se->se_macaddr)); 1154 printf(" %s%c", ether_sprintf(se->se_bssid), 1155 fail & MATCH_BSSID ? '!' : ' '); 1156 printf(" %3d%c", ieee80211_chan2ieee(ic, se->se_chan), 1157 fail & MATCH_CHANNEL ? '!' : ' '); 1158 printf(" %+4d%c", se->se_rssi, fail & MATCH_RSSI ? '!' : ' '); 1159 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 1160 fail & MATCH_RATE ? '!' : ' '); 1161 printf(" %4s%c", 1162 (se->se_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 1163 (se->se_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : "", 1164 fail & MATCH_CAPINFO ? '!' : ' '); 1165 printf(" %3s%c ", 1166 (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 1167 "wep" : "no", 1168 fail & MATCH_PRIVACY ? '!' : ' '); 1169 ieee80211_print_essid(se->se_ssid+2, se->se_ssid[1]); 1170 printf("%s\n", fail & (MATCH_SSID | MATCH_MESHID) ? "!" : ""); 1171 } 1172 #endif 1173 return fail; 1174 } 1175 1176 static void 1177 sta_update_notseen(struct sta_table *st) 1178 { 1179 struct sta_entry *se; 1180 1181 IEEE80211_SCAN_TABLE_LOCK(st); 1182 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1183 /* 1184 * If seen the reset and don't bump the count; 1185 * otherwise bump the ``not seen'' count. Note 1186 * that this insures that stations for which we 1187 * see frames while not scanning but not during 1188 * this scan will not be penalized. 1189 */ 1190 if (se->se_seen) 1191 se->se_seen = 0; 1192 else 1193 se->se_notseen++; 1194 } 1195 IEEE80211_SCAN_TABLE_UNLOCK(st); 1196 } 1197 1198 static void 1199 sta_dec_fails(struct sta_table *st) 1200 { 1201 struct sta_entry *se; 1202 1203 IEEE80211_SCAN_TABLE_LOCK(st); 1204 TAILQ_FOREACH(se, &st->st_entry, se_list) 1205 if (se->se_fails) 1206 se->se_fails--; 1207 IEEE80211_SCAN_TABLE_UNLOCK(st); 1208 } 1209 1210 static struct sta_entry * 1211 select_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap, int debug) 1212 { 1213 struct sta_table *st = ss->ss_priv; 1214 struct sta_entry *se, *selbs = NULL; 1215 1216 IEEE80211_DPRINTF(vap, debug, " %s\n", 1217 "macaddr bssid chan rssi rate flag wep essid"); 1218 IEEE80211_SCAN_TABLE_LOCK(st); 1219 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1220 ieee80211_ies_expand(&se->base.se_ies); 1221 if (match_bss(vap, ss, se, debug) == 0) { 1222 if (selbs == NULL) 1223 selbs = se; 1224 else if (sta_compare(se, selbs) > 0) 1225 selbs = se; 1226 } 1227 } 1228 IEEE80211_SCAN_TABLE_UNLOCK(st); 1229 1230 return selbs; 1231 } 1232 1233 /* 1234 * Pick an ap or ibss network to join or find a channel 1235 * to use to start an ibss network. 1236 */ 1237 static int 1238 sta_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1239 { 1240 struct sta_table *st = ss->ss_priv; 1241 struct sta_entry *selbs; 1242 struct ieee80211_channel *chan; 1243 1244 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 1245 ("wrong mode %u", vap->iv_opmode)); 1246 1247 if (st->st_newscan) { 1248 sta_update_notseen(st); 1249 st->st_newscan = 0; 1250 } 1251 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 1252 /* 1253 * Manual/background scan, don't select+join the 1254 * bss, just return. The scanning framework will 1255 * handle notification that this has completed. 1256 */ 1257 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1258 return 1; 1259 } 1260 /* 1261 * Automatic sequencing; look for a candidate and 1262 * if found join the network. 1263 */ 1264 /* NB: unlocked read should be ok */ 1265 if (TAILQ_FIRST(&st->st_entry) == NULL) { 1266 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 1267 "%s: no scan candidate\n", __func__); 1268 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1269 return 0; 1270 notfound: 1271 /* 1272 * If nothing suitable was found decrement 1273 * the failure counts so entries will be 1274 * reconsidered the next time around. We 1275 * really want to do this only for sta's 1276 * where we've previously had some success. 1277 */ 1278 sta_dec_fails(st); 1279 st->st_newscan = 1; 1280 return 0; /* restart scan */ 1281 } 1282 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN); 1283 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1284 return (selbs != NULL); 1285 if (selbs == NULL) 1286 goto notfound; 1287 chan = selbs->base.se_chan; 1288 if (selbs->se_flags & STA_DEMOTE11B) 1289 chan = demote11b(vap, chan); 1290 if (!ieee80211_sta_join(vap, chan, &selbs->base)) 1291 goto notfound; 1292 return 1; /* terminate scan */ 1293 } 1294 1295 /* 1296 * Lookup an entry in the scan cache. We assume we're 1297 * called from the bottom half or such that we don't need 1298 * to block the bottom half so that it's safe to return 1299 * a reference to an entry w/o holding the lock on the table. 1300 */ 1301 static struct sta_entry * 1302 sta_lookup(struct sta_table *st, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1303 { 1304 struct sta_entry *se; 1305 int hash = STA_HASH(macaddr); 1306 1307 IEEE80211_SCAN_TABLE_LOCK(st); 1308 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 1309 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 1310 break; 1311 IEEE80211_SCAN_TABLE_UNLOCK(st); 1312 1313 return se; /* NB: unlocked */ 1314 } 1315 1316 static void 1317 sta_roam_check(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1318 { 1319 struct ieee80211com *ic = vap->iv_ic; 1320 struct ieee80211_node *ni = vap->iv_bss; 1321 struct sta_table *st = ss->ss_priv; 1322 enum ieee80211_phymode mode; 1323 struct sta_entry *se, *selbs; 1324 uint8_t roamRate, curRate, ucastRate; 1325 int8_t roamRssi, curRssi; 1326 1327 se = sta_lookup(st, ni->ni_macaddr); 1328 if (se == NULL) { 1329 /* XXX something is wrong */ 1330 return; 1331 } 1332 1333 mode = ieee80211_chan2mode(ic->ic_bsschan); 1334 roamRate = vap->iv_roamparms[mode].rate; 1335 roamRssi = vap->iv_roamparms[mode].rssi; 1336 ucastRate = vap->iv_txparms[mode].ucastrate; 1337 /* NB: the most up to date rssi is in the node, not the scan cache */ 1338 curRssi = ic->ic_node_getrssi(ni); 1339 if (ucastRate == IEEE80211_FIXED_RATE_NONE) { 1340 curRate = ni->ni_txrate; 1341 roamRate &= IEEE80211_RATE_VAL; 1342 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ROAM, 1343 "%s: currssi %d currate %u roamrssi %d roamrate %u\n", 1344 __func__, curRssi, curRate, roamRssi, roamRate); 1345 } else { 1346 curRate = roamRate; /* NB: insure compare below fails */ 1347 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ROAM, 1348 "%s: currssi %d roamrssi %d\n", __func__, curRssi, roamRssi); 1349 } 1350 /* 1351 * Check if a new ap should be used and switch. 1352 * XXX deauth current ap 1353 */ 1354 if (curRate < roamRate || curRssi < roamRssi) { 1355 if (ieee80211_time_after(ticks, ic->ic_lastscan + vap->iv_scanvalid)) { 1356 /* 1357 * Scan cache contents are too old; force a scan now 1358 * if possible so we have current state to make a 1359 * decision with. We don't kick off a bg scan if 1360 * we're using dynamic turbo and boosted or if the 1361 * channel is busy. 1362 * XXX force immediate switch on scan complete 1363 */ 1364 if (!IEEE80211_IS_CHAN_DTURBO(ic->ic_curchan) && 1365 ((vap->iv_flags_ext & IEEE80211_FEXT_SCAN_OFFLOAD) || 1366 ieee80211_time_after(ticks, ic->ic_lastdata + vap->iv_bgscanidle))) 1367 ieee80211_bg_scan(vap, 0); 1368 return; 1369 } 1370 se->base.se_rssi = curRssi; 1371 selbs = select_bss(ss, vap, IEEE80211_MSG_ROAM); 1372 if (selbs != NULL && selbs != se) { 1373 struct ieee80211_channel *chan; 1374 1375 IEEE80211_DPRINTF(vap, 1376 IEEE80211_MSG_ROAM | IEEE80211_MSG_DEBUG, 1377 "%s: ROAM: curRate %u, roamRate %u, " 1378 "curRssi %d, roamRssi %d\n", __func__, 1379 curRate, roamRate, curRssi, roamRssi); 1380 1381 chan = selbs->base.se_chan; 1382 if (selbs->se_flags & STA_DEMOTE11B) 1383 chan = demote11b(vap, chan); 1384 (void) ieee80211_sta_join(vap, chan, &selbs->base); 1385 } 1386 } 1387 } 1388 1389 /* 1390 * Age entries in the scan cache. 1391 * XXX also do roaming since it's convenient 1392 */ 1393 static void 1394 sta_age(struct ieee80211_scan_state *ss) 1395 { 1396 struct ieee80211vap *vap = ss->ss_vap; 1397 1398 adhoc_age(ss); 1399 /* 1400 * If rate control is enabled check periodically to see if 1401 * we should roam from our current connection to one that 1402 * might be better. This only applies when we're operating 1403 * in sta mode and automatic roaming is set. 1404 * XXX defer if busy 1405 * XXX repeater station 1406 * XXX do when !bgscan? 1407 */ 1408 KASSERT(vap->iv_opmode == IEEE80211_M_STA, 1409 ("wrong mode %u", vap->iv_opmode)); 1410 if (vap->iv_roaming == IEEE80211_ROAMING_AUTO && 1411 (vap->iv_flags & IEEE80211_F_BGSCAN) && 1412 vap->iv_state >= IEEE80211_S_RUN) 1413 /* XXX vap is implicit */ 1414 sta_roam_check(ss, vap); 1415 } 1416 1417 /* 1418 * Iterate over the entries in the scan cache, invoking 1419 * the callback function on each one. 1420 */ 1421 static void 1422 sta_iterate(struct ieee80211_scan_state *ss, 1423 ieee80211_scan_iter_func *f, void *arg) 1424 { 1425 struct sta_table *st = ss->ss_priv; 1426 struct sta_entry *se; 1427 u_int gen; 1428 1429 IEEE80211_SCAN_ITER_LOCK(st); 1430 gen = st->st_scaniter++; 1431 restart: 1432 IEEE80211_SCAN_TABLE_LOCK(st); 1433 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1434 if (se->se_scangen != gen) { 1435 se->se_scangen = gen; 1436 /* update public state */ 1437 se->base.se_age = ticks - se->se_lastupdate; 1438 IEEE80211_SCAN_TABLE_UNLOCK(st); 1439 (*f)(arg, &se->base); 1440 goto restart; 1441 } 1442 } 1443 IEEE80211_SCAN_TABLE_UNLOCK(st); 1444 1445 IEEE80211_SCAN_ITER_UNLOCK(st); 1446 } 1447 1448 static void 1449 sta_assoc_fail(struct ieee80211_scan_state *ss, 1450 const uint8_t macaddr[IEEE80211_ADDR_LEN], int reason) 1451 { 1452 struct sta_table *st = ss->ss_priv; 1453 struct sta_entry *se; 1454 1455 se = sta_lookup(st, macaddr); 1456 if (se != NULL) { 1457 se->se_fails++; 1458 se->se_lastfail = ticks; 1459 IEEE80211_NOTE_MAC(ss->ss_vap, IEEE80211_MSG_SCAN, 1460 macaddr, "%s: reason %u fails %u", 1461 __func__, reason, se->se_fails); 1462 } 1463 } 1464 1465 static void 1466 sta_assoc_success(struct ieee80211_scan_state *ss, 1467 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1468 { 1469 struct sta_table *st = ss->ss_priv; 1470 struct sta_entry *se; 1471 1472 se = sta_lookup(st, macaddr); 1473 if (se != NULL) { 1474 #if 0 1475 se->se_fails = 0; 1476 IEEE80211_NOTE_MAC(ss->ss_vap, IEEE80211_MSG_SCAN, 1477 macaddr, "%s: fails %u", 1478 __func__, se->se_fails); 1479 #endif 1480 se->se_lastassoc = ticks; 1481 } 1482 } 1483 1484 static const struct ieee80211_scanner sta_default = { 1485 .scan_name = "default", 1486 .scan_attach = sta_attach, 1487 .scan_detach = sta_detach, 1488 .scan_start = sta_start, 1489 .scan_restart = sta_restart, 1490 .scan_cancel = sta_cancel, 1491 .scan_end = sta_pick_bss, 1492 .scan_flush = sta_flush, 1493 .scan_add = sta_add, 1494 .scan_age = sta_age, 1495 .scan_iterate = sta_iterate, 1496 .scan_assoc_fail = sta_assoc_fail, 1497 .scan_assoc_success = sta_assoc_success, 1498 }; 1499 IEEE80211_SCANNER_ALG(sta, IEEE80211_M_STA, sta_default); 1500 1501 /* 1502 * Adhoc mode-specific support. 1503 */ 1504 1505 static const uint16_t adhocWorld[] = /* 36, 40, 44, 48 */ 1506 { 5180, 5200, 5220, 5240 }; 1507 static const uint16_t adhocFcc3[] = /* 36, 40, 44, 48 145, 149, 153, 157, 161, 165 */ 1508 { 5180, 5200, 5220, 5240, 5725, 5745, 5765, 5785, 5805, 5825 }; 1509 static const uint16_t adhocMkk[] = /* 34, 38, 42, 46 */ 1510 { 5170, 5190, 5210, 5230 }; 1511 static const uint16_t adhoc11b[] = /* 10, 11 */ 1512 { 2457, 2462 }; 1513 1514 static const struct scanlist adhocScanTable[] = { 1515 { IEEE80211_MODE_11B, X(adhoc11b) }, 1516 { IEEE80211_MODE_11A, X(adhocWorld) }, 1517 { IEEE80211_MODE_11A, X(adhocFcc3) }, 1518 { IEEE80211_MODE_11B, X(adhocMkk) }, 1519 { .list = NULL } 1520 }; 1521 #undef X 1522 1523 /* 1524 * Start an adhoc-mode scan by populating the channel list. 1525 */ 1526 static int 1527 adhoc_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1528 { 1529 struct sta_table *st = ss->ss_priv; 1530 1531 makescanlist(ss, vap, adhocScanTable); 1532 1533 if (ss->ss_mindwell == 0) 1534 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */ 1535 if (ss->ss_maxdwell == 0) 1536 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 1537 1538 st->st_scangen++; 1539 st->st_newscan = 1; 1540 1541 return 0; 1542 } 1543 1544 /* 1545 * Select a channel to start an adhoc network on. 1546 * The channel list was populated with appropriate 1547 * channels so select one that looks least occupied. 1548 */ 1549 static struct ieee80211_channel * 1550 adhoc_pick_channel(struct ieee80211_scan_state *ss, int flags) 1551 { 1552 struct sta_table *st = ss->ss_priv; 1553 struct sta_entry *se; 1554 struct ieee80211_channel *c, *bestchan; 1555 int i, bestrssi, maxrssi; 1556 1557 bestchan = NULL; 1558 bestrssi = -1; 1559 1560 IEEE80211_SCAN_TABLE_LOCK(st); 1561 for (i = 0; i < ss->ss_last; i++) { 1562 c = ss->ss_chans[i]; 1563 /* never consider a channel with radar */ 1564 if (IEEE80211_IS_CHAN_RADAR(c)) 1565 continue; 1566 /* skip channels disallowed by regulatory settings */ 1567 if (IEEE80211_IS_CHAN_NOADHOC(c)) 1568 continue; 1569 /* check channel attributes for band compatibility */ 1570 if (flags != 0 && (c->ic_flags & flags) != flags) 1571 continue; 1572 maxrssi = 0; 1573 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1574 if (se->base.se_chan != c) 1575 continue; 1576 if (se->base.se_rssi > maxrssi) 1577 maxrssi = se->base.se_rssi; 1578 } 1579 if (bestchan == NULL || maxrssi < bestrssi) 1580 bestchan = c; 1581 } 1582 IEEE80211_SCAN_TABLE_UNLOCK(st); 1583 1584 return bestchan; 1585 } 1586 1587 /* 1588 * Pick an ibss network to join or find a channel 1589 * to use to start an ibss network. 1590 */ 1591 static int 1592 adhoc_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1593 { 1594 struct sta_table *st = ss->ss_priv; 1595 struct sta_entry *selbs; 1596 struct ieee80211_channel *chan; 1597 struct ieee80211com *ic = vap->iv_ic; 1598 1599 KASSERT(vap->iv_opmode == IEEE80211_M_IBSS || 1600 vap->iv_opmode == IEEE80211_M_AHDEMO || 1601 vap->iv_opmode == IEEE80211_M_MBSS, 1602 ("wrong opmode %u", vap->iv_opmode)); 1603 1604 if (st->st_newscan) { 1605 sta_update_notseen(st); 1606 st->st_newscan = 0; 1607 } 1608 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 1609 /* 1610 * Manual/background scan, don't select+join the 1611 * bss, just return. The scanning framework will 1612 * handle notification that this has completed. 1613 */ 1614 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1615 return 1; 1616 } 1617 /* 1618 * Automatic sequencing; look for a candidate and 1619 * if found join the network. 1620 */ 1621 /* NB: unlocked read should be ok */ 1622 if (TAILQ_FIRST(&st->st_entry) == NULL) { 1623 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 1624 "%s: no scan candidate\n", __func__); 1625 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1626 return 0; 1627 notfound: 1628 /* NB: never auto-start a tdma network for slot !0 */ 1629 #ifdef IEEE80211_SUPPORT_TDMA 1630 if (vap->iv_des_nssid && 1631 ((vap->iv_caps & IEEE80211_C_TDMA) == 0 || 1632 ieee80211_tdma_getslot(vap) == 0)) { 1633 #else 1634 if (vap->iv_des_nssid) { 1635 #endif 1636 /* 1637 * No existing adhoc network to join and we have 1638 * an ssid; start one up. If no channel was 1639 * specified, try to select a channel. 1640 */ 1641 if (vap->iv_des_chan == IEEE80211_CHAN_ANYC || 1642 IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) { 1643 chan = adhoc_pick_channel(ss, 0); 1644 } else 1645 chan = vap->iv_des_chan; 1646 if (chan != NULL) { 1647 /* 1648 * Create a HT capable IBSS; the per-node 1649 * probe request/response will result in 1650 * "correct" rate control capabilities being 1651 * negotiated. 1652 */ 1653 chan = ieee80211_ht_adjust_channel(ic, 1654 chan, vap->iv_flags_ht); 1655 chan = ieee80211_vht_adjust_channel(ic, 1656 chan, vap->iv_flags_vht); 1657 ieee80211_create_ibss(vap, chan); 1658 return 1; 1659 } 1660 } 1661 /* 1662 * If nothing suitable was found decrement 1663 * the failure counts so entries will be 1664 * reconsidered the next time around. We 1665 * really want to do this only for sta's 1666 * where we've previously had some success. 1667 */ 1668 sta_dec_fails(st); 1669 st->st_newscan = 1; 1670 return 0; /* restart scan */ 1671 } 1672 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN); 1673 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1674 return (selbs != NULL); 1675 if (selbs == NULL) 1676 goto notfound; 1677 chan = selbs->base.se_chan; 1678 if (selbs->se_flags & STA_DEMOTE11B) 1679 chan = demote11b(vap, chan); 1680 /* 1681 * If HT is available, make it a possibility here. 1682 * The intent is to enable HT20/HT40 when joining a non-HT 1683 * IBSS node; we can then advertise HT IEs and speak HT 1684 * to any subsequent nodes that support it. 1685 */ 1686 chan = ieee80211_ht_adjust_channel(ic, 1687 chan, vap->iv_flags_ht); 1688 chan = ieee80211_vht_adjust_channel(ic, 1689 chan, vap->iv_flags_vht); 1690 if (!ieee80211_sta_join(vap, chan, &selbs->base)) 1691 goto notfound; 1692 return 1; /* terminate scan */ 1693 } 1694 1695 /* 1696 * Age entries in the scan cache. 1697 */ 1698 static void 1699 adhoc_age(struct ieee80211_scan_state *ss) 1700 { 1701 struct sta_table *st = ss->ss_priv; 1702 struct sta_entry *se, *next; 1703 1704 IEEE80211_SCAN_TABLE_LOCK(st); 1705 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 1706 if (se->se_notseen > STA_PURGE_SCANS) { 1707 TAILQ_REMOVE(&st->st_entry, se, se_list); 1708 LIST_REMOVE(se, se_hash); 1709 ieee80211_ies_cleanup(&se->base.se_ies); 1710 IEEE80211_FREE(se, M_80211_SCAN); 1711 } 1712 } 1713 IEEE80211_SCAN_TABLE_UNLOCK(st); 1714 } 1715 1716 static const struct ieee80211_scanner adhoc_default = { 1717 .scan_name = "default", 1718 .scan_attach = sta_attach, 1719 .scan_detach = sta_detach, 1720 .scan_start = adhoc_start, 1721 .scan_restart = sta_restart, 1722 .scan_cancel = sta_cancel, 1723 .scan_end = adhoc_pick_bss, 1724 .scan_flush = sta_flush, 1725 .scan_pickchan = adhoc_pick_channel, 1726 .scan_add = sta_add, 1727 .scan_age = adhoc_age, 1728 .scan_iterate = sta_iterate, 1729 .scan_assoc_fail = sta_assoc_fail, 1730 .scan_assoc_success = sta_assoc_success, 1731 }; 1732 IEEE80211_SCANNER_ALG(ibss, IEEE80211_M_IBSS, adhoc_default); 1733 IEEE80211_SCANNER_ALG(ahdemo, IEEE80211_M_AHDEMO, adhoc_default); 1734 1735 static int 1736 ap_start(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1737 { 1738 struct sta_table *st = ss->ss_priv; 1739 1740 makescanlist(ss, vap, staScanTable); 1741 1742 if (ss->ss_mindwell == 0) 1743 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */ 1744 if (ss->ss_maxdwell == 0) 1745 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 1746 1747 st->st_scangen++; 1748 st->st_newscan = 1; 1749 1750 return 0; 1751 } 1752 1753 /* 1754 * Cancel an ongoing scan. 1755 */ 1756 static int 1757 ap_cancel(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1758 { 1759 return 0; 1760 } 1761 1762 /* 1763 * Pick a quiet channel to use for ap operation. 1764 */ 1765 static struct ieee80211_channel * 1766 ap_pick_channel(struct ieee80211_scan_state *ss, int flags) 1767 { 1768 struct sta_table *st = ss->ss_priv; 1769 struct ieee80211_channel *bestchan = NULL; 1770 int i; 1771 1772 /* XXX select channel more intelligently, e.g. channel spread, power */ 1773 /* NB: use scan list order to preserve channel preference */ 1774 for (i = 0; i < ss->ss_last; i++) { 1775 struct ieee80211_channel *chan = ss->ss_chans[i]; 1776 /* 1777 * If the channel is unoccupied the max rssi 1778 * should be zero; just take it. Otherwise 1779 * track the channel with the lowest rssi and 1780 * use that when all channels appear occupied. 1781 */ 1782 if (IEEE80211_IS_CHAN_RADAR(chan)) 1783 continue; 1784 if (IEEE80211_IS_CHAN_NOHOSTAP(chan)) 1785 continue; 1786 /* check channel attributes for band compatibility */ 1787 if (flags != 0 && (chan->ic_flags & flags) != flags) 1788 continue; 1789 KASSERT(sizeof(chan->ic_ieee) == 1, ("ic_chan size")); 1790 /* XXX channel have interference */ 1791 if (st->st_maxrssi[chan->ic_ieee] == 0) { 1792 /* XXX use other considerations */ 1793 return chan; 1794 } 1795 if (bestchan == NULL || 1796 st->st_maxrssi[chan->ic_ieee] < st->st_maxrssi[bestchan->ic_ieee]) 1797 bestchan = chan; 1798 } 1799 return bestchan; 1800 } 1801 1802 /* 1803 * Pick a quiet channel to use for ap operation. 1804 */ 1805 static int 1806 ap_end(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1807 { 1808 struct ieee80211com *ic = vap->iv_ic; 1809 struct ieee80211_channel *bestchan, *chan; 1810 1811 KASSERT(vap->iv_opmode == IEEE80211_M_HOSTAP, 1812 ("wrong opmode %u", vap->iv_opmode)); 1813 bestchan = ap_pick_channel(ss, 0); 1814 if (bestchan == NULL) { 1815 /* no suitable channel, should not happen */ 1816 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 1817 "%s: no suitable channel! (should not happen)\n", __func__); 1818 /* XXX print something? */ 1819 return 0; /* restart scan */ 1820 } 1821 /* 1822 * If this is a dynamic turbo channel, start with the unboosted one. 1823 */ 1824 if (IEEE80211_IS_CHAN_TURBO(bestchan)) { 1825 bestchan = ieee80211_find_channel(ic, bestchan->ic_freq, 1826 bestchan->ic_flags & ~IEEE80211_CHAN_TURBO); 1827 if (bestchan == NULL) { 1828 /* should never happen ?? */ 1829 return 0; 1830 } 1831 } 1832 if (ss->ss_flags & (IEEE80211_SCAN_NOPICK | IEEE80211_SCAN_NOJOIN)) { 1833 /* 1834 * Manual/background scan, don't select+join the 1835 * bss, just return. The scanning framework will 1836 * handle notification that this has completed. 1837 */ 1838 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1839 return 1; 1840 } 1841 chan = ieee80211_ht_adjust_channel(ic, bestchan, vap->iv_flags_ht); 1842 chan = ieee80211_vht_adjust_channel(ic, chan, vap->iv_flags_vht); 1843 ieee80211_create_ibss(vap, chan); 1844 1845 return 1; 1846 } 1847 1848 static const struct ieee80211_scanner ap_default = { 1849 .scan_name = "default", 1850 .scan_attach = sta_attach, 1851 .scan_detach = sta_detach, 1852 .scan_start = ap_start, 1853 .scan_restart = sta_restart, 1854 .scan_cancel = ap_cancel, 1855 .scan_end = ap_end, 1856 .scan_flush = sta_flush, 1857 .scan_pickchan = ap_pick_channel, 1858 .scan_add = sta_add, 1859 .scan_age = adhoc_age, 1860 .scan_iterate = sta_iterate, 1861 .scan_assoc_success = sta_assoc_success, 1862 .scan_assoc_fail = sta_assoc_fail, 1863 }; 1864 IEEE80211_SCANNER_ALG(ap, IEEE80211_M_HOSTAP, ap_default); 1865 1866 #ifdef IEEE80211_SUPPORT_MESH 1867 /* 1868 * Pick an mbss network to join or find a channel 1869 * to use to start an mbss network. 1870 */ 1871 static int 1872 mesh_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211vap *vap) 1873 { 1874 struct sta_table *st = ss->ss_priv; 1875 struct ieee80211_mesh_state *ms = vap->iv_mesh; 1876 struct sta_entry *selbs; 1877 struct ieee80211_channel *chan; 1878 1879 KASSERT(vap->iv_opmode == IEEE80211_M_MBSS, 1880 ("wrong opmode %u", vap->iv_opmode)); 1881 1882 if (st->st_newscan) { 1883 sta_update_notseen(st); 1884 st->st_newscan = 0; 1885 } 1886 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 1887 /* 1888 * Manual/background scan, don't select+join the 1889 * bss, just return. The scanning framework will 1890 * handle notification that this has completed. 1891 */ 1892 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1893 return 1; 1894 } 1895 /* 1896 * Automatic sequencing; look for a candidate and 1897 * if found join the network. 1898 */ 1899 /* NB: unlocked read should be ok */ 1900 if (TAILQ_FIRST(&st->st_entry) == NULL) { 1901 IEEE80211_DPRINTF(vap, IEEE80211_MSG_SCAN, 1902 "%s: no scan candidate\n", __func__); 1903 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1904 return 0; 1905 notfound: 1906 if (ms->ms_idlen != 0) { 1907 /* 1908 * No existing mbss network to join and we have 1909 * a meshid; start one up. If no channel was 1910 * specified, try to select a channel. 1911 */ 1912 if (vap->iv_des_chan == IEEE80211_CHAN_ANYC || 1913 IEEE80211_IS_CHAN_RADAR(vap->iv_des_chan)) { 1914 struct ieee80211com *ic = vap->iv_ic; 1915 1916 /* XXX VHT */ 1917 chan = adhoc_pick_channel(ss, 0); 1918 if (chan != NULL) { 1919 chan = ieee80211_ht_adjust_channel(ic, 1920 chan, vap->iv_flags_ht); 1921 chan = ieee80211_vht_adjust_channel(ic, 1922 chan, vap->iv_flags_vht); 1923 } 1924 } else 1925 chan = vap->iv_des_chan; 1926 if (chan != NULL) { 1927 ieee80211_create_ibss(vap, chan); 1928 return 1; 1929 } 1930 } 1931 /* 1932 * If nothing suitable was found decrement 1933 * the failure counts so entries will be 1934 * reconsidered the next time around. We 1935 * really want to do this only for sta's 1936 * where we've previously had some success. 1937 */ 1938 sta_dec_fails(st); 1939 st->st_newscan = 1; 1940 return 0; /* restart scan */ 1941 } 1942 selbs = select_bss(ss, vap, IEEE80211_MSG_SCAN); 1943 if (ss->ss_flags & IEEE80211_SCAN_NOJOIN) 1944 return (selbs != NULL); 1945 if (selbs == NULL) 1946 goto notfound; 1947 chan = selbs->base.se_chan; 1948 if (selbs->se_flags & STA_DEMOTE11B) 1949 chan = demote11b(vap, chan); 1950 if (!ieee80211_sta_join(vap, chan, &selbs->base)) 1951 goto notfound; 1952 return 1; /* terminate scan */ 1953 } 1954 1955 static const struct ieee80211_scanner mesh_default = { 1956 .scan_name = "default", 1957 .scan_attach = sta_attach, 1958 .scan_detach = sta_detach, 1959 .scan_start = adhoc_start, 1960 .scan_restart = sta_restart, 1961 .scan_cancel = sta_cancel, 1962 .scan_end = mesh_pick_bss, 1963 .scan_flush = sta_flush, 1964 .scan_pickchan = adhoc_pick_channel, 1965 .scan_add = sta_add, 1966 .scan_age = adhoc_age, 1967 .scan_iterate = sta_iterate, 1968 .scan_assoc_fail = sta_assoc_fail, 1969 .scan_assoc_success = sta_assoc_success, 1970 }; 1971 IEEE80211_SCANNER_ALG(mesh, IEEE80211_M_MBSS, mesh_default); 1972 #endif /* IEEE80211_SUPPORT_MESH */ 1973