1 /*- 2 * Copyright (c) 2002-2007 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26 #include <sys/cdefs.h> 27 __FBSDID("$FreeBSD$"); 28 29 /* 30 * IEEE 802.11 station scanning support. 31 */ 32 #include <sys/param.h> 33 #include <sys/systm.h> 34 #include <sys/kernel.h> 35 #include <sys/module.h> 36 37 #include <sys/socket.h> 38 39 #include <net/if.h> 40 #include <net/if_media.h> 41 #include <net/ethernet.h> 42 43 #include <net80211/ieee80211_var.h> 44 45 #include <net/bpf.h> 46 47 /* 48 * Parameters for managing cache entries: 49 * 50 * o a station with STA_FAILS_MAX failures is not considered 51 * when picking a candidate 52 * o a station that hasn't had an update in STA_PURGE_SCANS 53 * (background) scans is discarded 54 * o after STA_FAILS_AGE seconds we clear the failure count 55 */ 56 #define STA_FAILS_MAX 2 /* assoc failures before ignored */ 57 #define STA_FAILS_AGE (2*60) /* time before clearing fails (secs) */ 58 #define STA_PURGE_SCANS 2 /* age for purging entries (scans) */ 59 60 /* XXX tunable */ 61 #define STA_RSSI_MIN 8 /* min acceptable rssi */ 62 #define STA_RSSI_MAX 40 /* max rssi for comparison */ 63 64 #define RSSI_LPF_LEN 10 65 #define RSSI_EP_MULTIPLIER (1<<7) /* pow2 to optimize out * and / */ 66 #define RSSI_IN(x) ((x) * RSSI_EP_MULTIPLIER) 67 #define LPF_RSSI(x, y, len) (((x) * ((len) - 1) + (y)) / (len)) 68 #define RSSI_LPF(x, y) do { \ 69 if ((y) >= -20) \ 70 x = LPF_RSSI((x), RSSI_IN((y)), RSSI_LPF_LEN); \ 71 } while (0) 72 #define EP_RND(x, mul) \ 73 ((((x)%(mul)) >= ((mul)/2)) ? howmany(x, mul) : (x)/(mul)) 74 #define RSSI_GET(x) EP_RND(x, RSSI_EP_MULTIPLIER) 75 76 struct sta_entry { 77 struct ieee80211_scan_entry base; 78 TAILQ_ENTRY(sta_entry) se_list; 79 LIST_ENTRY(sta_entry) se_hash; 80 uint8_t se_fails; /* failure to associate count */ 81 uint8_t se_seen; /* seen during current scan */ 82 uint8_t se_notseen; /* not seen in previous scans */ 83 uint8_t se_flags; 84 uint32_t se_avgrssi; /* LPF rssi state */ 85 unsigned long se_lastupdate; /* time of last update */ 86 unsigned long se_lastfail; /* time of last failure */ 87 unsigned long se_lastassoc; /* time of last association */ 88 u_int se_scangen; /* iterator scan gen# */ 89 }; 90 91 #define STA_HASHSIZE 32 92 /* simple hash is enough for variation of macaddr */ 93 #define STA_HASH(addr) \ 94 (((const uint8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % STA_HASHSIZE) 95 96 struct sta_table { 97 struct mtx st_lock; /* on scan table */ 98 TAILQ_HEAD(, sta_entry) st_entry; /* all entries */ 99 LIST_HEAD(, sta_entry) st_hash[STA_HASHSIZE]; 100 struct mtx st_scanlock; /* on st_scangen */ 101 u_int st_scangen; /* gen# for iterator */ 102 int st_newscan; 103 }; 104 105 static void sta_flush_table(struct sta_table *); 106 /* 107 * match_bss returns a bitmask describing if an entry is suitable 108 * for use. If non-zero the entry was deemed not suitable and it's 109 * contents explains why. The following flags are or'd to to this 110 * mask and can be used to figure out why the entry was rejected. 111 */ 112 #define MATCH_CHANNEL 0x001 /* channel mismatch */ 113 #define MATCH_CAPINFO 0x002 /* capabilities mismatch, e.g. no ess */ 114 #define MATCH_PRIVACY 0x004 /* privacy mismatch */ 115 #define MATCH_RATE 0x008 /* rate set mismatch */ 116 #define MATCH_SSID 0x010 /* ssid mismatch */ 117 #define MATCH_BSSID 0x020 /* bssid mismatch */ 118 #define MATCH_FAILS 0x040 /* too many failed auth attempts */ 119 #define MATCH_NOTSEEN 0x080 /* not seen in recent scans */ 120 #define MATCH_RSSI 0x100 /* rssi deemed too low to use */ 121 static int match_bss(struct ieee80211com *, 122 const struct ieee80211_scan_state *, struct sta_entry *, int); 123 124 /* number of references from net80211 layer */ 125 static int nrefs = 0; 126 127 /* 128 * Attach prior to any scanning work. 129 */ 130 static int 131 sta_attach(struct ieee80211_scan_state *ss) 132 { 133 struct sta_table *st; 134 135 MALLOC(st, struct sta_table *, sizeof(struct sta_table), 136 M_80211_SCAN, M_NOWAIT | M_ZERO); 137 if (st == NULL) 138 return 0; 139 mtx_init(&st->st_lock, "scantable", "802.11 scan table", MTX_DEF); 140 mtx_init(&st->st_scanlock, "scangen", "802.11 scangen", MTX_DEF); 141 TAILQ_INIT(&st->st_entry); 142 ss->ss_priv = st; 143 nrefs++; /* NB: we assume caller locking */ 144 return 1; 145 } 146 147 /* 148 * Cleanup any private state. 149 */ 150 static int 151 sta_detach(struct ieee80211_scan_state *ss) 152 { 153 struct sta_table *st = ss->ss_priv; 154 155 if (st != NULL) { 156 sta_flush_table(st); 157 mtx_destroy(&st->st_lock); 158 mtx_destroy(&st->st_scanlock); 159 FREE(st, M_80211_SCAN); 160 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 161 nrefs--; /* NB: we assume caller locking */ 162 } 163 return 1; 164 } 165 166 /* 167 * Flush all per-scan state. 168 */ 169 static int 170 sta_flush(struct ieee80211_scan_state *ss) 171 { 172 struct sta_table *st = ss->ss_priv; 173 174 mtx_lock(&st->st_lock); 175 sta_flush_table(st); 176 mtx_unlock(&st->st_lock); 177 ss->ss_last = 0; 178 return 0; 179 } 180 181 /* 182 * Flush all entries in the scan cache. 183 */ 184 static void 185 sta_flush_table(struct sta_table *st) 186 { 187 struct sta_entry *se, *next; 188 189 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 190 TAILQ_REMOVE(&st->st_entry, se, se_list); 191 LIST_REMOVE(se, se_hash); 192 FREE(se, M_80211_SCAN); 193 } 194 } 195 196 static void 197 saveie(uint8_t **iep, const uint8_t *ie) 198 { 199 200 if (ie == NULL) 201 *iep = NULL; 202 else 203 ieee80211_saveie(iep, ie); 204 } 205 206 /* 207 * Process a beacon or probe response frame; create an 208 * entry in the scan cache or update any previous entry. 209 */ 210 static int 211 sta_add(struct ieee80211_scan_state *ss, 212 const struct ieee80211_scanparams *sp, 213 const struct ieee80211_frame *wh, 214 int subtype, int rssi, int noise, int rstamp) 215 { 216 #define ISPROBE(_st) ((_st) == IEEE80211_FC0_SUBTYPE_PROBE_RESP) 217 #define PICK1ST(_ss) \ 218 ((ss->ss_flags & (IEEE80211_SCAN_PICK1ST | IEEE80211_SCAN_GOTPICK)) == \ 219 IEEE80211_SCAN_PICK1ST) 220 struct sta_table *st = ss->ss_priv; 221 const uint8_t *macaddr = wh->i_addr2; 222 struct ieee80211com *ic = ss->ss_ic; 223 struct sta_entry *se; 224 struct ieee80211_scan_entry *ise; 225 int hash; 226 227 hash = STA_HASH(macaddr); 228 229 mtx_lock(&st->st_lock); 230 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 231 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 232 goto found; 233 MALLOC(se, struct sta_entry *, sizeof(struct sta_entry), 234 M_80211_SCAN, M_NOWAIT | M_ZERO); 235 if (se == NULL) { 236 mtx_unlock(&st->st_lock); 237 return 0; 238 } 239 se->se_scangen = st->st_scangen-1; 240 IEEE80211_ADDR_COPY(se->base.se_macaddr, macaddr); 241 TAILQ_INSERT_TAIL(&st->st_entry, se, se_list); 242 LIST_INSERT_HEAD(&st->st_hash[hash], se, se_hash); 243 found: 244 ise = &se->base; 245 /* XXX ap beaconing multiple ssid w/ same bssid */ 246 if (sp->ssid[1] != 0 && 247 (ISPROBE(subtype) || ise->se_ssid[1] == 0)) 248 memcpy(ise->se_ssid, sp->ssid, 2+sp->ssid[1]); 249 KASSERT(sp->rates[1] <= IEEE80211_RATE_MAXSIZE, 250 ("rate set too large: %u", sp->rates[1])); 251 memcpy(ise->se_rates, sp->rates, 2+sp->rates[1]); 252 if (sp->xrates != NULL) { 253 /* XXX validate xrates[1] */ 254 KASSERT(sp->xrates[1] + sp->rates[1] <= IEEE80211_RATE_MAXSIZE, 255 ("xrate set too large: %u", sp->xrates[1])); 256 memcpy(ise->se_xrates, sp->xrates, 2+sp->xrates[1]); 257 } else 258 ise->se_xrates[1] = 0; 259 IEEE80211_ADDR_COPY(ise->se_bssid, wh->i_addr3); 260 /* 261 * Record rssi data using extended precision LPF filter. 262 */ 263 if (se->se_lastupdate == 0) /* first sample */ 264 se->se_avgrssi = RSSI_IN(rssi); 265 else /* avg w/ previous samples */ 266 RSSI_LPF(se->se_avgrssi, rssi); 267 se->base.se_rssi = RSSI_GET(se->se_avgrssi); 268 se->base.se_noise = noise; 269 ise->se_rstamp = rstamp; 270 memcpy(ise->se_tstamp.data, sp->tstamp, sizeof(ise->se_tstamp)); 271 ise->se_intval = sp->bintval; 272 ise->se_capinfo = sp->capinfo; 273 ise->se_chan = sp->curchan; 274 ise->se_fhdwell = sp->fhdwell; 275 ise->se_fhindex = sp->fhindex; 276 ise->se_erp = sp->erp; 277 ise->se_timoff = sp->timoff; 278 if (sp->tim != NULL) { 279 const struct ieee80211_tim_ie *tim = 280 (const struct ieee80211_tim_ie *) sp->tim; 281 ise->se_dtimperiod = tim->tim_period; 282 } 283 saveie(&ise->se_wme_ie, sp->wme); 284 saveie(&ise->se_wpa_ie, sp->wpa); 285 saveie(&ise->se_rsn_ie, sp->rsn); 286 saveie(&ise->se_ath_ie, sp->ath); 287 saveie(&ise->se_htcap_ie, sp->htcap); 288 saveie(&ise->se_htinfo_ie, sp->htinfo); 289 290 /* clear failure count after STA_FAIL_AGE passes */ 291 if (se->se_fails && (ticks - se->se_lastfail) > STA_FAILS_AGE*hz) { 292 se->se_fails = 0; 293 IEEE80211_NOTE_MAC(ic, IEEE80211_MSG_SCAN, macaddr, 294 "%s: fails %u", __func__, se->se_fails); 295 } 296 297 se->se_lastupdate = ticks; /* update time */ 298 se->se_seen = 1; 299 se->se_notseen = 0; 300 301 mtx_unlock(&st->st_lock); 302 303 /* 304 * If looking for a quick choice and nothing's 305 * been found check here. 306 */ 307 if (PICK1ST(ss) && match_bss(ic, ss, se, IEEE80211_MSG_SCAN) == 0) 308 ss->ss_flags |= IEEE80211_SCAN_GOTPICK; 309 310 return 1; 311 #undef PICK1ST 312 #undef ISPROBE 313 } 314 315 /* 316 * Check if a channel is excluded by user request. 317 */ 318 static int 319 isexcluded(struct ieee80211com *ic, const struct ieee80211_channel *c) 320 { 321 return (isclr(ic->ic_chan_active, c->ic_ieee) || 322 (ic->ic_des_chan != IEEE80211_CHAN_ANYC && 323 c->ic_freq != ic->ic_des_chan->ic_freq)); 324 } 325 326 static struct ieee80211_channel * 327 find11gchannel(struct ieee80211com *ic, int i, int freq) 328 { 329 struct ieee80211_channel *c; 330 int j; 331 332 /* 333 * The normal ordering in the channel list is b channel 334 * immediately followed by g so optimize the search for 335 * this. We'll still do a full search just in case. 336 */ 337 for (j = i+1; j < ic->ic_nchans; j++) { 338 c = &ic->ic_channels[j]; 339 if (c->ic_freq == freq && IEEE80211_IS_CHAN_ANYG(c)) 340 return c; 341 } 342 for (j = 0; j < i; j++) { 343 c = &ic->ic_channels[j]; 344 if (c->ic_freq == freq && IEEE80211_IS_CHAN_ANYG(c)) 345 return c; 346 } 347 return NULL; 348 } 349 static const u_int chanflags[IEEE80211_MODE_MAX] = { 350 IEEE80211_CHAN_B, /* IEEE80211_MODE_AUTO */ 351 IEEE80211_CHAN_A, /* IEEE80211_MODE_11A */ 352 IEEE80211_CHAN_B, /* IEEE80211_MODE_11B */ 353 IEEE80211_CHAN_G, /* IEEE80211_MODE_11G */ 354 IEEE80211_CHAN_FHSS, /* IEEE80211_MODE_FH */ 355 IEEE80211_CHAN_A, /* IEEE80211_MODE_TURBO_A (check base channel)*/ 356 IEEE80211_CHAN_G, /* IEEE80211_MODE_TURBO_G */ 357 IEEE80211_CHAN_ST, /* IEEE80211_MODE_STURBO_A */ 358 IEEE80211_CHAN_A, /* IEEE80211_MODE_11NA (check legacy) */ 359 IEEE80211_CHAN_G, /* IEEE80211_MODE_11NG (check legacy) */ 360 }; 361 362 static void 363 add_channels(struct ieee80211com *ic, 364 struct ieee80211_scan_state *ss, 365 enum ieee80211_phymode mode, const uint16_t freq[], int nfreq) 366 { 367 #define N(a) (sizeof(a) / sizeof(a[0])) 368 struct ieee80211_channel *c, *cg; 369 u_int modeflags; 370 int i; 371 372 KASSERT(mode < N(chanflags), ("Unexpected mode %u", mode)); 373 modeflags = chanflags[mode]; 374 for (i = 0; i < nfreq; i++) { 375 if (ss->ss_last >= IEEE80211_SCAN_MAX) 376 break; 377 378 c = ieee80211_find_channel(ic, freq[i], modeflags); 379 if (c != NULL && isexcluded(ic, c)) 380 continue; 381 if (mode == IEEE80211_MODE_AUTO) { 382 /* 383 * XXX special-case 11b/g channels so we select 384 * the g channel if both are present or there 385 * are only g channels. 386 */ 387 if (c == NULL || IEEE80211_IS_CHAN_B(c)) { 388 cg = find11gchannel(ic, i, freq[i]); 389 if (cg != NULL) 390 c = cg; 391 } 392 } 393 if (c == NULL) 394 continue; 395 396 ss->ss_chans[ss->ss_last++] = c; 397 } 398 #undef N 399 } 400 401 static const uint16_t rcl1[] = /* 8 FCC channel: 52, 56, 60, 64, 36, 40, 44, 48 */ 402 { 5260, 5280, 5300, 5320, 5180, 5200, 5220, 5240 }; 403 static const uint16_t rcl2[] = /* 4 MKK channels: 34, 38, 42, 46 */ 404 { 5170, 5190, 5210, 5230 }; 405 static const uint16_t rcl3[] = /* 2.4Ghz ch: 1,6,11,7,13 */ 406 { 2412, 2437, 2462, 2442, 2472 }; 407 static const uint16_t rcl4[] = /* 5 FCC channel: 149, 153, 161, 165 */ 408 { 5745, 5765, 5785, 5805, 5825 }; 409 static const uint16_t rcl7[] = /* 11 ETSI channel: 100,104,108,112,116,120,124,128,132,136,140 */ 410 { 5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680, 5700 }; 411 static const uint16_t rcl8[] = /* 2.4Ghz ch: 2,3,4,5,8,9,10,12 */ 412 { 2417, 2422, 2427, 2432, 2447, 2452, 2457, 2467 }; 413 static const uint16_t rcl9[] = /* 2.4Ghz ch: 14 */ 414 { 2484 }; 415 static const uint16_t rcl10[] = /* Added Korean channels 2312-2372 */ 416 { 2312, 2317, 2322, 2327, 2332, 2337, 2342, 2347, 2352, 2357, 2362, 2367, 2372 }; 417 static const uint16_t rcl11[] = /* Added Japan channels in 4.9/5.0 spectrum */ 418 { 5040, 5060, 5080, 4920, 4940, 4960, 4980 }; 419 #ifdef ATH_TURBO_SCAN 420 static const uint16_t rcl5[] = /* 3 static turbo channels */ 421 { 5210, 5250, 5290 }; 422 static const uint16_t rcl6[] = /* 2 static turbo channels */ 423 { 5760, 5800 }; 424 static const uint16_t rcl6x[] = /* 4 FCC3 turbo channels */ 425 { 5540, 5580, 5620, 5660 }; 426 static const uint16_t rcl12[] = /* 2.4Ghz Turbo channel 6 */ 427 { 2437 }; 428 static const uint16_t rcl13[] = /* dynamic Turbo channels */ 429 { 5200, 5240, 5280, 5765, 5805 }; 430 #endif /* ATH_TURBO_SCAN */ 431 432 struct scanlist { 433 uint16_t mode; 434 uint16_t count; 435 const uint16_t *list; 436 }; 437 438 #define X(a) .count = sizeof(a)/sizeof(a[0]), .list = a 439 440 static const struct scanlist staScanTable[] = { 441 { IEEE80211_MODE_11B, X(rcl3) }, 442 { IEEE80211_MODE_11A, X(rcl1) }, 443 { IEEE80211_MODE_11A, X(rcl2) }, 444 { IEEE80211_MODE_11B, X(rcl8) }, 445 { IEEE80211_MODE_11B, X(rcl9) }, 446 { IEEE80211_MODE_11A, X(rcl4) }, 447 #ifdef ATH_TURBO_SCAN 448 { IEEE80211_MODE_STURBO_A, X(rcl5) }, 449 { IEEE80211_MODE_STURBO_A, X(rcl6) }, 450 { IEEE80211_MODE_TURBO_A, X(rcl6x) }, 451 { IEEE80211_MODE_TURBO_A, X(rcl13) }, 452 #endif /* ATH_TURBO_SCAN */ 453 { IEEE80211_MODE_11A, X(rcl7) }, 454 { IEEE80211_MODE_11B, X(rcl10) }, 455 { IEEE80211_MODE_11A, X(rcl11) }, 456 #ifdef ATH_TURBO_SCAN 457 { IEEE80211_MODE_TURBO_G, X(rcl12) }, 458 #endif /* ATH_TURBO_SCAN */ 459 { .list = NULL } 460 }; 461 462 static int 463 checktable(const struct scanlist *scan, const struct ieee80211_channel *c) 464 { 465 int i; 466 467 for (; scan->list != NULL; scan++) { 468 for (i = 0; i < scan->count; i++) 469 if (scan->list[i] == c->ic_freq) 470 return 1; 471 } 472 return 0; 473 } 474 475 /* 476 * Start a station-mode scan by populating the channel list. 477 */ 478 static int 479 sta_start(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 480 { 481 #define N(a) (sizeof(a)/sizeof(a[0])) 482 struct sta_table *st = ss->ss_priv; 483 const struct scanlist *scan; 484 enum ieee80211_phymode mode; 485 struct ieee80211_channel *c; 486 int i; 487 488 ss->ss_last = 0; 489 /* 490 * Use the table of ordered channels to construct the list 491 * of channels for scanning. Any channels in the ordered 492 * list not in the master list will be discarded. 493 */ 494 for (scan = staScanTable; scan->list != NULL; scan++) { 495 mode = scan->mode; 496 if (ic->ic_des_mode != IEEE80211_MODE_AUTO) { 497 /* 498 * If a desired mode was specified, scan only 499 * channels that satisfy that constraint. 500 */ 501 if (ic->ic_des_mode != mode) { 502 /* 503 * The scan table marks 2.4Ghz channels as b 504 * so if the desired mode is 11g, then use 505 * the 11b channel list but upgrade the mode. 506 */ 507 if (ic->ic_des_mode != IEEE80211_MODE_11G || 508 mode != IEEE80211_MODE_11B) 509 continue; 510 mode = IEEE80211_MODE_11G; /* upgrade */ 511 } 512 } else { 513 /* 514 * This lets add_channels upgrade an 11b channel 515 * to 11g if available. 516 */ 517 if (mode == IEEE80211_MODE_11B) 518 mode = IEEE80211_MODE_AUTO; 519 } 520 #ifdef IEEE80211_F_XR 521 /* XR does not operate on turbo channels */ 522 if ((ic->ic_flags & IEEE80211_F_XR) && 523 (mode == IEEE80211_MODE_TURBO_A || 524 mode == IEEE80211_MODE_TURBO_G || 525 mode == IEEE80211_MODE_STURBO_A)) 526 continue; 527 #endif 528 /* 529 * Add the list of the channels; any that are not 530 * in the master channel list will be discarded. 531 */ 532 add_channels(ic, ss, mode, scan->list, scan->count); 533 } 534 535 /* 536 * Add the channels from the ic (from HAL) that are not present 537 * in the staScanTable. 538 */ 539 for (i = 0; i < ic->ic_nchans; i++) { 540 if (ss->ss_last >= IEEE80211_SCAN_MAX) 541 break; 542 543 c = &ic->ic_channels[i]; 544 /* 545 * Ignore dynamic turbo channels; we scan them 546 * in normal mode (i.e. not boosted). Likewise 547 * for HT channels, they get scanned using 548 * legacy rates. 549 */ 550 if (IEEE80211_IS_CHAN_DTURBO(c) || IEEE80211_IS_CHAN_HT(c)) 551 continue; 552 553 /* 554 * If a desired mode was specified, scan only 555 * channels that satisfy that constraint. 556 */ 557 if (ic->ic_des_mode != IEEE80211_MODE_AUTO && 558 ic->ic_des_mode != ieee80211_chan2mode(c)) 559 continue; 560 561 /* 562 * Skip channels excluded by user request. 563 */ 564 if (isexcluded(ic, c)) 565 continue; 566 567 /* 568 * Add the channel unless it is listed in the 569 * fixed scan order tables. This insures we 570 * don't sweep back in channels we filtered out 571 * above. 572 */ 573 if (checktable(staScanTable, c)) 574 continue; 575 576 /* Add channel to scanning list. */ 577 ss->ss_chans[ss->ss_last++] = c; 578 } 579 580 ss->ss_next = 0; 581 /* XXX tunables */ 582 ss->ss_mindwell = msecs_to_ticks(20); /* 20ms */ 583 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 584 585 #ifdef IEEE80211_DEBUG 586 if (ieee80211_msg_scan(ic)) { 587 if_printf(ic->ic_ifp, "scan set "); 588 ieee80211_scan_dump_channels(ss); 589 printf(" dwell min %ld max %ld\n", 590 ss->ss_mindwell, ss->ss_maxdwell); 591 } 592 #endif /* IEEE80211_DEBUG */ 593 594 st->st_newscan = 1; 595 596 return 0; 597 #undef N 598 } 599 600 /* 601 * Restart a bg scan. 602 */ 603 static int 604 sta_restart(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 605 { 606 struct sta_table *st = ss->ss_priv; 607 608 st->st_newscan = 1; 609 return 0; 610 } 611 612 /* 613 * Cancel an ongoing scan. 614 */ 615 static int 616 sta_cancel(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 617 { 618 return 0; 619 } 620 621 static uint8_t 622 maxrate(const struct ieee80211_scan_entry *se) 623 { 624 uint8_t rmax, r; 625 int i; 626 627 rmax = 0; 628 for (i = 0; i < se->se_rates[1]; i++) { 629 r = se->se_rates[2+i] & IEEE80211_RATE_VAL; 630 if (r > rmax) 631 rmax = r; 632 } 633 for (i = 0; i < se->se_xrates[1]; i++) { 634 r = se->se_xrates[2+i] & IEEE80211_RATE_VAL; 635 if (r > rmax) 636 rmax = r; 637 } 638 return rmax; 639 } 640 641 /* 642 * Compare the capabilities of two entries and decide which is 643 * more desirable (return >0 if a is considered better). Note 644 * that we assume compatibility/usability has already been checked 645 * so we don't need to (e.g. validate whether privacy is supported). 646 * Used to select the best scan candidate for association in a BSS. 647 */ 648 static int 649 sta_compare(const struct sta_entry *a, const struct sta_entry *b) 650 { 651 #define PREFER(_a,_b,_what) do { \ 652 if (((_a) ^ (_b)) & (_what)) \ 653 return ((_a) & (_what)) ? 1 : -1; \ 654 } while (0) 655 uint8_t maxa, maxb; 656 int8_t rssia, rssib; 657 int weight; 658 659 /* privacy support */ 660 PREFER(a->base.se_capinfo, b->base.se_capinfo, 661 IEEE80211_CAPINFO_PRIVACY); 662 663 /* compare count of previous failures */ 664 weight = b->se_fails - a->se_fails; 665 if (abs(weight) > 1) 666 return weight; 667 668 /* 669 * Compare rssi. If the two are considered equivalent 670 * then fallback to other criteria. We threshold the 671 * comparisons to avoid selecting an ap purely by rssi 672 * when both values may be good but one ap is otherwise 673 * more desirable (e.g. an 11b-only ap with stronger 674 * signal than an 11g ap). 675 */ 676 rssia = MIN(a->base.se_rssi, STA_RSSI_MAX); 677 rssib = MIN(b->base.se_rssi, STA_RSSI_MAX); 678 if (abs(rssib - rssia) < 5) { 679 /* best/max rate preferred if signal level close enough XXX */ 680 maxa = maxrate(&a->base); 681 maxb = maxrate(&b->base); 682 if (maxa != maxb) 683 return maxa - maxb; 684 /* XXX use freq for channel preference */ 685 /* for now just prefer 5Ghz band to all other bands */ 686 if (IEEE80211_IS_CHAN_5GHZ(a->base.se_chan) && 687 !IEEE80211_IS_CHAN_5GHZ(b->base.se_chan)) 688 return 1; 689 if (!IEEE80211_IS_CHAN_5GHZ(a->base.se_chan) && 690 IEEE80211_IS_CHAN_5GHZ(b->base.se_chan)) 691 return -1; 692 } 693 /* all things being equal, use signal level */ 694 return a->base.se_rssi - b->base.se_rssi; 695 #undef PREFER 696 } 697 698 /* 699 * Check rate set suitability and return the best supported rate. 700 */ 701 static int 702 check_rate(struct ieee80211com *ic, const struct ieee80211_scan_entry *se) 703 { 704 #define RV(v) ((v) & IEEE80211_RATE_VAL) 705 const struct ieee80211_rateset *srs; 706 int i, j, nrs, r, okrate, badrate, fixedrate; 707 const uint8_t *rs; 708 709 okrate = badrate = fixedrate = 0; 710 711 srs = ieee80211_get_suprates(ic, se->se_chan); 712 nrs = se->se_rates[1]; 713 rs = se->se_rates+2; 714 fixedrate = IEEE80211_FIXED_RATE_NONE; 715 again: 716 for (i = 0; i < nrs; i++) { 717 r = RV(rs[i]); 718 badrate = r; 719 /* 720 * Check any fixed rate is included. 721 */ 722 if (r == ic->ic_fixed_rate) 723 fixedrate = r; 724 /* 725 * Check against our supported rates. 726 */ 727 for (j = 0; j < srs->rs_nrates; j++) 728 if (r == RV(srs->rs_rates[j])) { 729 if (r > okrate) /* NB: track max */ 730 okrate = r; 731 break; 732 } 733 734 if (j == srs->rs_nrates && (rs[i] & IEEE80211_RATE_BASIC)) { 735 /* 736 * Don't try joining a BSS, if we don't support 737 * one of its basic rates. 738 */ 739 okrate = 0; 740 goto back; 741 } 742 } 743 if (rs == se->se_rates+2) { 744 /* scan xrates too; sort of an algol68-style for loop */ 745 nrs = se->se_xrates[1]; 746 rs = se->se_xrates+2; 747 goto again; 748 } 749 750 back: 751 if (okrate == 0 || ic->ic_fixed_rate != fixedrate) 752 return badrate | IEEE80211_RATE_BASIC; 753 else 754 return RV(okrate); 755 #undef RV 756 } 757 758 static int 759 match_ssid(const uint8_t *ie, 760 int nssid, const struct ieee80211_scan_ssid ssids[]) 761 { 762 int i; 763 764 for (i = 0; i < nssid; i++) { 765 if (ie[1] == ssids[i].len && 766 memcmp(ie+2, ssids[i].ssid, ie[1]) == 0) 767 return 1; 768 } 769 return 0; 770 } 771 772 /* 773 * Test a scan candidate for suitability/compatibility. 774 */ 775 static int 776 match_bss(struct ieee80211com *ic, 777 const struct ieee80211_scan_state *ss, struct sta_entry *se0, 778 int debug) 779 { 780 struct ieee80211_scan_entry *se = &se0->base; 781 uint8_t rate; 782 int fail; 783 784 fail = 0; 785 if (isclr(ic->ic_chan_active, ieee80211_chan2ieee(ic, se->se_chan))) 786 fail |= MATCH_CHANNEL; 787 /* 788 * NB: normally the desired mode is used to construct 789 * the channel list, but it's possible for the scan 790 * cache to include entries for stations outside this 791 * list so we check the desired mode here to weed them 792 * out. 793 */ 794 if (ic->ic_des_mode != IEEE80211_MODE_AUTO && 795 (se->se_chan->ic_flags & IEEE80211_CHAN_ALLTURBO) != 796 chanflags[ic->ic_des_mode]) 797 fail |= MATCH_CHANNEL; 798 if (ic->ic_opmode == IEEE80211_M_IBSS) { 799 if ((se->se_capinfo & IEEE80211_CAPINFO_IBSS) == 0) 800 fail |= MATCH_CAPINFO; 801 } else { 802 if ((se->se_capinfo & IEEE80211_CAPINFO_ESS) == 0) 803 fail |= MATCH_CAPINFO; 804 } 805 if (ic->ic_flags & IEEE80211_F_PRIVACY) { 806 if ((se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) == 0) 807 fail |= MATCH_PRIVACY; 808 } else { 809 /* XXX does this mean privacy is supported or required? */ 810 if (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) 811 fail |= MATCH_PRIVACY; 812 } 813 rate = check_rate(ic, se); 814 if (rate & IEEE80211_RATE_BASIC) 815 fail |= MATCH_RATE; 816 if (ss->ss_nssid != 0 && 817 !match_ssid(se->se_ssid, ss->ss_nssid, ss->ss_ssid)) 818 fail |= MATCH_SSID; 819 if ((ic->ic_flags & IEEE80211_F_DESBSSID) && 820 !IEEE80211_ADDR_EQ(ic->ic_des_bssid, se->se_bssid)) 821 fail |= MATCH_BSSID; 822 if (se0->se_fails >= STA_FAILS_MAX) 823 fail |= MATCH_FAILS; 824 /* NB: entries may be present awaiting purge, skip */ 825 if (se0->se_notseen >= STA_PURGE_SCANS) 826 fail |= MATCH_NOTSEEN; 827 if (se->se_rssi < STA_RSSI_MIN) 828 fail |= MATCH_RSSI; 829 #ifdef IEEE80211_DEBUG 830 if (ieee80211_msg(ic, debug)) { 831 printf(" %c %s", 832 fail & MATCH_FAILS ? '=' : 833 fail & MATCH_NOTSEEN ? '^' : 834 fail ? '-' : '+', ether_sprintf(se->se_macaddr)); 835 printf(" %s%c", ether_sprintf(se->se_bssid), 836 fail & MATCH_BSSID ? '!' : ' '); 837 printf(" %3d%c", ieee80211_chan2ieee(ic, se->se_chan), 838 fail & MATCH_CHANNEL ? '!' : ' '); 839 printf(" %+4d%c", se->se_rssi, fail & MATCH_RSSI ? '!' : ' '); 840 printf(" %2dM%c", (rate & IEEE80211_RATE_VAL) / 2, 841 fail & MATCH_RATE ? '!' : ' '); 842 printf(" %4s%c", 843 (se->se_capinfo & IEEE80211_CAPINFO_ESS) ? "ess" : 844 (se->se_capinfo & IEEE80211_CAPINFO_IBSS) ? "ibss" : 845 "????", 846 fail & MATCH_CAPINFO ? '!' : ' '); 847 printf(" %3s%c ", 848 (se->se_capinfo & IEEE80211_CAPINFO_PRIVACY) ? 849 "wep" : "no", 850 fail & MATCH_PRIVACY ? '!' : ' '); 851 ieee80211_print_essid(se->se_ssid+2, se->se_ssid[1]); 852 printf("%s\n", fail & MATCH_SSID ? "!" : ""); 853 } 854 #endif 855 return fail; 856 } 857 858 static void 859 sta_update_notseen(struct sta_table *st) 860 { 861 struct sta_entry *se; 862 863 mtx_lock(&st->st_lock); 864 TAILQ_FOREACH(se, &st->st_entry, se_list) { 865 /* 866 * If seen the reset and don't bump the count; 867 * otherwise bump the ``not seen'' count. Note 868 * that this insures that stations for which we 869 * see frames while not scanning but not during 870 * this scan will not be penalized. 871 */ 872 if (se->se_seen) 873 se->se_seen = 0; 874 else 875 se->se_notseen++; 876 } 877 mtx_unlock(&st->st_lock); 878 } 879 880 static void 881 sta_dec_fails(struct sta_table *st) 882 { 883 struct sta_entry *se; 884 885 mtx_lock(&st->st_lock); 886 TAILQ_FOREACH(se, &st->st_entry, se_list) 887 if (se->se_fails) 888 se->se_fails--; 889 mtx_unlock(&st->st_lock); 890 } 891 892 static struct sta_entry * 893 select_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic, int debug) 894 { 895 struct sta_table *st = ss->ss_priv; 896 struct sta_entry *se, *selbs = NULL; 897 898 IEEE80211_DPRINTF(ic, debug, " %s\n", 899 "macaddr bssid chan rssi rate flag wep essid"); 900 mtx_lock(&st->st_lock); 901 TAILQ_FOREACH(se, &st->st_entry, se_list) { 902 if (match_bss(ic, ss, se, debug) == 0) { 903 if (selbs == NULL) 904 selbs = se; 905 else if (sta_compare(se, selbs) > 0) 906 selbs = se; 907 } 908 } 909 mtx_unlock(&st->st_lock); 910 911 return selbs; 912 } 913 914 /* 915 * Pick an ap or ibss network to join or find a channel 916 * to use to start an ibss network. 917 */ 918 static int 919 sta_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 920 { 921 struct sta_table *st = ss->ss_priv; 922 struct sta_entry *selbs; 923 924 KASSERT(ic->ic_opmode == IEEE80211_M_STA, 925 ("wrong mode %u", ic->ic_opmode)); 926 927 if (st->st_newscan) { 928 sta_update_notseen(st); 929 st->st_newscan = 0; 930 } 931 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 932 /* 933 * Manual/background scan, don't select+join the 934 * bss, just return. The scanning framework will 935 * handle notification that this has completed. 936 */ 937 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 938 return 1; 939 } 940 /* 941 * Automatic sequencing; look for a candidate and 942 * if found join the network. 943 */ 944 /* NB: unlocked read should be ok */ 945 if (TAILQ_FIRST(&st->st_entry) == NULL) { 946 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 947 "%s: no scan candidate\n", __func__); 948 notfound: 949 /* 950 * If nothing suitable was found decrement 951 * the failure counts so entries will be 952 * reconsidered the next time around. We 953 * really want to do this only for sta's 954 * where we've previously had some success. 955 */ 956 sta_dec_fails(st); 957 st->st_newscan = 1; 958 return 0; /* restart scan */ 959 } 960 selbs = select_bss(ss, ic, IEEE80211_MSG_SCAN); 961 if (selbs == NULL || !ieee80211_sta_join(ic, &selbs->base)) 962 goto notfound; 963 return 1; /* terminate scan */ 964 } 965 966 /* 967 * Lookup an entry in the scan cache. We assume we're 968 * called from the bottom half or such that we don't need 969 * to block the bottom half so that it's safe to return 970 * a reference to an entry w/o holding the lock on the table. 971 */ 972 static struct sta_entry * 973 sta_lookup(struct sta_table *st, const uint8_t macaddr[IEEE80211_ADDR_LEN]) 974 { 975 struct sta_entry *se; 976 int hash = STA_HASH(macaddr); 977 978 mtx_lock(&st->st_lock); 979 LIST_FOREACH(se, &st->st_hash[hash], se_hash) 980 if (IEEE80211_ADDR_EQ(se->base.se_macaddr, macaddr)) 981 break; 982 mtx_unlock(&st->st_lock); 983 984 return se; /* NB: unlocked */ 985 } 986 987 static void 988 sta_roam_check(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 989 { 990 struct ieee80211_node *ni = ic->ic_bss; 991 struct sta_table *st = ss->ss_priv; 992 struct sta_entry *se, *selbs; 993 uint8_t roamRate, curRate; 994 int8_t roamRssi, curRssi; 995 996 se = sta_lookup(st, ni->ni_macaddr); 997 if (se == NULL) { 998 /* XXX something is wrong */ 999 return; 1000 } 1001 1002 /* XXX do we need 11g too? */ 1003 if (IEEE80211_IS_CHAN_ANYG(ic->ic_bsschan)) { 1004 roamRate = ic->ic_roam.rate11b; 1005 roamRssi = ic->ic_roam.rssi11b; 1006 } else if (IEEE80211_IS_CHAN_B(ic->ic_bsschan)) { 1007 roamRate = ic->ic_roam.rate11bOnly; 1008 roamRssi = ic->ic_roam.rssi11bOnly; 1009 } else { 1010 roamRate = ic->ic_roam.rate11a; 1011 roamRssi = ic->ic_roam.rssi11a; 1012 } 1013 /* NB: the most up to date rssi is in the node, not the scan cache */ 1014 curRssi = ic->ic_node_getrssi(ni); 1015 if (ic->ic_fixed_rate == IEEE80211_FIXED_RATE_NONE) { 1016 curRate = ni->ni_rates.rs_rates[ni->ni_txrate] & IEEE80211_RATE_VAL; 1017 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ROAM, 1018 "%s: currssi %d currate %u roamrssi %d roamrate %u\n", 1019 __func__, curRssi, curRate, roamRssi, roamRate); 1020 } else { 1021 curRate = roamRate; /* NB: insure compare below fails */ 1022 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ROAM, 1023 "%s: currssi %d roamrssi %d\n", __func__, curRssi, roamRssi); 1024 } 1025 /* 1026 * Check if a new ap should be used and switch. 1027 * XXX deauth current ap 1028 */ 1029 if (curRate < roamRate || curRssi < roamRssi) { 1030 if (time_after(ticks, ic->ic_lastscan + ic->ic_scanvalid)) { 1031 /* 1032 * Scan cache contents are too old; force a scan now 1033 * if possible so we have current state to make a 1034 * decision with. We don't kick off a bg scan if 1035 * we're using dynamic turbo and boosted or if the 1036 * channel is busy. 1037 * XXX force immediate switch on scan complete 1038 */ 1039 if (!IEEE80211_IS_CHAN_DTURBO(ic->ic_curchan) && 1040 time_after(ticks, ic->ic_lastdata + ic->ic_bgscanidle)) 1041 ieee80211_bg_scan(ic); 1042 return; 1043 } 1044 se->base.se_rssi = curRssi; 1045 selbs = select_bss(ss, ic, IEEE80211_MSG_ROAM); 1046 if (selbs != NULL && selbs != se) { 1047 IEEE80211_DPRINTF(ic, 1048 IEEE80211_MSG_ROAM | IEEE80211_MSG_DEBUG, 1049 "%s: ROAM: curRate %u, roamRate %u, " 1050 "curRssi %d, roamRssi %d\n", __func__, 1051 curRate, roamRate, curRssi, roamRssi); 1052 ieee80211_sta_join(ic, &selbs->base); 1053 } 1054 } 1055 } 1056 1057 /* 1058 * Age entries in the scan cache. 1059 * XXX also do roaming since it's convenient 1060 */ 1061 static void 1062 sta_age(struct ieee80211_scan_state *ss) 1063 { 1064 struct ieee80211com *ic = ss->ss_ic; 1065 struct sta_table *st = ss->ss_priv; 1066 struct sta_entry *se, *next; 1067 1068 mtx_lock(&st->st_lock); 1069 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 1070 if (se->se_notseen > STA_PURGE_SCANS) { 1071 TAILQ_REMOVE(&st->st_entry, se, se_list); 1072 LIST_REMOVE(se, se_hash); 1073 FREE(se, M_80211_SCAN); 1074 } 1075 } 1076 mtx_unlock(&st->st_lock); 1077 /* 1078 * If rate control is enabled check periodically to see if 1079 * we should roam from our current connection to one that 1080 * might be better. This only applies when we're operating 1081 * in sta mode and automatic roaming is set. 1082 * XXX defer if busy 1083 * XXX repeater station 1084 * XXX do when !bgscan? 1085 */ 1086 KASSERT(ic->ic_opmode == IEEE80211_M_STA, 1087 ("wrong mode %u", ic->ic_opmode)); 1088 if (ic->ic_roaming == IEEE80211_ROAMING_AUTO && 1089 (ic->ic_flags & IEEE80211_F_BGSCAN) && 1090 ic->ic_state >= IEEE80211_S_RUN) 1091 /* XXX vap is implicit */ 1092 sta_roam_check(ss, ic); 1093 } 1094 1095 /* 1096 * Iterate over the entries in the scan cache, invoking 1097 * the callback function on each one. 1098 */ 1099 static void 1100 sta_iterate(struct ieee80211_scan_state *ss, 1101 ieee80211_scan_iter_func *f, void *arg) 1102 { 1103 struct sta_table *st = ss->ss_priv; 1104 struct sta_entry *se; 1105 u_int gen; 1106 1107 mtx_lock(&st->st_scanlock); 1108 gen = st->st_scangen++; 1109 restart: 1110 mtx_lock(&st->st_lock); 1111 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1112 if (se->se_scangen != gen) { 1113 se->se_scangen = gen; 1114 /* update public state */ 1115 se->base.se_age = ticks - se->se_lastupdate; 1116 mtx_unlock(&st->st_lock); 1117 (*f)(arg, &se->base); 1118 goto restart; 1119 } 1120 } 1121 mtx_unlock(&st->st_lock); 1122 1123 mtx_unlock(&st->st_scanlock); 1124 } 1125 1126 static void 1127 sta_assoc_fail(struct ieee80211_scan_state *ss, 1128 const uint8_t macaddr[IEEE80211_ADDR_LEN], int reason) 1129 { 1130 struct sta_table *st = ss->ss_priv; 1131 struct sta_entry *se; 1132 1133 se = sta_lookup(st, macaddr); 1134 if (se != NULL) { 1135 se->se_fails++; 1136 se->se_lastfail = ticks; 1137 IEEE80211_NOTE_MAC(ss->ss_ic, IEEE80211_MSG_SCAN, 1138 macaddr, "%s: reason %u fails %u", 1139 __func__, reason, se->se_fails); 1140 } 1141 } 1142 1143 static void 1144 sta_assoc_success(struct ieee80211_scan_state *ss, 1145 const uint8_t macaddr[IEEE80211_ADDR_LEN]) 1146 { 1147 struct sta_table *st = ss->ss_priv; 1148 struct sta_entry *se; 1149 1150 se = sta_lookup(st, macaddr); 1151 if (se != NULL) { 1152 #if 0 1153 se->se_fails = 0; 1154 IEEE80211_NOTE_MAC(ss->ss_ic, IEEE80211_MSG_SCAN, 1155 macaddr, "%s: fails %u", 1156 __func__, se->se_fails); 1157 #endif 1158 se->se_lastassoc = ticks; 1159 } 1160 } 1161 1162 static const struct ieee80211_scanner sta_default = { 1163 .scan_name = "default", 1164 .scan_attach = sta_attach, 1165 .scan_detach = sta_detach, 1166 .scan_start = sta_start, 1167 .scan_restart = sta_restart, 1168 .scan_cancel = sta_cancel, 1169 .scan_end = sta_pick_bss, 1170 .scan_flush = sta_flush, 1171 .scan_add = sta_add, 1172 .scan_age = sta_age, 1173 .scan_iterate = sta_iterate, 1174 .scan_assoc_fail = sta_assoc_fail, 1175 .scan_assoc_success = sta_assoc_success, 1176 }; 1177 1178 /* 1179 * Adhoc mode-specific support. 1180 */ 1181 1182 static const uint16_t adhocWorld[] = /* 36, 40, 44, 48 */ 1183 { 5180, 5200, 5220, 5240 }; 1184 static const uint16_t adhocFcc3[] = /* 36, 40, 44, 48 145, 149, 153, 157, 161, 165 */ 1185 { 5180, 5200, 5220, 5240, 5725, 5745, 5765, 5785, 5805, 5825 }; 1186 static const uint16_t adhocMkk[] = /* 34, 38, 42, 46 */ 1187 { 5170, 5190, 5210, 5230 }; 1188 static const uint16_t adhoc11b[] = /* 10, 11 */ 1189 { 2457, 2462 }; 1190 1191 static const struct scanlist adhocScanTable[] = { 1192 { IEEE80211_MODE_11B, X(adhoc11b) }, 1193 { IEEE80211_MODE_11A, X(adhocWorld) }, 1194 { IEEE80211_MODE_11A, X(adhocFcc3) }, 1195 { IEEE80211_MODE_11B, X(adhocMkk) }, 1196 { .list = NULL } 1197 }; 1198 #undef X 1199 1200 /* 1201 * Start an adhoc-mode scan by populating the channel list. 1202 */ 1203 static int 1204 adhoc_start(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 1205 { 1206 #define N(a) (sizeof(a)/sizeof(a[0])) 1207 struct sta_table *st = ss->ss_priv; 1208 const struct scanlist *scan; 1209 enum ieee80211_phymode mode; 1210 1211 ss->ss_last = 0; 1212 /* 1213 * Use the table of ordered channels to construct the list 1214 * of channels for scanning. Any channels in the ordered 1215 * list not in the master list will be discarded. 1216 */ 1217 for (scan = adhocScanTable; scan->list != NULL; scan++) { 1218 mode = scan->mode; 1219 if (ic->ic_des_mode != IEEE80211_MODE_AUTO) { 1220 /* 1221 * If a desired mode was specified, scan only 1222 * channels that satisfy that constraint. 1223 */ 1224 if (ic->ic_des_mode != mode) { 1225 /* 1226 * The scan table marks 2.4Ghz channels as b 1227 * so if the desired mode is 11g, then use 1228 * the 11b channel list but upgrade the mode. 1229 */ 1230 if (ic->ic_des_mode != IEEE80211_MODE_11G || 1231 mode != IEEE80211_MODE_11B) 1232 continue; 1233 mode = IEEE80211_MODE_11G; /* upgrade */ 1234 } 1235 } else { 1236 /* 1237 * This lets add_channels upgrade an 11b channel 1238 * to 11g if available. 1239 */ 1240 if (mode == IEEE80211_MODE_11B) 1241 mode = IEEE80211_MODE_AUTO; 1242 } 1243 #ifdef IEEE80211_F_XR 1244 /* XR does not operate on turbo channels */ 1245 if ((ic->ic_flags & IEEE80211_F_XR) && 1246 (mode == IEEE80211_MODE_TURBO_A || 1247 mode == IEEE80211_MODE_TURBO_G)) 1248 continue; 1249 #endif 1250 /* 1251 * Add the list of the channels; any that are not 1252 * in the master channel list will be discarded. 1253 */ 1254 add_channels(ic, ss, mode, scan->list, scan->count); 1255 } 1256 ss->ss_next = 0; 1257 /* XXX tunables */ 1258 ss->ss_mindwell = msecs_to_ticks(200); /* 200ms */ 1259 ss->ss_maxdwell = msecs_to_ticks(200); /* 200ms */ 1260 1261 #ifdef IEEE80211_DEBUG 1262 if (ieee80211_msg_scan(ic)) { 1263 if_printf(ic->ic_ifp, "scan set "); 1264 ieee80211_scan_dump_channels(ss); 1265 printf(" dwell min %ld max %ld\n", 1266 ss->ss_mindwell, ss->ss_maxdwell); 1267 } 1268 #endif /* IEEE80211_DEBUG */ 1269 1270 st->st_newscan = 1; 1271 1272 return 0; 1273 #undef N 1274 } 1275 1276 /* 1277 * Select a channel to start an adhoc network on. 1278 * The channel list was populated with appropriate 1279 * channels so select one that looks least occupied. 1280 * XXX need regulatory domain constraints 1281 */ 1282 static struct ieee80211_channel * 1283 adhoc_pick_channel(struct ieee80211_scan_state *ss) 1284 { 1285 struct sta_table *st = ss->ss_priv; 1286 struct sta_entry *se; 1287 struct ieee80211_channel *c, *bestchan; 1288 int i, bestrssi, maxrssi; 1289 1290 bestchan = NULL; 1291 bestrssi = -1; 1292 1293 mtx_lock(&st->st_lock); 1294 for (i = 0; i < ss->ss_last; i++) { 1295 c = ss->ss_chans[i]; 1296 maxrssi = 0; 1297 TAILQ_FOREACH(se, &st->st_entry, se_list) { 1298 if (se->base.se_chan != c) 1299 continue; 1300 if (se->base.se_rssi > maxrssi) 1301 maxrssi = se->base.se_rssi; 1302 } 1303 if (bestchan == NULL || maxrssi < bestrssi) 1304 bestchan = c; 1305 } 1306 mtx_unlock(&st->st_lock); 1307 1308 return bestchan; 1309 } 1310 1311 /* 1312 * Pick an ibss network to join or find a channel 1313 * to use to start an ibss network. 1314 */ 1315 static int 1316 adhoc_pick_bss(struct ieee80211_scan_state *ss, struct ieee80211com *ic) 1317 { 1318 struct sta_table *st = ss->ss_priv; 1319 struct sta_entry *selbs; 1320 struct ieee80211_channel *chan; 1321 1322 KASSERT(ic->ic_opmode == IEEE80211_M_IBSS || 1323 ic->ic_opmode == IEEE80211_M_AHDEMO, 1324 ("wrong opmode %u", ic->ic_opmode)); 1325 1326 if (st->st_newscan) { 1327 sta_update_notseen(st); 1328 st->st_newscan = 0; 1329 } 1330 if (ss->ss_flags & IEEE80211_SCAN_NOPICK) { 1331 /* 1332 * Manual/background scan, don't select+join the 1333 * bss, just return. The scanning framework will 1334 * handle notification that this has completed. 1335 */ 1336 ss->ss_flags &= ~IEEE80211_SCAN_NOPICK; 1337 return 1; 1338 } 1339 /* 1340 * Automatic sequencing; look for a candidate and 1341 * if found join the network. 1342 */ 1343 /* NB: unlocked read should be ok */ 1344 if (TAILQ_FIRST(&st->st_entry) == NULL) { 1345 IEEE80211_DPRINTF(ic, IEEE80211_MSG_SCAN, 1346 "%s: no scan candidate\n", __func__); 1347 notfound: 1348 if (ic->ic_des_nssid) { 1349 /* 1350 * No existing adhoc network to join and we have 1351 * an ssid; start one up. If no channel was 1352 * specified, try to select a channel. 1353 */ 1354 if (ic->ic_des_chan == IEEE80211_CHAN_ANYC) 1355 chan = adhoc_pick_channel(ss); 1356 else 1357 chan = ic->ic_des_chan; 1358 if (chan != NULL) { 1359 ieee80211_create_ibss(ic, chan); 1360 return 1; 1361 } 1362 } 1363 /* 1364 * If nothing suitable was found decrement 1365 * the failure counts so entries will be 1366 * reconsidered the next time around. We 1367 * really want to do this only for sta's 1368 * where we've previously had some success. 1369 */ 1370 sta_dec_fails(st); 1371 st->st_newscan = 1; 1372 return 0; /* restart scan */ 1373 } 1374 selbs = select_bss(ss, ic, IEEE80211_MSG_SCAN); 1375 if (selbs == NULL || !ieee80211_sta_join(ic, &selbs->base)) 1376 goto notfound; 1377 return 1; /* terminate scan */ 1378 } 1379 1380 /* 1381 * Age entries in the scan cache. 1382 */ 1383 static void 1384 adhoc_age(struct ieee80211_scan_state *ss) 1385 { 1386 struct sta_table *st = ss->ss_priv; 1387 struct sta_entry *se, *next; 1388 1389 mtx_lock(&st->st_lock); 1390 TAILQ_FOREACH_SAFE(se, &st->st_entry, se_list, next) { 1391 if (se->se_notseen > STA_PURGE_SCANS) { 1392 TAILQ_REMOVE(&st->st_entry, se, se_list); 1393 LIST_REMOVE(se, se_hash); 1394 FREE(se, M_80211_SCAN); 1395 } 1396 } 1397 mtx_unlock(&st->st_lock); 1398 } 1399 1400 static const struct ieee80211_scanner adhoc_default = { 1401 .scan_name = "default", 1402 .scan_attach = sta_attach, 1403 .scan_detach = sta_detach, 1404 .scan_start = adhoc_start, 1405 .scan_restart = sta_restart, 1406 .scan_cancel = sta_cancel, 1407 .scan_end = adhoc_pick_bss, 1408 .scan_flush = sta_flush, 1409 .scan_add = sta_add, 1410 .scan_age = adhoc_age, 1411 .scan_iterate = sta_iterate, 1412 .scan_assoc_fail = sta_assoc_fail, 1413 .scan_assoc_success = sta_assoc_success, 1414 }; 1415 1416 /* 1417 * Module glue. 1418 */ 1419 static int 1420 wlan_modevent(module_t mod, int type, void *unused) 1421 { 1422 switch (type) { 1423 case MOD_LOAD: 1424 ieee80211_scanner_register(IEEE80211_M_STA, &sta_default); 1425 ieee80211_scanner_register(IEEE80211_M_IBSS, &adhoc_default); 1426 ieee80211_scanner_register(IEEE80211_M_AHDEMO, &adhoc_default); 1427 return 0; 1428 case MOD_UNLOAD: 1429 case MOD_QUIESCE: 1430 if (nrefs) { 1431 printf("wlan_scan_sta: still in use (%u dynamic refs)\n", 1432 nrefs); 1433 return EBUSY; 1434 } 1435 if (type == MOD_UNLOAD) { 1436 ieee80211_scanner_unregister_all(&sta_default); 1437 ieee80211_scanner_unregister_all(&adhoc_default); 1438 } 1439 return 0; 1440 } 1441 return EINVAL; 1442 } 1443 1444 static moduledata_t wlan_mod = { 1445 "wlan_scan_sta", 1446 wlan_modevent, 1447 0 1448 }; 1449 DECLARE_MODULE(wlan_scan_sta, wlan_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST); 1450 MODULE_VERSION(wlan_scan_sta, 1); 1451 MODULE_DEPEND(wlan_scan_sta, wlan, 1, 1, 1); 1452