bc061f6296742c27a578c378ca152b0c629b7057
[linux-2.6.git] / net / mac80211 / scan.c
1 /*
2  * Scanning implementation
3  *
4  * Copyright 2003, Jouni Malinen <jkmaline@cc.hut.fi>
5  * Copyright 2004, Instant802 Networks, Inc.
6  * Copyright 2005, Devicescape Software, Inc.
7  * Copyright 2006-2007  Jiri Benc <jbenc@suse.cz>
8  * Copyright 2007, Michael Wu <flamingice@sourmilk.net>
9  *
10  * This program is free software; you can redistribute it and/or modify
11  * it under the terms of the GNU General Public License version 2 as
12  * published by the Free Software Foundation.
13  */
14
15 #include <linux/if_arp.h>
16 #include <linux/rtnetlink.h>
17 #include <net/mac80211.h>
18
19 #include "ieee80211_i.h"
20 #include "driver-ops.h"
21 #include "mesh.h"
22
23 #define IEEE80211_PROBE_DELAY (HZ / 33)
24 #define IEEE80211_CHANNEL_TIME (HZ / 33)
25 #define IEEE80211_PASSIVE_CHANNEL_TIME (HZ / 8)
26
27 struct ieee80211_bss *
28 ieee80211_rx_bss_get(struct ieee80211_local *local, u8 *bssid, int freq,
29                      u8 *ssid, u8 ssid_len)
30 {
31         struct cfg80211_bss *cbss;
32
33         cbss = cfg80211_get_bss(local->hw.wiphy,
34                                 ieee80211_get_channel(local->hw.wiphy, freq),
35                                 bssid, ssid, ssid_len, 0, 0);
36         if (!cbss)
37                 return NULL;
38         return (void *)cbss->priv;
39 }
40
41 static void ieee80211_rx_bss_free(struct cfg80211_bss *cbss)
42 {
43         struct ieee80211_bss *bss = (void *)cbss->priv;
44
45         kfree(bss_mesh_id(bss));
46         kfree(bss_mesh_cfg(bss));
47 }
48
49 void ieee80211_rx_bss_put(struct ieee80211_local *local,
50                           struct ieee80211_bss *bss)
51 {
52         if (!bss)
53                 return;
54         cfg80211_put_bss(container_of((void *)bss, struct cfg80211_bss, priv));
55 }
56
57 static bool is_uapsd_supported(struct ieee802_11_elems *elems)
58 {
59         u8 qos_info;
60
61         if (elems->wmm_info && elems->wmm_info_len == 7
62             && elems->wmm_info[5] == 1)
63                 qos_info = elems->wmm_info[6];
64         else if (elems->wmm_param && elems->wmm_param_len == 24
65                  && elems->wmm_param[5] == 1)
66                 qos_info = elems->wmm_param[6];
67         else
68                 /* no valid wmm information or parameter element found */
69                 return false;
70
71         return qos_info & IEEE80211_WMM_IE_AP_QOSINFO_UAPSD;
72 }
73
74 struct ieee80211_bss *
75 ieee80211_bss_info_update(struct ieee80211_local *local,
76                           struct ieee80211_rx_status *rx_status,
77                           struct ieee80211_mgmt *mgmt,
78                           size_t len,
79                           struct ieee802_11_elems *elems,
80                           struct ieee80211_channel *channel,
81                           bool beacon)
82 {
83         struct cfg80211_bss *cbss;
84         struct ieee80211_bss *bss;
85         int clen;
86         s32 signal = 0;
87
88         if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM)
89                 signal = rx_status->signal * 100;
90         else if (local->hw.flags & IEEE80211_HW_SIGNAL_UNSPEC)
91                 signal = (rx_status->signal * 100) / local->hw.max_signal;
92
93         cbss = cfg80211_inform_bss_frame(local->hw.wiphy, channel,
94                                          mgmt, len, signal, GFP_ATOMIC);
95
96         if (!cbss)
97                 return NULL;
98
99         cbss->free_priv = ieee80211_rx_bss_free;
100         bss = (void *)cbss->priv;
101
102         /* save the ERP value so that it is available at association time */
103         if (elems->erp_info && elems->erp_info_len >= 1) {
104                 bss->erp_value = elems->erp_info[0];
105                 bss->has_erp_value = 1;
106         }
107
108         if (elems->tim) {
109                 struct ieee80211_tim_ie *tim_ie =
110                         (struct ieee80211_tim_ie *)elems->tim;
111                 bss->dtim_period = tim_ie->dtim_period;
112         }
113
114         bss->supp_rates_len = 0;
115         if (elems->supp_rates) {
116                 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
117                 if (clen > elems->supp_rates_len)
118                         clen = elems->supp_rates_len;
119                 memcpy(&bss->supp_rates[bss->supp_rates_len], elems->supp_rates,
120                        clen);
121                 bss->supp_rates_len += clen;
122         }
123         if (elems->ext_supp_rates) {
124                 clen = IEEE80211_MAX_SUPP_RATES - bss->supp_rates_len;
125                 if (clen > elems->ext_supp_rates_len)
126                         clen = elems->ext_supp_rates_len;
127                 memcpy(&bss->supp_rates[bss->supp_rates_len],
128                        elems->ext_supp_rates, clen);
129                 bss->supp_rates_len += clen;
130         }
131
132         bss->wmm_used = elems->wmm_param || elems->wmm_info;
133         bss->uapsd_supported = is_uapsd_supported(elems);
134
135         if (!beacon)
136                 bss->last_probe_resp = jiffies;
137
138         return bss;
139 }
140
141 ieee80211_rx_result
142 ieee80211_scan_rx(struct ieee80211_sub_if_data *sdata, struct sk_buff *skb)
143 {
144         struct ieee80211_rx_status *rx_status = IEEE80211_SKB_RXCB(skb);
145         struct ieee80211_mgmt *mgmt;
146         struct ieee80211_bss *bss;
147         u8 *elements;
148         struct ieee80211_channel *channel;
149         size_t baselen;
150         int freq;
151         __le16 fc;
152         bool presp, beacon = false;
153         struct ieee802_11_elems elems;
154
155         if (skb->len < 2)
156                 return RX_DROP_UNUSABLE;
157
158         mgmt = (struct ieee80211_mgmt *) skb->data;
159         fc = mgmt->frame_control;
160
161         if (ieee80211_is_ctl(fc))
162                 return RX_CONTINUE;
163
164         if (skb->len < 24)
165                 return RX_DROP_MONITOR;
166
167         presp = ieee80211_is_probe_resp(fc);
168         if (presp) {
169                 /* ignore ProbeResp to foreign address */
170                 if (memcmp(mgmt->da, sdata->vif.addr, ETH_ALEN))
171                         return RX_DROP_MONITOR;
172
173                 presp = true;
174                 elements = mgmt->u.probe_resp.variable;
175                 baselen = offsetof(struct ieee80211_mgmt, u.probe_resp.variable);
176         } else {
177                 beacon = ieee80211_is_beacon(fc);
178                 baselen = offsetof(struct ieee80211_mgmt, u.beacon.variable);
179                 elements = mgmt->u.beacon.variable;
180         }
181
182         if (!presp && !beacon)
183                 return RX_CONTINUE;
184
185         if (baselen > skb->len)
186                 return RX_DROP_MONITOR;
187
188         ieee802_11_parse_elems(elements, skb->len - baselen, &elems);
189
190         if (elems.ds_params && elems.ds_params_len == 1)
191                 freq = ieee80211_channel_to_frequency(elems.ds_params[0]);
192         else
193                 freq = rx_status->freq;
194
195         channel = ieee80211_get_channel(sdata->local->hw.wiphy, freq);
196
197         if (!channel || channel->flags & IEEE80211_CHAN_DISABLED)
198                 return RX_DROP_MONITOR;
199
200         bss = ieee80211_bss_info_update(sdata->local, rx_status,
201                                         mgmt, skb->len, &elems,
202                                         channel, beacon);
203         if (bss)
204                 ieee80211_rx_bss_put(sdata->local, bss);
205
206         dev_kfree_skb(skb);
207         return RX_QUEUED;
208 }
209
210 /* return false if no more work */
211 static bool ieee80211_prep_hw_scan(struct ieee80211_local *local)
212 {
213         struct cfg80211_scan_request *req = local->scan_req;
214         enum ieee80211_band band;
215         int i, ielen, n_chans;
216
217         do {
218                 if (local->hw_scan_band == IEEE80211_NUM_BANDS)
219                         return false;
220
221                 band = local->hw_scan_band;
222                 n_chans = 0;
223                 for (i = 0; i < req->n_channels; i++) {
224                         if (req->channels[i]->band == band) {
225                                 local->hw_scan_req->channels[n_chans] =
226                                                         req->channels[i];
227                                 n_chans++;
228                         }
229                 }
230
231                 local->hw_scan_band++;
232         } while (!n_chans);
233
234         local->hw_scan_req->n_channels = n_chans;
235
236         ielen = ieee80211_build_preq_ies(local, (u8 *)local->hw_scan_req->ie,
237                                          req->ie, req->ie_len, band);
238         local->hw_scan_req->ie_len = ielen;
239
240         return true;
241 }
242
243 void ieee80211_scan_completed(struct ieee80211_hw *hw, bool aborted)
244 {
245         struct ieee80211_local *local = hw_to_local(hw);
246         bool was_hw_scan;
247
248         mutex_lock(&local->scan_mtx);
249
250         /*
251          * It's ok to abort a not-yet-running scan (that
252          * we have one at all will be verified by checking
253          * local->scan_req next), but not to complete it
254          * successfully.
255          */
256         if (WARN_ON(!local->scanning && !aborted))
257                 aborted = true;
258
259         if (WARN_ON(!local->scan_req)) {
260                 mutex_unlock(&local->scan_mtx);
261                 return;
262         }
263
264         was_hw_scan = test_bit(SCAN_HW_SCANNING, &local->scanning);
265         if (was_hw_scan && !aborted && ieee80211_prep_hw_scan(local)) {
266                 ieee80211_queue_delayed_work(&local->hw,
267                                              &local->scan_work, 0);
268                 mutex_unlock(&local->scan_mtx);
269                 return;
270         }
271
272         kfree(local->hw_scan_req);
273         local->hw_scan_req = NULL;
274
275         if (local->scan_req != local->int_scan_req)
276                 cfg80211_scan_done(local->scan_req, aborted);
277         local->scan_req = NULL;
278         local->scan_sdata = NULL;
279
280         local->scanning = 0;
281         local->scan_channel = NULL;
282
283         /* we only have to protect scan_req and hw/sw scan */
284         mutex_unlock(&local->scan_mtx);
285
286         ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
287         if (was_hw_scan)
288                 goto done;
289
290         ieee80211_configure_filter(local);
291
292         drv_sw_scan_complete(local);
293
294         ieee80211_offchannel_return(local, true);
295
296  done:
297         ieee80211_recalc_idle(local);
298         ieee80211_mlme_notify_scan_completed(local);
299         ieee80211_ibss_notify_scan_completed(local);
300         ieee80211_mesh_notify_scan_completed(local);
301         ieee80211_queue_work(&local->hw, &local->work_work);
302 }
303 EXPORT_SYMBOL(ieee80211_scan_completed);
304
305 static int ieee80211_start_sw_scan(struct ieee80211_local *local)
306 {
307         /*
308          * Hardware/driver doesn't support hw_scan, so use software
309          * scanning instead. First send a nullfunc frame with power save
310          * bit on so that AP will buffer the frames for us while we are not
311          * listening, then send probe requests to each channel and wait for
312          * the responses. After all channels are scanned, tune back to the
313          * original channel and send a nullfunc frame with power save bit
314          * off to trigger the AP to send us all the buffered frames.
315          *
316          * Note that while local->sw_scanning is true everything else but
317          * nullfunc frames and probe requests will be dropped in
318          * ieee80211_tx_h_check_assoc().
319          */
320         drv_sw_scan_start(local);
321
322         ieee80211_offchannel_stop_beaconing(local);
323
324         local->next_scan_state = SCAN_DECISION;
325         local->scan_channel_idx = 0;
326
327         drv_flush(local, false);
328
329         ieee80211_configure_filter(local);
330
331         ieee80211_queue_delayed_work(&local->hw,
332                                      &local->scan_work,
333                                      IEEE80211_CHANNEL_TIME);
334
335         return 0;
336 }
337
338
339 static int __ieee80211_start_scan(struct ieee80211_sub_if_data *sdata,
340                                   struct cfg80211_scan_request *req)
341 {
342         struct ieee80211_local *local = sdata->local;
343         int rc;
344
345         if (local->scan_req)
346                 return -EBUSY;
347
348         if (local->ops->hw_scan) {
349                 u8 *ies;
350
351                 local->hw_scan_req = kmalloc(
352                                 sizeof(*local->hw_scan_req) +
353                                 req->n_channels * sizeof(req->channels[0]) +
354                                 2 + IEEE80211_MAX_SSID_LEN + local->scan_ies_len +
355                                 req->ie_len, GFP_KERNEL);
356                 if (!local->hw_scan_req)
357                         return -ENOMEM;
358
359                 local->hw_scan_req->ssids = req->ssids;
360                 local->hw_scan_req->n_ssids = req->n_ssids;
361                 ies = (u8 *)local->hw_scan_req +
362                         sizeof(*local->hw_scan_req) +
363                         req->n_channels * sizeof(req->channels[0]);
364                 local->hw_scan_req->ie = ies;
365
366                 local->hw_scan_band = 0;
367         }
368
369         local->scan_req = req;
370         local->scan_sdata = sdata;
371
372         if (!list_empty(&local->work_list)) {
373                 /* wait for the work to finish/time out */
374                 return 0;
375         }
376
377         if (local->ops->hw_scan)
378                 __set_bit(SCAN_HW_SCANNING, &local->scanning);
379         else
380                 __set_bit(SCAN_SW_SCANNING, &local->scanning);
381         /*
382          * Kicking off the scan need not be protected,
383          * only the scan variable stuff, since now
384          * local->scan_req is assigned and other callers
385          * will abort their scan attempts.
386          *
387          * This avoids getting a scan_mtx -> iflist_mtx
388          * dependency, so that the scan completed calls
389          * have more locking freedom.
390          */
391
392         ieee80211_recalc_idle(local);
393         mutex_unlock(&local->scan_mtx);
394
395         if (local->ops->hw_scan) {
396                 WARN_ON(!ieee80211_prep_hw_scan(local));
397                 rc = drv_hw_scan(local, local->hw_scan_req);
398         } else
399                 rc = ieee80211_start_sw_scan(local);
400
401         mutex_lock(&local->scan_mtx);
402
403         if (rc) {
404                 kfree(local->hw_scan_req);
405                 local->hw_scan_req = NULL;
406                 local->scanning = 0;
407
408                 ieee80211_recalc_idle(local);
409
410                 local->scan_req = NULL;
411                 local->scan_sdata = NULL;
412         }
413
414         return rc;
415 }
416
417 static int ieee80211_scan_state_decision(struct ieee80211_local *local,
418                                          unsigned long *next_delay)
419 {
420         bool associated = false;
421         struct ieee80211_sub_if_data *sdata;
422
423         /* if no more bands/channels left, complete scan and advance to the idle state */
424         if (local->scan_channel_idx >= local->scan_req->n_channels) {
425                 ieee80211_scan_completed(&local->hw, false);
426                 return 1;
427         }
428
429         /* check if at least one STA interface is associated */
430         mutex_lock(&local->iflist_mtx);
431         list_for_each_entry(sdata, &local->interfaces, list) {
432                 if (!ieee80211_sdata_running(sdata))
433                         continue;
434
435                 if (sdata->vif.type == NL80211_IFTYPE_STATION) {
436                         if (sdata->u.mgd.associated) {
437                                 associated = true;
438                                 break;
439                         }
440                 }
441         }
442         mutex_unlock(&local->iflist_mtx);
443
444         if (local->scan_channel) {
445                 /*
446                  * we're currently scanning a different channel, let's
447                  * switch back to the operating channel now if at least
448                  * one interface is associated. Otherwise just scan the
449                  * next channel
450                  */
451                 if (associated)
452                         local->next_scan_state = SCAN_ENTER_OPER_CHANNEL;
453                 else
454                         local->next_scan_state = SCAN_SET_CHANNEL;
455         } else {
456                 /*
457                  * we're on the operating channel currently, let's
458                  * leave that channel now to scan another one
459                  */
460                 local->next_scan_state = SCAN_LEAVE_OPER_CHANNEL;
461         }
462
463         *next_delay = 0;
464         return 0;
465 }
466
467 static void ieee80211_scan_state_leave_oper_channel(struct ieee80211_local *local,
468                                                     unsigned long *next_delay)
469 {
470         ieee80211_offchannel_stop_station(local);
471
472         __set_bit(SCAN_OFF_CHANNEL, &local->scanning);
473
474         /*
475          * What if the nullfunc frames didn't arrive?
476          */
477         drv_flush(local, false);
478         if (local->ops->flush)
479                 *next_delay = 0;
480         else
481                 *next_delay = HZ / 10;
482
483         /* advance to the next channel to be scanned */
484         local->next_scan_state = SCAN_SET_CHANNEL;
485 }
486
487 static void ieee80211_scan_state_enter_oper_channel(struct ieee80211_local *local,
488                                                     unsigned long *next_delay)
489 {
490         /* switch back to the operating channel */
491         local->scan_channel = NULL;
492         ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL);
493
494         /*
495          * Only re-enable station mode interface now; beaconing will be
496          * re-enabled once the full scan has been completed.
497          */
498         ieee80211_offchannel_return(local, false);
499
500         __clear_bit(SCAN_OFF_CHANNEL, &local->scanning);
501
502         *next_delay = HZ / 5;
503         local->next_scan_state = SCAN_DECISION;
504 }
505
506 static void ieee80211_scan_state_set_channel(struct ieee80211_local *local,
507                                              unsigned long *next_delay)
508 {
509         int skip;
510         struct ieee80211_channel *chan;
511
512         skip = 0;
513         chan = local->scan_req->channels[local->scan_channel_idx];
514
515         local->scan_channel = chan;
516         if (ieee80211_hw_config(local, IEEE80211_CONF_CHANGE_CHANNEL))
517                 skip = 1;
518
519         /* advance state machine to next channel/band */
520         local->scan_channel_idx++;
521
522         if (skip) {
523                 /* if we skip this channel return to the decision state */
524                 local->next_scan_state = SCAN_DECISION;
525                 return;
526         }
527
528         /*
529          * Probe delay is used to update the NAV, cf. 11.1.3.2.2
530          * (which unfortunately doesn't say _why_ step a) is done,
531          * but it waits for the probe delay or until a frame is
532          * received - and the received frame would update the NAV).
533          * For now, we do not support waiting until a frame is
534          * received.
535          *
536          * In any case, it is not necessary for a passive scan.
537          */
538         if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN ||
539             !local->scan_req->n_ssids) {
540                 *next_delay = IEEE80211_PASSIVE_CHANNEL_TIME;
541                 local->next_scan_state = SCAN_DECISION;
542                 return;
543         }
544
545         /* active scan, send probes */
546         *next_delay = IEEE80211_PROBE_DELAY;
547         local->next_scan_state = SCAN_SEND_PROBE;
548 }
549
550 static void ieee80211_scan_state_send_probe(struct ieee80211_local *local,
551                                             unsigned long *next_delay)
552 {
553         int i;
554         struct ieee80211_sub_if_data *sdata = local->scan_sdata;
555
556         for (i = 0; i < local->scan_req->n_ssids; i++)
557                 ieee80211_send_probe_req(
558                         sdata, NULL,
559                         local->scan_req->ssids[i].ssid,
560                         local->scan_req->ssids[i].ssid_len,
561                         local->scan_req->ie, local->scan_req->ie_len);
562
563         /*
564          * After sending probe requests, wait for probe responses
565          * on the channel.
566          */
567         *next_delay = IEEE80211_CHANNEL_TIME;
568         local->next_scan_state = SCAN_DECISION;
569 }
570
571 void ieee80211_scan_work(struct work_struct *work)
572 {
573         struct ieee80211_local *local =
574                 container_of(work, struct ieee80211_local, scan_work.work);
575         struct ieee80211_sub_if_data *sdata = local->scan_sdata;
576         unsigned long next_delay = 0;
577
578         mutex_lock(&local->scan_mtx);
579         if (!sdata || !local->scan_req) {
580                 mutex_unlock(&local->scan_mtx);
581                 return;
582         }
583
584         if (local->hw_scan_req) {
585                 int rc = drv_hw_scan(local, local->hw_scan_req);
586                 mutex_unlock(&local->scan_mtx);
587                 if (rc)
588                         ieee80211_scan_completed(&local->hw, true);
589                 return;
590         }
591
592         if (local->scan_req && !local->scanning) {
593                 struct cfg80211_scan_request *req = local->scan_req;
594                 int rc;
595
596                 local->scan_req = NULL;
597                 local->scan_sdata = NULL;
598
599                 rc = __ieee80211_start_scan(sdata, req);
600                 mutex_unlock(&local->scan_mtx);
601
602                 if (rc)
603                         ieee80211_scan_completed(&local->hw, true);
604                 return;
605         }
606
607         mutex_unlock(&local->scan_mtx);
608
609         /*
610          * Avoid re-scheduling when the sdata is going away.
611          */
612         if (!ieee80211_sdata_running(sdata)) {
613                 ieee80211_scan_completed(&local->hw, true);
614                 return;
615         }
616
617         /*
618          * as long as no delay is required advance immediately
619          * without scheduling a new work
620          */
621         do {
622                 switch (local->next_scan_state) {
623                 case SCAN_DECISION:
624                         if (ieee80211_scan_state_decision(local, &next_delay))
625                                 return;
626                         break;
627                 case SCAN_SET_CHANNEL:
628                         ieee80211_scan_state_set_channel(local, &next_delay);
629                         break;
630                 case SCAN_SEND_PROBE:
631                         ieee80211_scan_state_send_probe(local, &next_delay);
632                         break;
633                 case SCAN_LEAVE_OPER_CHANNEL:
634                         ieee80211_scan_state_leave_oper_channel(local, &next_delay);
635                         break;
636                 case SCAN_ENTER_OPER_CHANNEL:
637                         ieee80211_scan_state_enter_oper_channel(local, &next_delay);
638                         break;
639                 }
640         } while (next_delay == 0);
641
642         ieee80211_queue_delayed_work(&local->hw, &local->scan_work, next_delay);
643 }
644
645 int ieee80211_request_scan(struct ieee80211_sub_if_data *sdata,
646                            struct cfg80211_scan_request *req)
647 {
648         int res;
649
650         mutex_lock(&sdata->local->scan_mtx);
651         res = __ieee80211_start_scan(sdata, req);
652         mutex_unlock(&sdata->local->scan_mtx);
653
654         return res;
655 }
656
657 int ieee80211_request_internal_scan(struct ieee80211_sub_if_data *sdata,
658                                     const u8 *ssid, u8 ssid_len)
659 {
660         struct ieee80211_local *local = sdata->local;
661         int ret = -EBUSY;
662
663         mutex_lock(&local->scan_mtx);
664
665         /* busy scanning */
666         if (local->scan_req)
667                 goto unlock;
668
669         memcpy(local->int_scan_req->ssids[0].ssid, ssid, IEEE80211_MAX_SSID_LEN);
670         local->int_scan_req->ssids[0].ssid_len = ssid_len;
671
672         ret = __ieee80211_start_scan(sdata, sdata->local->int_scan_req);
673  unlock:
674         mutex_unlock(&local->scan_mtx);
675         return ret;
676 }
677
678 void ieee80211_scan_cancel(struct ieee80211_local *local)
679 {
680         bool abortscan;
681
682         cancel_delayed_work_sync(&local->scan_work);
683
684         /*
685          * Only call this function when a scan can't be
686          * queued -- mostly at suspend under RTNL.
687          */
688         mutex_lock(&local->scan_mtx);
689         abortscan = test_bit(SCAN_SW_SCANNING, &local->scanning) ||
690                     (!local->scanning && local->scan_req);
691         mutex_unlock(&local->scan_mtx);
692
693         if (abortscan)
694                 ieee80211_scan_completed(&local->hw, true);
695 }